Amazon DVA-C02 Dumps

Question # 1

A company has an application that runs across multiple AWS Regions. The application isexperiencing performance issues at irregular intervals. A developer must use AWS X-Ray to implement distributed tracing for the application to troubleshoot the root cause of theperformance issues.What should the developer do to meet this requirement?

A. Use the X-Ray console to add annotations for AWS services and user-defined services
B. Use Region annotation that X-Ray adds automatically for AWS services Add Regionannotation for user-defined services
C. Use the X-Ray daemon to add annotations for AWS services and user-defined services
D. Use Region annotation that X-Ray adds automatically for user-defined servicesConfigure X-Ray to add Region annotation for AWS services

Question # 2

A company is using AWS CloudFormation to deploy a two-tier application. The applicationwill use Amazon RDS as its backend database. The company wants a solution that willrandomly generate the database password during deployment. The solution also mustautomatically rotate the database password without requiring changes to the application.What is the MOST operationally efficient solution that meets these requirements'?

A. Use an AWS Lambda function as a CloudFormation custom resource to generate androtate the password.
B. Use an AWS Systems Manager Parameter Store resource with the SecureString datatype to generate and rotate the password.
C. Use a cron daemon on the application s host to generate and rotate the password.
D. Use an AWS Secrets Manager resource to generate and rotate the password.

Question # 3

A developer is designing a serverless application for a game in which users register andlog in through a web browser The application makes requests on behalf of users to a set ofAWS Lambda functions that run behind an Amazon API Gateway HTTP APIThe developer needs to implement a solution to register and log in users on theapplication's sign-in page. The solution must minimize operational overhead and mustminimize ongoing management of user identities.Which solution will meet these requirements'?

A. Create Amazon Cognito user pools for external social identity providers Configure 1AMroles for the identity pools.
B. Program the sign-in page to create users' 1AM groups with the 1AM roles attached tothe groups
C. Create an Amazon RDS for SQL Server DB instance to store the users and manage thepermissions to the backend resources in AWS
D. Configure the sign-in page to register and store the users and their passwords in anAmazon DynamoDB table with an attached IAM policy.

Question # 4

A developer needs to build an AWS CloudFormation template that self-populates the AWSRegion variable that deploys the CloudFormation templateWhat is the MOST operationally efficient way to determine the Region in which thetemplate is being deployed?

A. Use the AWS:.Region pseudo parameter
B. Require the Region as a CloudFormation parameter
C. Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic function
D. Dynamically import the Region by referencing the relevant parameter in AWS SystemsManager Parameter Store

Question # 5

An Amazon Simple Queue Service (Amazon SQS) queue serves as an event source for anAWS Lambda function In the SQS queue, each item corresponds to a video file that theLambda function must convert to a smaller resolution The Lambda function is timing out onlonger video files, but the Lambda function's timeout is already configured to its maximumvalueWhat should a developer do to avoid the timeouts without additional code changes'?

A. Increase the memory configuration of the Lambda function
B. Increase the visibility timeout on the SQS queue
C. Increase the instance size of the host that runs the Lambda function.
D. Use multi-threading for the conversion.

Question # 6

A company needs to deploy all its cloud resources by using AWS CloudFormationtemplates A developer must create an Amazon Simple Notification Service (Amazon SNS)automatic notification to help enforce this rule. The developer creates an SNS topic andsubscribes the email address of the company's security team to the SNS topic.The security team must receive a notification immediately if an 1AM role is created withoutthe use of CloudFormation.Which solution will meet this requirement?

A. Create an AWS Lambda function to filter events from CloudTrail if a role was createdwithout CloudFormation Configure the Lambda function to publish to the SNS topic. Createan Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
B. Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) tofilter events from CloudTrail if a role was created without CloudFormation Configure theFargate task to publish to the SNS topic Create an Amazon EventBridge schedule to runthe Fargate task every 15 minutes
C. Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail ifa role was created without CloudFormation. Configure the script to publish to the SNStopic. Create a cron job to run the script on the EC2 instance every 15 minutes.
D. Create an Amazon EventBridge rule to filter events from CloudTrail if a role was createdwithout CloudFormation Specify the SNS topic as the target of the EventBridge rule.

