If you are preparing for AWS Certified Developer - Associate(DVA-C02) Certification exam, then this article is going to help you achieve the success. This certification exam is specifically designed for those who would like to test their skills on development, deployment and maintenance of applications on AWS platform. This certification acts as a good starting point for candidates who are looking to build their career on development, testing and debugging various aws applications.

But before taking this exam, I would highly recommend you to complete the AWS foundational certification as a prerequisite. This will make your life easier in understanding various aws core concepts and services. You can also practice for this exam using our practice test series.

 

AWS Certified Developer - Associate(DVA-C02) Practice Questions and Answers Part - 1

Also Read: AWS Certified Cloud Practitioner(Foundational) Practice Test Part - 3 [Latest]

1. A public-facing weather application stores millions of weather forecast files in an Amazon S3 bucket. During bad weather, the bucket can experience tens of thousands of GET requests per second. The developer must avoid Amazon S3 reads throttling because of request rate limits. Which solutions meet the requirements? (Select TWO)

a) Adopt an object key naming pattern that distributes the objects across multiple prefixes

b) Open an AWS support ticket to increase the request-per-second quota on the Amazon S3 bucket.

c) Create multiple access points for the Amazon S3 bucket. Adopt a naming pattern that distributes traffic to different access points. Adjust the application to use the multiple access points.

d) Adjust the Amazon S3 bucket settings for Minimum TTL, Maximum TTL, and Default TTL to control cache behavior.

e) Create an Amazon CloudFront web distribution with the Amazon S3 bucket as an origin. Set the distribution 's Minimum TTL, Maximum TTL, and Default TTL to control cache behavior. Adjust the web application to use the CloudFront distribution domain name.

Ans. a) Adopt an object key naming pattern that distributes the objects across multiple prefixes

e) Create an Amazon CloudFront web distribution with the Amazon S3 bucket as an origin. Set the distribution 's Minimum TTL, Maximum TTL, and Default TTL to control cache behavior. Adjust the web application to use the CloudFront distribution domain name.

 

2. A company plans to use AWS log monitoring services to monitor an application that runs on premises. Currently, the application runs on a recent version of Ubuntu Server and outputs the logs to a local file. Which combination of steps should a developer perform to accomplish this goal? (Select TWO)

a) Update the application code to include calls to the agent API for log collection.

b) Install the Amazon Elastic Container Service (Amazon ECS) container agent on the Server.

c) Install the unified Amazon CloudWatch agent on the server.

d) Configure the long-term AWS credentials on the server to enable log collection by the agent

e) Attach an IAM role to the server to enable log collection by the agent

Ans. c) Install the unified Amazon CloudWatch agent on the server.

d) Configure the long-term AWS credentials on the server to enable log collection by the agent

 

3. A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API. A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token must also be accessible from other AWS accounts. Which solution will meet these requirements with the LEAST management overhead?

a) Use an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token. Add a resource-based policy to the parameter to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Parameter Store. Retrieve the token from Parameter Store with the decrypt flag enabled. Use the decrypted access token to send the message to the chat.

b) Encrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key. Store the access token in an Amazon DynamoDB table. Update the IAM role of the EC2 instances with permissions to access DynamoDB and AWS KMS. Retrieve the token from DynamoDB. Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the message to the chat.

c) Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token. Add a resource-based policy to the secret to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager. Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to the chat.

d) Encrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key. Store the access token in an Amazon S3 bucket. Add a bucket policy to the S3 bucket to allow access from other accounts. Update the IAM
role of the EC2 instances with permissions to access Amazon S3 and AWS KMS. Retrieve the token from the S3 bucket. Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the massage to the chat.

Ans. c) Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token. Add a resource-based policy to the secret to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager. Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to the chat.

 

4. A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing. Which solution will meet these requirements?

a) Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

b) Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

c) Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

d) Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

Ans. d) Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

 

5. An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB. Which option will meet these requirements with the HIGHEST level of security?

a) Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).

b) Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.

c) Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.

d) Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Ans. d) Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

 

6. A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table. What is the MOST likely cause of this issue?

a) The Lambda function's concurrency limit has been exceeded.

b) DynamoDB table requires a global secondary index (GSI) to support writes.

c) The Lambda function does not have IAM permissions to write to DynamoDB.

d) The DynamoDB table is not running in the same Availability Zone as the Lambda function.

Ans. c) The Lambda function does not have IAM permissions to write to DynamoDB.

 

7. A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types. How can the developer incorporate the list of approved instance types in the CloudFormation template?

a) Create a separate CloudFormation template for each EC2 instance type in the list.

b) In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.

c) In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.

d) In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

Ans. d) In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

 

8. A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element. Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)

a) Retry the batch operation immediately.

b) Retry the batch operation with exponential backoff and randomized delay.

c) Update the application to use an AWS software development kit (AWS SDK) to make the requests.

d) Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

e) Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

Ans. b) Retry the batch operation with exponential backoff and randomized delay.

d) Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

 

9. A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage. How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?

a) Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

b) Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

c) Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.

d) Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

Ans. b) Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

 

10. A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API. The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance. Which solution will meet these requirements MOST securely?

a) Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

b) Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

c) Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

d) Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Ans. a) Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

 

11. A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments. How should the developer retrieve the variables with the FEWEST application changes?

a) Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

b) Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

c) Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.

d) Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

Ans. a) Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

 

12. A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application. Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?

a) Encode each employee's contact information and photos using Base64. Store the information in an Amazon DynamoDB table using a sort key.

b) Store each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

c) Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

d) Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).

Ans. b) Store each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

 

13. A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB. Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to 5 MB. Which solution will meet these requirements with the LEAST operational overhead?

a) Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.

b) Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

c) Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

d) Create a users table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

Ans. b) Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

 

14. A company receives food orders from multiple partners. The company has a microservices application that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function to process the orders. Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the future with the fewest code changes possible. Which solution will meet these requirements in the MOST scalable way?

a) Create a different Amazon Simple Notification Service (Amazon SNS) topic for each partner. Configure the Lambda function to publish messages for each partner to the partner's SNS topic.

b) Create a different Lambda function for each partner. Configure the Lambda function to notify each partner's service endpoint directly.

c) Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the Lambda function to publish messages with specific attributes to the SNS topic. Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the topic subscriptions.

d) Create one Amazon Simple Notification Service (Amazon SNS) topic. Subscribe all partners to the SNS topic.

Ans. c) Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the Lambda function to publish messages with specific attributes to the SNS topic. Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the topic subscriptions.

 

15. A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII. A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii. What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

a) Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.

b) Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.

c) Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.

d) Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

Ans. c) Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.

 

16. A developer is deploying an AWS Lambda function. The developer wants the ability to return to older versions of the function quickly and seamlessly. How can the developer achieve this goal with the LEAST operational overhead?

a) Use AWS OpsWorks to perform blue/green deployments.

b) Use a function alias with different versions.

c) Maintain deployment packages for older versions in Amazon S3.

d) Use AWS CodePipeline for deployments and rollbacks.

Ans. b) Use a function alias with different versions.

 

17. A developer has written an AWS Lambda function. The function is CPU-bound. The developer wants to ensure that the function returns responses quickly. How can the developer improve the function's performance?

a) Increase the function's CPU core count.

b) Increase the function's memory.

c) Increase the function's reserved concurrency.

d) Increase the function's timeout.

Ans. b) Increase the function's memory.

 

18. For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?

a) BeforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall

b) ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart

c) BeforeInstall -> ApplicationStop -> ValidateService ->ApplicationStart

d) ApplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart

Ans. b) ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart

 

19. A company is building a serverless application on AWS. The application uses an AWS Lambda function to process customer orders 24 hours a day, 7 days a week. The Lambda function calls an external vendor's HTTP API to process payments. During load tests, a developer discovers that the external vendor payment processing API occasionally times out and returns errors. The company expects that some payment processing API calls will return errors. The company wants the support team to receive notifications in near real time only when the payment processing external API error rate exceed 5% of the total number of transactions in an hour. Developers need to use an existing Amazon Simple Notification Service (Amazon SNS) topic that is configured to notify the support team. Which solution will meet these requirements?

a) Write the results of payment processing API calls to Amazon CloudWatch. Use Amazon CloudWatch Logs Insights to query the CloudWatch logs. Schedule the Lambda function to check the CloudWatch logs and notify the existing SNS topic.

b) Publish custom metrics to CloudWatch that record the failures of the external payment processing API calls. Configure a CloudWatch alarm to notify the existing SNS topic when error rate exceeds the specified rate.

c) Publish the results of the external payment processing API calls to a new Amazon SNS topic. Subscribe the support team members to the new SNS topic.

d) Write the results of the external payment processing API calls to Amazon S3. Schedule an Amazon Athena query to run at regular intervals. Configure Athena to send notifications to the existing SNS topic when the error rate exceeds the specified rate.

Ans. b) Publish custom metrics to CloudWatch that record the failures of the external payment processing API calls. Configure a CloudWatch alarm to notify the existing SNS topic when error rate exceeds the specified rate.

 

20. A company is offering APIs as a service over the internet to provide unauthenticated read access to statistical information that is updated daily. The company uses Amazon API Gateway and AWS Lambda to develop the APIs. The service has become popular, and the company wants to enhance the responsiveness of the APIs. Which action can help the company achieve this goal?

a) Enable API caching in API Gateway.

b) Configure API Gateway to use an interface VPC endpoint.

c) Enable cross-origin resource sharing (CORS) for the APIs.

d) Configure usage plans and API keys in API Gateway.

Ans. a) Enable API caching in API Gateway.

 

21. A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer. The developer needs to implement a solution to support the following use cases.

• For a given title and release year, get all details about the movie that has that title and release year.
• For a given title, get all details about all movies that have that title.
• For a given genre, get all details about all movies in that genre.

Which data store configuration will meet these requirements?

a) Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

b) Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

c) On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

d) On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

Ans. a) Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

 

22. A developer writes a session management component for a web application. The newly written code records web session information to an Amazon DynamoDB table. The developer verifies the functionality of the code and stores the credentials on a laptop. The developer uses the production Amazon Machine Image (AMI) to deploy the code to a test Amazon EC2 instance. The test fails. DynamoDB returns an error with the 403 HTTP status code. Which solution will resolve this issue MOST securely?

a) Create a new IAM role that has the policy permissions necessary to access the DynamoDB table. Attach the role to the test EC2 instance.

b) Create a new IAM user that has the appropriate policy permissions to access the DynamoDB table. Create a secret key and access key ID for the new user. Run aws configure CLI command on the test EC2 instance to store the access key ID and secret access key.

c) Create a new IAM group that has the appropriate policy permissions to access the DynamoDB table. Add the EC2 instance to the new group.

d) Create a resource-based policy that provides read and write permissions for the test EC2 instance. Attach the policy to the DynamoDB table.

Ans. a) Create a new IAM role that has the policy permissions necessary to access the DynamoDB table. Attach the role to the test EC2 instance.

 

23. A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. Which solution meet these requirements?

a) Use the option for server-side encryption with custom-provided encryption keys(SSE-C) to configure default encryption for the Amazon S3 bucket.

b) Use an encryption key to configure client-side encryption. Upload the encrypted object to the Amazon S3 bucket.

c) Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to configure server-side encryption. Upload an object to the Amazon S3 bucket.

d) Use server-side encryption with customer-provided encryption keys(SSE-C) to configure server-side encryption. Upload an object to the Amazon S3 bucket.

Ans. d) Use server-side encryption with customer-provided encryption keys(SSE-C) to configure server-side encryption. Upload an object to the Amazon S3 bucket.

 

24. An ecommerce application is storing shopping statistics in an Amazon DynamoDB table. A developer is writing a resilient backend service to retrieve the shopping statistics to calculate sums and averages. The statistics need to be calculated in near-real-time. What should the developer do to meet the requirements?

a) Use AWS Batch to schedule a job that will calculate the sums and averages.

b) Connect an AWS Lambda function to Amazon DynamoDB Streams to calculate the sums and averages.

c) Use a scheduled Amazon EventBridge event rule to calculate the sums and averages.

d) Connect a single Amazon EC2 instance to DynamoDB Streams to calculate the sums and averages.

Ans. b) Connect an AWS Lambda function to Amazon DynamoDB Streams to calculate the sums and averages.

 

25. A company is migrating the create, read, update and delete (CRUD) functionality of an existing Java web application to AWS Lambda. Which minimal code refactoring is necessary for the CRUD operations to run in the Lambda function?

a) Implement a Lambda handler function

b) Import an AWS X-Ray package.

c) Rewrite the application code in Python.

d) Add a reference to the Lambda execution role.

Ans. a) Implement a Lambda handler function

 

26. A company operates an on-premises web server. The server runs a stateless web application and a relational database. The company wants to modernize the website. The modernization solution should seamlessly use the existing website code, be highly available, and reduce the current operational overhead. Which solution will meet these requirements?

a) Package the website code in a container image. Run the container on an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate behind an Application Load Balancer. Use an Amazon RDS Multi-AZ database to implement the database.

b) Package the website code in a compressed archive. Create an AWS Lambda function based on the compressed archive. Use Amazon DynamoDB to implement the database.

c) Package the website code in a compressed archive. Deploy the website code to an Amazon EC2 instance. Run the database on the same EC2 instance.

d) Package the website code in a container image. Run the container on a cluster of Amazon EC2 instances behind an Application Load Balancer. Use Amazon DynamoDB to implement the database.

Ans. a) Package the website code in a container image. Run the container on an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate behind an Application Load Balancer. Use an Amazon RDS Multi-AZ database to implement the database.

 

27. A company uses the AWS Serverless Application Model (AWS SAM) to deploy a REST API that integrates with an AWS Lambda function. The company needs to implement an automated deployment that will route 10 percent of traffic to a new version of the Lambda function. Error rates are checked every 30 minutes. The remaining 90 percent of traffic routes to the new version of the Lambda function if errors are within acceptable limits. The deployment rolls back if error rates are above exception limits. Which solution will meet these requirements?

a) Set the DeploymentPreference type to Canary10Percent30Minutes.

b) Define an Amazon CloudWatch alarm to detect an elevated error rate. Use the DeploymentPreference PostTraffic hook to reference the alarm.

c) Set the DeploymentPreference type to Linear10PercentEvery3Minutes.

d) Define an Amazon CloudWatch alarm to detect an elevated error rate. Define a separate Lambda function to query the alarm and roll back the stack.

Ans. a) Set the DeploymentPreference type to Canary10Percent30Minutes.

 

28. A developer is writing an application, which stores data in an Amazon DynamoDB table. The developer wants to query the DynamoDB table by using the partition key and a different sort key value. The developer needs the latest data with all recent write operations. How should the developer write the DynamoDB query?

a) Add a local secondary index (LSI) during table creation. Query the LSI by using eventually consistent reads.

b) Add a local secondary index (LSI) during table creation. Query the LSI by using strongly consistent reads.

c) Add a global secondary index (GSI) during table creation. Query the GSI by using eventually consistent reads.

d) Add a global secondary index (GSI) during table creation. Query the GSI by using strongly consistent reads.

Ans. b) Add a local secondary index (LSI) during table creation. Query the LSI by using strongly consistent reads.

 

29. A global company has a mobile app with static data stored in an Amazon S3 bucket in the us-east-1 Region. The company serves the content through an Amazon CloudFront distribution. The company is launching the mobile app in South Africa. The data must reside in the af-south-1 Region. The company does not want to deploy a specific mobile client for South Africa. What should the company do to meet these requirements?

a) Use the CloudFront geographic restriction feature to block access to users in South Africa.

b) Create a Lambda@Edge function. Associate the Lambda@Edge function as an origin request trigger with the CloudFront distribution to change the S3 origin Region.

c) Create a Lambda@Edge function. Associate the Lambda@Edge function as a viewer response trigger with the CloudFront distribution to change the S3 origin Region.

d) Include af-south-1 in the alternate domain name (CNAME) of the CloudFront distribution.

Ans. b) Create a Lambda@Edge function. Associate the Lambda@Edge function as an origin request trigger with the CloudFront distribution to change the S3 origin Region.

 

30. A developer is testing an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM) local CLI. The application that is implemented by the Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop. What should the developer do to meet these requirements?

a) Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.

b) Add a test profile by using the aws configure command with the --profile option. Run AWS SAM by using the sam local invoke command with the -profile option.

c) Edit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.

d) Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the --parameter-overrides option.

Ans. b) Add a test profile by using the aws configure command with the --profile option. Run AWS SAM by using the sam local invoke command with the -profile option.

 

31. A developer designed an application on an Amazon EC2 instance. The application makes API requests to objects in an Amazon S3 bucket. Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Choose two.)

a) Create an IAM user that has permissions to the S3 bucket. Add the user to an IAM group.

b) Create an IAM role that has permissions to the S3 bucket.

c) Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

d) Create an IAM role that has permissions to the S3 bucket. Assign the role to an 1AM group.

e) Store the credentials of the IAM user in the environment variables on the EC2 instance.

Ans. b) Create an IAM role that has permissions to the S3 bucket.

c) Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

 

32. A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1 Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings. What should the developer do to fix this problem?

a) Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

b) Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

c) Recreate the CloudFront distribution in the same Region as the certificate.

d) Specify the ACM certificate name as the default root object of the CloudFront distribution.

Ans. b) Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

 

33. A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts. How can the developer authenticate users?

a) Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.

b) Configure the ALB to use Amazon Cognito as one of the authentication providers.

c) Configure CloudFront to use Amazon Cognito as one of the authentication providers.

d) Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.

Ans. b) Configure the ALB to use Amazon Cognito as one of the authentication providers.

 

34. A company has an application that analyzes photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance. What should the functions do to obtain this information?

a) Call the DescribeInstances API operation and filter on the current instance ID. Examine the ElasticGpuAssociations property.

b) Evaluate the GPU AVAILABLE environment variable.

c) Call the DescribeElasticGpus API operation.

d) Retrieve the instance type from the instance metadata.

Ans. d) Retrieve the instance type from the instance metadata.

 

35. A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement?

a) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

b) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

c) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

d) Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Ans. b) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

 

36. A company hosts a three-tier web application on AWS behind an Amazon CloudFront distribution. A developer wants a dashboard to monitor error rates and anomalies of the CloudFront distribution with the shortest possible refresh interval. Which combination of slops should the developer take to meet these requirements? (Choose two.)

a) Activate real-time logs on the CloudFront distribution. Create a stream in Amazon Kinesis Data Streams.

b) Export the CloudFront logs to an Amazon S3 bucket. Detect anomalies and error rates with Amazon QuickSight.

c) Configure Amazon Kinesis Data Streams to deliver logs to Amazon OpenSearch Service (Amazon Elasticsearch Service). Create a dashboard in OpenSearch Dashboards (Kibana).

d) Create Amazon CloudWatch alarms based on expected values of selected CloudWatch metrics to detect anomalies and errors.

e) Design an Amazon CloudWatch dashboard of the selected CloudFront distribution metrics.

Ans. a) Activate real-time logs on the CloudFront distribution. Create a stream in Amazon Kinesis Data Streams.

c) Configure Amazon Kinesis Data Streams to deliver logs to Amazon OpenSearch Service (Amazon Elasticsearch Service). Create a dashboard in OpenSearch Dashboards (Kibana).

 

37. A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI and Amazon Cognito authentication. The developer has a new version of the API that contains new endpoints and backward-incompatible interface changes. The developer needs to provide beta access to other developers on the team without affecting customers. Which solution will meet these requirements with the LEAST operational overhead?

a) Define a development stage on the API Gateway API. Instruct the other developers to point the endpoints to the development stage.

b) Define a new API Gateway API that points to the new API application code. Instruct the other developers to point the endpoints to the new API.

c) Implement a query parameter in the API application code that determines which code version to call.

d) Specify new API Gateway endpoints for the API endpoints that the developer wants to add.

Ans. a) Define a development stage on the API Gateway API. Instruct the other developers to point the endpoints to the development stage.

 

38. A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets. Which solution will meet these requirements?

a) Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

b) Create an Amazon ElastiCache for Memcached instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

c) Create an Amazon RDS for MySQL read replica. Connect to the read replica by using SSL. Configure the read replica to store frequently accessed data.

d) Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table. Store frequently accessed data in the DynamoDB table.

Ans. a) Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

 

39. A company has a multi-node Windows legacy application that runs on premises. The application uses a network shared folder as a centralized configuration repository to store configuration files in .xml format. The company is migrating the application to Amazon EC2 instances. As part of the migration to AWS, a developer must identify a solution that provides high availability for the repository. Which solution will meet this requirement MOST cost-effectively?

a) Mount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instances. Deploy a file system on the EBS volume. Use the host operating system to share a folder. Update the application code to read and write configuration files from the shared folder.

b) Deploy a micro EC2 instance with an instance store volume. Use the host operating system to share a folder. Update the application code to read and write configuration files from the shared folder.

c) Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files to the S3 bucket. Update the application code to use the AWS SDK to read and write configuration files from Amazon S3.

d) Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files to the S3 bucket. Mount the S3 bucket to the EC2 instances as a local volume. Update the application code to read and write configuration files from the disk.

Ans. c) Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files to the S3 bucket. Update the application code to use the AWS SDK to read and write configuration files from Amazon S3.

 

40. A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub. The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The company needs a solution that does not require servers to run continuously. Which solution will meet these requirements with the LEAST operational overhead?

a) Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.

b) Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch. Integrate AWS CodePipeline to automate deployments from version control code merges.

c) Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control. Add an AWS CodeBuild stage to copy source code to Amazon S3.

d) Host each website on its own Amazon EC2 instance. Write a custom deployment script to bundle each website's static assets. Copy the assets to Amazon EC2. Set up a workflow to run the script when code is merged.

Ans. a) Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.

 

41. A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads. The company wants to refactor the code to achieve optimum read performance for queries. Which solution will meet this requirement with LEAST current and future effort?

a) Use a multi-AZ Amazon RDS deployment. Increase the number of connections that the code makes to the database or increase the connection pool size if a connection pool is in use.

b) Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access the secondary RDS instance.

c) Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

d) Use open source replication software to create a copy of the MySQL database on an Amazon EC2 instance. Modify the application code so that queries use the IP address of the EC2 instance.

Ans. c) Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

 

42. A developer is creating an application that will be deployed on IoT devices. The application will send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign each API request a unique identifier. The volume of API requests from the application can randomly increase at any given time of day. During periods of request throttling, the application might need to retry requests. The API must be able to handle duplicate requests without inconsistencies or data loss. Which solution will meet these requirements?

a) Create an Amazon RDS for MySQL DB instance. Store the unique identifier for each request in a database table. Modify the Lambda function to check the table for the identifier before processing the request.

b) Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to check the table for the identifier before processing the request.

c) Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to return a client error response when the function receives a duplicate request.

d) Create an Amazon ElastiCache for Memcached instance. Store the unique identifier for each request in the cache. Modify the Lambda function to check the cache for the identifier before processing the request.

Ans. b) Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to check the table for the identifier before processing the request.

 

43. A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts.
What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?

a) Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket.

b) Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket

c) Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.

d) Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request.

Ans. c) Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.

 

44. A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement?

a) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

b) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

c) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

d) Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Ans. b) Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

 

45. A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). Which solution will meet this requirement?

a) Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.

b) Set the x-amz-server-side-encryption header when invoking the PutObject API operation. 

c) Provide the encryption key in the HTTP header of every request.

d) Apply TLS to encrypt the traffic to the S3 bucket.

Ans. b) Set the x-amz-server-side-encryption header when invoking the PutObject API operation. 

 

46. A developer needs to perform geographic load testing of an API. The developer must deploy resources to multiple AWS Regions to support the load testing of the API. How can the developer meet these requirements without additional application code?

a) Create and deploy an AWS Lambda function in each desired Region. Configure the Lambda function to create a stack from an AWS CloudFormation template in that Region when the function is invoked.

b) Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.

c) Create an AWS Systems Manager document that defines the resources. Use the document to create the resources in the desired Regions.

d) Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI deploy command to create a stack from the template in each Region.

Ans. b) Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.

 

47. A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider. How should the developer configure the custom domain for the application?

a) Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.

b) Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

c) Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.

d) Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Ans. d) Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

 

48. A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which AWS service or tool should the developer use to define serverless resources in YAML?

a) CloudFormation serverless intrinsic functions

b) AWS Elastic Beanstalk

c) AWS Serverless Application Model (AWS SAM) 

d) AWS Cloud Development Kit (AWS CDK)

Ans. c) AWS Serverless Application Model (AWS SAM) 

 

49. A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket. Which set of steps would be necessary to achieve this?

a) Create an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB.

b) Configure an S3 event to invoke an AWS Lambda function that inserts records into DynamoDB. 

c) Create an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.

d) Create a cron job that will run at a scheduled time and insert the records into DynamoDB.

Ans. b) Configure an S3 event to invoke an AWS Lambda function that inserts records into DynamoDB. 

 

50. A development team maintains a web application by using a single AWS CloudFormation template. The template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template to deploy the Cloud Formation stack to different environments. During a recent application deployment, a developer caused the primary development database to be dropped and recreated. The result of this incident was a loss of data. The team needs to avoid accidental database deletion in the future. Which solutions will meet these requirements? (Choose two.)

a) Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.

b) Update the CloudFormation stack policy to prevent updates to the database.

c) Modify the database to use a Multi-AZ deployment.

d) Create a CloudFormation stack set for the web application and database deployments.

e) Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

Ans. a) Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.

c) Modify the database to use a Multi-AZ deployment.