Amazon DVA-C02 Question Answers

What is Amazon DVA-C02?

Amazon DVA-C02 is a necessary certification exam to get certified. The certification is a reward to the deserving candidate with perfect results. The AWS Certified Associate Certification validates a candidate's expertise to work with Amazon. In this fast-paced world, a certification is the quickest way to gain your employer's approval. Try your luck in passing the AWS Certified Developer - Associate Exam and becoming a certified professional today. Salesforcexamdumps.com is always eager to extend a helping hand by providing approved and accepted Amazon DVA-C02 Practice Questions. Passing AWS Certified Developer - Associate will be your ticket to a better future!

Pass with Amazon DVA-C02 Braindumps!

Contrary to the belief that certification exams are generally hard to get through, passing AWS Certified Developer - Associate is incredibly easy. Provided you have access to a reliable resource such as Salesforcexamdumps.com Amazon DVA-C02 PDF. We have been in this business long enough to understand where most of the resources went wrong. Passing Amazon AWS Certified Associate certification is all about having the right information. Hence, we filled our Amazon DVA-C02 Dumps with all the necessary data you need to pass. These carefully curated sets of AWS Certified Developer - Associate Practice Questions target the most repeated exam questions. So, you know they are essential and can ensure passing results. Stop wasting your time waiting around and order your set of Amazon DVA-C02 Braindumps now!

We aim to provide all AWS Certified Associate certification exam candidates with the best resources at minimum rates. You can check out our free demo before pressing down the download to ensure Amazon DVA-C02 Practice Questions are what you wanted. And do not forget about the discount. We always provide our customers with a little extra.

Why Choose Amazon DVA-C02 PDF?

Unlike other websites, Salesforcexamdumps.com prioritize the benefits of the AWS Certified Developer - Associate candidates. Not every Amazon exam candidate has full-time access to the internet. Plus, it's hard to sit in front of computer screens for too many hours. Are you also one of them? We understand that's why we are here with the AWS Certified Associate solutions. Amazon DVA-C02 Question Answers offers two different formats PDF and Online Test Engine. One is for customers who like online platforms for real-like Exam stimulation. The other is for ones who prefer keeping their material close at hand. Moreover, you can download or print Amazon DVA-C02 Dumps with ease.

If you still have some queries, our team of experts is 24/7 in service to answer your questions. Just leave us a quick message in the chat-box below or email at support@salesforcexamdumps.com.

Question # 1

A social media application is experiencing high volumes of new user requests after a recent marketing campaign. The application is served by an Amazon RDS for MySQL instance. A solutions architect examines the database performance and notices high CPU usage and many "too many connections" errors that lead to failed requests on the database. The solutions architect needs to address the failed requests. Which solution will meet this requirement?

A. Deploy an Amazon DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster.
B. Deploy an RDS Proxy. Configure the application to use the RDS Proxy.
C. Migrate the database to an Amazon RDS for PostgreSQL instance.
D. Deploy an Amazon ElastiCache (Redis OSS) cluster. Configure the application to use the ElastiCache cluster.

Show / Hide Answer

---

Question # 2

A company has a website that displays a daily newsletter. When a user visits the website, an AWS Lambda function processes the browser's request and queries the company's onpremises database to obtain the current newsletter. The newsletters are stored in English. The Lambda function uses the Amazon Translate TranslateText API operation to translate the newsletters, and the translation is displayed to the user. Due to an increase in popularity, the website's response time has slowed. The database is overloaded. The company cannot change the database and needs a solution that improves the response time of the Lambda function. Which solution meets these requirements?

A. Change to asynchronous Lambda function invocation.
B. Cache the translated newsletters in the Lambda /tmp directory.
C. Enable TranslateText API caching.
D. Change the Lambda function to use parallel processing.

Show / Hide Answer

---

Question # 3

A company has an online web application that includes a product catalog. The catalog is stored in an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The application must be able to list the objects in the S3 bucket and must be able to download objects through an 1AM policy. Which policy allows MINIMUM access to meet these requirements?

A. Option A
B. Option B
C. Option C
D. Option D

Show / Hide Answer

---

Question # 4

A developer has written a distributed application that uses micro services. The microservices are running on Amazon EC2 instances. Because of message volume, the developer is unable to match log output from each microservice to a specific transaction. The developer needs to analyze the message flow to debug the application. Which combination of steps should the developer take to meet this requirement? (Select TWO.)

A. Download the AWS X-Ray daemon. Install the daemon on an EC2 instance. Ensure that the EC2 instance allows UDP traffic on port 2000. 
B. Configure an interface VPC endpoint to allow traffic to reach the global AWS X-Ray daemon on TCP port 2000. 
C. Enable AWS X-Ray. Configure Amazon CloudWatch to push logs to X-Ray. 
D. Add the AWS X-Ray software development kit (SDK) to the microservices. Use X-Ray to trace requests that each microservice makes. 
E. Set up Amazon CloudWatch metric streams to collect streaming data from the microservices. 

Show / Hide Answer

---

Question # 5

A developer must cache dependent artifacts from Maven Central, a public package repository, as part of an application's build pipeline. The build pipeline has an AWS CodeArtifact repository where artifacts of the build are published. The developer needs a solution that requires minimum changes to the build pipeline. Which solution meets these requirements?

A. Modify the existing CodeArtifact repository to associate an upstream repository with the public package repository. 
B. Create a new CodeArtifact repository that has an external connection to the public package repository. 
C. Create a new CodeArtifact domain that contains a new repository that has an external connection to the public package repository. 
D. Modify the CodeArtifact repository resource policy to allow artifacts to be fetched from the public package repository. 

Show / Hide Answer

---

Question # 6

A developer is migrating a containerized application from an on-premises environment to the AWS Cloud. The developer is using the AWS CDK to provision a container in Amazon ECS on AWS Fargate. The container is behind an Application Load Balancer (ALB). When the developer deploys the stack, the deployment fails because the ALB fails health checks. The developer needs to resolve the failed health checks. Which solutions will meet this requirement? (Select TWO.)

A. Confirm that the capacity providers for the container have been provisioned and are properly sized. 
B. Confirm that the target group port matches the port mappings in the ECS task definition. 
C. Confirm that a hosted zone associated with the ALB matches a hosted zone that is referenced in the ECS task definition. 
D. Confirm that the ALB listener on the mapped port has a default action that redirects to the application's health check path endpoint. 
E. Confirm that the ALB listener on the mapped port has a default action that forwards to the correct target group. 

Show / Hide Answer

---

Question # 7

A company is developing a serverless application by using AWS Lambda functions. One of the Lambda functions needs to access an Amazon RDS DB instance. The DB instance is in a private subnet inside a VPC. The company creates a role that includes the necessary permissions to access the DB instance. The company then assigns the role to the Lambda function. A developer must take additional action to give the Lambda function access to the DB instance. What should the developer do to meet these requirements?

A. Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function. 
B. Set up an AWS Direct Connect connection between the Lambda function and the DB instance. 
C. Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance. 
D. Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function. 

Show / Hide Answer

---

Question # 8

A company has a web application that contains an Amazon API Gateway REST API. A developer has created an AWS CloudFormation template for the initial deployment of the application. The developer has deployed the application successfully as part of an AWS CodePipeline continuous integration and continuous delivery (CI/CD) process. All resources and methods are available through the deployed stage endpoint. The CloudFormation template contains the following resource types: • AWS::ApiGateway::RestApi • AWS::ApiGateway::Resource • AWS::ApiGateway::Method • AWS:ApiGateway::Stage • AWS::ApiGateway:;Deployment The developer adds a new resource to the REST API with additional methods and redeploys the template. CloudFormation reports that the deployment is successful and that the stack is in the UPDATE_COMPLETE state. However, calls to all new methods are returning 404 (Not Found) errors. What should the developer do to make the new methods available?

A. Specify the disable-rollback option during the update-stack operation.
B. Unset the Cloud Forma lion stack failure options.
C. Add an AWS CodeBuild stage lo CodePipeline to run the aws apigateway createdeployment AWS CLI command.
D. Add an action to CodePipeline to run the aws cloudfront create-invalidation AWS CLI command.

Show / Hide Answer

---

Question # 9

A developer is using AWS CodeDeploy to automate a company's application deployments to Amazon EC2. Which application specification file properties are required to ensure the software deployments do not fail? (Select TWO.)

