Amazon DVA-C02 Exam Questions

Question 6 of 557

A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.
How can the developer incorporate the list of approved instance types in the CloudFormation template?

Create a separate CloudFormation template for each EC2 instance type in the list.

In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.

In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.

In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

Correct Answer: D

To incorporate a list of approved EC2 instance types in the CloudFormation template, the developer should create a parameter with AllowedValues that includes the list of approved instance types. This allows users to select from the pre-approved instance types when launching the CloudFormation stack, ensuring compliance and simplifying the template management by restricting the instance types to the predefined list.

Question 7 of 557

A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.
Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)

Retry the batch operation immediately.

Retry the batch operation with exponential backoff and randomized delay.

Update the application to use an AWS software development kit (AWS SDK) to make the requests.

Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

Correct Answer: B, D

To increase the resiliency of the application when the batch response includes values in UnprocessedKeys, the developer should implement a retry mechanism with exponential backoff and randomized delay. This approach helps prevent overwhelming the system with repeated immediate requests and increases the likelihood of successful retries during transient issues. Additionally, increasing the provisioned read capacity of the DynamoDB tables being accessed can help reduce the frequency of unprocessed keys by ensuring that there is sufficient read capacity to handle the requests.

Question 8 of 557

A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage.
How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?

Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

Correct Answer: B

The X-Ray daemon is designed to collect and relay trace data to the X-Ray service with minimal configuration. By installing and running the X-Ray daemon on the on-premises servers, you enable the servers to capture data and relay it directly to AWS X-Ray. This is the least complex method compared to other options that require additional configuration or development effort, like setting up AWS Lambda functions or using the X-Ray SDK, which would need more detailed implementation steps.

Question 9 of 557

A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.
The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.
Which solution will meet these requirements MOST securely?

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Correct Answer: A

Storing the API credentials in AWS Secrets Manager is the most secure and practical solution. AWS Secrets Manager provides a secure way to manage and retrieve sensitive information, like API keys, without hardcoding them in the source code or storing them in less secure locations. By using AWS SDK to retrieve the credentials at runtime, the application can maintain strong security without compromising performance.

Question 10 of 557

A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.
How should the developer retrieve the variables with the FEWEST application changes?

Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.

Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

Correct Answer: A

The developer should use AWS Systems Manager Parameter Store to securely store and manage configuration data such as API URLs. This allows the application to retrieve these variables without hardcoding them, ensuring that the configuration can be easily updated without changing the application itself. Additionally, storing sensitive credentials in AWS Secrets Manager provides enhanced security since Secrets Manager is specifically designed to manage sensitive information like credentials. This approach minimizes application changes while ensuring secure and organized management of all required variables across different environments.