Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. DVA-C01

Amazon DVA-C01 Exam
AWS Certified Developer - Associate DVA-C02 (Page 12 )

Updated On: 26-Jan-2026
Page 12 of 113
PDF with 500 Questions

A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS Key Management Service (AWS KMS) keys, which can be rotated on demand.
Which combination of steps will meet these requirements? (Choose two.)

  1. Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.
  2. Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key.
  3. Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.
  4. Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.
  5. Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.

Answer(s): C,D



An AWS Lambda function is invoked asynchronously to process events. Occasionally, the Lambda function falls to process events. A developer needs to collect and analyze these failed events to fix the issue.
What should the developer do to meet these requirements with the LEAST development effort?

  1. Add logging statements for all events in the Lambda function. Filter AWS CloudTrail logs for errors.
  2. Configure the Lambda function to start an AWS Step Functions workflow with retries for failed events.
  3. Add a dead-letter queue to send messages to an Amazon Simple Queue Service (Amazon SQS) standard queue.
  4. Add a dead-letter queue to send messages to an Amazon Simple Notification Service (Amazon SNS) FIFO topic.

Answer(s): C



An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.
Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

  1. The EC2 instance will only be able to list the S3 buckets.
  2. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
  3. The EC2 instance will be able to perform all actions on any S3 bucket.
  4. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Answer(s): D



A company uses an AWS Lambda function to transfer files from an Amazon S3 bucket to the company's SFTP server. The Lambda function connects to the SFTP server by using credentials such as username and password. The company uses Lambda environment variables to store these credentials.
A developer needs to implement encrypted username and password credentials.
Which solution will meet these requirements?

  1. Remove the user credentials from the Lambda environment. Implement IAM database authentication.
  2. Move the user credentials from Lambda environment variables to AWS Systems Manager Parameter Store.
  3. Move the user credentials from Lambda environment variables to AWS Key Management Service (AWS KMS).
  4. Move the user credentials from the Lambda environment to an encrypted .txt file. Store the file in an S3 bucket.

Answer(s): B



A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.
Which solution meets these requirements?

  1. Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.
  2. Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.
  3. Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.
  4. Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

Answer(s): A



Viewing page 12 of 113
Viewing questions 56 - 60 out of 500 questions



Post your Comments and Discuss Amazon DVA-C01 exam prep with other Community members:

Join the DVA-C01 Discussion