DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the AWS Exam Easily with Updated DVA-C02 Practice Questions

Prepare effectively for the SPOTO AWS DOP-C02 exam with our comprehensive collection of exam questions and answers tailored for success. Our test questions cover essential topics for AWS Certified Developer - Associate certification, ensuring thorough preparation and confidence during the exam. Access our extensive library of test questions, exam resources, and study materials designed to enhance your understanding of core AWS services, usage, and best practices for developing cloud-based applications. Our focus is on providing you with the tools and knowledge needed to pass successfully, demonstrating your proficiency in deploying and debugging applications on the AWS platform. Utilize our professional mock exams to simulate the exam environment, identify areas for improvement, and refine your exam strategy. With SPOTO's AWS DOP-C02 exam preparation content, you'll be well-equipped to excel and achieve your certification goals in AWS Certified Developer - Associate.
Take other online exams

Question #1
A developer is configuring an application's deployment environment in AWS CodePipeline. The application code is stored in a GitHub repository. The developer wants to ensure that the repository package's unit tests run in the new deployment environment. The developer has already set the pipeline's source provider to GitHub and has specified the repository and branch to use in the deployment.Which combination of steps should the developer take next to meet these requirements with the LEAST overhead? (Choose t
A. dd an override to the feature
B. dd an override to the feature
C. dd an experiment to the project
D. dd an experiment to the project
View answer
Correct Answer: BE

View The Updated DVA-C02 Exam Questions

SPOTO Provides 100% Real DVA-C02 Exam Questions for You to Pass Your DVA-C02 Exam!

Question #2
A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default ca
A. dd a second cache behavior to the distribution with the same origin as the default cache behavior
B. dd a second cache behavior to the distribution with the same origin as the default cache behavior
C. dd a second origin as a failover origin to the default cache behavior
D. dd a bucket policy to the S3 bucket to allow read access
View answer
Correct Answer: A
Question #3
A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?
A. ncode each employee's contact information and photos using Base64
B. tore each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3
C. se Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method
D. tore employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: B
Question #4
A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token m
A. se an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token
B. ncrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key
C. se AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token
D. ncrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key
View answer
Correct Answer: C
Question #5
A developer created an AWS Lambda function that accesses resources in a VPC. The Lambda function polls an Amazon Simple Queue Service (Amazon SQS) queue for new messages through a VPC endpoint. Then the function calculates a rolling average of the numeric values that are contained in the messages. After initial tests of the Lambda function, the developer found that the value of the rolling average that the function returned was not accurate.How can the developer ensure that the function calculates an accura
A. et the function's reserved concurrency to 1
B. odify the function to store the values in Amazon ElastiCache
C. et the function's provisioned concurrency to 1
D. odify the function to store the values in the function's layers
View answer
Correct Answer: A
Question #6
A company is creating an application that processes .csv files from Amazon S3. A developer has created an S3 bucket. The developer has also created an AWS Lambda function to process the .csv files from the S3 bucket.Which combination of steps will invoke the Lambda function when a .csv file is uploaded to Amazon S3? (Choose two.)
A. se the AWS::Region pseudo parameter
B. equire the Region as a CloudFormation parameter
C. ind the Region from the AWS::StackId pseudo parameter by using the Fn::Split intrinsic function
D. ynamically import the Region by referencing the relevant parameter in AWS Systems Manager Parameter Store
View answer
Correct Answer: AC
Question #7
A developer is building a new application on AWS. The application uses an AWS Lambda function that retrieves information from an Amazon DynamoDB table. The developer hard coded the DynamoDB table name into the Lambda function code. The table name might change over time. The developer does not want to modify the Lambda code if the table name changes.Which solution will meet these requirements MOST efficiently?
A. reate a Lambda environment variable to store the table name
B. tore the table name in a file
C. reate a file to store the table name
D. reate a global variable that is outside the handler in the Lambda function to store the table name
View answer
Correct Answer: A
Question #8
A company has a web application that is deployed on AWS. The application uses an Amazon API Gateway API and an AWS Lambda function as its backend.The application recently demonstrated unexpected behavior. A developer examines the Lambda function code, finds an error, and modifies the code to resolve the problem. Before deploying the change to production, the developer needs to run tests to validate that the application operates properly.The application has only a production environment available. The develo
A. un the sam package and sam deploy commands
B. un the cdk synth and cdk deploy commands
C. un the cdk synth and sam local invoke commands with the function construct identifier and the path to the synthesized CloudFormation template
D. un the cdk synth and sam local start-lambda commands with the function construct identifier and the path to the synthesized CloudFormation template
View answer
Correct Answer: BD
Question #9
A company has a multi-node Windows legacy application that runs on premises. The application uses a network shared folder as a centralized configuration repository to store configuration files in .xml format. The company is migrating the application to Amazon EC2 instances. As part of the migration to AWS, a developer must identify a solution that provides high availability for the repository.Which solution will meet this requirement MOST cost-effectively?
A. ount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instances
B. eploy a micro EC2 instance with an instance store volume
C. reate an Amazon S3 bucket to host the repository
D. reate an Amazon S3 bucket to host the repository
View answer
Correct Answer: C
Question #10
A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment in a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts.How can a developer meet these requirements without changing the configuration of the SCM system?
A. eploy the API Gateway REST API to all the required AWS accounts
B. eploy the API Gateway REST API to all the receiver AWS accounts
C. rant permission to the central AWS account for EventBridge to access the receiver AWS accounts
D. onvert the API Gateway type from REST API to HTTP API
View answer
Correct Answer: C
Question #11
A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.A developer wants to store the original immutable record in Amazon S3. Depending on who accesses
A. et up an S3 event notification that invokes the removePii function when an S3 GET request is made
B. et up an S3 event notification that invokes the removePii function when an S3 PUT request is made
C. reate an S3 Object Lambda access point from the S3 console
D. reate an S3 access point from the S3 console
View answer
Correct Answer: C
Question #12
A developer is working on an ecommerce website. The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available.How can the developer update the application to meet these requirements with MINIMUM changes?
A. ewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch
B. et up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch Dashboards
C. cale down the application to one larger EC2 instance where only one instance is recording logs
D. nstall the unified Amazon CloudWatch agent on the EC2 instances
View answer
Correct Answer: D
Question #13
A company has a front-end application that runs on four Amazon EC2 instances behind an Elastic Load Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. A developer needs to deploy and test new application code while updating the Elastic Beanstalk platform from the current version to a newer version of Node.js. The solution must result in zero downtime for the application.Which solution meets these requirements?
A. lone the production environment to a different platform version
B. eploy the new application code in an all-at-once deployment to the existing EC2 instances
C. erform an immutable update to deploy the new application code to new EC2 instances
D. se a rolling deployment for the new application code
View answer
Correct Answer: D
Question #14
A developer is creating an application for a company. The application needs to read the file doc.txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company’s security team requires the principle of least privilege to be applied to the application’s IAM policy.Which IAM policy statement will meet these security requirements?
A. lone the repository
B. reate a new branch
C. se the Commit Visualizer view to compare the commits when a feature was added
D. top the pull from the main branch to the feature branch
View answer
Correct Answer: A
Question #15
A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.Which solution will meet these requirements MOST securely?