A. The file must be a JSON-formatted file named appspec.json. 
B. The file must be a YAML-formatted file named appspec.yml. 
C. The file must be stored in AWS CodeBuild and referenced from the application's source code. 
D. The file must be placed in the root of the directory structure of the application's source code. 
E. The file must be stored in Amazon S3 and referenced from the application's source code. 

Show / Hide Answer

---

Question # 10

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment Which solution will meet these requirements in the MOST operationally efficient way?

A. Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments 
B. Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version. 
C. Configure the environment variables in the application code Use different names for each environment type 
D. Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret 

Show / Hide Answer

---

Question # 11

A developer needs to retrieve all data from an Amazon DynamoDB table that matches a particular partition key. Which solutions will meet this requirement in the MOST operationally efficient way? (Select TWO.)

A. Use the Scan API and a filter expression to match on the key. 
B. Use the GetItem API with a request parameter for key that contains the partition key name and specific key value. 
C. Use the ExecuteStatement API and a filter expression to match on the key. 
D. Use the GetItem API and a PartiQL statement to match on the key. 
E. Use the ExecuteStatement API and a PartiQL statement to match on the key. 

Show / Hide Answer

---

Question # 12

A company is building an application to accept data from customers. The data must be encrypted at rest and in transit. The application uses an Amazon API Gateway API that resolves to AWS Lambda functions. The Lambda functions store the data in an Amazon Aurora MySQL DB cluster. The application worked properly during testing. A developer configured an Amazon CloudFront distribution with field-level encryption that uses an AWS Key Management Service (AWS KMS) key. After the configuration of the distribution, the application behaved unexpectedly. All the data in the database changed from plaintext to ciphertext. The developer must ensure that the data is not stored in the database as the ciphertext from the CloudFront field-level encryption. Which solution will meet this requirement?

A. Change the CloudFront Viewer protocol policy from "HTTP and HTTPS" to "HTTPS only." 
B. Add a Lambda function that uses the KMS key to decrypt the data fields before saving the data to the database. 
C. Enable encryption on the DB cluster by using the same KMS key that is used in CloudFront. 
D. Request and deploy a new SSL certificate to use with the CloudFront distribution. 

Show / Hide Answer

---

Question # 13

A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.

A. "Condition": { "ArnLike": { "aws ":"arn:aws:states:ap-south-1:111111111111:stateMachine " } } 
B. "Condition": { "ArnLike": { "aws ":"arn:aws:states:ap-south-1:*:stateMachine " } }

Show / Hide Answer

---

Question # 14

A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources.

A. Use an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to an unauthenticated role that has access to the required resources. 
B. Set up an IAM user that has permissions to the required resources. Hardcode the IAM credentials in the web and mobile application. 
C. Generate temporary keys that are stored in AWS KMS. Use the temporary keys to access the required resources. 
D. Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use the temporary credentials to access the required resources. 

Show / Hide Answer

---

Question # 15

A developer needs to write an AWS CloudFormation template on a local machine and deploy a CloudFormation stack to AWS. What must the developer do to complete these tasks?

A. Install the AWS CLI. Configure the AWS CLI by using an I AM user name and password.
B. Install the AWS CLI. Configure the AWS CLI by using an SSH key.
C. Install the AWS CLI. Configure the AWS CLI by using an 1AM user access key and secret key.
D. Install an AWS software development kit (SDK). Configure the SDK by using an X.509 certificate.

Show / Hide Answer

---

Question # 16

A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.Which statement should the developer add to the trust policy to meet this requirement? 

A. "Condition": { "ArnLike": { "aws:SourceArn":"urn:aws:states:ap-south- 1:111111111111:stateMachine:myStateMachine" } } 
B. "Condition": { "ArnLike": { "aws:SourceArn":"arn:aws:states:ap-south- 1:*:stateMachine:myStateMachine" } } 
C. "Condition": { "StringEquals": { "aws:SourceAccount": "111111111111" } } 
D. "Condition": { "StringNotEquals": { "aws:SourceArn":"arn:aws:states:ap-south- 1:111111111111:stateMachine:myStateMachine" } } 

Show / Hide Answer

---

Question # 17

A company is building a content authoring application. The application has multiple user groups, such as content creator, reviewer, approver, and administrator. The company needs to assign users fine-grained permissions for specific parts of the application. The company needs a solution to configure, maintain, and analyze user permissions. The company wants a solution that can be easily adapted to work with newer applications in the future. The company must use a third-party OpenID Connect (OIDC) identity provider (IdP) to authenticate users.

A. Configure an Amazon Cognito identity pool for the application. Use the identity pool identities within the application to manage user permissions. 
B. Configure the application to check user permissions upon request. Configure the application logic to manage user permissions. 
C. Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions. 
D. Set up an IAM role for each user group. Assign users appropriate IAM roles. Configure the application to determine appropriate permissions for each user based on the user's IAM role. 

Show / Hide Answer

---

Question # 18

A banking company is building an application for users to create accounts, view balances, and review recent transactions. The company integrated an Amazon API Gateway REST API with AWS Lambda functions. The company wants to deploy a new version of a Lambda function that gives customers the ability to view their balances. The new version of the function displays customer transaction insights. The company wants to test the new version with a small group of users before deciding whether to make the feature available for all users. Which solution will meet these requirements with the LEAST disruption to users?

A. Create a canary deployment for the REST API. Gradually increase traffic to the new version of the function. Revert traffic to the old version if issues are detected. 
B. Redeploy the REST API stage to use the new version of the function. If issues are detected, update the REST API to point to the previous version of the function. 
C. Deploy the new version of the function to a new stage in the REST API. Route traffic to the new stage. If the new version fails, route traffic to the original stage. 
D. Create a new REST API stage for the new version of the function. Create a weighted alias record set in Amazon Route 53 to distribute traffic between the original stage and the new stage. 

Show / Hide Answer

---

Question # 19

A developer is setting up infrastructure by using AWS Cloud Formation. If an error occurs when the resources described in the CloudFormation template are provisioned, successfully provisioned resources must be preserved. The developer must provision and update the CloudFormation stack by using the AWS CLI. Which solution will meet these requirements?

A. Add an --enable-terminal ion-protection command line option to the create-stack command and the update-stack command. 
B. Add a -disable-roll back command line option to the create-stack command and the update-stack command 
C. Add a —parameters ParameterKey=P reserve Resources. ParameterVaIue=True command line option to the create-stack command and the update-stack command. 
D. Add a -tags Key=PreserveResources.VaIue=True command line option to the createstack command and the update-stack command. 

Show / Hide Answer

---

Question # 20

A company has a large amount of data in an Amazon DynamoDB table. A large batch of data is appended to the table once each day. The company wants a solution that will make all the existing and future data in DynamoDB available for analytics on a long-term basis. Which solution meets these requirements with the LEAST operational overhead?

A. Configure DynamoDB incremental exports to Amazon S3. 
B. Configure Amazon DynamoDB Streams to write records to Amazon S3. 
C. Configure Amazon EMR to copy DynamoDB data to Amazon S3. 
D. Configure Amazon EMR to copy DynamoDB data to Hadoop Distributed File System (HDFS). 

Show / Hide Answer

---

Question # 21

A company has a serverless application that uses Amazon API Gateway and AWS Lambda functions to expose a RESTful API. The company uses a continuous integration and continuous delivery (CI/CD) workflow to deploy the application to multiple environments. The company wants to implement automated integration tests after deployment. A developer needs to set up the necessary infrastructure and processes to automate the deployment and integration tests for the serverless application.

A. Configure API Gateway stages to represent each application environment. Use AWS SAM templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage. 
B. Configure API Gateway stages to represent each application environment. Use AWS CloudFormation to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage. 
C. Use AWS CodePipeline to create a CI/CD pipeline. Configure API Gateway stages to represent each application environment. Use AWS CloudFormation templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage. 
D. Use AWS CloudFormation to create and deploy the application infrastructure in each application environment. Use the AWS CLI to invoke Lambda functions to perform deployment tests after each deployment. 

Show / Hide Answer

---

Question # 22

A developer is receiving an intermittent ProvisionedThroughputExceededException error from an application that is based on Amazon DynamoDB. According to the Amazon CloudWatch metrics for the table, the application is not exceeding the provisioned throughput. What could be the cause of the issue?

