Free Amazon DVA-C02 Exam Questions

Question 1

A Developer is creating an AWS Lambda function that generates a new file each time it runs. Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account.

How should the Developer accomplish this?

A : ter the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository

B : load the new file to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the repository

C : en the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change

D : an AWS SDK to instantiate a CodeCommit client. Invoke the put_file method to add the file to the repository

Answer: D

Question 2

A Developer has updated an AWS Lambda function and published a new version. To ensure the code is working as expected the Developer needs to initially direct a percentage of traffic to the new version and gradually increase this over time. It is important to be able to rollback if there are any issues reported.

What is the BEST way the Developer can implement the migration to the new version SAFELY?

A : an immutable update with a new ASG to deploy the new version in parallel, following testing cutover to the new version

B : eate an Amazon Route 53 weighted routing policy pointing to the current and new versions, assign a lower weight to the new version

C : eate an Alias, assign the current and new versions and use traffic shifting to assign a percentage of traffic to the new version

D : an Amazon Elastic Load Balancer to direct a percentage of traffic to each target group containing the Lambda function versions

Answer: C

Question 3

A company stores customer credit reports in an Amazon S3 bucket. An analytics service uses standardAmazon S3 GET requests to access the reports. A developer must implement a solution to redact personallyidentifiable information (PII) from the reports before the reports reach the analytics service.

A : Load the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift.

B : Set up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API.

C : Use AWS Key Management Service (AWS KMS) to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms permission to the analytics service.

D : Create an Amazon Simple Notification Service (Amazon SNS) topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic.

Answer: B

Question 4

A healthcare company is developing a multi-tier web application to manage patient records that are in an Amazon Aurora PostgreSQL database cluster. The company stores the application code in a Git repository and deploys the code to Amazon EC2 instances. The application must comply with security policies and follow the principle of least privilege. The company must securely manage database credentials and API keys within the application code. The company must have the ability to rotate encryption keys on demand. Which solution will meet these requirements?

A : Store database credentials and API keys in AWS Secrets Manager. Use AWS managed AWS KMS keys. Set up automatic key rotation. Use the AWS SDK to retrieve secrets.

B : Store the database credentials and API keys in AWS Secrets Manager. Use customer managed AWS KMS keys. Set up automatic key rotation. Create a key policy in the application to retrieve secrets by using the AWS SDK.

C : Store the database credentials in the application code. Separate credentials by using environmentspecific branches that have restricted access to the code repositories.

D : Store the database credentials and API keys as parameters in AWS Systems Manager Parameter Store. Encrypt the credentials and API keys with AWS managed AWS KMS keys. Use the AWS SDK to retrieve secrets.

Answer: A

Question 5

A developer needs to export the contents of several Amazon DynamoDB tables into Amazon S3 buckets to comply with company data regulations. The developer uses the AWS CLI to run commands to export from each table to the proper S3 bucket. The developer sets up AWS credentials correctly and grants resources appropriate permissions. However, the exports of some tables fail. What should the developer do to resolve this issue?

A : Ensure that point-in-time recovery is enabled on the DynamoDB tables.

B : Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

C : Ensure that DynamoDB streaming is enabled for the tables.

D : Ensure that DynamoDB Accelerator (DAX) is enabled.

Answer: B