A developer is building an application that will run on Amazon EC2 instances.
The application needs to connect to an Amazon DynamoDB table to read and write records.
The security team must periodically rotate access keys.
Which approach will satisfy these requirements?
A.Create an IAM role with read and write access to the DynamoDB table.
Generate access keys for the user and store the access keys in the application as environment variables.
B.Create an IAM user with read and write access to the DynamoDB table.
Store the user name and password in the application and generate access keys using an AWS SDK.
C.Create an IAM role, configure read and write access for the DynamoDB table, and attach to the EC2 instances.
D.Create an IAM user with read and write access to the DynamoDB table.
Generate access keys for the user and store the access keys in the application as a credentials file.
A developer is monitoring an application running on an Amazon EC2 instance.
The application accesses an Amazon DynamoDB table and the developer has configured a custom Amazon CloudWatch metric with data granularity of 1 second.
If there are any issues, the developer wants to be notified within 30 seconds using Amazon SNS.
Which CloudWatch mechanism will satisfy this requirement?
A.Configure a high-resolution CloudWatch alarm.
B.Set up a custom AWS Lambda CloudWatch log.
C.Use a Cloud Watch stream.
D.Change to a default CloudWatch metric.
A developer is implementing authentication and authorization for an application. The developer needs to ensure that the user credentials are never exposed.
Which approach should the developer take to meet this requirement?
A.Store the user credentials in Amazon DynamoDB.
Build an AWS Lambda function to validate the credentials and authorize users.
B.Deploy a custom authentication and authorization API on an Amazon EC2 instance.
Store the user credentials in Amazon S3 and encrypt the credentials using Amazon S3 server-side encryption.
C.Use Amazon Cognito to configure a user pool, and user the Cognito API to authenticate and authorize the user.
D.Store the user credentials in Amazon RDS.
Enable the encryption option for the Amazon RDS DB instances.
Build an API using AWS Lambda to validate the credentials and authorize users.
A developer is building a new complex application on AWS. The application consists of multiple microservices hosted on Amazon EC2. The developer wants to determine which microservice adds the most latency while handling a request.
Which method should the developer use to make this determination?
A.Instrument each microservice request using the AWS X-Ray SDK.
Examine the annotations associated with the requests.
B.Instrument each microservice request using the AWS X-Ray SDK.
Examine the subsegments associated with the requests.
C.Instrument each microservice request using the AWS X-Ray SDK.
Examine the Amazon CloudWatch EC2 instance metrics associated with the requests.
D.Instrument each microservice request using the Amazon CloudWatch SDK.
Examine the CloudWatch EC2 instance metrics associated with the requests.
A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity. During peak times, the backend servers that process orders are overloaded with requests. This results in some orders failing to process. A developer needs to create a solution that will re- factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Choose two.)
A.Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.
B.Implement an Amazon SQS queue to decouple the front-end and backend servers.
C.Use an Amazon SNS queue to decouple the front-end and backend servers.
D.Migrate the backend servers to on-premises and pull from an Amazon SNS queue.
E.Modify the backend servers to pull from an Amazon SQS queue.
A developer is asked to integrate Amazon CloudWatch into an on-premises application.
How should the application access CloudWatch, according to AWS security best practices?
A.Configure AWS credentials in the application server with an AWS SDK
B.Implement and proxy API-calls through an EC2 instance
C.Store IAM credentials in the source code to enable access
D.Add the application server SSH-key to AWS
A company's new mobile app uses Amazon API Gateway. As the development team completes a new release of its APIs, a developer must safely and transparently roll out the API change.
What is the SIMPLEST solution for the developer to use for rolling out the new API version to a limited number of users through API Gateway?
A.Create a new API in API Gateway.
Direct a portion of the traffic to the new API using an Amazon Route 53 weighted routing policy.
B.Validate the new API version and promote it to production during the window of lowest expected utilization.
C.Implement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined threshold.
D.Use the canary release deployment option in API Gateway.
Direct a percentage of the API traffic using the canarySettings setting.
A developer must modify an Alexa skill backed by an AWS Lambda function to access an Amazon DynamoDB table in a second account. A role in the second account has been created with permissions to access the table.
How should the table be accessed?
A.Modify the Lambda function execution role's permissions to include the new role.
B.Change the Lambda function execution role to be the new role.
C.Assume the new role in the Lambda function when accessing the table.
D.Store the access key and the secret key for the new role and use then when accessing the table.
A developer is creating a new application that will be accessed by users through an API created using Amazon API Gateway. The users need to be authenticated by a third-party Security Assertion Markup Language (SAML) identity provider. Once authenticated, users will need access to other AWS services, such as Amazon S3 and Amazon DynamoDB.
How can these requirements be met?
A.Use an Amazon Cognito user pool with SAML as the resource server.
B.Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers.
C.Use the AWS IAM service to provide the sign-up and sign-in functionality.
D.Use Amazon CloudFront signed URLs to connect with the SAML identity provider.
A company processes incoming documents from an Amazon S3 bucket. Users upload documents to an S3 bucket using a web user interface. Upon receiving files in S3, an AWS Lambda function is invoked to process the files, but the Lambda function times out intermittently.
If the Lambda function is configured with the default settings, what will happen to the S3 event when there is a timeout exception?
A.Notification of a failed S3 event is send as an email through Amazon SNS.
B.The S3 event is sent to the default Dead Letter Queue.
C.The S3 event is processed until it is successful.
D.The S3 event is discarded after the event is retried twice.
A developer has designed a customer-facing application that is running on an Amazon EC2 instance. The application logs every request made to it. The application usually runs seamlessly, but a spike in traffic generates several logs that cause the disk to fill up and eventually run out of memory. Company policy requires old logs to be centralized for analysis.
Which long-term solution should the developer employ to prevent the issue from reoccurring?
A.Set up log rotation to rotate the file every day.
Also set up log rotation to rotate after every 100 MB and compress the file.
B.Install the Amazon CloudWatch agent on the instance to send the logs to CloudWatch.
Delete the logs from the instance once they are sent to CloudWatch.
C.Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to automatically add volumes to the instance when it reaches a specified threshold.
D.Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs from the instance.
Configure the rule to delete the logs after they have been pulled.
A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed.
What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway?
A.Associate different AWS Lambda functions to an API Gateway target endpoint.
B.Create different stages in API Gateway, then associate API Gateway with AWS Lambda.
C.Create aliases and versions in AWS Lambda.
D.Tag the AWS Lambda functions with different names.
A developer wants to secure sensitive configuration data such as passwords, database strings, and application license codes. Access to this sensitive information must be tracked for future audit purposes.
Where should the sensitive information be stored, adhering to security best practices and operational requirements?
A.In an encrypted file on the source code bundle; grant the application access with Amazon IAM
B.In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM
C.On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data
D.As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role
A developer has built an application using Amazon Cognito for authentication and authorization. After a user is successfully logged in to the application, the application creates a user record in an Amazon DynamoDB table.
What is the correct flow to authenticate the user and create a record in the DynamoDB table?
A.Authenticate and get a token from an Amazon Cognito user pool.
Use the token to access DynamoDB.
B.Authenticate and get a token from an Amazon Cognito identity pool.
Use the token to access DynamoDB.
C.Authenticate and get a token from an Amazon Cognito user pool.
Exchange the token for AWS credentials with an Amazon Cognito identity pool.
Use the credentials to access DynamoDB.
D.Authenticate and get a token from an Amazon Cognito identity pool.
Exchange the token for AWS credentials with an Amazon Cognito user pool.
Use the credentials to access DynamoDB.
2021 Latest Braindump2go AWS-Developer-Associate PDF and VCE Dumps Free Share: