New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Amazon Web Services DVA-C01 AWS Certified Developer Associate Exam Exam Practice Test

Demo: 90 questions
Total 608 questions

AWS Certified Developer Associate Exam Questions and Answers

Question 1

A developer must cache dependent artifacts from Maven Central, a public package repository, as part of an application's build pipeline. The build pipeline has an AWS CodeArtifact repository where artifacts of the build are published. The developer needs a solution that requires minimum changes to the build pipeline

Which solution meets these requirements?

Options:

A.

Modify the existing CodeArtifact repository to associate an upstream repository with the public package repository

B.

Create a new CodeArtifact repository that has an external connection to the public package repository

C.

Create a new CodeArtifact domain that contains a new repository that has an external connection to the public package

repository

D.

Modify the CodeArtifact repository resource policy to allow artifacts to be fetched from the public package repository

Question 2

A developer is designing a distributed application built using a microservices architect spanning multiple AWS accounts. The company's operations team wants to analyze and debug application issues from a centralized account.

How can the developer meet these requirements?

Options:

A.

Use an Amazon X-Ray agent with role assumption on to publish data into the centralized account.

B.

Use Amazon X-Ray and create a new IAM user to publish the access keys into the centralized account.

C.

Use VPC Flow Logs to collect application logs across different accounts.

D.

Enable AWS CloudTrail to publish the trails in an Amazon S3 bucket in the centralized account.

Question 3

A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing

What could be causing this issue?

Options:

A.

The cache is not being invalidated when the price of the item is changed

B.

The price of the item is being retrieved using a write-through ElastiCache cluster

C.

The DynamoDB table was provisioned with insufficient read capacity

D.

The DynamoDB table was provisioned with insufficient write capacity.

Question 4

A developer is building an application using an Amazon API Gateway REST API backed by an AWS Lambda function that interacts with an Amazon DynamoDB table During testing, the developer observes high latency when making requests to the API

How can the developer evaluate the end-to-end latency and identify performance bottlenecks?

Options:

A.

Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck

B.

Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function Use X-Ray to trace and analyze user requests

C.

Enable Amazon CloudWatch Logs for the Lambda function Enable execution logs for API Gateway to view and analyze user request logs.

D.

Enable VPC Flow Logs to capture and analyze network traffic within the VPC

Question 5

A developer has an AWS CodePipelme pipeline that invokes AWS CodeBuild in the build stage The developer wants to pass in a variable from CodePipeline so that the variable can be read in the CodeBuild buiidspec yml file

How can the developer accomplish this goal?

Options:

A.

Configure a unique CodePipelme vanable namespace and vanables as key-value pairs that define each of the variables required in CodeBuild

B.

Configure a CodePipelme environment vanable that contains a JSON document that defines each of the variables required in CodeBuild

C.

Configure an AWS CloudFormation stack set that contains a JSON document that defines each of the variables required in CodeBuild Reference the stack set from CodePipelme

D.

Configure an AWS CodeArtifact repository to store each environment variable Reference CodeArtifact from CodePipelme and CodeBuild

Question 6

A developer has written the following 1AM policy to provide access to an Amazon S3 bucket:

Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?

Options:

A.

Access on all buckets except the "DOC-EXAMPLE-BUCKET' bucket

B.

Access on all buckets that start with "DOC-EXAMPLE-BUCKET" except the "DOC-EXAMPLE-BUCKET/secrets" bucket

C.

Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket along with access to all S3 actions for objects in the

"DOC-EXAMPLE-BUCKET" bucket that start with "secrets"

D.

Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket except on objects that start with "secrets"

Question 7

A developer is building an application using an Amazon API Gateway REST API backed by an AWS Lambda function that interacts with an Amazon DynamoDB table During testing, the developer observes high latency when making requests to the API

How can the developer evaluate the end-to-end latency and identify performance bottlenecks?

Options:

A.

Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck

B.

Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function Use X-Ray to trace and analyze user requests

C.

Enable Amazon CloudWatch Logs for the Lambda function Enable execution logs for API Gateway to view and analyze user request logs.

D.

Enable VPC Flow Logs to capture and analyze network traffic within the VPC

Question 8

A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services The developer has created a canonical request, has created the string to sign, and has calculated signing information

Which methods could the developer use to complete a signed request? (Select TWO)

Options:

A.

Add the signature to an HTTP header that is named Authorization

B.

Add the signature to a session cookie

C.

Add the signature to an HTTP header that 15 named Authentication

D.

Add the signature to a query string parameter that is named X-Amz-Signature

E.

Add the signature to an HTTP header that is named WWW-Authenticate

Question 9

A company recently experienced some unexpected downtime. After investigating, the company determines that a developer mistakenly terminated several production Amazon EC2 instances.

What should the company do to BEST protect against accidental terminations in the future.

Options:

A.

Enable EC2 termination protection on all production instances unless approval has been given through AWS Resource Access Manager.

B.

Modify the developer group’s permissions policy to deny them access to delete production instances unless approved has been given through AWS Resource Access Manager.

C.

Modify the developer group’s permission policy to require multi-factor authentication (MFA) only production instances are being delete Enable EC2 termination protection on production instances.

D.

Enable EC2 termination protection on production instances. Deny the developer group’s permissions policy access to terminate instance. Create a new role that developer can assume when termination is necessary.

Question 10

A developer creates an Amazon S3 bucket to store project status files that are uploaded hourly. The developer also creates an AWS Lambda function that will be used to process the project status files

What should the developer do to invoke the function with the LEAST amount of AWS infrastructure'?

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every 5 minutes and scan for new objects

B.

Create an S3 event notification to invoke the function when a new object is created in the S3 bucket

C.

Create an S3 event notification that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic

Subscribe the function to the SNS topic.

D.

Create an S3 event notification that adds a message to an Amazon Simple Queue Service (Amazon SQS) queue Configure the function to poll the queue

Question 11

A three-tier application hosted on AWS uses Amazon RDS for MYSQL as its database. A developer must ensure the database credentials are stored and accessed securely.

What is the MOST secure way for the developer to achieve this?

Options:

A.

Store the credentials in a configuration file and commit it to the GIT repository.

B.

Store the credentials in AWS Secrets Manager and enable automatic secret rotation.

C.

Store the credentials using Amazon RDS and enable automatic rotation

D.

Store the credentials in code and handle credentials rotation within the application.

Question 12

A developer has created a Node js web application on a local development machine. The developer wants to use AWS technology to host the website. The developer needs a solution that requires the least possible operational overhead and no code changes.

Which AWS service should the developer use to meet these requirements?

Options:

A.

AWS Elastic Beanstalk

B.

Amazon EC2

C.

AWS Lambda

D.

Amazon Elastic Kubernetes Service (Amazon EKS)

Question 13

A company has an internal website that gives users the ability to access contract Idata that is stored in an Amazon RDS DB instance The number of contracts has increased and several users have reported slow retrieval of the contract data

The company wants to set up a cache to improve the latency A developer must create a solution that ensures data resiliency The data must be encrypted and must be partitioned by department

Which solution will meet these requirements?

Options:

A.

Amazon ElastiCache for Memcached with cluster mode enabled

B.

Amazon ElastiCache for Redis with cluster mode enabled

C.

Amazon ElastiCache for Redis with cluster mode disabled

D.

Amazon ElastiCache for Memcached with cluster mode disabled

Question 14

A developer Is working with a Docker application that needs to be quickly deployed using AWS without changing the infrastructure or configuring health checks. The application should be configured so that changes and updates can be made automatically without any downtime

Which solution will meet these requirements?

Options:

A.

Use AWS Elastic Beanstalk for application deployment and select an all-at-once update policy.

B.

Use AWS Elastic Beanstalk for application deployment and select a rolling deployment policy.

C.

Deploy the Docker container on an Amazon EC2 instance in an Auto Scaling group and configure a health check on the EC2 instance

D.

Deploy the Docker container using AWS Lambda and enable Amazon CloudWatch monitoring

Question 15

A developer is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.

How should the developer manage the deployment of the new version?

Options:

A.

Modify the CloudFormation template to include a Transform section and the AWS "CodeDeploy::BlueGreen hook.

B.

Deploy the new version in a new CloudFormation stack After testing is complete, update the application's DNS records for the new stack.

C.

Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.

D.

Create a nested stack for the new version. Include a Transform section and the AWS: CodeDeploy BlueGreen hook.

Question 16

A development team is migrating a monolithic application to Amazon API Gateway with AWS Lambda integrations using the AWS CD The zip deployment package exceeds the Lambda direct upload deployment package size limit. How should the Lambda function be deployed?

Options:

A.

Use the zip tile to create a Lambda layer and reference it using the -code CLI parameter

B.

Create a Docker image and reference the image using the --docker-image CLI parameter

C.

Upload a deployment package using the --zp-file CLI parameter

D.

Upload a deployment package to Amazon S3 and reference Amazon S3 using the --code CLI parameter

Question 17

An application running on multiple Amazon EC2 instances pulls messages ...SQS queue. A requirement for the application is that all messages must be encrypted at rest.

Developers are instructed to use methods that allow for centralized .. possible support requirements whenever possible.

Which of the following solution supports these requirements?

Options:

A.

Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.

B.

Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.

C.

Create an SQS queue, and encrypt the queue by using server-side encryption with AWS KMS

D.

Create an SQS queue and encrypt the queue by using client-side encryption

Question 18

A developer is using Amazon S3 as the event source that invokes a Lambda function when new objects are created in the bucket The event source mapping Information Is stored in the bucket notification configuration The developer is working with different versions of the Lambda function, and has a constant need to update notification configuration so that Amazon S3 invokes the correct version

What is the MOST efficient and effective way to achieve mapping Between the S3 event and Lambda?

Options:

A.

Use a different Lambda trigger

B.

Use Lambda environment variables

C.

Use a Lambda alias

D.

Use Lambda tags.

Question 19

An application runs on multiple EC2 instances behind an ELB.

Where is the session data best written so that it can be served reliably across multiple requests?

Options:

A.

Write data to Amazon ElasticCache.

B.

Write data to Amazon Elastic Block Store.

C.

Write data to Amazon EC2 instance Block Store.

D.

Write data to the root filesystem.

Question 20

A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation.

Which of the following will help the developer accomplish this objective?

Options:

A.