A. tore the API credentials in AWS Secrets Manager
B. tore the API credentials in a local code variable
C. tore the API credentials as an object in a private Amazon S3 bucket
D. tore the API credentials in an Amazon DynamoDB table
View answer
Correct Answer: A
Question #16
A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.The developer needs to implement a solution to support the following use cases:-For a given title and release year, get all details about the movie th
A. reate an Amazon DynamoDB table
B. reate an Amazon DynamoDB table
C. n an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre
D. n an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column
View answer
Correct Answer: A
Question #17
An engineer created an A/B test of a new feature on an Amazon CloudWatch Evidently project. The engineer configured two variations of the feature (Variation A and Variation B) for the test. The engineer wants to work exclusively with Variation
A. The engineer needs to make updates so that Variation A is the only variation that appears when the engineer hits the application's endpoint
A. reate a global secondary index (GSI) with productFamily as the partition key and productType as the sort key
B. reate a local secondary index (LSI) with productFamily as the partition key and productType as the sort key
C. ecreate the table
D. pdate the queries to use Scan operations with productFamily as the partition key and productType as the sort key
View answer
Correct Answer: A
Question #18
A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage.How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?
A. nstall and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service
B. nstall and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service
C. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call
D. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call
View answer
Correct Answer: B
Question #19
An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.Which option will meet these requirements with the HIGHEST level of security?
A. se S3 Event Notifications to validate the file upload and download requests and update the user interface (UI)
B. ave the details of the uploaded files in a separate Amazon DynamoDB table
C. se Amazon API Gateway and an AWS Lambda function to upload and download files
D. se an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3
View answer
Correct Answer: D
Question #20
A company's new mobile app uses Amazon API Gateway. As the development team completes a new release of its APIs, a developer must safely and transparently roll out the API change.What is the SIMPLEST solution for the developer to use for rolling out the new API version to a limited number of users through API Gateway?
A. rite a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance
B. dd an attribute with the expiration time; enable the Time To Live feature based on that attribute
C. ach day, create a new table to hold session data; delete the previous day's table
D. dd an attribute with the expiration time; name the attribute ItemExpiration
View answer
Correct Answer: D
Question #21
A company's developer is building a static website to be deployed in Amazon S3 for a production environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda function. The website that is deployed to production will use a Lambda alias that points to a specific version of the Lambda function.The company must rotate the database credentials every 2 weeks. Lambda functions that the company deployed previously must be able to use the most recent credentials.Which solution
A. tore the database credentials in AWS Secrets Manager
B. nclude the database credentials as part of the Lambda function code
C. se Lambda environment variables
D. tore the database credentials in AWS Systems Manager Parameter Store
View answer
Correct Answer: A
Question #22
A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses IAM permissions to restrict access to the S3 bucket. The customers can access only their own files.Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.Which solution will meet these requirements?
A. dd a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false
B. dd a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read
C. dd an IAM policy to the IAM users to enforce the usage of the AWS SDK
D. dd an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read
View answer
Correct Answer: A
Question #23
A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI and Amazon Cognito authentication.The developer has a new version of the API that contains new endpoints and backward-incompatible interface changes. The developer needs to provide beta access to other developers on the team without affecting customers.Which solution will meet these requirements with the LEAST operational overhead?
A. efine a development stage on the API Gateway API
B. efine a new API Gateway API that points to the new API application code
C. mplement a query parameter in the API application code that determines which code version to call
D. pecify new API Gateway endpoints for the API endpoints that the developer wants to add
View answer
Correct Answer: A
Question #24
A developer needs to build an AWS CloudFormation template that self-populates the AWS Region variable that deploys the CloudFormation template.What is the MOST operationally efficient way to determine the Region in which the template is being deployed?
A. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type
B. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type
C. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type
D. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type
View answer
Correct Answer: A
Question #25
A developer is creating a Ruby application and needs to automate the deployment, scaling, and management of an environment without requiring knowledge of the underlying infrastructure.Which service would best accomplish this task?
A. WS CodeDeploy
B. WS CloudFormation
C. WS OpsWorks
D. WS Elastic Beanstalk
View answer
Correct Answer: D
Question #26
A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token m
A. se an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token
B. ncrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key
C. se AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token
D. ncrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key
View answer
Correct Answer: C
Question #27
A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and has calculated signing information.Which methods could the developer use to complete a signed request? (Choose two.)
A. reate an AWS Lambda-backed CloudFormation custom resource
B. se the AWS CodeBuild action of CodePipeline to generate a secure string by using the following AWS CLI command: aws secretsmanager get-random-password
C. reate an AWS Lambda-backed CloudFormation custom resource
D. se the AWS::SecretsManager::Secret resource to generate a secure string
View answer
Correct Answer: AD
Question #28
A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will invoke the Lambda function when an object is uploaded into an S3 bucket. The Lambda function will process the object and produce some analytic results that will be recorded into a file. Each processed object will also generate a log entry that will be recorded into a file.Other Lambda functions, AWS services, and on-premises resources must have access to the result files and log file. Each log entry must also be appended to
A. reate an Amazon Elastic File System (Amazon EFS) file system
B. reate an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled volume
C. reate a reference to the /tmp local directory
D. reate a reference to the /opt storage directory
View answer
Correct Answer: A
Question #29
A company has an image storage web application that runs on AWS. The company hosts the application on Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group acts as the target group for an Application Load Balancer (ALB) and uses an Amazon S3 bucket to store the images for sale.The company wants to develop a feature to test system requests. The feature will direct requests to a separate target group that hosts a new beta version of the application.Which solution will meet this requirement wit
A. reate a new Auto Scaling group and target group for the beta version of the application
B. reate a new ALB, Auto Scaling group, and target group for the beta version of the application
C. reate a new ALB, Auto Scaling group, and target group for the beta version of the application
D. reate a new Auto Scaling group and target group for the beta version of the application
View answer
Correct Answer: A
Question #30
A company receives food orders from multiple partners. The company has a microservices application that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function to process the orders.Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the
A. reate a different Amazon Simple Notification Service (Amazon SNS) topic for each partner
B. reate a different Lambda function for each partner
C. reate an Amazon Simple Notification Service (Amazon SNS) topic
D. reate one Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: C
Question #31
A company has a multi-node Windows legacy application that runs on premises. The application uses a network shared folder as a centralized configuration repository to store configuration files in .xml format. The company is migrating the application to Amazon EC2 instances. As part of the migration to AWS, a developer must identify a solution that provides high availability for the repository.Which solution will meet this requirement MOST cost-effectively?
A. ount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instances
B. eploy a micro EC2 instance with an instance store volume
C. reate an Amazon S3 bucket to host the repository
D. reate an Amazon S3 bucket to host the repository
View answer
Correct Answer: C
Question #32
A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using production Lambda functions. The development team must prevent these invocations. The team must follow security
A. pdate the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket
B. ove the development and production environments into separate AWS accounts
C. dd a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function
D. ove the development and production environments into separate AWS accounts
View answer
Correct Answer: C
Question #33
A developer is creating an AWS Lambda function. The Lambda function will consume messages from an Amazon Simple Queue Service (Amazon SQS) queue. The developer wants to integrate unit testing as part of the function's continuous integration and continuous delivery (CI/CD) process.How can the developer unit test the function?
A. reate an AWS CloudFormation template that creates an SQS queue and deploys the Lambda function
B. reate an SQS event for tests
C. reate an SQS queue for tests
D. se the aws lambda invoke command with a test event during the CIICD process
View answer
Correct Answer: D
Question #34
A developer is migrating some features from a legacy monolithic application to use AWS Lambda functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB cluster are deployed in the same AWS Region in the same AWS account.The developer needs to ensure that the Lambda functions can securely access the DB cluster without crossing the public internet.Which solution will meet
A. onfigure the DB cluster's public access setting to Yes
B. onfigure an Amazon RDS database proxy for he Lambda functions
C. onfigure a NAT gateway and a security group for the Lambda functions
D. onfigure the VPC, subnets, and a security group for the Lambda functions
View answer
Correct Answer: D
Question #35
A developer is creating a mobile app that calls a backend service by using an Amazon API Gateway REST API. For integration testing during the development phase, the developer wants to simulate different backend responses without invoking the backend service.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an AWS Lambda function
B. reate an Amazon EC2 instance that serves the backend REST API by using an AWS CloudFormation template
C. ustomize the API Gateway stage to select a response type based on the request
D. se a request mapping template to select the mock integration response
View answer
Correct Answer: D
Question #36
A developer is designing an AWS Lambda function that creates temporary files that are less than 10 MB during invocation. The temporary files will be accessed and modified multiple times during invocation. The developer has no need to save or retrieve these files in the future.Where should the temporary files be stored?
A. ackage each Python library in its own
B. reate a Lambda layer with the required Python library
C. ombine the two Lambda functions into one Lambda function
D. ownload the Python library to an S3 bucket
View answer
Correct Answer: A
Question #37
A company is planning to deploy an application on AWS behind an Elastic Load Balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses.Which load-balancing solution meets these requirements?
A. se an Application Load Balancer and the X-Forwarded-For headers
B. se a Network Load Balancer (NLB)
C. se an Application Load Balancer
D. se a Network Load Balancer and the X-Forwarded-For headers
View answer
Correct Answer: A
Question #38
An online food company provides an Amazon API Gateway HTTP API to receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table.The company expects to onboard additional partners. Some of the partners require additional Lambda functions to receive orders. The company has created an Amazon S3 bucket. The company needs to store all orders and updates in the S3 bucket for future analysis.How can the developer ensure that all or
A. reate a new Lambda function and a new API Gateway API endpoint
B. se Amazon Kinesis Data Streams to create a new data stream
C. nable DynamoDB Streams on the DynamoDB table
D. odify the Lambda function to publish to a new Amazon Simple Notification Service (Amazon SNS) topic as the Lambda function receives orders
View answer
Correct Answer: C
Question #39
A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an IAM developer group. The test events must be editable by any of the IAM users in the IAM developer group.Which solution will meet these requirements?
A. reate and store the test events in Amazon S3 as JSON objects
B. reate the test events
C. reate and store the test events in Amazon DynamoDB
D. reate the test events
View answer
Correct Answer: B
Question #40
A software company is launching a multimedia application. The application will allow guest users to access sample content before the users decide if they want to create an account to gain full access. The company wants to implement an authentication process that can identify users who have already created an account. The company also needs to keep track of the number of guest users who eventually create an account.Which combination of steps will meet these requirements? (Choose two.)
A. reate Lambda functions inside the VPC with the AWSLambdaBasicExecutionRole policy attached to the Lambda execution role
B. reate Lambda functions inside the VPC with the AWSLambdaVPCAccessExecutionRole policy attached to the Lambda execution role
C. reate Lambda functions with the AWSLambdaBasicExecutionRole policy attached to the Lambda execution role
D. reate Lambda functions with the AWSLambdaVPCAccessExecutionRole policy attached to the Lambda execution role
View answer
Correct Answer: BD
Question #41
An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below: Which techniques will help mitigate this exception? (Choose two.)
A. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
B. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
C. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
D. onfigure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose
View answer
Correct Answer: AC
Question #42
An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application tier. To process orders during checkout, the application calls a POST API from the frontend. The POST API invokes the Lambda function asynchronously. In rare situations, the application has not processed orders. The Lambda application logs show no errors or failures.What should a developer do to solve this problem?
A. nspect the frontend logs for API failures
B. reate and inspect the Lambda dead-letter queue
C. nspect the Lambda logs in Amazon CloudWatch for possible errors
D. ake sure that caching is disabled for the POST API in API Gateway
View answer
Correct Answer: B
Question #43
A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses IAM permissions to restrict access to the S3 bucket. The customers can access only their own files.Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.Which solution will meet these requirements?
A. dd a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false
B. dd a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read
C. dd an IAM policy to the IAM users to enforce the usage of the AWS SDK
D. dd an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read
View answer
Correct Answer: A
Question #44
A developer is incorporating AWS X-Ray into an application that handles personal identifiable information (PII). The application is hosted on Amazon EC2 instances. The application trace messages include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes outside of the EC2 instances.Which solution will meet these requirements?
A. anually instrument the X-Ray SDK in the application code
B. se the X-Ray auto-instrumentation agent
C. se Amazon Macie to detect and hide PII
D. se AWS Distro for Open Telemetry
View answer
Correct Answer: A
Question #45
A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an IAM developer group. The test events must be editable by any of the IAM users in the IAM developer group.Which solution will meet these requirements?
A. reate and store the test events in Amazon S3 as JSON objects
B. reate the test events
C. reate and store the test events in Amazon DynamoDB
D. reate the test events
View answer
Correct Answer: B
Question #46
A company has installed smart meters in all its customer locations. The smart meters measure power usage at 1-minute intervals and send the usage readings to a remote endpoint for collection. The company needs to create an endpoint that will receive the smart meter readings and store the readings in a database. The company wants to store the location ID and timestamp information.The company wants to give its customers low-latency access to their current usage and historical usage on demand. The company expe
A. tore the smart meter readings in an Amazon RDS database
B. tore the smart meter readings in an Amazon DynamoDB table
C. tore the smart meter readings in Amazon ElastiCache for Redis
D. tore the smart meter readings in Amazon S3
View answer
Correct Answer: B
Question #47
A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table.What is the MOST likely cause of this issue?
A. he Lambda function's concurrency limit has been exceeded
B. ynamoDB table requires a global secondary index (GSI) to support writes
C. he Lambda function does not have IAM permissions to write to DynamoDB
D. he DynamoDB table is not running in the same Availability Zone as the Lambda function
View answer
Correct Answer: C
Question #48
A company stores its data in data tables in a series of Amazon S3 buckets. The company received an alert that customer credit card information might have been exposed in a data table on one of the company's public applications. A developer needs to identify all potential exposures within the application environment.Which solution will meet these requirements?
A. se Amazon Athena to run a job on the S3 buckets that contain the affected data
B. se Amazon Macie to run a job on the S3 buckets that contain the affected data
C. se Amazon Macie to run a job on the S3 buckets that contain the affected data
D. se Amazon Athena to run a job on the S3 buckets that contain the affected data
View answer
Correct Answer: B
Question #49
An ecommerce website uses an AWS Lambda function and an Amazon RDS for MySQL database for an order fulfillment service. The service needs to return order confirmation immediately.During a marketing campaign that caused an increase in the number of orders, the website's operations team noticed errors for “too many connections” from Amazon RDS. However, the RDS DB cluster metrics are healthy. CPU and memory capacity are still available.What should a developer do to resolve the errors?
A. nitialize the database connection outside the handler function
B. nitialize the database connection outside the handler function
C. se Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the orders
D. se Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the orders
View answer
Correct Answer: B
Question #50
A company has an image storage web application that runs on AWS. The company hosts the application on Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group acts as the target group for an Application Load Balancer (ALB) and uses an Amazon S3 bucket to store the images for sale.The company wants to develop a feature to test system requests. The feature will direct requests to a separate target group that hosts a new beta version of the application.Which solution will meet this requirement wit
A. reate a new Auto Scaling group and target group for the beta version of the application
B. reate a new ALB, Auto Scaling group, and target group for the beta version of the application
C. reate a new ALB, Auto Scaling group, and target group for the beta version of the application
D. reate a new Auto Scaling group and target group for the beta version of the application
View answer
Correct Answer: A
Question #51
A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment in a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts.How can a developer meet these requirements without changing the configuration of the SCM system?
A. eploy the API Gateway REST API to all the required AWS accounts
B. eploy the API Gateway REST API to all the receiver AWS accounts
C. rant permission to the central AWS account for EventBridge to access the receiver AWS accounts
D. onvert the API Gateway type from REST API to HTTP API
View answer
Correct Answer: C
Question #52
A developer is creating an AWS Lambda function that consumes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue. The developer notices that the Lambda function processes some messages multiple times.How should developer resolve this issue MOST cost-effectively?
A. hange the Amazon SQS standard queue to an Amazon SQS FIFO queue by using the Amazon SQS message deduplication ID
B. et up a dead-letter queue
C. et the maximum concurrency limit of the AWS Lambda function to 1
D. hange the message processing to use Amazon Kinesis Data Streams instead of Amazon SQS
View answer
Correct Answer: A
Question #53
A developer has written the following IAM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?
A. ccess on all buckets except the “DOC-EXAMPLE-BUCKET” bucket
B. ccess on all buckets that start with “DOC-EXAMPLE-BUCKET” except the “DOC-EXAMPLE-BUCKET/secrets” bucket
C. ccess on all objects in the “DOC-EXAMPLE-BUCKET” bucket along with access to all S3 actions for objects in the “DOC-EXAMPLE-BUCKET” bucket that start with “secrets”
D. ccess on all objects in the “DOC-EXAMPLE-BUCKET” bucket except on objects that start with “secrets”
View answer
Correct Answer: D
Question #54
A company is updating an application to move the backend of the application from Amazon EC2 instances to a serverless model. The application uses an Amazon RDS for MySQL DB instance and runs in a single VPC on AWS. The application and the DB instance are deployed in a private subnet in the VPC.The company needs to connect AWS Lambda functions to the DB instance.Which solution will meet these requirements?
A. hange the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AMI
B. opy the custom AMI from us-east-1 to us-west-1
C. uild the custom AMI in us-west-1
D. anually deploy the application outside AWS CloudFormation in us-west-1
View answer
Correct Answer: B
Question #55
A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI). The company uses AWS CloudFormation to provision the application. The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region.An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational
A. reate an AWS CodeArtifact repository that contains all the custom libraries
B. reate a custom container image for the Lambda functions to save all the custom libraries
C. reate a Lambda layer that contains all the custom libraries
D. reate an Amazon Elastic File System (Amazon EFS) file system to store all the custom libraries
View answer
Correct Answer: B
Question #56
An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.Which option will meet these requirements with the HIGHEST level of security?
A. se S3 Event Notifications to validate the file upload and download requests and update the user interface (UI)
B. ave the details of the uploaded files in a separate Amazon DynamoDB table
C. se Amazon API Gateway and an AWS Lambda function to upload and download files
D. se an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3
View answer
Correct Answer: D
Question #57
A company has an AWS Lambda function that processes incoming requests from an Amazon API Gateway API. The API calls the Lambda function by using a Lambda alias. A developer updated the Lambda function code to handle more details related to the incoming requests. The developer wants to deploy the new Lambda function for more testing by other developers with no impact to customers that use the API.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a new version of the Lambda function
B. pdate the existing Lambda alias used by API Gateway to a weighted alias
C. reate a new version of the Lambda function
D. reate a new version of the Lambda function
View answer
Correct Answer: A
Question #58
A company created four AWS Lambda functions that connect to a relational database server that runs on an Amazon RDS instance. A security team requires the company to automatically change the database password every 30 days.Which solution will meet these requirements MOST securely?
A. tore the database credentials in the environment variables of the Lambda function
B. tore the database credentials in AWS Secrets Manager
C. tore the database credentials in AWS Systems Manager Parameter Store secure strings
D. tore the database credentials in an Amazon S3 bucket that uses server-side encryption with customer-provided encryption keys (SSE-C)
View answer
Correct Answer: B
Question #59
A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3,000 MB file is uploaded, the Lambda function does not launch.Which of the following is a possible reason for the Lambda function's inability to launch?
A. he S3 event notification does not activate for files that are larger than 1,000 MB
B. he resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3
C. ambda functions cannot be invoked directly from an S3 event
D. he S3 bucket needs to be made public
View answer
Correct Answer: B
Question #60
A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table.What is the MOST likely cause of this issue?
A. he Lambda function's concurrency limit has been exceeded
B. ynamoDB table requires a global secondary index (GSI) to support writes
C. he Lambda function does not have IAM permissions to write to DynamoDB
D. he DynamoDB table is not running in the same Availability Zone as the Lambda function
View answer
Correct Answer: D
Question #61
A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambda function that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a private subnet in company's VPC. The VPC is named VPC1. The data is relational in nature. The Lambda function needs to access the data securely.Which solution will meet these requirements?
A. reate the Lambda function
B. reate and launch a Lambda function in a new public subnet that is in a new VPC named VPC2
C. reate the Lambda function
D. xport the data from the Aurora database to Amazon S3
View answer
Correct Answer: A
Question #62
A developer is working on a serverless application that needs to process any changes to an Amazon DynamoDB table with an AWS Lambda function.How should the developer configure the Lambda function to detect changes to the DynamoDB table?
