CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified Developer - Associate DVA-C02

Free AWS Certified Developer - Associate DVA-C02 Exam Braindumps (page: 39)

Page 39 of 116
PDF with 458 Questions

A company uses a custom root certificate authority certificate chain (Root CA Cert)
that is 10 KB in size to generate SSL certificates for its on-premises HTTPS
endpoints. One of the company’s cloud-based applications has hundreds of AWS Lambda functions that pull data from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambda deployment bundle.
After 3 months of development, the Root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing, and production environments. Each environment is managed in a separate AWS account.
Which combination of steps should the developer take to meet these requirements MOST cost-effectively? (Choose two.)

  1. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret.
  2. Store the Root CA Cert as a SecureString parameter in AWS Systems Manager
    Parameter Store. Create a resource-based policy. Add IAM users to allow access to the policy.
  3. Store the Root CA Cert in an Amazon S3 bucket. Create a resource-based policy to allow access to the bucket.
  4. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store inside the Lambda function handler.
  5. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store outside the Lambda function handler.

Answer(s): A,E



A developer maintains applications that store several secrets in AWS Secrets
Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.
What should the developer do to meet these requirements?

  1. Configure an AWS CloudTrail log file delivery to an Amazon S3 bucket. Create an Amazon CloudWatch alarm for the GetSecretValue Secrets Manager API
    operation requests.
  2. Create a secretsmanager-secret-unused AWS Config managed rule. Create an
    Amazon EventBridge rule to initiate notifications when the AWS Config managed rule is met.
  3. Deactivate the applications secrets and monitor the applications error logs temporarily.
  4. Configure AWS X-Ray for the applications. Create a sampling rule to match the GetSecretValue Secrets Manager API operation requests.

Answer(s): B



A developer is writing a serverless application that requires an AWS Lambda function to be invoked every 10 minutes.
What is an automated and serverless way to invoke the function?

  1. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda function.
  2. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.
  3. Create an Amazon EventBridge rule that runs on a regular schedule to invoke the Lambda function.
  4. Create an Amazon Simple Notification Service (Amazon SNS) topic that has a subscription to the Lambda function with a 600-second timer.

Answer(s): C



A company is using Amazon OpenSearch Service to implement an audit monitoring system. A developer needs to create an AWS CloudFormation custom resource that is associated with an AWS Lambda function to configure the OpenSearch Service domain.
The Lambda function must access the OpenSearch Service domain by using OpenSearch
Service internal master user credentials.
What is the MOST secure way to pass these credentials to the Lambda function?

  1. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and the
    Lambda function’s environment variable. Set the NoEcho attribute to true.
  2. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and to create a parameter in AWS Systems Manager Parameter Store. Set the NoEcho attribute to true. Create an IAM role that has the ssm:GetParameter permission. Assign the role to the Lambda function. Store the parameter name as the Lambda function’s environment variable. Resolve the parameter’s value at runtime.
  3. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and the
    Lambda function’s environment variable. Encrypt the parameter’s value by using the AWS Key Management Service (AWS KMS) encrypt command.
  4. Use CloudFormation to create an AWS Secrets Manager secret. Use a
    CloudFormation dynamic reference to retrieve the secret’s value for the
    OpenSearch Service domain’s MasterUserOptions. Create an IAM role that has the secretsmanager:GetSecretValue permission. Assign the role to the Lambda function. Store the secret’s name as the Lambda function’s environment variable. Resolve the secret’s value at runtime.

Answer(s): D



Page 39 of 116



Post your Comments and Discuss Amazon AWS Certified Developer - Associate DVA-C02 exam with other Community members:

Ernesto commented on August 26, 2024
Prepared and passed this exam. Valid question and very tough exam. So good luck.
Spain
upvote