DVA-C01 : AWS Certified Developer Associate : Part 06
-
An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size. To what value should the table’s provisioned read throughput be set?
- 50 read capacity units
- 100 read capacity units
- 200 read capacity units
- 500 read capacity units
-
A web application is designed to allow new users to create accounts using their email addresses. The application will store attributes for each user, and is expecting millions of user to sign up. What should the Developer implement to achieve the design goals?
- Amazon Cognito user pools
- AWS Mobile Hub user data storage
- Amazon Cognito Sync
- AWS Mobile Hub cloud logic
-
A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway. How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?
- Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function source code.
- Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.
- Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket.
- Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.
-
An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch. What is the best practice for implementing this requirement?
- Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch.
- Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to CloudWatch.
- Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call.
- Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.
-
Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data. How can DynamoDB costs be minimized while maximizing application performance?
- Batch all the writes, and perform the write operations when no or few reads are being performed.
- Create a global secondary index with a minimum set of projected attributes.
- Implement exponential backoffs in the application.
- Load balance the reads to the table using an Application Load Balancer.
-
AWS CodeBuild builds code for an application, creates the Docker image, pushes the image to Amazon Elastic Container Registry (Amazon ECR), and tags the image with a unique identifier. If the Developers already have AWS CLI configured on their workstations, how can the Docker images be pulled to the workstations?
- Run the following:
docker pull REPOSITORY URI : TAG
- Run the output of the following:
aws ecr get-login
and then run:
docker pull REPOSITORY URI : TAG
- Run the following:
aws ecr get-login
and then run:
docker pull REPOSITORY URI : TAG
- Run the output of the following:
aws ecr get-download-url-for-layer
and then run:
docker pull REPOSITORY URI : TAG
- Run the following:
-
A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.
What is the simplest way to do this?
- Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.
- Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.
- Each day, create a new table to hold session data; delete the previous day’s table.
- Add an attribute with the expiration time; name the attribute ItemExpiration.
-
An application is expected to process many files. Each file takes four minutes to process each AWS Lambda invocation. The Lambda function does not return any important data.
What is the fastest way to process all the files?
- First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.
- Make synchronous RequestResponse Lambda invocations and process the files one by one.
- Make asynchronous Event Lambda invocations and process the files in parallel.
- First join all the files, then process it all at once with an asynchronous Event Lambda invocation.
-
The upload of a 15 GB object to Amazon S3 fails. The error message reads: “Your proposed upload exceeds the maximum allowed object size.”
What technique will allow the Developer to upload this object?
- Upload the object using the multi-part upload API.
- Upload the object over an AWS Direct Connect connection.
- Contact AWS Support to increase the object size limit.
- Upload the object to another AWS region.
-
A company has an AWS CloudFormation template that is stored as a single file. The template is able to launch and create a full infrastructure stack.
Which best practice would increase the maintainability of the template?
- Use nested stacks for common template patterns.
- Embed credentials to prevent typos.
- Remove mappings to decrease the number of variables.
- Use AWS::Include to reference publicly-hosted template files.
-
A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.
Which type of encryption meets these requirements?
- Server-side encryption using S3-managed keys
- Server-side encryption with AWS KMS-managed keys
- Client-side encryption with a client-side symmetric master key
- Client-side encryption with AWS KMS-managed keys
-
An on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, “LimitExceeded” errors are being logged.
What should be changed to fix this error?
- Implement exponential backoffs in the application.
- Load balance the application to multiple servers.
- Move the application to Amazon EC2.
- Add a one second delay to each API call.
-
An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata.
What AWS service should be used to accomplish this?
- Amazon DynamoDB
- Amazon EC2
- AWS Lambda
- Amazon RDS
-
While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs.
Which AWS service can be used to securely store these logs?
- Amazon EC2 VPC Flow Logs
- Amazon CloudWatch Logs
- Amazon CloudSearch
- AWS CloudTrail
-
A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.
What step will allow Kinesis to accommodate the traffic during peak hours?
- Install the Kinesis Producer Library (KPL) for ingesting data into the stream.
- Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod.
- Increase the shard count of the stream using UpdateShardCount.
- Ingest multiple records into the stream in a single call using PutRecords.
-
Where can PortMapping be defined when launching containers in Amazon ECS?
- Security groups
- Amazon Elastic Container Registry (Amazon ECR)
- Container agent
- Task definition
-
An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the “hot” shard is resharded.
Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?
- 12
- 6
- 4
- 1
-
A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations.
As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing.
What is the MOST secure approach?
- Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.
- Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.
- Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.
- Use client-side encryption/decryption with Amazon S3 and AWS KMS.
-
A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services.
Review the following response:
Based on the response displayed, what permissions are associated with the call from the application?
- Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1
- Permissions associated with the default role used when the AWS service was built
- Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE
- Permissions associated with the account that owns the AWS service
-
A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out.
What can be done to avoid this time-out?
- Use pagination
- Use shorthand syntax
- Use parameter values
- Use quoting strings
Subscribe
0 Comments
Newest