Free Amazon DVA-C02 Exam Questions

Question 1

A developer is deploying an application on Amazon EC2 instances that run in Account A. The applicationneeds to read data from an existing Amazon Kinesis data stream in Account B.Which actions should the developer take to provide the application with access to the stream? (Select TWO.)

A : Update the instance profile role in Account A with stream read permissions.

B : Create an IAM role with stream read permissions in Account B.

C : Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profilerole to assume the IAM role.

D : Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.

E : Add a resource-based policy in Account B to allow read access from the instance profile role.

Answer: B,C

Question 2

A company uses an AWS Lambda function to transfer files from an Amazon S3 bucket to the company ' sSFTP server. The Lambda function connects to the SFTP server by using credentials such as username andpassword. The company uses Lambda environment variables to store these credentials.A developer needs to implement encrypted username and password credentials.Which solution will meet these requirements?

A : Remove the user credentials from the Lambda environment. Implement 1AM database authentication.

B : Move the user credentials from Lambda environment variables to AWS Systems Manager ParameterStore.

C : Move the user credentials from Lambda environment variables to AWS Key Management Service(AWS KMS).

D : Move the user credentials from the Lambda environment to an encrypted .txt file. Store the file in an S3bucket.

Answer: B

Question 3

A financial company must store original customer records for 10 years for legal reasons. A complete recordcontains personally identifiable information (PII). According to local regulations, PII is available to onlycertain people in the company and must not be shared with third parties. The company needs to make therecords available to third-party organizations for statistical analysis without sharing the PII.A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3document, the document should be returned as is or with all the PII removed. The developer has written anAWS Lambda function to remove the PII from the document. The function is named removePii.What should the developer do so that the company can meet the PII requirements while maintaining only onecopy of the document?

A : Set up an S3 event notification that invokes the removePii function when an S3 GET request is made.Call Amazon S3 by using a GET request to access the object without PII.

B : Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made.Call Amazon S3 by using a PUT request to access the object without PII.

C : Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3Access Points to access the object without PII.

D : Create an S3 access point from the S3 console. Use the access point name to call theGetObjectLegalHold S3 API function. Pass in the removePii function name to access the object withoutPII.

Answer: C

Question 4

A company has an application that consists of different microservices that run inside an AWS account. Themicroservices are running in containers inside a single VPC. The number of microservices is constantlyincreasing. A developer must create a central logging solution for application logs.Which solution will meet these requirements?

A : Create a different Amazon CloudWatch Logs stream for each microservice.

B : Create an AWS CloudTrail trail to log all the API calls.

C : Configure VPC Flow Logs to track the communications between the microservices.

D : Use AWS Cloud Map to map the interactions of the microservices.

Answer: A

Question 5

A serverless application is used to process customer information and outputs a JSON file to an Amazon S3 bucket. AWS Lambda is used for processing the data. The data is sensitive and should be encrypted.

How can a Developer modify the Lambda function to ensure the data is encrypted before it is uploaded to the S3 bucket?

A : able server-side encryption on the S3 bucket and create a policy to enforce encryption

B : the S3 managed key and call the GenerateDataKey API to encrypt the file

C : the GenerateDataKey API, then use the data key to encrypt the file using the Lambda code

D : the default KMS key for S3 and encrypt the file using the Lambda code

Answer: C