Free Amazon DVA-C02 Exam Questions

Question 1

A company stores customer credit reports in an Amazon S3 bucket. An analytics service uses standardAmazon S3 GET requests to access the reports. A developer must implement a solution to redact personallyidentifiable information (PII) from the reports before the reports reach the analytics service.

A : Load the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift.

B : Set up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API.

C : Use AWS Key Management Service (AWS KMS) to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms permission to the analytics service.

D : Create an Amazon Simple Notification Service (Amazon SNS) topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic.

Answer: B

Question 2

A company is migrating an application with a website and MySQL database to the AWS Cloud. The company require the application to be refactored so it offers high availability and fault tolerance.

How should a Developer refactor the application? (Select TWO.)

A : grate the website to an Auto Scaling group of EC2 instances across a single AZ and use an Elastic Load Balancer

B : grate the MySQL database to an Amazon RDS Multi-AZ deployment

C : grate the MySQL database to an Amazon RDS instance with a Read Replica in another AZ

D : grate the website to an Auto Scaling group of EC2 instances across multiple AZs and use an Elastic Load Balancer

E : grate the MySQL database to an Amazon DynamoDB with Global Tables

Answer: B,D

Question 3

A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWS Lambda function. What can a developer do to ensure that only trusted code is deployed to Lambda?

A : Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to the Lambda package before deploying the package to Lambda.

B : Define the code signing configuration in the Lambda console. Use AWS Signer to digitally sign the Lambda package before deploying the package to Lambda.

C : Link Lambda to AWS KMS in the Lambda console. Use AWS KMS to digitally sign the Lambda package before deploying the package to Lambda.

D : Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of a trusted key before deploying the package to Lambda.

Answer: B

Question 4

An application resizes images that are uploaded to an Amazon S3 bucket. Amazon S3 event notifications are used to trigger an AWS Lambda function that resizes the images. The processing time for each image is less than one second. A large amount of images are expected to be received in a short burst of traffic. How will AWS Lambda accommodate the workload?

A : mbda will collect and then batch process the images in a single execution

B : mbda will scale the memory allocated to the function to increase the amount of CPU available to process many images

C : mbda will process the images sequentially in the order they are received

D : mbda will scale out and execute the requests concurrently

Answer: D

Question 5

A healthcare company is developing a multi-tier web application to manage patient records that are in an Amazon Aurora PostgreSQL database cluster. The company stores the application code in a Git repository and deploys the code to Amazon EC2 instances. The application must comply with security policies and follow the principle of least privilege. The company must securely manage database credentials and API keys within the application code. The company must have the ability to rotate encryption keys on demand. Which solution will meet these requirements?

A : Store database credentials and API keys in AWS Secrets Manager. Use AWS managed AWS KMS keys. Set up automatic key rotation. Use the AWS SDK to retrieve secrets.

B : Store the database credentials and API keys in AWS Secrets Manager. Use customer managed AWS KMS keys. Set up automatic key rotation. Create a key policy in the application to retrieve secrets by using the AWS SDK.

C : Store the database credentials in the application code. Separate credentials by using environmentspecific branches that have restricted access to the code repositories.

D : Store the database credentials and API keys as parameters in AWS Systems Manager Parameter Store. Encrypt the credentials and API keys with AWS managed AWS KMS keys. Use the AWS SDK to retrieve secrets.

Answer: A