Free Amazon DVA-C02 Exam Questions

Question 1

A developer is using an AWS CloudFormation template to create a pipeline in AWS CodePipeline. Thetemplate creates an Amazon S3 bucket that the pipeline references in a source stage. The template also createsan AWS CodeBuild project for a build stage. The pipeline sends notifications to an Amazon SNS topic. Logsfor the CodeBuild project are stored in Amazon CloudWatch Logs.The company needs to ensure that the pipeline's artifacts are encrypted with an existing customer-managedAWS KMS key. The developer has granted the pipeline permissions to use the KMS key.Which additional step will meet these requirements?

A : Create an Amazon S3 gateway endpoint that the pipeline can access.

B : In the CloudFormation template, use the KMS key to encrypt the logs in CloudWatch Logs.

C : Apply an S3 bucket policy that ensures the pipeline sends only encrypted objects to the S3 bucket.

D : Configure the notification topic to use the existing KMS key to enable encryption with the existing KMS key.

Answer: C

Question 2

A developer is building an application that invokes AWS Lambda functions asynchronously to process events. The developer notices that a Lambda function fails to process some events at random times. The developer needs to investigate the failed events and capture the events that the Lambda function fails to process.

Which solution will meet these requirements?

A : Add an Amazon EventBridge rule for the Lambda function. Configure the EventBridge rule to react to failed events and to store the events in an Amazon DynamoDB table.

B : Configure the Lambda function with a dead-letter queue based in Amazon Kinesis. Update the Lambda function's execution role with the required permissions.

C : Configure the Lambda function with an Amazon Simple Queue Service (Amazon SQS) dead-letter queue. Update the Lambda function's execution role with the required permissions.

D : Configure the Lambda function with an Amazon Simple Queue Service (Amazon SQS) FIFO dead-letter queue. Update the Lambda function's execution role with the required permissions.

Answer: B

Question 3

A start-up organization is launching a new website. Which statement correctly describes how to set up the domain, routing, and health checks in AWS?

A : Use Route 53 to specify the IP address to perform health checks, register a domain name, and route the internet traffic to domain.

B : Route 53 to register a domain name and perform routing to the domain and Shield to perform health checks on resources.

C : Route 53 to register a domain name and AWS Certificate Manager to perform routing to the domain and Shield to perform health checks on resources.

D : Route 53 to register a domain name, route the internet traffic to domain, and specify the values to perform health checks on resources.

Answer: D

Question 4

A developer is using an AWS account to build an application that stores files in an Amazon S3 bucket. Files must be encrypted at rest by AWS KMS keys. A second AWS account must have access to read files from the bucket. The developer wants to minimize operational overhead for the application. Which combination of solutions will meet these requirements? (Select TWO.)

A : Use a customer managed key to encrypt the files. Create a key policy that grants kms: Decrypt permissions to the second AWS account.

B : Use an AWS managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.

C : Create a service control policy (SCP) that grants s3:GetObject permissions to the second AWS account.

D : Create a bucket policy for the S3 bucket that grants s3:GetObject permissions to the second AWS account.

E : Create a gateway endpoint for the S3 bucket. Modify the endpoint policy to grant s3:GetObject permissions to the second AWS account.

Answer: A,D

Question 5

A developer is building an application that uses AWS API Gateway APIs. AWS Lambda function, and AWS Dynamic DB tables. The developer uses the AWS Serverless Application Model (AWS SAM) to build and run serverless applications on AWS. Each time the developer pushes of changes for only to the Lambda functions, all the artifacts in the application are rebuilt. The developer wants to implement AWS SAM Accelerate by running a command to only redeploy the Lambda functions that have changed. Which command will meet these requirements?

A : sam deploy -force-upload

B : sam deploy -no-execute-changeset

C : sam package

D : sam sync -watch

Answer: D