Amazon DVA-C02 Online Practice Questions and Exam Preparation

Amazon DVA-C02 Online Questions & Answers

• Question 1:

  A company runs a new application on AWS Elastic Beanstalk. The company needs to deploy updates to the application, and the updates must not cause any downtime for application users. The deployment must forward a specified percentage of incoming client traffic to a new application version during an evaluation period.

  Which deployment type will meet these requirements?

  A. Rolling
  B. Traffic-splitting
  C. In-place
  D. Immutable
  B. Traffic-splitting

  ---

  explanation:

  Explanation

  AWS Elastic Beanstalk supports several deployment policies, and in this case, the requirement is to forward a specified percentage of traffic to the new version without causing downtime. The Traffic-splitting deployment policy is the most appropriate choice.

  Traffic-splitting Deployment: This deployment method allows you to gradually shift a specified percentage of incoming traffic from the old environment version to the new one. During the evaluation period, if any issues are detected, the traffic can be redirected back to the old version.

  No Downtime: This method ensures no downtime since both versions of the application run concurrently, and traffic is split between them.

• Question 2:

  An application interacts with Amazon Aurora to store and track customer information. The primary database is set up with multiple read replicas to improve the performance of read queries. However, one of the Aurora replicas is receiving most or all of the traffic, while the other Aurora replicas remain idle.

  How can this issue be resolved?

  A. Disable application-level DNS caching.
  B. Enable application-level DNS caching.
  C. Enable application pooling.
  D. Disable application pooling.
  A. Disable application-level DNS caching.

  ---

  explanation:

  Explanation

• Question 3:

  A developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

  

  The developer needs to create/delete branches.

  Which specific IAM permissions need to be added, based on the principle of least privilege?

  A. "codecommit:CreateBranch", "codecommit:DeleteBranch"
  B. "codecommit:Put*"
  C. "codecommit:Update*"
  D. "codecommit:*"
  A. "codecommit:CreateBranch", "codecommit:DeleteBranch"

  ---

  explanation:

  Explanation

  This solution allows the developer to create and delete branches in AWS CodeCommit by granting the codecommit:CreateBranch and codecommit:DeleteBranch permissions. These are the minimum permissions required for this task,

  adhering to the principle of least privilege.

  Option B grants too many permissions, such as codecommit:Put*, which allows the developer to create, update, or delete any resource in CodeCommit.

  Option C grants too few permissions, such as codecommit:Update*, which does not allow the developer to create or delete branches.

  Option D grants all permissions, such as codecommit:*, which is not secure or recommended.

  References: [AWS CodeCommit Permissions Reference], [Create a Branch (AWS CLI)]

• Question 4:

  A developer is modifying an AWS Lambda function that accesses an Amazon RDS for MySQL database. The developer discovers that the Lambda function has the database credentials stored as plaintext in the Lambda function code.

  The developer must implement a solution to make the credentials more secure. The solution must include automated credential rotation every 30 days.

  Which solution will meet these requirements?

  A. Move the credentials to a secret in AWS Secrets Manager. Modify the Lambda function to read from Secrets Manager. Set a schedule to rotate the secret every 30 days.
  B. Move the credentials to a secure string parameter in AWS Systems Manager Parameter Store. Modify the Lambda function to read from Parameter Store. Set a schedule to rotate the parameter every 30 days.
  C. Move the credentials to an encrypted Amazon S3 bucket. Modify the Lambda function to read from the S3 bucket. Configure S3 Object Lambda to rotate the credentials every 30 days.
  D. Move the credentials to a secure string parameter in AWS Systems Manager Parameter Store. Create an Amazon EventBridge rule to rotate the parameter every 30 days.
  A. Move the credentials to a secret in AWS Secrets Manager. Modify the Lambda function to read from Secrets Manager. Set a schedule to rotate the secret every 30 days.

  ---

  explanation:

  Explanation

• Question 5:

  A company operates a media streaming platform that delivers on-demand video content to users from around the world. User requests flow through an Amazon CloudFront distribution, an Amazon API Gateway REST API, AWS Lambda functions, and Amazon DynamoDB tables.

  Some users have reported intermittent buffering issues and delays when users try to start a video stream. The company needs to investigate the issues to discover the underlying cause.

  Which solution will meet this requirement?

  A. Enable AWS X-Ray tracing for the REST API, Lambda functions, and DynamoDB tables. Analyze the service map to identify any performance bottlenecks or errors.
  B. Enable logging in API Gateway. Ensure that each Lambda function is configured to send logs to Amazon CloudWatch. Use CloudWatch Logs Insights to query the log data.
  C. Use AWS Config to review details of any recent configuration changes to AWS resources in the application that could result in increased latency for users.
  D. Use AWS CloudTrail to track AWS resources in all AWS Regions. Stream CloudTrail data to an Amazon CloudWatch Logs log group. Enable CloudTrail Insights. Set up Amazon SN5 notifications if unusual API activity is detected.
  A. Enable AWS X-Ray tracing for the REST API, Lambda functions, and DynamoDB tables. Analyze the service map to identify any performance bottlenecks or errors.

