DVA-C01 : AWS Certified Developer Associate : Part 11

  1. A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?

    • Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
    • Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
    • Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
    • Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data
  2. A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

    • A GitHub secure authentication token
    • A public and private SSH key file
    • A set of Git credentials generated from IAM
    • An Amazon EC2 IAM role with CodeCommit permissions
  3. A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are sent as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?

    • Enable request validation
    • Include the Amazon Resource Name (ARN) of the Lambda function
    • Change the integration type
    • Create a mapping template
  4. When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data. How should the Developer write the function to send processed data to the Administrators?

    • Separate the Lambda handler from the core logic
    • Use Amazon CloudWatch Events to send the processed data
    • Publish the processed data to an Amazon SNS topic
    • Push the processed data to Amazon SQS
  5. A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?

    • Encrypt the data before sending it to Amazon S3
    • Import a custom key into AWS KMS with annual rotation enabled
    • Use AWS KMS with automatic key rotation
    • Export a key from AWS KMS to encrypt the data
  6. A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes. What would be the BEST way to accomplish this?

    • Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)
    • Create an API Gateway Lambda authorizer to route API clients to the correct API version
    • Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
    • Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
  7. A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?

    • Implement an AWS Lambda authorizer that references the DynamoDB authentication table
    • Create a model that requires the credentials, then grant API Gateway access to the authentication table
    • Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
    • Implement an Amazon Cognito authorizer that references the DynamoDB authentication table
  8. An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users. What can be done to eliminate the performance impact on application users?

    • Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
    • Create an RDS Read Replica and direct all read traffic to the replica.
    • Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
    • Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.
  9. A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Which method the Developer use to access the multi-factor authentication protected API?

    • GetFederationToken
    • GetCallerIdentity
    • GetSessionToken
    • DecodeAuthorizationMessage
  10. An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:

    DVA-C01 AWS Certified Developer Associate Part 11 Q10 012
    DVA-C01 AWS Certified Developer Associate Part 11 Q10 012

    Which combination of steps should be taken to prevent this failure? (Choose two.)

    • Contact AWS Support to request an AWS KMS rate limit increase.
    • Perform error retries with exponential backoff in the application code.
    • Contact AWS Support to request a S3 rate limit increase.
    • Import a customer master key (CMK) with a larger key size.
    • Use more than one customer master key (CMK) to encrypt S3 data.
  11. A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits. What can the Developer implement to improve performance while keeping costs low?

    • Target tracking scaling policy
    • Docker Swarm
    • Service scheduler
    • Step scaling policy
  12. A Developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials. Which AWS service or feature can be used to meet these requirements?

    • AWS IAM
    • Amazon Cognito identity pools
    • Amazon Cognito user pools
    • AWS Directory Service
  13. A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible. What is a viable long-term solution for this scenario?

    • Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in.
    • Save the picture’s S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.
    • Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture.
    • Save the picture’s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.
  14. A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.Which approach will MINIMIZE the average runtime of the function?

    • Deploy the function into multiple AWS Regions.
    • Deploy the function into multiple Availability Zones.
    • Deploy the function using Lambda layers.
    • Deploy the function with its memory allocation set to the maximum amount.
    Explanation:

    Layers let you keep your deployment package small, which makes development easier. You can avoid errors that can occur when you install and package dependencies with your function code.

  15. A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance. The company has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS.

    What should the Developer do to update the application to support data storage in Amazon RDS?

    • Update the database connection parameters in the application to point to the new RDS instance.
    • Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.
    • Create a new EC2 instance with an IAM role that allows access to the new RDS database.
    • Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.
  16. A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.

    Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?

    • dynamodb:DeleteItem
      
      dynamodb:GetItem
      
      dynamodb:PutItem
    • dynamodb:UpdateItem
      
      dynamodb:GetItem
      
      dynamodb:DescribeTable
    • dynamodb:GetRecords
      dynamodb:PutItem
      dynamodb:UpdateTable
    • dynamodb:UpdateItem
      
      dynamodb:GetItem
      
      dynamodb:PutItem
  17. A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom.

    Which encryption option will meet these requirements?

    • Server-side encryption with Amazon S3 managed keys (SSE-S3)
    • Server-side encryption with AWS KMS managed keys (SSE-KMS)
    • Server-side encryption with customer-provided keys (SSE-C)
    • Server-side encryption with self-managed keys
    Explanation:

    Similar to SSE-S3, but with some additional benefits along with some additional charges for using this service. provides you with an audit trail of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key that is unique to you.

  18. A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours.

    Which combination of steps will resolve the latency issue? (Choose two.)

    • Double the Auto Scaling group’s maximum number of servers.
    • Host the application code on AWS Lambda.
    • Scale vertically by resizing the EC2 instances.
    • Create an Amazon CloudFront distribution to cache the static content.
    • Store the application’s static content in Amazon S3.
  19. A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the Developer’s account. The Developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.

    Which logs can the Developer use to verify whether the traffic is reaching subnet B?

    • VPN logs
    • BGP logs
    • VPC Flow Logs
    • AWS CloudTrail logs
  20. A Developer has created a new AWS IAM user that has s3:putObject permission to write to a specific Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.

    How can this issue be resolved?

    • Update the policy of the IAM user to allow the s3:Encrypt action.
    • Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
    • Update the policy of the IAM user to allow the kms:GenerateDataKey action.
    • Update the ACL of the S3 bucket to allow the IAM user to upload objects.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments