Amazon DVA-C01 Exam Questions

Question 6 of 443

A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?

Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

Recreate the CloudFront distribution in the same Region as the certificate.

Specify the ACM certificate name as the default root object of the CloudFront distribution.

Correct Answer: C

To use an ACM certificate with Amazon CloudFront, the certificate must be created in the US East (N. Virginia) region, also known as us-east-1. CloudFront is a global service, and it requires that the certificates be in us-east-1 to be used. Therefore, creating the certificate in the eu-west-1 region will not work for a CloudFront distribution. The correct action is to ensure the ACM certificate is created in the us-east-1 region, which is not addressed directly by any of the given options.

Question 7 of 443

A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?

Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.

Configure the ALB to use Amazon Cognito as one of the authentication providers.

Configure CloudFront to use Amazon Cognito as one of the authentication providers.

Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.

Correct Answer: B

To authenticate users logging in with their social media accounts when the application runs behind an Application Load Balancer (ALB) and uses CloudFront, you should configure the ALB to use Amazon Cognito as one of the authentication providers. Amazon Cognito supports social identity providers like Google, Facebook, and Amazon, which allows easy integration and authentication without additional custom code. This configuration is directly supported by the ALB and simplifies the integration of social media logins for your application.

Question 8 of 443

A company has an application that analyzes photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance.
What should the functions do to obtain this information?

Call the DescribeInstances API operation and filter on the current instance ID. Examine the ElasticGpuAssociations property.

Evaluate the GPU AVAILABLE environment variable.

Call the DescribeElasticGpus API operation.

Retrieve the instance type from the instance metadata.

Correct Answer: D

To determine whether an application is running on a GPU instance, the function should retrieve the instance type from the instance metadata. Instance metadata provides information about an instance that can be used to make decisions based on the instance's characteristics, including whether it has GPU capabilities.

Question 9 of 443

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Correct Answer: B

The most operationally efficient solution to send a login activity notification by email every time a user logs in is to use an AWS Lambda function triggered by an Amazon Cognito post authentication Lambda trigger. This approach is efficient because it directly integrates with the authentication process of Amazon Cognito, ensuring that an email notification is sent immediately after a successful login without needing additional infrastructure or complex configurations involving other AWS services. This method effectively leverages the built-in capabilities of Cognito to meet the requirements.

Question 10 of 443

A company hosts a three-tier web application on AWS behind an Amazon CloudFront distribution. A developer wants a dashboard to monitor error rates and anomalies of the CloudFront distribution with the shortest possible refresh interval.
Which combination of slops should the developer take to meet these requirements? (Choose two.)

Activate real-time logs on the CloudFront distribution. Create a stream in Amazon Kinesis Data Streams.

Export the CloudFront logs to an Amazon S3 bucket. Detect anomalies and error rates with Amazon QuickSight.

Configure Amazon Kinesis Data Streams to deliver logs to Amazon OpenSearch Service (Amazon Elasticsearch Service). Create a dashboard in OpenSearch Dashboards (Kibana).

Create Amazon CloudWatch alarms based on expected values of selected CloudWatch metrics to detect anomalies and errors.

Design an Amazon CloudWatch dashboard of the selected CloudFront distribution metrics.

Correct Answer: A, D

To monitor error rates and anomalies of a CloudFront distribution with the shortest possible refresh interval, activating real-time logs on the CloudFront distribution and creating a stream in Amazon Kinesis Data Streams ensures immediate log delivery. Additionally, creating Amazon CloudWatch alarms based on expected values of selected CloudWatch metrics provides near-real-time anomaly and error detection, fitting the requirements for rapid refresh intervals.