A. The DynamoDB table storage size is larger than the provisioned size.
B. The application is exceeding capacity on a particular hash key.
C. The DynamoDB table is exceeding the provisioned scaling operations.
D. The application is exceeding capacity on a particular sort key.

Show / Hide Answer

---

Question # 23

A company is developing a serverless application that requires storage of sensitive API keys as environment variables for various services. The application requires the automatic rotation of the encryption keys every year. Which solution will meet these requirements with no development effort?

A. Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager. 
B. Encrypt the environment variables by using AWS Key Management Service (AWS KMS) customer managed keys. Enable automatic key rotation. 
C. Encrypt the environment variables by using AWS Key Management Service (AWS KMS) AWS managed keys. Configure a custom AWS Lambda function to automate key rotation. 
D. Encrypt the environment variables by using AWS Systems Manager Parameter Store. Set up automatic rotation in Parameter Store. 

Show / Hide Answer

---

Question # 24

A developer is building an application that includes an AWS Lambda function that is written in .NET Core. The Lambda function's code needs to interact with Amazon DynamoDB tables and Amazon S3 buckets. The developer must minimize the Lambda function's deployment time and invocation duration. Which solution will meet these requirements?

A. Increase the Lambda function's memory.
B. Include the entire AWS SDK for .NET in the Lambda function's deployment package.
C. Include only the AWS SDK for .NET modules for DynamoDB and Amazon S3 in the Lambda function's deployment package.
D. Configure the Lambda function to download the AWS SDK for .NET from an S3 bucket at runtime.

Show / Hide Answer

---

Question # 25

In a move toward using microservices, a company's management team has asked all development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB. What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

A. Use AWS Glue to perform frequent ETL updates from the Accounts database to the Payments database. 
B. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database. 
C. Use Amazon Data Firehose to deliver all changes from the Accounts database to the Payments database. 
D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database. 

Show / Hide Answer

---

Question # 26

A developer received the following error message during an AWS CloudFormation deployment: Which action should the developer take to resolve this error?

A. Contact AWS Support to report an issue with the Auto Scaling Groups (ASG> service. 
B. Add a DependsOn attribute to the ASGInstanceRole12345678 resource in the CloudFormation template. Then delete the stack. 
C. Modify the CloudFormation template to retain the ASGInstanceRolet 2345678 resource. Then manually delete the resource after deployment. 
D. Add a force parameter when calling CloudFormation with the role-am of ASGInstanceRole12345678. 

Show / Hide Answer

---

Question # 27

A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts. What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?

A. Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket.
B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket.
C. Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.
D. Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request.

Show / Hide Answer

---

Question # 28

A developer is building an application that uses Amazon DynamoDB. The developer wants to retrieve multiple specific items from the database with a single API call. Which DynamoDB API call will meet these requirements with the MINIMUM impact on the database?

A. BatchGetltem
B. Getltem
C. Scan
D. Query

Show / Hide Answer

---

Question # 29

A developer created an AWS Lambda function that accesses resources in a VPC. The Lambda function polls an Amazon Simple Queue Service (Amazon SOS) queue for new messages through a VPC endpoint. Then the function calculates a rolling average of the numeric values that are contained in the messages. After initial tests of the Lambda function, the developer found that the value of the rolling average that the function returned was not accurate. How can the developer ensure that the function calculates an accurate rolling average?

A. Set the function's reserved concurrency to 1. Calculate the rolling average in the function. Store the calculated rolling average in Amazon ElastiCache.
B. Modify the function to store the values in Amazon ElastiCache. When the function initializes, use the previous values from the cache to calculate the rolling average.
C. Set the function's provisioned concurrency to 1. Calculate the rolling average in the function. Store the calculated rolling average in Amazon ElastiCache.
D. Modify the function to store the values in the function's layers. When the function initializes, use the previously stored values to calculate the rolling average.

Show / Hide Answer

---

Question # 30

A developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions: The developer needs to create/delete branches Which specific IAM permissions need to be added based on the principle of least privilege?

A. Option A
B. Option B
C. Option C
D. Option D

Show / Hide Answer

---

Question # 31

A developer is migrating a containerized application from an on-premises environment to an Amazon ECS cluster. In the on-premises environment, the container uses a Docker file to store the application. Service dependency configurations such as databases, caches, and storage volumes are stored in a docker-compose.yml file. Both files are located at the top level of the code base that the developer needs to containerize. When the developer deploys the code to Amazon ECS, the instructions from the Docker file are carried out. However, none of the configurations from dockercompose. yml are applied. The developer needs to resolve the error and ensure the configurations are applied.

A. Store the file path for the docker-compose.yml file as a Docker label. Add the label to the ECS cluster's container details.
 B. Add the details from the docker-compose.yml file to an ECS task definition. Associate the task with the ECS cluster. 
C. Create a namespace in the ECS cluster. Associate the docker-compose.yml file to the namespace. 
D. Update the service type of the ECS cluster to REPLICA, and redeploy the stack. 

Show / Hide Answer

---

Question # 32

A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call?

A. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_id}"], "dynamodb:Attributes": ["user_name"] } } 
B. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_name}"], "dynamodb:Attributes": ["user_id"] } } 
C. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_id}"], "dynamodb:Attributes": ["user_name", "user_id"] } } 
D. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_name}"], "dynamodb:Attributes": ["username", "userid"] } } 

Show / Hide Answer

---

Question # 33

A developer has deployed an AWS Lambda function that is subscribed to an Amazon Simple Notification Service {Amazon SNS) topic. The developer must implement a solution to add a record of each Lambda function invocation to an Amazon Simple Queue Service {Amazon SQS) queue. Which solution will meet this requirement?

A. Configure the SQS queue as a dead-letter queue for the Lambda function. 
B. Create code that uses the AWS SDK to call the SQS SendMessage operation to add the invocation details to the SQS queue. Add the code to the end of the Lambda function. 
C. Add two asynchronous invocation destinations to the Lambda function: one destination for successful invocations and one destination for failed invocations. Configure the SQS queue as the destination for each type. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered. 
D. Add a single asynchronous invocation destination to the Lambda function to capture successful invocations. Configure the SQS queue as the destination. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered. 

Show / Hide Answer

---

Question # 34

A developer is creating a stock trading application. The developer needs a solution to send text messages to application users to confirmation when a trade has been completed. The solution must deliver messages in the order a user makes stock trades. The solution must not send duplicate messages. Which solution will meet these requirements?

A. Configure the application to publish messages to an Amazon Data Firehose delivery stream. Configure the delivery stream to have a destination of each user's mobile phone number that is passed in the trade confirmation message. 
B. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Use the SendMessageln API call to send the trade confirmation messages to the queue. Use the SendMessageOut API to send the messages to users by using the information provided in the trade confirmation message. 
C. Configure a pipe in Amazon EventBridge Pipes. Connect the application to the pipe as a source. Configure the pipe to use each user's mobile phone number as a target. Configure the pipe to send incoming events to the users. 
D. Create an Amazon Simple Notification Service (SNS) FIFO topic. Configure the application to use the AWS SDK to publish notifications to the SNS topic to send SMS messages to the users. 

Show / Hide Answer

---

Question # 35

A developer is building an application that stores objects in an Amazon S3 bucket. The bucket does not have versioning enabled. The objects are accessed rarely after 1 week. However, the objects must be immediately available at all times. The developer wants to optimize storage costs for the S3 bucket. Which solution will meet this requirement?

A. Create an S3 Lifecycle rule to expire objects after 7 days. 
B. Create an S3 Lifecycle rule to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days. 
C. Create an S3 Lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after 7 days. 
D. Create an S3 Lifecycle rule to delete objects that have delete markers. 

Show / Hide Answer

---

Question # 36

A social media company is designing a platform that allows users to upload data, which is stored in Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that only the company can decrypt the uploaded content using an asymmetric encryption key. The data must always be encrypted in transit and at rest. Options:

A. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the data.
 B. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the data. 
C. Use client-side encryption with a data key to encrypt the data. 
D. Use client-side encryption with a customer-managed encryption key to encrypt the data. 

Show / Hide Answer

---

Question # 37

A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses 1AM permissions to restrict access to the S3 bucket. The customers can access only their own files. Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3. Which solution will meet these requirements?

A. Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false. 
B. Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read. 
C. Add an 1AM policy to the 1AM users to enforce the usage of the AWS SDK. 
D. Add an 1AM policy to the 1AM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read. 

Show / Hide Answer

---

Question # 38

A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically. How can a developer meet these requirements?

A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool. 
B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway. 
C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token. 
D. Create an 1AM user for each API user, attach an invoke permissions policy to the API. and use an I AM authorizer in API Gateway. 

Show / Hide Answer

---

Question # 39

A company has a serverless application that uses Amazon API Gateway backed by AWS Lambda proxy integration. The company is developing several backend APIs. The company needs a landing page to provide an overview of navigation to the APIs. A developer creates a new /LandingPage resource and a new GET method that uses mock integration. What should the developer do next to meet these requirements?

A. Configure the integration request mapping template with Content-Type of text/html and statusCode of 200. Configure the integration response mapping template with Content- Type of application/json. In the integration response mapping template, include the LandingPage HTML code that references the APIs.
 B. Configure the Integration request mapping template with Content-Type of application/json. In the integration request mapping template, include the LandingPage HMTL code that references the APIs. Configure the integration response mapping template with Content-Type of text/html and statusCode of 200. 
C. Configure the integration request mapping template with Content-Type of application/json and statusCode of 200. Configure the integration response mapping template with Content-Type of text/html. In the integration response mapping template, include the LandingPage HTML code that references the APIs. 
D. Configure the integration request mapping template with Content-Type of text/html. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content- Type of application/json and statusCode of 200. 

Show / Hide Answer

---

Question # 40

A developer previously deployed an AWS Lambda function as a .zip package. The developer needs to deploy the Lambda function as a container.

A. Create an Amazon ECR repository in the same AWS Region as the Lambda function. Package the Lambda function into a container image. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function configuration to specify the repository URI and container image tag. 
B. Create an AWS SAM template that defines the Lambda function and its resources as code. Include a container image in the template, and store the container image in an Amazon S3 bucket. Deploy the AWS SAM template. Specify the S3 bucket URI. 
C. Create an AWS CloudFormation template that defines the Lambda function and its resources as code. Include a container image in the template, and store the image in an Amazon S3 bucket. Deploy the CloudFormation template. Specify the S3 bucket URI. 
D. Create an Amazon ECR repository in the same AWS Region as the Lambda function. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function to use the new image by specifying the repository URI. 

Show / Hide Answer

---

Question # 41

A company's application has an AWS Lambda function that processes messages from loT devices. The company wants to monitor the Lambda function to ensure that the Lambda function is meeting its required service level agreement (SLA). A developer must implement a solution to determine the application's throughput in near real time. The throughput must be based on the number of messages that the Lambda function receives and processes in a given time period. The Lambda function performs initialization and post-processing steps that must not factor into the throughput measurement. What should the developer do to meet these requirements?

A. Use the Lambda function's ConcurrentExecutions metric in Amazon CloudWatch to measure the throughput. 
B. Modify the application to log the calculated throughput to Amazon CloudWatch Logs. Use Amazon EventBridge to invoke a separate Lambda function to process the logs on a schedule. 
C. Modify the application to publish custom Amazon CloudWatch metrics when the Lambda function receives and processes each message. Use the metrics to calculate the throughput. 
D. Use the Lambda function's Invocations metric and Duration metric to calculate the throughput in Amazon CloudWatch. 

Show / Hide Answer

---

Question # 42

A company has many microservices that are comprised of AWS Lambda functions. Multiple teams within the company split ownership of the microservices. An application reads configuration values from environment variables that are contained in the Lambda functions. During a security audit, the company discovers that some of the environment variables contain sensitive information. The company's security policy requires each team to have full control over the rotation of AWS KMS keys that the team uses for its respective microservices.

A. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:Decrypt permissions to the Lambda function execution roles. 
B. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:Decrypt permission to the Lambda function execution roles. 
C. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles. 
D. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles. 

Show / Hide Answer

---

Question # 43

A company runs an application on AWS The application uses an AWS Lambda function that is configured with an Amazon Simple Queue Service (Amazon SQS) queue called high priority queue as the event source A developer is updating the Lambda function with another SQS queue called low priority queue as the event source The Lambda function must always read up to 10 simultaneous messages from the high priority queue before processing messages from low priority queue. The Lambda function must be limited to 100 simultaneous invocations. Which solution will meet these requirements'?

A. Set the event source mapping batch size to 10 for the high priority queue and to 90 for the low priority queue
 B. Set the delivery delay to 0 seconds for the high priority queue and to 10 seconds for the low priority queue 
C. Set the event source mapping maximum concurrency to 10 for the high priority queue and to 90 for the low priority queue 
D. Set the event source mapping batch window to 10 for the high priority queue and to 90 for the low priority queue 

Show / Hide Answer

---

Question # 44

A developer is creating an application that uses an Amazon DynamoDB table. The developer needs to develop code that reads all records that were added to the table during the previous day. creates HTML reports, and pushes the reports into third-party storage. The item size varies from 1 KB to 4 KB, and the index structure is defined with the date. The developer needs to minimize the read capacity that the application requires from the DynamoDB table. Which DynamoDB API operation should the developer use in the code to meet these requirements?

A. Query
B. Scan
C. BatchGetltem
D. Getltem

Show / Hide Answer

---

Question # 45

A developer is creating a microservices application that runs across multiple compute environments. The application must securely access secrets that are stored in AWS Secrets Manager with minimal network latency. The developer wants a solution that reduces the number of direct calls to Secrets Manager and simplifies secrets management across environments. Which solution will meet these requirements with the LEAST operational overhead?

A. Create a custom script that retrieves secrets directly from Secrets Manager and caches the secrets in a local database for each compute environment. 
B. Install the Secrets Manager Agent in each compute environment. Configure the agent to cache secrets locally. Securely retrieve the secrets from Secrets Manager as needed. 
C. Implement lazy loading logic in the application to fetch secrets directly from Secrets Manager and to cache the secrets in Redis. 
D. Store the secrets in an Amazon S3 bucket. Retrieve and load the secrets as environment variables during application startup for each compute environment. 

Show / Hide Answer

---

Question # 46

A company uses AWS X-Ray to monitor a serverless application. The components of the application have different request rates. The user interactions and transactions are important to trace, but they are low in volume. The background processes such as application health checks, polling, and connection maintenance generate high volumes of read-only requests. Currently, the default X-Ray sampling rules are universal for all requests. Only the first request per second and some additional requests are recorded. This setup is not helping the company review the requests based on service or request type. A developer must configure rules to trace requests based on service or request properties. The developer must trace the user interactions and transactions without wasting effort recording minor background tasks. Which solution will meet these requirements?

A. Disable sampling for high-volume read-only requests. Sample at a lower rate for all requests that handle user interactions or transactions. 
B. Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a higher rate. 
C. Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a lower rate. 
D. Disable sampling for high-volume read-only requests. Sample at a higher rate for all requests that handle user interactions or transactions. 

Show / Hide Answer

---

Question # 47

A developer needs to set up an API to provide access to an application and its resources. The developer has a TLS certificate. The developer must have the ability to change the default base URL of the API to a custom domain name. The API users are distributed globally. The solution must minimize API latency.

A. Create an Amazon CloudFront distribution that uses an AWS Lambda@Edge function to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution. 
B. Create an Amazon API Gateway REST API. Use the private endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API. 
C. Create an Amazon API Gateway REST API. Use the edge-optimized endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API. 
D. Create an Amazon CloudFront distribution that uses CloudFront Functions to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution. 

Show / Hide Answer

---

Question # 48

A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment. Which solution will meet this requirement with the LEAST operational overhead?

A. Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users. 
B. Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users. 
C. Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users. 
D. Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code. 

Show / Hide Answer

---

Question # 49

A company is planning to deploy an application on AWS behind an Elastic Load Balancing (ELB) load balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses. Which load-balancing solution meets these requirements?

A. Use an Application Load Balancer and the X-Forwarded-For headers. 
B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application. 
C. Use an Application Load Balancer. Register the targets by the instance ID. 
D. Use a Network Load Balancer and the X-Forwarded-For headers. 

Show / Hide Answer

---

Question # 50

A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment in a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts. How can a developer meet these requirements without changing the configuration of the SCM system?

A. Deploy the API Gateway REST API to all the required AWS accounts. Use the same custom domain name for all the gateway endpoints so that a single SCM webhook can be used for all events from all accounts. 
B. Deploy the API Gateway REST API to all the receiver AWS accounts. Create as many SCM webhooks as the number of AWS accounts. 
C. Grant permission to the central AWS account for EventBridge to access the receiver AWS accounts. Add an EventBridge event bus on the receiver AWS accounts as the targets to the existing EventBridge rule. 
D. Convert the API Gateway type from REST API to HTTP API. 

Show / Hide Answer

---

Question # 51

A company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing. How should the developer incorporate unit tests as part of CI/CD pipelines?

A. Create a separate CodePipeline pipeline to run unit tests.
B. Update the AWS CodeBuild build specification to include a phase for running unit tests.
C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.
D. Create a testing branch in a git repository for the pipelines to run unit tests.

Show / Hide Answer

---

Question # 52

A developer is writing unit tests tor a new application that will be deployed on AWS. The developer wants to validate all pull requests with unit tests and merge the code with the main branch only when all tests pass The developer stores the code in AWS CodeCommit and sets up AWS CodeBuild to run the unit tests. The developer creates an AWS Lambda function to start the CodeBuild task. The developer needs to identify the CodeCommit events in an Amazon EventBridge event that can invoke the Lambda function when a pull request is created or updated. Which CodeCommit event will meet these requirements?

A. Option A
B. Option B
C. Option C
D. Option D

Show / Hide Answer

---

Question # 53

A developer is monitoring an application that runs on an Amazon EC2 Instance. The developer has configured a custom Amazon CloudWatch metric with data granularity of 1 second. It any issues occur, the developer wants to be notified within 30 seconds by Amazon Simple Notification Service (Amazon SNS). What should the developer do to meet this requirement?

A. Configure a high-resolution CloudWatch alarm.
B. Set up a custom CloudWatch dashboard.
C. Use Amazon CloudWatch Logs Insights.
D. Change to a default CloudWatch metric.

Show / Hide Answer

---

Question # 54

A developer is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users. How should the developer manage the deployment of the new version?

A. Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook. 
B. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application's DNS records for the new stack. 
C. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available. 
D. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook. 

Show / Hide Answer

---

Question # 55

A developer needs to use a code template to create an automated deployment of an application onto Amazon EC2 instances. The template must be configured to repeat deployment, installation, and updates of resources for the application. The template must be able to create identical environments and roll back to previous versions. Which solution will meet these requirements?

A. Use AWS Amplify for automatic deployment templates. Use a traffic-splitting deployment to copy any deployments. Modify any resources created by Amplify, if necessary.
B. Use AWS CodeBuild for automatic deployment. Upload the required AppSpec file template. Save the appspec.yml file in the root directory folder of the revision. Specify the deployment group that includes the EC2 instances for the deployment. 
C. Use AWS CloudFormation to create an infrastructure template in JSON format to deploy the EC2 instances. Use Cloud Formation helper scripts to install the necessary software and to start the application. Call the scripts directly from the template. 
D. Use AWS AppSync to deploy the application. Upload the template as a GraphQL schema. Specify the EC2 instances for deployment of the application. Use resolvers as a version control mechanism and to make any updates to the deployments. 

Show / Hide Answer

---

Question # 56

A company hosts a batch processing application on AWS Elastic Beanstalk with instances that run the most recent version of Amazon Linux. The application sorts and processes large datasets. In recent weeks, the application's performance has decreased significantly during a peak period for traffic. A developer suspects that the application issues are related to the memory usage. The developer checks the Elastic Beanstalk console and notices that memory usage is not being tracked. How should the developer gather more information about the application performance issues?

A. Configure the Amazon CloudWatch agent to push logs to Amazon CloudWatch Logs by using port 443. 
B. Configure the Elastic Beanstalk .ebextensions directory to track the memory usage of the instances. 
C. Configure the Amazon CloudWatch agent to track the memory usage of the instances. 
D. Configure an Amazon CloudWatch dashboard to track the memory usage of the instances. 

Show / Hide Answer

---

Question # 57

A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials. Which solution will handle the database credentials MOST securely?

A. Retrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an AWS Lambda function to rotate the credentials. 
B. Retrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store. Configure Parameter Store for automatic rotation. 
C. Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret. Configure Secrets Manager for automatic rotation. 
D. Retrieve the credentials from an environment variable that contains the connection string in plaintext. Configure an Amazon EventBridge event to rotate the credentials. 

Show / Hide Answer

---

Question # 58

A developer is receiving HTTP 400: ThrottlingException errors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved. What best practice should first be applied to address this issue?

A. Contact AWS Support for a limit increase.
B. Use the AWS CLI to get the metrics.
C. Analyze the applications and remove the API call.
D. Retry the call with exponential backoff.

Show / Hide Answer

---

Question # 59

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application. Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

A. { "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"], "Resource": ["arn:aws:s3:::companybucket"] } ] } 
B. { "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Action": ["s3:CreateBucket", "s3:GetBucketLocation"], "Resource": "arn:aws:s3:::companybucket" } ] } 
C. { "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:PutObjectRetention"], "Resource": "arn:aws:s3:::companybucket" } ] } 
D. { "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::companybucket"] } ] } 

Show / Hide Answer

---

Question # 60

A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an 1AM developer group. The test events must be editable by any of the 1AM users in the 1AM developer group. Which solution will meet these requirements?

A. Create and store the test events in Amazon S3 as JSON objects. Allow S3 bucket access to all 1AM users. 
B. Create the test events. Configure the event sharing settings to make the test events shareable. 
C. Create and store the test events in Amazon DynamoDB. Allow access to DynamoDB by using 1AM roles. 
D. Create the test events. Configure the event sharing settings to make the test events private. 

Show / Hide Answer

---

Question # 61

A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of the EC2 instances, logging all requests to a log file. The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB. What must the developer do to capture the client public IP addresses in the log file?

A. Add a Host header to the HTTP server log configuration file. 
B. Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file. 
C. Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file. 
D. Add an X-Forwarded-For header to the HTTP server log configuration file.

Show / Hide Answer

---

Question # 62

A company launched an online portal to announce a new product that the company will release in 6 months. The portal requests that users enter an email address to receive communications about the product. The company needs to create a REST API that will store the email addresses in Amazon DynamoDB. A developer has created an AWS Lambda function that can store the email addresses. The developer will deploy the Lambda function by using the AWS Serverless Application Model (AWS SAM). The developer must provide access to the Lambda function over HTTP. Which solutions will meet these requirements with the LEAST additional configuration? (Select TWO.)

A. Expose the Lambda function by using function URLs.
B. Expose the Lambda function by using a Gateway Load Balancer.
C. Expose the Lambda function by using a Network Load Balancer.
D. Expose the Lambda function by using AWS Global Accelerator
E. Expose the Lambda function by using Amazon API Gateway.

Show / Hide Answer

---

Question # 63

A company is using the AWS Serverless Application Model (AWS SAM) to develop a social media application. A developer needs a quick way to test AWS Lambda functions locally by using test event payloads. The developer needs the structure of these test event payloads to match the actual events that AWS services create.

A. Create shareable test Lambda events. Use these test Lambda events for local testing. 
B. Store manually created test event payloads locally. Use the sam local invoke command with the file path to the payloads. 
C. Store manually created test event payloads in an Amazon S3 bucket. Use the sam local invoke command with the S3 path to the payloads. 
D. Use the sam local generate-event command to create test payloads for local testing. 

Show / Hide Answer

---

Question # 64

A healthcare company uses AWS Amplify to host a patient management system. The system uses Amazon API Gateway to expose RESTful APIs. The backend logic of the system is handled by AWS Lambda functions. One of the Lambda functions receives patient data that includes personally identifiable information (PII). The Lambda function sends the patient data to an Amazon DynamoDB table. The company must encrypt all patient data at rest and in transit before the data is stored in DynamoDB.

A. Configure the Lambda function to use AWS KMS keys with the AWS Database Encryption SDK to encrypt the patient data before sending the data to DynamoDB. 
B. Use AWS managed AWS KMS keys to encrypt the data in the DynamoDB table. 
C. Configure a DynamoDB stream on the table to invoke a Lambda function. Configure the Lambda function to use an AWS KMS key to encrypt the DynamoDB table and to update the table. 
D. Use an AWS Step Functions workflow to transfer the data to an Amazon SQS queue. Configure a Lambda function to encrypt the data in the queue before sending the data to the DynamoDB table. 

Show / Hide Answer

---

Question # 65

A developer is using AWS CodeDeploy to launch an application onto Amazon EC2 instances. The application deployment fails during testing. The developer notices an IAM_ROLE_PERMISSIONS error code in Amazon CloudWatch logs. What should the developer do to resolve the error?

A. Ensure that the deployment group is using the correct role name for the CodeDeploy service role.
B. Attach the AWSCodeDeployRoleECS policy to the CodeDeploy service role.
C. Attach the AWSCodeDeployRole policy to the CodeDeploy service role.
D. Ensure the CodeDeploy agent is installed and running on all instances in the deployment group.

Show / Hide Answer

---

Question # 66

A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts. What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?

A. Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket. 
B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket. 
C. Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket. 
D. Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request. 

Show / Hide Answer

---

Question # 67

A developer creates an AWS Lambda function that is written in Java. During testing, the Lambda function does not work how the developer expected. The developer wants to use tracing capabilities to troubleshoot the problem. Which AWS service should the developer use to accomplish this goal?

A. AWS Trusted Advisor
B. Amazon CloudWatch
C. AWS X-Ray
D. AWS CloudTrail

Show / Hide Answer

---

Question # 68

A development team is creating a serverless application that uses AWS Lambda functions. The team wants to streamline a testing workflow by sharing test events across multiple developers within the same AWS account. The team wants to ensure all developers can use consistent test events without compromising security.

A. Export test events as JSON files. Store the files in an Amazon S3 bucket. Configure granular IAM permissions to allow the developers to access the S3 bucket. 
B. Store test events in an Amazon DynamoDB table. Create an AWS Lambda function to retrieve shared test events for the developers. 
C. Configure test events to be shareable. Configure granular IAM permissions to allow the developers to access shared test events. 
D. Set up a Git repository to store test events. Provide the developers with access to the repository. 

Show / Hide Answer

---

Question # 69

A developer is creating an application that uses an AWS Lambda function to transform and load data from an Amazon S3 bucket. When the developer tests the application, the developer finds that some invocations of the Lambda function are slower than others. The developer needs to update the Lambda function to have predictable invocation durations that run with low latency. Any initialization activities, such as loading libraries and instantiating clients, must run during allocation time rather than during actual function invocations. Which combination of steps will meet these requirements? (Select TWO.)

A. Create a schedule group in Amazon EventBridge Scheduler to invoke the Lambda function. 
B. Configure provisioned concurrency for the Lambda function to have the necessary number of execution environments. 
C. Use the SLATEST version of the Lambda function. 
D. Configure reserved concurrency for the Lambda function to have the necessary number of execution environments. 
E. Deploy changes, and publish a new version of the Lambda function.

Show / Hide Answer

---

Question # 70

A company runs a new application on AWS Elastic Beanstalk. The company needs to deploy updates to the application. The updates must not cause any downtime for application users. The deployment must forward a specified percentage of incoming client traffic to a new application version during an evaluation period. Which deployment type will meet these requirements?

A. Rolling 
B. Traffic-splitting 
C. In-place 
D. Immutable 

Show / Hide Answer

---

Question # 71

A company uses Amazon DynamoDB as a data store for its order management system. The company frontend application stores orders in a DynamoDB table. The DynamoDB table is configured to send change events to a DynamoDB stream. The company uses an AWS Lambda function to log and process the incoming orders based on data from the DynamoDB stream. An operational review reveals that the order quantity of incoming orders is sometimes set to 0. A developer needs to create a dashboard that will show how many unique customers this problem affects each day. What should the developer do to implement the dashboard?

A. Grant the Lambda function's execution role permissions to upload logs to Amazon CloudWatch Logs. Implement a CloudWatch Logs Insights query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1-day periods. Add the CloudWatch Logs Insights query to a CloudWatch dashboard. 
B. Use Amazon Athena to query AWS CtoudTrail API logs for API calls. Implement an Athena query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1-day periods. Add the Athena query to an Amazon CloudWatch dashboard. 
C. Configure the Lambda function to send events to Amazon EventBridge. Create an EventBridge rule that groups the number of unique customers for orders with order quantity equal to 0 in 1-day periods. Add a CloudWatch dashboard as the target of the rule. 
D. Turn on custom Amazon CloudWatch metrics for the DynamoDB stream of the DynamoOB table. Create a CloudWatch alarm that groups the number of unique customers for orders with order quantity equal to 0 in 1-day periods. Add the CloudWatch alarm to a CloudWatch dashboard. 

Show / Hide Answer

---

Question # 72

A developer maintains a critical business application that uses Amazon DynamoDB as the primary data store The DynamoDB table contains millions of documents and receives 30- 60 requests each minute The developer needs to perform processing in near-real time on the documents when they are added or updated in the DynamoDB table How can the developer implement this feature with the LEAST amount of change to the existing application code?

A. Set up a cron job on an Amazon EC2 instance Run a script every hour to query the table for changes and process the documents 
B. Enable a DynamoDB stream on the table Invoke an AWS Lambda function to process the documents.
 C. Update the application to send a PutEvents request to Amazon EventBridge. Create an EventBridge rule to invoke an AWS Lambda function to process the documents. 
D. Update the application to synchronously process the documents directly after the DynamoDB write 

Show / Hide Answer

---

Question # 73

A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table. What is the simplest way to do this?

A. Write a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance.
B. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.
C. Each day, create a new table to hold session data; delete the previous day's table.
D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Show / Hide Answer

---

Question # 74

A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda function is configured in VPC mode and needs to connect to an existing Amazon RDS for SOL Server DB instance. The DB instance is deployed in a private subnet and accepts connections by using port 1433. When the developer tests the function, the function reports an error when it tries to connect to the database. Which combination of steps should the developer take to diagnose this issue? (Select TWO.)

A. Check that the function's security group has outbound access on port 1433 to the DB instance's security group. Check that the DB instance's security group has inbound access on port 1433 from the function's security group. 
B. Check that the function's security group has Inbound access on port 1433 from the DB Instance's security group. Check that the DB instance's security group has outbound access on port 1433 to the function's security group. 
C. Check that the VPC is set up for a NAT gateway. Check that the DB instance has the public access option turned on. 
D. Check that the function's execution role permissions include rds:DescribeDBInstances, rds: ModifyDB Instance, and rds:DescribeDBSecurityGroups for the DB instance. 
E. Check that the function's execution rote permissions include ec2: CreateNetworklnterface. ec2: DescribeNetworklnterfaces. and ec2: DeleteNetworklnterface. 

Show / Hide Answer

---

Question # 75

A developer is creating an ecommerce workflow in an AWS Step Functions state machine that includes a HTTP Task state. The task passes shipping information and order details to an endpoint. The developer needs to test the workflow to confirm that the HTTP headers and body are correct and that the responses meet expectations.

A. Use the TestState API to invoke only the HTTP Task. Set the inspection level to TRACE. 
B. Use the TestState API to invoke the state machine. Set the inspection level to DEBUG. 
C. Use the data flow simulator to invoke only the HTTP Task. View the request and response data. 
D. Change the log level of the state machine to ALL. Run the state machine. 

Show / Hide Answer

---

Question # 76

A developer is building an application that uses an Amazon RDS for PostgreSQL database. To meet security requirements, the developer needs to ensure that data is encrypted at rest. The developer must be able to rotate the encryption keys on demand.

A. Use an AWS KMS managed encryption key to encrypt the database. 
B. Create a symmetric customer managed AWS KMS key. Use the key to encrypt the database.
 C. Create a 256-bit AES-GCM encryption key. Store the key in AWS Secrets Manager, and enable managed rotation. Use the key to encrypt the database. 
D. Create a 256-bit AES-GCM encryption key. Store the key in AWS Secrets Manager. Configure an AWS Lambda function to perform key rotation. Use the key to encrypt the database. 

Show / Hide Answer

---

Question # 77

A developer supports an application that accesses data in an Amazon DynamoDB table. One of the item attributes is expirationDate in the timestamp format. The application uses this attribute to find items, archive them, and remove them from the table based on the timestamp value The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write. Which solution will meet these requirements?

A. Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda function. 
B. Create two AWS Lambda functions one to delete the items and one to process the items Create a DynamoDB stream Use the Deleteltem API operation to delete the items based on the expirationDate attribute Use the GetRecords API operation to get the items from the DynamoDB stream and process them 
C. Create two AWS Lambda functions, one to delete the items and one to process the items. Create an Amazon EventBndge scheduled rule to invoke the Lambda Functions Use the Deleteltem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB table and process them. 
D. Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue Service (Amazon SQS> dead-letter queue as the target to delete the items Create an AWS Lambda function to process the items 

Show / Hide Answer

---

Question # 78

A team is developing an application that is deployed on Amazon EC2 instances. During testing, the team receives an error. The EC2 instances are unable to access an Amazon S3 bucket. Which steps should the team take to troubleshoot this issue? (Select TWO.)

A. Check whether the policy that is assigned to the JAM role that is attached to the EC2 instances grants access to Amazon S3.
B. Check the S3 bucket policy to validate the access permissions for the S3 bucket.
C. Check whether the policy that is assigned to the 1AM user that is attached to the EC2 instances grants access to Amazon S3.
D. Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3bucket.
E. Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3.

Show / Hide Answer

---

Question # 79

A company has an application that is based on Amazon EC2. The company provides API access to the application through Amazon API Gateway and uses Amazon DynamoDB to store the application's data. A developer is investigating performance issues that are affecting the application. During peak usage, the application is overwhelmed by a large number of identical data read requests that come through APIs. What is the MOST operationally efficient way for the developer to improve the application's performance?

A. Use DynamoDB Accelerator (DAX) to cache database responses. 
B. Configure Amazon EC2 Auto Scaling policies to meet fluctuating demand. 
C. Enable API Gateway caching to cache API responses. 
D. Use Amazon ElastiCache to cache application responses. 

Show / Hide Answer

---

Question # 80

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes. How can the developer meet these requirements?

A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes. 
B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes. 
C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS. 
D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes. 

Show / Hide Answer

---

Question # 81

A company had an Amazon RDS for MySQL DB instance that was named mysql-db. The DB instance was deleted within the past 90 days. A developer needs to find which 1AM user or role deleted the DB instance in the AWS environment. Which solution will provide this information?

A. Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is DeleteDBInstance. Inspect each event. 
B. Retrieve the Amazon CloudWatch log events from the most recent log stream within the rds/mysql-db log group. Inspect the log events. 
C. Retrieve the AWS X-Ray trace summaries. Filter by services with the name mysql-db. Inspect the ErrorRootCauses values within each summary. 
D. Retrieve the AWS Systems Manager deletions inventory Filter the inventory by deletions that have a TypeName value of RDS. Inspect the deletion details. 

Show / Hide Answer

---

Question # 82

An 1AM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the 1AM access key and secret access key, which allow full administrative access. Given that multiple modes of 1AM access are present for this EC2 instance, which of the following is correct?

A. The EC2 instance will only be able to list the S3 buckets.
B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
C. The EC2 instance will be able to perform all actions on any S3 bucket.
D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Show / Hide Answer

---

Question # 83

A company created an application to consume and process data. The application uses Amazon SQS and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly. The company needs to clear these messages to prevent the queue from becoming blocked. A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis. What is the MOST operationally efficient solution that meets these requirements?

A. Configure Amazon CloudWatch Logs to save the error messages to a separate log stream. 
B. Create a new SQS queue. Set the new queue as a dead-letter queue for the application queue. Configure the Maximum Receives setting. 
C. Change the SQS queue to a FIFO queue. Configure the message retention period to 0 seconds. 
D. Configure an Amazon CloudWatch alarm for Lambda function errors. Publish messages to an Amazon SNS topic to notify administrator users. 

Show / Hide Answer

---

Question # 84

A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated. Which solution will meet these requirements?

A. Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically. 
B. Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials. 
C. Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters. 
D. Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter. 

Show / Hide Answer

---

Question # 85

A company stores customer credit reports in an Amazon S3 bucket. An analytics service uses standard Amazon S3 GET requests to access the reports. A developer must implement a solution to redact personally identifiable information (PII) from the reports before the reports reach the analytics service.

A. Load the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift. 
B. Set up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API. 
C. Use AWS Key Management Service (AWS KMS) to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms permission to the analytics service. 
D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic. 

Show / Hide Answer

---

Question # 86

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer. The application uses Amazon DynamoDB as its database. The company wants to ensure high performance for reads and writes. Which solution will meet these requirements MOST cost-effectively?

A. Configure auto-scaling for the DynamoDB table with a target utilization of 70%. Set the minimum and maximum capacity units based on the expected workload. 
B. Use DynamoDB on-demand capacity mode for the table. Specify a maximum throughput higher than the expected peak read and write capacity units. 
C. Use DynamoDB provisioned throughput mode for the table. Create an Amazon CloudWatch alarm on the ThrottledRequests metric. Invoke an AWS Lambda function to increase provisioned capacity. 
D. Create an Amazon DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX endpoint. 

Show / Hide Answer

---

Question # 87

A company runs an ecommerce application on AWS. The application stores data in an Amazon Aurora database. A developer is adding a caching layer to the application. The caching strategy must ensure that the application always uses the most recent value for each data item. Which caching strategy will meet these requirements?

A. Implement a TTL strategy for every item that is saved in the cache.
B. Implement a write-through strategy for every item that is created and updated.
C. Implement a lazy loading strategy for every item that is loaded.
D. Implement a read-through strategy for every item that is loaded.

Show / Hide Answer

---

Question # 88

A developer is building an ecommerce application that uses multiple AWS Lambda functions. Each function performs a specific step in a customer order workflow, such as order processing and inventory management. The developer must ensure that the Lambda functions run in a specific order. Which solution will meet this requirement with the LEAST operational overhead?

A. Configure an Amazon Simple Queue Service (Amazon SQS) queue to contain messages about each step a function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue. 
B. Configure an Amazon Simple Notification Service (Amazon SNS) topic to contain notifications about each step a function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step each function must perform. 
C. Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order. 
D. Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order. 

Show / Hide Answer

---

Question # 89

A developer is designing an event-driven architecture. An AWS Lambda function that processes data needs to push processed data to a subset of four consumer Lambda functions. The data must be routed based on the value of one field in the data. Which solution will meet these requirements with the LEAST operational overhead?

A. Create an Amazon Simple Queue Service {Amazon SQS) queue and even! source mapping for each consumer Lambda function. Add message routing logic to the dataprocessing Lambda function. 
B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add message filtering logic to each consumer Lambda function. Subscribe the data-processing Lambda function to the SNS topic. 
C. Create a separate Amazon Simple Notification Service (Amazon SNS) topic and subscription for each consumer Lambda function. Add message routing logic to the dataprocessing Lambda function to publish to the appropriate topic. 
D. Create a single Amazon Simple Notification Service {Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add SNS subscription filter policies to each subscription. Configure the data-processing Lambda function to publish to the topic. 

Show / Hide Answer

---

Question # 90

A company has implemented a pipeline in AWS CodePipeline. The company Is using a single AWS account and does not use AWS Organizations. The company needs to test its AWS CloudFormation templates in its primary AWS Region and a disaster recovery Region. Which solution will meet these requirements with the MOST operational efficiency?

A. In the CodePipeline pipeline, implement an AWS CodeDeploy action for each Region to deploy and test the Cloud Formation templates. Update CodePipeline and AWS CodeBuild with appropriate permissions. 
B. Configure CodePipeline to deploy and test the Cloud Formation templates. Use CloudFormation StackSets to start deployment across both Regions. 
C. Configure CodePipeline to invoke AWS CodeBuild to deploy and test the CloudFormation templates in each Region. Update CodeBuild and CloudFormation with appropriate permissions. 
D. Use the Snyk action in CodePipeline to deploy and test the CloudFormation templates in each Region. 

Show / Hide Answer

---

Question # 91

A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application. Which solution meets these requirements?

