AWS DVA-C01 :: Practice Exam21

A financial services company wants to ensure that the customer data is always kept encrypted on Amazon S3 but wants a fully managed solution to create, rotate and remove the encryption keys. As a Developer Associate, which of the following would you recommend to address the given use-case?. Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS). Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Server-Side Encryption with Customer-Provided Keys (SSE-C). Server-Side Encryption with Secrets Manager.

A recruit has created an Amazon Simple Storage Service (S3) bucket. He needs assistance in getting the security principles right for this bucket. Which of the following is NOT a security practice for access control to S3 buckets?. Use of Security Groups. Use of IAM Roles. Use of Access Control Lists (ACLs). Use of Bucket Policies.

Two policies are attached to an IAM user. The first policy states that the user has explicitly been denied all access to EC2 instances. The second policy states that the user has been allowed permission for EC2:Describe action. When the user tries to use 'Describe' action on an EC2 instance using the CLI, what will be the output?. The user will be denied access because the policy has an explicit deny on it. The IAM user stands in an invalid state, because of conflicting policies. The user will get access because it has an explicit allow. The order of the policy matters. If policy 1 is before 2, then the user is denied access. If policy 2 is before 1, then the user is allowed access.

A large firm stores its static data assets on Amazon S3 buckets. Each service line of the firm has its own AWS account. For a business use case, the Finance department needs to give access to their S3 bucket's data to the Human Resources department. Which of the below options is NOT feasible for cross-account access of S3 bucket objects?. Use IAM roles and resource-based policies delegate access across accounts within different partitions via programmatic access only. Use Resource-based policies and AWS Identity and Access Management (IAM) policies for programmatic-only access to S3 bucket objects. Use Access Control List (ACL) and IAM policies for programmatic-only access to S3 bucket objects. Use Cross-account IAM roles for programmatic and console access to S3 bucket objects.

A company’s e-commerce website is expecting hundreds of thousands of visitors on Black Friday. The marketing department is concerned that high volumes of orders might stress SQS leading to message failures. The company has approached you for the steps to be taken as a precautionary measure against the high volumes. What step will you suggest as a Developer Associate?. Amazon SQS is highly scalable and does not need any intervention to handle the expected high volumes. Pre-configure the SQS queue to increase the capacity when messages hit a certain threshold. Enable auto-scaling in the SQS queue. Convert the queue into FIFO ordered queue, since messages to the down system will be processed faster once they are ordered.

You have a workflow process that pulls code from AWS CodeCommit and deploys to EC2 instances associated with tag group ProdBuilders. You would like to configure the instances to archive no more than two application revisions to conserve disk space. Which of the following will allow you to implement this?. CodeDeploy Agent. AWS CloudWatch Log Agent. Integrate with AWS CodePipeline. Have a load balancer in front of your instances.

You team maintains a public API Gateway that is accessed by clients from another domain. Usage has been consistent for the last few months but recently it has more than doubled. As a result, your costs have gone up and would like to prevent other unauthorized domains from accessing your API. Which of the following actions should you take?. Restrict access by using CORS. Use Account-level throttling. Use Mapping Templates. Assign a Security Group to your API Gateway.

As a developer, you are looking at creating a custom configuration for Amazon EC2 instances running in an Auto Scaling group. The solution should allow the group to auto-scale based on the metric of 'average RAM usage' for your Amazon EC2 instances. Which option provides the best solution?. Create a custom metric in CloudWatch and make your instances send data to it using PutMetricData. Then, create an alarm based on this metric. Create a custom alarm for your ASG and make your instances trigger the alarm using PutAlarmData API. Enable detailed monitoring for EC2 and ASG to get the RAM usage data and create a CloudWatch Alarm on top of it. Migrate your application to AWS Lambda.

A developer is configuring an Amazon API Gateway as a front door to expose backend business logic. To keep the solution cost-effective, the developer has opted for HTTP APIs. Which of the following services are not available as an HTTP API via Amazon API Gateway?. AWS Web Application Firewall (AWS WAF). AWS Lambda. AWS Identity and Access Management (IAM). Amazon Cognito.

A mobile gaming company is experiencing heavy read traffic to its Amazon Relational Database Service (RDS) database that retrieves player’s scores and stats. The company is using RDS database instance type db.m5.12xlarge, which is not cost-effective for their budget. They would like to implement a strategy to deal with the high volume of read traffic, reduce latency, and also downsize the instance size to cut costs. As a Developer, which of the following solutions do you recommend?. Setup ElastiCache in front of RDS. Setup RDS Read Replicas. Move to Amazon Redshift. Switch application code to AWS Lambda for better performance.

A multi-national enterprise uses AWS Organizations to manage its users across different divisions. Even though CloudTrail is enabled on the member accounts, managers have noticed that access issues to CloudTrail logs across different divisions and AWS Regions is becoming a bottleneck in troubleshooting issues. They have decided to use the organization trail to keep things simple. What are the important points to remember when configuring an organization trail?. By default, CloudTrail tracks only bucket-level actions. To track object-level actions, you need to enable Amazon S3 data events. Member accounts will be able to see the organization trail, but cannot modify or delete it. There is nothing called Organization Trail. The master account can, however, enable CloudTrail logging, to keep track of all activities across AWS accounts. Member accounts do not have access to the organization trail, neither do they have access to the Amazon S3 bucket that logs the files. By default, CloudTrail event log files are not encrypted.

A company has their entire stack integrated with AWS X-Ray. A manager at the company noticed the skyrocketing AWS monthly usage charges for the X-Ray service. He tracked the abnormal bills to the high volume of input data going into X-Ray. As a Developer, you have been given the responsibility to fix this issue as quickly as possible, with minimal disruptions. Which of the below is the optimal choice for this issue?. Enable X-Ray Sampling. Send only the required data from client-side. Custom configuration of the X-Ray agents. Enable X-Ray Deep linking to send only the most useful data to X-Ray.

An organization is moving its on-premises resources to the cloud. Source code will be moved to AWS CodeCommit and AWS CodeBuild will be used for compiling the source code using Apache Maven as a build tool. The organization wants the build environment should allow for scaling and running builds in parallel. Which of the following options should the organization choose for their requirement?. CodeBuild scales automatically, the organization does not have to do anything for scaling or for parallel builds. Choose a high-performance instance type for your CodeBuild instances. Run CodeBuild in an Auto Scaling Group. Enable CodeBuild Auto Scaling.

A company has more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day. The company uses AWS for nearly all its computing and storage needs, which use more than 10,000 server instances on AWS. This results in an extremely complex and dynamic networking environment where applications are constantly communicating inside AWS and across the Internet. Monitoring and optimizing its network is critical for the company. The company needs a solution for ingesting and analyzing the multiple terabytes of real-time data its network generates daily in the form of flow logs. Which technology/service should the company use to ingest this data economically and has the flexibility to direct this data to other downstream systems?. Amazon Kinesis Data Streams. Amazon Simple Queue Service (SQS). Amazon Kinesis Firehose. AWS Glue.

You have an Auto Scaling group configured to a minimum capacity of 1 and a maximum capacity of 5, designed to launch EC2 instances across 3 Availability Zones. During a low utilization period, an entire Availability Zone went down and your application experienced downtime. What can you do to ensure that your application remains highly available?. Increase the minimum instance capacity of the Auto Scaling Group to 2. Change the scaling metric of auto-scaling policy to network bytes. Configure ASG fast failover. Enable RDS Multi-AZ.