Amazon DVA-C01 Question Answers

What is Amazon DVA-C01?

Amazon DVA-C01 is a necessary certification exam to get certified. The certification is a reward to the deserving candidate with perfect results. The AWS Certified Developer Associate Certification validates a candidate's expertise to work with Amazon. In this fast-paced world, a certification is the quickest way to gain your employer's approval. Try your luck in passing the AWS Certified Developer Associate Exam Exam and becoming a certified professional today. Salesforcexamdumps.com is always eager to extend a helping hand by providing approved and accepted Amazon DVA-C01 Practice Questions. Passing AWS Certified Developer Associate Exam will be your ticket to a better future!

Pass with Amazon DVA-C01 Braindumps!

Contrary to the belief that certification exams are generally hard to get through, passing AWS Certified Developer Associate Exam is incredibly easy. Provided you have access to a reliable resource such as Salesforcexamdumps.com Amazon DVA-C01 PDF. We have been in this business long enough to understand where most of the resources went wrong. Passing Amazon AWS Certified Developer Associate certification is all about having the right information. Hence, we filled our Amazon DVA-C01 Dumps with all the necessary data you need to pass. These carefully curated sets of AWS Certified Developer Associate Exam Practice Questions target the most repeated exam questions. So, you know they are essential and can ensure passing results. Stop wasting your time waiting around and order your set of Amazon DVA-C01 Braindumps now!

We aim to provide all AWS Certified Developer Associate certification exam candidates with the best resources at minimum rates. You can check out our free demo before pressing down the download to ensure Amazon DVA-C01 Practice Questions are what you wanted. And do not forget about the discount. We always provide our customers with a little extra.

Why Choose Amazon DVA-C01 PDF?

Unlike other websites, Salesforcexamdumps.com prioritize the benefits of the AWS Certified Developer Associate Exam candidates. Not every Amazon exam candidate has full-time access to the internet. Plus, it's hard to sit in front of computer screens for too many hours. Are you also one of them? We understand that's why we are here with the AWS Certified Developer Associate solutions. Amazon DVA-C01 Question Answers offers two different formats PDF and Online Test Engine. One is for customers who like online platforms for real-like Exam stimulation. The other is for ones who prefer keeping their material close at hand. Moreover, you can download or print Amazon DVA-C01 Dumps with ease.

If you still have some queries, our team of experts is 24/7 in service to answer your questions. Just leave us a quick message in the chat-box below or email at [email protected].

Question # 1

A developer has created a Java application that makes HTTP requests directly to AWS services. Application logging shows 5xx HTTP response codes that occ irregular intervals. The errors are affecting users. How should the developer update the application to improve the application's resiliency?

A. Revise the request content in the application code. 
B. Use the AWS SDK for Java to interact with AWS APIs. 
C. Scale out the application so that more instances of the application are running. 
D. Add additional logging to the application code. 

Answer : B Show Answer

---

Question # 2

A developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following: • Average item size: 10 KB • Item reads each second: 10 strongly consistent • Item writes each second: 2 transactional Which read and write capacity cost-effectively meets these requirements? 

A. Read 10; write 2 
B. Read 30; write 40 
C. Use on-demand scaling
 D. Read 300; write 400 

Answer : B Show Answer

---

Question # 3

A company is using an Amazon API Gateway REST API endpoint as a webhook lo publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment m a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts How can a developer meet these requirements without changing the configuration of the SCM system? 

A. Deploy the API Gateway REST API to all the required AWS accounts. Use the same custom domain name for all the gateway endpoints so that a single SCM webhook can be used for all events from all accounts. 
B. Deploy the API Gateway REST API to all the receiver AWS accounts Create as many SCM webhooks as the number of AWS accounts. 
C. Grant permission to the central AWS account for EventBridge to access the receiver AWS accounts. Add an EventBridge event bus on the receiver AWS accounts as the targets to the existing EventBridge rule 
D. Convert the API Gateway type from REST API to HTTP API 

Answer : A Show Answer

---

Question # 4

A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types. How can the developer incorporate the list of approved instance types in the CloudFormation template?

 A. Create a separate CloudFormation template for each EC2 instance type in the list 
B. In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list. 
C. In the CloudFormation template, create a separate parameter for each EC2 instance type in the list. 
D. In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues 

Answer : B Show Answer

---

Question # 5

A data-processing application includes an AWS Lambda function that processes data in several steps. Recently, the function has been reaching the Lambda tii A developer wants to use AWS X-Ray to find out how long each step is taking so that the developer can determine which step is causing the timeout. Which combination of actions should the developer take to accomplish this goal? (Select TWO.) 

A. Modify the application to call the PutMetricData API operation after each processing step. Include the time taken in milliseconds. 
B. Use the aws lambda update-function-configuration AWS CLI command to enable active tracing on the Lambda function. 
C. Modify the application to record each processing step in an X-Ray subsegment by using the X-Ray software development kit (SDK). 
D. Add the xray:PutTraceSegments permission and the xray:PutTelemetryRecords permission to the Lambda function's execution role. 
E. Modify the application to put each processing step in a separate Lambda layer. Include all the layers in the Lambda function. 

Answer : B Show Answer

---

Question # 6

A developer is migrating a Windows-based legacy application from on premises to AWS. The application will run on Amazon EC2 instances that run Amazon Linux. The application stores a large number of files in an NFS drive. The migration solution must minimize downtime and application code changes. Which solution should the developer use to migrate the application data? 

A. Create an Amazon S3 bucket. Use the s3 sync command to upload the files to the S3 bucket. 
B. Create an Amazon Elastic Block Store (Amazon E8S) volume. Upload the files to the volume. Attach the volume to the EC2 instances. 
C. Create an Amazon Elastic File System (Amazon EFS) file system. Use AWS DataSync to transfer the files to Amazon EFS. 
D. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from the legacy application. Copy the files to the EFS mount. 

Answer : C Show Answer

---

Question # 7

A developer is writing a web application that allows users to sign in. The application will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances will run in an Auto Scaling group across multiple Availability Zones. How can the developer ensure that users stay signed in when the Auto Scaling group is scaled down? 

A. Enable sticky sessions on the ALB target group. 
B. Create an Amazon DynamoDB table. Configure the application to use the DynamoDB table to store session state such as login status. 
C. Create an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS Multi-Attach to attach the volume to all instances in the Auto Scaling group. Configure the application to use the volume to store session state such as login status. 
D. Enable deregistration delay on the ALB target group. 

Answer : B Show Answer

---

Question # 8

A company is migrating a legacy application to a serverless application on AWS. The legacy application consists of a set of web services that are exposed by a Amazon API Gateway API. A developer needs to replace the existing implementation of web services with AWS Lambda functions. The developer needs to test new version of the" API that uses the functions in production. The developer must minimize the impact of the testing on the application's users. Which solution will meet these requirements? 

A. Create a beta stage for the new version of the API. Send the updated endpoint to the users. 
B. Create a development stage for the new version of the API. Use a canary deployment. 
C. Create a development stage for the new version of the API. Promote a canary release. 
D. Create a deployment stage. Enable mutual TLS for the new version of the API. 

Answer : B Show Answer

---

Question # 9

A company has a serverless application that uses AWS Lambda functions and AWS Systems Manager parameters to store configuration data. The company moves the Lambda functions inside the VPC and into private subnets. The Lambda functions are now producing errors in their attempts to access Systems Manager parameters. Which solution will allow the Lambda functions to access Systems Manager parameters inside the VPC?

 A. Configure security groups to allow access lo Systems Manager. 
B. Create an interface VPC endpoint for Systems Manager. 
C. Use an internet gateway from inside the VPC. 
D. Create a gateway VPC endpoint for Systems Manager.

Answer : B Show Answer

---

Question # 10

A company is building an application for stock trading. The application needs submillisecond latency for processing trade requests. The company uses Amazon DynamoDB to store all the trading data that is used to process each trading request A development team performs load testing on the application and finds that the data retrieval time is higher than expected. The development team needs a solution that reduces the data retrieval time with the least possible effort. Which solution meets these requirements?

 A. Add local secondary indexes (LSIs) for the trading data 
B. Store the trading data in Amazon S3, and use S3 Transfer Acceleration. 
C. Add retries with exponential backoff for DynamoDB queries. 
D. Use DynamoDB Accelerator (DAX) to cache the trading data 

Answer : D Show Answer

---

Question # 11

A company uses the AWS SDK for JavaScript in the Browser to build a web application and then hosts the application on Amazon S3. The company wants the application to support 10,000 users concurrently. The company selects Amazon DynamoDB to store user preferences in a table. There is a requirement to uniquely identify users at any scale. Which solution will meet these requirements?

A. Create a user cookie. Attach an 1AM role to the S3 bucket that hosts the application. 
B. Deploy an Amazon CloudFront distribution with an origin access identity (OAI) to access the S3 bucket. 
C. Configure and use Amazon Cognito. Access DynamoDB with the authenticated users. 
D. Create an IAM user for each user. Use fine-grained access control on the DynamoDB table to control access. 

Answer : C Show Answer

---

Question # 12

A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance. How can the application find this information? 

A. Query the instance metadata from http://169.254.169.254/latest/meta-data/. 
B. Query the instance user data from http://169 254.169.254/latest/user-data/. 
C. Query the Amazon Machine Image (AMI) information from http://169 254.169.254/latesl/meta-data/ami/. 
D. Check the hosts file of the operating system.

Answer : A Show Answer

---

Question # 13

A company has a front-end application that runs on four Amazon EC2 instances behind an Elastic Load Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. A developer needs to deploy and test new application code while updating the Elastic Beanstalk platform from the current version to a newer version of Node.js. The solution must result in zero downtime for the application. Which solution meets these requirements? 

A. Clone the production environment to a different platform version. Deploy the new application code, and test it. Swap the environment URLs upon verification. 
B. Deploy the new application code in an all-at-once deployment to the existing EC2 instances. Test the code. Redeploy the previous code if verification fails. 
C. Perform an immutable update to deploy the new application code to new EC2 instances. Serve traffic to the new instances after they pass health checks 
D. Use a rolling deployment for the new application code. Apply the code to a subset of EC2 instances until the tests pass. Redeploy the previous code if the tests fail. 

Answer : D Show Answer

---

Question # 14

A company is running an application on AWS Elastic Beanstalk in a single-instance environment. The company's deployments must avoid any downtime. Which deployment option will meet these requirements? 

A. All at once
 B. Rolling 
C. Rolling with additional batch 
D. Immutable 

Answer : D Show Answer

---

Question # 15

A company has a serverless application that uses Amazon API Gateway backed by AWS Lambda proxy integration. The company is developing several backend APIs. The company needs a landing page to arovide an overview ol navigation to the APIs. \ developer creates a new /LandingPage resource and a new GET method that uses mock integration. What should the developer do next to meet these requirements?

A. Configure the integration request mapping template with Content-Type of text/html and statusCode of 200. Configure the integration response mapping template with ContentType of application/json. In the integration response mapping template, include the LandingPage HTML code that references the APIs. 
B. Configure the integration request mapping template with Content-Type of application/json. In the integration request mapping template, include the LandingPage HMTL code that references the APIs. Configure the integration response mapping template with Content-Type of text/html and statusCode of 200.
 C. Configure the integration request mapping template with Content-Type of application/json and statusCode of 200. Configure the integration response mapping template with Content-Type of text/html. In the integration response mapping template, include the LandingPage HTML code that references the APIs. 
D. Configure the integration request mapping template with Content-Type of text/html. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content-Type of application/json and statusCode of 200.

Answer : B Show Answer

---

Question # 16

A company is using continuous integral ion/continuous delivery (CI/CD) systems. A that run on premises. Which AWS service should the developer use to meet these requirements? 

A. AWSCIoud9 
B. AWS CodeBuild 
C. AWS Elastic Beanstalk 
D. AWS CodeDeploy 

Answer : D Show Answer

---

Question # 17

A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code. Which combination of actions should the developer take to achieve this goal? (Select TWO.) 

A. Install the Amazon CloudWatch agent on the EC2 instances. 
B. Install the AWS X-Ray daemon on the EC2 instances 
C. Configure the application to write JSON-formatted logs to /var/log/cloudwatch. 
D. Configure the application to write trace data to /var/log/xray. 
E. Install and configure the AWS X-Ray SDK for Python in the application. 

Answer : B,E Show Answer

---

Question # 18

A company has an application that runs on AWS Elastic Beanstalk in a load-balanced environment. The company needs to update the instance types in the environment to a more recent generation of instance types. The company must minimize downtime during the deployment of this configuration change. Which deployment options will meet these requirements? (Choose two.)

 A. Disabled 
B. Rolling based on Health 
C. Immutable 
D. All at once
 E. Canary 

Answer : B,C Show Answer

---

Question # 19

A development team set up a pipeline to launch a test environment. The developers want to automate tests for their application. The team created an AWS CodePipeline stage to deploy the application to a test environment in batches using AWS Elastic Beanstalk. A later CodePipeline stage contains a single action that uses AWS CodeBuild to run numerous automated Selenium-based tests on the deployed application. The team must speed up the pipeline without removing any of the individual tests. Which set of actions will MOST effectively speed up application deployment and testing?

A. Set up an all-at-once deployment in Elastic Beanstalk. Run tests in parallel with multiple CodeBuild actions. 
B. Set up a rolling update in Elastic Beanstalk. Run tests in serial with a single CodeBuild action. 
C. Set up an immutable update in Elastic Beanstalk. Run tests in serial with a single CodeBuild action. 
D. Set up a traffic-splitting deployment in Elastic Beanstalk. Run tests in parallel with multiple CodeBuild actions. 

Answer : A Show Answer

---

Question # 20

A developer wants to migrate a Windows .NET application that is running on IIS with a Microsoft SQL Server database to AWS. The developer does not want to think about provisioning and managing the infrastructure. What should the developer do to migrate the application with the LEAST amount of effort? 

A. Launch Amazon EC2 instances for Windows Server. Back up and restore the database to Amazon RDS. Deploy the web application to the new EC2 instances 
B. Back up and restore the database to Amazon RDS. Use the .NET Migration Assistant for AWS Elastic Beanstalk to migrate the web application to a preconfigured solution stack that Elastic Beanstalk provides. 
C. Migrate the database to Amazon DynamoDB Use Amazon API Gateway and AWS Lambda to create a web application interface that is hosted in an Amazon S3 bucket. 
D. Containerize the application on premises. Push the image to Amazon Elastic Container Registry (Amazon ECR). Create an AWS CloudFormation template to deploy the application

Answer : B Show Answer

---

Question # 21

A developer is exposing an API by using Amazon API Gateway and AWS Lambda as the backend for an application. The developer wants to add validation rules for a POST method to ensure that the data (rom the frontend web form is valid. The validation rules must include mandatory fields, data type, length, and regular expressions. Which solution will meet these requirements? 

A. Create an API Gateway model with schema for data validation. 
B. Create API Gateway HTTP request headers for data validation.
 C. Create API Gateway URL query string parameters for data validation. 
D. Create API Gateway URL path parameters for data validation 

Answer : D Show Answer

---

Question # 22

A developer has built an application running on AWS Lambda using AWS Serverless Application Model (AWS SAM). What is the correct sequence of steps to successfully deploy the application? 

A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS. 
B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3. 
C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use. 
D. 1. Build the SAM template locally. 2 Package the SAM template from AWS CodeCommit. 

Answer : B Show Answer

---

Question # 23

An open-source map application gathers data from several geolocation APIs. The application's source code repository is public and can be used by anyone, but the geolocation APIs must not be directly accessible. A developer must implement a solution to prevent the credentials that are used to access the APIs from becoming public. The solution also must ensure that the application still functions properly. Which solution will meet these requirements MOST cost-effectively?

A. Store the credentials in AWS Secrets Manager. Retrieve the credentials by using the GetSecretValue API operation. 
B. Store the credentials in AWS Key Management Service (AWS KMS). Retrieve the credentials by using the GetPublicKey API operation. 
C. Store the credentials in AWS Security Token Service (AWS STS). Retrieve the credentials by using the GetCallerldentity API operation. 
D. Store the credentials in AWS Systems Manager Parameter Store. Retrieve the credentials by using the GetParameter API operation. 

Answer : D Show Answer

---

Question # 24

An application that is running on Amazon EC2 instances stores data in an Amazon S3 bucket. All the data must be encrypted in transit. How can a developer ensure that all traffic to the S3 bucket is encrypted? 

A. Install certificates on the EC2 instances. 
B. Create a private VPC endpoint. 
C. Configure the S3 bucket with server-side encryption with AWS KMS managed encryption keys (SSE-KMS). 
D. Create an S3 bucket policy that denies traffic when the value for the aws:SecureTransport condition key is false. 

Answer : C Show Answer

---

Question # 25

A company uses Amazon DynamoDB as a data store for its order management system. The company frontend application stores orders in a DynamoDB table. The DynamoDB table is configured to send change events to a DynamoDB stream. The company uses an AWS Lambda function to log and process the incoming orders based on data from the DynamoDB stream. An operational review reveals that the order quantity of incoming orders is sometimes set to 0. A developer needs to create a dashboard that will show how many unique customers this problem affects each day. What should the developer do to implement the dashboard? 

A. Grant the Lambda function's execution role permissions to upload logs to Amazon CloudWatch Logs. Implement a CloudWatch Logs Insights query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1-day periods. Add the CloudWatch Logs Insights query to a CloudWatch dashboard. 
B. Use Amazon Athena to query AWS CloudTrail API logs for API calls. Implement an Athena query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1 -day periods. Add the Athena query to an Amazon CloudWatch dashboard. 
C. Configure the Lambda function to send events to Amazon EventBridge. Create an EventBridge rule that groups the number of unique customers for orders with order quantity equal to 0 in 1 -day periods. Add a CloudWatch dashboard as the target of the rule. 
D. Turn on custom Amazon CloudWatch metrics for the DynamoDB stream of the DynamoDB table. Create a CloudWatch alarm that groups the number of unique customers for orders with order quantity equal to 0 in 1-day periods. Add the CloudWatch alarm to a CloudWatch dashboard. 

Answer : D Show Answer

---

Question # 26

A company that manages movie reviews wants to make its movie review data available to its customers by calling a set of REST web service endpoints. The company will develop the retrieval functionality as AWS Lambda functions and will expose the functionality to customers as an Amazon API Gateway REST API. The company needs to ensure that no consumer exceeds 100 requests a day to the API during the initial deployment. The company decides to use API Gateway API keys to restrict access. The company creates and issues API keys for each customer. What should the company do next to meet these requirements with the LEAST administrative effort?

A. Create a usage plan that applies throttling at 100 requests a day. Associate the usage plan with the API keys of all customers. 
B. Create an Amazon DynamoDB table to track all the requests that use a particular API key. For each request to the API, count the number of records in the DynamoDB table for that day for the API key. If the number of requests is 100 or greater, generate an exception. 
C. Create a usage plan that applies a quota of 100 requests a day. Associate the usage plan with the API keys of all customers. 
D. Create an Amazon Aurora table to track all the requests that use a particular API key. For each request to the API, count the number of records in the Aurora table for that day for the API key. If the number of requests is 100 or greater, generate an exception. 

Answer : C Show Answer

---

Question # 27

A company uses AWS CloudFormation to deploy an application that uses an Amazon API Gateway REST API with AWS Lambda function integration. The application uses Amazon DynamoDB for data persistence. The application has three stages, development, testing, and production. Each stage uses its own DynamoDB table. The company has encountered unexpected issues when promoting changes to the production stage. The changes were successful in the development and testing stages. A developer needs to route 20% of the traffic to the new production stage API with the next production release. The developer needs to route the remaining 80% of the traffic to the existing production stage. The solution must minimize the number of errors that any single customer experiences. Which approach should the developer take to meet these requirements? 

A. Update 20% of the planned changes to the production stage. Deploy the new production stage. Monitor the results. Repeat this process five times to test all planned changes 
B. Update the Amazon Route 53 DNS record entry for the production stage API to use a weighted routing policy Set the weight to a value of 80. Add a second record for the production domain name Change the second routing policy to a weighted routing policy. Set the weight of the second policy to a value of 20. Change the alias of the second policy to use the testing stage API. 
C. Deploy an Application Load Balancer (ALB) in front of the REST API Change the production API Amazon Route 53 record to point traffic to the ALB Register the production and testing stages as targets of the ALB with weights of 80% and 20%. respectively. 
D. Configure canary settings for the production stage API. Change the percentage of traffic directed to canary deployment to 20%. Make the planned updates to the production stage Deploy the changes. 

Answer : B Show Answer

---

Question # 28

A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements? 

A. Use the Amazon CloudWatch Synthetics canary functionality to call the API and check the responses and duration of the request. 
B. Use a custom health check in the API that queries hosts to check the duration of the request. 
C. Implement a custom AWS Lambda function with an Amazon EventBridge event to periodically call the API and check the responses and duration of the request. 
D. Use the built-in API Gateway metrics to monitor the average duration of the API response. 

Answer : A Show Answer

---

Question # 29

A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users. The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error. The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure. Which solution will meet these requirements?

A. Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior’s settings unchanged. 
B. Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to *, and make viewer access restricted. Change the default cache behavior's path pattern to the path of the login page, and make viewer access unrestricted. 
C. Add a second origin as a failover origin to the default cache behavior. Point the failover origin to the S3 bucket. Set the path pattern for the primary origin to * and make viewer access restricted. Set the path pattern for the failover origin to the path of the login page, and make viewer access unrestricted. 
D. Add a bucket policy to the S3 bucket to allow read access. Set the resource on the policy to the Amazon Resource Name (ARN) of the login page object in the S3 bucket. Add a CloudFront function to the default cache behavior to redirect unauthorized requests to the login page’s S3 URI. 

Answer : B Show Answer

---

Question # 30

A movie fan club hosts a serverless web application in an Amazon S3 bucket. The application uses an AWS Lambda function that is exposed by an Amazon API Gateway API. The function queries an Amazon DynamoDB table to list actors sorted by movie. In the DynamoDB table. Actor is the primary key, Movie is the sort key, and Role and Year are attributes. In the web application, a developer wants to add a page that is named Phase 1 that lists only the movies that were released between 2008 and 2012. The developer needs to fetch the Phase 1 items in a way that minimizes the impact on the DynamoDB table. Which solution will meet these requirements? 

