DVA-C02 Free Practice Test

A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

1. A. Use Amazon CloudFront with signed URLs for Amazon S3.
2. B. Create a dedicated Amazon CloudFront Distribution for each customer.
3. C. Use Amazon CloudFront with AWS Lambda@Edge.
4. D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.

Correct Answer: A
This solution allows easy and secure control of access to the downloads at the lowest cost because it uses a content delivery network (CDN) that can cache and distribute firmware updates to customers around the world, and uses a mechanism that can restrict access to specific files or versions. Amazon CloudFront is a CDN that can improve performance, availability, and security of web applications by delivering content from edge locations closer to customers. Amazon S3 is a storage service that can store firmware updates in buckets and objects. Signed URLs are URLs that include additional information, such as an expiration date and time, that give users temporary access to specific objects in S3 buckets. The developer can use CloudFront to serve firmware updates from S3 buckets and use signed URLs to control who can download them and for how long. Creating a dedicated CloudFront distribution for each customer will incur unnecessary costs and complexity. Using Amazon CloudFront with AWS Lambda@Edge will require additional programming overhead to implement custom logic at the edge locations. Using Amazon API Gateway and AWS Lambda to control access to an S3 bucket will also require additional programming overhead and may not provide optimal performance or availability.
Reference: [Serving Private Content through CloudFront], [Using CloudFront with Amazon
S3]

A developer is testing a RESTful application that is deployed by using Amazon API Gateway and AWS Lambda When the developer tests the user login by using credentials that are not valid, the developer receives an HTTP 405 METHOD_NOT_ALLOWED error The developer has verified that the test is sending the correct request for the resource
Which HTTP error should the application return in response to the request?

1. A. HTTP 401
2. B. HTTP 404
3. C. HTTP 503
4. D. HTTP 505

Correct Answer: A
The HTTP 401 error indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. This is the appropriate error code to return when the user login fails due to invalid credentials. The HTTP 405 error means that the method specified in the request is not allowed for the resource identified by the request URI, which is not the case here. The other error codes are not relevant to the authentication failure scenario. References
✑ HTTP Status Codes
✑ AWS Lambda Function Errors in API Gateway

A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.
A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.
What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

1. A. Set up an S3 event notification that invokes the removePii function when an S3 GET request is mad
2. B. Call Amazon S3 by using a GET request to access the object without PII.
3. C. Set up an S3 event notification that invokes the removePii function when an S3 PUT request is mad
4. D. Call Amazon S3 by using a PUT request to access the object without PII.
5. E. Create an S3 Object Lambda access point from the S3 consol
6. F. Select the removePii functio
7. G. Use S3 Access Points to access the object without PII.
8. H. Create an S3 access point from the S3 consol
9. I. Use the access point name to call the GetObjectLegalHold S3 API functio
10. J. Pass in the removePii function name to access the object without PII.

Correct Answer: C
S3 Object Lambda allows you to add your own code to process data retrieved from S3 before returning it to an application. You can use an AWS Lambda function to modify the data, such as removing PII, redacting confidential information, or resizing images. You can create an S3 Object Lambda access point and associate it with your Lambda function. Then, you can use the access point to request objects from S3 and get the modified data back. This way, you can maintain only one copy of the original
document in S3 and apply different transformations depending on who accesses it. Reference: Using AWS Lambda with Amazon S3

A company is building a micro services app1 cation that consists of many AWS Lambda functions. The development team wants to use AWS Serverless Application Model (AWS SAM) templates to automatically test the Lambda functions. The development team plans to test a small percentage of traffic that is directed to new updates before the team commits to a full deployment of the application.
Which combination of steps will meet these requirements in the MOST operationally efficient way? (Select TWO.)

1. A. Use AWS SAM CLI commands in AWS CodeDeploy lo invoke the Lambda functions lo lest the deployment
2. B. Declare the EventlnvokeConfig on the Lambda functions in the AWS SAM templates with OnSuccess and OnFailure configurations.
3. C. Enable gradual deployments through AWS SAM templates.
4. D. Set the deployment preference type to Canary10Percen130Minutes Use hooks to test the deployment.
5. E. Set the deployment preference type to Linear10PefcentEvery10Minutes Use hooks to test the deployment.

Correct Answer: CD
This solution will meet the requirements by using AWS Serverless Application Model (AWS SAM) templates and gradual deployments to automatically test the Lambda functions. AWS SAM templates are configuration files that define serverless applications and resources such as Lambda functions. Gradual deployments are a feature of AWS SAM that enable deploying new versions of Lambda functions incrementally, shifting traffic gradually, and performing validation tests during deployment. The developer can enable gradual deployments through AWS SAM templates by adding a DeploymentPreference property to each Lambda function resource in the template. The developer can set the deployment preference type to Canary10Percent30Minutes, which means that 10 percent of traffic will be shifted to the new version of the Lambda function for 30 minutes before shifting 100 percent of traffic. The developer can also use hooks to test the deployment, which are custom Lambda functions that run before or after traffic shifting and perform validation tests or rollback actions.
References: [AWS Serverless Application Model (AWS SAM)], [Gradual Code Deployment]

A company is building a serverless application on AWS. The application uses an AWS Lambda function to process customer orders 24 hours a day, 7 days a week. The Lambda function calls an external vendor's HTTP API to process payments.
During load tests, a developer discovers that the external vendor payment processing API occasionally times out and returns errors. The company expects that some payment processing API calls will return errors.
The company wants the support team to receive notifications in near real time only when
the payment processing external API error rate exceed 5% of the total number of transactions in an hour. Developers need to use an existing Amazon Simple Notification Service (Amazon SNS) topic that is configured to notify the support team.
Which solution will meet these requirements?

1. A. Write the results of payment processing API calls to Amazon CloudWatc
2. B. Use Amazon CloudWatch Logs Insights to query the CloudWatch log
3. C. Schedule the Lambda function to check the CloudWatch logs and notify the existing SNS topic.
4. D. Publish custom metrics to CloudWatch that record the failures of the external payment processing API call
5. E. Configure a CloudWatch alarm to notify the existing SNS topic when error rate exceeds the specified rate.
6. F. Publish the results of the external payment processing API calls to a new Amazon SNS topi
7. G. Subscribe the support team members to the new SNS topic.
8. H. Write the results of the external payment processing API calls to Amazon S3. Schedule an Amazon Athena query to run at regular interval
9. I. Configure Athena to send notifications to the existing SNS topic when the error rate exceeds the specified rate.

Correct Answer: B
Amazon CloudWatch is a service that monitors AWS resources and applications. The developer can publish custom metrics to CloudWatch that record the failures of the external payment processing API calls. The developer can configure a CloudWatch alarm to notify the existing SNS topic when the error rate exceeds 5% of the total number of transactions in an hour. This solution will meet the requirements in a near real-time and scalable way.
References:
✑ [What Is Amazon CloudWatch? - Amazon CloudWatch]
✑ [Publishing Custom Metrics - Amazon CloudWatch]
✑ [Creating Amazon CloudWatch Alarms - Amazon CloudWatch]