Reference: Protecting a Stack From Being Deleted

Reference: What is Continuous Integration?

Reference: AppSpec Files on an EC2/On-Premises Compute Platform

Reference: Troubleshooting AWS CloudFormation

Reference: Getting Started with Amazon SNS

Reference: AWS CodeCommit

Reference: Resources

Reference: AWS CodePipeline

Reference: CodeDeploy AppSpec File Reference

Reference: Working with Nested Stacks

Reference: AppSpec ‘hooks’ Section

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Answer: A. and B.

Reference: AWS Key Management Service FAQs

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Category: Security

Welcome to AWS Certified Developer Associate Exam Preparation: Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

What is the AWS Certified Developer Associate Exam?

This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:

• Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
• Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS

Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process

Recommended AWS knowledge
The target candidate should be able to do the following:

• Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
• Identify key features of AWS services
• Understand the AWS shared responsibility model
• Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
• Use and interact with AWS services
• Apply basic understanding of cloud-native applications to write code
• Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
• Author, maintain, and debug code modules on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines

• Administer IAM users and groups
• Administer Amazon Elastic Container Service (Amazon ECS)
• Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
• Understand compliance and licensing

Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.

Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%

Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
–  Commit code to a repository and invoke build, test and/or deployment actions
–  Use labels and branches for version and release management
–  Use AWS CodePipeline to orchestrate workflows against different environments
–  Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
–  Perform a roll back plan based on application deployment policy

1.2 Deploy applications using AWS Elastic Beanstalk.
–  Utilize existing supported environments to define a new application stack
–  Package the application
–  Introduce a new application version into the Elastic Beanstalk environment
–  Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
–  Validate application health using Elastic Beanstalk dashboard
–  Use Amazon CloudWatch Logs to instrument application logging

1.3 Prepare the application deployment package to be deployed to AWS.
–  Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
–  Outline the package/container directory structure and organize files appropriately
–  Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)

1.4 Deploy serverless applications.
–  Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
–  Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)

Domain 2: Security
2.1 Make authenticated calls to AWS services.
–  Communicate required policy based on least privileges required by application.
–  Assume an IAM role to access a service
–  Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)

2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
–  Encrypt data in transit

2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
–  Use Amazon Cognito-provided credentials to write code that access AWS services.
–  Use Amazon Cognito sync to synchronize user profiles and data
–  Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito

Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
–  Create and test appropriate API actions like GET, POST using the API endpoint
–  Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
–  Compute read/write capacity units for Amazon DynamoDB based on application requirements
–  Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
–  Invoke an AWS Lambda function synchronously and asynchronously

3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design

Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
 Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
 Apply an Amazon S3 naming scheme for optimal read performance

4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state

Domain 5: Monitoring and Troubleshooting

5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray

5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component

Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless

AWS services and features

Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions

Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda

Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)

Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS

Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray

Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch

Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing

Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)

Storage:
– Amazon S3

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly

– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Developer – Associate Practice Questions And Answers Dump

Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?

• A. Create a delay queue and set DelaySeconds to 30 seconds
• B. Requeue the message with a VisibilityTimeout of 30 seconds.
• C. Create a dead letter queue and set the Maximum Receives to 3.
• D. Requeue the message with a DelaySeconds of 30 seconds.

AWS Developer Associates DVA-C01 Exam Prep App

Show Answer

Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

• A. Amazon DynamoDB auto scaling
• B. Amazon DynamoDB cross-region replication
• C. Amazon DynamoDB Streams
• D. Amazon DynamoDB Accelerator

Show Answer

Q2: You are creating a DynamoDB table with the following attributes:

• PurchaseOrderNumber (partition key)
• CustomerID
• PurchaseDate
• TotalPurchaseValue

One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?

