DVA-C01 : AWS Certified Developer Associate : Part 13
-
A Developer is building an application that needs to store data in Amazon S3. Management requires that the data be encrypted before it is sent to Amazon S3 for storage. The encryption keys need to be managed by the Security team.
Which approach should the Developer take to meet these requirements?
- Implement server-side encryption using customer-provided encryption keys (SSE-C).
- Implement server-side encryption by using a client-side master key.
- Implement client-side encryption using an AWS KMS managed customer master key (CMK).
- Implement client-side encryption using Amazon S3 managed keys.
-
A Developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error messages. Which steps should the Developer take to resolve the error? (Choose two.)
- Use Auto Scaling to scale the stream for better performance
- Increase the delay between the GetRecords call and the PutRecords call
- Increase the number of shards in the data stream
- Specify a shard iterator using the ShardIterator parameter
- Implement exponential backoff on the GetRecords call and the PutRecords call
-
A Developer is publishing critical log data to a log group in Amazon CloudWatch Logs, which was created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key (CMK) so future data can be encrypted to comply with the company’s security policy.How can the Developer meet this requirement?
- Use the CloudWatch Logs console and enable the encrypt feature on the log group
- Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN)
- Use the KMS console and associate the CMK with the log group
- Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)
-
A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table.What is the MOST secure approach the Developer should take to accomplish this task?
- Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.
- Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.
- Run all code with only AWS account root user access keys to ensure maximum access to services.
- Use an IAM role with Administrator access applied to the EC2 instance.
-
A Developer decides to store highly secure data in Amazon S3 and wants to implement server-side encryption (SSE) with granular control of who can access the master key. Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons. Which solution should be used to meet these requirements?
- SSE with Amazon S3 managed keys (SSE-S3)
- SSE with AWS KMS managed keys (SSE-KMS)
- SSE with AWS Secrets Manager
- SSE with customer-provided encryption keys
-
A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto Scaling group. Which approach will meet these requirements?
- Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.
- Use Amazon S3 and rearchitect the application so all uploads are placed in S3.
- Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).
- Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.
-
A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway and AWS Lambda. The site is showing an error that reads:“No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.”
What should the Developer do to resolve this issue?
- Enable cross-origin resource sharing (CORS) on the S3 bucket.
- Enable cross-origin resource sharing (CORS) for the method in API Gateway
- Add the Access-Control-Request-Method header to the request
- Add the Access-Control-Request-Headers header to the request
-
A Developer is writing an application in AWS Lambda. To simplify testing and deployments, the Developer needs the database connection string to be easily changed without modifying the Lambda code. How can this requirement be met?
- Store the connection string as a secret in AWS Secrets Manager.
- Store the connection string in an IAM user account.
- Store the connection string in AWS KMS.
- Store the connection string as a Lambda layer.
-
A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1,000 transactions per second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes. What is the MOST cost-effective solution?
- Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days.
- Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.
- Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.
- Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
-
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted. What should a Developer do to ensure the data is encrypted on disk without impacting performance?
- Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
- Add logic to write all data to an encrypted Amazon S3 bucket.
- Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
- Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.
-
A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time. Which approach should the Developer use to achieve this goal?
- Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.
- Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.
- Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.
- Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.
-
A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production. How can the Development team add a manual approver to the CI/CD pipeline?
- Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.
- If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy approved commits without interruption.
- Add an approval step to CodeCommit. Commits will not be saved until approved.
- Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.
-
A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method. What needs to be defined to meet this requirement? (Choose two.)
- A Lambda@Edge function
- An Amazon API Gateway with a Lambda function
- An exposed GET method in an Amazon API Gateway
- An exposed GET method in the Lambda function
- An exposed GET method in Amazon Route 53
-
A Developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication. It must also allow access to AWS services, such as Amazon DynamoDB.Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?
- AWS AppSync
- Amazon Cognito identity pools
- Amazon Cognito user pools
- Amazon Lambda@Edge
-
A Developer is trying to monitor an application’s status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.What is causing this issue?
- Sending custom metrics using the CLI is not supported.
- The Developer needs to use the put-metric-data command.
- The Developer must use a unified CloudWatch agent to publish custom metrics.
- The code is not running on an Amazon EC2 instance.
-
A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB.Why is the Lambda function not being invoked?
- A Lambda function cannot be registered as a target for an ALB.
- A Lambda function can be registered with an ALB using AWS Management Console only.
- The permissions to invoke the Lambda function are missing.
- Cross-zone is not enabled on the ALB.
-
A company provides APIs as a service and commits to a service level agreement (SLA) with all its users.To comply with each SLA, what should the company do?
- Enable throttling limits for each method in Amazon API Gateway
- Create a usage plan for each user and request API keys to access the APIs
- Enable API rate limiting in Amazon Cognito for each user
- Enable default throttling limits for each stage after deploying the APIs
-
A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template. How can the application stack refer to the VPC created from the infrastructure template?
- Use the Ref function to import the VPC into the application stack from the infrastructure template.
- Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.
- Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template.
- Use the Fn::GetAtt function to include the attribute of the VPC in the application template.
-
A Developer must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket. How should the Developer meet these requirements?
- Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.
- Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources.
- Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources.
- Create a new user pool, disable authentication access, and grant access to AWS resources.
-
A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking. Which AWS service should the Developer use?
- AWS CodeBuild
- Amazon S3
- AWS CodeCommit
- AWS Cloud9
Subscribe
0 Comments
Newest