amazon AWS Certified Developer Associate - DVA-C01 online exam

Question 1

An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A
requirement for the application is that all messages must be encrypted at rest.
Developers are instructed to use methods that allow for centralized key management and minimize possible support
requirements whenever possible.
Which of the following solutions supports these requirements?

• A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.
• B. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.
• C. Create an SQS queue, and encrypt the queue by using sewer-side encryption with AWS KMS.
• D. Create an SQS queue, and encrypt the queue by using client-side encryption.

Answer:

B

Question 2

A Developer is designing a fault-tolerant environment where client sessions will be saved.
How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?

• A. Use sticky sessions with an Elastic Load Balancer target group.
• B. Use Amazon SQS to save session data.
• C. Use Amazon DynamoDB to perform scalable session handling.
• D. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Answer:

A

Question 3

A developer has created a Node.js web application on a local development machine. The developer wants to use AWS
technology to host the website. The developer needs a solution that requires the least possible operational overhead and no
code changes.
Which AWS service should the developer use to meet these requirements?

• A. AWS Elastic Beanstalk
• B. Amazon EC2
• C. AWS Lambda
• D. Amazon Elastic Kubernetes Service (Amazon EKS)

Answer:

A

Explanation:
Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-devenv.html

Question 4

A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the
calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to
authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

• A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
• B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
• C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
• D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table

Answer:

D

Question 5

Given the source code for an AWS Lambda function in the local store.py containing a handler function called get_store and
the following AWS CloudFormation template:

What should be done to prepare the template so that it can be deployed using the AWS CLI command aws cloudformation
deploy?

• A. Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.
• B. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template.
• C. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive.
• D. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.

Answer:

D

Question 6

An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security
policies require that all data written to this bucket be encrypted.
How can compliance with this policy be ensured?

• A. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.
• B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side- encryption header.
• C. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.
• D. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.

Answer:

B

Question 7

A Developer is creating a mobile application with a limited budget. The solution requires a scalable service that will enable
customers to sign up and authenticate into the mobile application while using the organizations current SAML 2.0 identity
provider.
Which AWS service should be used to meet these requirements?

• A. AWS Lambda
• B. Amazon Cognito
• C. AWS IAM
• D. Amazon EC2

Answer:

B

Question 8

A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application
uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be
encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?

• A. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
• B. Add logic to write all data to an encrypted Amazon S3 bucket.
• C. Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
• D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.

Answer:

A

Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

Question 9

A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local
development environment, the application has used IAM access keys. The application is now ready for deployment onto an
ECS cluster.
How should the application authenticate with AWS services in production?

• A. Configure an ECS task IAM role for the application to use
• B. Refactor the application to call AWS STS AssumeRole based on an instance role
• C. Configure AWS access key/secret access key environment variables with new credentials
• D. Configure the credentials file with a new access key/secret access key

Answer:

A

Question 10

A company runs its APIs using Amazon API Gateway in front of AWS Lambda functions. The company wants to add logging
at the API level. Each API must have production and development environments. The developer wants to enable different
logging levels in both environments.
How can these requirements be met?

• A. Set up a stage for each environment. In each stage, point to different Lambda functions that implement the logging logic in the code. Access the logs in Amazon CloudWatch Logs.
• B. Set up a stage for each environment. In each stage, define a different logging level according to the logging requirements. Access the logs in Amazon CloudWatch Logs.
• C. Set up a stage and use the same Lambda functions. In Amazon CloudWatch Logs, set up a filter based on the log level according to the logging requirements.
• D. Set up a stage for each environment. In each stage, define a variable for the log level. Set the value according to the logging requirements.

Answer:

B