• A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
  TotalPurchaseValue attribute
• B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
  TotalPurchaseValue attribute
• C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
  TotalPurchaseValue attribute
• D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
  TotalPurchaseValue attribute

AWS Developer Associates DVA-C01 Exam Prep App

 

#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech

 

AWS Developer Associates DVA-C01 Exam Prep on iOS:

 

AWS Developer Associates DVA-C01 Exam Prep on android

 

AWS Developer Associates DVA-C01 Exam Prep on Windows 10/11

 

 

AWS Developer Associates DVA-C01 Exam Prep on Web/PWA

Show Answer

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

AWS Developer Associates DVA-C01 Exam Prep App

 

#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech

 

AWS Developer Associates DVA-C01 Exam Prep on iOS:

 

AWS Developer Associates DVA-C01 Exam Prep on android

 

AWS Developer Associates DVA-C01 Exam Prep on Windows 10/11

 

 

AWS Developer Associates DVA-C01 Exam Prep on Web/PWA

Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:

• A. The event object
• B. The timeLeft object
• C. The remains object
• D. The context object

Show Answer

Q4: What two arguments does a Python Lambda handler function require?

• A. invocation, zone
• B. event, zone
• C. invocation, context
• D. event, context

AWS Developer Associates DVA-C01 Exam Prep App

 

#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech

 

AWS Developer Associates DVA-C01 Exam Prep on iOS:

 

AWS Developer Associates DVA-C01 Exam Prep on android

 

AWS Developer Associates DVA-C01 Exam Prep on Windows 10/11

 

 

AWS Developer Associates DVA-C01 Exam Prep on Web/PWA

Top

Q5: Lambda allows you to upload code and dependencies for function packages:

• A. Only from a directly uploaded zip file
• B. Only via SFTP
• C. Only from a zip file in AWS S3
• D. From a zip file in AWS S3 or uploaded directly from elsewhere

Top

Q6: A Lambda deployment package contains:

• A. Function code, libraries, and runtime binaries
• B. Only function code
• C. Function code and libraries not included within the runtime
• D. Only libraries not included within the runtime

Top

Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?

• A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
• B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
• C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
• D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.

Show Answer

D. Security groups are stateful, so you do NOT have to have an explicit outbound rule for return requests. However, NACLs are stateless so you MUST have an explicit outbound rule configured for return request.

Reference: Comparison of Security Groups and Network ACLs

Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

• A. Create and assign EIP to each instance
• B. Create and attach a second IGW to the VPC.
• C. Create and utilize a NAT Gateway
• D. Connect to a VPN

Show Answer

Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

• A. Security Groups
• B. Route Tables
• C. Elastic Load Balancer
• D. Auto Scaling

Show Answer

Q10: Lambda allows you to upload code and dependencies for function packages:

• A. Only from a directly uploaded zip file
• B. Only from a directly uploaded zip file
• C. Only from a zip file in AWS S3
• D. From a zip file in AWS S3 or uploaded directly from elsewhere

AWS Developer Associates DVA-C01 Exam Prep App

 

#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech

 

AWS Developer Associates DVA-C01 Exam Prep on iOS:

 

AWS Developer Associates DVA-C01 Exam Prep on android

 

AWS Developer Associates DVA-C01 Exam Prep on Windows 10/11

 

 

AWS Developer Associates DVA-C01 Exam Prep on Web/PWA

Top

Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?

• A. RegisterImage
• B. CreateImage
• C. ami-register-image
• D. ami-create-image

Top

Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?

• A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
• B. Permenantly assigning users to specific instances and always routing their traffic to those instances
• C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
• D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance

Top

Q13: Which API call would best be used to describe an Amazon Machine Image?

• A. ami-describe-image
• B. ami-describe-images
• C. DescribeImage
• D. DescribeImages

Top

Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

• A. Autoscaling requires using Amazon EBS-backed instances
• B. Virtual Private Cloud requires EBS backed instances
• C. Amazon EBS-backed instances can be stopped and restarted without losing data
• D. Instance-store backed instances can be stopped and restarted without losing data

Top

Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?

• A. You do not have root access on your terminal and need to use the sudo option for this to work.
• B. You do not have enough permissions to perform the operation.
• C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
• D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.

Top

Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?

• A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
• B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
• C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
• D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.

Top

Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:

• A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
• B. Can only be used to launch EC2 instances in the same country as the AMI is stored
• C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
• D. Can be used to launch EC2 instances in any AWS region

Top

Q18: Which of the following statements is true about the Elastic File System (EFS)?

• A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
• B. EFS can be used by multiple EC2 instances simultaneously
• C. EFS cannot be used by an instance using EBS
• D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes

Top

Q19: IAM Policies, at a minimum, contain what elements?

• A. ID
• B. Effects
• C. Resources
• D. Sid
• E. Principle
• F. Actions

Top

Q20: What are the main benefits of IAM groups?

• A. The ability to create custom permission policies.
• B. Assigning IAM permission policies to more than one user at a time.
• C. Easier user/policy management.
• D. Allowing EC2 instances to gain access to S3.

Top

Q21: What are benefits of using AWS STS?

• A. Grant access to AWS resources without having to create an IAM identity for them
• B. Since credentials are temporary, you don’t have to rotate or revoke them
• C. Temporary security credentials can be extended indefinitely
• D. Temporary security credentials can be restricted to a specific region

Top

Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

• A. Amazon DynamoDB auto scaling
• B. Amazon DynamoDB cross-region replication
• C. Amazon DynamoDB Streams
• D. Amazon DynamoDB Accelerator

Show Answer

Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?

• A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
• B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
• C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
• D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.

Q24: What statements are true about Availability Zones (AZs) and Regions?

• A. There is only one AZ in each AWS Region
• B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
• C. AZs can be moved between AWS Regions based on your needs
• D. There are (almost always) two or more AZs in each AWS Region

Top

Q25: An AWS Region contains:

• A. Edge Locations
• B. Data Centers
• C. AWS Services
• D. Availability Zones

Show Answer

Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?

• A. Eventual Consistent Reads
• B. Conditional reads for Consistency
• C. Strongly Consistent Reads
• D. Not possible

Show Answer

Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?

• A. Create an Opswork stack and deploy the Docker containers
• B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
• C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
• D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.

Show Answer

Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?

• A. Create multiple threads and upload the objects in the multiple threads
• B. Write the items in batches for better performance
• C. Use the Multipart upload API
• D. Enable versioning on the Bucket

Show Answer

Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?

• A. 6000
• B. 10
• C. 3600
• D. 600

Q30: What two arguments does a Python Lambda handler function require?

• A. invocation, zone
• B. event, zone
• C. invocation, context
• D. event, context

Show Answer

Q31: Lambda allows you to upload code and dependencies for function packages:

• A. Only from a directly uploaded zip file
• B. Only via SFTP
• C. Only from a zip file in AWS S3
• D. From a zip file in AWS S3 or uploaded directly from elsewhere

Show Answer

Q32: A Lambda deployment package contains:

• A. Function code, libraries, and runtime binaries
• B. Only function code
• C. Function code and libraries not included within the runtime
• D. Only libraries not included within the runtime

Show Answer

Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

• A. Create and assign EIP to each instance
• B. Create and attach a second IGW to the VPC.
• C. Create and utilize a NAT Gateway
• D. Connect to a VPN

Show Answer

Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

• A. Security Groups
• B. Route Tables
• C. Elastic Load Balancer
• D. Auto Scaling

Show Answer

Q30: Lambda allows you to upload code and dependencies for function packages:

• A. Only from a directly uploaded zip file
• B. Only from a directly uploaded zip file
• C. Only from a zip file in AWS S3
• D. From a zip file in AWS S3 or uploaded directly from elsewhere

Answer:

Show Answer

Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?

• A. Lazy loading
• B. Write-through
• C. Error retries
• D. Exponential backoff

Answer:

Show Answer

Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?

• A. Use long polling
• B. Set a custom visibility timeout
• C. Use short polling
• D. Implement exponential backoff

Show Answer

Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?

• A. Canary10Percent5Minutes
• B. Linear10PercentEvery10Minutes
• C. Canary10Percent15Minutes
• D. Linear10PercentEvery1Minute

Show Answer

Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?

• A. AWS::Serverless::Api
• B. AWS::Serverless::Application
• C. AWS::Serverless::Layerversion
• D. AWS::Serverless::Function

Show Answer

Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

• A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
• B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
• C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
• D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.