A. Create a global secondary index (GSl) with the Year attribute as the sort key. Create a Lambda function to return the results from a new method in the API. 
B. Design a Lambda function that scans the DynamoDB table and filters the results for the Phase 1 items. Invoke the function from a new method in the API. 
C. Use a DynamoDB stream to send items that are filtered by Year to a new DynamoDB table. Invoke a Lambda function from a new method in the API. 
D. Set up an Amazon CloudFront distribution. Create a [email protected] function to filter the items that are returned from the API request. 

Answer : B Show Answer

---

Question # 31

A company manages a financial services application that stores a large volume of data in an Amazon DynamoDB table. A developer needs to improve the performance of the DynamoDB read queries without increasing the cost. Which solution meets these requirements? 

A. Use parallel scans 
B. Add a local secondary index (LSI). 
C. Create a DynamoDB Accelerator (DAX) cluster. 
D. Query with the Projection Expression parameter 

Answer : C Show Answer

---

Question # 32

A developer is troubleshooting a new AWS Lambda function. The function should run automatically each time a new object is uploaded to an Amazon S3 bucket. However, the developer finds that all calls failed before they reached the application code inside the function. Which of the following is a possible reason for this failure?

 A. The function resource policy does not allow access from Amazon S3. 
B. The function execution role does not allow access from Amazon S3. 
C. The function execution role does not allow access to Amazon S3. 
D. The IAM user does not have access to Amazon S3. 

Answer : C Show Answer

---

Question # 33

A developer is implementing an AWS Lambda function that will be invoked when an object is uploaded to Amazon S3. The developer wants to test the Lambda function in a local development machine before publishing the function to a production AWS account. Which solution will meet these requirements with the LEAST operational overhead? 

A. Upload an object to Amazon S3 by using the aws s3api put-object CLI command. Wait for the local Lambda invocation from the S3 event. 
B. Create a sample JSON text file for a put object S3 event. Invoke the Lambda function locally. Use the aws lambda invoke CLI command with the JSON file and Lambda function name as arguments. 
C. Use the sam local start-lambda CLI command lo start Lambda. Use the sam local generate-event s3 put CLI command to create the Lambda test JSON file. Use the sam local invoke CLI command with the JSON file as the argument to invoke the Lambda function. 
D. Create a JSON string for the put object S3 event. In the AWS Management Console, use the JSON string to create a test event for the local Lambda function. Perform the test. 

Answer : D Show Answer

---

Question # 34

A company has an application that provides blog hosting services to its customers. The application includes an Amazon DynamoDB table with a primary key The primary key consists of the customers' UserName as a partition key and the NumberOIBIogs as a sort key. The application stores the TotalReactionsOnBlogs as an attribute on the same DynamoDB table. A developer needs to implement an operation to retrieve the top 10 customers based on the greatest number of reactions on their blogs This operation must not consume the DynamoDB table's existing read capacity. What should the developer do to meet these requirements in the MOST operationally efficient manner?

A. For the existing DynamoDB table, create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. 
B. For the existing DynamoDB table, create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key
C. Back up and restore the DynamoDB table to a new DynamoDB table Create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key Delete the old DynamoDB table 
D. Back up and restore the DynamoDB table to a new DynamoDB table. Create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. Delete the old DynamoDB table. 

Answer : B Show Answer

---

Question # 35

A developer needs to secure the static assets in a company's Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company has an Amazon CtoudFront distribution that serves the S3 bucket's assets to the public. The developer has already created the origin access identity (OAI) and has associated the OAI with the distribution. The developer must write a bucket policy that allows only the CloudFront distribution to access the S3 bucket Which policy will meet this requirement MOST securely? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Answer : C Show Answer

---

Question # 36

A company is building a serverless application that uses AWS Lambda. The application includes Lambda functions that are exposed by Amazon API Gateway The functions will use several large third-party libraries, and the build artifacts will exceed 50 MB in size. Which combination of steps should a developer take to prepare and perform the deployment? (Select TWO.) 

A. Issue the aws lambda update-function-code CLI command with the -zip-file fileb://myfunction.zip parameter 
B. Upload the build artifact to Amazon S3. 
C. Issue the aws cloudformation package CLI command. 
D. Issue the aws lambda update-function-code CLI command with the -s3-bucket and -s3- key parameters. 
E. Issue the aws lambda update-function-code CLI command with a parameter that points to the source code in AWS CodeCommit. 

Answer : B,D Show Answer

---

Question # 37

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct 1AM policy already exists. What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table? 

A. Attach the existing IAM policy to the Lambda function. 
B. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function. 
C. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function. 
D. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function. 

Answer : B Show Answer

---

Question # 38

A media company wants to test its web application more frequently. The company deploys the application by using a separate AWS CloudFormation stack for each environment. The same CloudFormation template is deployed to each stack as the application progresses through the development lifecycle. A developer needs to build an automated alert for the quality assurance (QA) team. The developer wants the alert to occur for new deployments in the final pre-production environment. Which solution will moot these requirements?

A. Create an Amazon Simple Notification Service (Amazon SNS) topic. Add a subscription to notify the QA team. Update the CloudFormation stack options to point to the SNS topic in the pro-production environment. Most Voted 
B. Create an AWS Lambda function that notifies the QA team. Create an Amazon EventBridge rule to invoke the Lambda function on the default event bus. Filter the events on the CloudFormation service and the CloudFormation stack Amazon Resource Name (ARM). 
C. Create an Amazon CloudWatch alarm that monitors the metrics from CloudFormation. Filter the metrics on the stack name and the stack status. Configure the alarm to notify the QA team. 
D. Create an AWS Lambda function that notifies the QA team. Configure the event source mapping to receive events from CloudFormation. Specify the filtering values to limit invocations to the desired CloudFormation stack.

Answer : A Show Answer

---

Question # 39

A developer needs to deploy an application to AWS Elastic Beanstalk for a company. The application consists of a single Docker image. The company's automated continuous integration and continuous delivery (CI/CD) process builds the Docker image and pushes the image to a public Docker registry. How should the developer deploy the application to Elastic Beanstalk? 

A. Create a Dockerfile. Configure Elastic Beanstalk to build the application as a Docker image. 
B. Create a docker-compose.yml file. Use the Elastic Beanstalk CLI to deploy the application. 
C. Create a .zip file that contains the Docker image. Upload the .zip file to Elastic Beanstalk. 
D. Create a Dockerfile. Run the Elastic Beanstalk CLI eb local run command in the same directory. 

Answer : B Show Answer

---

Question # 40

A developer is writing a new web application that will be deployed and managed with AWS Elastic Beanstalk. The application will include an Amazon RDS DB instance. What steps should the developer take to access the RDS DB instance from the code? (Select TWO.) 

A. Modify the endpoint name using either the AWS Management Console or AWS CLI 
B. Upload the driver to Amazon S3 and reference it in the code 
C. Download the appropriate database driver and include it with the application. 
D. Construct a connection string using the Elastic Beanstalk environment variables 
E. Create a CNAME record referencing database instances ALIAS. 

Answer : C,D Show Answer

---

Question # 41

\ developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that un behind an Amazon API Gateway HTTP API. rhe developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities. Which solution will meet these requirements? 

A. Create Amazon Cognito user pools for external social identity providers. Configure 1AM roles for the identity pools. 
B. Program the sign-in page to create users' 1AM groups with the 1AM roles attached to the groups. 
C. Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS. 
D. Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached 1AM policy. 

Answer : A Show Answer

---

Question # 42

A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application. Which solution meets these requirements? 

