DVA-C01 : AWS Certified Developer Associate : Part 20

DVA-C01 : AWS Certified Developer Associate : Part 20

DVA-C01 : AWS Certified Developer Associate : Part 20

  1. A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people.

    How can the developer securely provide temporary access to the objects that are stored in the S3 bucket?

    • Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket’s S3 URL.
    • Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.
    • Set a bucket policy that restricts access after a period of time. Provide the bucket’s S3 URL.
    • Configure static web hosting on the S3 bucket. Provide the bucket’s web URL.

  2. A developer is building an application that processes a stream of user-supplied data. The data stream must be consumed by multiple Amazon EC2 based processing applications in parallel and in real time. Each processor must be able to resume without losing data if there is a service interruption. The Application Architect plans to add other processors in the near future, and wants to minimize the amount data duplication involved.

    Which solution will satisfy these requirements?

    • Publish the data to Amazon SQS.
    • Publish the data to Amazon Kinesis Data Firehose.
    • Publish the data to Amazon CloudWatch Events.
    • Publish the data to Amazon Kinesis Data Streams.

  3. A developer is troubleshooting the permissions of an application that needs to make changes to an Amazon RDS database. The developer has access to the IAM role that the application is using.

    Which command structure should the developer use to test the role permissions?

    • aws sts assume-role
    • aws iam attach-role-policy
    • aws ssm resume-session
    • aws rds add-role-to-db-cluster

  4. An organization is using Amazon API Gateway to provide a public API called “Survey” for collecting user feedback posts about its products. The survey API has “DEV” and “PROD” stages and consists of one resource “/feedback” which allows users to retrieve/create/update single feedback posts.

    A version-controlled Swagger file is used to define a new API that retrieves multiple feedback posts. To add the new API resource “/listFeedbackForProduct” the developer makes changes to the Swagger file defining an API, uploads the file to the organization’s version control system, and uses the API Gateway Import API feature to apply the changes to the Survey API. After successful import, the developer runs the tests against the DEV stage and finds that resource “/listFeedbackForProduct” is not available.

    What is MOST likely the reason for resource not being available?

    • Even though the Swagger import was successful, resource creation failed afterwards.
    • There is a propagation delay of several minutes in creating API Gateway resources after import.
    • The developer needs to restart the API Gateway stage after import in order to apply the changes.
    • The developer needs to create a new deployment after import in order to deploy the changes.

  5. An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The application calls the DynamoDB REST API. Periodically, the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table.

    Which solutions will mitigate this error MOST cost-effectively? (Choose two.)

    • Modify the application code to perform exponential backoff when the error is received.
    • Modify the application to use the AWS SDKs for DynamoDB.
    • Increase the read and write throughput of the DynamoDB table.
    • Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.
    • Create a second DynamoDB table. Distribute the reads and writes between two tables.

  6. A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function.

    How should the developer encrypt this data?

    • Enable Amazon EBS volume encryption with an AWS KMS CMK in the Lambda function configuration so that all storage attached to the Lambda function is encrypted.
    • Set up the Lambda function with a role and key policy to access an AWS KMS CMK. Use the CMK to generate a data key used to encrypt all data prior to writing to /tmp storage.
    • Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp storage.
    • Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function.

  7. A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.

    Which actions should the developer take to increase the processing speed? (Choose two.)

    • Increase the number of shards of the Kinesis data stream.
    • Decrease the timeout of the Lambda function.
    • Increase the memory that is allocated to the Lambda function.
    • Decrease the number of shards of the Kinesis data stream.
    • Increase the timeout of the Lambda function.

  8. A company maintains an application that uses an Amazon RDS DB instance for its database. A developer needs to implement encryption at rest for the database.

    Which combination of steps should the developer take to meet this requirement? (Choose two.)

    • Enable encryption on the DB instance in the AWS Management Console.
    • Stop the DB instance.
    • Restore the DB instance from the encrypted snapshot.
    • Take a snapshot of the DB instance, and create an encrypted copy of the snapshot.
    • Create a customer managed key in AWS Key Management Service (AWS KMS).

  9. A developer is attempting to use the Amazon S3 PutObject API operation to upload an object to an S3 bucket that has default encryption enabled. The developer receives a 400 Bad Request error.

    What is the most likely cause of this error?

    • The API operation cannot access the encryption key.
    • The HTTP Content-Length header is missing.
    • The object exceeds the maximum object size that is allowed.
    • The S3 bucket exceeds the maximum storage capacity that is allowed.