Obtain the request identifier from the Lambda context object Architect the application to write logs to the console.

B.

Obtain the request identifier from the Lambda event object Architect the application to write logs to a file

C.

Obtain the request identifier from the Lambda event object Architect the application to write logs to the console

D.

Obtain the request identifier from the Lambda context object Architect the application to write logs to a file.

Question 21

A developer is deploying an application in the AWS Cloud by using AWS Cloud Formation The application will connect to an existing Amazon RDS database The hostname of the RDS database is stored in AWS Systems Manager Parameter Store as a plaintext value The developer needs to incorporate the database hostname into the Cloud Formation template to initialize the application when the stack is created

How should the developer reference the parameter that contains the database hostname?

Options:

A.

Use the ssm dynamic reference

B.

Use the Ref intrinsic function

C.

Use the Fn: ImportVatue intrinsic function

D.

Use the ssm-secure dynamic reference.

Question 22

A company uses a third-party tool to build, bundle, and package rts applications on-premises. and store them locally The company uses Amazon EC2 instances to run its front-end applications How can an application be deployed from the source control system onto the EC2 instances?

Options:

A.

Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle m a zip. tar. or tar.gz format

B.

Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy

C.

Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances

D.

Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances

Question 23

A company is building a serverless application that uses AWS Lambda. The application includes Lambda functions that are exposed by Amazon API Gateway The functions will use several large third-party libraries, and the build artifacts will exceed 50 MB in size.

Which combination of steps should a developer take to prepare and perform the deployment? (Select TWO.)

Options:

A.

Issue the aws lambda update-function-code CLI command with the -zip-file fileb://my-function.zip parameter

B.

Upload the build artifact to Amazon S3.

C.

Issue the aws cloudformation package CLI command.

D.

Issue the aws lambda update-function-code CLI command with the -s3-bucket and -s3-key parameters.

E.

Issue the aws lambda update-function-code CLI command with a parameter that points to the source code in AWS CodeCommit.

Question 24

An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application.

Which HTTP header should the developer use for this analysis?

Options:

A.

The X-Forwarded-Proto header

B.

The X-Forwarded-Host header

C.

The X-Forwarded-For header

D.

The X-Forwarded-Port header

Question 25

A company must encrypt sensitive data that the company will store in Amazon S3. A developer must retain total control over the company's AWS Key Management Service (AWS KMS) key and the company’s data keys. The company currently uses an on-premises hardware security module (HSM) solution. The company wants to move its key management onto AWS.

Which solution will meet these requirements?

Options:

A.

Implement server-side encryption with AWS KMS managed keys (SSE-KMS). Use AWS CloudHSM to generate the KMS key and data keys to use with AWS KMS.

B.

Implement server-side encryption with customer-provided encryption keys (SSE-C). Use AWS CloudHSM to generate the KMS key and manage the data keys that the company will use to read and write objects to Amazon S3.

C.

Implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use AWS CloudHSM to generate the KMS key and manage the data keys that the company will use to read and write objects to Amazon S3.

D.

Implement server-side encryption with AWS KMS managed keys (SSE-KMS). Use the AWS KMS custom key store feature to manage the data keys. Then read or write objects to Amazon S3 as normal.

Question 26

A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket. The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS Security Token Service (AWS STS) to assume a role with access to perform the S3 PUT operation to upload the file.

The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an 1AM instance profile in the same AWS account that owns the S3 bucket.

What is the MOST secure solution for the developer to use to migrate the automation code?

Options:

A.

Remove the code that calls the STS AssumeRole operation. Use the same access key and secret key from the server to access the S3 bucket.

B.

Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.

C.

Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an 1AM instance profile role that grants access to the S3 bucket.

D.

Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Create a new access key and secret key. Use the new keys to access the S3 bucket.

Question 27

A developer is migrating a legacy monolithic application to AWS and wants to convert the application's internal processes to microservices The application's internal processes communicate through internal asynchronous messaging Occasionally messages need to be reprocessed by multiple microservices

How should the developer migrate the application's internal messaging to AWS to meet these requirements?

Options:

A.

Use Amazon Simple Queue Service (Amazon SQS) queues to communicate messages between the microservices

B.

Use Amazon API Gateway to provide REST interfaces between the microservices

C.

Use Amazon Kinesis Data Streams to communicate messages between the microservices

D.

Use Amazon API Gateway to provide WebSocket APIs between the microservices.

Question 28

A company is migrating a legacy application to a serverless application on AWS. The legacy application consists of a set of web services that are exposed by a Amazon API Gateway API. A developer needs to replace the existing implementation of web services with AWS Lambda functions. The developer needs to test new version of the" API that uses the functions in production. The developer must minimize the impact of the testing on the application's users.

Which solution will meet these requirements?

Options:

A.

Create a beta stage for the new version of the API. Send the updated endpoint to the users.

B.

Create a development stage for the new version of the API. Use a canary deployment.

C.

Create a development stage for the new version of the API. Promote a canary release.

D.

Create a deployment stage. Enable mutual TLS for the new version of the API.

Question 29

A data-processing application includes an AWS Lambda function that processes data in several steps. Recently, the function has been reaching the Lambda tii A developer wants to use AWS X-Ray to find out how long each step is taking so that the developer can determine which step is causing the timeout.

