Free Amazon DVA-C02 Exam Questions

Question 1

A company is using an AWS Step Functions state machine. When testing the state machine errors were experienced in the Step Functions task state machine. To troubleshoot the issue a developer requires that the state input be included along with the error message in the state output.

Which coding practice can preserve both the original input and the error for the state?

A : ResultPath in a Catch statement to include the original input with the error.

B : ErrorEquals in a Retry statement to include the original input with the error.

C : OutputPath in a Retry statement to include the original input with the error.

D : InputPath in a Catch statement to include the original input with the error.

Answer: A

Question 2

A developer is creating a serverless application that uses an AWS Lambda function The developer will useAWS CloudFormation to deploy the application The application will write logs to Amazon CloudWatch LogsThe developer has created a log group in a CloudFormation template for the application to use The developerneeds to modify the CloudFormation template to make the name of the log group available to the applicationat runtimeWhich solution will meet this requirement?

A : Use the AWS:lnclude transform in CloudFormation to provide the log group ' s name to the application

B : Pass the log group ' s name to the application in the user data section of the CloudFormation template.

C : Use the CloudFormation template ' s Mappings section to specify the log group ' s name for theapplication.

D : Pass the log group ' s Amazon Resource Name (ARN) as an environment variable to the Lambdafunction

Answer: D

Question 3

A company is offering APIs as a service over the internet to provide unauthenticated read access to statisticalinformation that is updated daily. The company uses Amazon API Gateway and AWS Lambda to develop theAPIs. The service has become popular, and the company wants to enhance the responsiveness of the APIs.Which action can help the company achieve this goal?

A : Enable API caching in API Gateway.

B : Configure API Gateway to use an interface VPC endpoint.

C : Enable cross-origin resource sharing (CORS) for the APIs.

D : Configure usage plans and API keys in API Gateway.

Answer: A

Question 4

A developer must securely access a secret during a build process in an AWS CodeBuild project that has anIAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file withoutappearing in the build logs. Which solution will meet these requirements with the LEAST operationaloverhead?

A : Configure AWS Secrets Manager to store the secret. Configure the env section of the buildspec.yml fileto have a secrets-manager key-value entry that references the secret. Grant the CodeBuild IAM role theminimum necessary permissions to access the secret.

B : Store the secret in an encrypted Amazon S3 bucket. Download the secret during the build process. UseNoEcho to mask the value of the secret. Grant the CodeBuild IAM role the minimum necessarypermissions to access the S3 bucket.

C : Configure AWS Systems Manager Parameter Store to store the secret. Configure the env section of thebuildspec.yml file to have a parameter-store key-value entry that references the parameter. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

D : Store the secret in AWS Systems Manager Parameter Store. Use a pre-build step to retrieve theparameter by using AWS CLI commands. Mask the parameter in the buildspec.yml file. Grant theCodeBuild IAM role the minimum necessary permissions to access the parameter.

Answer: A

Question 5

A company hosts its application on AWS. The application runs on an Amazon Elastic Container Service (Amazon ECS) cluster that uses AWS Fargate. The cluster runs behind an Application Load Balancer. The application stores data in an Amazon Aurora database. A developer encrypts and manages database credentials inside the application.

The company wants to use a more secure credential storage method and implement periodic credential rotation.

Which solution will meet these requirements with the LEAST operational overhead?

A : Migrate the secret credentials to Amazon RDS parameter groups. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant AWS KMS permissions to access Amazon RDS.

B : Migrate the credentials to AWS Systems Manager Parameter Store. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.

C : Migrate the credentials to ECS Fargate environment variables. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.

D : Migrate the credentials to AWS Secrets Manager. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager by using keys.

Answer: D