AWS DVA-C01 :: Practice Exam12

You are running workloads on AWS and have embedded RDS database connection strings within each web server hosting your applications. After failing a security audit, you are looking at a different approach to store your secrets securely and automatically rotate the database credentials. Which AWS service can you use to address this use-case?. Secrets Manager. SSM Parameter Store. Systems Manager. KMS.

Which of the following best describes how KMS Encryption works?. KMS stores the CMK, and receives data from the clients, which it encrypts and sends back. KMS receives CMK from the client at every encrypt call, and encrypts the data with that. KMS sends the CMK to the client, which performs the encryption and then deletes the CMK. KMS generates a new CMK for each Encrypt call and encrypts the data with it.

An organization has offices across multiple locations and the technology team has configured an Application Load Balancer across targets in multiple Availability Zones. The team wants to analyze the incoming requests for latencies and the client's IP address patterns. Which feature OF THE Load Balancer will help collect the required information?. ALB access logs. CloudTrail logs. CloudWatch metrics. ALB request tracing.

A development team lead is configuring policies for his team at an IT company. Which of the following policy types only limit permissions but cannot grant permissions (Select two)?. AWS Organizations Service Control Policy (SCP). Permissions boundary. Access control list (ACL). Resource-based policy. Identity-based policy.

A SaaS company runs a HealthCare web application that is used worldwide by users. There have been requests by mobile developers to expose public APIs for the application-specific functionality. You decide to make the APIs available to mobile developers as product offerings. Which of the following options will allow you to do that?. Use API Gateway Usage Plans. Use AWS Billing Usage Plans. Use CloudFront Usage Plans. Use AWS Lambda Custom Authorizers.

You have created an Elastic Load Balancer that has marked all the EC2 instances in the target group as unhealthy. Surprisingly, when you enter the IP address of the EC2 instances in your web browser, you can access your website. What could be the reason your instances are being marked as unhealthy? (Select two). The security group of the EC2 instance does not allow for traffic from the security group of the Application Load Balancer. The route for the health check is misconfigured. The EBS volumes have been improperly mounted. Your web-app has a runtime that is not supported by the Application Load Balancer. You need to attach Elastic IP to the EC2 instances.

A multi-national company has just moved to AWS Cloud and it has configured forecast-based AWS Budgets alerts for cost management. However, no alerts have been received even though the account and the budgets have been created almost three weeks ago. What could be the issue with the AWS Budgets configuration?. AWS requires approximately 5 weeks of usage data to generate budget forecasts. Budget forecast has been created from an account that does not have enough privileges. Amazon CloudWatch could be down and hence alerts are not being sent. Account has to be part of AWS Organizations to receive AWS Budget alerts.

As a developer, you are working on creating an application using AWS Cloud Development Kit (CDK). Which of the following represents the correct order of steps to be followed for creating an app using AWS CDK?. Create the app from a template provided by AWS CDK -> Add code to the app to create resources within stacks -> Build the app (optional) -> Synthesize one or more stacks in the app -> Deploy stack(s) to your AWS account. Create the app from a template provided by AWS CloudFormation -> Add code to the app to create resources within stacks -> Build the app (optional) -> Synthesize one or more stacks in the app -> Deploy stack(s) to your AWS account. Create the app from a template provided by AWS CloudFormation -> Add code to the app to create resources within stacks -> Synthesize one or more stacks in the app -> Deploy stack(s) to your AWS account -> Build the app. Create the app from a template provided by AWS CDK -> Add code to the app to create resources within stacks -> Synthesize one or more stacks in the app -> Deploy stack(s) to your AWS account -> Build the app.

A developer is configuring a bucket policy that denies upload object permission to any requests that do not include the x-amz-server-side-encryption header requesting server-side encryption with SSE-KMS for an Amazon S3 bucket - examplebucket. Which of the following policies is the right fit for the given requirement?. { "Version":"2012-10-17", "Id":"PutObjectPolicy", "Statement":[{ "Sid":"DenyUnEncryptedObjectUploads", "Effect":"Deny", "Principal":"", "Action":"s3:PutObject", "Resource":"arn:aws:s3:::examplebucket/", "Condition":{ "StringNotEquals":{ "s3:x-amz-server-side-encryption":"aws:kms" } } } ] }. { "Version":"2012-10-17", "Id":"PutObjectPolicy", "Statement":[{ "Sid":"DenyUnEncryptedObjectUploads", "Effect":"Deny", "Principal":"", "Action":"s3:GetObject", "Resource":"arn:aws:s3:::examplebucket/", "Condition":{ "StringNotEquals":{ "s3:x-amz-server-side-encryption":"aws:AES256" } } } ] }.

As an AWS Certified Developer Associate, you been asked to create an AWS Elastic Beanstalk environment to handle deployment for an application that has high traffic and high availability needs. You need to deploy the new version using Beanstalk while making sure that performance and availability are not affected. Which of the following is the MOST optimal way to do this while keeping the solution cost-effective?. Deploy using 'Rolling with additional batch' deployment policy. Deploy using 'Immutable' deployment policy. Deploy using 'All at once' deployment policy. Deploy using 'Rolling' deployment policy.

A Developer has been entrusted with the job of securing certain S3 buckets that are shared by a large team of users. Last time, a bucket policy was changed, the bucket was erroneously available for everyone, outside the organization too. Which feature/service will help the developer identify similar security issues with minimum effort?. IAM Access Analyzer. Access Advisor feature on IAM console. S3 Object Lock. S3 Analytics.

A company has built its technology stack on AWS serverless architecture for managing all its business functions. To expedite development for a new business requirement, the company is looking at using pre-built serverless applications. Which AWS service represents the easiest solution to address this use-case?. AWS Serverless Application Repository (SAR). AWS Marketplace. AWS AppSync. AWS Service Catalog.

You have deployed a Java application to an EC2 instance where it uses the X-Ray SDK. When testing from your personal computer, the application sends data to X-Ray but when the application runs from within EC2, the application fails to send data to X-Ray. Which of the following does NOT help with debugging the issue?. X-Ray sampling. EC2 X-Ray Daemon. EC2 Instance Role. CloudTrail.

You're a developer doing contract work for the media sector. Since you work alone, you opt for technologies that require little maintenance, which allows you to focus more on your coding. You have chosen AWS Elastic Beanstalk to assist with the deployment of your applications. While reading online documentation you find that Elastic Beanstalk relies on another AWS service to provision your resources. Which of the following represents this AWS service?. CloudFormation. CodeCommit. CodeDeploy. Systems Manager.

A company has hired you as an AWS Certified Developer Associate to help with redesigning a real-time data processor. The company wants to build custom applications that process and analyze the streaming data for its specialized needs. Which solution will you recommend to address this use-case?. Use Kinesis Data Streams to process the data streams as well as decouple the producers and consumers for the real-time data processor. Use SNS to process the data streams as well as decouple the producers and consumers for the real-time data processor. Use SQS to process the data streams as well as decouple the producers and consumers for the real-time data processor. Use Kinesis Data Firehose to process the data streams as well as decouple the producers and consumers for the real-time data processor.