Are you tired of looking for a source that'll keep you updated on the AWS Certified Developer - Associate Exam? Plus, has a collection of affordable, high-quality, and incredibly easy Amazon DVA-C02 Practice Questions? Well then, you are in luck because Salesforcexamdumps.com just updated them! Get Ready to become a AWS Certified Associate Certified.
|
|||
Test Engine |
|
||
PDF + Test Engine |
|
Here are Amazon DVA-C02 PDF available features:
292 questions with answers | Updation Date : 25 Nov, 2024 |
1 day study required to pass exam | 100% Passing Assurance |
100% Money Back Guarantee | Free 3 Months Updates |
Students Passed
Average Marks
Questions From Dumps
Total Happy Clients
Amazon DVA-C02 is a necessary certification exam to get certified. The certification is a reward to the deserving candidate with perfect results. The AWS Certified Associate Certification validates a candidate's expertise to work with Amazon. In this fast-paced world, a certification is the quickest way to gain your employer's approval. Try your luck in passing the AWS Certified Developer - Associate Exam and becoming a certified professional today. Salesforcexamdumps.com is always eager to extend a helping hand by providing approved and accepted Amazon DVA-C02 Practice Questions. Passing AWS Certified Developer - Associate will be your ticket to a better future!
Contrary to the belief that certification exams are generally hard to get through, passing AWS Certified Developer - Associate is incredibly easy. Provided you have access to a reliable resource such as Salesforcexamdumps.com Amazon DVA-C02 PDF. We have been in this business long enough to understand where most of the resources went wrong. Passing Amazon AWS Certified Associate certification is all about having the right information. Hence, we filled our Amazon DVA-C02 Dumps with all the necessary data you need to pass. These carefully curated sets of AWS Certified Developer - Associate Practice Questions target the most repeated exam questions. So, you know they are essential and can ensure passing results. Stop wasting your time waiting around and order your set of Amazon DVA-C02 Braindumps now!
We aim to provide all AWS Certified Associate certification exam candidates with the best resources at minimum rates. You can check out our free demo before pressing down the download to ensure Amazon DVA-C02 Practice Questions are what you wanted. And do not forget about the discount. We always provide our customers with a little extra.
Unlike other websites, Salesforcexamdumps.com prioritize the benefits of the AWS Certified Developer - Associate candidates. Not every Amazon exam candidate has full-time access to the internet. Plus, it's hard to sit in front of computer screens for too many hours. Are you also one of them? We understand that's why we are here with the AWS Certified Associate solutions. Amazon DVA-C02 Question Answers offers two different formats PDF and Online Test Engine. One is for customers who like online platforms for real-like Exam stimulation. The other is for ones who prefer keeping their material close at hand. Moreover, you can download or print Amazon DVA-C02 Dumps with ease.
If you still have some queries, our team of experts is 24/7 in service to answer your questions. Just leave us a quick message in the chat-box below or email at [email protected].
A company has an application that runs across multiple AWS Regions. The application is experiencing performance issues at irregular intervals. A developer must use AWS X-Ray to implement distributed tracing for the application to troubleshoot the root cause of the performance issues. What should the developer do to meet this requirement?
A. Use the X-Ray console to add annotations for AWS services and user-defined services
B. Use Region annotation that X-Ray adds automatically for AWS services Add Regionannotation for user-defined services
C. Use the X-Ray daemon to add annotations for AWS services and user-defined services
D. Use Region annotation that X-Ray adds automatically for user-defined servicesConfigure X-Ray to add Region annotation for AWS services
A company is using AWS CloudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application. What is the MOST operationally efficient solution that meets these requirements'?
A. Use an AWS Lambda function as a CloudFormation custom resource to generate androtate the password.
B. Use an AWS Systems Manager Parameter Store resource with the SecureString datatype to generate and rotate the password.
C. Use a cron daemon on the application s host to generate and rotate the password.
D. Use an AWS Secrets Manager resource to generate and rotate the password.
A developer is designing a serverless application for a game in which users register and log in through a web browser The application makes requests on behalf of users to a set of AWS Lambda functions that run behind an Amazon API Gateway HTTP API The developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities. Which solution will meet these requirements'?
A. Create Amazon Cognito user pools for external social identity providers Configure 1AMroles for the identity pools.
B. Program the sign-in page to create users' 1AM groups with the 1AM roles attached tothe groups
C. Create an Amazon RDS for SQL Server DB instance to store the users and manage thepermissions to the backend resources in AWS
D. Configure the sign-in page to register and store the users and their passwords in anAmazon DynamoDB table with an attached IAM policy.
A developer needs to build an AWS CloudFormation template that self-populates the AWS Region variable that deploys the CloudFormation template What is the MOST operationally efficient way to determine the Region in which the template is being deployed?
A. Use the AWS:.Region pseudo parameter
B. Require the Region as a CloudFormation parameter
C. Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic function
D. Dynamically import the Region by referencing the relevant parameter in AWS SystemsManager Parameter Store
An Amazon Simple Queue Service (Amazon SQS) queue serves as an event source for an AWS Lambda function In the SQS queue, each item corresponds to a video file that the Lambda function must convert to a smaller resolution The Lambda function is timing out on longer video files, but the Lambda function's timeout is already configured to its maximum value What should a developer do to avoid the timeouts without additional code changes'?
A. Increase the memory configuration of the Lambda function
B. Increase the visibility timeout on the SQS queue
C. Increase the instance size of the host that runs the Lambda function.
D. Use multi-threading for the conversion.
A company needs to deploy all its cloud resources by using AWS CloudFormation templates A developer must create an Amazon Simple Notification Service (Amazon SNS) automatic notification to help enforce this rule. The developer creates an SNS topic and subscribes the email address of the company's security team to the SNS topic. The security team must receive a notification immediately if an 1AM role is created without the use of CloudFormation. Which solution will meet this requirement?
A. Create an AWS Lambda function to filter events from CloudTrail if a role was createdwithout CloudFormation Configure the Lambda function to publish to the SNS topic. Createan Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
B. Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) tofilter events from CloudTrail if a role was created without CloudFormation Configure theFargate task to publish to the SNS topic Create an Amazon EventBridge schedule to runthe Fargate task every 15 minutes
C. Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail ifa role was created without CloudFormation. Configure the script to publish to the SNStopic. Create a cron job to run the script on the EC2 instance every 15 minutes.
D. Create an Amazon EventBridge rule to filter events from CloudTrail if a role was createdwithout CloudFormation Specify the SNS topic as the target of the EventBridge rule.
A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket. Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)
A. Create an EC2 instance profile and role with an appropriate policy Associate the rolewith the EC2 instances
B. Create an 1AM user with an appropriate policy. Store the access key ID and secretaccess key on the EC2 instances
C. Modify the application to use the S3 GeneratePresignedUrl API call
D. Modify the application to use the S3 GetObject API call and to return the object handleto the user
E. Modify the application to delegate requests to the S3 bucket.
A company runs a payment application on Amazon EC2 instances behind an Application Load Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at rest and need to be rotated every month. Which solution will meet these requirements with the LEAST development effort?
A. Save the secrets in a text file and store the text file in Amazon S3 Provision a customermanaged key Use the key for secret encryption in Amazon S3 Read the contents of thetext file and read the export as environment variables Configure S3 Object Lambda torotate the text file every month
B. Save the secrets as strings in AWS Systems Manager Parameter Store and use thedefault AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 userdata script to retrieve the secrets during the startup and export as environment variablesConfigure an AWS Lambda function to rotate the secrets in Parameter Store every month.
C. Save the secrets as base64 encoded environment variables in the applicationproperties. Retrieve the secrets during the application startup. Reference the secrets in theapplication code. Write a script to rotate the secrets saved as environment variables.
D. Store the secrets in AWS Secrets Manager Provision a new customer master key Usethe key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 userdata script to programmatically retrieve the secrets during the startup and export asenvironment variables
A developer is creating a simple proof-of-concept demo by using AWS CloudFormation and AWS Lambda functions The demo will use a CloudFormation template to deploy an existing Lambda function The Lambda function uses deployment packages and dependencies stored in Amazon S3 The developer defined anAWS Lambda Function resource in a CloudFormation template. The developer needs to add the S3 bucket to the CloudFormation template. What should the developer do to meet these requirements with the LEAST development effort?
A. Add the function code in the CloudFormation template inline as the code property
B. Add the function code in the CloudFormation template as the ZipFile property.
C. Find the S3 key for the Lambda function Add the S3 key as the ZipFile property in theCloudFormation template.
D. Add the relevant key and bucket to the S3Bucket and S3Key properties in theCloudFormation template
A company has a web application that is hosted on Amazon EC2 instances The EC2 instances are configured to stream logs to Amazon CloudWatch Logs The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification when the number of application error messages exceeds a defined threshold within a 5-minute period Which solution will meet these requirements?
A. Rewrite the application code to stream application logs to Amazon SNS Configure anSNS topic to send a notification when the number of errors exceeds the defined thresholdwithin a 5-minute period
B. Configure a subscription filter on the CloudWatch Logs log group. Configure the filter tosend an SNS notification when the number of errors exceeds the defined threshold within a5-minute period.
C. Install and configure the Amazon Inspector agent on the EC2 instances to monitor forerrors Configure Amazon Inspector to send an SNS notification when the number of errorsexceeds the defined threshold within a 5-minute period
D. Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to sendan SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.
A developer designed an application on an Amazon EC2 instance The application makes API requests to objects in an Amazon S3 bucket Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Select TWO.)
A. Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AMgroup
B. Create an IAM role that has permissions to the S3 bucket
C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
D. Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AMgroup
E. Store the credentials of the IAM user in the environment variables on the EC2 instance
A developer is using AWS Step Functions to automate a workflow The workflow defines each step as an AWS Lambda function task The developer notices that runs of the Step Functions state machine fail in the GetResource task with either an UlegalArgumentException error or a TooManyRequestsException error The developer wants the state machine to stop running when the state machine encounters an UlegalArgumentException error. The state machine needs to retry the GetResource task one additional time after 10 seconds if the state machine encounters a TooManyRequestsException error. If the second attempt fails, the developer wants the state machine to stop running. How can the developer implement the Lambda retry functionality without adding unnecessary complexity to the state machine'?
A. Add a Delay task after the GetResource task. Add a catcher to the GetResource task.Configure the catcher with an error type of TooManyRequestsException. Configure thenext step to be the Delay task Configure the Delay task to wait for an interval of 10 secondsConfigure the next step to be the GetResource task.
B. Add a catcher to the GetResource task Configure the catcher with an error type ofTooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of1. Configure the next step to be the GetResource task.
C. Add a retrier to the GetResource task Configure the retrier with an error type ofTooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of1.
D. Duplicate the GetResource task Rename the new GetResource task to TryAgain Add acatcher to the original GetResource task Configure the catcher with an error type ofTooManyRequestsException. Configure the next step to be TryAgain.
A developer creates a static website for their department The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket The developer notices users can access the root URL and specific pages but cannot access directories without specifying a file name. For example, /products/index.html works, but /products returns an error The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly. Which solution will meet these requirements'?
A. Update the CloudFront distribution's settings to index.html as the default root object isset
B. Update the Amazon S3 bucket settings and enable static website hosting. Specify indexhtml as the Index document Update the S3 bucket policy to enable access. Update theCloudFront distribution's origin to use the S3 website endpoint
C. Create a CloudFront function that examines the request URL and appends index.htmlwhen directories are being accessed Add the function as a viewer request CloudFrontfunction to the CloudFront distribution's behavior.
D. Create a custom error response on the CloudFront distribution with the HTTP error codeset to the HTTP 404 Not Found response code and the response page path to /index htmlSet the HTTP response code to the HTTP 200 OK response code
A company has an existing application that has hardcoded database credentials A developer needs to modify the existing application The application is deployed in two AWS Regions with an active-passive failover configuration to meet company’s disaster recovery strategy The developer needs a solution to store the credentials outside the code. The solution must comply With the company's disaster recovery strategy Which solution Will meet these requirements in the MOST secure way?
A. Store the credentials in AWS Secrets Manager in the primary Region. Enable secretreplication to the secondary Region Update the application to use the Amazon ResourceName (ARN) based on the Region.
B. Store credentials in AWS Systems Manager Parameter Store in the primary Region.Enable parameter replication to the secondary Region. Update the application to use theAmazon Resource Name (ARN) based on the Region.
C. Store credentials in a config file. Upload the config file to an S3 bucket in me primaryRegion. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region.Update the application to access the config file from the S3 bucket based on the Region.
D. Store credentials in a config file. Upload the config file to an Amazon Elastic File System(Amazon EFS) file system. Update the application to use the Amazon EFS file systemRegional endpoints to access the config file in the primary and secondary Regions.
A developer must use multi-factor authentication (MFA) to access data in an Amazon S3 bucket that is in another AWS account. Which AWS Security Token Service (AWS STS)API operation should the developer use with the MFA information to meet this requirement?
A. AssumeRoleWithWebidentity
B. GetFederationToken
C. AssumeRoleWithSAML
D. AssumeRole
A developer is working on an ecommerce platform that communicates with several thirdparty payment processing APIs The third-party payment services do not provide a test environment. The developer needs to validate the ecommerce platform's integration with the third-party payment processing APIs. The developer must test the API integration code without invoking the third-party payment processing APIs. Which solution will meet these requirements'?
A. Set up an Amazon API Gateway REST API with a gateway response configured forstatus code 200 Add response templates that contain sample responses captured from thereal third-party API.
B. Set up an AWS AppSync GraphQL API with a data source configured for each thirdpartyAPI Specify an integration type of Mock Configure integration responses by usingsample responses captured from the real third-party API.
C. Create an AWS Lambda function for each third-party API. Embed responses capturedfrom the real third-party API. Configure Amazon Route 53 Resolver with an inboundendpoint for each Lambda function's Amazon Resource Name (ARN).
D. Set up an Amazon API Gateway REST API for each third-party API Specify anintegration request type of Mock Configure integration responses by using sampleresponses captured from the real third-party API
An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?
A. Attach the existing 1AM policy to the Lambda function.
B. Create an 1AM role for the Lambda function Attach the existing 1AM policy to the roleAttach the role to the Lambda function
C. Create an 1AM user with programmatic access Attach the existing 1AM policy to theuser. Add the user access key ID and secret access key as environment variables in theLambda function.
D. Add the AWS account root user access key ID and secret access key as encryptedenvironment variables in the Lambda function
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts. What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?
A. Create four access points that allow access to the central S3 bucket. Assign an accesspoint to each web application bucket.
B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucketpolicy to the central S3 bucket.
C. Create a cross-origin resource sharing (CORS) configuration that allows access to thecentral S3 bucket. Add the CORS configuration to the central S3 bucket.
D. Create a Content-MD5 header that provides a message integrity check for the centralS3 bucket. Insert the Content-MD5 header for each web application request.
A company runs an application on AWS The application stores data in an Amazon DynamoDB table Some queries are taking a long time to run These slow queries involve an attribute that is not the table's partition key or sort key The amount of data that the application stores in the DynamoDB table is expected to increase significantly. A developer must increase the performance of the queries. Which solution will meet these requirements'?
A. Increase the page size for each request by setting the Limit parameter to be higher thanthe default value Configure the application to retry any request that exceeds theprovisioned throughput.
B. Create a global secondary index (GSI). Set query attribute to be the partition key of theindex
C. Perform a parallel scan operation by issuing individual scan requests in the parametersspecify the segment for the scan requests and the total number of segments for the parallelscan.
D. Turn on read capacity auto scaling for the DynamoDB table. Increase the maximumread capacity units (RCUs).
A developer is creating an AWS Lambda function that searches for items from an Amazon DynamoDB table that contains customer contact information- The DynamoDB table items have the customer's email_address as the partition key and additional properties such as customer_type, name, and job_tltle. The Lambda function runs whenever a user types a new character into the customer_type text input The developer wants the search to return partial matches of all the email_address property of a particular customer_type The developer does not want to recreate the DynamoDB table. What should the developer do to meet these requirements?
A. Add a global secondary index (GSI) to the DynamoDB table with customer_type as thepartition key and email_address as the sort key Perform a query operation on the GSI byusing the begvns_wth key condition expression With the email_address property
B. Add a global secondary index (GSI) to the DynamoDB table With ernail_address as thepartition key and customer_type as the sort key Perform a query operation on the GSI byusing the begins_wtth key condition expression With the email_address property.
C. Add a local secondary index (LSI) to the DynamoDB table With customer_type as thepartition key and email_address as the sort key Perform a query operation on the LSI byusing the begins_wlth key condition expression With the email_address property
D. Add a local secondary Index (LSI) to the DynamoDB table With job_tltle as the partitionkey and emad_address as the sort key Perform a query operation on the LSI by using thebegins_wrth key condition expression With the email_address property
A company is creating an application that processes csv files from Amazon S3 A developer has created an S3 bucket The developer has also created an AWS Lambda function to process the csv files from the S3 bucket Which combination of steps will invoke the Lambda function when a csv file is uploaded to Amazon S3? (Select TWO.)
A. Create an Amazon EventBridge rule Configure the rule with a pattern to match the S3object created event
B. Schedule an Amazon EventBridge rule to run a new Lambda function to scan the S3bucket.
C. Add a trigger to the existing Lambda function. Set the trigger type to EventBridge Selectthe Amazon EventBridge rule.
D. Create a new Lambda function to scan the S3 bucket for recently added S3 objects
E. Add S3 Lifecycle rules to invoke the existing Lambda function
A developer is creating a service that uses an Amazon S3 bucket for image uploads. The service will use an AWS Lambda function to create a thumbnail of each image Each time an image is uploaded the service needs to send an email notification and create the thumbnail The developer needs to configure the image processing and email notifications setup. Which solution will meet these requirements?
A. Create an Amazon Simple Notification Service (Amazon SNS) topic Configure S3 eventnotifications with a destination of the SNS topic Subscribe the Lambda function to the SNStopic Create an email notification subscription to the SNS topic
B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure S3 eventnotifications with a destination of the SNS topic. Subscribe the Lambda function to the SNStopic. Create an Amazon Simple Queue Service (Amazon SQS) queue Subscribe the SQSqueue to the SNS topic Create an email notification subscription to the SQS queue.
C. Create an Amazon Simple Queue Service (Amazon SQS) queue Configure S3 eventnotifications with a destination of the SQS queue Subscribe the Lambda function to theSQS queue Create an email notification subscription to the SQS queue.
D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Send S3 eventnotifications to Amazon EventBridge. Create an EventBndge rule that runs the Lambdafunction when images are uploaded to the S3 bucket Create an EventBridge rule thatsends notifications to the SQS queue Create an email notification subscription to the SQSqueue
A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI) The company uses AWS CloudFormation to provision the application The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational overhead Which solution meets these requirements?
A. Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWSAMI. Relaunch the stack for both Regions.
B. Copy the custom AMI from us-east-1 to us-west-1. Update the AWS CloudFormationtemplate for us-west-1 to refer to AMI ID for the copied AMI Relaunch the stack
C. Build the custom AMI in us-west-1 Create a new AWS CloudFormation template tolaunch the stack in us-west-1 with the new AMI ID
D. Manually deploy the application outside AWS CloudFormation in us-west-1.
A company built an online event platform For each event the company organizes quizzes and generates leaderboards that are based on the quiz scores. The company stores the leaderboard data in Amazon DynamoDB and retains the data for 30 days after an event is complete The company then uses a scheduled job to delete the old leaderboard data The DynamoDB table is configured with a fixed write capacity. During the months when many events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs. A developer must create a long-term solution that deletes the old leaderboard data and optimizes write throughput Which solution meets these requirements?
A. Configure a TTL attribute for the leaderboard data
B. Use DynamoDB Streams to schedule and delete the leaderboard data
C. Use AWS Step Functions to schedule and delete the leaderboard data.
D. Set a higher write capacity when the scheduled delete job runs
A company has an analytics application that uses an AWS Lambda function to process transaction data asynchronously A developer notices that asynchronous invocations of the Lambda function sometimes fail When failed Lambda function invocations occur, the developer wants to invoke a second Lambda function to handle errors and log details. Which solution will meet these requirements?
A. Configure a Lambda function destination with a failure condition Specify Lambdafunction as the destination type Specify the error-handling Lambda function's AmazonResource Name (ARN) as the resource
B. Enable AWS X-Ray active tracing on the initial Lambda function. Configure X-Ray tocapture stack traces of the failed invocations. Invoke the error-handling Lambda function byincluding the stack traces in the event object.
C. Configure a Lambda function trigger with a failure condition Specify Lambda function asthe destination type Specify the error-handling Lambda function's Amazon Resource Name(ARN) as the resource
D. Create a status check alarm on the initial Lambda function. Configure the alarm toinvoke the error-handling Lambda function when the alarm is initiated. Ensure that thealarm passes the stack trace in the event object.
A company's developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack. Which solution will meet these requirements with the LEAST development effort?
A. Modify the CloudFormation stack to set the deletion policy to Retain for the ParameterStore parameters.
B. Create an Amazon DynamoDB table as a resource in the CloudFormation stack to holdconfiguration data for the application Migrate the parameters that the application ismodifying from Parameter Store to the DynamoDB table
C. Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Createa table in the database for parameter configuration. Migrate the parameters that theapplication is modifying from Parameter Store to the configuration table
D. Modify the CloudFormation stack policy to deny updates on Parameter Storeparameters
A developer created an AWS Lambda function that performs a series of operations that involve multiple AWS services. The function's duration time is higher than normal. To determine the cause of the issue, the developer must investigate traffic between the services without changing the function code Which solution will meet these requirements?
A. Enable AWS X-Ray active tracing in the Lambda function Review the logs in X-Ray
B. Configure AWS CloudTrail View the trail logs that are associated with the Lambdafunction.
C. Review the AWS Config logs in Amazon Cloud Watch.
D. Review the Amazon CloudWatch logs that are associated with the Lambda function.
A developer is working on a web application that uses Amazon DynamoDB as its data store The application has two DynamoDB tables one table that is named artists and one table that is named songs The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance. Which solution will meet these requirements'?
A. Perform a BatchGetltem operation that returns items from the two tables. Use the list ofsongName artistName keys for the songs table and the list of artistName key for the artiststable.
B. Create a local secondary index (LSI) on the songs table that uses artistName as thepartition key Perform a query operation for each artistName on the songs table that filtersby the list of songName Perform a query operation for each artistName on the artists table
C. Perform a BatchGetltem operation on the songs table that uses thesongName/artistName keys. Perform a BatchGetltem operation on the artists table thatuses artistName as the key.
D. Perform a Scan operation on each table that filters by the list of songName/artistNamefor the songs table and the list of artistName in the artists table.
A developer uses AWS CloudFormation to deploy an Amazon API Gateway API and an AWS Step Functions state machine The state machine must reference the API Gateway API after the CloudFormation template is deployed The developer needs a solution that uses the state machine to reference the API Gateway endpoint. Which solution will meet these requirements MOST cost-effectively?
A. Configure the CloudFormation template to reference the API endpoint in theDefinitionSubstitutions property for the AWS StepFunctions StateMachme resource.
B. Configure the CloudFormation template to store the API endpoint in an environmentvariable for the AWS::StepFunctions::StateMachine resourc Configure the state machine toreference the environment variable
C. Configure the CloudFormation template to store the API endpoint in a standard AWS:SecretsManager Secret resource Configure the state machine to reference the resource
D. Configure the CloudFormation template to store the API endpoint in a standardAWS::AppConfig;:ConfigurationProfile resource Configure the state machine to referencethe resource.
A developer deployed an application to an Amazon EC2 instance The application needs to know the public IPv4 address of the instance How can the application find this information?
A. Query the instance metadata from http./M69.254.169.254. latestmeta-data/.
B. Query the instance user data from http '169 254.169 254. latest/user-data/
C. Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/meta-data/ami/.
D. Check the hosts file of the operating system
A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing and production A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints. Which solution will meet this requirement?
A. Store the third-party service endpoints in Lambda layers that correspond to the stage
B. Store the third-party service endpoints in API Gateway stage variables that correspondto the stage
C. Encode the third-party service endpoints as query parameters in the API Gatewayrequest URL.
D. Store the third-party service endpoint for each environment in AWS AppConfig
A developer is creating an AWS Lambda function in VPC mode An Amazon S3 event will invoke the Lambda function when an object is uploaded into an S3 bucket The Lambda function will process the object and produce some analytic results that will be recorded into a file Each processed object will also generate a log entry that will be recorded into a file. Other Lambda functions. AWS services, and on-premises resources must have access to the result files and log file. Each log entry must also be appended to the same shared log file. The developer needs a solution that can share files and append results into an existing file. Which solution should the developer use to meet these requirements?
A. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS filesystem in Lambda. Store the result files and log file in the mount point. Append the logentries to the log file.
B. Create an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled volumeAttach the EBS volume to all Lambda functions. Update the Lambda function code to download the log file, append the log entries, and upload the modified log file to AmazonEBS
C. Create a reference to the /tmp local directory. Store the result files and log file by usingthe directory reference. Append the log entry to the log file.
D. Create a reference to the /opt storage directory Store the result files and log file by usingthe directory reference Append the log entry to the log file
A company has built an AWS Lambda function to convert large image files into output files that can be used in a third-party viewer application The company recently added a new module to the function to improve the output of the generated files However, the new module has increased the bundle size and has increased the time that is needed to deploy changes to the function code. How can a developer increase the speed of the Lambda function deployment?
A. Use AWS CodeDeploy to deploy the function code
B. Use Lambda layers to package and load dependencies.
C. Increase the memory size of the function.
D. Use Amazon S3 to host the function dependencies
A developer is creating an Amazon DynamoDB table by using the AWS CLI The DynamoDB table must use server-side encryption with an AWS owned encryption key How should the developer create the DynamoDB table to meet these requirements?
A. Create an AWS Key Management Service (AWS KMS) customer managed key. Providethe key's Amazon Resource Name (ARN) in the KMSMasterKeyld parameter duringcreation of the DynamoDB table
B. Create an AWS Key Management Service (AWS KMS) AWS managed key Provide thekey's Amazon Resource Name (ARN) in the KMSMasterKeyld parameter during creation ofthe DynamoDB table
C. Create an AWS owned key Provide the key's Amazon Resource Name (ARN) in theKMSMasterKeyld parameter during creation of the DynamoDB table.
D. Create the DynamoDB table with the default encryption options
A developer is working on an ecommerce website The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available How can the developer update the application to meet these requirements with MINIMUM changes?
A. Rewrite the application to be cloud native and to run on AWS Lambda, where the logscan be reviewed in Amazon CloudWatch
B. Set up centralized logging by using Amazon OpenSearch Service, Logstash, andOpenSearch Dashboards
C. Scale down the application to one larger EC2 instance where only one instance isrecording logs
D. Install the unified Amazon CloudWatch agent on the EC2 instances Configure the agentto push the application logs to CloudWatch
A developer is creating a serverless application that uses an AWS Lambda function The developer will use AWS CloudFormation to deploy the application The application will write logs to Amazon CloudWatch Logs The developer has created a log group in a CloudFormation template for the application to use The developer needs to modify the CloudFormation template to make the name of the log group available to the application at runtime Which solution will meet this requirement?
A. Use the AWS:lnclude transform in CloudFormation to provide the log group's name tothe application
B. Pass the log group's name to the application in the user data section of theCloudFormation template.
C. Use the CloudFormation template's Mappings section to specify the log group's namefor the application.
D. Pass the log group's Amazon Resource Name (ARN) as an environment variable to theLambda function
A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container Service (Amazon ECS) During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, after 15 minutes elapse, the company must route all the remaining live traffic to the new version of the deployed application. Which CodeDeploy predefined configuration will meet these requirements?
A. CodeDeployDefault ECSCanary10Percent15Minutes
B. CodeDeployDefault LambdaCanary10Percent5Minutes
C. CodeDeployDefault LambdaCanary10Percent15Minutes
D. CodeDeployDefault ECSLinear10PercentEvery1 Minutes
A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution The external library is a collection of files with a total size of 100 MB The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space Which solution will meet these requirements with the LEAST operational overhead?
A. Create a Lambda layer to store the external library Configure the Lambda function touse the layer
B. Create an Amazon S3 bucket Upload the external library into the S3 bucket. Mount theS3 bucket folder in the Lambda function Import the library by using the proper folder in themount point.
C. Load the external library to the Lambda function's /tmp directory during deployment ofthe Lambda package. Import the library from the /tmp directory.
D. Create an Amazon Elastic File System (Amazon EFS) volume. Upload the externallibrary to the EFS volume Mount the EFS volume in the Lambda function. Import the libraryby using the proper folder in the mount point.
A developer is investigating an issue in part of a company's application. In the application messages are sent to an Amazon Simple Queue Service (Amazon SQS) queue The AWS Lambda function polls messages from the SQS queue and sends email messages by using Amazon Simple Email Service (Amazon SES) Users have been receiving duplicate email messages during periods of high traffic. Which reasons could explain the duplicate email messages? (Select TWO.)
A. Standard SQS queues support at-least-once message delivery
B. Standard SQS queues support exactly-once processing, so the duplicate emailmessages are because of user error.
C. Amazon SES has the DomainKeys Identified Mail (DKIM) authentication incorrectlyconfigured
D. The SQS queue's visibility timeout is lower than or the same as the Lambda function'stimeout.
E. The Amazon SES bounce rate metric is too high.
A company developed an API application on AWS by using Amazon CloudFront. Amazon API Gateway, and AWS Lambda. The API has a minimum of four requests every second A developer notices that many API users run the same query by using the POST method. The developer wants to cache the POST request to optimize the API resources. Which solution will meet these requirements'?
A. Configure the CloudFront cache Update the application to return cached content basedupon the default request headers.
B. Override the cache method in me selected stage of API Gateway Select the POSTmethod.
C. Save the latest request response in Lambda /tmp directory Update the Lambda functionto check the /tmp directory
D. Save the latest request m AWS Systems Manager Parameter Store Modify the Lambdafunction to take the latest request response from Parameter Store
A company hosts its application on AWS. The application runs on an Amazon Elastic Container Service (Amazon ECS) cluster that uses AWS Fargate. The cluster runs behind an Application Load Balancer The application stores data in an Amazon Aurora database A developer encrypts and manages database credentials inside the application The company wants to use a more secure credential storage method and implement periodic credential rotation. Which solution will meet these requirements with the LEAST operational overhead?
A. Migrate the secret credentials to Amazon RDS parameter groups. Encrypt theparameter by using an AWS Key Management Service (AWS KMS) key Turn on secretrotation. Use 1AM policies and roles to grant AWS KMS permissions to access AmazonRDS.
B. Migrate the credentials to AWS Systems Manager Parameter Store. Encrypt theparameter by using an AWS Key Management Service (AWS KMS) key. Turn on secretrotation. Use 1AM policies and roles to grant Amazon ECS Fargate permissions to accessto AWS Secrets Manager
C. Migrate the credentials to ECS Fargate environment variables. Encrypt the credentialsby using an AWS Key Management Service (AWS KMS) key Turn on secret rotation. Use1AM policies and roles to grant Amazon ECS Fargate permissions to access to AWSSecrets Manager.
D. Migrate the credentials to AWS Secrets Manager. Encrypt the credentials by using anAWS Key Management Service (AWS KMS) key Turn on secret rotation Use 1AM policiesand roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Managerby using keys.
A developer is building a microservices-based application by using Python on AWS and several AWS services The developer must use AWS X-Ray The developer views the service map by using the console to view the service dependencies. During testing, the developer notices that some services are missing from the service map What can the developer do to ensure that all services appear in the X-Ray service map?
A. Modify the X-Ray Python agent configuration in each service to increase the samplingrate
B. Instrument the application by using the X-Ray SDK for Python. Install the X-Ray SDK forall the services that the application uses
C. Enable X-Ray data aggregation in Amazon CloudWatch Logs for all the services that theapplication uses
D. Increase the X-Ray service map timeout value in the X-Ray console
A company is using Amazon API Gateway to invoke a new AWS Lambda function The company has Lambda function versions in its PROD and DEV environments. In each environment, there is a Lambda function alias pointing to the corresponding Lambda function version API Gateway has one stage that is configured to point at the PROD alias The company wants to configure API Gateway to enable the PROD and DEV Lambda function versions to be simultaneously and distinctly available Which solution will meet these requirements?
A. Enable a Lambda authorizer for the Lambda function alias in API Gateway RepublishPROD and create a new stage for DEV Create API Gateway stage variables for the PRODand DEV stages. Point each stage variable to the PROD Lambda authorizer to the DEVLambda authorizer.
B. Set up a gateway response in API Gateway for the Lambda function alias. RepublishPROD and create a new stage for DEV. Create gateway responses in API Gateway forPROD and DEV Lambda aliases
C. Use an environment variable for the Lambda function alias in API Gateway. RepublishPROD and create a new stage for development. Create API gateway environmentvariables for PROD and DEV stages. Point each stage variable to the PROD Lambdafunction alias to the DEV Lambda function alias.
D. Use an API Gateway stage variable to configure the Lambda function alias RepublishPROD and create a new stage for development Create API Gateway stage variables forPROD and DEV stages Point each stage variable to the PROD Lambda function alias andto the DEV Lambda function alias
A company is preparing to migrate an application to the company's first AWS environment Before this migration, a developer is creating a proof-of-concept application to validate a model for building and deploying container-based applications on AWS. Which combination of steps should the developer take to deploy the containerized proof-ofconcept application with the LEAST operational effort? (Select TWO.)
A. Package the application into a zip file by using a command line tool Upload the packageto Amazon S3
B. Package the application into a container image by using the Docker CLI. Upload theimage to Amazon Elastic Container Registry (Amazon ECR)
C. Deploy the application to an Amazon EC2 instance by using AWS CodeDeploy.
D. Deploy the application to Amazon Elastic Kubernetes Service (Amazon EKS) on AWSFargate
E. Deploy the application to Amazon Elastic Container Service (Amazon ECS) on AWSFargate
A developer is building a serverless application that is based on AWS Lambda. The developer initializes the AWS software development kit (SDK) outside of the Lambda handcar function. What is the PRIMARY benefit of this action?
A. Improves legibility and systolic convention
B. Takes advantage of runtime environment reuse
C. Provides better error handling
D. Creates a new SDK instance for each invocation
A company has a social media application that receives large amounts of traffic User posts and interactions are continuously updated in an Amazon RDS database The data changes frequently, and the data types can be complex The application must serve read requests with minimal latency The application's current architecture struggles to deliver these rapid data updates efficiently The company needs a solution to improve the application's performance. Which solution will meet these requirements'?
A. Use Amazon DynamoDB Accelerator (DAX) in front of the RDS database to provide acaching layer for the high volume of rapidly changing data
B. Set up Amazon S3 Transfer Acceleration on the RDS database to enhance the speed ofdata transfer from the databases to the application.
C. Add an Amazon CloudFront distribution in front of the RDS database to provide acaching layer for the high volume of rapidly changing data
D. Create an Amazon ElastiCache for Redis cluster. Update the application code to use awrite-through caching strategy and read the data from Redis.
Users are reporting errors in an application. The application consists of several micro services that are deployed on Amazon Elastic Container Serves (Amazon ECS) with AWS Fargate. When combination of steps should a developer take to fix the errors? (Select TWO)
A. Deploy AWS X-Ray as a sidecar container to the micro services. Update the task rolepolicy to allow access to me X -Ray API.
B. Deploy AWS X-Ray as a daemon set to the Fargate cluster. Update the service role policy to allow access to the X-Ray API.
C. Instrument the application by using the AWS X-Ray SDK. Update the application to usethe Put-XrayTrace API call to communicate with the X-Ray API.
D. Instrument the application by using the AWS X-Ray SDK. Update the application tocommunicate with the X-Ray daemon.
E. Instrument the ECS task to send the stout and spider- output to Amazon CloudWatchLogs. Update the task role policy to allow the cloudwatch Putlogs action.
A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI. Which step should the developer complete prior to deploying the application?
A. Compress the application to a zip file and upload it into AWS Lambda.
B. Test the new AWS Lambda function by first tracing it m AWS X-Ray.
C. Bundle the serverless application using a SAM package.
D. Create the application environment using the eb create my-env command.
A company notices that credentials that the company uses to connect to an external software as a service (SaaS) vendor are stored in a configuration file as plaintext. The developer needs to secure the API credentials and enforce automatic credentials rotation on a quarterly basis. Which solution will meet these requirements MOST securely?
A. Use AWS Key Management Service (AWS KMS) to encrypt the configuration file.Decrypt the configuration file when users make API calls to the SaaS vendor. Enablerotation.
B. Retrieve temporary credentials from AWS Security Token Service (AWS STS) every 15minutes. Use the temporary credentials when users make API calls to the SaaS vendor.
C. Store the credentials in AWS Secrets Manager and enable rotation. Configure the API tohave Secrets Manager access.
D. Store the credentials in AWS Systems Manager Parameter Store and enable rotation.Retrieve the credentials when users make API calls to the SaaS vendor.
A developer is testing an application that invokes an AWS Lambda function asynchronously. During the testing phase the Lambda function fails to process after two retries. How can the developer troubleshoot the failure?
A. Configure AWS CloudTrail logging to investigate the invocation failures.
B. Configure Dead Letter Queues by sending events to Amazon SQS for investigation.
C. Configure Amazon Simple Workflow Service to process any direct unprocessed events.
D. Configure AWS Config to process any direct unprocessed events.
A developer is preparing to begin development of a new version of an application. The previous version of the application is deployed in a production environment. The developer needs to deploy fixes and updates to the current version during the development of the new version of the application. The code for the new version of the application is stored in AWS CodeCommit. Which solution will meet these requirements?
A. From the main branch, create a feature branch for production bug fixes. Create asecond feature branch from the main branch for development of the new version.
B. Create a Git tag of the code that is currently deployed in production. Create a Git tag forthe development of the new version. Push the two tags to the CodeCommit repository.
C. From the main branch, create a branch of the code that is currently deployed inproduction. Apply an IAM policy that ensures no other other users can push or merge to thebranch.
D. Create a new CodeCommit repository for development of the new version of theapplication. Create a Git tag for the development of the new version.
A developer is planning to migrate on-premises company data to Amazon S3. The data must be encrypted, and the encryption Keys must support automate annual rotation. The company must use AWS Key Management Service (AWS KMS) to encrypt the data. When type of keys should the developer use to meet these requirements?
A. Amazon S3 managed keys
B. Symmetric customer managed keys with key material that is generated by AWS
C. Asymmetric customer managed keys with key material that generated by AWS
D. Symmetric customer managed keys with imported key material
A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same AWS Region as the S3 bucket an AWS CloudPormation template that runs for each account will deploy the Lambda function. What is the MOST secure way to allow CloudFormaton to access the Lambda Code in the S3 bucket?
A. Grant the CloudFormation service role the S3 ListBucket and GetObject permissions.Add a bucket policy to Amazon S3 with the principal of "AWS" (account numbers)
B. Grant the CloudFormation service row the S3 GetObfect permission. Add a Bucketpolicy to Amazon S3 with the principal of "'"
C. Use a service-based link to grant the Lambda function the S3 ListBucket and GetObjectpermissions by explicitly adding the S3 bucket's account number in the resource.
D. Use a service-based link to grant the Lambda function the S3 GetObject permission Adda resource of "** to allow access to the S3 bucket.
Users are reporting errors in an application. The application consists of several micro services that are deployed on Amazon Elastic Container Serves (Amazon ECS) with AWS Fargate. When combination of steps should a developer take to fix the errors? (Select TWO
A. Deploy AWS X-Ray as a sidecar container to the micro services. Update the task rolepolicy to allow access to me X -Ray API.
B. Deploy AWS X-Ray as a daemon set to the Fargate cluster. Update the service rolepolicy to allow access to the X-Ray API.
C. Instrument the application by using the AWS X-Ray SDK. Update the application to usethe Put-XrayTrace API call to communicate with the X-Ray API.
D. Instrument the application by using the AWS X-Ray SDK. Update the application tocommunicate with the X-Ray daemon.
E. Instrument the ECS task to send the stout and spider- output to Amazon CloudWatchLogs. Update the task role policy to allow the cloudwatch Putlogs action.
A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud based applications has hundreds of AWS Lambda functions that pull date from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambdas deployment bundle. After 3 months of development the root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing and production environment. Each environment is managed in a separate AWS account. When combination of steps Would the developer take to meet these environments MOST cost-effectively? (Select TWO)
A. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-basedpolicy. Add IAM users to allow access to the secret
B. Store the Root CA Cert as a Secure Sting parameter in aws Systems ManagerParameter Store Create a resource-based policy. Add IAM users to allow access to thepolicy.
C. Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy toallow access to the bucket.
D. Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location.Modify the runtime trust store inside the Lambda function handler.
E. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert's location.Modify the runtime trust store outside the Lambda function handler.
A developer at a company needs to create a small application mat makes the same API call once each flay at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the company wants to implement this functionality on AWS. Which solution meets these requirements in the MOST operationally efficient manner?
A. Use a Kubermetes cron job that runs on Amazon Elastic Kubemetes Sen/ice (AmazonEKS)
B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2
C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduledevent.
D. Use an AWS Batch job that is submitted to an AWS Batch job queue.
A developer warns to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes before the API is deployed to the production environment. For the lest the developer will send test requests to the API through a testing tool. Which solution will meet these requirements with the LEAST operational overhead?
A. Export the existing API to an OpenAPI file. Create a new API Import the OpenAPI fileModify the new API to add request validation. Perform the tests Modify the existing API toadd request validation. Deploy the existing API to production.
B. Modify the existing API to add request validation. Deploy the updated API to a new APIGateway stage Perform the tests Deploy the updated API to the API Gateway productionstage.
C. Create a new API Add the necessary resources and methods including new requestvalidation. Perform the tests Modify the existing API to add request validation. Deploy theexisting API to production.
D. Clone the exiting API Modify the new API lo add request validation. Perform the testsModify the existing API to add request validation Deploy the existing API to production.
An online food company provides an Amazon API Gateway HTTP API 1o receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table. The company expects to onboard additional partners Some to me panthers require additional Lambda function to receive orders. The company has created an Amazon S3 bucket. The company needs 10 store all orders and updates m the S3 bucket for future analysis How can the developer ensure that an orders and updates are stored to Amazon S3 with the LEAST development effort?
A. Create a new Lambda function and a new API Gateway API endpoint. Configure thenew Lambda function to write to the S3 bucket. Modify the original Lambda function to postupdates to the new API endpoint.
B. Use Amazon Kinesis Data Streams to create a new data stream. Modify the Lambdafunction to publish orders to the oats stream Configure in data stream to write to the S3bucket.
C. Enable DynamoDB Streams on me DynamoOB table. Create a new lambda function.Associate the stream's Amazon Resource Name (ARN) with the Lambda FunctionConfigure the Lambda function to write to the S3 bucket as records appear in the table’sstream.
D. Modify the Lambda function to punish to a new Amazon. Simple Lambda functionreceives orders. Subscribe a new Lambda function to the topic. Configure the new Lambdafunction to write to the S3 bucket as updates come through the topic.
An organization is using Amazon CloudFront to ensure that its users experience lowlatency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application. How can these requirements be met? (Select TWO)
A. Use AWS KMS t0 encrypt traffic between cloudFront and the web application.
B. Set the Origin Protocol Policy to "HTTPS Only".
C. Set the Origin’s HTTP Port to 443.
D. Set the Viewer Protocol Policy to "HTTPS Only" or Redirect HTTP to HTTPS"
E. Enable the CloudFront option Restrict Viewer Access.
A developer migrated a legacy application to an AWS Lambda function. The function uses a third-party service to pull data with a series of API calls at the end of each month. The function than processes the data to generate the monthly reports. The function has Been working with no issues so far. The third-party service recently issued a restriction to allow a feed number to API calls each minute and each day. If the API calls exceed the limit tor each minute or each day, then the service will produce errors. The API also provides the minute limit and daily limit in the response header. This restriction might extend the overall process to multiple days because the process is consuming more API calls than the available limit. What is the MOST operationally efficient way to refactor the server less application to accommodate this change?
A. Use an AWS Step Functions State machine to monitor API failures. Use the Wait stateto delay calling the Lambda function.
B. Use an Amazon Simple Queue Service (Amazon SQS) queue to hold the API calls.Configure the Lambda function to poll the queue within the API threshold limits.
C. Use an Amazon CloudWatch Logs metric to count the number of API calls. Configure anAmazon CloudWatch alarm flat slops the currently running instance of the Lambda functionwhen the metric exceeds the API threshold limits.
D. Use Amazon Kinesis Data Firehose to batch me API calls and deliver them to anAmazon S3 bucket win an event notification to invoke the Lambda function.
A developer is creating a mobile application that will not require users to log in. What is the MOST efficient method to grant users access to AWS resources'?
A. Use an identity provider to securely authenticate with the application.
B. Create an AWS Lambda function to create an 1AM user when a user accesses theapplication.
C. Create credentials using AWS KMS and apply these credentials to users when using theapplication.
D. Use Amazon Cognito to associate unauthenticated users with an IAM role that haslimited access to resources.
A developer is migrating an application to Amazon Elastic Kubernetes Service (Amazon EKS). The developer migrates the application to Amazon Elastic Container Registry (Amazon ECR) with an EKS cluster. As part of the application migration to a new backend, the developer creates a new AWS account. The developer makes configuration changes to the application to point the application to the new AWS account and to use new backend resources. The developer successfully tests the changes within the application by deploying the pipeline. The Docker image build and the pipeline deployment are successful, but the application is still connecting to the old backend. The developer finds that the application's configuration is still referencing the original EKS cluster and not referencing the new backend resources. Which reason can explain why the application is not connecting to the new resources?
A. The developer did not successfully create the new AWS account.
B. The developer added a new tag to the Docker image.
C. The developer did not update the Docker image tag to a new version.
D. The developer pushed the changes to a new Docker image tag.
A company has an application that runs as a series of AWS Lambda functions. Each Lambda function receives data from an Amazon Simple Notification Service (Amazon SNS) topic and writes the data to an Amazon Aurora DB instance. To comply with an information security policy, the company must ensure that the Lambda functions all use a single securely encrypted database connection string to access Aurora. Which solution will meet these requirements'?
A. Use IAM database authentication for Aurora to enable secure database connections forail the Lambda functions.
B. Store the credentials and read the credentials from an encrypted Amazon RDS DBinstance.
C. Store the credentials in AWS Systems Manager Parameter Store as a secure stringparameter.
D. Use Lambda environment variables with a shared AWS Key Management Service (AWSKMS) key for encryption.
A company is using Amazon RDS as the Backend database for its application. After a recent marketing campaign, a surge of read requests to the database increased the latency of data retrieval from the database. The company has decided to implement a caching layer in front of the database. The cached content must be encrypted and must be highly available. Which solution will meet these requirements?
A. Amazon Cloudfront
B. Amazon ElastiCache to Memcached
C. Amazon ElastiCache for Redis in cluster mode
D. Amazon DynamoDB Accelerate (DAX)
A developer needs to deploy an application running on AWS Fargate using Amazon ECSThe application has environment variables that must be passed to a container for the application to initialize. How should the environment variables be passed to the container?
A. Define an array that includes the environment variables under the environmentparameter within the service definition.
B. Define an array that includes the environment variables under the environmentparameter within the task definition.
C. Define an array that includes the environment variables under the entryPoint parameterwithin the task definition.
D. Define an array that includes the environment variables under the entryPoint parameterwithin the service definition.
A developer is trying get data from an Amazon DynamoDB table called demoman-table. The developer configured the AWS CLI to use a specific IAM use's credentials and ran the following command.
The command returned errors and no rows were returned. What is the MOST likely cause of these issues?
A. The command is incorrect; it should be rewritten to use put-item with a string argument
B. The developer needs to log a ticket with AWS Support to enable access to thedemoman-table
C. Amazon DynamoOB cannot be accessed from the AWS CLI and needs to called via theREST API
D. The IAM user needs an associated policy with read access to demoman-table
A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can the company Limit the ability to download a premier content file in the S3 Bucket to paid subscribers only?
A. Apply a bucket policy that allows anonymous users to download the content from the S3bucket.
B. Generate a pre-signed object URL for the premier content file when a pad subscriberrequests a download.
C. Add a Docket policy that requires multi-factor authentication for request to access the S3bucket objects.
D. Enable server-side encryption on the S3 bucket for data protection against the nonpayingwebsite visitors.
A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment. The developer wants to make the REST API available for testing by using API Gateway locally. Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?
A. Sam local invoke
B. Sam local generate-event
C. Sam local start-lambda
D. Sam local start-api
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts. What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?
A. Create four access points that allow access to the central S3 bucket. Assign an accesspoint to each web application bucket.
B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucketpolicy to the central S3 bucket.
C. Create a cross-origin resource sharing (CORS) configuration that allows access to thecentral S3 bucket. Add the CORS configuration to the central S3 bucket.
D. Create a Content-MD5 header that provides a message integrity check for the centralS3 bucket. Insert the Content-MD5 header for each web application request.
A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment. The developer wants to make the REST API available for testing by using API Gateway locally. Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?
A. Sam local invoke
B. Sam local generate-event
C. Sam local start-lambda
D. Sam local start-api
A developer has created an AWS Lambda function that makes queries to an Amazon Aurora MySQL DB instance. When the developer performs a test the OB instance shows an error for too many connections. Which solution will meet these requirements with the LEAST operational effort?
A. Create a read replica for the DB instance Query the replica DB instance instead of theprimary DB instance.
B. Migrate the data lo an Amazon DynamoDB database.
C. Configure the Amazon Aurora MySQL DB instance tor Multi-AZ deployment.
D. Create a proxy in Amazon RDS Proxy Query the proxy instead of the DB instance.
An developer is building a serverless application by using the AWS Serverless Application Model (AWS SAM). The developer is currently testing the application in a development environment. When the application is nearly finsihed, the developer will need to set up additional testing and staging environments for a quality assurance team. The developer wants to use a feature of the AWS SAM to set up deployments to multiple environments. Which solution will meet these requirements with the LEAST development effort?
A. Add a configuration file in TOML format to group configuration entries to everyenvironment. Add a table for each testing and staging environment. Deploy updates to theenvironments by using the sam deploy command and the --config-env flag thatcorresponds to the each environment.
B. Create additional AWS SAM templates for each testing and staging environment. Writea custom shell script that uses the sam deploy command and the --template-file flag todeploy updates to the environments.
C. Create one AWS SAM configuration file that has default parameters. Perform updates tothe testing and staging environments by using the —parameter-overrides flag in the AWSSAM CLI and the parameters that the updates will override.
D. Use the existing AWS SAM template. Add additional parameters to configure specificattributes for the serverless function and database table resources that are in eachenvironment. Deploy updates to the testing and staging environments by using the samdeploy command.
A company has an ecommerce application. To track product reviews, the company's development team uses an Amazon DynamoDB table. Every record includes the following A Review ID a 16-digrt universally unique identifier (UUID) • A Product ID and User ID 16 digit UUlDs that reference other tables • A Product Rating on a scale of 1-5 • An optional comment from the user The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product. Which index will provide the FASTEST response for this query"?
A. A global secondary index (GSl) with Product ID as the partition key and Product Ratingas the sort key
B. A global secondary index (GSl) with Product ID as the partition key and Review ID asthe sort key
C. A local secondary index (LSI) with Product ID as the partition key and Product Rating asthe sort key
D. A local secondary index (LSI) with Review ID as the partition key and Product ID as thesort key
A developer wants to deploy a new version of an AWS Elastic Beanstalk application. During deployment the application must maintain full capacity and avoid service interruption. Additionally, the developer must minimize the cost of additional resources that support the deployment. Which deployment method should the developer use to meet these requirements?
A. All at once
B. Rolling with additional batch
C. Bluegreen
D. Immutable
A developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up me applications. How should the developer identify and troubleshoot the root cause of the performance issues in production?
A. Add logging statements to the Lambda functions. then use Amazon CloudWatch to viewthe logs.
B. Use AWS CloudTrail and then examine the logs.
C. Use AWS X-Ray. then examine the segments and errors.
D. Run Amazon inspector agents and then analyze performance.
A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM) on multiple AWS Lambda functions. When the application is deployed, the developer wants to shift 10% of the traffic to the new deployment of the application for the first 10 minutes after deployment. If there are no issues, all traffic must switch over to the new version. Which change to the AWS SAM template will meet these requirements?
A. Set the Deployment Preference Type to Canary10Percent10Minutes. Set theAutoPublishAlias property to the Lambda alias.
B. Set the Deployment Preference Type to LinearlOPercentEvery10Minutes. SetAutoPubIishAIias property to the Lambda alias.
C. Set the Deployment Preference Type to CanaryIOPercentIOMinutes. Set the PreTrafficand PostTraffic properties to the Lambda alias.
D. Set the Deployment Preference Type to LinearlOPercentEveryIOMinutes. Set PreTrafficand Post Traffic properties to the Lambda alias.
When a developer tries to run an AWS Code Build project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters. What is the recommended solution?
A. Add the export LC-_ALL" on _ US, tuft" command to the pre _ build section to ensurePOSIX Localization.
B. Use Amazon Cognate to store key-value pairs for large numbers of environmentvariables
C. Update the settings for the build project to use an Amazon S3 bucket for large numbersof environment variables
D. Use AWS Systems Manager Parameter Store to store large numbers ot environmentvariables
A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code. Which combination of actions should the developer take to achieve this goal? (Select TWO)
A. Install the Amazon CloudWatch agent on the EC2 instances.
B. Install the AWS X-Ray daemon on the EC2 instances.
C. Configure the application to write JSON-formatted togs to /var/log/cloudwatch.
D. Configure the application to write trace data to /Var/log-/xray.
E. Install and configure the AWS X-Ray SDK for Python in the application.
A company is building a micro services app1 cation that consists of many AWS Lambda functions. The development team wants to use AWS Serverless Application Model (AWS SAM) templates to automatically test the Lambda functions. The development team plans to test a small percentage of traffic that is directed to new updates before the team commits to a full deployment of the application. Which combination of steps will meet these requirements in the MOST operationally efficient way? (Select TWO.)
A. Use AWS SAM CLI commands in AWS CodeDeploy lo invoke the Lambda functions lolest the deployment
B. Declare the EventlnvokeConfig on the Lambda functions in the AWS SAM templateswith OnSuccess and OnFailure configurations.
C. Enable gradual deployments through AWS SAM templates.
D. Set the deployment preference type to Canary10Percen130Minutes Use hooks to testthe deployment.
E. Set the deployment preference type to Linear10PefcentEvery10Minutes Use hooks totest the deployment.
A developer is writing an application that will retrieve sensitive data from a third-party system. The application will format the data into a PDF file. The PDF file could be more than 1 MB. The application will encrypt the data to disk by using AWS Key Management Service (AWS KMS). The application will decrypt the file when a user requests to download it. The retrieval and formatting portions of the application are complete. The developer needs to use the GenerateDataKey API to encrypt the PDF file so that the PDF file can be decrypted later. The developer needs to use an AWS KMS symmetric customer managed key for encryption. Which solutions will meet these requirements?
A. Write the encrypted key from the GenerateDataKey API to disk for later use. Use theplaintext key from the GenerateDataKey API and a symmetric encryption algorithm toencrypt the file.
B. Write the plain text key from the GenerateDataKey API to disk for later use. Use theencrypted key from the GenerateDataKey API and a symmetric encryption algorithm toencrypt the file.
C. Write the encrypted key from the GenerateDataKey API to disk for later use. Use theplaintext key from the GenerateDataKey API to encrypt the file by using the KMS EncryptAPI
D. Write the plain text key from the GenerateDataKey API to disk for later use. Use theencrypted key from the GenerateDataKey API to encrypt the file by using the KMS EncryptAPI
A team of developed is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process.
A. Write a Git pre-commit hook that runs the test before every commit. Ensure that eachdeveloper who is working on the project has the pre-commit hook instated locally. Reviewthe test report and resolve any issues before pushing changes to AWS CodeCommit.
B. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the newstage after the stage that deploys code revisions to the test environment. Write a buildspecthat fails the CodeBuild stage if any test does not pass. Use the test reports feature ofCodebuild to integrate the report with the CodoBuild console. View the test results inCodeBuild Resolve any issues.
C. Add a new stage to the pipeline. Use AWS CodeBuild at the provider. Add the newstage before the stage that deploys code revisions to the test environment. Write abuildspec that fails the CodeBuild stage it any test does not pass. Use the test reportsfeature of CodeBuild to integrate the report with the CodeBuild console. View the testresults in codeBuild Resolve any issues.
D. Add a new stage to the pipeline. Use Jenkins as the provider. Configure CodePipeline touse Jenkins to run the unit tests. Write a Jenkinsfile that fails the stage if any test does notpass. Use the test report plugin for Jenkins to integrate the repot with the Jenkinsdashboard. View the test results in Jenkins. Resolve any issues.
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement?
A. Create an AWS Lambda function that uses Amazon Simple Email Service (AmazonSES) to send the email notification. Add an Amazon API Gateway API to invoke thefunction. Call the API from the client side when login confirmation is received.
B. Create an AWS Lambda function that uses Amazon Simple Email Service (AmazonSES) to send the email notification. Add an Amazon Cognito post authentication Lambdatrigger for the function.
C. Create an AWS Lambda function that uses Amazon Simple Email Service (AmazonSES) to send the email notification. Create an Amazon CloudWatch Logs log subscriptionfilter to invoke the function based on the login status.
D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Createan AWS Lambda function to process the streamed logs and to send the email notificationbased on the login status of each user.
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon Elastic Block Store (Amazon EBS) volumes for storing data. The Amazon EBS volumes will be created at time of initial deployment. The application will process sensitive information. All of the data must be encrypted. The solution should not impact the application's performance. Which solution will meet these requirements?
A. Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.
B. Configure the application to write all data to an encrypted Amazon S3 bucket.
C. Configure a custom encryption algorithm for the application that will encrypt and decryptall data.
D. Configure an Amazon Machine Image (AMI) that has an encrypted root volume andstore the data to ephemeral disks.
A developer at a company recently created a serverless application to process and show data from business reports. The application's user interface (UI) allows users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the UI. The company's Ul team reports that the request to process a file is often returning timeout errors because of the see or complexity of the files. The Ul team wants the API to provide an immediate response so that the Ul can deploy a message while the files are being processed. The backend process that is invoked by the API needs to send an email message when the report processing is complete. What should the developer do to configure the API to meet these requirements?
A. Change the API Gateway route to add an X-Amz-Invocation-Type header win a sialicvalue of 'Event' in the integration request Deploy the API Gateway stage to apply the changes.
B. Change the configuration of the Lambda function that implements the request to processa file. Configure the maximum age of the event so that the Lambda function will ionasynchronously.
C. Change the API Gateway timeout value to match the Lambda function ominous value.Deploy the API Gateway stage to apply the changes.
D. Change the API Gateway route to add an X-Amz-Target header with a static value of 'Async' in the integration request Deploy me API Gateway stage to apply the changes.
A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node is application. To minimize these bugs, the developer wants to impendent automated testing of Lambda functions in an environment that Closely simulates the Lambda environment. The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (Ct/CO) pipeline before the AWS Cloud Development Kit (AWS COK) deployment. Which solution will meet these requirements?
A. Create sample events based on the Lambda documentation. Create automated testscripts that use the cdk local invoke command to invoke the Lambda functions. Check theresponse Document the test scripts for the other developers on the team Update the CI/CDpipeline to run the test scripts.
B. Install a unit testing framework that reproduces the Lambda execution environment.Create sample events based on the Lambda Documentation Invoke the handler function byusing a unit testing framework. Check the response Document how to run the unit testingframework for the other developers on the team. Update the OCD pipeline to run the unittesting framework.
C. Install the AWS Serverless Application Model (AWS SAW) CLI tool Use the Sam localgenerate-event command to generate sample events for me automated tests. Createautomated test scripts that use the Sam local invoke command to invoke the Lambdafunctions. Check the response Document the test scripts tor the other developers on theteam Update the CI/CD pipeline to run the test scripts.
D. Create sample events based on the Lambda documentation. Create a Docker containerfrom the Node is base image to invoke the Lambda functions. Check the responseDocument how to run the Docker container for the more developers on the team update theCI/CD pipeline to run the Docker container.
A developer has been asked to create an AWS Lambda function that is invoked any time updates are made to items in an Amazon DynamoDB table. The function has been created and appropriate permissions have been added to the Lambda execution role Amazon DynamoDB streams have been enabled for the table, but the function 15 still not being invoked. Which option would enable DynamoDB table updates to invoke the Lambda function?
A. Store the credentials in AWS Systems Manager Parameter Store. Select the databasethat the parameter will access. Use the default AWS Key Management Service (AWSKMS) key to encrypt the parameter. Enable automatic rotation for the parameter. Use theparameter from Parameter Store on the Lambda function to connect to the database.
B. Encrypt the credentials with the default AWS Key Management Service (AWS KMS)key. Store the credentials as environment variables for the Lambda function. Create asecond Lambda function to generate new credentials and to rotate the credentials byupdating the environment variables of the first Lambda function. Invoke the secondLambda function by using an Amazon EventBridge rule that runs on a schedule. Updatethe database to use the new credentials. On the first Lambda function, retrieve thecredentials from the environment variables. Decrypt the credentials by using AWS KMS,Connect to the database.
C. Store the credentials in AWS Secrets Manager. Set the secret type to Credentials forAmazon RDS database. Select the database that the secret will access. Use the defaultAWS Key Management Service (AWS KMS) key to encrypt the secret. Enable automaticrotation for the secret. Use the secret from Secrets Manager on the Lambda function toconnect to the database.
D. Encrypt the credentials by using AWS Key Management Service (AWS KMS). Store thecredentials in an Amazon DynamoDB table. Create a second Lambda function to rotate thecredentials. Invoke the second Lambda function by using an Amazon EventBridge rule thatruns on a schedule. Update the DynamoDB table. Update the database to use thegenerated credentials. Retrieve the credentials from DynamoDB with the first Lambdafunction. Connect to the database.
A developer has been asked to create an AWS Lambda function that is invoked any time updates are made to items in an Amazon DynamoDB table. The function has been created and appropriate permissions have been added to the Lambda execution role Amazon DynamoDB streams have been enabled for the table, but the function 15 still not being invoked. Which option would enable DynamoDB table updates to invoke the Lambda function?
A. Change the StreamViewType parameter value to NEW_AND_OLOJMAGES for theDynamoDB table.
B. Configure event source mapping for the Lambda function.
C. Map an Amazon Simple Notification Service (Amazon SNS) topic to the DynamoDBstreams.
D. Increase the maximum runtime (timeout) setting of the Lambda function.
A developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:
A. Option A
B. Option B
C. Option C
D. Option D
Leave a comment
Your email address will not be published. Required fields are marked *