Free Amazon DVA-C02 Exam Questions

Question 1

A developer is creating a publicly accessible enterprise website consisting of only static assets. The developer is hosting the website in Amazon S3 and serving the website to users through an Amazon CloudFront distribution. The users of this application must not be able to access the application content directly from an S3 bucket. All content must be served through the Amazon CloudFront distribution.

Which solution will meet these requirements?

A : Create a new origin access control (OAC) in CloudFront. Configure the CloudFront distribution's origin to use the new OAC. Update the S3 bucket policy to allow CloudFront OAC with read and write access to access Amazon S3 as the origin.

B : Update the S3 bucket settings. Enable the block all public access setting in Amazon S3. Configure the CloudFront distribution's with Amazon S3 as the origin. Update the S3 bucket policy to allow CloudFront write access.

C : Update the S3 bucket's static website settings. Enable static website hosting and specifying index and error documents. Update the CloudFront origin to use the S3 bucket's website endpoint.

D : Update the CloudFront distribution's origin to send a custom header. Update the S3 bucket policy with a condition by using the aws:RequestTag/tag-key key. Configure the tag-key as the custom header name, and the value being matched is the header's value.

Answer: C

Question 2

A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.

How can the Developer achieve this with MINIMAL impact on users?

A : ange the application to use the $LATEST version. Update and save code. If too many errors are encountered, modify and save the code

B : ange the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version

C : ange the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version

D : ange the application to use a version ARN that points to the latest published version. Deploy the new version of the code. Update the application to point to the ARN of the new version of the code. If too many errors are encountered, point the application back to the ARN of the previous version

Answer: C

Question 3

An application uses Amazon EC2 instances, AWS Lambda functions and an Amazon SQS queue. The Developer must ensure all communications are within an Amazon VPC using private IP addresses. How can this be achieved? (Select TWO.)

A : eate a VPC endpoint for Amazon SQS

B : eate a VPN and connect the services to the VPG

C : eate a VPC endpoint for AWS Lambda

D : the AWS Lambda function to the VPC

E : eate the Amazon SQS queue within a VPC

Answer: A,D

Question 4

A company stores customer credit reports in an Amazon S3 bucket. An analytics service uses standardAmazon S3 GET requests to access the reports. A developer must implement a solution to redact personallyidentifiable information (PII) from the reports before the reports reach the analytics service.

A : Load the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift.

B : Set up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API.

C : Use AWS Key Management Service (AWS KMS) to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms permission to the analytics service.

D : Create an Amazon Simple Notification Service (Amazon SNS) topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic.

Answer: B

Question 5

A developer has created a new Application Load Balancer but has not registered any targets with the target groups.

Which of the following errors would be generated by the Load Balancer?

A : HTTP 504: Gateway timeout

B : HTTP 502: Bad gateway

C : HTTP 500: Internal server error

D : HTTP 503: Service unavailable

Answer: D