A. Add the permissions to an 1AM policy. Attach the policy to a role. Attach the role to the EC2 instance profile. 
B. Add the permissions inline to an 1AM group. Attach the group to the EC2 instance profile. 
C. Add the permissions to an 1AM policy. Attach the policy to a user. Attach the user to the EC2 instance profile. 
D. Add the permissions to an 1AM policy. Use 1AM web identity federation to access the S3 bucket with the policy. 

Show / Hide Answer

---

Question # 92

A company has an ecommerce application. To track product reviews, the company's development team uses an Amazon DynamoDB table. Every record includes the following • A Review ID a 16-digrt universally unique identifier (UUID) • A Product ID and User ID 16 digit UUlDs that reference other tables • A Product Rating on a scale of 1-5 • An optional comment from the user The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product. Which index will provide the FASTEST response for this query"?

A. A global secondary index (GSl) with Product ID as the partition key and Product Rating as the sort key 
B. A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort key 
C. A local secondary index (LSI) with Product ID as the partition key and Product Rating as the sort key 
D. A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key 

Show / Hide Answer

---

Question # 93

A developer is making changes to a custom application that uses AWS Elastic Beanstalk. Which solutions will update the Elastic Beanstalk environment with the new application version after the developer completes the changes? (Select TWO.)

A. Package the application code into a .zip file. Use the AWS Management Console to upload the .zip file and deploy the packaged application. 
B. Package the application code into a .tar file. Use the AWS Management Console to create a new application version from the .tar file. Update the environment by using the AWS CLI. 
C. Package the application code into a .tar file. Use the AWS Management Console to upload the .tar file and deploy the packaged application. 
D. Package the application code into a .zip file. Use the AWS CLI to create a new application version from the .zip file and to update the environment. 
E. Package the application code into a .zip file. Use the AWS Management Console to create a new application version from the .zip file. Rebuild the environment by using the AWS CLI. 

Show / Hide Answer

---

Question # 94

A developer is building an application to process a stream of customer orders. The application sends processed orders to an Amazon Aurora MySQL database. The application needs to process the orders in batches. The developer needs to configure a workflow that ensures each record is processed before the application sends each order to the database. Options:

A. Use Amazon Kinesis Data Streams to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 300. 
B. Use Amazon SQS to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 0. 
C. Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to stream the orders. Use an Amazon EC2 instance to process the orders. Configure an event source mapping for the EC2 instance, and increase the payload size limit to 36 MB. 
D. Use Amazon DynamoDB Streams to stream the orders. Use an Amazon ECS cluster on AWS Fargate to process the orders. Configure an event source mapping for the cluster, and set the BatchSize setting to 1. 

Show / Hide Answer

---

Question # 95

A company offers a business-to-business software service that runs on dedicated infrastructure deployed in each customer's AWS account. Before a feature release, the company needs to run integration tests on real AWS test infrastructure. The test infrastructure consists of Amazon EC2 instances and an Amazon RDS database. A developer must set up a continuous delivery process that will provision the test infrastructure across the different AWS accounts. The developer then must run the integration tests. Which solution will meet these requirements with the LEAST administrative effort?

A. Use AWS CodeDeploy with AWS CloudFormation StackSets to deploy the infrastructure. Use Amazon CodeGuru to run the tests. 
B. Use AWS CodePipeline with AWS CloudFormation StackSets to deploy the infrastructure. Use AWS CodeBuild to run the tests. 
C. Use AWS CodePipeline with AWS CloudFormation change sets to deploy the infrastructure. Use a CloudFormation custom resource to run the tests. 
D. Use AWS Serverless Application Model (AWS SAM) templates with AWS CloudFormation change sets to deploy the infrastructure. Use AWS CodeDeploy to run the tests. 

Show / Hide Answer

---

Question # 96

A developer is using an AWS CloudFormation template to create a pipeline in AWS CodePipeline. The template creates an Amazon S3 bucket that the pipeline references in a source stage. The template also creates an AWS CodeBuild project for a build stage. The pipeline sends notifications to an Amazon SNS topic. Logs for the CodeBuild project are stored in Amazon CloudWatch Logs. The company needs to ensure that the pipeline's artifacts are encrypted with an existing customer-managed AWS KMS key. The developer has granted the pipeline permissions to use the KMS key. Which additional step will meet these requirements?

A. Create an Amazon S3 gateway endpoint that the pipeline can access. 
B. In the CloudFormation template, use the KMS key to encrypt the logs in CloudWatch Logs. 
C. Apply an S3 bucket policy that ensures the pipeline sends only encrypted objects to the S3 bucket. 
D. Configure the notification topic to use the existing KMS key to enable encryption with the existing KMS key. 

Show / Hide Answer

---

Question # 97

A development learn has an Amazon API Gateway REST API that is backed by an AWS Lambda function. Users have reported performance issues for the Lambda function. The development team identified the source of the issues as a cold start of the Lambda function. The development team needs to reduce the time needed for the Lambda function to initialize. Which solution will meet this requirement?

A. Change the Lambda concurrency lo reserved concurrency.
B. Increase the timeout of the Lambda function.
C. Increase the memory allocation of the Lambda function.
D. Configure provisioned concurrency for the Lambda function.

Show / Hide Answer

---

Question # 98

A company hosts a stateless web application with low data storage in a single AWS Region. The company wants to increase the resiliency of the application to include a multi- Region presence. The company wants to set the recovery time objective (RTO) and recovery point objective (RPO) to hours. The company needs a low-cost and low- complexity disaster recovery (DR) strategy. Which DR strategy should the company use?

A. Warm standby
B. Pilot light
C. Backup and restore
D. Multi-site active-active

Show / Hide Answer

---

Question # 99

A company uses an AWS Lambda function to transfer files from an Amazon S3 bucket to the company's SFTP server. The Lambda function connects to the SFTP server by using credentials such as username and password. The company uses Lambda environment variables to store these credentials. A developer needs to implement encrypted username and password credentials. Which solution will meet these requirements?

A. Remove the user credentials from the Lambda environment. Implement 1AM database authentication. 
B. Move the user credentials from Lambda environment variables to AWS Systems Manager Parameter Store. 
C. Move the user credentials from Lambda environment variables to AWS Key Management Service (AWS KMS). 
D. Move the user credentials from the Lambda environment to an encrypted .txt file. Store the file in an S3 bucket. 

Show / Hide Answer

---

Question # 100

A large company has its application components distributed across multiple AWS accounts. The company needs to collect and visualize trace data across these accounts. What should be used to meet these requirements?

A. AWS X-Ray
B. Amazon CloudWatch
C. Amazon VPC flow logs
D. Amazon OpenSearch Service

Show / Hide Answer

---

Question # 101

A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS. Which approach should the company take to allow the application to interact with Amazon S3?

A. Create an 1AM role that has administrative access to AWS. Attach the role to the EC2 instance. 
B. Create an 1AM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3. 
C. Create an 1AM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance. 
D. Create an 1AM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3. 

Show / Hide Answer

---

Question # 102

A developer is building an application on AWS. The application has an Amazon API Gateway API that sends requests to an AWS Lambda function. The API is experiencing increased latency because the Lambda function has limited available CPU to fulfill the requests. Before the developer deploys the API into production, the developer must configure the Lambda function to have more CPU. Which solution will meet this requirement?

A. Increase the virtual CPU (vCPU) cores quota of the Lambda function.
B. Increase the amount of memory that is allocated to the Lambda function.
C. Increase the ephemeral storage size of the Lambda function.
D. Increase the timeout value of the Lambda function.

Show / Hide Answer

---

Question # 103

A company deploys a new application to AWS. The company is streaming application logs to Amazon CloudWatch Logs. The company's development team must receive notification by email when the word "ERROR" appears in any log lines. A developer sets up an Amazon SNS topic and subscribes the development team to the topic. What should the developer do next to meet the requirements?

A. Select the appropriate log group. Create a CloudWatch metric filter with "ERROR" as the search term. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher. 
B. In CloudWatch Logs Insights, select the appropriate log group. Create a metric query to search for the term "ERROR" in the logs. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher. 
C. Select the appropriate log group. Create an SNS subscription filter with "ERROR" as the filter pattern. Select the SNS topic as the destination. 
D. Create a CloudWatch alarm that includes "ERROR" as a filter pattern, a log group dimension that defines the appropriate log group, and a destination that notifies the SNS topic. 

Show / Hide Answer

---

Amazon DVA-C02 Frequently Asked Questions