A. reate an Amazon Kinesis data stream, and attach it to the DynamoDB table
B. reate an Amazon EventBridge rule to invoke the Lambda function on a regular schedule
C. nable DynamoDB Streams on the table
D. reate an Amazon Kinesis Data Firehose delivery stream, and attach it to the DynamoDB table
View answer
Correct Answer: C
Question #63
A developer is using an AWS Lambda function to generate avatars for profile pictures that are uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for profile pictures that are saved under the /original/ S3 prefix. The developer notices that some pictures cause the Lambda function to time out. The developer wants to implement a fallback mechanism by using another Lambda function that resizes the profile picture.Which solution will meet these requirements with the LEAST development e
A. et the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. reate an AWS Step Functions state machine that invokes the avatar generator Lambda function and uses the image resize Lambda function as a fallback
D. reate an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: A
Question #64
A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.Which solution will meet these requirements MOST cost-effectively?
A. mazon S3 with encrypted files prefixed with “config”
B. WS Secrets Manager secrets with a tag that is named SecretString
C. WS Systems Manager Parameter Store SecureString parameters
D. loudFormation NoEcho parameters
View answer
Correct Answer: C
Question #65
A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container Service (Amazon ECS). During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, after 15 minutes elapse, the company must route all the remaining live traffic to the new version of the deployed application.Which CodeDeploy predefined configuration will meet these requirements?
A. odeDeployDefault
B. odeDeployDefault
C. odeDeployDefault
D. odeDeployDefault
View answer
Correct Answer: A
Question #66
A company is developing an ecommerce application that uses Amazon API Gateway APIs. The application uses AWS Lambda as a backend. The company needs to test the code in a dedicated, monitored test environment before the company releases the code to the production environment.Which solution will meet these requirements?
A. se a single stage in API Gateway
B. se multiple stages in API Gateway
C. se multiple stages in API Gateway
D. se a single stage in API Gateway
View answer
Correct Answer: C
Question #67
A company stores its data in data tables in a series of Amazon S3 buckets. The company received an alert that customer credit card information might have been exposed in a data table on one of the company's public applications. A developer needs to identify all potential exposures within the application environment.Which solution will meet these requirements?
A. se Amazon Athena to run a job on the S3 buckets that contain the affected data
B. se Amazon Macie to run a job on the S3 buckets that contain the affected data
C. se Amazon Macie to run a job on the S3 buckets that contain the affected data
D. se Amazon Athena to run a job on the S3 buckets that contain the affected data
View answer
Correct Answer: B
Question #68
A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.Which solution will meet these requirements?
A. reate an Amazon ElastiCache for Redis instance
B. reate an Amazon ElastiCache for Memcached instance
C. reate an Amazon RDS for MySQL read replica
D. reate an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table
View answer
Correct Answer: A
Question #69
An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience.What is the best option to store the session state?
A. tore the session state in Amazon ElastiCache
B. tore the session state in Amazon CloudFront
C. tore the session state in Amazon S3
D. nable session stickiness using elastic load balancers
View answer
Correct Answer: A
Question #70
A developer is working on an existing application that uses Amazon DynamoDB as its data store. The DynamoDB table has the following attributes: partNumber (partition key), vendor (sort key), description, productFamily, and productType. When the developer analyzes the usage patterns, the developer notices that there are application modules that frequently look for a list of products based on the productFamily and productType attributes.The developer wants to make changes to the application to improve perform
A. odify the RDS security group
B. edeploy the Lambda function in the same subnet as the RDS instance
C. reate a security group for the Lambda function
D. reate an IAM role
View answer
Correct Answer: A
Question #71
A developer is creating an application that will be deployed on IoT devices. The application will send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign each API request a unique identifier. The volume of API requests from the application can randomly increase at any given time of day.During periods of request throttling, the application might need to retry requests. The API must be able to handle duplicate requests without inconsistencies or data loss.Which solut
A. reate an Amazon RDS for MySQL DB instance
B. reate an Amazon DynamoDB table
C. reate an Amazon DynamoDB table
D. reate an Amazon ElastiCache for Memcached instance
View answer
Correct Answer: B
Question #72
An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the developer wants to examine the logs of the Lambda function code for errors.Based on this system configuration, where would the developer find the logs?
A. mazon S3
B. WS CloudTrail
C. mazon CloudWatch
D. mazon DynamoDB
View answer
Correct Answer: C
Question #73
A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)
A. nstall and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service
B. nstall and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service
C. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call
D. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call
View answer
Correct Answer: BC
Question #74
A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambda function that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a private subnet in company's VPC. The VPC is named VPC1. The data is relational in nature. The Lambda function needs to access the data securely.Which solution will meet these requirements?
A. reate the Lambda function
B. reate and launch a Lambda function in a new public subnet that is in a new VPC named VPC2
C. reate the Lambda function
D. xport the data from the Aurora database to Amazon S3
View answer
Correct Answer: A
Question #75
A developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.What is the reason that no filtered results are being returned?
A. setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC
B. loudWatch Logs only publishes metric data for events that happen after the filter is created
C. he log group for CloudWatch Logs should be first streamed to Amazon OpenSearch Service before metric filtering returns the results
D. etric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket
View answer
Correct Answer: B
Question #76
A developer is building an application that uses Amazon DynamoDB. The developer wants to retrieve multiple specific items from the database with a single API call.Which DynamoDB API call will meet these requirements with the MINIMUM impact on the database?
A. atchGetItem
B. etItem
C. can
D. uery
View answer
Correct Answer: A
Question #77
A company has installed smart meters in all its customer locations. The smart meters measure power usage at 1-minute intervals and send the usage readings to a remote endpoint for collection. The company needs to create an endpoint that will receive the smart meter readings and store the readings in a database. The company wants to store the location ID and timestamp information.The company wants to give its customers low-latency access to their current usage and historical usage on demand. The company expe
A. tore the smart meter readings in an Amazon RDS database
B. tore the smart meter readings in an Amazon DynamoDB table
C. tore the smart meter readings in Amazon ElastiCache for Redis
D. tore the smart meter readings in Amazon S3
View answer
Correct Answer: B
Question #78
A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads. The company wants to refactor the code to achieve optimum read performance for queries.Which solution will meet this requirement with LEAST current and future effort?
A. se a multi-AZ Amazon RDS deployment
B. se a multi-AZ Amazon RDS deployment
C. eploy Amazon RDS with one or more read replicas
D. se open source replication software to create a copy of the MySQL database on an Amazon EC2 instance
View answer
Correct Answer: C
Question #79
A developer is implementing an AWS Cloud Development Kit (AWS CDK) serverless application. The developer will provision several AWS Lambda functions and Amazon API Gateway APIs during AWS CloudFormation stack creation. The developer's workstation has the AWS Serverless Application Model (AWS SAM) and the AWS CDK installed locally.How can the developer test a specific Lambda function locally?
A. reate a new API in API Gateway
B. alidate the new API version and promote it to production during the window of lowest expected utilization
C. mplement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined threshold
D. se the canary release deployment option in API Gateway
View answer
Correct Answer: C
Question #80
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.What is the MOST operationally efficient solution that meets this requirement?
A. reate an AWS Key Management Service (AWS KMS) key
B. et the x-amz-server-side-encryption header when invoking the PutObject API operation
C. rovide the encryption key in the HTTP header of every request
D. pply TLS to encrypt the traffic to the S3 bucket
View answer
Correct Answer: B
Question #81
A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.Which solution will meet these requirements MOST securely?
A. tore the API credentials in AWS Secrets Manager
B. tore the API credentials in a local code variable
C. tore the API credentials as an object in a private Amazon S3 bucket
D. tore the API credentials in an Amazon DynamoDB table
View answer
Correct Answer: B
Question #82
A company is building a scalable data management solution by using AWS services to improve the speed and agility of development. The solution will ingest large volumes of data from various sources and will process this data through multiple business rules and transformations.The solution requires business rules to run in sequence and to handle reprocessing of data if errors occur when the business rules run. The company needs the solution to be scalable and to require the least possible maintenance.Which AW
A. WS Batch
B. WS Step Functions
C. WS Glue
D. WS Lambda
View answer
Correct Answer: B
Question #83
A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)
A. nstall and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service
B. nstall and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service
C. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call
D. apture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call
View answer
Correct Answer: BC
Question #84
For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?
A. eforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall
B. pplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart
C. eforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart
D. pplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart
View answer
Correct Answer: B
Question #85
A developer is writing an AWS Lambda function. The developer wants to log key events that occur while the Lambda function runs. The developer wants to include a unique identifier to associate the events with a specific function invocation. The developer adds the following code to the Lambda function:Which solution will meet this requirement?
A. btain the request identifier from the AWS request ID field in the context object
B. btain the request identifier from the AWS request ID field in the event object
C. btain the request identifier from the AWS request ID field in the event object
D. btain the request identifier from the AWS request ID field in the context object
View answer
Correct Answer: A
Question #86
A developer has designed an application to store incoming data as JSON files in Amazon S3 objects. Custom business logic in an AWS Lambda function then transforms the objects, and the Lambda function loads the data into an Amazon DynamoDB table. Recently, the workload has experienced sudden and significant changes in traffic. The flow of data to the DynamoDB table is becoming throttled.The developer needs to implement a solution to eliminate the throttling and load the data into the DynamoDB table more cons
A. efactor the Lambda function into two functions
B. urn on auto scaling for the DynamoDB table
C. reate an alias for the Lambda function
D. efactor the Lambda function into two functions
View answer
Correct Answer: B
Question #87
A developer is building a new application on AWS. The application uses an AWS Lambda function that retrieves information from an Amazon DynamoDB table. The developer hard coded the DynamoDB table name into the Lambda function code. The table name might change over time. The developer does not want to modify the Lambda code if the table name changes.Which solution will meet these requirements MOST efficiently?
A. reate a Lambda environment variable to store the table name
B. tore the table name in a file
C. reate a file to store the table name
D. reate a global variable that is outside the handler in the Lambda function to store the table name
View answer
Correct Answer: A
Question #88
A company is building a serverless application on AWS. The application uses an AWS Lambda function to process customer orders 24 hours a day, 7 days a week. The Lambda function calls an external vendor's HTTP API to process payments.During load tests, a developer discovers that the external vendor payment processing API occasionally times out and returns errors. The company expects that some payment processing API calls will return errors.The company wants the support team to receive notifications in near r
A. rite the results of payment processing API calls to Amazon CloudWatch
B. ublish custom metrics to CloudWatch that record the failures of the external payment processing API calls
C. ublish the results of the external payment processing API calls to a new Amazon SNS topic
D. rite the results of the external payment processing API calls to Amazon S3
View answer
Correct Answer: B
Question #89
A company runs an application on AWS. The company deployed the application on Amazon EC2 instances. The application stores data on Amazon Aurora.The application recently logged multiple application-specific custom DECRYP_ERROR errors to Amazon CloudWatch logs. The company did not detect the issue until the automated tests that run every 30 minutes failed. A developer must implement a solution that will monitor for the custom errors and alert a development team in real time when these errors occur in the pro
A. onfigure the application to create a custom metric and to push the metric to CloudWatch
B. reate an AWS Lambda function to run every 5 minutes to scan the CloudWatch logs for the keyword DECRYP_ERROR
C. se Amazon CloudWatch Logs to create a metric filter that has a filter pattern for DECRYP_ERROR
D. nstall the CloudWatch unified agent on the EC2 instance
View answer
Correct Answer: C
Question #90
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets.To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the develo
A. reate four access points that allow access to the central S3 bucket
B. reate a bucket policy that allows access to the central S3 bucket
C. reate a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket
D. reate a Content-MD5 header that provides a message integrity check for the central S3 bucket
View answer
Correct Answer: C
Question #91
A company moved some of its secure files to a private Amazon S3 bucket that has no public access. The company wants to develop a serverless application that gives its employees the ability to log in and securely share the files with other users.Which AWS feature should the company use to share and access the files securely?
A. mazon Cognito user pool
B. 3 presigned URLs
C. 3 bucket policy
D. mazon Cognito identity pool
View answer
Correct Answer: A
Question #92
A developer is deploying an AWS Lambda function The developer wants the ability to return to older versions of the function quickly and seamlessly.How can the developer achieve this goal with the LEAST operational overhead?
A. se AWS OpsWorks to perform blue/green deployments
B. se a function alias with different versions
C. aintain deployment packages for older versions in Amazon S3
D. se AWS CodePipeline for deployments and rollbacks
View answer
Correct Answer: B
Question #93
A company is creating an application that processes .csv files from Amazon S3. A developer has created an S3 bucket. The developer has also created an AWS Lambda function to process the .csv files from the S3 bucket.Which combination of steps will invoke the Lambda function when a .csv file is uploaded to Amazon S3? (Choose two.)
A. se the AWS::Region pseudo parameter
B. equire the Region as a CloudFormation parameter
C. ind the Region from the AWS::StackId pseudo parameter by using the Fn::Split intrinsic function
D. ynamically import the Region by referencing the relevant parameter in AWS Systems Manager Parameter Store
View answer
Correct Answer: AC
Question #94
A company is building a web application on AWS. When a customer sends a request, the application will generate reports and then make the reports available to the customer within one hour. Reports should be accessible to the customer for 8 hours. Some reports are larger than 1 MB. Each report is unique to the customer. The application should delete all reports that are older than 2 days.Which solution will meet these requirements with the LEAST operational overhead?
A. enerate the reports and then store the reports as Amazon DynamoDB items that have a specified TTL
B. enerate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryption
C. enerate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryption
D. enerate the reports and then store the reports in an Amazon RDS database with a date stamp
View answer
Correct Answer: C
Question #95
A company has an AWS Lambda function that processes incoming requests from an Amazon API Gateway API. The API calls the Lambda function by using a Lambda alias. A developer updated the Lambda function code to handle more details related to the incoming requests. The developer wants to deploy the new Lambda function for more testing by other developers with no impact to customers that use the API.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a new version of the Lambda function
B. pdate the existing Lambda alias used by API Gateway to a weighted alias
C. reate a new version of the Lambda function
D. reate a new version of the Lambda function
View answer
Correct Answer: A
Question #96
A developer has written an AWS Lambda function. The function is CPU-bound. The developer wants to ensure that the function returns responses quickly.How can the developer improve the function's performance?
