Amazon DVA-C02 Online Practice Questions and Exam Preparation

Amazon DVA-C02 Online Questions & Answers

• Question 301:

  An ecommerce startup is preparing for an annual sales event. As the traffic to the company's application increases, the development team wants to be notified when the Amazon EC2 instance's CPU utilization exceeds 80%. Which solution will meet this requirement?

  A. Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.
  B. Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.
  C. Create a cron job on the EC2 instance that invokes the --describe-instance-information command on the host instance every 15 minutes and sends the results to an Amazon SNS topic.
  D. Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.
  A. Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

  ---

  Explanation

• Question 302:

  A company is building a content authoring application. The application has multiple user groups, such as content creator, reviewer, approver, and administrator. The company needs to assign fine-grained permissions for specific parts of the application.

  The company needs a solution to configure, maintain, and analyze user permissions. The company wants a solution that can be easily adapted to work with newer applications in the future. The company must use a third-party OpenID Connect (OIDC) identity provider (IdP) to authenticate users.

  Which solution should the company choose?

  A. Configure an Amazon Cognito identity pool for the application. Use the identity pool identities within the application to manage user permissions.
  B. Configure the application to check user permissions upon request. Configure the application logic to manage user permissions.
  C. Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions.
  D. Set up an IAM role for each user group. Assign users appropriate IAM roles. Configure the application to determine appropriate permissions for each user based on the user's IAM role.
  C. Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions.

  ---

  Explanation

  Why Option C is Correct:Amazon Verified Permissions provides fine-grained access control capabilities, making it ideal for managing complex user permissions. It integrates with OIDC IdPs for authentication and allows applications to request

  authorization decisions dynamically. It is also easily adaptable to newer applications.

  Why Other Options are Incorrect:

  Option A: Cognito identity pools do not natively support fine-grained permission analysis or management.

  Option B: Managing permissions in application logic adds significant operational overhead.

  Option D: IAM roles are not designed for application-specific fine-grained access control and are more suitable for resource-level permissions.

  AWS Documentation

  References:

  Amazon Verified Permissions

• Question 303:

  An application is real-time processing millions of events that are received through an API.

  What service could be used to allow multiple consumers to process the data concurrently and MOST cost- effectively?

  A. Amazon SNS with fanout to an SQS queue for each application
  B. Amazon SNS with fanout to an SQS FIFO (first-in, first-out) queue for each application
  C. Amazon Kinesis Firehose
  D. Amazon Kinesis Data Streams
  D. Amazon Kinesis Data Streams

  ---

  Explanation

• Question 304:

  A company has an application that stores data in Amazon RDS instances. The application periodically experiences surges of high traffic that cause performance problems. During periods of peak traffic, a developer notices a reduction in query speed in all database queries.

  The team's technical lead determines that a multi-threaded and scalable caching solution should be used to offload the heavy read traffic. The solution needs to improve performance. Which solution will meet these requirements with the LEAST complexity?

  A. Use Amazon ElastiCache for Memcached to offload read requests from the main database.
  B. Replicate the data to Amazon DynamoDB. Set up a DynamoDB Accelerator (DAX) cluster.
  C. Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance. Offload read requests from the main database to the standby instance.
  D. Use Amazon ElastiCache for Redis to offload read requests from the main database.
  A. Use Amazon ElastiCache for Memcached to offload read requests from the main database.

  ---

  Explanation

• Question 305:

  A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.

  After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using

  production Lambda functions. The development team must prevent these invocations. The team must follow security best practices.

  Which solution will meet these requirements?

  A. Update the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket.
  B. Move the development and production environments into separate AWS accounts. Add a resource policy to each Lambda function to allow only S3 buckets that are within the same account to invoke the function.
  C. Add a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function.
  D. Move the development and production environments into separate AWS accounts. Update the Lambda execution role for each function to add a policy that allows the execution role to read from the S3 bucket that is within the same account.
  B. Move the development and production environments into separate AWS accounts. Add a resource policy to each Lambda function to allow only S3 buckets that are within the same account to invoke the function.

  ---

  Explanation

• Question 306:

  A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing.

  What could be causing this issue?

  A. The cache is not being invalidated when the price of the item is changed.
  B. The price of the item is being retrieved using a write-through ElastiCache cluster.
  C. The DynamoDB table was provisioned with insufficient read capacity.
  D. The DynamoDB table was provisioned with insufficient write capacity.
  A. The cache is not being invalidated when the price of the item is changed.

  ---

  Explanation

• Question 307:

  A company has an analytics application that uses an AWS Lambda function to process transaction data asynchronously A developer notices that asynchronous invocations of the Lambda function sometimes fail When failed Lambda function invocations occur, the developer wants to invoke a second Lambda function to handle errors and log details.

  Which solution will meet these requirements?

  A. Configure a Lambda function destination with a failure condition Specify Lambda function as the destination type Specify the error-handling Lambda function's Amazon Resource Name (ARN) as the resource
  B. Enable AWS X-Ray active tracing on the initial Lambda function. Configure X-Ray to capture stack traces of the failed invocations. Invoke the error-handling Lambda function by including the stack traces in the event object.
  C. Configure a Lambda function trigger with a failure condition Specify Lambda function as the destination type Specify the error-handling Lambda function's Amazon Resource Name (ARN) as the resource
  D. Create a status check alarm on the initial Lambda function. Configure the alarm to invoke the error- handling Lambda function when the alarm is initiated. Ensure that the alarm passes the stack trace in the event object.
  A. Configure a Lambda function destination with a failure condition Specify Lambda function as the destination type Specify the error-handling Lambda function's Amazon Resource Name (ARN) as the resource

  ---

  Explanation

  Configuring a Lambda function destination with a failure condition is the best solution for invoking a second Lambda function to handle errors and log details. A Lambda function destination is a resource that Lambda sends events to after a function is invoked. The developer can specify the destination type as Lambda function and the ARN of the error-handling Lambda function as the resource. The developer can also specify the failure condition, which means that the destination is invoked only when the initial Lambda function fails. The destination event will include the response from the initial function, the request ID, and the timestamp. The other solutions are either not feasible or not efficient. Enabling AWS X-Ray active tracing on the initial Lambda function will help to monitor and troubleshoot the function performance, but it will not automatically invoke the error-handling Lambda function. Configuring a Lambda function trigger with a failure condition is not a valid option, as triggers are used to invoke Lambda functions, not to send events from Lambda functions. Creating a status check alarm on the initial Lambda function will incur additional costs and complexity, and it will not capture the details of the failed invocations. References Using AWS Lambda destinations Asynchronous invocation - AWS Lambda AWS Lambda Destinations: What They Are and Why to Use Them AWS Lambda Destinations: A Complete Guide | Dashbird

• Question 308:

  A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.

  The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.

  Which solution will meet these requirements MOST securely?

  A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
  B. Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.
  C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
  D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
  A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

  ---

  Explanation

• Question 309:

  A developer is working on an application that will be deployed on AWS. The developer needs to test and debug the code locally. The code is packaged and stored in an Amazon S3 bucket.

  How can the developer test and debug the code locally with the LEAST amount of configuration?

  A. Create an application and a deployment group in AWS CodeDeploy. For the compute platform, specify the local machine as the individual instance for the deployment. For the repository type, specify that the application is stored in Amazon S3. Start the deployment to test on the local machine.
  B. Create a repository in AWS CodeArtifact. Publish the application code package to the repository. Before deployment, create an upstream repository to test and validate the code.
  C. Create a build project in AWS CodeBuild. In AWS CodePipeline, add a CodeBuild test action by adding a stage and an action. For the action provider, specify a CodeBuild test and the build project. View the build log to see the test results.
  D. Install the AWS CodeDeploy agent locally to validate the deployment package. Run the codedeploy-local command. Specify the S3 bucket where the code package is located by using the --bundle-location option.
  D. Install the AWS CodeDeploy agent locally to validate the deployment package. Run the codedeploy-local command. Specify the S3 bucket where the code package is located by using the --bundle-location option.

  ---

  Explanation

• Question 310:

  A developer is troubleshooting a new AWS Lambda function. The function should run automatically each time a new object is uploaded to an Amazon S3 bucket. However, the developer finds that all calls failed before they reached the application code inside the function.

  Which of the following is a possible reason for this failure?

  A. The function resource policy does not allow access from Amazon S3.
  B. The function execution role does not allow access from Amazon S3.
  C. The function execution role does not allow access to Amazon S3.
  D. The IAM user does not have access to Amazon S3.
  C. The function execution role does not allow access to Amazon S3.

  ---

  Explanation