Amazon AWS Certified Developer Associate Exam Practice Questions (P. 1)
- Full Access (443 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
A gaming website gives users the ability to trade game items with each other on the platform. The platform requires both users' records to be updated and persisted in one transaction. If any update fails, the transaction must roll back.
Which AWS solution can provide the transactional capability that is required for this feature?
Which AWS solution can provide the transactional capability that is required for this feature?
- AAmazon DynamoDB with operations made with the Consistent Read parameter set to true
- BAmazon ElastiCache for Memcached with operations made within a transaction block
- CAmazon DynamoDB with reads and writes made by using Transact* operationsMost Voted
- DAmazon Aurora MySQL with operations made within a transaction block
- EAmazon Athena with operations made within a transaction block
Correct Answer:
D
D

For the scenario described in the question about updating and persisting user records in a single transaction with rollback capabilities if any update fails, Amazon Aurora MySQL is indeed a suitable choice. It provides native support for multi-statement transactions, ensuring that all operations within a transaction block either succeed or fail as a whole. This aligns closely with the ACID properties required for robust transaction management. While DynamoDB also offers transaction capabilities, Amazon Aurora MySQL better suits use cases requiring traditional relational database features with complex transaction controls.
send
light_mode
delete
Question #2
A developer has created a Java application that makes HTTP requests directly to AWS services. Application logging shows 5xx HTTP response codes that occur at irregular intervals. The errors are affecting users.
How should the developer update the application to improve the application's resiliency?
How should the developer update the application to improve the application's resiliency?
- ARevise the request content in the application code.
- BUse the AWS SDK for Java to interact with AWS APIs.Most Voted
- CScale out the application so that more instances of the application are running.
- DAdd additional logging to the application code.
Correct Answer:
C
C

Implementing the AWS SDK for Java can significantly boost application resilience when interacting with AWS services. This SDK encompasses built-in retry mechanisms and employs an exponential backoff strategy combined with jitter to adeptly manage HTTP 5xx errors. These features are essential for handling intermittent connectivity issues and enhancing overall stability, ensuring a seamless user experience. It is advisable to replace direct HTTP requests with this SDK to leverage these robust error handling and retry capabilities extensively.
send
light_mode
delete
Question #3
A global company has a mobile app with static data stored in an Amazon S3 bucket in the us-east-1 Region. The company serves the content through an Amazon
CloudFront distribution. The company is launching the mobile app in South Africa. The data must reside in the af-south-1 Region. The company does not want to deploy a specific mobile client for South Africa.
What should the company do to meet these requirements?
CloudFront distribution. The company is launching the mobile app in South Africa. The data must reside in the af-south-1 Region. The company does not want to deploy a specific mobile client for South Africa.
What should the company do to meet these requirements?
- AUse the CloudFront geographic restriction feature to block access to users in South Africa.
- BCreate a Lambda@Edge function. Associate the Lambda@Edge function as an origin request trigger with the CloudFront distribution to change the S3 origin Region.Most Voted
- CCreate a Lambda@Edge function. Associate the Lambda@Edge function as a viewer response trigger with the CloudFront distribution to change the S3 origin Region.
- DInclude af-south-1 in the alternate domain name (CNAME) of the CloudFront distribution.
Correct Answer:
A
A

The correct approach for the scenario described, where the company needs to serve region-specific content without deploying a different mobile app client, is to use a Lambda@Edge function. This allows for the modification of requests to the S3 bucket based on the geographic origin of the request, essentially altering the data origin to the closest regional endpoint. Using Lambda@Edge, specifically with an Origin Request trigger, provides a dynamic way to route requests efficiently and comply with regional data residency requirements. Thus, option B is indeed the correct answer. This involves writing a simple function that adjusts the S3 bucket origin dynamically depending on where the request originates from. This is more efficient and aligns with the need to service users in South Africa without additional local deployments.
send
light_mode
delete
Question #4
A developer is testing an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM) local CLI. The application that is implemented by the
Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop.
What should the developer do to meet these requirements?
Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop.
What should the developer do to meet these requirements?
- AEdit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.
- BAdd a test profile by using the aws configure command with the --profile option. Run AWS SAM by using the sam local invoke command with the -profile option.Most Voted
- CEdit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.
- DRun the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the --parameter-overrides option.
Correct Answer:
B
B

To enable AWS Lambda functions to make API calls to a test AWS account from a local development environment using the AWS Serverless Application Model (SAM) CLI, the most effective approach is to configure named profiles. By using the `aws configure` command with the `--profile` option to create a specific profile for the test account, and then invoking the SAM CLI using the `sam local invoke` command with the `-profile` option, the developer can ensure that the Lambda function uses the correct AWS credentials for the designated test account while maintaining secure and organized access management. This method avoids hardcoding credentials and keeps different access configurations neatly separated.
send
light_mode
delete
Question #5
A developer designed an application on an Amazon EC2 instance. The application makes API requests to objects in an Amazon S3 bucket.
Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Choose two.)
Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Choose two.)
- ACreate an IAM user that has permissions to the S3 bucket. Add the user to an IAM group.
- BCreate an IAM role that has permissions to the S3 bucket.Most Voted
- CAdd the IAM role to an instance profile. Attach the instance profile to the EC2 instance.Most Voted
- DCreate an IAM role that has permissions to the S3 bucket. Assign the role to an 1AM group.
- EStore the credentials of the IAM user in the environment variables on the EC2 instance.
Correct Answer:
BC
BC

To ensure the highest level of security for EC2 instances accessing S3 objects, it's best to use IAM roles rather than IAM users. This is because IAM roles provide temporary security credentials that are rotated automatically, minimizing the risk of credential exposure. By creating an IAM role with the necessary S3 permissions and attaching this role to an EC2 instance via an instance profile, the instance inherits these permissions securely. This method avoids the security risks associated with storing long-term credentials on the instance, such as in environment variables or configuration files.
send
light_mode
delete
Question #6
A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?
- ACreate the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.
- BCreate the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.Most Voted
- CRecreate the CloudFront distribution in the same Region as the certificate.
- DSpecify the ACM certificate name as the default root object of the CloudFront distribution.
Correct Answer:
B
B

CloudFront requires ACM certificates to be created in the US East (N. Virginia) region, regardless of the application's hosting region. Certificates issued in any other region are not recognized by CloudFront. Therefore, the certificate must be requested or imported specifically in the us-east-1 region. Despite any regional settings for running applications, this is a specific requirement for CloudFront to function with ACM for HTTPS configurations.
send
light_mode
delete
Question #7
A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?
How can the developer authenticate users?
- AValidate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.
- BConfigure the ALB to use Amazon Cognito as one of the authentication providers.Most Voted
- CConfigure CloudFront to use Amazon Cognito as one of the authentication providers.
- DValidate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.
Correct Answer:
B
B

When setting up an Application Load Balancer (ALB) to manage user authentication, especially for an application where users log in using social media accounts, leveraging Amazon Cognito directly in the ALB is the most streamlined approach. This method offloads the authentication steps from the application, allowing it to focus purely on business logic, rather than handling security processes. Essentially, ALB handles the heavy lifting concerning secure user authentication, making the integration efficient and straightforward without needing additional configurations such as Lambda@Edge with CloudFront.
send
light_mode
delete
Question #8
A company has an application that analyzes photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance.
What should the functions do to obtain this information?
What should the functions do to obtain this information?
- ACall the DescribeInstances API operation and filter on the current instance ID. Examine the ElasticGpuAssociations property.
- BEvaluate the GPU AVAILABLE environment variable.
- CCall the DescribeElasticGpus API operation.
- DRetrieve the instance type from the instance metadata.Most Voted
Correct Answer:
D
D

The correct way for the application to verify whether it runs on a GPU or CPU instance type in AWS is by retrieving the instance type from the instance metadata. The application should make a simple request to http://169.254.169.254/latest/meta-data/ from within the EC2 instance. This internal metadata service endpoint provides comprehensive details about the instance, including the hardware specifications. Understanding whether the instance type supports GPU can be directly discerned from this metadata, ensuring that the application logic can adapt based on the operational environment’s capabilities. This approach is efficient and leverages built-in AWS functionality to simplify the process.
send
light_mode
delete
Question #9
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?
What is the MOST operationally efficient solution that meets this requirement?
- ACreate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.
- BCreate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.Most Voted
- CCreate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.
- DConfigure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.
Correct Answer:
B
B

Using an Amazon Cognito post-authentication Lambda trigger is the most efficient approach for sending email notifications following user logins. This method directly leverages Amazon Cognito's built-in capabilities to trigger an AWS Lambda function right after the authentication process completes. In this function, we harness Amazon SES to manage the email dispatch. This integration not only adheres closely to best practices but also simplifies the architecture by eliminating unnecessary components and external calls, ensuring a seamless and efficient notification process after each login.
send
light_mode
delete
Question #10
A company hosts a three-tier web application on AWS behind an Amazon CloudFront distribution. A developer wants a dashboard to monitor error rates and anomalies of the CloudFront distribution with the shortest possible refresh interval.
Which combination of slops should the developer take to meet these requirements? (Choose two.)
Which combination of slops should the developer take to meet these requirements? (Choose two.)
- AActivate real-time logs on the CloudFront distribution. Create a stream in Amazon Kinesis Data Streams.Most Voted
- BExport the CloudFront logs to an Amazon S3 bucket. Detect anomalies and error rates with Amazon QuickSight.
- CConfigure Amazon Kinesis Data Streams to deliver logs to Amazon OpenSearch Service (Amazon Elasticsearch Service). Create a dashboard in OpenSearch Dashboards (Kibana).Most Voted
- DCreate Amazon CloudWatch alarms based on expected values of selected CloudWatch metrics to detect anomalies and errors.
- EDesign an Amazon CloudWatch dashboard of the selected CloudFront distribution metrics.
Correct Answer:
AC
AC

Real-time monitoring is pivotal for identifying and addressing issues promptly in web applications. By activating real-time logs on the CloudFront distribution and streaming these logs through Amazon Kinesis Data Streams, developers gain access to near-instant data analysis. This setup not only allows for the quickest possible refresh intervals but also enables real-time anomaly detection and error rate monitoring by integrating with services like Amazon Elasticsearch and employing Kibana dashboards for visual insights. Such configurations ensure efficient, timely tracking and management of application performance issues or unexpected anomalies directly as they occur.
send
light_mode
delete
All Pages