Which combination of actions should the developer take to accomplish this goal? (Select TWO.)

Options:

A.

Modify the application to call the PutMetricData API operation after each processing step. Include the time taken in milliseconds.

B.

Use the aws lambda update-function-configuration AWS CLI command to enable active tracing on the Lambda function.

C.

Modify the application to record each processing step in an X-Ray subsegment by using the X-Ray software development kit (SDK).

D.

Add the xray:PutTraceSegments permission and the xray:PutTelemetryRecords permission to the Lambda function's execution role.

E.

Modify the application to put each processing step in a separate Lambda layer. Include all the layers in the Lambda function.

Question 30

A developer creates a web service that performs many critical activities. The web service code uses an AWS SDK to publish noncritical metrics to Amazon CloudWatch by using the PutMetricData API. The web service must return results to the caller as quickly as possible. The response data from the PutMetricData API is not necessary to create the web service response.

Which solution will MOST improve the response time of the web service?

Options:

A.

Upgrade to the latest version of the AWS SDK.

B.

Call the PutMetricData API in a background thread.

C.

Use the AWS SDK to perform a synchronous call to an AWS Lambda function. Call the PutMetricData API within the Lambda function.

D.

Send metric data to an Amazon Simple Queue Service (Amazon SQS) queue. Configure an AWS Lambda function with the queue as the event source. Call the PutMetricData API within the Lambda function.

Question 31

A company has an online order website that uses Amazon DynamoDB to store item inventory. A sample of the inventory object is as follows:

A developer needs to reduce all inventory prices by 100 as long as the resulting price would not be less than 500. What should the developer do to make this change with the LEAST number of calls to DynamoDB?

Options:

A.

Perform a DynamoDB Query operation with the Id. If the price is >= 600, perform an Updateltem operation to update the price.

B.

Perform a DynamoDB Updateltem operation with a condition expression of "Price >= 600".

C.

Perform a DynamoDB Updateltem operation with a condition expression of "ProductCategory IN <{"S": "Sporting Goods"}) and Price = 600".

Question 32

A developer has created a Java application that makes HTTP requests directly to AWS services. Application logging shows 5xx HTTP response codes that occ irregular intervals. The errors are affecting users.

How should the developer update the application to improve the application's resiliency?

Options:

A.

Revise the request content in the application code.

B.

Use the AWS SDK for Java to interact with AWS APIs.

C.

Scale out the application so that more instances of the application are running.

D.

Add additional logging to the application code.

Question 33

A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people. How can the deveioper securely provide temporary access to the objects that are stored in the S3 bucket?

Options:

A.

Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket's URL.

B.

Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.

C.

Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL.

D.

Configure static web hosting on the S3 bucket. Provide the bucket's web URL.

Question 34

A developer is creating a Java application that will store sensitive data in an Amazon DynamoDB table. The data must be encrypted at all times.

How can the developer meet this requirement?

Options:

A.

Enable encryption at rest by using an AWS Key Management Service (AWS KMS) AWS owned key for the DynamoDB table.

B.

Enable encryption at rest by using an AWS Key Management Service (AWS KMS) customer managed key for the DynamoDB table.

C.

Implement client-side encryption in the application code by using the DynamoDB Encryption Client.

D.

Use an HTTPS connection to encrypt data in transit.

Question 35

A company hosts a monolithic application on Amazon EC2 instances. The company starts converting some features of the application to a serverless architecture by using Amazon API Gateway and AWS Lambda After the migration, some users report problems with payment processing

Upon inspection, a developer discovers that the Lambda function that calls the external payment API is taking longer than expected Therefore, the API Gateway requests are timing out

What should the developer do to resolve this issue in the serverless architecture?

Options:

A.

Use the EC2 instances to make the API calls to the payment API

B.

Use Amazon Simple Queue Service (Amazon SQS) with API Gateway and the Lambda function to asynchronously call the payment API

C.

Increase the API Gateway timeout duration to match the payment API time

D.

Increase the Lambda function's memory to increase the network bandwidth and increase the speed of the payment API calls

Question 36

A company manages a financial services application that stores a large volume of data in an Amazon DynamoDB table. A developer needs to improve the performance of the DynamoDB read queries without increasing the cost.

Which solution meets these requirements?

Options:

A.

Use parallel scans

B.

Add a local secondary index (LSI).

C.

Create a DynamoDB Accelerator (DAX) cluster.

D.

Query with the Projection Expression parameter

Question 37

A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application.

The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.

B.

Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.

C.

Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.

D.

Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.

Question 38

\ developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that un behind an Amazon API Gateway HTTP API.

rhe developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities.

Which solution will meet these requirements?

Options:

A.

Create Amazon Cognito user pools for external social identity providers. Configure 1AM roles for the identity pools.

B.

Program the sign-in page to create users' 1AM groups with the 1AM roles attached to the groups.

C.

Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS.

D.

Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached 1AM policy.

Question 39

A developer is designing a serverless application for an ecommerce website. An Amazon API Gateway API exposes.....

user operations. The website features shopping carts for the users. The shopping carts must be stored for extended..... the front-end application.