Question # 7

A company has an application that is hosted on Amazon EC2 instances The applicationstores objects in an Amazon S3 bucket and allows users to download objects from the S3bucket A developer turns on S3 Block Public Access for the S3 bucket After this change,users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can accessobjects in the S3 bucket.Which combination of steps will meet these requirements in the MOST secure way? (SelectTWO.)

A. Create an EC2 instance profile and role with an appropriate policy Associate the rolewith the EC2 instances
B. Create an 1AM user with an appropriate policy. Store the access key ID and secretaccess key on the EC2 instances
C. Modify the application to use the S3 GeneratePresignedUrl API call
D. Modify the application to use the S3 GetObject API call and to return the object handleto the user
E. Modify the application to delegate requests to the S3 bucket.

Question # 8

A company runs a payment application on Amazon EC2 instances behind an ApplicationLoad Balance The EC2 instances run in an Auto Scaling group across multiple AvailabilityZones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at restand need to be rotated every month.Which solution will meet these requirements with the LEAST development effort?

A. Save the secrets in a text file and store the text file in Amazon S3 Provision a customermanaged key Use the key for secret encryption in Amazon S3 Read the contents of thetext file and read the export as environment variables Configure S3 Object Lambda torotate the text file every month
B. Save the secrets as strings in AWS Systems Manager Parameter Store and use thedefault AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 userdata script to retrieve the secrets during the startup and export as environment variablesConfigure an AWS Lambda function to rotate the secrets in Parameter Store every month.
C. Save the secrets as base64 encoded environment variables in the applicationproperties. Retrieve the secrets during the application startup. Reference the secrets in theapplication code. Write a script to rotate the secrets saved as environment variables.
D. Store the secrets in AWS Secrets Manager Provision a new customer master key Usethe key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 userdata script to programmatically retrieve the secrets during the startup and export asenvironment variables

Question # 9

A developer is creating a simple proof-of-concept demo by using AWS CloudFormation andAWS Lambda functions The demo will use a CloudFormation template to deploy anexisting Lambda function The Lambda function uses deployment packages anddependencies stored in Amazon S3 The developer defined anAWS Lambda Functionresource in a CloudFormation template. The developer needs to add the S3 bucket to theCloudFormation template.What should the developer do to meet these requirements with the LEAST developmenteffort?

A. Add the function code in the CloudFormation template inline as the code property
B. Add the function code in the CloudFormation template as the ZipFile property.
C. Find the S3 key for the Lambda function Add the S3 key as the ZipFile property in theCloudFormation template.
D. Add the relevant key and bucket to the S3Bucket and S3Key properties in theCloudFormation template

Question # 10

A company has a web application that is hosted on Amazon EC2 instances The EC2instances are configured to stream logs to Amazon CloudWatch Logs The company needsto receive an Amazon Simple Notification Service (Amazon SNS) notification when thenumber of application error messages exceeds a defined threshold within a 5-minuteperiodWhich solution will meet these requirements?

A. Rewrite the application code to stream application logs to Amazon SNS Configure anSNS topic to send a notification when the number of errors exceeds the defined thresholdwithin a 5-minute period
B. Configure a subscription filter on the CloudWatch Logs log group. Configure the filter tosend an SNS notification when the number of errors exceeds the defined threshold within a5-minute period.
C. Install and configure the Amazon Inspector agent on the EC2 instances to monitor forerrors Configure Amazon Inspector to send an SNS notification when the number of errorsexceeds the defined threshold within a 5-minute period
D. Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to sendan SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

Question # 11

A developer designed an application on an Amazon EC2 instance The application makesAPI requests to objects in an Amazon S3 bucketWhich combination of steps will ensure that the application makes the API requests in theMOST secure manner? (Select TWO.)

A. Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AMgroup
B. Create an IAM role that has permissions to the S3 bucket
C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
D. Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AMgroup
E. Store the credentials of the IAM user in the environment variables on the EC2 instance

Question # 12

A developer is using AWS Step Functions to automate a workflow The workflow defineseach step as an AWS Lambda function task The developer notices that runs of the StepFunctions state machine fail in the GetResource task with either anUlegalArgumentException error or a TooManyRequestsException errorThe developer wants the state machine to stop running when the state machine encountersan UlegalArgumentException error. The state machine needs to retry the GetResourcetask one additional time after 10 seconds if the state machine encounters aTooManyRequestsException error. If the second attempt fails, the developer wants thestate machine to stop running.How can the developer implement the Lambda retry functionality without addingunnecessary complexity to the state machine'?

A. Add a Delay task after the GetResource task. Add a catcher to the GetResource task.Configure the catcher with an error type of TooManyRequestsException. Configure thenext step to be the Delay task Configure the Delay task to wait for an interval of 10 secondsConfigure the next step to be the GetResource task.
B. Add a catcher to the GetResource task Configure the catcher with an error type ofTooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of1. Configure the next step to be the GetResource task.
C. Add a retrier to the GetResource task Configure the retrier with an error type ofTooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of1.
D. Duplicate the GetResource task Rename the new GetResource task to TryAgain Add acatcher to the original GetResource task Configure the catcher with an error type ofTooManyRequestsException. Configure the next step to be TryAgain.

Question # 13

A developer creates a static website for their department The developer deploys the staticassets for the website to an Amazon S3 bucket and serves the assets with AmazonCloudFront The developer uses origin access control (OAC) on the CloudFront distributionto access the S3 bucketThe developer notices users can access the root URL and specific pages but cannotaccess directories without specifying a file name. For example, /products/index.html works,but /products returns an error The developer needs to enable accessing directories withoutspecifying a file name without exposing the S3 bucket publicly.Which solution will meet these requirements'?

A. Update the CloudFront distribution's settings to index.html as the default root object isset
B. Update the Amazon S3 bucket settings and enable static website hosting. Specify indexhtml as the Index document Update the S3 bucket policy to enable access. Update theCloudFront distribution's origin to use the S3 website endpoint
C. Create a CloudFront function that examines the request URL and appends index.htmlwhen directories are being accessed Add the function as a viewer request CloudFrontfunction to the CloudFront distribution's behavior.
D. Create a custom error response on the CloudFront distribution with the HTTP error codeset to the HTTP 404 Not Found response code and the response page path to /index htmlSet the HTTP response code to the HTTP 200 OK response code

Question # 14

A company has an existing application that has hardcoded database credentials Adeveloper needs to modify the existing application The application is deployed in two AWSRegions with an active-passive failover configuration to meet company’s disaster recoverystrategyThe developer needs a solution to store the credentials outside the code. The solution mustcomply With the company's disaster recovery strategyWhich solution Will meet these requirements in the MOST secure way?

A. Store the credentials in AWS Secrets Manager in the primary Region. Enable secretreplication to the secondary Region Update the application to use the Amazon ResourceName (ARN) based on the Region.
B. Store credentials in AWS Systems Manager Parameter Store in the primary Region.Enable parameter replication to the secondary Region. Update the application to use theAmazon Resource Name (ARN) based on the Region.
C. Store credentials in a config file. Upload the config file to an S3 bucket in me primaryRegion. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region.Update the application to access the config file from the S3 bucket based on the Region.
D. Store credentials in a config file. Upload the config file to an Amazon Elastic File System(Amazon EFS) file system. Update the application to use the Amazon EFS file systemRegional endpoints to access the config file in the primary and secondary Regions.

Question # 15

A developer must use multi-factor authentication (MFA) to access data in an Amazon S3 bucket that is in another AWS account. Which AWS Security Token Service (AWS STS)API operation should the developer use with the MFA information to meet thisrequirement?

A. AssumeRoleWithWebidentity
B. GetFederationToken
C. AssumeRoleWithSAML
D. AssumeRole

Question # 16

A developer is working on an ecommerce platform that communicates with several thirdpartypayment processing APIs The third-party payment services do not provide a testenvironment.The developer needs to validate the ecommerce platform's integration with the third-partypayment processing APIs. The developer must test the API integration code withoutinvoking the third-party payment processing APIs.Which solution will meet these requirements'?

A. Set up an Amazon API Gateway REST API with a gateway response configured forstatus code 200 Add response templates that contain sample responses captured from thereal third-party API.
B. Set up an AWS AppSync GraphQL API with a data source configured for each thirdpartyAPI Specify an integration type of Mock Configure integration responses by usingsample responses captured from the real third-party API.
C. Create an AWS Lambda function for each third-party API. Embed responses capturedfrom the real third-party API. Configure Amazon Route 53 Resolver with an inboundendpoint for each Lambda function's Amazon Resource Name (ARN).
D. Set up an Amazon API Gateway REST API for each third-party API Specify anintegration request type of Mock Configure integration responses by using sampleresponses captured from the real third-party API

Question # 17

An AWS Lambda function requires read access to an Amazon S3 bucket and requiresread/write access to an Amazon DynamoDB table The correct 1AM policy already existsWhat is the MOST secure way to grant the Lambda function access to the S3 bucket andthe DynamoDB table?

A. Attach the existing 1AM policy to the Lambda function.
B. Create an 1AM role for the Lambda function Attach the existing 1AM policy to the roleAttach the role to the Lambda function
C. Create an 1AM user with programmatic access Attach the existing 1AM policy to theuser. Add the user access key ID and secret access key as environment variables in theLambda function.
D. Add the AWS account root user access key ID and secret access key as encryptedenvironment variables in the Lambda function

Question # 18

A company hosts a client-side web application for one of its subsidiaries on Amazon S3.The web application can be accessed through Amazon CloudFront fromhttps://www.example.com. After a successful rollout, the company wants to host three moreclient-side web applications for its remaining subsidiaries on three separate S3 buckets.To achieve this goal, a developer moves all the common JavaScript files and web fonts to acentral S3 bucket that serves the web applications. However, during testing, the developernotices that the browser blocks the JavaScript files and web fonts.What should the developer do to prevent the browser from blocking the JavaScript files andweb fonts?

A. Create four access points that allow access to the central S3 bucket. Assign an accesspoint to each web application bucket.
B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucketpolicy to the central S3 bucket.
C. Create a cross-origin resource sharing (CORS) configuration that allows access to thecentral S3 bucket. Add the CORS configuration to the central S3 bucket.
D. Create a Content-MD5 header that provides a message integrity check for the centralS3 bucket. Insert the Content-MD5 header for each web application request.

Question # 19

A company runs an application on AWS The application stores data in an AmazonDynamoDB table Some queries are taking a long time to run These slow queries involve anattribute that is not the table's partition key or sort keyThe amount of data that the application stores in the DynamoDB table is expected toincrease significantly. A developer must increase the performance of the queries.Which solution will meet these requirements'?

A. Increase the page size for each request by setting the Limit parameter to be higher thanthe default value Configure the application to retry any request that exceeds theprovisioned throughput.
B. Create a global secondary index (GSI). Set query attribute to be the partition key of theindex
C. Perform a parallel scan operation by issuing individual scan requests in the parametersspecify the segment for the scan requests and the total number of segments for the parallelscan.
D. Turn on read capacity auto scaling for the DynamoDB table. Increase the maximumread capacity units (RCUs).

Question # 20

A developer is creating an AWS Lambda function that searches for items from an AmazonDynamoDB table that contains customer contact information- The DynamoDB table itemshave the customer's email_address as the partition key and additional properties such ascustomer_type, name, and job_tltle.The Lambda function runs whenever a user types a new character into the customer_typetext input The developer wants the search to return partial matches of all theemail_address property of a particular customer_type The developer does not want torecreate the DynamoDB table.What should the developer do to meet these requirements?

A. Add a global secondary index (GSI) to the DynamoDB table with customer_type as thepartition key and email_address as the sort key Perform a query operation on the GSI byusing the begvns_wth key condition expression With the email_address property
B. Add a global secondary index (GSI) to the DynamoDB table With ernail_address as thepartition key and customer_type as the sort key Perform a query operation on the GSI byusing the begins_wtth key condition expression With the email_address property.
C. Add a local secondary index (LSI) to the DynamoDB table With customer_type as thepartition key and email_address as the sort key Perform a query operation on the LSI byusing the begins_wlth key condition expression With the email_address property
D. Add a local secondary Index (LSI) to the DynamoDB table With job_tltle as the partitionkey and emad_address as the sort key Perform a query operation on the LSI by using thebegins_wrth key condition expression With the email_address property