• Home
  • Articles
  • [Sep-2021] Pass Amazon DVA-C01 Exam in First Attempt Guaranteed! [Q225-Q244]

[Sep-2021] Pass Amazon DVA-C01 Exam in First Attempt Guaranteed! [Q225-Q244]

Share

[Sep-2021] Pass Amazon DVA-C01 Exam in First Attempt Guaranteed!

Full DVA-C01 Practice Test and 471 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 225
A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services.
Review the following response:

Based on the response displayed what permissions are associated with the call from the application?

  • A. Permissions associated with the default role used when the AWS service was built
  • B. Permissions associated with the account that owns the AWS service
  • C. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1
  • D. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE

Answer: D

 

NEW QUESTION 226
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

  • A. Attaching an Elastic IP address to the instance in the private subnet
  • B. Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet
  • C. Disabling the Source/Destination Check attribute on the NAT instance
  • D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

Answer: C

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#NATInstance

 

NEW QUESTION 227
A Developer has a stateful web server on-premises that is being migrated to AWS. The Developer must have greater elasticity in the new design.
How should the Developer re-factor the application to make it more elastic? (Choose two.)

  • A. Store session state data in an Amazon DynamoDB table
  • B. Use pessimistic concurrency on Amazon DynamoDB
  • C. Use Amazon CloudFront with an AWS Web Application Firewall
  • D. Use an ELB with an Auto Scaling group
  • E. Use Amazon CloudFront with an Auto Scaling group

Answer: A,D

 

NEW QUESTION 228
An application running on Amazon EC2 instances must access objects within an Amaon S3 busket that are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the customer master key (CMK) to decrypt the objects.
Which combination of steps will grant the application access? (Select TWO.)

  • A. Grant access to the key in the S3 bucket's ACL
  • B. Grant access to the key in the IAM EC2 role attached to the application's EC2 instances.
  • C. Write an S3 bucket policy that grants the bucket access to the key.
  • D. Write a key policy that enables IAM policies to grant access to the key.
  • E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.

Answer: B,D

Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/decrypt-kms-encrypted-objects-s3/ IAM role needs access to the keys to decrypt the object and key policies must allow role access to the key. Key policies are the primary way to control access to customer master keys (CMKs) in AWS KMS. You need the permission to decrypt the AWS KMS key. When a user sends a GET request, Amazon S3 checks if the AWS Identity and Access Management (IAM) user or role that sent the request is authorized to decrypt the key associated with the object. If the IAM user or role belongs to the same AWS account as the key, then the permission to decrypt must be granted on the AWS KMS key's policy.

 

NEW QUESTION 229
A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job.
Which is the MOST efficient and cost-effective method to provide an empty table?

  • A. Use BatchWriteItem to empty all of the rows.
  • B. Create and then delete the table after the task has completed.
  • C. Use DeleteItem using a ConditionExpression.
  • D. With a recursive function that scans and calls out DeleteItem.

Answer: B

Explanation:
Reference:
"Deleting an entire table is significantly more efficient than removing items one-by-one, which essentially doubles the write throughput as you do as many delete operations as put operations"

 

NEW QUESTION 230
A Developer is writing a serverless application that requires that an AWS Lambda function be invoked every 10 minutes.
What is an automated and serverless way to trigger the function?

  • A. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.
  • B. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda function.
  • C. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.
  • D. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

Answer: A

 

NEW QUESTION 231
A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old dat a. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the developer accomplish this?

  • A. Set consistency to strong when calling Update Table.
  • B. Use the Getshardlterator command.
  • C. Set consistentRead to true when calling Getitem.
  • D. Create a new DynamoDB Accelerator (DAX) table.

Answer: D

Explanation:
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/
HowItWorks.ReadConsistency.html

 

NEW QUESTION 232
A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation.
Which configuration would allow the Development team to meet these requirements MOST securely?

  • A. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to reference the associated IAM role.
  • B. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and configure the ECS cluster to reference that group.
  • C. Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services, then associate that instance role with the underlying EC2 instances.
  • D. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to reference the associated IAM role.

Answer: D

Explanation:
Reference:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html.

 

NEW QUESTION 233
A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out.
What can be done to avoid this time-out?

  • A. Use pagination
  • B. Use quoting strings
  • C. Use shorthand syntax
  • D. Use parameter values

Answer: A

 

NEW QUESTION 234
A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day.
Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

  • A. Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
  • B. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
  • C. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
  • D. Use AWS Data Pipeline to automate the movement and transformation of data

Answer: B

Explanation:
Explanation
https://aws.amazon.com/streaming-data/

 

NEW QUESTION 235
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:

  • A. Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
  • B. Implement a token vending service to handle the registration.
  • C. Call the CreatePlatformEndPoint API function to register multiple device tokens.
  • D. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.

Answer: C

 

NEW QUESTION 236
An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?

  • A. Write data to the root filesystem.
  • B. Write data to Amazon Elastic Block Store.
  • C. Write data to Amazon EC2 Instance Store.
  • D. Write data to Amazon ElastiCache

Answer: D

 

NEW QUESTION 237
Which of the following platforms are supported by Elastic Beanstalk? Choose 2 answers

  • A. Apache Tomcat
  • B. IBM Websphere
  • C. Jetty
  • D. Oracle JBoss
  • E. .NET

Answer: A,E

Explanation:
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html

 

NEW QUESTION 238
A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster.
How should the application authenticate with AWS services in production?

  • A. Configure AWS access key/secret access key environment variables with new credentials
  • B. Configure the credentials file with a new access key/secret access key
  • C. Refactor the application to call AWS STS AssumeRole based on an instance role
  • D. Configure an ECS task IAM role for the application to use

Answer: D

 

NEW QUESTION 239
An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data.
Which steps must be taken to allow the function to access both the RDS resource and the public endpoint? (Select TWO.)

  • A. Modify the default network access control list to allow outbound traffic.
  • B. Add a NAT Gateway to the VPC.
  • C. Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.
  • D. Add an environmental variable to the Lambda function to allow outbound internet access.
  • E. Modify the default configuration of the Lambda function to associate it with a VPC public subnet.

Answer: B,C

Explanation:
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

 

NEW QUESTION 240
Which of the following services are included at no additional cost with the use of the AWS platform? Choose 2 answers

  • A. Elastic Load Balancing
  • B. CloudFormation
  • C. Elastic Compute Cloud
  • D. Auto Scaling
  • E. Simple Workflow Service
  • F. Simple Storage Service

Answer: B,D

 

NEW QUESTION 241
Where can PortMapping be defined when launching containers in Amazon ECS?

  • A. Container agent
  • B. Task definition
  • C. Amazon Elastic Container Registry (Amzon ECR)
  • D. Security groups

Answer: B

 

NEW QUESTION 242
A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB.
The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

  • A. Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package.
  • B. Create a bash script which uses AWS CLI to package and deploy the application.
  • C. Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource.
  • D. Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template.

Answer: C

Explanation:
Refer AWS documentation - SAM Gradual Code Deployment
If you use AWS SAM to create your serverless application, it comes built-in with AWS CodeDeploy to help ensure safe Lambda deployments. With just a few lines of configuration, AWS SAM does the following for you:
Deploys new versions of your Lambda function, and automatically creates aliases that point to the new version.
Gradually shifts customer traffic to the new version until you're satisfied that it's working as expected, or you roll back the update.
Defines pre-traffic and post-traffic test functions to verify that the newly deployed code is configured correctly and your application operates as expected.
Rolls back the deployment if CloudWatch alarms are triggered.

 

NEW QUESTION 243
When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?

  • A. Better error handling
  • B. Legibility and stylistic convention
  • C. Creating a new instance per invocation
  • D. Taking advantage of connection re-use

Answer: D

 

NEW QUESTION 244
......

Prepare for your Amazon certification with the updated 2Pass4sure DVA-C01 exam questions: https://drive.google.com/open?id=12EA8Kp5L4RwRCEwyCkWyxdd2oVYHBJrK

Get Latest DVA-C01 Dumps Exam Questions in here: https://www.2pass4sure.com/Amazon-AWS-Certified-Associate/DVA-C01-actual-exam-braindumps.html

Related Articles

more
Amazon DVA-C01 Certification Practice Exam