A. Add the permissions to an 1AM policy. Attach the policy to a role Attach the role to the EC2 instance profile. 
B. Add the permissions inline to an 1AM group. Attach the group to the EC2 instance profile. 
C. Add the permissions to an 1AM policy. Attach the policy to a user Attach the user to the EC2 instance profile. 
D. Add the permissions to an 1AM policy. Use 1AM web identity federation to access the S3 bucket with the policy 

Answer : A Show Answer

---

Question # 43

Which solution will meet these requirements? 

A. Build the container from the amazon/aws-xray-daemon base image. Use the AWS XRay SDK to instrument the application.
B. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the microservices. 
C. Install the AWS X-Ray daemon on each of the ECS instances. 
D. Configure AWS CloudTrail data events to capture the traffic between the microservices. 

Answer : C Show Answer

---

Question # 44

A company that has multiple offices uses an Amazon DynamoDB table to store employee payroll information. Item attributes consist of employee names, office identifiers, and cumulative daily hours worked. The most frequently used query extracts a report of an alphabetical subset of employees for a specific office. Which design of the DynamoDB table primary key will have the MINIMUM performance impact? 

A. Partition key on the office identifier and sort key on the employee name
B. Partition key on the employee name and sort key on the office identifier 
C. Partition key on the employee name 
D. Partition key on the office identifier 

Answer : B Show Answer

---

Question # 45

A developer is creating a web application that collects highly regulated and confidential user data through a POST request. The web application is served through Amazon CloudFront. User names and phone numbers must be encrypted at the edge and must remain encrypted throughout the entire application stack. What is the MOST secure way to meet these requirements?

A. Enforce Match Viewer with HTTPS Only on CloudFront. 
B. Use only the newest TLS security policy on CloudFront.
C. Enforce a signed URL on CloudFront on the front end. 
D. Use field-level encryption on CloudFront. 

Answer : D Show Answer

---

Question # 46

A developer is writing an application that stores data in an Amazon DynamoDB table by using the Putltem API operation. The table has a partition key of streamlD and has a sort key of seqlD. The developer needs to make sure that the Putltem invocation does not overwrite the existing partition key and sort key. Which condition expression will maintain the uniqueness of the partition key and the sort key?

A. Option A 
B. Option B 
C. Option C 
D. Option D

Answer : A Show Answer

---

Question # 47

A developer is debugging an AWS Lambda function behind an Amazon API Gateway. Whenever the API Gateway endpoint is called, HTTP status code 200 is returned even though AWS Lambda is recording a 4xx error. What change needs to be made to return a proper error code through the API Gateway?  

A. Enable CORS in the API Gateway method settings. 
B. Use a Lambda proxy integration to return HTTP codes and headers. 
C. Enable API Gateway error pass-through. 
D. Return the value in the header X-Amzn-ErrorType. 

Answer : B Show Answer

---

Question # 48

A company must encrypt sensitive data that the company will store in Amazon S3. A developer must retain total control over the company's AWS Key Management Service (AWS KMS) key and the company’s data keys. The company currently uses an onpremises hardware security module (HSM) solution. The company wants to move its key management onto AWS. Which solution will meet these requirements?

A. Implement server-side encryption with AWS KMS managed keys (SSE-KMS). Use AWS CloudHSM to generate the KMS key and data keys to use with AWS KMS. 
B. Implement server-side encryption with customer-provided encryption keys (SSE-C). Use AWS CloudHSM to generate the KMS key and manage the data keys that the company will use to read and write objects to Amazon S3. 
C. Implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use AWS CloudHSM to generate the KMS key and manage the data keys that the company will use to read and write objects to Amazon S3. 
D. Implement server-side encryption with AWS KMS managed keys (SSE-KMS). Use the AWS KMS custom key store feature to manage the data keys. Then read or write objects to Amazon S3 as normal. 

Answer : D Show Answer

---

Question # 49

A developer at a company recently created a serverless application to process and show data from business reports. The application's user interface (Ul) allow users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with A Lambda functions "to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the Ul. The company's Ul team reports that the request to process a file is often returning timeout errors because of the size or complexity of the files. The Ul team w< API to provide an immediate response so that the Ul can display a message while the files are being processed. The backend process that is invoked by the A needs to send an email message when the report processing is complete. What should the developer do to configure the API to meet these requirements? 

A. Change the API Gateway route to add an X-Amz-lnvocation-Type header with a static value of 'Event' in the integration request. Deploy the API Gatt stage to apply the changes. 
B. Change the configuration of the Lambda function that implements the request to process a file. Configure the maximum age of the event so that the Lambda function will run asynchronously. 
C. Change the API Gateway timeout value to match the Lambda function timeout value. Deploy the API Gateway stage to apply the changes. 
D. Change the API Gateway route to add an X-Amz-Target header with a static value of 'Async' in the integration request. Deploy the API Gateway stag apply the changes. 

Answer : A Show Answer

---

Question # 50

A developer notices timeouts from the AWS CLI when the developer runs list commands. What should the developer do to avoid these timeouts?

A. Use the -page-size parameter to request a smaller number of items. 
B. Use shorthand syntax to separate the list by a single space. 
C. Use the yaml-stream output for faster viewing of large datasets. 
D. Use quotation marks around strings to enclose data structure. 

Answer : A Show Answer

---

Question # 51

A developer is monitoring an application that runs on an Amazon EC2 instance. The developer has configured a custom Amazon CloudWatch metric with d#ta granularity of 1 second. If any issues occur, the developer wants to be notified within 30 seconds by Amazon Simple Notification Service (Amazon SNS). What should the developer do to meet this requirement?

A. Configure a high-resolution CloudWatch alarm. 
B. Set up a custom CloudWatch dashboard. .
C. Use Amazon CloudWatch Logs Insights
D. Change to a default CloudWatch metric. 

Answer : D Show Answer

---

Question # 52

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application. Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket? 

D. 

Answer : D Show Answer

---

Question # 53

A company is creating a continuous integration and continuous delivery (CI/CD) process by using AWS CodePipeline for its application on AWS The CI/CD process will pull code from an AWS CodeCommit repository, create the application infrastructure by using AWS Cloud Formation, deploy the frontend code to an Amazon S3 bucket that is configured for static website hosting, and deploy the application backend on an Amazon Elastic Container Service (Amazon ECS) cluster. A developer needs to create a new CodePipeline stage that creates the application infrastructure. Which solution will meet these requirements with the LEAST operational overhead? 

A. Create a new action with AWS Lambda as the action provider Create a Lambda function that makes an AWS SDK API call to create the CloudFormation stack 
B. Create a new action with CloudFormation as the action provider Set the action mode to CREATE UPDATE Target the CloudFormation stack to be launched. 
C. Create a new action with Jenkins as the action provider. Create and configure a Jenkins job to make an API call by using the AWS CLI to create the CloudFormation stack. 
D. Create a new action with AWS CodeBuikl as the action provider Configure the buildspec to make an API call by using the AWS CLI to create the CloudFormation stack 

Answer : D Show Answer

---

Question # 54

A developer uses server-side encryption with Amazon S3 managed encryption keys (SSES3) to store data in Amazon S3. The developer needs to decrypt and download the encrypted objects by using the GetObject API call. What is the LEAST amount of information that the developer must provide in the API call to meet this requirement? 

A. The S3 object key only 
B. The S3 object key and the encryption key 
C. The S3 object key and the Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) key 
D. The S3 object key and a randomly salted Hash-based Message Authentication Code (HMAC) value of the encryption key

Answer : A Show Answer

---

Question # 55

A developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group. The developer wants to externalize the session state to support the application. Miich AWS services or resources can the developer use to meet these requirements? (Select TWO.) A. Amazon DynamoDB 

B. Amazon Cognito
C. Amazon ElastiCache 
D. Application Load Balancer 
E. Amazon Simple Queue Service (Amazon SQS) 

Answer : A,C Show Answer

---

Question # 56

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company I up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement? 

