Question #31
An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use.
Which of the following methods should be used to obtain unique identifiers?
- A. Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.
- B. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.
- C. Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.
- D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.
Correct Answer: C
Question #32
An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender’s messages must be processed in the order they are received.
Which SQS feature should be implemented by the Developer?
- A. Configure each sender with a unique MessageGroupId
- B. Enable MessageDeduplicationIds on the SQS queue
- C. Configure each message with unique MessageGroupIds.
- D. Enable ContentBasedDeduplication on the SQS queue
Correct Answer: C
Reference:
https://aws.amazon.com/blogs/developer/how-the-amazon-sqs-fifo-api-works/
Question #33
A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?
- A. An IAM inline policy is being used on the IAM role
- B. An IAM managed policy is being used on the IAM role
- C. The AWS CLI is corrupt and needs to be reinstalled
- D. The AWS credential provider looks for instance profile credentials last
Correct Answer: D
Explanation : Credentials are checked in the following order:
1. Command line options – –region, –output, and –profile
2. Environment variables – AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN
3. CLI credentials file –aws configure
~/.aws/credentials on Linux / Mac & C:\Users\user\.aws\credentials on Windows
4. CLI configuration file – aws configure
~/.aws/config on Linux / macOS & C:\Users\USERNAME\.aws\config on Windows
5. Container credentials – ECS tasks
6. Instance profile credentials – for EC2 Instance Profiles
Question #34
A Developer is writing transactions into a DynamoDB table called “SystemUpdates” that has 5 write capacity units.
Which option has the highest read throughput?
- A. Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size
- B. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size
- C. Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size
- D. Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size
Correct Answer: A
Explanation:
Thoughtput-
A: 5RCU*4K*2=40K
B: 5RCU*4K = 20K
C: 15RCU*1K*2=30K
D:15RCU*1k=15K
So the highest thoughtput per second is A
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html
Question #35
Where should an Elastic Beanstalk configuration file named healthcheckur1.config be placed in the application source bundle?
- A. In the root of the application
- B. In the bin folder
- C. In healthcheckur1.config.ebextension under root
- D. In the .ebextensions folder
Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
Question #36
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours.
How would the Developer optimize this scan?
- A. Use parallel scans while limiting the rate
- B. Use sequential scans
- C. Increase read capacity units during the scan operation
- D. Change consistency to eventually consistent during the scan operation
Correct Answer: A
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Scan.html#Scan.ParallelScan
Question #37
A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries.
What action would minimize the Lambda compute time consumed?
- A. Install the dependencies and external libraries at the beginning of the Lambda function.
- B. Create a Lambda deployment package that includes the external libraries.
- C. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location.
- D. Install the external libraries in Lambda to be available to all Lambda functions.
Correct Answer: D
Question #38
A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Application requirements state that the application must maintain full capacity during updates while minimizing cost.
Which type of Elastic Beanstalk deployment policy should the Developer specify for the environment?
- A. Immutable
- B. Rolling
- C. All at Once
- D. Rolling with additional batch
Correct Answer: D
Question #39
An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application?
- A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
- B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
- C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
- D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.
Correct Answer: C
https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html
Question #40
A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?
- A. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.
- B. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/.
- C. Get the application to run IFCONFIG to get the public IP address.
- D. Get the application to run IPCONFIG to get the public IP address.
Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
Thank you !!
Helped me in achieving my aws developer certification.