DVA-C01 Online Practice Questions and Answers

Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip

Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?

A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip

B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00- FILENAME.zip

C. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6- FILENAME.zip

D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/ FILENAME.zip

An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket. Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

A. Use the default AWS KMS customer master key for S3 in the Lambda function code.

B. Use the S3 managed key and call the GenerateDataKey API to encrypt the file.

C. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

D. Use a custom KMS customer master key created for S3 in the Lambda function code.

A Developer has developed a web application and wants to deploy it quickly on a Tomcat server on AWS. The Developer wants to avoid having to manage the underlying infrastructure. What is the easiest way to deploy the application, based on these requirements?

A. AWS CloudFormation

B. AWS Elastic Beanstalk

C. Amazon S3

D. AWS CodePipeline

A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical copies of the infrastructure, stage changes, and revert to previous versions. Which approach addresses these requirements?

A. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure.

B. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure.

C. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure.

D. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.

A developer wants to send multi-value headers to an AWS Lambda function that is registered as a target with an Application Load Balancer (ALB). What should the developer do to achieve this?

A. Place the Lambda function and target group in the same account.

B. Send the request body to the Lambda function with a size less than 1 MB.

C. Include the Base64 encoding status, status code, status description, and headers in the Lambda function.

D. Enable the multi-value headers on the ALB.

A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing. How should the Developer incorporate unit tests as part of CI/CD pipelines?

A. Create a separate CodePipeline pipeline to run unit tests

B. Update the AWS CodeBuild specification to include a phase for running unit tests

C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests

D. Create a testing branch in AWS CodeCommit to run unit tests

A developer has a legacy application that is hosted on-premises Other applications hosted on AWS depend on the on-premises application for proper functioning In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.

How can the developer accomplish this?

A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch .

B. Download the CloudWatch agent to the on-premises server Configure the agent to use IAM user credentials with permissions for CloudWatch

C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files

D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

A developer is building a highly secure healthcare application using .. application requires writing temporary data to /tmp storage on an AWS Lambda function. How should the developer encrypt this data?

A. Enable Amazon EBS volume encryption with an AWS KMS .. configuration so that all storage attached to the Lambda function is encrypted.

B. Set up the Lambda function with a role and key policy to access an AWS KMS CMK Use the CMK to generate a data key used to encrypt all data prior to writing to /tmp storage.

C. Use OpenSSL to generate a symmetric encryption key on Lambda startup Use this key to encrypt the data prior to writing to /tmp.

D. Use an on-premises hardware security module (HSM) to generate keys where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function.

A company requires all data that is stored in Amazon DynamoDB tables to be encrypted at rest with keys that are managed by the company. How can a developer meet these requirements WITHOUT changing the application?

A. Use the AWS Encryption SDK to encrypt items before insertion.

B. Enable table-level encryption with an AWS managed customer master key (CMK).

C. Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table.

D. Import key material in DynamoDB, and enable table-level encryption.

A company recently experienced some unexpected downtime. After investigating, the company determines that a developer mistakenly terminated several production Amazon EC2 instances.

What should the company do to BEST protect against accidental terminations in the future.

A. Enable EC2 termination protection on all production instances unless approval has been given through AWS Resource Access Manager.

B. Modify the developer group's permissions policy to deny them access to delete production instances unless approved has been given through AWS Resource Access Manager.

C. Modify the developer group's permission policy to require multi-factor authentication (MFA) only production instances are being delete Enable EC2 termination protection on production instances.

D. Enable EC2 termination protection on production instances. Deny the developer group's permissions policy access to terminate instance. Create a new role that developer can assume when termination is necessary.