CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified Developer - Associate DVA-C02

Free AWS Certified Developer - Associate DVA-C02 Exam Braindumps (page: 10)

Page 10 of 116
PDF with 458 Questions

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

  1. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.
  2. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.
  3. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.
  4. Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

Answer(s): A



An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

  1. Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
  2. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
  3. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
  4. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2
    instance.

Answer(s): B



A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-effectively?

  1. Amazon S3 with encrypted files prefixed with “config”
  2. AWS Secrets Manager secrets with a tag that is named SecretString
  3. AWS Systems Manager Parameter Store SecureString parameters
  4. CloudFormation NoEcho parameters

Answer(s): C



A company has deployed infrastructure on AWS. A development team wants to create an
AWS Lambda function that will retrieve data from an Amazon Aurora database. The
Amazon Aurora database is in a private subnet in company's VPC. The VPC is named
VPC1. The data is relational in nature. The Lambda function needs to access the data securely.
Which solution will meet these requirements?

  1. Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database.
    Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.
  2. Create and launch a Lambda function in a new public subnet that is in a new
    VPC named VPC2. Create a peering connection between VPC1 and VPC2.
  3. Create the Lambda function. Configure VPC1 access for the function. Assign a security group named SG1 to the Lambda function. Assign a second security group named SG2 to the database. Add an inbound rule to SG1 to allow TCP
    traffic from Port 3306.
  4. Export the data from the Aurora database to Amazon S3. Create and launch a
    Lambda function in VPC1. Configure the Lambda function query the data from
    Amazon S3.

Answer(s): A



Page 10 of 116



Post your Comments and Discuss Amazon AWS Certified Developer - Associate DVA-C02 exam with other Community members:

Ernesto commented on August 26, 2024
Prepared and passed this exam. Valid question and very tough exam. So good luck.
Spain
upvote