Amazon DVA-C02 Online Practice Questions and Exam Preparation

Amazon DVA-C02 Online Questions & Answers

• Question 251:

  A developer is creating an application. New users of the application must be able to create an account and register by using their own social media accounts. Which AWS service or resource should the developer use to meet these requirements?

  A. IAM role
  B. Amazon Cognito identity pools
  C. Amazon Cognito user pools
  D. AWS Directory Service
  C. Amazon Cognito user pools

  ---

  Explanation

  User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.

• Question 252:

  An Amazon Simple Queue Service (Amazon SQS) queue serves as an event source for an AWS Lambda function. In the SQS queue, each item corresponds to a video file that the Lambda function must convert to a smaller resolution. The Lambda function is timing out on longer video files, but the Lambda function's timeout is already configured to its maximum value.

  What should a developer do to avoid the timeouts without additional code changes?

  A. Increase the memory configuration of the Lambda function.
  B. Increase the visibility timeout on the SQS queue.
  C. Increase the instance size of the host that runs the Lambda function.
  D. Use multi-threading for the conversion.
  A. Increase the memory configuration of the Lambda function.

  ---

  Explanation

  Increasing the memory configuration of the Lambda function will also increase the CPU and network throughput available to the function. This can improve the performance of the video conversion process and reduce the execution time of the function. This solution does not require any code changes or additional resources. It is also recommended to follow the best practices for preventing Lambda function timeouts1. References Troubleshoot Lambda function invocation timeout errors | AWS re:Post

• Question 253:

  A company requires objects that are stored in Amazon S3 to be encrypted The company is currently using server-side encryption with AWS KMS managed encryption keys (SSE-KMS) A developer needs to optimize the cost-effectiveness of the encryption mechanism without negatively affecting performance

  What should the developer do to meet these requirements?

  A. Change the encryption type to customer-provided keys.
  B. Configure the SJ bucket to use an S3 Bucket Key for SSE-KMS
  C. Use S3 bucket policies to limit the principals who can create objects
  D. Use a custom policy to limit the number of AWS KMS calls that are allowed
  B. Configure the SJ bucket to use an S3 Bucket Key for SSE-KMS

  ---

  Explanation

• Question 254:

  A developer has AWS Lambda functions that need to access a company's internal data science libraries and reference data. Separate teams manage the libraries and the data. The teams must be able to update and upload new data independently. The Lambda functions are connected to the company's central VPC.

  Which solution will provide the Lambda functions with access to the libraries and data?

  A. Attach an Amazon Elastic Block Store (Amazon EBS) volume to the Lambda functions by using EBS Multi-Attach in the central VPC. Update the Lambda function execution roles to give the functions to access the EBS volume. Update the Lambda function code to reference the files in the EBS volume.
  B. Compress the libraries and reference data in a Lambda /tmp folder. Update the Lambda function code to reference the files in the /tmp folder.
  C. Set up an Amazon Elastic File System (Amazon EFS) file system with mount targets in the central VPConfigure the Lambda functions to mount the EFS file system. Update the Lambda function execution roles to give the functions to access the EFS file system.
  D. Set up an Amazon FSx for Windows File Server file system with mount targets in the central VPC. Configure the Lambda functions to mount the Amazon FSx file system. Update the Lambda function execution roles to give the functions to access the Amazon FSx file system.
  C. Set up an Amazon Elastic File System (Amazon EFS) file system with mount targets in the central VPConfigure the Lambda functions to mount the EFS file system. Update the Lambda function execution roles to give the functions to access the EFS file system.

  ---

  Explanation

• Question 255:

  A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API. The developer will have three distinct environments to manage: development, test, and production.

  How should the application be deployed while minimizing the number of resources to manage?

  A. Create a separate API Gateway and separate Lambda function for each environment in the same Region.
  B. Assign a Region for each environment and deploy API Gateway and Lambda to each Region.
  C. Create one API Gateway with multiple stages with one Lambda function with multiple aliases.
  D. Create one API Gateway and one Lambda function, and use a REST parameter to identify the environment.
  C. Create one API Gateway with multiple stages with one Lambda function with multiple aliases.

  ---

  Explanation

• Question 256:

  A developer builds a serverless application on AWS by using Amazon API Gateway, AWS Lambda functions, and Amazon Route 53. During testing, the developer notices errors but cannot immediately locate the root cause.

  To identify the errors, the developer needs to search all the application's logs.

  What should the developer do to meet these requirements with the LEAST operational overhead?

  A. Set up API Gateway health checks to monitor the application's availability. Use the Amazon CloudWatch PutMetricData API operation to publish the logs to CloudWatch. Search and query the logs by using Amazon Athena.
  B. Set up Route 53 health checks to monitor the application's availability. Turn on AWS CloudTrail logs for all the AWS services that the application uses. Send the logs to a specified Amazon S3 bucket. Use Amazon Athena to query the log files directly from Amazon S3.
  C. Configure all the application's AWS services to publish a real-time feed of log events to an Amazon Kinesis Data Firehose delivery stream. Configure the delivery stream to publish all the logs to an Amazon S3 bucket. Use Amazon OpenSearch Service to search and analyze the logs.
  D. Set up Route 53 health checks to monitor the application's availability. Turn on Amazon CloudWatch Logs for the API Gateway stages to log API requests with a JSON log format. Use CloudWatch Logs Insights to search and analyze the logs from the AWS services that the application uses.
  A. Set up API Gateway health checks to monitor the application's availability. Use the Amazon CloudWatch PutMetricData API operation to publish the logs to CloudWatch. Search and query the logs by using Amazon Athena.

  ---

  Explanation

• Question 257:

  A developer is creating an application that reads and writes to multiple Amazon S3 buckets. The application will be deployed to an Amazon EC2 instance. The developer wants to make secure API requests from the EC2 instances without the need to manage the security credentials for the application. The developer needs to apply the principle of least privilege.

  Which solution will meet these requirements?

  A. Create an IAM user. Create access keys and secret keys for the user. Associate the user with an IAM policy that allows s3:* permissions.
  B. Associate the EC2 instance with an IAM role that has an IAM policy that allows s3:ListBucket and s3:*Object permissions for specific S3 buckets.
  C. Associate the EC2 instance with an IAM role that has an AmazonS3FullAccess AWS managed policy.
  D. Create a bucket policy on the S3 bucket that allows s3:ListBucket and s3:*Object permissions to the EC2 instance.
  B. Associate the EC2 instance with an IAM role that has an IAM policy that allows s3:ListBucket and s3:*Object permissions for specific S3 buckets.

  ---

  Explanation

• Question 258:

  A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy:

  

  When the application tries to read from the Cars table, an Access Denied error occurs. How can the developer resolve this error?

  A. Modify the IAM policy resource to be "arn:aws:dynamodb:us-west-2:account-id:table/*".
  B. Modify the IAM policy to include the dynamodb:* action.
  C. Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.
  D. Create a trust relationship between the role and dynamodb.amazonaws.com.
  C. Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.

  ---

  Explanation

• Question 259:

  A company has an ecommerce platform. A developer is designing an Amazon DynamoDB table to store customer order data for the platform. The table uses the order ID as the partition key.

  The developer needs to modify the table to get all order IDs that are associated with a given customer email address in a single query. The solution must give the developer the ability to query order IDs by other item attributes in the future.

  Which solution will meet these requirements?

  A. Configure the partition key to use the customer email address as the sort key.
  B. Update the table to use the customer email address as the partition key.
  C. Create a local secondary index (LSI) with the customer email address as the sort key.
  D. Create a global secondary index (GSI) with the customer email address as the partition key.
  D. Create a global secondary index (GSI) with the customer email address as the partition key.

  ---

  Explanation

• Question 260:

  An online sales company is developing a serverless application that runs on AWS. The application uses an AWS Lambda function that calculates order success rates and stores the data in an Amazon DynamoDB table. A developer wants an efficient way to invoke the Lambda function every 15 minutes.

  Which solution will meet this requirement with the LEAST development effort?

  A. Create an Amazon EventBridge rule that has a rate expression that will run the rule every 15 minutes. Add the Lambda function as the target of the EventBridge rule.
  B. Create an AWS Systems Manager document that has a script that will invoke the Lambda function on Amazon EC2. Use a Systems Manager Run Command task to run the shell script every 15 minutes.
  C. Create an AWS Step Functions state machine. Configure the state machine to invoke the Lambda function execution role at a specified interval by using a Wait state. Set the interval to 15 minutes.
  D. Provision a small Amazon EC2 instance. Set up a cron job that invokes the Lambda function every 15 minutes.
  B. Create an AWS Systems Manager document that has a script that will invoke the Lambda function on Amazon EC2. Use a Systems Manager Run Command task to run the shell script every 15 minutes.

  ---

  Explanation