Free Amazon DVA-C02 Exam Questions

Question 1

A company operates a web-based loan processing application. The application ' s UI is implemented inJavaScript. The frontend transmits application data securely by using HTTPS to Amazon API Gateway, whichinvokes an AWS Lambda function in private subnets. The Lambda function interacts with third-party creditcheck APIs that require persistent API keys. The company enforces strict policies to ensure that personallyidentifiable information (PII) and sensitive credentials are never exposed in client code, request paths,headers, or logs. The company needs a solution to manage the API keys that the Lambda function must use.Which solution will meet this requirement in the MOST secure way?

A : Store the API keys as encrypted environment variables by using an AWS KMS key. Configure theexecution role of the Lambda function to have permissions to securely decrypt the environmentvariables at runtime.

B : Pass the API keys to the Lambda function by including the keys as URL query parameters in eachHTTPS request. Rely on TLS for encryption of the payload and response. Use API Gateway loggingcontrols to manage what query parameters are logged.

C : Bundle the API keys inside the minified client-side JavaScript. Configure the web application to callthe Lambda function by using an API Gateway HTTP API, cross-origin resource sharing (CORS)restrictions, domain allowlists, and frequent rotation.

D : Store the API keys as resource metadata tags on the Lambda function. Configure the Lambda functionto read its own tags at startup by using the AWS SDK. Use IAM conditions to control access to thekeys when the function retrieves the tags.

Answer: A

Question 2

A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambdafunction must retrieve an item and update some of its attributes, or create the item if it does not exist. TheLambda function has access to the primary key.Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

A : Option A

B : Option B

C : Option C

D : Option D

Answer: B

Question 3

A developer must cache dependent artifacts from Maven Central, a public package repository, as part of anapplication ' s build pipeline. The build pipeline has an AWS CodeArtifact repository where artifacts of thebuild are published. The developer needs a solution that requires minimum changes to the build pipeline.Which solution meets these requirements?

A : Modify the existing CodeArtifact repository to associate an upstream repository with the publicpackage repository.

B : Create a new CodeArtifact repository that has an external connection to the public package repository.

C : Create a new CodeArtifact domain that contains a new repository that has an external connection to thepublic package repository.

D : Modify the CodeArtifact repository resource policy to allow artifacts to be fetched from the publicpackage repository.

Answer: A

Question 4

A developer must use multi-factor authentication (MFA) to access data in an Amazon S3 bucket that is inanother AWS account. Which AWS Security Token Service (AWS STS) API operation should the developeruse with the MFA information to meet this requirement?

A : AssumeRoleWithWebidentity

B : GetFederationToken

C : AssumeRoleWithSAML

D : AssumeRole

Answer: D

Question 5

A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.

After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using production Lambda functions. The development team must prevent these invocations. The team must follow security best practices.

Which solution will meet these requirements?

A : date the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket.

B : ve the development and production environments into separate AWS accounts. Add a resource policy to each Lambda function to allow only S3 buckets that are within the same account to invoke the function.

C : a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function.

D : ve the development and production environments into separate AWS accounts. Update the Lambda execution role for each function to add a policy that allows the execution role to read from the S3 bucket that is within the same account.

Answer: C