Amazon AWS-Developer Practice Test Pdf Exam Material [Q29-Q48]

Amazon AWS-Developer Practice Test Pdf Exam Material

AWS-Developer Answers AWS-Developer Free Demo Are Based On The Real Exam

The Amazon AWS-Certified-Developer-Associate exam is an industry-recognized certification that validates the skills and knowledge of developers who work with Amazon Web Services (AWS). The exam is designed to test the candidate's proficiency in developing and maintaining AWS-based applications using various AWS services and tools.

 

NEW QUESTION # 29
Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your
corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with
dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC. You
need to enable native network access from the corporate network to both application VPCs.
Which step should you take to meet the requirements?

• A. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual
  private gateway in the shared services VPC.
• B. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable
  VPC peering to the shared services VPC.
• C. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated
  routing in the shared services VPC via the corporate VPN.
• D. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using
  dynamic BGP routing.

Answer: B

NEW QUESTION # 30
A company requires that AWS Lambda functions written by developers log errors so system administrators can more effectively troubleshoot issues What should the developers implement to meet this need?

• A. Set up an Amazon SNS topic that sends logging statements upon failure
• B. Publish errors to a dedicated Amazon SQS queue
• C. Report errors through logging statements in Lambda function code.
• D. Create an Amazon CloudWatch Events event to trigger based on certain Lambda events.

Answer: D

NEW QUESTION # 31
A developer reported that AWS CloudTrail was disabled on their account. A security engineer investigated the account and discovered the event was undetected by the current security solution. The security engineer must recommend a solution that will detect future changes to the CloudTrail configuration and send alerts when changes occur.
What should the security engineer do to meet these requirements?

• A. Create an Amazon CloudWatch Events rule to monitor Amazon GuardDuty findings. Send email notifications using Amazon SNS.
• B. Update security contact details in AWS account settings for AWS Support to send alerts when suspicious activity is detected.
• C. Use Amazon Inspector to automatically detect security issues. Send alerts using Amazon SNS.
• D. Use AWS Resource Access Manager (AWS RAM) to monitor the AWS CloudTrail configuration. Send notifications using Amazon SNS.

Answer: D

Explanation:
Explanation/Reference: https://docs.aws.amazon.com/ram/latest/userguide/ram-ug.pdf

NEW QUESTION # 32
A clothing company uses a custom ecommerce application and a PostgreSQL database to sell clothes to thousands of users from multiple countries. The company is migrating its application and database from its on- premises data center to the AWS Cloud. The company has selected Amazon EC2 for the application and Amazon RDS for PostgreSQL for the database. The company requires database passwords to be changed every 60 days. A Database Specialist needs to ensure that the credentials used by the web application to connect to the database are managed securely.
Which approach should the Database Specialist take to securely manage the database credentials?

• A. Configure IAM database authentication for the application to connect to the database. Create an IAM user and map it to a separate database user for each ecommerce user. Require users to update their passwords every 60 days.
• B. Store the credentials in a text file in an Amazon S3 bucket. Restrict permissions on the bucket to the IAM role associated with the instance profile only. Modify the application to download the text file and retrieve the credentials on start up. Update the text file every 60 days.
• C. Store the credentials in AWS Secrets Manager. Restrict permissions on the secret to only the IAM role associated with the instance profile. Modify the application to retrieve the credentials from Secrets Manager on start up. Configure the rotation interval to 60 days.
• D. Store the credentials in an encrypted text file in the application AMI. Use AWS KMS to store the key for decrypting the text file. Modify the application to decrypt the text file and retrieve the credentials on start up.
  Update the text file and publish a new AMI every 60 days.

Answer: A

NEW QUESTION # 33
In DynamoDB, if you create a table and request 10 units of write capacity and 200 units of read capacity
of provisioned throughput, how much would you be charged in US East (Northern Virginia) Region?

• A. $0.03 per hour
• B. $0.05 per hour
• C. $0.15 per hour
• D. $0.10 per hour

Answer: B

Explanation:
To understand pricing in DynamoDB, consider the following example. If you create a table and request 10
units of write capacity and 200 units of read capacity of provisioned throughput, you would be charged:
$ 0.01 + (4 x $0.01) = $0.05 per hour
Reference: http://aws.amazon.com/dynamodb/pricing/

NEW QUESTION # 34
What type of block cipher does Amazon S3 offer for server side encryption?

• A. Blowfish
• B. Triple DES
• C. RC5
• D. Advanced Encryption Standard

Answer: D

NEW QUESTION # 35
A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A. An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrator in Account A created an IAM role named AccessPII with privileges to access the PII table, and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table? (Choose two.)

• A. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies.
• B. Include the AssumeRole API in the application code logic to obtain credentials to access the PII table.
• C. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies.
• D. Include the GetSessionToken API in the application code logic to obtain credentials to access the PII table.
• E. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role.

Answer: C,D

NEW QUESTION # 36
A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow, and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk.
Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?

• A. Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.
• B. Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the instance to Elastic Beanstalk.
• C. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.
• D. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.

Answer: A

Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/deploy-codecommit-elastic-beanstalk/

NEW QUESTION # 37
A developer wants to migrate a Windows .NET application that is running on IIS with a Microsoft SQL Server database to AWS. The developer does not want to think about provisioning and managing the infrastructure.
What should the developer do to migrate the application with the LEAST amount of effort?

• A. Launch Amazon EC2 instances for Windows Server. Back up and restore the database to Amazon RDS.
  Deploy the web application to the new EC2 instances
• B. Migrate the database to Amazon DynamoDB Use Amazon API Gateway and AWS Lambda to create a web application interface that is hosted in an Amazon S3 bucket.
• C. Back up and restore the database to Amazon RDS. Use the .NET Migration Assistant for AWS Elastic Beanstalk to migrate the web application to a preconfigured solution stack that Elastic Beanstalk provides.
• D. Containerize the application on premises. Push the image to Amazon Elastic Container Registry (Amazon ECR). Create an AWS CloudFormation template to deploy the application

Answer: C

NEW QUESTION # 38
A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained.
What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Select TWO.)

• A. Install SSL certificates on the EC2 instances.
• B. Configure an Elastic Load Balancer with SSL termination.
• C. Configure an Elastic Load Balancer with SSL pass-through.
• D. Configure an Elastic Load Balancer with a Loadable Storage System.
• E. Configure SSL certificates on an Elastic Load Balancer.

Answer: B,E

NEW QUESTION # 39
A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer The developers all have assigned 1AM user accounts in the same 1AM group The developers currently can launch EC2 instances and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB
Which AWS I AM changes are needed when creating an instance role to provide this functionality^

• A. Create an 1AM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to the development group in AWS 1AM that allows developers to use the iam GetRole permission for the role.
• B. Create an 1AM permission policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS 1AM that allows developers to use the 1am GetRole and 1am PassRole permissions for the role
• C. Create an 1AM permission policy attached to the role that allows access to Amazon EC2 Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS 1AM that allows developers to use the 1am PassRole permission for the role
• D. Create an 1AM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to the development group in AWS 1AM that allows developers to use the 1am PassRole permission for the role

Answer: C

NEW QUESTION # 40
A Developer is developing an application that manages financial transactions. To improve security, multi- factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?

• A. Amazon Cognito with MFA
• B. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
• C. AWS Directory Service
• D. AWS IAM with MFA enabled

Answer: D

Explanation:
https://aws.amazon.com/iam/details/mfa/

NEW QUESTION # 41
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?

• A. The ExampleUser principal can transparently encrypt and decrypt email exchanges specifically between ExampleUser and AWS.
• B. The key policy allows WorkMail or SES to encrypt or decrypt on behalf of the user for any CMK in the account.
• C. The CMK is to be used for encrypting and decrypting only when the principal is ExampleUser and the request comes from WorkMail or SES in the specified region.
• D. The Amazon WorkMail and Amazon SES services have delegated KMS encrypt and decrypt permissions to the ExampleUser principal in the 111122223333 account.

Answer: C

Explanation:
Explanation/Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-via-service

NEW QUESTION # 42
A user wants to configure AutoScaling which scales up when the CPU utilization is above 70% and scales down when the CPU utilization is below 30%. How can the user configure AutoScaling for the above mentioned condition?

• A. Use AutoScaling by manually modifying the desired capacity during a condition
• B. Use dynamic AutoScaling with a policy
• C. Configure ELB to notify AutoScaling on load increase or decrease
• D. Use AutoScaling with a schedule

Answer: B

Explanation:
The user can configure the AutoScaling group to automatically scale up and then scale down based on the specified conditions. To configure this, the user must setup policies which will get triggered by the CloudWatch alarms.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-scale-based-on-demand.html

NEW QUESTION # 43
Where should an Elastic Beanstalk configuration file named healthcheckur1.config be placed in the application source bundle?

• A. In the bin folder
• B. In the .ebextensions folder
• C. In healthcheckur1.config.ebextension under root
• D. In the root of the application

Answer: B

Explanation:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

NEW QUESTION # 44
A developer is using AWS CodeDeploy to deploy an application running on Amazon EC2. The developer wants to change the file permissions for a specific deployment file. Which lifecycle event should a developer use to meet this requirement?

• A. DownloadBundle
• B. Beforelnstall
• C. ValtdateService
• D. Afterlnstall

Answer: D

NEW QUESTION # 45
When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?

• A. Better error handling
• B. Creating a new instance per invocation
• C. Taking advantage of connection re-use
• D. Legibility and stylistic convention

Answer: C

Explanation:
https://www.jeremydaly.com/reuse-database-connections-aws-lambda/

NEW QUESTION # 46
A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code:

After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?

• A. Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use.
• B. Move the database connection and close statement out of the handler. Place the connection in the global space.
• C. Increase the size of the RDS database to allow for an increased number of database connections each hour.
• D. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.

Answer: C

NEW QUESTION # 47
A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people. How can the deveioper securely provide temporary access to the objects that are stored in the S3 bucket?

• A. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.
• B. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket's URL.
• C. Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL.
• D. Configure static web hosting on the S3 bucket. Provide the bucket's web URL.

Answer: A

NEW QUESTION # 48
......

AWS-Developer [Apr-2023] Newly Released] Exam Questions For You To Pass: https://examsboost.validbraindumps.com/AWS-Developer-exam-prep.html