The load on the application will vary significantly based on the time of day and the promotional sales that are offered..... scale automatically to meet these changing demands.

Which solution will meet these requirements?

Options:

A.

Store the data objects on an Amazon RDS DB instance. Cache the data objects in memory by using Amazon ElastiCache.

B.

Store the data objects on Amazon EC2 instances behind an Application Load Balancer. Use session affinity (sticky sessions) for each user's shopping cart.

C.

Store the data objects in Amazon S3 buckets. Cache the data objects by using Amazon CloudFront with the maximum TTL.

D.

Store the data objects in Amazon DynamoDB tables. Cache the data objects by using DynamoDB Accelerator (DAX).

Question 40

A developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group. The developer wants to externalize the session state to support the application. Miich AWS services or resources can the developer use to meet these requirements? (Select TWO.)

Options:

A.

Amazon DynamoDB

B.

Amazon Cognito

C.

Amazon ElastiCache

D.

Application Load Balancer

E.

Amazon Simple Queue Service (Amazon SQS)

Question 41

A company is developing a microservice that will manage customer account data in an Amazon DynamoDB table. Insert, update, and delete requests will be rare. Read traffic will be heavy. The company must have the ability to access customer data quickly by using a customer ID. The microservice can tolerate stale data.

Which solution will meet these requirements with the FEWEST possible read capacity units (RCUs)?

Options:

A.

Read the table by using eventually consistent reads.

B.

Read the table by using strongly consistent reads.

C.

Read the table by using transactional reads.

D.

Read the table by using strongly consistent PartiQL queries.

Question 42

A movie fan club hosts a serverless web application in an Amazon S3 bucket. The application uses an AWS Lambda function that is exposed by an Amazon API Gateway API. The function queries an Amazon DynamoDB table to list actors sorted by movie. In the DynamoDB table. Actor is the primary key, Movie is the sort key, and Role and Year are attributes.

In the web application, a developer wants to add a page that is named Phase 1 that lists only the movies that were released between 2008 and 2012. The developer needs to fetch the Phase 1 items in a way that minimizes the impact on the DynamoDB table.

Which solution will meet these requirements?

Options:

A.

Create a global secondary index (GSl) with the Year attribute as the sort key. Create a Lambda function to return the results from a new method in the API.

B.

Design a Lambda function that scans the DynamoDB table and filters the results for the Phase 1 items. Invoke the function from a new method in the API.

C.

Use a DynamoDB stream to send items that are filtered by Year to a new DynamoDB table. Invoke a Lambda function from a new method in the API.

D.

Set up an Amazon CloudFront distribution. Create a Lambda@Edge function to filter the items that are returned from the API request.

Question 43

A company's security policies require all database passwords to be rotated every 30 days The company uses different database platforms, including Amazon Aurora databases and proprietary NoSQL document databases, for different applications A developer needs to implement a solution for password rotation

Which solution will meet these requirements?

Options:

A.

Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Secrets Manager Configure Secrets Manager to rotate the password by using the Lambda function

B.

Encrypt the existing password with AWS Key Management Service (AWS KMS) Export the existing password Generate a random password with AWS KMS Use the AWS KMS password renewal feature to replace the existing password with the new password.

C.

Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Systems Manager Parameter Store Configure Parameter Store to rotate the password by using the Lambda function

D.

Integrate AWS Systems Manager Parameter Store with a Key Management Interoperability Protocol (KMIP)-compliant third-party secret manager to enable third-party database password rotation on AWS

Question 44

A developer deploys a custom application to three Amazon EC2 instances. The application processes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue with default settings. When the developer runs a load test on the Amazon SQS queue, the developer discovers that the application processes many messages multiple times.

How can the developer ensure that the application processes each message exactly once?

Options:

A.

Modify the SQS standard queue to an SQS FIFO queue.

B.

Process the messages on one EC2 instance instead of three instances.

C.

Create a new SQS FIFO queue. Point the application to the new queue.

D.

Increase the DelaySeconds value on the current SQS queue.

Question 45

An open-source map application gathers data from several geolocation APIs. The application's source code repository is public and can be used by anyone, but the geolocation APIs must not be directly accessible.

A developer must implement a solution to prevent the credentials that are used to access the APIs from becoming public. The solution also must ensure that the application still functions properly.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Store the credentials in AWS Secrets Manager. Retrieve the credentials by using the GetSecretValue API operation.

B.

Store the credentials in AWS Key Management Service (AWS KMS). Retrieve the credentials by using the GetPublicKey API operation.

C.

Store the credentials in AWS Security Token Service (AWS STS). Retrieve the credentials by using the GetCallerldentity API operation.

D.

Store the credentials in AWS Systems Manager Parameter Store. Retrieve the credentials by using the GetParameter API operation.

Question 46

A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.

What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

Options:

A.

A GitHub secure authentication token

B.

A public and private SSH key file

C.

A set of Git credentials generated from IAM

D.

An Amazon EC2 IAM role with CodeCommit permissions

Question 47

A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity During peak times, the backend servers that process orders are overloaded with requests. This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.

Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Select TWO.)

Options:

A.

Increase the backend T2 EC2 instance sees to xl to handle the largest possible load throughout the year

B.

implement an Amazon SQS queue to decouple the front-end and backend servers

C.

Use an Amazon SNS queue to decouple the front-end and backend servers.

D.

Migrate the backend servers to on-premises and pull from an Amazon SNS queue

E.

Modify the backend servers to pull from an Amazon SQS queue.

Question 48

A development team wants to immediately build and deploy an application whenever there is a change to the source code. Which approaches could be used to trigger the deployment? (Select TWO.)

Options:

A.

Store the source code in an Amazon S3 bucket Configure AWS CodePipeline to start whenever a file in the bucket changes

B.

Store the source code in an encrypted Amazon EBS volume Configure AWS CodePipeline to start whenever a file in the volume changes

C.

Store the source code in an AWS CodeCommit repository Configure AWS CodePipeline to start whenever a change is committed to the repository.

D.

Store the source code in an Amazon S3 bucket Configure AWS CodePipeline to start every 15 minutes

E.

Store the source code in an Amazon EC2 instance's ephemeral storage. Configure the instance to start AWS CodePipeline whenever there are changes to the source code

Question 49

A developer is refactoring a monolithic application. The application takes a POST request and performs several operations. Some of the operations are in parallel while others run sequentially. These operations have been refactored into individual AWS Lambda functions. The POST request will be processed by Amazon API Gateway.

How should the developer invoke the Lambda functions in the same sequence using API Gateway*?

Options:

A.

Use Amazon SQS to invoke the Lambda functions

B.

Use an AWS Step Functions activity to run the Lambda functions

C.

Use Amazon SNS to trigger the Lambda functions

D.

Use an AWS Step Functions state machine to orchestrate the Lambda functions.

Question 50

A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container tor the application to initialize

How should the environment variables be passed to the container?

Options:

A.

Define an array that includes the environment variables under the environment parameter within the service definition

B.

Define an array that includes the environment variables under the environment parameter within the task definition

C.

Define an array that includes the environment variables under the entrypoint parameter within the task definition

D.

Define in array that includes the environment variables under the entryPoint parameter within the service definition

Question 51

A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible.

What is a viable long-term solution for this scenario''

Options:

A.

Generate a presigned URL when a picture is uploaded Save the URL in an Amazon DynamoDB table Return the URL to the browser when the employee logs in

B.

Save the picture's S3 key in an Amazon DynamoDB table Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.

C.

Encode a picture using base64 Save the base64 string in an Amazon DynamoDB table Allow the browser to retrieve the string and convert it to a picture

D.

Save the picture's S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.

Question 52

A company has 25:000 employees and is growing The company is creating an application that will be accessible to its employees only A developer is using Amazon S3 to store images and Amazon RDS to store application data. The company requires that all employee information remain in the legacy Security Assertion Markup Language (SAML) employee directory only and is not interested in mirroring any employee information on AWS.

How can the developer provide authorized access for the employees who will be using this application so each employee can access their own application data only?

Options:

A.

Use Amazon VPC and keep all resources inside the VPC. and use a VPC link for the S3 bucket with the bucket policy.

B.

Use Amazon Cognito user pools, federate with the SAML provider and use user pool groups with an IAM policy

C.

Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the cognito-identity.amazonaws com sub variable to grant access to the employees.

D.

Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only.

Question 53

A company requires that AWS Lambda functions written by developers log errors so system administrators can more effectively troubleshoot issues What should the developers implement to meet this need?

Options:

A.

Publish errors to a dedicated Amazon SQS queue

B.

Create an Amazon CloudWatch Events event to trigger based on certain Lambda events.

C.

Report errors through logging statements in Lambda function code.

D.

Set up an Amazon SNS topic that sends logging statements upon failure

Question 54

A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

Options:

A.

CacheHitCount

B.

IntegrationLatency

C.

CacheMissCount

D.

Latency

E.

Count

Question 55

NO:

A developer is setting up Amazon API Gateway for their company's products The API will be used by registered developers to query and update their environments. The company wants to limit the amount of requests end users can send for both cost and security reasons Management wants to offer registered developers the option of buying larger packages that allow for more requests.

How can the developer accomplish this with the LEAST amount of overhead management?

Options:

A.

Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If a registered user chooses a larger package, create a stage for them, adjust the values, and share the new URL with them.

B.

Set up Amazon CloudWatch API logging in API Gateway Create a filter based on the user and requestTime fields and create an alarm on this filter Write an AWS Lambda function to analyze the values and requester information, and respond accordingly Set up the function as the target for the alarm If a registered user chooses a larger package, update the Lambda code with the values.

C.

Enable Amazon CloudWatch metrics for the API Gateway stage Set up CloudWatch alarms based off the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts when request rates pass the threshold Set the alarm action to Deny If a registered user chooses a larger package create a user-specific alarm and adjust the values

D.

Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage, if a registered user chooses a larger package, create a custom plan with the appropriate values and associate the plan with the user

Question 56

A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:

  • Average execution time of 100 seconds
  • 50 requests per second

Which step must be taken prior to deployment to prevent errors?

Options:

A.

Implement dead-letter queues to capture invocation errors

B.

Add an event source from Amazon API Gateway to the Lambda function

C.

Implement error handling within the application code

D.

Contact AWS Support to increase the concurrent execution limits

Question 57

An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update.

