Pre-Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. DVA-C02
  5. AWS Certified Developer - Associate Questions and Answers

Pass the Amazon Web Services AWS Certified Associate DVA-C02 Questions and answers with CertsForce

 Amazon Web Services Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions
Questions # 41:

A company's application runs on a fleet of Amazon EC2 instances in a VPC within private subnets that do not have public internet access. The company uses Amazon CloudWatch to monitor the application.

A developer is troubleshooting an issue with the application. Some performance metrics are not being published to CloudWatch. The developer uses EC2 Instance Connect to access an EC2 instance. The developer verifies that a CloudWatch agent is pre-installed and running.

The developer needs to ensure that the performance metrics are published to CloudWatch.

Which solution will meet this requirement in the MOST secure way?

Options:
A.

Attach the CloudWatchAgentAdminPolicy managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a NAT gateway in a public subnet.

B.

Add a user data script to install and start up the CloudWatch agent automatically when the EC2 instances are first booted up.

C.

Attach the CloudWatchAgentServerPolicy managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a VPC interface endpoint for CloudWatch.

D.

Attach the CloudWatchReadOnlyAccess managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a VPC interface endpoint for CloudWatch.

Expert Solution
Questions # 42:

A company needs to deploy all its cloud resources by using AWS CloudFormation templates A developer must create an Amazon Simple Notification Service (Amazon SNS) automatic notification to help enforce this rule. The developer creates an SNS topic and subscribes the email address of the company's security team to the SNS topic.

The security team must receive a notification immediately if an 1AM role is created without the use of CloudFormation.

Which solution will meet this requirement?

Options:
A.

Create an AWS Lambda function to filter events from CloudTrail if a role was created without CloudFormation Configure the Lambda function to publish to the SNS topic. Create an Amazon EventBridge schedule to invoke the Lambda function every 15 minutes

B.

Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) to filter events from CloudTrail if a role was created without CloudFormation Configure the Fargate task to publish to the SNS topic Create an Amazon EventBridge schedule to run the Fargate task every 15 minutes

C.

Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail if a role was created without CloudFormation. Configure the script to publish to the SNS topic. Create a cron job to run the script on the EC2 instance every 15 minutes.

D.

Create an Amazon EventBridge rule to filter events from CloudTrail if a role was created without CloudFormation Specify the SNS topic as the target of the EventBridge rule.

Expert Solution
Questions # 43:

A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)

Options:
A.

CacheHitCount

B.

IntegrationLatency

C.

CacheMissCount

D.

Latency

E.

Count

Expert Solution
Questions # 44:

A developer has written a distributed application that uses micro services. The microservices are running on Amazon EC2 instances. Because of message volume, the developer is unable to match log output from each microservice to a specific transaction. The developer needs to analyze the message flow to debug the application.

Which combination of steps should the developer take to meet this requirement? (Select TWO.)

Options:
A.

Download the AWS X-Ray daemon. Install the daemon on an EC2 instance. Ensure that the EC2 instance allows UDP traffic on port 2000.

B.

Configure an interface VPC endpoint to allow traffic to reach the global AWS X-Ray daemon on TCP port 2000.

C.

Enable AWS X-Ray. Configure Amazon CloudWatch to push logs to X-Ray.

D.

Add the AWS X-Ray software development kit (SDK) to the microservices. Use X-Ray to trace requests that each microservice makes.

E.

Set up Amazon CloudWatch metric streams to collect streaming data from the microservices.

Expert Solution
Questions # 45:

A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same AWS Region as the S3 bucket an AWS CloudPormation template that runs for each account will deploy the Lambda function.

What is the MOST secure way to allow CloudFormaton to access the Lambda Code in the S3 bucket?

Options:
A.

Grant the CloudFormation service role the S3 ListBucket and GetObject permissions. Add a bucket policy to Amazon S3 with the principal of "AWS" (account numbers)

B.

Grant the CloudFormation service row the S3 GetObfect permission. Add a Bucket policy to Amazon S3 with the principal of "'"

C.

Use a service-based link to grant the Lambda function the S3 ListBucket and GetObject permissions by explicitly adding the S3 bucket's account number in the resource.

D.

Use a service-based link to grant the Lambda function the S3 GetObject permission Add a resource of "** to allow access to the S3 bucket.

Expert Solution
Questions # 46:

A developer is using AWS Step Functions to automate a workflow The workflow defines each step as an AWS Lambda function task The developer notices that runs of the Step Functions state machine fail in the GetResource task with either an UlegalArgumentException error or a TooManyRequestsException error

The developer wants the state machine to stop running when the state machine encounters an UlegalArgumentException error. The state machine needs to retry the GetResource task one additional time after 10 seconds if the state machine encounters a TooManyRequestsException error. If the second attempt fails, the developer wants the state machine to stop running.

How can the developer implement the Lambda retry functionality without adding unnecessary complexity to the state machine'?

Options:
A.

Add a Delay task after the GetResource task. Add a catcher to the GetResource task. Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be the Delay task Configure the Delay task to wait for an interval of 10 seconds Configure the next step to be the GetResource task.

B.

Add a catcher to the GetResource task Configure the catcher with an error type of TooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of 1. Configure the next step to be the GetResource task.

C.

Add a retrier to the GetResource task Configure the retrier with an error type of TooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of 1.

D.

Duplicate the GetResource task Rename the new GetResource task to TryAgain Add a catcher to the original GetResource task Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be TryAgain.

Expert Solution
Questions # 47:

A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated.

Which solution will meet these requirements?

Options:
A.

Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.

B.

Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.

C.

Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.

D.

Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.

Expert Solution
Questions # 48:

A developer is troubleshooting an application mat uses Amazon DynamoDB in the uswest-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars The EC2 instance has an attached IAM role that contains the following IAM policy.

Question # 48

When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

Options:
A.

Modify the IAM policy resource to be "arn aws dynamo* us-west-2 account-id table/*"

B.

Modify the IAM policy to include the dynamodb * action

C.

Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.

D.

Create a trust relationship between the role and dynamodb Amazonas com.

Expert Solution
Questions # 49:

A developer is designing a full-stack serverless application. Files for the website are stored in an Amazon S3 bucket. AWS Lambda functions that use Amazon API Gateway endpoints return results from an Amazon DynamoDB table.

The developer must create a solution that securely provides registration and authentication for the application while minimizing the amount of configuration.

Which solution meets these requirements?

Options:
A.

Create an Amazon Cognito user pool and an app client. Configure the app client to use the user pool and provide the hosted web UI provided for sign-up and sign-in.

B.

Configure an Amazon Cognito identity pool. Map the users with IAM roles that are configured to access the S3 bucket that stores the website.

C.

Configure and launch an Amazon EC2 instance to set up an identity provider with an Amazon Cognito user pool. Configure the user pool to provide the hosted web UI for sign-up and sign-in.

D.

Create an IAM policy that allows access to the website that is stored in the S3 bucket. Attach the policy to an IAM group. Add IAM users to the group.

Expert Solution
Questions # 50:

A developer is setting up infrastructure by using AWS Cloud Formation. If an error occurs when the resources described in the CloudFormation template are provisioned, successfully provisioned resources must be preserved. The developer must provision and update the CloudFormation stack by using the AWS CLI.

Which solution will meet these requirements?

Options:
A.

Add an --enable-terminal ion-protection command line option to the create-stack command and the update-stack command.

B.

Add a -disable-roll back command line option to the create-stack command and the update-stack command

C.

Add a —parameters ParameterKey=P reserve Resources. ParameterVaIue=True command line option to the create-stack command and the update-stack command.

D.

Add a -tags Key=PreserveResources.VaIue=True command line option to the create-stack command and the update-stack command.

Expert Solution
Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions