Amazon DVA-C02 Exam Practice Test Instant Access

Question 1

A developer is updating an Amazon API Gateway REST API to have a mock endpoint. The developer wants to update the integration request mapping template so the endpoint will respond to mock integration requests with specific HTTP status codes based on various conditions.

A{ if( $input.params('integration') == 'mock' ) 'statusCode': 404 else 'statusCode': 500 end }

B{ if( $input.params('scope') == 'internal' ) 'statusCode': 200 else 'statusCode': 500 end }

C{ if( $input.path('integration') ) 'statusCode': 200 else 'statusCode':404 end }

D{ if( $context.integration.status ) 'statusCode': 200 else 'statusCode': 500 end }

Answer : D

Comprehensive Detailed Step by Step Explanation with All AWS Developer Reference:

In this scenario, the developer is configuring a mock integration in API Gateway. The integration request mapping template allows you to map the incoming request data to a format that the API expects. For mock integration, it's common to return specific HTTP status codes based on the conditions.

Using $context.integration.status: The $context.integration.status variable refers to the status of the API Gateway integration, which is useful for generating responses based on the condition. Option D correctly uses this variable to determine the HTTP status code, returning 200 for a successful mock request or 500 for a failure.

Alternatives:

Options A, B, and C do not use the correct context variables for handling mock integrations. These options would not return the correct status codes based on the actual integration status.

API Gateway Mapping Templates and Accessing Context Variables

Question 2

A company is using the AWS Serverless Application Model (AWS SAM) to develop a social media application. A developer needs a quick way to test AWS Lambda functions locally by using test event payloads. The developer needs the structure of these test event payloads to match the actual events that AWS services create.

ACreate shareable test Lambda events. Use these test Lambda events for local testing.

BStore manually created test event payloads locally. Use the sam local invoke command with the file path to the payloads.

CStore manually created test event payloads in an Amazon S3 bucket. Use the sam local invoke command with the S3 path to the payloads.

DUse the sam local generate-event command to create test payloads for local testing.

Answer : D

Comprehensive Detailed Step by Step Explanation with All AWS Developer Reference:

The AWS Serverless Application Model (SAM) includes features for local testing and debugging of AWS Lambda functions. One of the most efficient ways to generate test payloads that match actual AWS event structures is by using the sam local generate-event command.

sam local generate-event: This command allows developers to create pre-configured test event payloads for various AWS services (e.g., S3, API Gateway, SNS). These generated events accurately reflect the format that the service would use in a live environment, reducing the manual work required to create these events from scratch.

Operational Overhead: This approach reduces overhead since the developer does not need to manually create or maintain test events. It ensures that the structure is correct and up-to-date with the latest AWS standards.

Alternatives:

Option A suggests using shareable test events, but manually creating or sharing these events introduces more overhead.

Option B and C both involve manually storing and maintaining test events, which adds unnecessary complexity compared to using sam local generate-event.

AWS SAM CLI documentation

Question 3

A company stores customer credit reports in an Amazon S3 bucket. An analytics service uses standard Amazon S3 GET requests to access the reports. A developer must implement a solution to redact personally identifiable information (PII) from the reports before the reports reach the analytics service.

ALoad the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift.

BSet up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API.

CUse AWS Key Management Service (AWS KMS) to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms
permission to the analytics service.

DCreate an Amazon Simple Notification Service (Amazon SNS) topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic.

Answer : B

Comprehensive Detailed Step by Step Explanation with All AWS Developer Reference:

To redact PII from S3 objects before they are accessed by the analytics service, the most efficient solution is to use S3 Object Lambda. S3 Object Lambda allows you to add your own code (Lambda function) to process and transform data when it is retrieved from Amazon S3. You can attach a Lambda function to an S3 Object Lambda Access Point, which in this case would run a redaction API to remove PII from the reports.

Operational Efficiency: S3 Object Lambda handles data processing on the fly, without requiring the data to be permanently transformed or moved to another service (like Amazon Redshift).

Alternatives:

Option A: Loading the data into Amazon Redshift would require refactoring the analytics service and maintaining an additional data pipeline, increasing complexity.

Option C: Using AWS KMS for encryption protects data at rest and in transit, but it does not address PII redaction.

Option D: SNS is a messaging service and does not support direct data transformation.

Question 4

A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.

A'Condition': { 'ArnLike': { 'aws
':'arn:aws:states:ap-south-1:111111111111:stateMachine
' } }
B. 'Condition': { 'ArnLike': { 'aws
':'arn:aws:states:ap-south-1:*:stateMachine
' } }

Answer : A

Comprehensive Detailed Step by Step Explanation with All AWS Developer Reference: To ensure that only a specific AWS Step Functions state machine (myStateMachine) can assume the service role, you must configure the correct trust policy in AWS IAM.

Trust Policies: Trust policies determine which entities (services or users) are allowed to assume the role. In this case, we want to restrict the trust policy to only allow the specific state machine (myStateMachine) to assume the role.

Using ArnLike: The condition 'ArnLike' is used to specify that the SourceArn (which refers to the ARN of the entity assuming the role) must match a specific ARN. Option A specifies the exact ARN of the myStateMachine state machine, ensuring that only this state machine can assume the role.

Option B: This option is incorrect because it uses a wildcard (*) for the account ID, which would allow any state machine in the ap-south-1 region to assume the role, not just the specific one.

AWS Step Functions IAM Policies

Question 5

A developer is making changes to a custom application that uses AWS Elastic Beanstalk.

Which solutions will update the Elastic Beanstalk environment with the new application version after the developer completes the changes? (Select TWO.)

APackage the application code into a .zip file. Use the AWS Management Console to upload the .zip file and deploy the packaged application.

BPackage the application code into a .tar file. Use the AWS Management Console to create a new application version from the .tar file. Update the environment by using the AWS CLI.

CPackage the application code into a .tar file. Use the AWS Management Console to upload the .tar file and deploy the packaged application.

DPackage the application code into a .zip file. Use the AWS CLI to create a new application version from the .zip file and to update the environment.

EPackage the application code into a .zip file. Use the AWS Management Console to create a new application version from the .zip file. Rebuild the environment by using the AWS CLI.

Answer : A, D

Question 6

A developer is implementing a serverless application by using AWS CloudFormation to provision Amazon S3 web hosting. Amazon API Gateway, and AWS Lambda functions. The Lambda function source code is zipped and uploaded to an S3 bucket. The S3 object key of the zipped source code is specified in the Lambda resource in the CloudFormation template.

The developer notices that there are no changes in the Lambda function every time the CloudFormation stack is updated.

How can the developer resolve this issue?

ACreate a new Lambda function alias before updating the CloudFormation stack.

BChange the S3 object key or the S3 version in the CloudFormation template before updating the CloudFormation stack.

CUpload the zipped source code to another S3 bucket before updating the CloudFormation stack.

DAssociate a code signing configuration with the Lambda function before updating the CloudFormation stack.

Answer : B

Question 7

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

ACopy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

BCreate a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

CUse server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

DModify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Answer : B

Amazon DVA-C02 AWS Certified Developer - Associate Exam Practice Test