Amazon DVA-C02 Exam Dumps

Amazon DVA-C02 Sample Question Answers

Amazon DVA-C02 Sample Questions

Question # 1

A company has an application that runs across multiple AWS Regions. The application isexperiencing performance issues at irregular intervals. A developer must use AWS X-Ray to implement distributed tracing for the application to troubleshoot the root cause of theperformance issues.What should the developer do to meet this requirement?

A. Use the X-Ray console to add annotations for AWS services and user-defined services
B. Use Region annotation that X-Ray adds automatically for AWS services Add Regionannotation for user-defined services
C. Use the X-Ray daemon to add annotations for AWS services and user-defined services
D. Use Region annotation that X-Ray adds automatically for user-defined servicesConfigure X-Ray to add Region annotation for AWS services

Answer: B

Show Answer

Question # 2

A company is using AWS CloudFormation to deploy a two-tier application. The applicationwill use Amazon RDS as its backend database. The company wants a solution that willrandomly generate the database password during deployment. The solution also mustautomatically rotate the database password without requiring changes to the application.What is the MOST operationally efficient solution that meets these requirements'?

A. Use an AWS Lambda function as a CloudFormation custom resource to generate androtate the password.
B. Use an AWS Systems Manager Parameter Store resource with the SecureString datatype to generate and rotate the password.
C. Use a cron daemon on the application s host to generate and rotate the password.
D. Use an AWS Secrets Manager resource to generate and rotate the password.

Answer: D

Show Answer

Question # 3

A developer is designing a serverless application for a game in which users register andlog in through a web browser The application makes requests on behalf of users to a set ofAWS Lambda functions that run behind an Amazon API Gateway HTTP APIThe developer needs to implement a solution to register and log in users on theapplication's sign-in page. The solution must minimize operational overhead and mustminimize ongoing management of user identities.Which solution will meet these requirements'?

A. Create Amazon Cognito user pools for external social identity providers Configure 1AMroles for the identity pools.
B. Program the sign-in page to create users' 1AM groups with the 1AM roles attached tothe groups
C. Create an Amazon RDS for SQL Server DB instance to store the users and manage thepermissions to the backend resources in AWS
D. Configure the sign-in page to register and store the users and their passwords in anAmazon DynamoDB table with an attached IAM policy.

Answer: A

Show Answer

Question # 4

A developer needs to build an AWS CloudFormation template that self-populates the AWSRegion variable that deploys the CloudFormation templateWhat is the MOST operationally efficient way to determine the Region in which thetemplate is being deployed?

A. Use the AWS:.Region pseudo parameter
B. Require the Region as a CloudFormation parameter
C. Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic function
D. Dynamically import the Region by referencing the relevant parameter in AWS SystemsManager Parameter Store

Answer: A

Show Answer

Question # 5

An Amazon Simple Queue Service (Amazon SQS) queue serves as an event source for anAWS Lambda function In the SQS queue, each item corresponds to a video file that theLambda function must convert to a smaller resolution The Lambda function is timing out onlonger video files, but the Lambda function's timeout is already configured to its maximumvalueWhat should a developer do to avoid the timeouts without additional code changes'?

A. Increase the memory configuration of the Lambda function
B. Increase the visibility timeout on the SQS queue
C. Increase the instance size of the host that runs the Lambda function.
D. Use multi-threading for the conversion.

Answer: A

Show Answer

Question # 6

A company needs to deploy all its cloud resources by using AWS CloudFormationtemplates A developer must create an Amazon Simple Notification Service (Amazon SNS)automatic notification to help enforce this rule. The developer creates an SNS topic andsubscribes the email address of the company's security team to the SNS topic.The security team must receive a notification immediately if an 1AM role is created withoutthe use of CloudFormation.Which solution will meet this requirement?

A. Create an AWS Lambda function to filter events from CloudTrail if a role was createdwithout CloudFormation Configure the Lambda function to publish to the SNS topic. Createan Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
B. Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) tofilter events from CloudTrail if a role was created without CloudFormation Configure theFargate task to publish to the SNS topic Create an Amazon EventBridge schedule to runthe Fargate task every 15 minutes
C. Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail ifa role was created without CloudFormation. Configure the script to publish to the SNStopic. Create a cron job to run the script on the EC2 instance every 15 minutes.
D. Create an Amazon EventBridge rule to filter events from CloudTrail if a role was createdwithout CloudFormation Specify the SNS topic as the target of the EventBridge rule.

Answer: D

Show Answer

Question # 7

A company has an application that is hosted on Amazon EC2 instances The applicationstores objects in an Amazon S3 bucket and allows users to download objects from the S3bucket A developer turns on S3 Block Public Access for the S3 bucket After this change,users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can accessobjects in the S3 bucket.Which combination of steps will meet these requirements in the MOST secure way? (SelectTWO.)

A. Create an EC2 instance profile and role with an appropriate policy Associate the rolewith the EC2 instances
B. Create an 1AM user with an appropriate policy. Store the access key ID and secretaccess key on the EC2 instances
C. Modify the application to use the S3 GeneratePresignedUrl API call
D. Modify the application to use the S3 GetObject API call and to return the object handleto the user
E. Modify the application to delegate requests to the S3 bucket.

Answer: A,C

Show Answer

Question # 8

A company runs a payment application on Amazon EC2 instances behind an ApplicationLoad Balance The EC2 instances run in an Auto Scaling group across multiple AvailabilityZones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at restand need to be rotated every month.Which solution will meet these requirements with the LEAST development effort?

A. Save the secrets in a text file and store the text file in Amazon S3 Provision a customermanaged key Use the key for secret encryption in Amazon S3 Read the contents of thetext file and read the export as environment variables Configure S3 Object Lambda torotate the text file every month
B. Save the secrets as strings in AWS Systems Manager Parameter Store and use thedefault AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 userdata script to retrieve the secrets during the startup and export as environment variablesConfigure an AWS Lambda function to rotate the secrets in Parameter Store every month.
C. Save the secrets as base64 encoded environment variables in the applicationproperties. Retrieve the secrets during the application startup. Reference the secrets in theapplication code. Write a script to rotate the secrets saved as environment variables.
D. Store the secrets in AWS Secrets Manager Provision a new customer master key Usethe key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 userdata script to programmatically retrieve the secrets during the startup and export asenvironment variables

Answer: D

Show Answer

Question # 9

A developer is creating a simple proof-of-concept demo by using AWS CloudFormation andAWS Lambda functions The demo will use a CloudFormation template to deploy anexisting Lambda function The Lambda function uses deployment packages anddependencies stored in Amazon S3 The developer defined anAWS Lambda Functionresource in a CloudFormation template. The developer needs to add the S3 bucket to theCloudFormation template.What should the developer do to meet these requirements with the LEAST developmenteffort?

A. Add the function code in the CloudFormation template inline as the code property
B. Add the function code in the CloudFormation template as the ZipFile property.
C. Find the S3 key for the Lambda function Add the S3 key as the ZipFile property in theCloudFormation template.
D. Add the relevant key and bucket to the S3Bucket and S3Key properties in theCloudFormation template

Answer: D

Show Answer

Question # 10

A company has a web application that is hosted on Amazon EC2 instances The EC2instances are configured to stream logs to Amazon CloudWatch Logs The company needsto receive an Amazon Simple Notification Service (Amazon SNS) notification when thenumber of application error messages exceeds a defined threshold within a 5-minuteperiodWhich solution will meet these requirements?

A. Rewrite the application code to stream application logs to Amazon SNS Configure anSNS topic to send a notification when the number of errors exceeds the defined thresholdwithin a 5-minute period
B. Configure a subscription filter on the CloudWatch Logs log group. Configure the filter tosend an SNS notification when the number of errors exceeds the defined threshold within a5-minute period.
C. Install and configure the Amazon Inspector agent on the EC2 instances to monitor forerrors Configure Amazon Inspector to send an SNS notification when the number of errorsexceeds the defined threshold within a 5-minute period
D. Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to sendan SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

Answer: D

Show Answer

Question # 11

A developer designed an application on an Amazon EC2 instance The application makesAPI requests to objects in an Amazon S3 bucketWhich combination of steps will ensure that the application makes the API requests in theMOST secure manner? (Select TWO.)

A. Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AMgroup
B. Create an IAM role that has permissions to the S3 bucket
C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
D. Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AMgroup
E. Store the credentials of the IAM user in the environment variables on the EC2 instance

Answer: B,C

Show Answer

Question # 12

A developer is using AWS Step Functions to automate a workflow The workflow defineseach step as an AWS Lambda function task The developer notices that runs of the StepFunctions state machine fail in the GetResource task with either anUlegalArgumentException error or a TooManyRequestsException errorThe developer wants the state machine to stop running when the state machine encountersan UlegalArgumentException error. The state machine needs to retry the GetResourcetask one additional time after 10 seconds if the state machine encounters aTooManyRequestsException error. If the second attempt fails, the developer wants thestate machine to stop running.How can the developer implement the Lambda retry functionality without addingunnecessary complexity to the state machine'?

A. Add a Delay task after the GetResource task. Add a catcher to the GetResource task.Configure the catcher with an error type of TooManyRequestsException. Configure thenext step to be the Delay task Configure the Delay task to wait for an interval of 10 secondsConfigure the next step to be the GetResource task.
B. Add a catcher to the GetResource task Configure the catcher with an error type ofTooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of1. Configure the next step to be the GetResource task.
C. Add a retrier to the GetResource task Configure the retrier with an error type ofTooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of1.
D. Duplicate the GetResource task Rename the new GetResource task to TryAgain Add acatcher to the original GetResource task Configure the catcher with an error type ofTooManyRequestsException. Configure the next step to be TryAgain.

Answer: C

Show Answer

Question # 13

A developer creates a static website for their department The developer deploys the staticassets for the website to an Amazon S3 bucket and serves the assets with AmazonCloudFront The developer uses origin access control (OAC) on the CloudFront distributionto access the S3 bucketThe developer notices users can access the root URL and specific pages but cannotaccess directories without specifying a file name. For example, /products/index.html works,but /products returns an error The developer needs to enable accessing directories withoutspecifying a file name without exposing the S3 bucket publicly.Which solution will meet these requirements'?

A. Update the CloudFront distribution's settings to index.html as the default root object isset
B. Update the Amazon S3 bucket settings and enable static website hosting. Specify indexhtml as the Index document Update the S3 bucket policy to enable access. Update theCloudFront distribution's origin to use the S3 website endpoint
C. Create a CloudFront function that examines the request URL and appends index.htmlwhen directories are being accessed Add the function as a viewer request CloudFrontfunction to the CloudFront distribution's behavior.
D. Create a custom error response on the CloudFront distribution with the HTTP error codeset to the HTTP 404 Not Found response code and the response page path to /index htmlSet the HTTP response code to the HTTP 200 OK response code

Answer: A

Show Answer

Question # 14

A company has an existing application that has hardcoded database credentials Adeveloper needs to modify the existing application The application is deployed in two AWSRegions with an active-passive failover configuration to meet company’s disaster recoverystrategyThe developer needs a solution to store the credentials outside the code. The solution mustcomply With the company's disaster recovery strategyWhich solution Will meet these requirements in the MOST secure way?

A. Store the credentials in AWS Secrets Manager in the primary Region. Enable secretreplication to the secondary Region Update the application to use the Amazon ResourceName (ARN) based on the Region.
B. Store credentials in AWS Systems Manager Parameter Store in the primary Region.Enable parameter replication to the secondary Region. Update the application to use theAmazon Resource Name (ARN) based on the Region.
C. Store credentials in a config file. Upload the config file to an S3 bucket in me primaryRegion. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region.Update the application to access the config file from the S3 bucket based on the Region.
D. Store credentials in a config file. Upload the config file to an Amazon Elastic File System(Amazon EFS) file system. Update the application to use the Amazon EFS file systemRegional endpoints to access the config file in the primary and secondary Regions.

Answer: A

Show Answer

Question # 15

A developer must use multi-factor authentication (MFA) to access data in an Amazon S3 bucket that is in another AWS account. Which AWS Security Token Service (AWS STS)API operation should the developer use with the MFA information to meet thisrequirement?

A. AssumeRoleWithWebidentity
B. GetFederationToken
C. AssumeRoleWithSAML
D. AssumeRole

Answer: D

Show Answer