A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway to invoke the function. Call the API from the client side when login confirmation is received. 
B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function. 
C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status. 
D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and it send the email notification based on the login status of each user. 

Answer : C Show Answer

---

Question # 57

A company is hosting a workshop for external users and wants to share the reference documents with the external users for 7 days. The company stores the reference documents in an Amazon S3 bucket that the company owns. What is the MOST secure way to share the documents with the external users? 

A. Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days. 
B. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users. 
C. Create temporary 1AM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the credentials after 7 days. 
D. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users. 

Answer : A Show Answer

---

Question # 58

A developer has an application that is composed of many different AWS Lambda functions. The Lambda functions all use some of the same dependencies. To avoid security issues, the developer is constantly updating the dependencies of all of the Lambda functions. The result is duplicated effort for each function. Now can the developer keep the dependencies of the Lambda functions up to date with the LEAST additional complexity? 

A. Define a maintenance window for the Lambda functions to ensure that the functions get updated copies of the dependencies. 
B. Upgrade the Lambda functions to the most recent runtime version. 
C. Define a Lambda layer that contains all of the shared dependencies. 
D. Use an AWS CodeCommit repository to host the dependencies in a centralized location. 

Answer : C Show Answer

---

Question # 59

A developer deploys a custom application to three Amazon EC2 instances. The application processes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue with default settings. When the developer runs a load test on the Amazon SQS queue, the developer discovers that the application processes many messages multiple times. How can the developer ensure that the application processes each message exactly once?

A. Modify the SQS standard queue to an SQS FIFO queue. 
B. Process the messages on one EC2 instance instead of three instances. 
C. Create a new SQS FIFO queue. Point the application to the new queue.
D. Increase the DelaySeconds value on the current SQS queue. 

Answer : C Show Answer

---

Question # 60

A distributed application includes an AWS Lambda function that runs successfully in the DEV environment with 128 MB of memory assigned. The same function is failing in the TEST environment. The developer is monitoring the application using AWS X-Ray, but the Lambda function cannot be seen on the X-Ray service graph. The Lambda execution role has AWS X-Ray permissions What is the MOST LIKELY cause for AWS X-Ray not showing any data for the Lambda function? 

A. The AWS SDK needs to be included in the AWS Lambda deployment package. 
B. VPC Flow Logs are not enabled for the application VPC. 
C. Active tracing needs to be enabled for the Lambda function 
D. The memory needs to be increased to 2 GB for the TEST environments. 

Answer : C Show Answer

---

Question # 61

A company is developing a microservice that will manage customer account data in an Amazon DynamoDB table. Insert, update, and delete requests will be rare. Read traffic will be heavy. The company must have the ability to access customer data quickly by using a customer ID. The microservice can tolerate stale data. Which solution will meet these requirements with the FEWEST possible read capacity units (RCUs)?

A. Read the table by using eventually consistent reads. 
B. Read the table by using strongly consistent reads. 
C. Read the table by using transactional reads. 
D. Read the table by using strongly consistent PartiQL queries. 

Answer : A Show Answer

---

Question # 62

A company requires objects that are stored in Amazon S3 to be encrypted The company is currently using server-side encryption with AWS KMS managed encryption keys (SSEKMS) A developer needs to optimize the cost-effectiveness of the encryption mechanism without negatively affecting performance What should the developer do to meet these requirements? 

A. Change the encryption type to customer-provided keys. 
B. Configure the SJ bucket to use an S3 Bucket Key for SSE-KMS 
C. Use S3 bucket policies to limit the principals who can create objects 
D. Use a custom policy to limit the number of AWS KMS calls that are allowed 

Answer : B Show Answer

---

Question # 63

A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people. How can the deveioper securely provide temporary access to the objects that are stored in the S3 bucket? 

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket's URL. 
B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL. 
C. Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL. 
D. Configure static web hosting on the S3 bucket. Provide the bucket's web URL. 

Answer : B Show Answer

---

Question # 64

A developer is deploying a company's application to Amazon EC2 instances. The application generates gigabytes of data files each day. The files are rarely accessed, but the files must be available to the application’s users within minutes of a request during the first year of storage. The company must retain the files for 7 years. How can the developer implement the application to meet these requirements MOST costeffectively?

A. Store the files in an Amazon S3 bucket Use the S3 Glacier Instant Retrieval storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Deep Archive storage class after 1 year. 
B. Store the files in an Amazon S3 bucket. Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Flexible Retrieval storage class after 1 year. 
C. Store the files on an Amazon Elastic Block Store (Amazon EBS) volume. Use Amazon Data Lifecycle Manager (Amazon DLM) to create snapshots of the EBS volumes and to store those snapshots in Amazon S3. 
D. Store the files on an Amazon Elastic File System (Amazon EFS) mount. Configure EFS lifecycle management to transition the files to the EFS Standard-Infrequent Access (Standard-IA) storage class after 1 year.

Answer : A Show Answer

---

Question # 65

A developer is working on an application that is deployed on an Amazon EC2 instance. The application needs to transfer a file to an Amazon S3 bucket. What should the developer do to authenticate the application's access to the S3 bucket in the MOST secure way? 

A. Create an access key for an IAM user. Store the access key in the application's environment variables. 
B. Create an IAM role. Create an access key for the role. Store the access key in the application's environment variables. 
C. Associate an IAM role with the EC2 instance. Use the instance metadata service to retrieve the credentials. 
D. Configure a bucket policy for the S3 bucket. Allow access from the EC2 instance ID in the bucket policy.

Answer : B Show Answer

---

Question # 66

A company has a serverless application that uses AWS Lambda functions and AWS Systems Manager parameters to store configuration data. The company....... the Lambda functions inside the VPC and into private subnets. The Lambda functions are now producing errors in their attempts to access Systems Manager parameters. Which solution will allow the Lambda functions to access Systems Manager parameters inside the VPC? 

A. Configure security groups to allow access to Systems Manager. 
B. Create an interface VPC endpoint for Systems Manager. 
C. Use an internet gateway from inside the VPC. 
D. Create a gateway VPC endpoint for Systems Manager. 

Answer : B Show Answer

---

Question # 67

A business intelligence application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. Application-level audits require a searchable log of all API calls from users to the application. The application’s developers must store the logs centrally on AWS. Which solution will meet these requirements?

A. Install the Amazon CloudWatch agent on the Amazon EC2 host that runs Fargate. 
B. Configure the awslogs log driver in the ECS task definition. 
C. Configure AWS CloudTrail for the ECS containers. 
D. Install the ECS logs collector on the ECS hosts. 

Answer : B Show Answer

---

Question # 68

A developer is using AWS CodeDeploy to automate a company's application deployments to Amazon EC2. Which application specification file properties are required to ensure the software deployments do not fail? {Select TWO.)

A. The file must be a JSON-formatted file named appspec.json. 
B. The file must be a YAML-formatted file named appspec.yml
 C. The file must be stored in AWS CodeBuikJ and referenced from the application's source code. 
D. The file must be placed in the root of the directory structure of the application's source code. 
E. The file must be stored in Amazon S3 and referenced from the application's source code. 

Answer : B,D Show Answer

---

Question # 69

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket. Which solution will meet this requirement with the LEAST application disruption?

A. Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance. 
B. Add the permission to the role so that the change will take effect automatically. 
C. Add the permission to the role. Hibernate and restart the existing EC2 instance. 
D. Add the permission to the S3 bucket. Restart the EC2 instance. 

Answer : B Show Answer

---

Question # 70

An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application. Which HTTP header should the developer use for this analysis?

