Free Amazon DVA-C02 Exam Questions

Question 1

A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWSLambda function. What can a developer do to ensure that only trusted code is deployed to Lambda?

A : Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to theLambda package before deploying the package to Lambda.

B : Define the code signing configuration in the Lambda console. Use AWS Signer to digitally sign theLambda package before deploying the package to Lambda.

C : Link Lambda to AWS KMS in the Lambda console. Use AWS KMS to digitally sign the Lambdapackage before deploying the package to Lambda.

D : Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of atrusted key before deploying the package to Lambda.

Answer: B

Question 2

A developer is building a three-tier web application that should be able to handle a minimum of 5000 requestsper minute. Requirements state that the web tier should be completely stateless while the applicationmaintains session state for the users.How can session data be externalized, keeping latency at the LOWEST possible value?

A : Create an Amazon RDS instance, then implement session handling at the application level to leverage adatabase inside the RDS database instance for session data storage.

B : Implement a shared file system solution across the underlying Amazon EC2 instances, then implementsession handling at the application level to leverage the shared file system for session data storage.

C : Create an Amazon ElastiCache (Memcached) cluster, then implement session handling at theapplication level to leverage the cluster for session data storage.

D : Create an Amazon DynamoDB table, then implement session handling at the application level toleverage the table for session data storage.

Answer: C

Question 3

A developer must securely access a secret during a build process in an AWS CodeBuild project that has anIAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file withoutappearing in the build logs. Which solution will meet these requirements with the LEAST operationaloverhead?

A : Configure AWS Secrets Manager to store the secret. Configure the env section of the buildspec.yml fileto have a secrets-manager key-value entry that references the secret. Grant the CodeBuild IAM role theminimum necessary permissions to access the secret.

B : Store the secret in an encrypted Amazon S3 bucket. Download the secret during the build process. UseNoEcho to mask the value of the secret. Grant the CodeBuild IAM role the minimum necessarypermissions to access the S3 bucket.

C : Configure AWS Systems Manager Parameter Store to store the secret. Configure the env section of thebuildspec.yml file to have a parameter-store key-value entry that references the parameter. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

D : Store the secret in AWS Systems Manager Parameter Store. Use a pre-build step to retrieve theparameter by using AWS CLI commands. Mask the parameter in the buildspec.yml file. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

Answer: A

Question 4

A company stores data in an Amazon S3 bucket that is updated multiple times each day. S3 Versioning isenabled, and multiple versions of objects accumulate.The company needs the bucket to retain only the current version and the immediately previous version ofeach object.Which solution will meet these requirements?

A : Configure an S3 bucket policy to retain one newer noncurrent version.

B : Configure an S3 Lifecycle rule to retain one newer noncurrent version.

C : Enable S3 Object Lock with a retention policy.

D : Suspend S3 Versioning and modify application logic.

Answer: B

Question 5

A developer designed an application on an Amazon EC2 instance The application makes API requests toobjects in an Amazon S3 bucketWhich combination of steps will ensure that the application makes the API requests in the MOST securemanner? (Select TWO.)

A : Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group

B : Create an IAM role that has permissions to the S3 bucket

C : Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

D : Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AM group

E : Store the credentials of the IAM user in the environment variables on the EC2 instance

Answer: B,C