DVA-C02 Free Practice Test

A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution The external library is a collection of files with a total size of 100 MB The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create a Lambda layer to store the external library Configure the Lambda function to use the layer
2. B. Create an Amazon S3 bucket Upload the external library into the S3 bucke
3. C. Mount the S3 bucket folder in the Lambda function Import the library by using the proper folder in the mount point.
4. D. Load the external library to the Lambda function's /tmp directory during deployment of the Lambda packag
5. E. Import the library from the /tmp directory.
6. F. Create an Amazon Elastic File System (Amazon EFS) volum
7. G. Upload the external library to the EFS volume Mount the EFS volume in the Lambda functio
8. H. Import the library by using the proper folder in the mount point.

Correct Answer: A
Create a Lambda layer to store the external library. Configure the Lambda function to use the layer. This will allow the developer to make the external library available to the Lambda execution environment without having to include it in the Lambda package, which will reduce the Lambda package space. Using a Lambda layer is a simple and straightforward solution that requires minimal operational overhead. https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html

A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs toimplement a solution so that only users who are signed in to the application can access objects in the S3 bucket.
Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)

1. A. Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances
2. B. Create an 1AM user with an appropriate polic
3. C. Store the access key ID and secret access key on the EC2 instances
4. D. Modify the application to use the S3 GeneratePresignedUrl API call
5. E. Modify the application to use the S3 GetObject API call and to return the object handle to the user
6. F. Modify the application to delegate requests to the S3 bucket.

Correct Answer: AC
The most secure way to allow the EC2 instances to access the S3 bucket is to use an EC2 instance profile and role with an appropriate policy that grants the necessary permissions. This way, the EC2 instances can use temporary security credentials that are automatically rotated and do not need to store any access keys on the instances. To allow the users who are signed in to the application to download objects from the S3 bucket, the application can use the S3 GeneratePresignedUrl API call to create a pre-signed URL that grants temporary access to a specific object. The pre-signed URL can be returned to the user, who can then use it to download the object within a specified time period. References
✑ Use Amazon S3 with Amazon EC2
✑ How to Access AWS S3 Bucket from EC2 Instance In a Secured Way
✑ Sharing an Object with Others

A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.
How should the developer retrieve the variables with the FEWEST application changes?

1. A. Update the application to retrieve the variables from AWS Systems Manager Parameter Stor
2. B. Use unique paths in Parameter Store for each variable in each environmen
3. C. Store the credentials in AWS Secrets Manager in each environment.
4. D. Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.
5. E. Update the application to retrieve the variables from an encrypted file that is stored with the applicatio
6. F. Store the API URL and credentials in unique files for each environment.
7. G. Update the application to retrieve the variables from each of the deployed environment
8. H. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

Correct Answer: A
AWS Systems Manager Parameter Store is a service that provides secure, hierarchical storage for configuration data management and secrets management. The developer can update the application to retrieve the variables from Parameter Store by using the AWS SDK or the AWS CLI. The developer can use unique paths in Parameter Store for each variable in each environment, such as /dev/api-url, /test/api-url, and /prod/api-url. The developer can also store the credentials in AWS Secrets Manager, which is integrated with Parameter Store and provides additional features such as automatic rotation and encryption.
References:
✑ [What Is AWS Systems Manager? - AWS Systems Manager]
✑ [Parameter Store - AWS Systems Manager]
✑ [What Is AWS Secrets Manager? - AWS Secrets Manager]

A company wants to automate part of its deployment process. A developer needs to automate the process of checking for and deleting unused resources that supported previously deployed stacks but that are no longer used.
The company has a central application that uses the AWS Cloud Development Kit (AWS CDK) to manage all deployment stacks. The stacks are spread out across multiple accounts. The developer’s solution must integrate as seamlessly as possible within the current deployment process.
Which solution will meet these requirements with the LEAST amount of configuration?

1. A. In the central AWS CDK application, write a handler function in the code that uses AWS SDK calls to check for and delete unused resource
2. B. Create an AWS CloudPormation template from a JSON fil
3. C. Use the template to attach the function code to an AWS Lambda function and lo invoke the Lambda function when the deployment slack runs.
4. D. In the central AWS CDK applicatio
5. E. write a handler function in the code that uses AWS SDK calls to check for and delete unused resource
6. F. Create an AWS CDK custom resource Use the custom resource to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.
7. G. In the central AWS CDK, write a handler function m the code that uses AWS SDK calls to check for and delete unused resource
8. H. Create an API in AWS Amplify Use the API to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.
9. I. In the AWS Lambda console write a handler function in the code that uses AWS SDK calls to check for and delete unused resource
10. J. Create an AWS CDK custom resourc
11. K. Use the custom resource to import the Lambda function into the stack and to Invoke the Lambda function when the deployment stack runs.

Correct Answer: B
This solution meets the requirements with the least amount of configuration because it uses a feature of AWS CDK that allows custom logic to be executed during stack deployment or deletion. The AWS Cloud Development Kit (AWS CDK) is a software development framework that allows you to define cloud infrastructure as code and provision it through CloudFormation. An AWS CDK custom resource is a construct that enables you to create resources that are not natively supported by CloudFormation or perform tasks that are not supported by CloudFormation during stack deployment or deletion. The developer can write a handler function in the code that uses AWS SDK calls to check for and delete unused resources, and create an AWS CDK custom resource that attaches the function code to a Lambda function and invokes it when the deployment stack runs. This way, the developer can automate the cleanup process without requiring additional configuration or integration. Creating a CloudFormation template from a JSON file will require additional configuration and integration with the central AWS CDK application. Creating an API in AWS Amplify will require additional configuration and integration with the central AWS CDK application and may not provide optimal performance or availability. Writing a handler function in the AWS Lambda console will require additional configuration and integration with the central AWS CDK application.
Reference: [AWS Cloud Development Kit (CDK)], [Custom Resources]

A developer is migrating an application to Amazon Elastic Kubernetes Service (Amazon EKS). The developer migrates the application to Amazon Elastic Container Registry (Amazon ECR) with an EKS cluster.
As part of the application migration to a new backend, the developer creates a new AWS account. The developer makes configuration changes to the application to point the application to the new AWS account and to use new backend resources. The developer successfully tests the changes within the application by deploying the pipeline.
The Docker image build and the pipeline deployment are successful, but the application is still connecting to the old backend. The developer finds that the application's configuration is still referencing the original EKS cluster and not referencing the new backend resources.
Which reason can explain why the application is not connecting to the new resources?

1. A. The developer did not successfully create the new AWS account.
2. B. The developer added a new tag to the Docker image.
3. C. The developer did not update the Docker image tag to a new version.
4. D. The developer pushed the changes to a new Docker image tag.

Correct Answer: C
The correct answer is C. The developer did not update the Docker image tag to a new version.
* C. The developer did not update the Docker image tag to a new version. This is correct. When deploying an application to Amazon EKS, the developer needs to specify the Docker image tag that contains the application code and configuration. If the developer does not update the Docker image tag to a new version after making changes to the application, the EKS cluster will continue to use the old Docker image tag that references the original backend resources. To fix this issue, the developer should update the Docker image tag to a new version and redeploy the application to the EKS cluster.
* A. The developer did not successfully create the new AWS account. This is incorrect. The creation of a new AWS account is not related to the application’s connection to the
backend resources. The developer can use any AWS account to host the EKS cluster and the backend resources, as long as they have the proper permissions and configurations.
* B. The developer added a new tag to the Docker image. This is incorrect. Adding a new tag to the Docker image is not enough to deploy the changes to the application. The developer also needs to update the Docker image tag in the EKS cluster configuration, so that the EKS cluster can pull and run the new Docker image.
* D. The developer pushed the changes to a new Docker image tag. This is incorrect. Pushing the changes to a new Docker image tag is not enough to deploy the changes to the application. The developer also needs to update the Docker image tag in the EKS cluster configuration, so that the EKS cluster can pull and run the new Docker image. References:
✑ 1: Amazon EKS User Guide, “Deploying applications to your Amazon EKS
cluster”, https://docs.aws.amazon.com/eks/latest/userguide/deploying- applications.html
✑ 2: Amazon ECR User Guide, “Pushing an image”,
https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr- image.html
✑ 3: Amazon EKS User Guide, “Updating an Amazon EKS cluster”,
https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html