Show Answer

Q36: You are developing an application that will be comprised of the following architecture –

1. A set of Ec2 instances to process the videos.
2. These (Ec2 instances) will be spun up by an autoscaling group.
3. SQS Queues to maintain the processing messages.
4. There will be 2 pricing tiers.

How will you ensure that the premium customers videos are given more preference?

• A. Create 2 Autoscaling Groups, one for normal and one for premium customers
• B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
• C. Create 2 SQS queus, one for normal and one for premium customers
• D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.

Show Answer

Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?

• A. CustomerID
• B. CustomerName
• C. Location
• D. Age

Show Answer

Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?

• A. Multiple SQS queues
• B. Exponential backoff algorithm
• C. Retries in your application code
• D. Consider using the Java sdk.

Show Answer

Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?

• A. 10
• B. 20
• C. 6
• D. 30

Show Answer

Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?

• A. Use AWS CloudTrail with your load balancer
• B. Enable access logs on the load balancer
• C. Use a CloudWatch Logs Agent
• D. Create a custom metric CloudWatch lter on your load balancer

Show Answer

Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?

• A. Enable versioning for the underlying S3 bucket.
• B. Enable Replication so that the objects get replicated to the other bucket
• C. Enable CORS for the bucket
• D. Change the Bucket policy for the bucket to allow access from the other bucket

Show Answer

Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

• A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
• B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
• C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
• D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.

Show Answer

Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.

• A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
• B. Publish your log data to an Amazon S3 bucket.  Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
• C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
• D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

Answer:

Show Answer

Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?

• A. AWS Simple Storage Service
• B. AWS DynamoDB
• C. AWS RDS
• D. AWS Redshift

Answer:

Show Answer

Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?

• A. AWS DynamoDB Encryption
• B. AWS DynamoDB Streams
• C. AWS DynamoDB Accelerator
• D. AWSTable Accelerator

Show Answer

Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?

• A. Large Page size
• B. Reduced page size
• C. Parallel Scans
• D. Sequential scans

Show Answer

Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)

• A. http://example.com/${}/prod
• B. http://example.com/${stageVariables.}/prod
• C. http://${stageVariables.}.example.com/dev/operation
• D. http://${stageVariables}.example.com/dev/operation
• E. http://${}.example.com/dev/operation
• F. http://example.com/${stageVariables}/prod

Show Answer

Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?

• A. AWS Elastic Beanstalk
• B. AWS OpsWork
• C. AWS Cloudformation
• D. AWS SQS

Show Answer

Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

• A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
• B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
• C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
• D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.

Show Answer

Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

• A. Cognito Data
• B. Cognito Events
• C. Cognito Streams
• D. Cognito Callbacks

Show Answer

Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below

• A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
• B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
• C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
• D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function

Show Answer

Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?

• A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
• B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
• C. Consider using Packer to create a custom platform
• D. Consider deploying your application using the Elastic Container Service

Show Answer

Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.

• A. 10
• B. 160
• C. 155
• D. 16

Show Answer

Top

Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?

• A. CodeCommit
• B. X-Ray
• C. CodeBuild
• D. CodeDeploy

Show Answer

Q55: Which AWS service can be used to compile source code, run tests and package code?

• A. CodePipeline
• B. CodeCommit
• C. CodeBuild
• D. CodeDeploy

Show Answer

Reference: Protecting a Stack From Being Deleted

Reference: What is Continuous Integration?

Reference: AppSpec Files on an EC2/On-Premises Compute Platform

Reference: Troubleshooting AWS CloudFormation

Reference: Getting Started with Amazon SNS

Reference: AWS CodeCommit

Reference: Resources

Reference: AWS CodePipeline

Reference: CodeDeploy AppSpec File Reference

Reference: Working with Nested Stacks

Reference: AppSpec ‘hooks’ Section

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Answer: A. and B.

Reference: AWS Key Management Service FAQs

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Category: Security

Category: Development

Category: Development

Notes: Keep up to date with the quotas and payload sizes for each AWS service you are using, 

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump.

Welcome to AWS Certified Developer Associate Exam Preparation:

Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates