Amazon DVA-C02 Online Practice Questions and Exam Preparation

Amazon DVA-C02 Online Questions & Answers

• Question 431:

  A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

  How can the developer meet these requirements?

  A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.
  B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.
  C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.
  D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.
  B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

  ---

  Explanation

• Question 432:

  A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.

  Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

  A. dynamodb:DeleleItem dynamodb:GetItem dynamodb:PutItem
  B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
  C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
  D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem
  D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

  ---

  Explanation

• Question 433:

  A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

  Which solution will meet these requirements in the MOST operationally efficient way?

  A. Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments
  B. Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.
  C. Configure the environment variables in the application code Use different names for each environment type
  D. Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret
  D. Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret

  ---

  Explanation

  AWS Secrets Manager is the best option for managing sensitive credentials across multiple environments, as it provides automatic secret rotation, auditing, and monitoring features. It also allows storing environment-specific credentials in separate secrets, which can be accessed by the applications using the SDK or CLI. AWS Systems Manager Parameter Store does not have built-in secret rotation capability, and it requires creating individual parameters or storing the entire credential set as JSON object. Configuring the environment variables in the application code is not a secure or scalable solution, as it exposes the credentials to anyone who can access the code. References AWS Secrets Manager vs. Systems Manager Parameter Store AWS System Manager Parameter Store vs Secrets Manager vs Environment Variation in Lambda, when to use which AWS Secrets Manager vs. Parameter Store: Features, Cost and More

• Question 434:

  A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing, and production. A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints.

  Which solution will meet this requirement?

  A. Store the third-party service endpoints in Lambda layers that correspond to the stage.
  B. Store the third-party service endpoints in API Gateway stage variables that correspond to the stage.
  C. Encode the third-party service endpoints as query parameters in the API Gateway request URL.
  D. Store the third-party service endpoint for each environment in AWS AppConfig.
  B. Store the third-party service endpoints in API Gateway stage variables that correspond to the stage.

  ---

  Explanation

  API Gateway stage variables are name-value pairs that can be defined as configuration attributes associated with a deployment stage of a REST API. They act like environment variables and can be used in the API setup and mapping templates. For example, the development team can define a stage variable named endpoint and assign it different values for each stage, such as dev.example.com for development, uat.example.com for user acceptance testing, and prod.example.com for production. Then, the team can use the stage variable value in the integration request URL, such as http://$ { stageVariables.endpoint}/api. This way, the team can use the same API setup with different endpoints at each stage by resetting the stage variable value. The other solutions are either not feasible or not cost- effective. Lambda layers are used to package and load dependencies for Lambda functions, not for storing endpoints. Encoding the endpoints as query parameters would expose them to the public and make the request URL unnecessarily long. Storing the endpoints in AWS AppConfig would incur additional costs and complexity, and would require additional logic to retrieve the values from the configuration store. References Using Amazon API Gateway stage variables Setting up stage variables for a REST API deployment Setting stage variables using the Amazon API Gateway console

• Question 435:

  A company has a virtual reality (VR) game. The game has a serverless backend that consists of Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. Recently, the company noticed a sudden increase of new users globally. The company also noticed delays in the retrieval of user data.

  Which AWS service or feature can the company use to reduce the database response time to microseconds?

  A. Amazon ElastiCache
  B. DynamoDB Accelerator (DAX)
  C. DynamoDB auto scaling
  D. Amazon CloudFront
  A. Amazon ElastiCache

  ---

  Explanation

• Question 436:

  A developer maintains a serverless application that uses an Amazon API Gateway REST API to invoke an AWS Lambda function by using a non-proxy integration. The Lambda function returns data, which is stored in Amazon DynamoDB.

  Several application users begin to receive intermittent errors from the API. The developer examines Amazon CloudWatch Logs for the Lambda function and discovers several ProvisionedThroughputExceededException errors.

  The developer needs to resolve the errors and ensure that the errors do not reoccur.

  A. Use provisioned capacity mode for the DynamoDB table, and assign sufficient capacity units. Configure the Lambda function to retry requests with exponential backoff.
  B. Update the REST API to send requests on an Amazon SQS queue. Configure the Lambda function to process requests from the queue.
  C. Configure a usage plan for the REST API.
  D. Update the REST API to invoke the Lambda function asynchronously.
  A. Use provisioned capacity mode for the DynamoDB table, and assign sufficient capacity units. Configure the Lambda function to retry requests with exponential backoff.

  ---

  Explanation

  Option A: Provisioned Capacity with Exponential Backoff:

  Using provisioned capacity ensures sufficient throughput for the DynamoDB table.

  Configuring the Lambda function to implement exponential backoff retries reduces the chance of exceeding capacity during peak usage. This combination addresses the root cause (ProvisionedThroughputExceededException) and prevents

  errors without overprovisioning.

  Why Other Options Are Incorrect:

  Option B: Using SQS adds unnecessary latency and complexity. The issue lies in DynamoDB throughput, not request management.

  Option C: A usage plan for the API does not address throughput issues in DynamoDB.

  Option D: Invoking the Lambda function asynchronously does not resolve the DynamoDB capacity issue and might lead to delayed processing.

  References:

  DynamoDB Provisioned Throughput Documentation

• Question 437:

  A company runs a payment application on Amazon EC2 instances behind an Application Load Balance. The EC2 instances run in an Auto Scaling group across multiple Availability Zones. The application needs to retrieve application secrets during the application startup and export the secrets as environment variables. These secrets must be encrypted at rest and need to be rotated every month.

  Which solution will meet these requirements with the LEAST development effort?

  A. Save the secrets in a text file and store the text file in Amazon S3. Provision a customer managed key. Use the key for secret encryption in Amazon S3. Read the contents of the text file and read the export as environment variables. Configure S3 Object Lambda to rotate the text file every month.
  B. Save the secrets as strings in AWS Systems Manager Parameter Store and use the default AWS Key Management Service (AWS KMS) key. Configure an Amazon EC2 user data script to retrieve the secrets during the startup and export as environment variables. Configure an AWS Lambda function to rotate the secrets in Parameter Store every month.
  C. Save the secrets as base64 encoded environment variables in the application properties. Retrieve the secrets during the application startup. Reference the secrets in the application code. Write a script to rotate the secrets saved as environment variables.
  D. Store the secrets in AWS Secrets Manager. Provision a new customer master key. Use the key to encrypt the secrets. Enable automatic rotation. Configure an Amazon EC2 user data script to programmatically retrieve the secrets during the startup and export as environment variables.
  D. Store the secrets in AWS Secrets Manager. Provision a new customer master key. Use the key to encrypt the secrets. Enable automatic rotation. Configure an Amazon EC2 user data script to programmatically retrieve the secrets during the startup and export as environment variables.

  ---

  Explanation

  AWS Secrets Manager is a service that enables the secure management and rotation of secrets, such as database credentials, API keys, or passwords. By using Secrets Manager, the company can avoid hardcoding secrets in the application code or properties files, and instead retrieve them programmatically during the application startup. Secrets Manager also supports automatic rotation of secrets by using AWS Lambda functions or built-in rotation templates. The company can provision a customer master key (CMK) to encrypt the secrets and use the AWS SDK or CLI to export the secrets as environment variables.

  References: What Is AWS Secrets Manager? - AWS Secrets Manager Rotating Your AWS Secrets Manager Secrets - AWS Secrets Manager Retrieving a Secret - AWS Secrets Manager

• Question 438:

  A developer creates an Amazon DynamoDB table. The table has OrderID as the partition key and NumberOfItemsPurchased as the sort key. The data type of the partition key and the sort key is Number.

  When the developer queries the table, the results are sorted by NumberOfItemsPurchased in ascending order. The developer needs the query results to be sorted by NumberOfItemsPurchased in descending order.

  Which solution will meet this requirement?

  A. Create a local secondary index (LSI) on the NumberOfItemsPurchased sort key.
  B. Change the sort key from NumberOfItemsPurchased to NumberOfItemsPurchasedDescending.
  C. In the Query operation, set the ScanIndexForward parameter to false.
  D. In the Query operation, set the KeyConditionExpression parameter to false.
  C. In the Query operation, set the ScanIndexForward parameter to false.

  ---

  Explanation

• Question 439:

  A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM) on multiple AWS Lambda functions. When the application is deployed, the developer wants to shift 10% of the traffic to the new deployment of the application for the first 10 minutes after deployment. If there are no issues, all traffic must switch over to the new version.

  Which change to the AWS SAM template will meet these requirements?

  A. Set the Deployment Preference Type to Canary10Percent10Minutes. Set the AutoPublishAlias property to the Lambda alias.
  B. Set the Deployment Preference Type to Linear10PercentEvery10Minutes. Set AutoPublishAlias property to the Lambda alias.
  C. Set the Deployment Preference Type to Canary10Percent10Minutes. Set the PreTraffic and PostTraffic properties to the Lambda alias.
  D. Set the Deployment Preference Type to Linear10PercentEvery10Minutes. Set PreTraffic and PostTraffic properties to the Lambda alias.
  C. Set the Deployment Preference Type to Canary10Percent10Minutes. Set the PreTraffic and PostTraffic properties to the Lambda alias.

  ---

  Explanation

• Question 440:

  A developer works for a company that only has a single pre-production AWS account with an AWS CloudFormation AWS Serverless Application Model (AWS SAM) stack. The developer made changes to an existing AWS Lambda function specified in the AWS SAM template and additional Amazon Simple Notification service (Amazon SNS) topics.

  The developer wants to do a one-time deploy of the changes to test if the changes are working. The developer does not want to impact the existing pre-production application that is currently being used by other team members as part of the release pipeline.

  Which solution will meet these requirements?

  A. Use the AWS SAM CLI to package and deploy the SAM application to the pre-production AWS account. Specify the debug parameter.
  B. Use the AWS SAM CLI to package and create a change set against the pre-production AWS account. Execute the change set in a new AWS account designated for a development environment.
  C. Use the AWS SAM CLI to package and deploy the SAM application to a new AWS account designated for a development environment.
  D. Update the CloudFormation stack in the pre-production account. Add a separate stage that points to a new AWS account designated for a development environment.
  C. Use the AWS SAM CLI to package and deploy the SAM application to a new AWS account designated for a development environment.

  ---

  Explanation