  ---

  explanation:

  Explanation

• Question 6:

  A company is creating an AWS Step Functions state machine to run a set of tests for an application. The tests need to run when a specific AWS CloudFormation stack is deployed.

  Which combination of steps will meet these requirements? (Select TWO.)

  A. Create an AWS Lambda function to invoke the state machine.
  B. Create an Amazon EventBridge rule on the default bus that matches on a detail type of CloudFormation Stack Status Change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.
  C. Create a pipe in Amazon EventBridge Pipes that has a source of the default event bus. Set the Lambda function as a target. Filter on a detail type of CloudFormation Stack Status Change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.
  D. Create a pipe in Amazon EventBridge Pipes that has a source of the EventBridge rule. Set the state machine as a target.
  E. Add the state machine as a target of the EventBridge rule.
  A. Create an AWS Lambda function to invoke the state machine.
  E. Add the state machine as a target of the EventBridge rule.

  ---

  explanation:

  Explanation

• Question 7:

  A developer wants to use an AWS AppSync API to invoke AWS Lambda functions to return data. Some of the Lambda functions perform long-running processes. The AWS AppSync API needs to return responses immediately.

  Which solution will meet these requirements with the LEAST operational overhead?

  A. Configure the Lambda functions to be AWS AppSync data sources. Use Event mode for asynchronous Lambda invocation.
  B. Increase the timeout setting for the Lambda functions to accommodate longer processing times.
  C. Set up an Amazon SQS queue. Configure AWS AppSync to send messages to the SQS queue. Configure a Lambda function event source mapping to poll the queue.
  D. Enable caching, and increase the duration of the AWS AppSync cache TTL.
  A. Configure the Lambda functions to be AWS AppSync data sources. Use Event mode for asynchronous Lambda invocation.

  ---

  explanation:

  Explanation

• Question 8:

  A company has an application that uses an AWS Lambda function to process customer orders. The company notices that the application processes some orders more than once.

  A developer needs to update the application to prevent duplicate processing.

  Which solution will meet this requirement with the LEAST implementation effort?

  A. Implement a de-duplication mechanism that uses Amazon DynamoDB as the control database. Configure the Lambda function to check for the existence of a unique identifier before processing each event.
  B. Create a custom Amazon ECS task to perform idempotency checks. Use AWS Step Functions to integrate the ECS task with the Lambda function.
  C. Configure the Lambda function to retry failed invocations. Implement a retry mechanism that has a fixed delay between attempts to handle duplicate events.
  D. Use Amazon Athena to query processed events to identify duplicate records. Add processing logic to the Lambda function to handle the duplication scenarios that the query identifies.
  A. Implement a de-duplication mechanism that uses Amazon DynamoDB as the control database. Configure the Lambda function to check for the existence of a unique identifier before processing each event.

  ---

  explanation:

  Explanation

• Question 9:

  A company runs applications on Amazon EKS containers. The company sends application logs from the containers to an Amazon CloudWatch Logs log group. The company needs to process log data in real time based on a specific error in the application logs.

  Which combination of steps will meet these requirements? (Select TWO.)

  A. Create an Amazon SNS topic that has a subscription filter policy.
  B. Create a subscription filter on the log group that has a filter pattern.
  C. Set up an Amazon CloudWatch agent operator to manage the trace collection daemon in Amazon EKS.
  D. Create an AWS Lambda function to process the logs.
  E. Create an Amazon EventBridge rule to invoke the AWS Lambda function on a schedule.
  B. Create a subscription filter on the log group that has a filter pattern.
  D. Create an AWS Lambda function to process the logs.

  ---

  explanation:

  Explanation

• Question 10:

  A developer is using an AWS account to build an application that stores files in an Amazon S3 bucket. Files must be encrypted at rest by AWS KMS keys. A second AWS account must have access to read files from the bucket. The developer wants to minimize operational overhead for the application.

  Which combination of solutions will meet these requirements? (Select TWO.)

  A. Use a customer managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.
  B. Use an AWS managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.
  C. Create a service control policy (SCP) that grants s3:GetObject permissions to the second AWS account.
  D. Create a bucket policy for the S3 bucket that grants s3:GetObject permissions to the second AWS account.
  E. Create a gateway endpoint for the S3 bucket. Modify the endpoint policy to grant s3:GetObject permissions to the second AWS account.
  A. Use a customer managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.
  D. Create a bucket policy for the S3 bucket that grants s3:GetObject permissions to the second AWS account.

  ---

  explanation:

  Explanation