AWS Certified Developer Associate 4.2

A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK). Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material. Make an GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data. Make an GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data.

A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?. A GitHub secure authentication token. A public and private SSH key file. A set of Git credentials generated from IAM. An Amazon EC2 IAM role with CodeCommit permissions.

A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?. Enable request validation. Include the Amazon Resource Name (ARN) of the Lambda function. Change the integration type. Create a mapping template.

When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data. How should the Developer write the function to send processed data to the Administrators?. Separate the Lambda handler from the core logic. Use Amazon CloudWatch Events to send the processed data. Publish the processed data to an Amazon SNS topic. Push the processed data to Amazon SQS.

A Developer is storing documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?. Encrypt the data before sending it to Amazon S3. Import a custom key into AWS KMS with annual rotation enabled. Use AWS KMS with automatic key rotation. Export a key from AWS KMS to encrypt the data.

A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service run different versions for testing purposes. What would be the BEST way to accomplish this?. Use an x-Version header to denote which version is being called and pass that header to the Lambda function(s). Create an API Gateway Lambda authorizer to route API clients to the correct API version. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s). Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context.

A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?. Implement an AWS Lambda authorizer that references the DynamoDB authentication table. Create a model that requires the credentials, then grant API Gateway access to the authentication table. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table.

An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users. What can be done to eliminate the performance impact on application users?. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic. Create an RDS Read Replica and direct all read traffic to the replica. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser. Which of the following steps will allow Company C to meet this requirement? (Choose two.). Upload an html page named welcome.html to their S3 bucket. Create a welcome subfolder in their S3 bucket. Set the Index Document property to welcome.html. Move the index.html page to a welcome subfolder. Set the Error Document property to welcome.html.

What type of block cipher does Amazon S3 offer for server side encryption?. Triple DES. Advanced Encryption Standard. Blowfish. RC5.

If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?. Sequential. instanceID_log-HH-DD-MM-YYYY. instanceID_log-YYYY-MM-DD-HH. HH-DD-MM-YYYY-log_instanceID. YYYY-MM-DD-HH-log_instanceID.

Which of the following statements about SQS is true?. Messages will be delivered exactly once and messages will be delivered in First in, First out order. Messages will be delivered exactly once and message delivery order is indeterminate. Messages will be delivered one or more times and messages will be delivered in First in, First out order. Messages will be delivered one or more times and message delivery order is indeterminate.

A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? (Choose two.). The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the appropriate S3 bucket. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket. The application authenticates against IAM Security Token Service using the LDAP credentials. The application uses those temporary AWS security credentials to access the appropriate S3 bucket. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS.

Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?. Set the imaging queue visibility Timeout attribute to 20 seconds. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds. Set the DelaySeconds parameter of a message to 20 seconds.

An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the region- specific website endpoint?. www.myawsbucket.ap-northeast-1.amazonaws.com. myawsbucket.s3-website-ap-northeast-1.amazonawscom. myawsbucket.amazonaws.com. myawsbucket.tokyo.amazonaws.com.

You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis?. Retain the items in a single table. Delete items individually over a 24 hour period. Delete the table and create a new table per hour. Create a new table per hour.

You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed. What is a possible solution to prevent this happening?. Use instance memory to save session state. Use instance storage to save session state. Use EBS to save session state. Use ElastiCache to save session state. Use Glacier to save session slate.

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?. Store photos on an EBS volume of the web server. Remove public read access and use signed URLs with expiry dates. Use CloudFront distributions for static content. Block the IPs of the offending websites in Security Groups.

Which statements about DynamoDB are true? (Choose two.). DynamoDB uses a pessimistic locking model. DynamoDB uses optimistic concurrency control. DynamoDB uses conditional writes for consistency. DynamoDB restricts item access during reads. DynamoDB restricts item access during writes.

You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to: Bulk upload the device tokens contained in a CSV file via the AWS Management Console. Let the push notification service (e.g. Amazon Device Messaging) handle the registration. Implement a token vending service to handle the registration. Call the CreatePlatformEndPoint API function to register multiple device tokens.