Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. Amazon
  5. AWS Certified Developer - Associate DVA-C02

AWS Certified Developer - Associate DVA-C02
AWS Certified Developer - Associate DVA-C02 Exam

A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions.
When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.

A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token must also be accessible from other AWS accounts.

Which solution will meet these requirements with the LEAST management overhead?

  1. Use an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token. Add a resource-based policy to the parameter to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Parameter Store. Retrieve the token from Parameter Store with the decrypt flag enabled. Use the decrypted access token to send the message to the chat.
  2. Encrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key. Store the access token in an Amazon DynamoDB table. Update the IAM role of the EC2 instances with permissions to access DynamoDB and AWS KMS. Retrieve the token from DynamoD Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the message to the chat.
  3. Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token. Add a resource-based policy to the secret to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager. Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to the chat.
  4. Encrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key. Store the access token in an Amazon S3 bucket. Add a bucket policy to the S3 bucket to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Amazon S3 and AWS KMS. Retrieve the token from the S3 bucket. Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the massage to the chat.

Answer(s): C

Explanation:

Option A is wrong. It seems to be a good solution. However, AWS managed keys cannot be used for cross account accessing.


Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/secrets-manager-share-between-accounts/
https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples_cross.html



A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.

Which solution will meet these requirements?

  1. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.
  2. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.
  3. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.
  4. Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

Answer(s): D

Explanation:

Amazon EC2 instances can send the state-change notification events to Amazon EventBridge.
Amazon EventBridge can send and receive events between event buses in AWS accounts.


Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state-changes.html https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html



An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.

Which option will meet these requirements with the HIGHEST level of security?

  1. Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).
  2. Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.
  3. Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.
  4. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Answer(s): D


Reference:

https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html



A company is building a scalable data management solution by using AWS services to improve the speed and agility of development. The solution will ingest large volumes of data from various sources and will process this data through multiple business rules and transformations.

The solution requires business rules to run in sequence and to handle reprocessing of data if errors occur when the business rules run. The company needs the solution to be scalable and to require the least possible maintenance.

Which AWS service should the company use to manage and automate the orchestration of the data flows to meet these requirements?

  1. AWS Batch
  2. AWS Step Functions
  3. AWS Glue
  4. AWS Lambda

Answer(s): B

Explanation:

Option B is the correct choice. AWS Step Functions allows you to coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. It also provides a way to handle errors and retry failed steps, making it a good fit for the company’s requirements.


Reference:

https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html




Tzu Lin
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) Answer(s): C,E C) One bill for multiple accounts E) Custom cost and usage budget creation E seems incorrect, should be A = Volume discounts (Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts)
- UNITED STATES
Upvote


Niraj
Questions are valid. I just passed.
- India
Upvote


Sarah
Fantastic effort on the practice exam!
- UNITED STATES
Upvote


Marcus
Impressive work on this exam dumps. Love the free version.
- CANADA
Upvote


Emily
Great job on these practice exam questions! You guys are the best.
- CANADA
Upvote


seagal
I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !
- Edmonton
Upvote


Illya
I passed my exam today with a score of 964. This was a difficult test but the preparation guide was very good. I would not have passed without the materials. Thank you very much for giving me the opportunity to better my life.
- Alberta
Upvote


Jackson
Exam syo-101 Exam I passed my exam today with no problem whatsoever. I just wanted to say a sincere thank you for the outstanding study guide. You guys are a phenomenal help when it comes to study assistance. Thanks and definitely expect to see me again.
- MJ
Upvote


CJ
Exam 1Z0-040: 1Z0-040 passed!!! I have passed my exam 59/60. You people are the boom. Thanks for the exam questions. They were so real!!
- UNITED STATES
Upvote


Oshrit
Dear Support, I passed (as you expected) the Sun Solaris Admin I (310-011) at first trial. Thank you so much.
- Israel
Upvote

Read more ...