A. The X-Forwarded-Proto header 
B. The X-Forwarded-Host header 
C. The X-Forwarded-For header
D. The X-Forwarded-Port header 

Answer : C Show Answer

---

Question # 71

A developer is creating a Java application that will store sensitive data in an Amazon DynamoDB table. The data must be encrypted at all times. How can the developer meet this requirement?

A. Enable encryption at rest by using an AWS Key Management Service (AWS KMS) AWS owned key for the DynamoDB table. 
B. Enable encryption at rest by using an AWS Key Management Service (AWS KMS) customer managed key for the DynamoDB table.
 C. Implement client-side encryption in the application code by using the DynamoDB Encryption Client.
 D. Use an HTTPS connection to encrypt data in transit. 

Answer : C Show Answer

---

Question # 72

A security review for a software company's application infrastructure shows that there is no test coverage in any of the company's deployment pipelines. A developer must fix this issue as soon as possible. The company has been integrating the AWS Cloud Development Kit (AWS CDK) into the deployment process. However, much of the pipeline still uses AWS CloudFormation templates. The developer needs to add test coverage to all the deployment code. Which solution will meet these requirements with the LEAST amount of configuration? 

A. Write unit tests by using the AWS CDK assertions module. Create CloudFormation template instances by using the module's Template class for the existing CloudFormation templates and the module's Capture class for the CDK stacks. 
B. Write unit tests by using the AWS CDK assertions module. Create CloudFormation template instances by using the module's Template.fromStringO method for the existing CloudFormation templates and the module's Template fromStackQ method for the CDK stacks. 
C. Convert the CloudFormation templates into CDK stacks by using the AWS CDK Cfnlnclude construct. Write unit tests against the templates by using CloudFormation rule assertions. 
D. Convert the CDK stacks into CloudFormation templates by using the AWS CDK Cfnlnclude construct Write unit tests against the templates by using CloudFormation rule assertions

Answer : A Show Answer

---

Question # 73

A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards. Which caching strategy will meet these requirements? 

A. A read-through cache 
B. A write-behind cache 
C. A lazy-loading cache 
D. A write-through cache

Answer : D Show Answer

---

Question # 74

A team of developers is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process. Which solution will meet this requirement with the LEAST operational effort?

A. Write a Git pre-commit hook that runs the tests before every commit. Ensure that each developer who is working on the project has the pre-commit hook installed locally. Review the test report and resolve any issues before pushing changes to AWS CodeCommit. 
B. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage after the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues. 
C. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage before the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues. 
D. Add a new stage to the pipeline. Use Jenkins as the provider. Configure CodePipeline to use Jenkins to run the unit tests. Write a Jenkinsfile that fails the stage if any test does not pass. Use the test report plugin for Jenkins to integrate the report with the Jenkins dashboard. View the test results in Jenkins. Resolve any issues. 

Answer : C Show Answer

---

Question # 75

A developer is creating a serverless application that uses an AWS Lambda function. The developer will use AWS Cloud Formation to deploy the application. The application will write logs to Amazon 3loudWatch Logs. The developer has created a log group in a Cloud Format ion template for the application to use. The developer needs to modify the CloudFormation template to make the name of the log [jroup available to the application at runtime. Which solution will meet this requirement?

A. Use the AWS:: Include transform in CloudFormation to provide the log group's name to the application. 
B. Pass the log group's name to the application in the user data section of the CloudFormation template.
C. Use the CloudFormation template's Mappings section to specify the log group's name for the application. 
D. Pass the log group's Amazon Resource Name (ARN) as an environment variable to the Lambda function. 

Answer : C Show Answer

---

Question # 76

A developer is creating a serverless orchestrator that performs a series of steps to processes incoming loT data. The orchestrator transforms the data, performs a series of calculations, and stores the results in Amazon DynamoDB. The entire process is completed in less than a minute. The orchestrator must process tens of thousands of transactions each second. The orchestrator must not miss a transaction and must process each transaction at least once. Which solution will meet these requirements MOST cost-effectively?

A. Use Amazon Simple Notification Service (Amazon SNS) to process the data through an HTTP or HTTPS endpoint. 
B. Use AWS Step Functions to process the data as Standard Workflows. 
C. Use AWS Step Functions to process the data as Synchronous Express Workflows. 
D. Use AWS Step Functions to process the data as Asynchronous Express Workflows. 

Answer : D Show Answer

---

Question # 77

A company's security policies require all database passwords to be rotated every 30 days The company uses different database platforms, including Amazon Aurora databases and proprietary NoSQL document databases, for different applications A developer needs to implement a solution for password rotation Which solution will meet these requirements? 

A. Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Secrets Manager Configure Secrets Manager to rotate the password by using the Lambda function 
B. Encrypt the existing password with AWS Key Management Service (AWS KMS) Export the existing password Generate a random password with AWS KMS Use the AWS KMS password renewal feature to replace the existing password with the new password. 
C. Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Systems Manager Parameter Store Configure Parameter Store to rotate the password by using the Lambda function 
D. Integrate AWS Systems Manager Parameter Store with a Key Management Interoperability Protocol (KMIP)-compliant third-party secret manager to enable third-party database password rotation on AWS 

Answer : C Show Answer

---

Question # 78

A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application. The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices. Which solution will meet these requirements MOST cost-effectively?  

A. Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies. 
B. Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies. 
C. Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data. 
D. Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies. 

Answer : B Show Answer

---

Question # 79

A company is running its website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. A developer needs to secure the internet-facing connection with HTTPS. The developer uses AWS Certificate Manager (ACM) to issue an X.509 certificate. What should the developer do to secure the connection?

A. Configure the ALB to use the X.509 certificate by using the AWS Management Console. 
B. Configure each EC2 instance to use the same X.509 certificate by using the AWS Management Console. 
C. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure each EC2 instance to use the same X.509 certificate from the S3 bucket. 
D. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure the ALB to use the X.509 certificate from the S3 bucket. 

Answer : A Show Answer

---

Question # 80

What are the MINIMUM properties required in the resources section of the AppSpace file for CodeDeploy to deploy the ECS service successfully? 

A. name, alias, currentversion, and targetversion 
B. TaskDefinition, ContainerName, and PlartformVersion 
C. TaskDefinitionContainerName, ContainerPort 
D. name, Currentversion, NetworkConfiguration, and Platform Version 

Answer : A Show Answer

---

Question # 81

A developer created a web API that receives requests by using an internet-facing Application Load Balancer (ALB) with an HTTPS listener. The developer configures an Amazon Cognito user pool and wants to ensure that every request to the API is authenticated through Amazon Cognito. What should the developer do to meet this requirement? 

A. Add a listener rule to the listener to return a fixed response if the Authorization header is missing. Set the fixed response to 401 Unauthorized.
 B. Create an authentication action for the listener rules of the ALB. Set the rule action type to authenticate-cognito Set the OnUnauthenticatedRequest field to "deny." 
C. Create an Amazon API Gateway API. Configure all API methods to be forwarded to the ALB endpoint. Create an authorizer of the COGNITO_USER_POOLS type. Configure every API method to use that authorizer. 
D. Create a new target group that includes an AWS Lambda function target that validates the Authorization header by using Amazon Cognito. Associate the target group with the listener. 

Answer : C Show Answer

---

Question # 82

A developer wants to implement authentication using Amazon Cognito user pools for an existing API in Amazon API Gateway. After creating the Amazon Cognito user pool, the developer tests the GET request to the API. Unauthenticated requests to the API return a 200 OK status response. Which combination of additional steps are required to complete the authentication implementation? (Select TWO.)

