Free Amazon DVA-C02 Exam Questions

Question 1

A healthcare company is developing a multi-tier web application to manage patient records that are in an Amazon Aurora PostgreSQL database cluster. The company stores the application code in a Git repository and deploys the code to Amazon EC2 instances. The application must comply with security policies and follow the principle of least privilege. The company must securely manage database credentials and API keys within the application code. The company must have the ability to rotate encryption keys on demand. Which solution will meet these requirements?

A : Store database credentials and API keys in AWS Secrets Manager. Use AWS managed AWS KMS keys. Set up automatic key rotation. Use the AWS SDK to retrieve secrets.

B : Store the database credentials and API keys in AWS Secrets Manager. Use customer managed AWS KMS keys. Set up automatic key rotation. Create a key policy in the application to retrieve secrets by using the AWS SDK.

C : Store the database credentials in the application code. Separate credentials by using environmentspecific branches that have restricted access to the code repositories.

D : Store the database credentials and API keys as parameters in AWS Systems Manager Parameter Store. Encrypt the credentials and API keys with AWS managed AWS KMS keys. Use the AWS SDK to retrieve secrets.

Answer: A

Question 2

A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?

A : Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B : Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

C : Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.

D : Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Answer: B

Question 3

A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment. Which solution will meet this requirement with the LEAST operational overhead?

A : Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.

B : Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.

C : Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.

D : Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code.

Answer: C

Question 4

A developer needs to export the contents of several Amazon DynamoDB tables into Amazon S3 buckets to comply with company data regulations. The developer uses the AWS CLI to run commands to export from each table to the proper S3 bucket. The developer sets up AWS credentials correctly and grants resources appropriate permissions. However, the exports of some tables fail. What should the developer do to resolve this issue?

A : Ensure that point-in-time recovery is enabled on the DynamoDB tables.

B : Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

C : Ensure that DynamoDB streaming is enabled for the tables.

D : Ensure that DynamoDB Accelerator (DAX) is enabled.

Answer: B

Question 5

A junior developer working on ECS instances terminated a container instance in Amazon Elastic Container Service (Amazon ECS) as per instructions from the team lead. But the container instance continues to appear as a resource in the ECS cluster.

As a Developer Associate, which of the following solutions would you recommend to fix this behavior?

A : The container instance has been terminated with AWS CLI, whereas, for ECS instances, Amazon ECS CLI should be used to avoid any synchronization issues

B : You terminated the container instance while it was in RUNNING state, that lead to this synchronization issues

C : A custom software on the container instance could have failed and resulted in the container hanging in an unhealthy state till restarted again

D : You terminated the container instance while it was in STOPPED state, that lead to this synchronization issues

Answer: D