Free Amazon DVA-C02 Exam Questions

Question 1

A developer designed an application on an Amazon EC2 instance The application makes API requests toobjects in an Amazon S3 bucketWhich combination of steps will ensure that the application makes the API requests in the MOST securemanner? (Select TWO.)

A : Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group

B : Create an IAM role that has permissions to the S3 bucket

C : Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

D : Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AM group

E : Store the credentials of the IAM user in the environment variables on the EC2 instance

Answer: B,C

Question 2

A developer is configuring an AWS Lambda function to consume messages from an Amazon SQS queue byusing an event source mapping. The function consumes up to 10 messages for each invocation. The functionsends data from each message to a third-party API.The developer must configure at-least-once delivery of data to the API. The developer needs a solution thatminimizes unnecessary API calls.Which solution will meet these requirements?

A : Set up the SQS queue as a FIFO queue. Enable content-based deduplication for messages in the queue.

B : Configure reserved concurrency for the function. Set the reserved concurrency value to 1.

C : Enable reporting for batch item failures in the function event source mapping. Configure the function toreport batch item failures.

D : Create a second SQS queue. Configure the original SQS queue to use the second queue as a dead-letterqueue.

Answer: C

Question 3

A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambdafunction that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a privatesubnet in company ' s VPC. The VPC is named VPC1. The data is relational in nature. The Lambda functionneeds to access the data securely.Which solution will meet these requirements?

A : Create the Lambda function. Configure VPC1 access for the function. Attach a security group namedSG1 to both the Lambda function and the database. Configure the security group inbound and outboundrules to allow TCP traffic on Port 3306.

B : Create and launch a Lambda function in a new public subnet that is in a new VPC named VPC2. Createa peering connection between VPC1 and VPC2.

C : Create the Lambda function. Configure VPC1 access for the function. Assign a security group namedSG1 to the Lambda function. Assign a second security group named SG2 to the database. Add aninbound rule to SG1 to allow TCP traffic from Port 3306.

D : Export the data from the Aurora database to Amazon S3. Create and launch a Lambda function inVPC1. Configure the Lambda function query the data from Amazon S3.

Answer: A

Question 4

A developer is creating a serverless application that uses an AWS Lambda function The developer will useAWS CloudFormation to deploy the application The application will write logs to Amazon CloudWatch LogsThe developer has created a log group in a CloudFormation template for the application to use The developerneeds to modify the CloudFormation template to make the name of the log group available to the applicationat runtimeWhich solution will meet this requirement?

A : Use the AWS:lnclude transform in CloudFormation to provide the log group ' s name to the application

B : Pass the log group ' s name to the application in the user data section of the CloudFormation template.

C : Use the CloudFormation template ' s Mappings section to specify the log group ' s name for theapplication.

D : Pass the log group ' s Amazon Resource Name (ARN) as an environment variable to the Lambdafunction

Answer: D

Question 5

A developer must securely access a secret during a build process in an AWS CodeBuild project that has anIAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file withoutappearing in the build logs. Which solution will meet these requirements with the LEAST operationaloverhead?

A : Configure AWS Secrets Manager to store the secret. Configure the env section of the buildspec.yml fileto have a secrets-manager key-value entry that references the secret. Grant the CodeBuild IAM role theminimum necessary permissions to access the secret.

B : Store the secret in an encrypted Amazon S3 bucket. Download the secret during the build process. UseNoEcho to mask the value of the secret. Grant the CodeBuild IAM role the minimum necessarypermissions to access the S3 bucket.

C : Configure AWS Systems Manager Parameter Store to store the secret. Configure the env section of thebuildspec.yml file to have a parameter-store key-value entry that references the parameter. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

D : Store the secret in AWS Systems Manager Parameter Store. Use a pre-build step to retrieve theparameter by using AWS CLI commands. Mask the parameter in the buildspec.yml file. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

Answer: A