A. ncrease the function's CPU core count
B. ncrease the function's memory
C. ncrease the function's reserved concurrency
D. ncrease the function's timeout
View answer
Correct Answer: B
Question #97
A company needs to develop a proof of concept for a web service application. The application will show the weather forecast for one of the company's office locations. The application will provide a REST endpoint that clients can call. Where possible, the application should use caching features provided by AWS to limit the number of requests to the backend service. The application backend will receive a small amount of traffic only during testing.Which approach should the developer take to provide the REST e
A. reate a container image
B. reate an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM)
C. reate a container image
D. reate a microservices application
View answer
Correct Answer: B
Question #98
A developer is deploying an AWS Lambda function The developer wants the ability to return to older versions of the function quickly and seamlessly.How can the developer achieve this goal with the LEAST operational overhead?
A. se AWS OpsWorks to perform blue/green deployments
B. se a function alias with different versions
C. aintain deployment packages for older versions in Amazon S3
D. se AWS CodePipeline for deployments and rollbacks
View answer
Correct Answer: B
Question #99
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.Which solution will meet these requirements?
A. onfigure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account
B. se the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue
C. rite an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes
D. onfigure the permissions on the main account event bus to receive events from all accounts
View answer
Correct Answer: D
Question #100
A developer has designed an application to store incoming data as JSON files in Amazon S3 objects. Custom business logic in an AWS Lambda function then transforms the objects, and the Lambda function loads the data into an Amazon DynamoDB table. Recently, the workload has experienced sudden and significant changes in traffic. The flow of data to the DynamoDB table is becoming throttled.The developer needs to implement a solution to eliminate the throttling and load the data into the DynamoDB table more cons
A. efactor the Lambda function into two functions
B. urn on auto scaling for the DynamoDB table
C. reate an alias for the Lambda function
D. efactor the Lambda function into two functions
View answer
Correct Answer: B
Question #101
A company hosts a batch processing application on AWS Elastic Beanstalk with instances that run the most recent version of Amazon Linux. The application sorts and processes large datasets.In recent weeks, the application's performance has decreased significantly during a peak period for traffic. A developer suspects that the application issues are related to the memory usage. The developer checks the Elastic Beanstalk console and notices that memory usage is not being tracked.How should the developer gather
A. onfigure the Amazon CloudWatch agent to push logs to Amazon CloudWatch Logs by using port 443
B. onfigure the Elastic Beanstalk
C. onfigure the Amazon CloudWatch agent to track the memory usage of the instances
D. onfigure an Amazon CloudWatch dashboard to track the memory usage of the instances
View answer
Correct Answer: B
Question #102
An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.How should the developer code the application?
A. se the KMS Encrypt API to encrypt the data
B. se a cryptography library to generate an encryption key for the application
C. se the KMS GenerateDataKey API to get a data key
D. pload the data to an S3 bucket using server side-encryption with an AWS KMS key
View answer
Correct Answer: C
Question #103
A company needs to harden its container images before the images are in a running state. The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that orchestrates a continuous integration and continuous delivery (CI/CD) workflow.Dynamic application security testing occurs in the final stage of the pipeline after a new image is deployed to a development namespace in the EKS
A. uild the container image and run the docker scan command locally
B. reate a new CodePipeline stage that occurs after the container image is built
C. reate a new CodePipeline stage that occurs after source code has been retrieved from its repository
D. dd an action to the deployment stage of the pipeline so that the action occurs before the deployment to the EKS cluster
View answer
Correct Answer: B
Question #104
A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.A developer wants to store the original immutable record in Amazon S3. Depending on who accesses
A. et up an S3 event notification that invokes the removePii function when an S3 GET request is made
B. et up an S3 event notification that invokes the removePii function when an S3 PUT request is made
C. reate an S3 Object Lambda access point from the S3 console
D. reate an S3 access point from the S3 console
View answer
Correct Answer: C
Question #105
A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3,000 MB file is uploaded, the Lambda function does not launch.Which of the following is a possible reason for the Lambda function's inability to launch?
A. he S3 event notification does not activate for files that are larger than 1,000 MB
B. he resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3
C. ambda functions cannot be invoked directly from an S3 event
D. he S3 bucket needs to be made public
View answer
Correct Answer: B
Question #106
A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default ca
A. dd a second cache behavior to the distribution with the same origin as the default cache behavior
B. dd a second cache behavior to the distribution with the same origin as the default cache behavior
C. dd a second origin as a failover origin to the default cache behavior
D. dd a bucket policy to the S3 bucket to allow read access
View answer
Correct Answer: A
Question #107
A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted.How can the developer expand the application to run in the destination Region while meeting the encryption requirement?
A. reate new AMIs, and specify encryption parameters
B. se AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs
C. se AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs
D. opy the unencrypted AMIs to the destination Region
View answer
Correct Answer: A
Question #108
An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.How should the developer code the application?
A. se the KMS Encrypt API to encrypt the data
B. se a cryptography library to generate an encryption key for the application
C. se the KMS GenerateDataKey API to get a data key
D. pload the data to an S3 bucket using server side-encryption with an AWS KMS key
View answer
Correct Answer: C
Question #109
A developer is working on a web application that uses Amazon DynamoDB as its data store. The application has two DynamoDB tables: one table that is named artists and one table that is named songs. The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key.The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this informatio
A. erform a BatchGetltem operation that returns items from the two tables
B. reate a local secondary index (LSI) on the songs table that uses artistName as the partition key
C. erform a BatchGetitem operation on the songs table that uses the songName/artistName keys
D. erform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table
View answer
Correct Answer: A
Question #110
A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and has calculated signing information.Which methods could the developer use to complete a signed request? (Choose two.)
A. reate an AWS Lambda-backed CloudFormation custom resource
B. se the AWS CodeBuild action of CodePipeline to generate a secure string by using the following AWS CLI command: aws secretsmanager get-random-password
C. reate an AWS Lambda-backed CloudFormation custom resource
D. se the AWS::SecretsManager::Secret resource to generate a secure string
View answer
Correct Answer: AD
Question #111
For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?
A. eforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall
B. pplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart
C. eforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart
D. pplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart
View answer
Correct Answer: B
Question #112
A developer is working on a web application that uses Amazon DynamoDB as its data store. The application has two DynamoDB tables: one table that is named artists and one table that is named songs. The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key.The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this informatio
A. erform a BatchGetltem operation that returns items from the two tables
B. reate a local secondary index (LSI) on the songs table that uses artistName as the partition key
C. erform a BatchGetitem operation on the songs table that uses the songName/artistName keys
D. erform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table
View answer
Correct Answer: A
Question #113
A developer is incorporating AWS X-Ray into an application that handles personal identifiable information (PII). The application is hosted on Amazon EC2 instances. The application trace messages include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes outside of the EC2 instances.Which solution will meet these requirements?
A. anually instrument the X-Ray SDK in the application code
B. se the X-Ray auto-instrumentation agent
C. se Amazon Macie to detect and hide PII
D. se AWS Distro for Open Telemetry
View answer
Correct Answer: A
Question #114
A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table.What is the MOST likely cause of this issue?
