Amazon DVA-C02 Online Practice Questions and Exam Preparation

Amazon DVA-C02 Online Questions & Answers

• Question 401:

  A company has an internal website that contains sensitive data. The company wants to make the website public. The company must ensure that only employees who authenticate through the company's OpenID Connect (OIDC) identity provider (IdP) can access the website. A developer needs to implement authentication without editing the website.

  Which combination of steps will meet these requirements? (Choose two.)

  A. Create a public Network Load Balancer.
  B. Create a public Application Load Balancer.
  C. Configure a listener for the load balancer that listens on HTTPS port 443. Add a default authenticate action providing the OIDC IdP configuration.
  D. Configure a listener for the load balancer that listens on HTTP port 80. Add a default authenticate action providing the OIDC IdP configuration.
  E. Configure a listener for the load balancer that listens on HTTPS port 443. Add a default AWS Lambda action providing an Amazon Resource Name (ARN) to a Lambda authentication function.
  B. Create a public Application Load Balancer.
  C. Configure a listener for the load balancer that listens on HTTPS port 443. Add a default authenticate action providing the OIDC IdP configuration.

  ---

  Explanation

• Question 402:

  A developer is writing a new serverless application for a company. Several other developers must collaborate on the code for this application, and the company expects frequent changes to the code. The developer needs to deploy the code from source control to AWS Lambda with the fewest number of manual steps.

  Which strategy for the build and deployment should the developer use to meet these requirements?

  A. Build the code locally, and then upload the code into the source control system. When a release is needed, run AWS CodePipeline to extract the uploaded build and deploy the resources.
  B. Use the AWS Serverless Application Model (AWS SAM) CLI to build and deploy the application from the developer's local machine with the latest version checked out locally.
  C. Use AWS CodeBuild and AWS CodePipeline to invoke builds and corresponding deployments when configured source controlled branches have pull requests merged into them.
  D. Use the Lambda console to upload a .zip file of the application that is created by the AWS Serverless Application Model (AWS SAM) CLI build command.
  D. Use the Lambda console to upload a .zip file of the application that is created by the AWS Serverless Application Model (AWS SAM) CLI build command.

  ---

  Explanation

• Question 403:

  A developer is using AWS CodeDeploy to automate a company's application deployments to Amazon EC2. Which application specification file properties are required to ensure the software deployments do not fail? (Select TWO.)

  A. The file must be a JSON-formatted file named appspec.json.
  B. The file must be a YAML-formatted file named appspec.yml.
  C. The file must be stored in AWS CodeBuild and referenced from the application's source code.
  D. The file must be placed in the root of the directory structure of the application's source code.
  E. The file must be stored in Amazon S3 and referenced from the application's source code.
  B. The file must be a YAML-formatted file named appspec.yml.
  D. The file must be placed in the root of the directory structure of the application's source code.

  ---

  Explanation

  Comprehensive and Detailed Step-by-Step Explanation:To ensure successful software deployments using AWS CodeDeploy, the application specification file (appspec.yml or appspec.json) must adhere to specific requirements:

  File Format Requirement (Option B):

  The appspec.yml file is a YAML-formatted file required for defining deployment actions and file locations. This is the modern and recommended format for application specification files.

  It can also be a JSON-formatted file named appspec.json, but YAML is most commonly used and accepted.

  File Placement Requirement (Option D):

  The application specification file must reside in the root directory of the application's source code. This is necessary so that AWS CodeDeploy can detect and use the file during deployment.

  Incorrect Options:

  Option A: While a JSON-formatted file (appspec.json) is valid, this is not a mandatory requirement. YAML is also acceptable, and this option does not account for it. Option C: The application specification file is not required to be stored in

  AWS CodeBuild; it must be included in the source code's directory structure. Option E: The application specification file does not need to be stored in Amazon S3. S3 is commonly used for application artifacts, but the appspec.yml or

  appspec.json file must exist within the deployment package or source code root.

  References:

  AWS CodeDeploy User Guide: Application Specification File

• Question 404:

  A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks. Which solution will meet these requirements MOST cost-effectively?

  A. Amazon S3 with encrypted files prefixed with "config"
  B. AWS Secrets Manager secrets with a tag that is named SecretString
  C. AWS Systems Manager Parameter Store SecureString parameters
  D. CloudFormation NoEcho parameters
  C. AWS Systems Manager Parameter Store SecureString parameters

  ---

  Explanation

  https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

• Question 405:

  A developer is updating several AWS Lambda functions and notices that all the Lambda functions share the same custom libraries. The developer wants to centralize all the libraries, update the libraries in a convenient way, and keep the libraries versioned.

  Which solution will meet these requirements with the LEAST development effort?

  A. Create an AWS CodeArtifact repository that contains all the custom libraries.
  B. Create a custom container image for the Lambda functions to save all the custom libraries.
  C. Create a Lambda layer that contains all the custom libraries.
  D. Create an Amazon Elastic File System (Amazon EFS) file system to store all the custom libraries.
  C. Create a Lambda layer that contains all the custom libraries.

  ---

  Explanation

• Question 406:

  A company has an application that consists of different microservices that run inside an AWS account. The microservices are running in containers inside a single VPC. The number of microservices is constantly increasing. A developer must create a central logging solution for application logs.

  Which solution should the developer choose to centralize the logging for the application?

  A. Create a different Amazon CloudWatch Logs stream for each microservice.
  B. Create an AWS CloudTrail trail to log all the API calls.
  C. Configure VPC Flow Logs to track the communications between the microservices.
  D. Use AWS Cloud Map to map the interactions of the microservices.
  A. Create a different Amazon CloudWatch Logs stream for each microservice.

  ---

  Explanation

  To create a central logging solution for microservices, using Amazon CloudWatch Logs is a recommended and effective approach. Here's why:

  Amazon CloudWatch Logs Streams allow you to centralize logs from different services, which is crucial as the number of microservices increases. Each microservice can have its own dedicated log stream within Amazon CloudWatch Logs ,

  providing clear segregation of logs while still allowing centralized management.

  This setup enables developers to monitor, search, and analyze logs efficiently using tools like CloudWatch Insights .

  Other options like CloudTrail (B) are designed for API activity monitoring, not application logs. VPC Flow Logs (C) focus on network traffic rather than application behavior. AWS Cloud Map (D) is for service discovery and routing, not logging.

• Question 407:

  Users are reporting errors in an application. The application consists of several microservices that are deployed on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate.

  Which combination of steps should a developer take to fix the errors? (Choose two.)

  A. Deploy AWS X-Ray as a sidecar container to the microservices. Update the task role policy to allow access to the X-Ray API
  B. Deploy AWS X-Ray as a daemonset to the Fargate cluster. Update the service role policy to allow access to the X-Ray API.
  C. Instrument the application by using the AWS X-Ray SDK. Update the application to use the Put rayTrace API call to communicate with the X-Ray API.
  D. Instrument the application by using the AWS X-Ray SDK. Update the application to communicate with the X-Ray daemon.
  E. Instrument the ECS task to send the stdout and stderr output to Amazon CloudWatch Logs. Update the task role policy to allow the cloudwatch:Put Logs action.
  A. Deploy AWS X-Ray as a sidecar container to the microservices. Update the task role policy to allow access to the X-Ray API
  D. Instrument the application by using the AWS X-Ray SDK. Update the application to communicate with the X-Ray daemon.

  ---

  Explanation

• Question 408:

  An AWS Lambda function is running in a company's shared AWS account. The function needs to perform an additional ec2:DescribeInstances action that is directed at the company's development accounts. A developer must configure the required permissions across the accounts.

  How should the developer configure the permissions to adhere to the principle of least privilege?

  A. Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
  B. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
  C. Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
  D. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
  B. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.

  ---

  Explanation

• Question 409:

  A social media application is experiencing high volumes of new user requests after a recent marketing campaign. The application is served by an Amazon RDS for MySQL instance. A solutions architect examines the database performance and notices high CPU usage and many "too many connections" errors that lead to failed requests on the database. The solutions architect needs to address the failed requests.

  Which solution will meet this requirement?

  A. Deploy an Amazon DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster.
  B. Deploy an RDS Proxy. Configure the application to use the RDS Proxy.
  C. Migrate the database to an Amazon RDS for PostgreSQL instance.
  D. Deploy an Amazon ElastiCache (Redis OSS) cluster. Configure the application to use the ElastiCache cluster.
  B. Deploy an RDS Proxy. Configure the application to use the RDS Proxy.

  ---

  Explanation

  Why Option B is Correct:RDS Proxy manages database connections efficiently, reducing overhead on the RDS instance and mitigating "too many connections" errors.

  Why Other Options are Incorrect:

  Option A: DAX is for DynamoDB, not RDS.

  Option C: Migration to PostgreSQL does not address the current issue.

  Option D: ElastiCache is useful for caching but does not solve connection pool issues.

  AWS Documentation

  References:

  Amazon RDS Proxy

• Question 410:

  A developer manages a website that distributes its content by using Amazon CloudFront. The website's static artifacts are stored in an Amazon S3 bucket.

  The developer deploys some changes and can see the new artifacts in the S3 bucket. However, the changes do not appear on the webpage that the CloudFront distribution delivers.

  How should the developer resolve this issue?

  A. Configure S3 Object Lock to update to the latest version of the files every time an S3 object is updated.
  B. Configure the S3 bucket to clear all old objects from the bucket before new artifacts are uploaded.
  C. Set CloudFront to invalidate the cache after the artifacts have been deployed to Amazon S3.
  D. Set CloudFront to modify the distribution origin after the artifacts have been deployed to Amazon S3.
  C. Set CloudFront to invalidate the cache after the artifacts have been deployed to Amazon S3.

  ---

  Explanation