[September-2021]Braindump2go New AWS-Developer-Associate PDF and VCE Dumps Free Share(Q716-Q740)

QUESTION 716

A company requires all data that is stored in Amazon DynamoDB tables to be encrypted at rest with keys that are managed by the company.

How can a developer meet these requirements WITHOUT changing the application?


A.Use the AWS Encryption SDK to encrypt items before insertion.

B.Enable table-level encryption with an AWS managed customer master key (CMK).

C.Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table.

D.Import key material in DynamoDB, and enable table-level encryption.


Answer: B


QUESTION 717

A developer is automating a new application deployment with AWS Serverless Application Model (AWS SAM). The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects.

How should the developer configure AWS SAM to grant the necessary read privilege to the S3 bucket?


A.Reference a second Lambda authorizer function.

B.Add a custom S3 bucket policy to the Lambda function.

C.Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads.

Reference the topic in the template.

D.Add the S3ReadPolicy template to the Lambda function's execution role.


Answer: D

Explanation:

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html


QUESTION 718

A microservices application is deployed across multiple containers in Amazon Elastic Container Service (Amazon ECS). To improve performance, a developer wants to capture trace information between the microservices and visualize the microservices architecture.

Which solution will meet these requirements?


A.Build the container from the amazon/aws-xray-daemon base image.

Use the AWS X-Ray SDK to instrument the application.

B.Install the Amazon CloudWatch agent on the container image.

Use the CloudWatch SDK to publish custom metrics from each of the microservices.

C.Install the AWS X-Ray daemon on each of the ECS instances.

D.Configure AWS CloudTrail data events to capture the traffic between the microservices.


Answer: C


QUESTION 719

A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket.

What is the MOST secure way to give the application the ability to write files to the S3 bucket?


A.Update the S3 bucket policy to allow public write access.

Allow any user to upload videos by removing the need to handle user authentication within the client-side application.

B.Create a new IAM policy and a corresponding IAM user with permissions to write to the S3 bucket.

Store the key and the secret for the user in the application code.

Use the key to authenticate the video uploads.

C.Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket.

Generate a presigned URL through this API call in the client application.

Upload the video by using the signed URL.

D.Generate a new IAM key and a corresponding secret by using the AWS account root user credentials.

Store the key and the secret for the user in the application code.

Use the key to authenticate the video uploads.


Answer: D


QUESTION 720

A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a new AWS Lambda function. The Lambda function runs complex code. The developer wants to test the Lambda function with more CPU power.

What should the developer do to meet this requirement?


A.Increase the runtime engine version.

B.Increase the timeout.

C.Increase the number of Lambda layers.

D.Increase the memory.


Answer: D

Explanation:

https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html


QUESTION 721

A developer is building a new application that uses an Amazon DynamoDB table. The specification states that all items that are older than 48 hours must be removed.

Which solution will meet this requirement?


A.Create a new attribute that has the Number data type.

Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours.

In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

B.Create a new attribute that has the String data type.

Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours.

In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

C.Create a new attribute that has the Number data type.

Enable TTL on the DynamoDB table for this attribute.

In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.

D.Create a new attribute that has the String data type.

Enable TTL on the DynamoDB table for this attribute.

In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.


Answer: C

Explanation:

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/howitworks-ttl.html


QUESTION 722

A developer is troubleshooting connectivity issues between an AWS Lambda function and an Amazon EC2 instance that runs Amazon Linux 2. The Lambda function and the EC2 instance cannot communicate with each other even though the Lambda function is configured to access resources in the EC2 instance's subnet.

How can the developer inspect the network traffic between the Lambda function and the EC2 instance?


A.Inspect the VPC flow logs for network activity.

B.Use the traceroute command on the EC2 instance to check connectivity.

C.Analyze the Amazon CloudWatch metrics for network traffic.

D.Use the telnet command on the EC2 instance to check connectivity.


Answer: A

Explanation:

https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/


QUESTION 723

A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.

Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)


A.Restrict viewer access by using signed URLs.

B.Set the Origin Protocol Policy setting to Match Viewer.

C.Enable field-level encryption.

D.Enable automatic object compression.

E.Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.


Answer: AE


QUESTION 724

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct IAM policy already exists.

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?


A.Attach the existing IAM policy to the Lambda function.

B.Create an IAM role for the Lambda function.

Attach the existing IAM policy to the role.

Attach the role to the Lambda function.

C.Create an IAM user with programmatic access.

Attach the existing IAM policy to the user.

Add the user access key ID and secret access key as environment variables in the Lambda function.

D.Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.


Answer: B

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/lambda-execution-role-s3-bucket/


QUESTION 725

A developer is working on an ecommerce website. The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available.

How can the developer update the application to meet these requirements with MINIMUM changes?


A.Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch.

B.Set up centralized logging by using Amazon Elasticsearch Service (Amazon ES), Logstash, and Kibana.

C.Scale down the application to one larger EC2 instance where only one instance is recording logs.

D.Install the unified Amazon CloudWatch agent on the EC2 instances.

Configure the agent to push the application logs to CloudWatch.


Answer: D


QUESTION 726

A developer is changing the configuration for a CPU-intensive AWS Lambda function that runs once an hour. The function usually takes 45 seconds to run, but sometimes the run time is up to 1 minute. The timeout parameter is set to 3 minutes, and all other parameters are set to default.

The developer needs to optimize the run time of this function.

Which solution will meet this requirement?


A.Redeploy the function within the default VPC.

B.Increase the function's memory.

C.Redeploy the function by using Lambda layers.

D.Increase the function's reserved concurrency.


Answer: B


QUESTION 727

A developer is creating a website that will be hosted from an Amazon S3 bucket. The website must support secure browser connections.

Which combination of actions must the developer take to meet this requirement? (Choose two.)


A.Create an Elastic Load Balancer (ELB).

Configure the ELB to direct traffic to the S3 bucket.

B.Create an Amazon CloudFront distribution.

Set the S3 bucket as an origin.

C.Configure the Elastic Load Balancer with an SSL/TLS certificate.

D.Configure the Amazon CloudFront distribution with an SSL/TLS certificate.

E.Configure the S3 bucket with an SSL/TLS certificate.


Answer: BE


QUESTION 728

A company has an application that runs on AWS Lambda@Edge. The application serves content that varies based on the device that the viewer is using. Information about the number of hits by device type is written to logs that are stored in a log group in Amazon CloudWatch Logs. The company needs to publish an Amazon CloudWatch custom metric for each device type.

Which approach will meet these requirements?


A.Create a CloudWatch Logs Insights query to extract the device type information from the logs and to create a custom metric with device type as a dimension.

B.Create a CloudWatch metric filter to extract metrics from the log files with device type as a dimension.

C.Update the application to write its logs in the CloudWatch embedded metric format with device type as a dimension.

D.Configure the CloudWatch Logs agent for Lambda integration.

Update the application to use the StatsD protocol to emit the metrics.


Answer: D

Explanation:

https://aws.amazon.com/lambda/faqs/


QUESTION 729

A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances.

The EC2 instances run behind a public Application Load Balancer (ALB).

An HTTP server runs on each of the EC2 instances, logging all requests to a log file.

The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB

What must the developer do to capture the client public IP addresses in the log file?


A.Add a Host header to the HTTP server log configuration file

B.Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file.

C.Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file.

D.Add an X-Forwarded-For header to the HTTP server log configuration file.


Answer: C


QUESTION 730

A developer at a company writes an AWS ClojdForination template. The template refers to subnets that were created by a separate AWS Cloud Formation template that the company's network team wrote. When the developer attempts to launch the stack for the first time, the launch fails. Which template coding mistakes could have caused this failure? (Select TWO.)


A.The developer's template does not use the Ref intrinsic function to refer to the subnets

B.The developer's template does not use the ImportValue intrinsic function to refer to the subnets

C.The Mappings section of the developer's template does not refer to the subnets.

D.The network team's template does not export the subnets in the Outputs section

E.The network team's template does not export the subnets in the Mappings section


Answer: BD


QUESTION 731

A developer is building an application. The application's front end is developed in JavaScript, and the data is stored in an Amazon DynamoDB table During testing, the application returns an HTTP 5xx error from the strongly consistent reads to the DynamoDB table:

"Internal server error (Service: AmazonDynamoDBv2. Status Code: 500; Error Code; InternalServerError)."

Which actions should the developer take to mitigate this error? (Select TWO )


A.Avoid strongly consistent reads

B.Use DynamoDB Accelerator (DAX)

C.Increase read/write capacity of DynamoDB to meet the peak load.

D.Retry the failed read requests with exponential backoff

E.Configure DynamoDB auto scaling


Answer: AD


QUESTION 732

A developer wants to modify the following AWS Cloud Formation template to embed another CloudFormation stack:

Which syntax should the developer add to the blank line of the CloudFormation template to meet this requirement?


A."Mapping" : "AWS::CloudFormation::Stack",

B."Type" : "AWS;:CloudFcrmation::NestedStack",

C."Type-quot; :";AWS::CloudFormation::Stac";,

D."Mapping" : "AWS::CloudFormation::NestedStack",


Answer: A


QUESTION 733

A developer is working on a serverless application. The application uses Amazon API Gateway. AWS Lambda functions that are written in Python, and Amazon DynamoDB. Which combination of steps should the developer take so that the Lambda functions can be debugged in the event of application failures? (Select TWO )


A.Configure an AWS CloudTrail trail to deliver log files to an Amazon S3 bucket

B.Ensure that the Lambda functions write log messages to stdout and stderr

C.Enable an AWS CloudTrail trail for the Lambda function

D.Ensure that the execution role for the Lambda function has access to write to Amazon CloudWatch Logs.

E.Use the Amazon CloudWatch metric for Lambda errors to create a CloudWatch alarm.


Answer: DE


QUESTION 734

A developer supports an application that accesses data in an Amazon DynamoDB table One of the item attributes is expirationDate In the timestamp format. The application uses this attribute to find items archive them and remove them from the table based on the timestamp value The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.

Which solution will meet these requirements?


A.Enable TTL on the expirationDate attribute in the table.

Create a DynamoDB stream.

Create an AWS Lambda function to process the deleted items.

Create a DynamoDB trigger for the Lambda function

B.Create two AWS Lambda functions one to delete the items and one to process the items.

Create a DynamoDB stream.

Use the Deleteltem API operation to delete the items based on the expirationDate attribute.

Use the GetRecords API operation to get the items from the DynamoDB stream and process them

C.Create two AWS Lambda functions one to delete the items and one to process the items.

Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to invoke the Lambda functions.

Use the Deleteltem API operation to delete the items based on the expirationDate attribute.

Use the GetRecords API operation to get the items from the DynamoDB table and process them

D.Enable TTL on the expirationDate attribute in the table.

Specify an Amazon Simple Queue Service (Amazon SQS) dead-letter queue as the target to delete the items.

Create an AWS Lambda function to process the items.


Answer: C


QUESTION 735

A developer must extend an existing application that is based on the AWS Services Application Model (AWS SAM).

The developer has used the AWS SAM CLI to create the project. The project contains different AWS Lambda functions.

Which combination of commands must the developer use to redeploy the AWS SAM application (Select TWO.)


A.Sam init

B.Sam validate

C.Sam build

D.Sam deploy

E.Sam publish


Answer: AD


QUESTION 736

A developer used the BalehWnteltern API operation to insert items in an Amazon DynamoDB table. OynamoDB returned a few items as unprocessed due to throttling. The developer decides to retry the records on the unprocessed items

What should the developer do to reprocess the records with the LEAST number of API calls?


A.Retry the BatchWriteltem operation immediately

B.Perform the Putltem operation on the unprocessed items individually instead of using the BatchWriteltem operation

C.Delay the BatchWriteltem operation by using progressively longer wait times between retries, or exponential backoff

D.Delete the items that were successfully processed, and reissue a new BatchWriteltem operation


Answer: D


QUESTION 737

A team deployed an AWS CloudFormaiion template to update a stack that already included an Amazon RDS DB instance. However, before the deployment of the update the team changed the name of the DB instance on the template by mistake. The DeletionPoIicy attribute for all resources was not changed from the default values.

What will be the result of this mistake?


A.AWS CloudFormation will create a new database and delete the old one

B.AWS CloudFormation will create a new database and keep the old one

C.AWS CloudFormation will overwrite the existing database and rename it

D.AWS CloudFormation will leave the existing database and will not create a new one


Answer: A


QUESTION 738

An application uses Amazon DynamoDB as its backend database. The application experiences sudden spikes in traffic over the weekend and variable but predictable spikes during weekdays. The capacity needs to be set to avoid throttling errors at all times.

How can this be accomplished cost-effectively?


A.Use provisioned capacity with AWS Auto Scaling throughout the week.

B.Use on-demand capacity for the weekend and provisioned capacity with AWS Auto Scaling during the weekdays

C.Use on-demand capacity throughout the week

D.Use provisioned capacity with AWS Auto Scaling enabled during the weekend and reserved capacity enabled during the weekdays


Answer: A


QUESTION 739

A developer needs to deploy a new version to an AWS Elastic Beanstalk application. How can the developer accomplish this task?


A.Upload and deploy the new application version in the Elastic Beanstalk console

B.Use the eb init CLI command to deploy a new version '

C.Terminate the current Elastic Beanstalk environment and create a new one

D.Modify the ebextensions folder to add a source option to services


Answer: A


QUESTION 740

A developer wants to use React to build a web and mobile application. The application will be hosted on AWS. The application must authenticate users and then allow users to store and retrieve files that they own. The developer wants to use Facebook for authentication.

Which CLI will MOST accelerate the development and deployment of this application on AWS?


A.AWS CLI

B.AWS Amplify CLI

C.AWS Serverless Application Model (AWS SAM) CLI

D.Amazon Elastic Container Service (Amazon ECS) CLI


Answer: B


2021 Latest Braindump2go AWS-Developer-Associate PDF and AWS-Developer-Associate VCE Dumps Free Share:

https://drive.google.com/drive/folders/1dvoSqn8UfssZYMvGJJdAPW320Fvfpph3?usp=sharing

4.7 Star App Store Review!
Cpl.dev***uke
The Communities are great you rarely see anyone get in to an argument :)
king***ing
Love Love LOVE
Download

Select Collections