AWS Certified Developer Associate (DVA-C02)

The AWS Certified Developer Associate (DVA-C02) were last updated on today.

Viewing page 3 out of 215 pages.
Viewing questions 11-15 out of 1,075 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #11 Topic 1

A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users. The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error. The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure. Which solution will meet these requirements?

A Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior's settings unchanged.
B Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to *, and make viewer access restricted. Change the default cache behavior's path pattern to the path of the login page, and make viewer access unrestricted.
C Add a second origin as a failover origin to the default cache behavior. Point the failover origin to the S3 bucket. Set the path pattern for the primary origin to *, and make viewer access restricted. Set the path pattern for the failover origin to the path of the login page, and make viewer access unrestricted.
D Add a bucket policy to the S3 bucket to allow read access. Set the resource on the policy to the Amazon Resource Name (ARN) of the login page object in the S3 bucket. Add a CloudFront function to the default cache behavior to redirect unauthorized requests to the login page's S3 URL.

Suggested Answer: A
NOTE: Answer is :A
Explanation :Solution A meets the requirements by allowing public access to the login page while keeping everything else secure. This can be achieved by adding a second cache behavior to the distribution with the same origin as the default. The path pattern of this new cache behavior is then set to the path of the login page, and its viewer access is made unrestricted, thus allowing anyone to access the login page. The default cache behavior, which has restricted viewer access, is not changed, ensuring the rest of the content remains secure.

Question #12 Topic 1

An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata. What AWS service should be used to accomplish this?

A Amazon DynamoDB
B Amazon EC2
C AWS Lambda
D Amazon RDS

Suggested Answer: A
NOTE: Answer is :A
Explanation :Amazon DynamoDB is designed to handle large scalable workloads, and can provide single-digit millisecond latency retrieval functionality which is suitable for the organization's requirements.

Question #13 Topic 1

A software company is launching a multimedia application. The application will allow guest users to access sample content before the users decide if they want to create an account to gain full access. The company wants to implement an authentication process that can identify users who have already created an account. The company also needs to keep track of the number of guest users who eventually create an account. Which combination of steps will meet these requirements? (Choose two.)

A Create an Amazon Cognito user pool. Configure the user pool to allow unauthenticated users. Exchange user tokens for temporary credentials that allow authenticated users to assume a role.
B Create an Amazon Cognito identity pool. Configure the identity pool to allow unauthenticated users. Exchange unique identity for temporary credentials that allow all users to assume a role.
C Create an Amazon CloudFront distribution. Configure the distribution to allow unauthenticated users. Exchange user tokens for temporary credentials that allow all users to assume a role.
D Create a role for authenticated users that allows access to all content. Create a role for unauthenticated users that allows access to only the sample content.
E Allow all users to access the sample content by default. Create a role for authenticated users that allows access to the other content.

Suggested Answer: AB
NOTE: Answer is :A, B
Explanation :Amazon Cognito enables the creation of unique identities for users and allows secure and temporary access to AWS resources. A user pool is a user directory in Amazon Cognito and serves as an identity provider. An identity pool grants temporary AWS credentials for users who have guest access or for those who have authenticated from external identity providers. Therefore, using Amazon Cognito user pool and identity pool can simultaneously identify all users and track guest users who eventually sign up.

Question #14 Topic 1

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks. Which solution will meet these requirements MOST cost-effectively?

A Amazon S3 with encrypted files prefixed with “config”
B AWS Secrets Manager secrets with a tag that is named SecretString
C AWS Systems Manager Parameter Store SecureString parameters
D CloudFormation NoEcho parameters

Suggested Answer: C
NOTE: Answer is :C
Explanation :AWS Systems Manager Parameter Store SecureString parameters is the most cost-effective way to securely manage and store configuration data and secrets. This feature provides the ability to obtain the latest AMI ID, password, license key, a connection string, and other sensitive information that are needed for managing systems and running scripts.

Question #15 Topic 1

A company has a critical application on AWS. The application exposes an HTTP API by using Amazon API Gateway. The API is integrated with an AWS Lambda function. The application stores data in an Amazon RDS for MySQL DB instance with 2 virtual CPUs (vCPUs) and 64 GB of RAM. Customers have reported that some of the API calls return HTTP 500 Internal Server Error responses. Amazon CloudWatch Logs shows errors for “too many connections.” The errors occur during peak usage times that are unpredictable. The company needs to make the application resilient. The database cannot be down outside of scheduled maintenance hours. Which solution will meet these requirements?

A Decrease the number of vCPUs for the DB instance. Increase the max_connections setting.
B Use Amazon RDS Proxy to create a proxy that connects to the DB instance. Update the Lambda function to connect to the proxy.
C Add a CloudWatch alarm that changes the DB instance class when the number of connections increases to more than 1,000.
D Add an Amazon EventBridge rule that increases the max_connections setting of the DB instance when CPU utilization is above 75%.

Suggested Answer: B
NOTE: Answer is :B
Explanation :RDS Proxy manages the pool of connections and takes care of handling a large number of connections from Lambda to the DB, thus reducing the 'too many connections' error. It is a fully-managed, highly available database proxy for Amazon RDS and Amazon Aurora that makes applications more scalable, more resilient to database failures.