What technique provides the shortest delay in updating the dashboard?

Options:

A.

Retrieve the messages from the queue using long polling every 20 seconds.

B.

Reduce the size of the messages by compressing them before sending.

C.

Retrieve the messages from the queue using short polling every 10 seconds.

D.

Reduce the size of each message payload by sending it in two parts.

Question 58

A Developer must encrypt a 100-GB object using AWS KMS.

What is the BEST approach?

Options:

A.

Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)

B.

Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material

C.

Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data

D.

Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data

Question 59

A company wants to migrate an imaging service to Amazon EC2 while following security best practices. The images are sourced and read from a non-public Amazon S3 bucket.

What should a developer do to meet these requirements?

Options:

A.

Create an IAM user with read-only permissions for the S3 bucket Temporarily store the user credentials in the Amazon EBS volume of the EC2 instance

B.

Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2 instance.

C.

Create an EC2 service role with read-only permissions for the S3 bucket Attach the role to the EC2 instance

D.

Create an S3 service role with read-only permissions for the S3 bucket Attach the role to the EC2 instance

Question 60

A developer wants to send multi-value headers to an AWS Lambda function that is registered as a target with an Application Load Balancer (ALB).

What should the developer do to achieve this?

Options:

A.

Place the Lambda function and target group in the same account

B.

Send the request body to the Lambda function with a size less than 1 MB 0

C.

Include the Base64 encoding status status code, status description, and headers in the Lambda function

D.

Enable the multi-value headers on the ALB

Question 61

A developer is writing a web application that must share secure documents with end users The documents are stored in a private Amazon S3 bucket The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes

How can the developer meet these requirements?

Options:

A.

Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes

B.

Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes

C.

Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS

D.

Modify the S3 bucket policy to only allow specific users to download the documents Revert the change after 15 minutes.

Question 62

An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the chnages in the rate of data flow, the “hot” shard is resharded.

Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

Options:

A.

12

B.

6

C.

4

D.

1

Question 63

A Developer is creating a Lambda function that will generate and export a file. The function requires 100 MB of temporary storage for temporary files while executing. These files will not be needed after the function is complete.

How can the Developer MOST efficiently handle the temporary files?

Options:

A.

Store the files in EBS and delete the files at the end of the Lambda function.

B.

Copy the files to EFS and delete the files at the end of the Lambda function.

C.

Store the files in the /tmp directory and delete the files at the end of the Lambda function.

D.

Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Question 64

A developer has created a new AWS IAM user that has s3 putobject permission to write to a specific Amazon bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SEE-KMS) as the encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.

How can this issue be resolved?

Options:

A.

Update the policy of the IAM user to allow the s3 Encrypt action.

B.

Update the bucket policy of the S3 bucket to allow the IAM user to upload objects

C.

Update the policy of the IAM user to allow the kms GenerateDatakey action

D.

Update the ACL of the bucket to allow the IAM user to upload objects

Question 65

When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data.

How should the Developer write the function to send processed data to the Administrators?

Options:

A.

Separate the Lambda handler from the core logic

B.

Use Amazon CloudWatch Events to send the processed data

C.

Publish the processed data to an Amazon SNS topic

D.

Push the processed data to Amazon SQS

Question 66

A developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB.

Why is the Lambda function not being invoked?

Options:

A.

A Lambda function cannot be registered as a target for an ALB

B.

A Lambda function can be registered with an ALB using AWS Management Console only

C.

The permissions to invoke the Lambda function are missing

D.

Cross-zone is not enabled on the ALB

Question 67

A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities.

Which approach would provide the BEST user experience?

Options:

A.

Provision a Redic cluster in Amazon ElasticCache and save the session data in the cluster

B.

Create a session table in Amazon Redshift and save the session data in the database table.

C.

Enable session stickness in the existing Network Load Balancer and manage the session data in the container.

D.

Use an Amazon S3 bucket as data store and save the session data in the bucket.

Question 68

A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client-side encryption.

What steps must be followed?

Options:

A.

Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter

B.

Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C.

Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D.

Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Question 69

A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available.

Which of the following could create this situation? (Select two.)

Options:

A.

The traces are reaching X-Ray, but the Developer does not have access to view the records.

B.

The X-Ray daemon is not installed on the EC2 instance.

C.

The X-Ray endpoint specified in the application configuration is incorrect.

D.

The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.

E.

The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.

Question 70

A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night’s batch job.

Which is the MOST efficient and cost-effective method to provide an empty table?

Options:

A.

Use DeleteItem using a ConditionExpression.

B.

Use BatchWriteItem to empty all of the rows.

C.

With a recursive function that scans and calls out DeleteItem.

D.

Create and then delete the table after the task has completed.

Question 71

In a move toward using microservices, a company’s Management team has asked all Development teams to build their services so that API requests depend only on that service’s data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.

What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

Options:

A.

Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B.

Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C.

Use Amazon Kinesis Data Firehouse to deliver all changes from the Accounts database to the Payments database.

D.

Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Question 72

An application is real-time processing millions of events that are received through an API.

What service could be used to allow multiple consumers to process the data concurrently and MOST cost-effectively?

Options:

A.

Amazon SNS with fanout to an SQS queue for each application

B.

Amazon SNS with fanout to an SQS FIFO (first-in, firtst-out) queue for each application

C.

Amazon Kinesis Firehouse

D.

Amazon Kinesis Streams

Question 73

A current architecture uses many Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks easily.

Which AWS Service can help refactor and manage the state machine?

Options:

A.

AWS Data Pipeline

B.

AWS SNS with AWS SQS

C.

Amazon Elastic MapReduce

D.

AWS Step Functions

Question 74

A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes.

What is the SAFEST way to meet these requirements?

Options:

A.

Associate an IAM role to the EC2 instance where the application is running with permission to access the database.

B.

Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.

C.

Configure the application to store secrets in Amazon S3 object metadata.

D.

Hard code the database secrets in the application code itself.

Question 75

A serverless application uses an API Gateway and AWS Lambda.

Where should the Lambda function store its session information across function calls?

Options:

A.

In an Amazon DynamoDB table

B.

In an Amazon SQS queue

C.

In the local filesystem

D.

In an SQLite session table using –DSQLITE_ENABLE_SESSION

Question 76

A Development team currently supports an application that uses an in-memory store to save accumulated game results. Individual results are stored in a database. As part of migrating to AWS, the team needs to use automatic scaling. The team knows this will yield inconsistent results.

Where should the team store these accumulated game results to BEST allow for consistent results without impacting performance?

Options:

A.

Amazon S3

B.

Amazon RDS

C.

Amazon ElastiCache

D.

Amazon Kinesis

Question 77

An application stops working with the following error: The specified bucket does not exist. Where is the BEST place to start the root cause analysis?

Options:

A.

Check the Elastic Load Balancer logs for DeleteBucket requests.

B.

Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors.

C.

Check AWS X-Ray for Amazon S3 DeleteBucket alarms.

D.

Check AWS CloudTrail for a DeleteBucket event.

Question 78

A Developer needs temporary access to resources in a second account.

What is the MOST secure way to achieve this?

Options:

A.

Use the Amazon Cognito user pools to get short-lived credentials for the second account.

B.

Create a dedicated IAM access key for the second account, and send it by mail.

C.

Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.

D.

Establish trust, and add an SSH key for the second account to the IAM user.

Question 79

An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use.

Which of the following methods should be used to obtain unique identifiers?

Options:

A.

Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.

B.

Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.

C.

Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.

D.

Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.

Question 80

A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website.

How should the Developer identify the cause of the failures?

Options:

A.

Modify the buildspec.yml file to include steps to send the output of build commands to Amazon

CloudWatch.

B.

Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.

C.

Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.

D.

Manually re-run the build process on a local machine so that the output can be visualized.

Question 81

Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size." error message.

What is a possible solution for this?

Options:

A.

None, Simple Storage Service objects are limited to 5 GB

B.

Use the multi-part upload API for this object

C.

Use the large object upload API for this object

D.

Contact support to increase your object size limit

E.

Upload to a different region

Question 82

An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket.

Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

Options:

A.

Use the default AWS KMS customer master key for S3 in the Lambda function code.

B.

Use the S3 managed key and call the GenerateDataKey API to encrypt the file.

C.

Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

D.

Use a custom KMS customer master key created for S3 in the Lambda function code.

Question 83

When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?

Options:

A.

Legibility and stylistic convention

B.

Taking advantage of connection re-use

C.

Better error handling

D.

Creating a new instance per invocation

Question 84

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.

Which of the following steps could resolve the issue?

Options:

A.

Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet

B.

Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

C.

Disabling the Source/Destination Check attribute on the NAT instance

D.

Attaching an Elastic IP address to the instance in the private subnet

Question 85

Which of the following services are included at no additional cost with the use of the AWS platform? Choose 2 answers

Options:

A.

Simple Storage Service

B.

Elastic Compute Cloud

C.

Auto Scaling

D.

Elastic Load Balancing

E.

CloudFormation

F.

Simple Workflow Service

Question 86

Which of the following statements about SWF are true? Choose 3 answers

Options:

A.

SWF tasks are assigned once and never duplicated

B.

SWF requires an S3 bucket for workflow storage

C.

SWF workflow executions can last up to a year

D.

SWF triggers SNS notifications on task assignment

E.

SWF uses deciders and workers to complete tasks

F.

SWF requires at least 1 EC2 instance per domain

Question 87

A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table.

Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

Options:

A.

Scan operation using eventually-consistent reads

B.

Query operation using strongly-consistent reads

C.

Query operation using eventually-consistent reads

D.

Scan operation using strongly-consistent reads

Question 88

An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender’s messages must be processed in the order they are received.

Which SQS feature should be implemented by the Developer?

Options:

A.

Configure each sender with a unique MessageGroupId

B.

Enable MessageDeduplicationIds on the SQS queue

C.

Configure each message with unique MessageGroupIds.

D.

Enable ContentBasedDeduplication on the SQS queue

Question 89

A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB.

The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

Options:

A.

Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package.

B.

Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template.

C.

Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource.

D.

Create a bash script which uses AWS CLI to package and deploy the application.

Question 90

What type of block cipher does Amazon S3 offer for server side encryption?

Options:

A.

Triple DES

B.

Advanced Encryption Standard

C.

Blowfish

D.

RC5

Demo: 90 questions
Total 608 questions