A. he Lambda function's concurrency limit has been exceeded
B. ynamoDB table requires a global secondary index (GSI) to support writes
C. he Lambda function does not have IAM permissions to write to DynamoDB
D. he DynamoDB table is not running in the same Availability Zone as the Lambda function
View answer
Correct Answer: C
Question #115
A company's developer is building a static website to be deployed in Amazon S3 for a production environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda function. The website that is deployed to production will use a Lambda alias that points to a specific version of the Lambda function.The company must rotate the database credentials every 2 weeks. Lambda functions that the company deployed previously must be able to use the most recent credentials.Which solution
A. tore the database credentials in AWS Secrets Manager
B. nclude the database credentials as part of the Lambda function code
C. se Lambda environment variables
D. tore the database credentials in AWS Systems Manager Parameter Store
View answer
Correct Answer: A
Question #116
A developer wants to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes before the API is deployed to the production environment. For the test, the developer will send test requests to the API through a testing tool.Which solution will meet these requirements with the LEAST operational overhead?
A. xport the existing API to an OpenAPI file
B. odify the existing API to add request validation
C. reate a new API
D. lone the existing API
View answer
Correct Answer: B
Question #117
A developer is creating a service that uses an Amazon S3 bucket for image uploads. The service will use an AWS Lambda function to create a thumbnail of each image. Each time an image is uploaded, the service needs to send an email notification and create the thumbnail. The developer needs to configure the image processing and email notifications setup.Which solution will meet these requirements?
A. reate an Amazon Simple Notification Service (Amazon SNS) topic
B. reate an Amazon Simple Notification Service (Amazon SNS) topic
C. reate an Amazon Simple Queue Service (Amazon SQS) queue
D. reate an Amazon Simple Queue Service (Amazon SQS) queue
View answer
Correct Answer: A
Question #118
A developer is creating an application. New users of the application must be able to create an account and register by using their own social media accounts.Which AWS service or resource should the developer use to meet these requirements?
A. AM role
B. mazon Cognito identity pools
C. mazon Cognito user pools
D. WS Directory Service
View answer
Correct Answer: C
Question #119
A company is building a scalable data management solution by using AWS services to improve the speed and agility of development. The solution will ingest large volumes of data from various sources and will process this data through multiple business rules and transformations.The solution requires business rules to run in sequence and to handle reprocessing of data if errors occur when the business rules run. The company needs the solution to be scalable and to require the least possible maintenance.Which AW
A. WS Batch
B. WS Step Functions
C. WS Glue
D. WS Lambda
View answer
Correct Answer: B
Question #120
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.What is the MOST operationally efficient solution that meets this requirement?
A. reate an AWS Key Management Service (AWS KMS) key
B. et the x-amz-server-side-encryption header when invoking the PutObject API operation
C. rovide the encryption key in the HTTP header of every request
D. pply TLS to encrypt the traffic to the S3 bucket
View answer
Correct Answer: B
Question #121
A developer is writing an application for a company. The application will be deployed on Amazon EC2 and will use an Amazon RDS for Microsoft SQL Server database. The company's security team requires that database credentials are rotated at least weekly.How should the developer configure the database credentials for this application?
A. reate a database user
B. nable IAM authentication for the database
C. reate a database user
D. se the EC2 user data to create a database user
View answer
Correct Answer: C
Question #122
A developer has written the following IAM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?
A. ccess on all buckets except the “DOC-EXAMPLE-BUCKET” bucket
B. ccess on all buckets that start with “DOC-EXAMPLE-BUCKET” except the “DOC-EXAMPLE-BUCKET/secrets” bucket
C. ccess on all objects in the “DOC-EXAMPLE-BUCKET” bucket along with access to all S3 actions for objects in the “DOC-EXAMPLE-BUCKET” bucket that start with “secrets”
D. ccess on all objects in the “DOC-EXAMPLE-BUCKET” bucket except on objects that start with “secrets”
View answer
Correct Answer: D
Question #123
A company is building a scalable data management solution by using AWS services to improve the speed and agility of development. The solution will ingest large volumes of data from various sources and will process this data through multiple business rules and transformations.The solution requires business rules to run in sequence and to handle reprocessing of data if errors occur when the business rules run. The company needs the solution to be scalable and to require the least possible maintenance.Which AW
A. WS Batch
B. WS Step Functions
C. WS Glue
D. WS Lambda
View answer
Correct Answer: D
Question #124
A developer is creating an AWS Serverless Application Model (AWS SAM) template. The AWS SAM template contains the definition of multiple AWS Lambda functions, an Amazon S3 bucket, and an Amazon CloudFront distribution. One of the Lambda functions runs on Lambda@Edge in the CloudFront distribution. The S3 bucket is configured as an origin for the CloudFront distribution.When the developer deploys the AWS SAM template in the eu-west-1 Region, the creation of the stack fails.Which of the following could be the
A. loudFront distributions can be created only in the us-east-1 Region
B. ambda@Edge functions can be created only in the us-east-1 Region
C. single AWS SAM template cannot contain multiple Lambda functions
D. he CloudFront distribution and the S3 bucket cannot be created in the same Region
View answer
Correct Answer: B
Question #125
A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance.How can the application find this information?
A. uery the instance metadata from http://169
B. uery the instance user data from http://169
C. uery the Amazon Machine Image (AMI) information from http://169
D. heck the hosts file of the operating system
View answer
Correct Answer: A
Question #126
A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for the configuration. The developer wants to receive notifications before the configuration expires.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a standard parameter in AWS Systems Manager Parameter Store
B. reate a standard parameter in AWS Systems Manager Parameter Store
C. reate an advanced parameter in AWS Systems Manager Parameter Store
D. reate an advanced parameter in AWS Systems Manager Parameter Store
View answer
Correct Answer: C
Question #127
A company is developing a serverless multi-tier application on AWS. The company will build the serverless logic tier by using Amazon API Gateway and AWS Lambda.While the company builds the logic tier, a developer who works on the frontend of the application must develop integration tests. The tests must cover both positive and negative scenarios, depending on success and error HTTP status codes.Which solution will meet these requirements with the LEAST effort?
A. et up a mock integration for API methods in API Gateway
B. reate two mock integration resources for API methods in API Gateway
C. reate Lambda functions to perform tests
D. reate a Lambda function to perform tests
View answer
Correct Answer: A
Question #128
A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using production Lambda functions. The development team must prevent these invocations. The team must follow security
A. pdate the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket
B. ove the development and production environments into separate AWS accounts
C. dd a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function
D. ove the development and production environments into separate AWS accounts
View answer
Correct Answer: C
Question #129
A developer wants to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes before the API is deployed to the production environment. For the test, the developer will send test requests to the API through a testing tool.Which solution will meet these requirements with the LEAST operational overhead?
A. xport the existing API to an OpenAPI file
B. odify the existing API to add request validation
C. reate a new API
D. lone the existing API
View answer
Correct Answer: B
Question #130
A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.Which AWS service or tool should the developer use to define serverless resources in YAML?
A. loudFormation serverless intrinsic functions
B. WS Elastic Beanstalk
C. WS Serverless Application Model (AWS SAM)
D. WS Cloud Development Kit (AWS CDK)
View answer
Correct Answer: C

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: