Amazon (DVA-C01) Exam Questions And Answers page 31
A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom.
Which encryption option will meet these requirements?
Which encryption option will meet these requirements?
Server-side encryption with AWS KMS managed keys (SSE-KMS)
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with self-managed keys
Storage Services
Security and Identity Services
A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?
What is the easiest way to achieve this?
Encrypt the data before sending it to Amazon S3
Import a custom key into AWS KMS with annual rotation enabled
Use AWS KMS with automatic key rotation
Export a key from AWS KMS to encrypt the data
Storage Services
Security and Identity Services
A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster.
How should the application authenticate with AWS services in production?
How should the application authenticate with AWS services in production?
Configure an ECS task IAM role for the application to use
Refactor the application to call AWS STS AssumeRole based on an instance role
Configure AWS access key/secret access key environment variables with new credentials
Configure the credentials file with a new access key/secret access key
Database Services
Security and Identity Services
A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster.
How should the application authenticate with AWS services in production?
How should the application authenticate with AWS services in production?
Configure an ECS task IAM role for the application to use
Refactor the application to call AWS STS AssumeRole based on an instance role
Configure AWS access key/secret access key environment variables with new credentials
Configure the credentials file with a new access key/secret access key
Database Services
Security and Identity Services
A developer is testing an application that invokes an AWS Lambda function asynchronously. During the testing phase, the Lambda function fails to process after two retries.
How can the developer troubleshoot the failure?
How can the developer troubleshoot the failure?
Configure AWS CloudTrail logging to investigate the invocation failures
Configure Dead Letter Queues by sending events to Amazon SQS for investigation
Configure Amazon Simple Workflow Service to process any direct unprocessed events
Configure AWS Config to process any direct unprocessed events
Monitoring and Troubleshooting
Serverless
A developer is testing an application that invokes an AWS Lambda function asynchronously. During the testing phase, the Lambda function fails to process after two retries.
How can the developer troubleshoot the failure?
How can the developer troubleshoot the failure?
Configure AWS CloudTrail logging to investigate the invocation failures
Configure Dead Letter Queues by sending events to Amazon SQS for investigation
Configure Amazon Simple Workflow Service to process any direct unprocessed events
Configure AWS Config to process any direct unprocessed events
Monitoring and Troubleshooting
Serverless
A developer is troubleshooting a three-tier application, which is deployed on Amazon EC2 instances. There is a connectivity problem between the application servers and the database servers.
Which AWS services or tools should be used to identify the faulty component? (Choose two.)
Which AWS services or tools should be used to identify the faulty component? (Choose two.)
AWS CloudTrail
AWS Trusted Advisor
Amazon VPC Flow Logs
Network access control lists
AWS Config rules
Networking and Content Delivery
Serverless
A developer is troubleshooting connectivity issues between an AWS Lambda function and an Amazon EC2 instance that runs Amazon Linux 2. The Lambda function and the EC2 instance cannot communicate with each other even though the Lambda function is configured to access resources in the EC2 instance's subnet.
How can the developer inspect the network traffic between the Lambda function and the EC2 instance?
How can the developer inspect the network traffic between the Lambda function and the EC2 instance?
Inspect the VPC flow logs for network activity.
Use the traceroute command on the EC2 instance to check connectivity.
Analyze the Amazon CloudWatch metrics for network traffic.
Use the telnet command on the EC2 instance to check connectivity.
Networking and Content Delivery
Deployment and Management
A developer is troubleshooting the permissions of an application that needs to make changes to an Amazon RDS database. The developer has access to the IAM role that the application is using.
Which command structure should the developer use to test the role permissions?
Which command structure should the developer use to test the role permissions?
aws sts assume-role
aws iam attach-role-policy
aws ssm resume-session
aws rds add-role-to-db-cluster
Security and Identity Services
Monitoring and Troubleshooting
A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was updated and needs to be redeployed.
What file does the Developer need to update to push that change through CodeDeploy?
What file does the Developer need to update to push that change through CodeDeploy?
dockerrun.aws.json
buildspec.yml
appspec.yml
ebextensions.config
Deployment and Management
Comments