DVA-C02 Exam Dumps - AWS Certified Developer - Associate

Searching for workable clues to ace the Amazon Web Services DVA-C02 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s DVA-C02 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
9
10
Next
Last >>

Question # 41

A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket. The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS STS to assume a role with access to perform the S3 PUT operation to upload the file.

The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an IAM instance profile in the same AWS account that owns the S3 bucket.

What is the MOST secure solution for the developer to use to migrate the automation code?

Remove the code that calls the STS AssumeRole operation. Use the same access key and secret key from the server to access the S3 bucket.

Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.

Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an IAM instance profile role that grants access to the S3 bucket.

Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Create a new access key and secret key. Use the new keys to access the S3 bucket.

Full Access

Answer:

Explanation:

The most secure approach on Amazon EC2 is to avoid long-term static credentials entirely and rely on IAM roles for Amazon EC2 (instance profiles). When an EC2 instance is associated with an instance profile, AWS automatically provides temporary security credentials to the instance through the instance metadata service (IMDS) . The AWS SDK and CLI can retrieve and rotate these credentials automatically, eliminating the need to store an access key and secret key on disk. This reduces the risk of credential leakage and removes the operational burden of key rotation.

In this scenario, the EC2 instance is already configured with an IAM instance profile in the same account as the S3 bucket. Because the bucket is in the same account and the instance profile can be granted the required permissions, there is no security benefit to keeping a separate stored access key/secret key or performing an additional STS AssumeRole hop. The simplest and most secure design is to attach an IAM policy to the instance profile role that allows the required s3:PutObject (and any related actions such as s3:PutObjectAcl if needed) on the specific bucket/prefix. The application code can then call S3 directly using the AWS SDK, which will automatically use the instance profile credentials.

Option A continues to use long-lived static credentials stored on the server, which is less secure than instance profiles. Option D is the same problem with different keys: still long-lived credentials that must be protected and rotated. Option B removes stored keys but keeps an AssumeRole call; although AssumeRole uses temporary credentials, it adds complexity and is unnecessary here because the instance already has an IAM role and the S3 bucket is in the same account.

Therefore, the most secure solution is C : remove static keys and the AssumeRole code and use the instance profile role with least-privilege S3 permissions.

Question # 42

A developer is building an application that processes a stream of user-supplied data. The data stream must be consumed by multiple Amazon EC2-based processing applications in parallel and in real time. Each processor must be able to resume without losing data if there is a service interruption. The application architect plans to add other processors in the near future and wants to minimize the amount of data duplication involved.

Which solution will satisfy these requirements?

Publish the data to Amazon SQS.

Publish the data to Amazon Data Firehose.

Publish the data to Amazon EventBridge.

Publish the data to Amazon Kinesis Data Streams.

Full Access

Answer:

Explanation:

The requirements describe a real-time streaming use case where multiple processing applications must read the same stream in parallel, each must be able to resume processing after interruptions without data loss, and the system should support adding new processors with minimal duplication. Amazon Kinesis Data Streams (KDS) is purpose-built for this pattern.

With Kinesis Data Streams, producers write records to a stream that is split into shards. Multiple consumer applications can independently read from the stream using separate consumer groups (for example, using Kinesis Client Library). Each consumer maintains its own checkpoint (sequence number position), which allows it to resume from the last processed record after a restart or failure. This directly meets the â€œresume without losing dataâ€ requirement.

KDS also supports a configurable retention period (commonly 24 hours by default, extendable), enabling replay and recovery without forcing producers to re-send data or duplicating messages for each processor. Adding new consumers is straightforward: a new processor can begin reading the existing stream (from latest or from a trim horizon), which minimizes duplication compared to fan-out duplication patterns.

Why the others donâ€™t fit:

SQS is a queue, not a stream. Multiple consumers typically compete for messages rather than all consuming the same messages independently, and duplication is required if multiple apps must process the same data.

Kinesis Data Firehose is primarily for delivery to destinations (S3, Redshift, OpenSearch) and not designed for multiple real-time parallel consumers with replay semantics.

EventBridge is event routing with limited replay/resume semantics compared to KDS and is not intended for high-throughput stream processing with per-consumer checkpoints.

Therefore, Amazon Kinesis Data Streams satisfies all requirements.

Question # 43

A developer supports an application that accesses data in an Amazon DynamoDB table. One of the item attributes is expirationDate in the timestamp format. The application uses this attribute to find items, archive them, and remove them from the table based on the timestamp value

The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.

Which solution will meet these requirements?

Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda function.

Create two AWS Lambda functions one to delete the items and one to process the items Create a DynamoDB stream Use the Deleteltem API operation to delete the items based on the expirationDate attribute Use the GetRecords API operation to get the items from the DynamoDB stream and process them

Create two AWS Lambda functions, one to delete the items and one to process the items. Create an Amazon EventBndge scheduled rule to invoke the Lambda Functions Use the Deleteltem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB table and process them.

Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue Service (Amazon SQS > dead-letter queue as the target to delete the items Create an AWS Lambda function to process the items

Full Access

Question # 44

A developer needs to perform geographic load testing of an API. The developer must deploy resources to multiple AWS Regions to support the load testing of the API.

How can the developer meet these requirements without additional application code?

Create and deploy an AWS Lambda function in each desired Region. Configure the Lambda function to create a stack from an AWS CloudFormation template in that Region when the function is invoked.

Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.

Create an AWS Systems Manager document that defines the resources. Use the document to create the resources in the desired Regions.

Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI deploy command to create a stack from the template in each Region.

Full Access

Question # 45

A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an 1AM developer group. The test events must be editable by any of the 1AM users in the 1AM developer group.

Which solution will meet these requirements?

Create and store the test events in Amazon S3 as JSON objects. Allow S3 bucket access to all 1AM users.

Create the test events. Configure the event sharing settings to make the test events shareable.

Create and store the test events in Amazon DynamoDB. Allow access to DynamoDB by using 1AM roles.

Create the test events. Configure the event sharing settings to make the test events private.

Full Access

Question # 46

A developer needs to use Amazon DynamoDB to store customer orders. The developer ' s company requires all customer data to be encrypted at rest with a key that the company generates.

What should the developer do to meet these requirements?

Create the DynamoDB table with encryption set to None. Code the application to use the key to decrypt the data when the application reads from the table. Code the application to use the key to encrypt the data when the application writes to the table.

Store the key by using AW5 KMS. Choose an AVVS KMS customer managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

Store the key by using AWS KMS. Create the DynamoDB table with default encryption. Include the kms:Encrypt parameter with the Amazon Resource Name (ARN) of the AWS KMS key when using the DynamoDB SDK.

Store the key by using AWS KMS. Choose an AWS KMS AWS managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

Full Access

Question # 47

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

Which solution will meet these requirements in the MOST operationally efficient way?

Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments

Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.

Configure the environment variables in the application code Use different names for each environment type

Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret

Full Access

Question # 48

A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same AWS Region as the S3 bucket an AWS CloudPormation template that runs for each account will deploy the Lambda function.

What is the MOST secure way to allow CloudFormaton to access the Lambda Code in the S3 bucket?

Grant the CloudFormation service role the S3 ListBucket and GetObject permissions. Add a bucket policy to Amazon S3 with the principal of " AWS " (account numbers)

Grant the CloudFormation service row the S3 GetObfect permission. Add a Bucket policy to Amazon S3 with the principal of " ' "

Use a service-based link to grant the Lambda function the S3 ListBucket and GetObject permissions by explicitly adding the S3 bucket ' s account number in the resource.

Use a service-based link to grant the Lambda function the S3 GetObject permission Add a resource of " ** to allow access to the S3 bucket.

Full Access