A. Create an Amazon Cognito authonzer in API Gateway and specify the Amazon Cognito user pool. 
B. Create an AWS Lambda authorizer in API Gateway and specify the Amazon Cognito user pool. 
C. Specify the authofizer in the GET method section of API Gateway and redeploy the API. 
D. Use Amazon Cognito user pools to make and authenticate the request to API Gateway. 
E. Create an Amazon Cognito authorizer in API Gateway and specify the Amazon Cognito identity pool. 

Answer : A,D Show Answer

---

Question # 83

A developer is writing an AWS Lambda function. The Lambda function needs to access items that are stored in an Amazon DynamoDB table. What is the MOST secure way to configure this access for the Lambda function?

A. Create an IAM user that has permissions to access the DynamoDB table. Create an access key for this user. Store the access key ID and secret...... key in the Lambda function environment variables. 
B. Add a resource-based policy to the DynamoDB table to allow access from the Lambda function's IAM role. 
C. Create an IAM policy that allows access to the DynamoDB table. Attach this policy to the Lambda function's 1AM role. 
D. Create a DynamoDB Accelerator (DAX) cluster. Configure the Lambda function to use the DAX cluster to access the DynamoDB table. 

Answer : A Show Answer

---

Question # 84

A developer has an application container, an AWS Lambda function, and an Amazon Simple Queue Sen/ice (Amazon SOS) queue. The Lambda function uses the SOS queue as an event source. The Lambda function makes a call to a third-party machine learning API when the function is invoked. The response from the third-party API can take up to 60 seconds to return. the Lambda function's timeout value is currently 65 seconds. The developer has noticed that the Lambda function sometimes processes duplicate messages from the SOS queue. What should the developer do to ensure that the Lambda function does not process duplicate messages?

A. Configure the Lambda function with a larger amount of memory.
B. Configure an increase in the Lambda function's timeout value.
 C. Configure the SOS queue's delivery delay value to be greater than the maximum time it takes to call the third-party API. 
D. Configure the SOS queue's visibility timeout value to be greater than the maximum time it takes to call the third-party API. 

Answer : A Show Answer

---

Question # 85

A developer is migrating a legacy monolithic application to AWS and wants to convert the application's internal processes to microservices The application's internal processes communicate through internal asynchronous messaging Occasionally messages need to be reprocessed by multiple microservices How should the developer migrate the application's internal messaging to AWS to meet these requirements?

A. Use Amazon Simple Queue Service (Amazon SQS) queues to communicate messages between the microservices 
B. Use Amazon API Gateway to provide REST interfaces between the microservices 
C. Use Amazon Kinesis Data Streams to communicate messages between the microservices
 D. Use Amazon API Gateway to provide WebSocket APIs between the microservices. 

Answer : A Show Answer

---

Question # 86

A developer is migrating to Amazon Cognito from a custom user management solution that stores user information in a database. The developer has created a…… Amazon Cognito user pool. The developer needs to migrate the existing user information to the user pool without forcing users to change their passwords. Which solution will meet these requirements?

A. Import users from a .csv file. 
B. Add an OpenID Connect (OIDC) identity provider to the user pool. 
C. Import users from a .json file. 
D. Import users with a user migration AWS Lambda trigger. 

Answer : B Show Answer

---

Question # 87

A company is expanding the compatibility of its photo-sharing mobile app to hundreds of additional devices with unique screen dimensions and resolutions. Ph are stored in Amazon S3 in their original format and resolution. The company uses an Amazon CloudFront distribution to serve the photos. The app includes th dimension and resolution of the display as GET parameters with every request. A developer needs to implement a solution that optimizes the photos that are served to each device to reduce load time and increase photo quality. Which solution will meet these requirements MOST cost-effectively?

A. Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Cr........dynamic CloudFront origin that automatically maps the request of each device to the corresponding photo variant. 
B. Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Cre;..... [email protected] function to route requests to the corresponding photo variant by using request headers. 
C. Create a [email protected] function that optimizes the photos upon request and returns the photos as a response. Change the CloudFront TTL cache policy to the maximum value possible. 
D. Create a [email protected] function that optimizes the photos upon request and returns the photos as a response. In the same function, store a copy to processed photos on Amazon S3 for subsequent requests. 

Answer : C Show Answer

---

Question # 88

A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWS Lambda function. What can a developer do to ensure that only trusted code is deployed to Lambda? 

A. Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to the Lambda package before deploying the package to Lambda 
B. Define the code signing configuration in the Lambda console Use AWS Signer to digitally sign the Lambda package before deploying the package to Lambda 
C. Link Lambda to AWS Key Management Service (AWS KMS) in the Lambda console. Use AWS KMS to digitally sign the Lambda package before deploying the package to Lambda. 
D. Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of a trusted key before deploying the package to Lambda. 

Answer : B Show Answer

---

Question # 89

A developer is designing a serverless application that customers use to select seats for a concert venue. Customers send the ticket requests to an Amazon API Gateway API with an AWS Lambda function that acknowledges the order and generates an order ID. The application includes two additional Lambda functions: one for inventory management and one for payment processing. These two Lambda functions run in parallel and write the order to an Amazon Dynamo DB table. The application must provide seats to customers according to the following requirements. If a seat is accidently sold more than once, the first order that the application received must get the seat. In these cases, the application must process the payment for only the first order. However, if the first order is rejected during payment processing, the second order must get the seat. In these cases, the application must process the payment for the second order. Which solution will meet these requirements? 

A. Send the order ID to an Amazon Simple Notification Service (Amazon SNS) FIFO topic that fans out to one Amazon Simple Queue Service (Amazon SQS) FIFO queue for inventory management and another SQS FIFO queue for payment processing. 
B. Change the Lambda function that generates the order ID to initiate the Lambda function for inventory management. Then initiate the Lambda function for payment processing. 
C. Send the order ID to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the Lambda functions for inventory management and payment processing to the topic. 
D. Deliver the order ID to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the Lambda functions for inventory management and payment processing to poll the queue. 

Answer : A Show Answer

---

Question # 90

A developer is designing a serverless application for an ecommerce website. An Amazon API Gateway API exposes..... user operations. The website features shopping carts for the users. The shopping carts must be stored for extended..... the front-end application. The load on the application will vary significantly based on the time of day and the promotional sales that are offered..... scale automatically to meet these changing demands. Which solution will meet these requirements?

A. Store the data objects on an Amazon RDS DB instance. Cache the data objects in memory by using Amazon ElastiCache.
 B. Store the data objects on Amazon EC2 instances behind an Application Load Balancer. Use session affinity (sticky sessions) for each user's shopping cart. 
C. Store the data objects in Amazon S3 buckets. Cache the data objects by using Amazon CloudFront with the maximum TTL.
 D. Store the data objects in Amazon DynamoDB tables. Cache the data objects by using DynamoDB Accelerator (DAX). 

Answer : D Show Answer

---

Question # 91

A developer deploys an ecommerce application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. The EC2 instances are based on an Amazon Machine Image (AMI) that uses an Amazon Elastic Block Store (Amazon EBS) root volume. After deployment, the developer notices that a third of the instances seem to be idle. These instances are not receiving requests from the load balancer. The developer verifies that all the instances are registered with the load balancer. The developer must implement a solution to allow the EC2 instances to receive requests from the load balancer. Which action will meet this requirement?

A. Reregister the failed instances with the ALB. 
B. Enable all Availability Zones for the ALB. 
C. Use the instance refresh feature to redeploy the EC2 Auto Scaling group. 
D. Restart the EC2 instances that are not receiving traffic.

Answer : C Show Answer

---

Frequently Asked Questions