AWS Certified Developer - Associate DVA-C02 Exam Notes

Topic 1 - Exam A

Question #1

  • Scenario: An application on EC2 instances needs to process incoming transactions and send a chat message to the company's support team if a transaction is invalid. The application needs to retrieve an access token to authenticate with the chat API. The access token must be encrypted at rest and in transit and accessible from other AWS accounts with the least management overhead.

  • Option A:

    • Uses AWS Systems Manager Parameter Store SecureString parameter with an AWS managed key to store the access token.

    • Adds a resource-based policy to the parameter to allow access from other AWS accounts.

    • Updates the IAM role of the EC2 instances with permissions to access Parameter Store.

    • Retrieves the token from Parameter Store with the decrypt flag enabled.

  • Option B:

    • Encrypts the access token using an AWS KMS customer managed key.

    • Stores the access token in an Amazon DynamoDB table.

    • Updates the IAM role of the EC2 instances with permissions to access DynamoDB and AWS KMS.

    • Retrieves the token from DynamoDB and decrypts it using AWS KMS on the EC2 instances.

  • Option C:

    • Uses AWS Secrets Manager with an AWS KMS customer managed key to store the access token.

    • Adds a resource-based policy to the secret to allow access from other accounts.

    • Updates the IAM role of the EC2 instances with permissions to access Secrets Manager.

    • Retrieves the token from Secrets Manager.

  • Option D:

    • Encrypts the access token using an AWS KMS AWS managed key.

    • Stores the access token in an Amazon S3 bucket.

    • Adds a bucket policy to the S3 bucket to allow access from other accounts.

    • Updates the IAM role of the EC2 instances with permissions to access Amazon S3 and AWS KMS.

    • Retrieves the token from the S3 bucket and decrypts it using AWS KMS on the EC2 instances.

  • Correct Answer: C

  • Rationale:

    • AWS managed keys cannot be used for cross-account accessing.

    • AWS Secrets Manager is designed specifically for secrets and has more granular permissions for accessing the secrets, making it slightly more secure.

Question #2

  • Scenario: A company is running EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances and stores them in a single Amazon SQS queue in the company's main AWS account for further processing.

  • Option A:

    • Configures Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account.

    • Adds an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events.

    • Adds the SQS queue as a target of the rule.

  • Option B:

    • Uses the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue.

    • Adds to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events.

    • Adds the SQS queue in the main account as a target of the rule.

  • Option C:

    • Writes an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes.

    • Configures the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change.

    • Adds an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

  • Option D:

    • Configures the permissions on the main account event bus to receive events from all accounts.

    • Creates an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus.

    • Adds an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events.

    • Sets the SQS queue as a target for the rule.

  • Correct Answer: D

  • Rationale:

    • Option D is the best solution because it involves configuring the permissions on the main account's EventBridge event bus to receive events from all accounts.

    • Amazon EventBridge can send and receive events between event buses in AWS accounts.

Question #3

  • Scenario:. An application is using Amazon Cognito user pools and identity pools for secure access A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.

  • Option A: Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).

  • Option B: Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.

  • Option C: Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.

  • Option D: Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

  • Correct Answer: D

  • Rationale: Option D ensures that users can access only their own files in a secure manner

Question #4

  • Scenario: A company is building a scalable data management solution using AWS services to improve development speed and agility. The solution will ingest large data volumes from various sources to be processed through business rules and transformations. Business rules must run in sequence and handle reprocessing of data if errors occur. Scalability and minimal maintenance are required.

  • Option A: AWS Batch

  • Option B: AWS Step Functions

  • Option C: AWS Glue

  • Option D: AWS Lambda

  • Correct Answer: B

  • Rationale: Step Functions allows coordinating multiple AWS services into serverless workflows, handling errors, and retrying failed steps, making it suitable for orchestrating data flows and managing error handling.

Question #5

  • Scenario: A Python-based AWS Lambda function reads data from Amazon S3 and writes data to an Amazon DynamoDB table. The Lambda function successfully invokes from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table.

  • Option A: The Lambda function's concurrency limit has been exceeded.

  • Option B: DynamoDB table requires a global secondary index (GSI) to support writes.

  • Option C: The Lambda function does not have IAM permissions to write to DynamoDB.

  • Option D: The DynamoDB table is not running in the same Availability Zone as the Lambda function.

  • Correct Answer: C

  • Rationale: The Lambda function needs to have the appropriate IAM permissions to write to the DynamoDB table. If the function does not have these permissions, it will fail when it attempts to write to the table.

Question #6

  • Scenario: A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.

  • Option A: Create a separate CloudFormation template for each EC2 instance type in the list.

  • Option B: In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.

  • Option C: In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.

  • Option D: In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

  • Correct Answer: D

  • Rationale: In the CloudFormation template, the developer should create a parameter with the list of approved EC2 instance types as AllowedValues. This way, users can select the instance type they want to use when launching the CloudFormation stack, but only from the approved list.

Question #7

  • Scenario: A developer's application makes batch requests directly to Amazon DynamoDB using the BatchGetItem low-level API operation. Responses frequently return values in the UnprocessedKeys element.

  • Task: Determine which actions the developer should take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys.

  • (Choose two.)

  • Option A: Retry the batch operation immediately.

  • Option B: Retry the batch operation with exponential backoff and randomized delay.

  • Option C: Update the application to use an AWS software development kit (AWS SDK) to make the requests.

  • Option D: Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

  • Option E: Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

  • Correct Answer: BD

  • Rationale:

    • If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, we strongly recommend that you use an exponential backoff algorithm.

    • The most likely cause of a failed read or a failed write is throttling.

Question #8

  • Scenario: A company runs a custom application on on-premises Linux servers accessed using Amazon API Gateway. AWS X-Ray tracing is enabled on the API test stage.

  • Task: Find how a developer can enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration.

  • Option A: Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

  • Option B: Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

  • Option C: Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.

  • Option D: Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

  • Correct Answer: B

  • Rationale: Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service is the correct option. The X-Ray daemon can be installed and configured on the on-premises servers to capture data and send it to the X-Ray service. This requires minimal configuration and setup.

Question #9

  • Scenario: A company wants to share information with a third party via an HTTP API endpoint, managing the API key by code without affecting application performance.

  • Task: Identify the most secure solution that meets these requirements.

  • Option A: Store the API credentials in AWS Secrets Manager and retrieve them at runtime using the AWS SDK.

  • Option B: Store the API credentials in a local code variable, push the code to a secure Git repository, and use the variable at runtime.

  • Option C: Store the API credentials as an object in a private Amazon S3 bucket, restrict access using IAM policies, and retrieve them at runtime using the AWS SDK.

  • Option D: Store the API credentials in an Amazon DynamoDB table, restrict access using resource-based policies, and retrieve them at runtime using the AWS SDK.

  • Correct Answer: B

  • Rationale: The MOST secure solution to manage the API key while ensuring that the integration of the API key with the application code does not affect application performance is to store the API key in AWS Secrets Manager. The API key can be retrieved at runtime by using the AWS SDK, which does not impact application performance.

Question #10

  • Scenario: A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials.

  • Task: How should the developer retrieve the variables with the FEWEST application changes?

  • Option A: Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

  • Option B: Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

  • Option C: Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.

  • Option D: Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

  • Correct Answer: A

  • Rationale: The application has credentials and URL, so it’s convenient to store them in ssm parameter store restive them.

Question #11

  • Scenario: A company is migrating legacy internal applications to AWS and wants to use native AWS services for an employee directory. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.

  • Task: Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?

  • Option A: Encode each employee's contact information and photos using Base64. Store the information in an Amazon DynamoDB table using a sort key.

  • Option B: Store each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

  • Option C: Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

  • Option D: Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).

  • Correct Answer: B

  • Rationale: Storing each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3 provides a scalable and efficient solution for storing and retrieving employee details and high-resolution photos using AWS APIs.

Question #12

  • Scenario: A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users.

  • Task: Which solution will meet these requirements with the LEAST operational overhead?

  • Option A: Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.

  • Option B: Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

  • Option C: Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

  • Option D: Create a users table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

  • Correct Answer: B

  • Rationale: This option utilizes Cognito for user management, API Gateway for secure API access, Lambda to store photos in S3, and DynamoDB to maintain metadata, offering a scalable solution with reduced operational overhead.

Question #13

  • Scenario: A company receives food orders from multiple partners using a microservices application with Amazon API Gateway APIs and AWS Lambda integration. Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the future with the fewest code changes possible.

  • Task: Which solution will meet these requirements in the MOST scalable way?

  • Option A: Create a different Amazon Simple Notification Service (Amazon SNS) topic for each partner. Configure the Lambda function to publish messages for each partner to the partner's SNS topic.

  • Option B: Create a different Lambda function for each partner. Configure the Lambda function to notify each partner's service endpoint directly.

  • Option C: Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the Lambda function to publish messages with specific attributes to the SNS topic. Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the topic subscriptions.

  • Option D: Create one Amazon Simple Notification Service (Amazon SNS) topic. Subscribe all partners to the SNS topic.

  • Correct Answer: C

  • Rationale: Option C is the most scalable way to meet the requirements. This solution allows for a single SNS topic to be used for all partners, which minimizes the need for code changes when adding new partners.

Question #14

  • Scenario: A financial company must store original customer records for 10 years for legal reasons, including PII, accessible only to certain personnel but needs to make the records available to third-party organizations for statistical analysis without sharing the PII.

  • Task: What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

  • Option A: Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.

  • Option B: Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.

  • Option C: Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.

  • Option D: Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

  • Correct Answer: C

  • Rationale: Amazon S3 Object Lambda lets you add your own code to S3 GET requests to modify and process data as it is being returned to an application. You can use Object Lambda to redact personally identifiable information (PII), dynamically convert image formats, and more.

Question #15

  • Scenario: A developer is deploying an AWS Lambda function. The developer wants the ability to return to older versions of the function quickly and seamlessly.

  • Task: How can the developer achieve this goal with the LEAST operational overhead?

  • Option A: Use AWS OpsWorks to perform blue/green deployments.

  • Option B: Use a function alias with different versions.

  • Option C: Maintain deployment packages for older versions in Amazon S3.

  • Option D: Use AWS CodePipeline for deployments and rollbacks.

  • Correct Answer: B

  • Rationale: Lambda function version => alias

Question #16

  • Scenario: A developer has written an AWS Lambda function. The function is CPU-bound.

  • Task: How can the developer improve the function's performance?

  • Option A: Increase the function's CPU core count.

  • Option B: Increase the function's memory.

  • Option C: Increase the function's reserved concurrency.

  • Option D: Increase the function's timeout.

  • Correct Answer: B

  • Rationale: Cpu utilisation => increase memory

Question #17

  • Scenario: For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?

  • Option A: BeforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall

  • Option B: ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart

  • Option C: BeforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart

  • Option D: ApplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart

  • Correct Answer: A

Question #18

  • Scenario: A company is building a serverless application on AWS. The company wants the support team to receive notifications in near real time only when the payment processing external API error rate exceed 5% of the total number of transactions in an hour.

  • Task: Which solution will meet these requirements?

  • Option A: Write the results of payment processing API calls to Amazon CloudWatch. Use Amazon CloudWatch Logs Insights to query the CloudWatch logs. Schedule the Lambda function to check the CloudWatch logs and notify the existing SNS topic.

  • Option B: Publish custom metrics to CloudWatch that record the failures of the external payment processing API calls. Configure a CloudWatch alarm to notify the existing SNS topic when error rate exceeds the specified rate.

  • Option C: Publish the results of the external payment processing API calls to a new Amazon SNS topic. Subscribe the support team members to the new SNS topic.

  • Option D: Write the results of the external payment processing API calls to Amazon S3. Schedule an Amazon Athena query to run at regular intervals. Configure Athena to send notifications to the existing SNS topic when the error rate exceeds the specified rate.

  • Correct Answer: B

  • Rationale: With CloudWatch custom metrics, developers can publish and monitor custom data points, including the number of failed requests to the external payment processing API. A CloudWatch alarm can be configured to notify an SNS topic when the error rate exceeds the specified rate, allowing the support team to be notified in near real-time.

Question #19

  • Scenario: A company is offering APIs as a service over the internet to provide unauthenticated read access to statistical information that is updated daily.

  • Task: Which action can help the company achieve this goal?

  • Option A: Enable API caching in API Gateway.

  • Option B: Configure API Gateway to use an interface VPC endpoint.

  • Option C: Enable cross-origin resource sharing (CORS) for the APIs.

  • Option D: Configure usage plans and API keys in API Gateway.

  • Correct Answer: A

  • Rationale: Enable API caching in API Gateway can help the company enhance the responsiveness of the APIs. By enabling caching, API Gateway stores the responses from the API and returns them for subsequent requests instead of forwarding the requests to Lambda.

Question #20

  • Scenario: A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. The developer needs to implement a solution to support the following use cases:

    • For a given title and release year, get all details about the movie that has that title and release year.

    • For a given title, get all details about all movies that have that title.

    • For a given genre, get all details about all movies in that genre.

  • Task: Which data store configuration will meet these requirements?

  • Option A: Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

  • Option B: Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

  • Option C: On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

  • Option D: On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

  • Correct Answer: A

  • Rationale: By using DynamoDB, the developer can store the movie information in a flexible and scalable NoSQL database.

Question #21

  • Scenario: A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI and Amazon Cognito authentication. The developer has a new version of the API that contains new endpoints and backward-incompatible interface changes.

  • Task: The developer needs to provide beta access to other developers on the team without affecting customers. Which solution will meet these requirements with the LEAST operational overhead?

  • Option A: Define a development stage on the API Gateway API. Instruct the other developers to point the endpoints to the development stage.

  • Option B: Define a new API Gateway API that points to the new API application code. Instruct the other developers to point the endpoints to the new API.

  • Option C: Implement a query parameter in the API application code that determines which code version to call.

  • Option D: Specify new API Gateway endpoints for the API endpoints that the developer wants to add.

  • Correct Answer: A

  • Rationale: Defining a development stage on the API Gateway API enables other developers to test the new version of the API without affecting the production environment. This approach allows the developers to work on the new version of the API independently and avoid conflicts with the production environment.

Question #22

  • Scenario: A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.

  • Task: Which solution will meet these requirements?

  • Option A: Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

  • Option B: Create an Amazon ElastiCache for Memcached instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

  • Option C: Create an Amazon RDS for MySQL read replica. Connect to the read replica by using SSL. Configure the read replica to store frequently accessed data.

  • Option D: Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table. Store frequently accessed data in the DynamoDB table.

  • Correct Answer: A

  • Rationale: To meet the requirements of caching frequently accessed data while adding the ability to sort or rank cached datasets, a developer should choose Amazon ElastiCache for Redis. ElastiCache is a web service that provides an in-memory data store in the cloud, and it supports both Memcached and Redis engines. While both engines are suitable for caching frequently accessed data, Redis is a better choice for this use case because it provides sorted sets and other data structures that allow for sorting and ranking of cached datasets

Question #23

  • Scenario: A company has a multi-node Windows legacy application that runs on premises and uses a network shared folder as a centralized configuration repository.

  • Task: Identify a solution that provides high availability for the repository in migrating the application to Amazon EC2 instances.

  • Option A: Mount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instances. Deploy a file system. Use the host operating system to share a folder.

  • Option B: Deploy a micro EC2 instance with an instance store volume. Use the host operating system to share a folder.

  • Option C: Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files to the S3 bucket. Update the application code to use the AWS SDK.

  • Option D: Create an Amazon S3 bucket to host the repository and migrate the existing .xml files. Mount the S3 bucket to the EC2 instances as a local volume.

  • Correct Answer: C

  • Rationale: Provides high availability and cost-effectiveness for the repository.

Question #24

  • Scenario: A company wants to deploy and maintain static websites on AWS with phased releases to dev, staging, UAT, and production environments, triggered by code merges on relevant Git branches. HTTPS for all data exchange is required, and the solution should not require servers to run continuously.

  • Task: Which solution will meet these requirements with the LEAST operational overhead?

  • Option A: Host each website by using AWS Amplify with a serverless backend. Connect repository branches corresponding to each of the desired environments.

  • Option B: Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch and integrate AWS CodePipeline.

  • Option C: Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control and use AWS CodeBuild.

  • Option D: Host each website on its own Amazon EC2 instance and write a custom deployment script.

  • Correct Answer: A

  • Rationale: Simplifies static website hosting and deployment natively supports deployment to various environments and seamlessly integrates with version control systems, whereas, S3 requires configuring multiple buckets, configuring CodePipeline and integrating with each bucket.

Question #25

  • Scenario: Refactor the code to achieve optimum read performance for queries. The company is migrating an on-premises database to Amazon RDS for MySQL, with read-heavy workloads.

  • Task: Which solution will meet this requirement with the LEAST current and future effort?

  • Option A: Use a multi-AZ Amazon RDS deployment. Increase the number of connections that the code makes to the database or increase the connection pool size if a connection pool is in use.

  • Option B: Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access the secondary RDS instance.

  • Option C: Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

  • Option D: Use open source replication software to create a copy of the MySQL database on an Amazon EC2 instance. Modify the application code so that queries use the IP address of the EC2 instance.

  • Correct Answer: B

  • Rationale: Heavy reads, use read replica. Multi-AZ is for disaster recovery, not read scalability or performance.

Question #26

  • Scenario: An application deployed on IoT devices sends data to a RESTful API deployed as an AWS Lambda function. The application assigns each API request a unique identifier, and the volume of API requests can randomly increase. The API must handle duplicate requests without inconsistencies or data loss.

  • Task: Which solution will meet these requirements?

  • Option A: Create an Amazon RDS for MySQL DB instance; store the unique identifier for each request in a database table.

  • Option B: Create an Amazon DynamoDB table; store the unique identifier for each request in the table.

  • Option C: Create an Amazon DynamoDB table; store the unique identifier for each request in the table. Modify the Lambda function to return a client error response when the function receives a duplicate request.

  • Option D: Create an Amazon ElastiCache for Memcached instance; store the unique identifier for each request in the cache.

  • Correct Answer: B

  • Rationale: The resolution is to make the Lambda function idempotent. A dynamoDB table will ensure unique identifier of each requests.

Question #27

  • Scenario: A developer wants to expand an application to run in multiple AWS Regions. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted.

  • Task: How can the developer expand the application to run in the destination Region while meeting the encryption requirement?

  • Option A: Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

  • Option B: Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

  • Option C: Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

  • Option D: Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.

  • Correct Answer: B

  • Rationale: You can use kms to encrypt ami and use in multiple regions, but you cannot direct apply kms encryption on non encrypted AMI.

Question #28

  • Scenario: A company hosts a client-side web application for one of its subsidiaries on Amazon S3. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts.

  • Task: What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?

  • Option A: Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket.

  • Option B: Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket

  • Option C: Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.

  • Option D: Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request.

  • Correct Answer: C

  • Rationale:* Web applications cannot access the resources in other domains by default, You must configure CORS on the resources to be accessed.

Question #29

  • Scenario: An application processes clickstream data using Amazon Kinesis, which experiences periodic spikes. The PutRecords API call occasionally fails.

  • Task: Identify which techniques will help mitigate this exception.

  • (Choose two.)

  • Option A: Implement retries with exponential backoff.

  • Option B: Use a PutRecord API instead of PutRecords.

  • Option C: Reduce the frequency and/or size of the requests.

  • Option D: Use Amazon SNS instead of Kinesis.

  • Option E: Reduce the number of KCL consumers.

  • Correct Answer: AC

Question #30

  • Scenario: A company uses Amazon Cognito user pools as an identity provider. It has multi-factor authentication (MFA) set up and wants to send a login activity email notification each time a user logs in.

  • Task: What is the MOST operationally efficient solution that meets this requirement?

  • Option A: Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function.

  • **