Who should take this exam?
AWS Certified Developer – Associate is intended for anyone with one or more years of hands-on experience developing and maintaining an AWS-based application. Before you take this exam, we recommend you have:- In-depth knowledge of at least one high-level programming language
- Understanding of core AWS services uses of the services, and basic AWS architecture best practices, including the AWS Shared Responsibility Model, application lifecycle management, and the use of containers in the development process
- Proficiency in developing, deploying, and debugging cloud-based applications using AWS and writing code for serverless applications
- Ability to identify key features of AWS services and use the AWS service APIs, AWS CLI, and SDKs to write applications
- Ability to apply a basic understanding of cloud-native applications to write code
- Ability to author, maintain and debug code modules on AWS
Exam overview
Level: Associate
Length: 130 minutes to complete the exam
Cost: 150 USD (Practice exam: 20 USD)
Format: 65 questions, either multiple choice or multiple responses
Delivery method: Pearson VUE and PSI; testing center or online proctored exam
Q1 An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use. Which of the following methods should be used to obtain unique identifiers?
A. Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.
B. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.
C. Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.
D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.
D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.
Q2 An application is designed to use Amazon SQS to manage messages from many independent senders. Each senders messages must be processed in the order they are received. Which SQS feature should be implemented by the Developer?
A. Configure each sender with a unique MessageGroupId
B. Enable MessageDeduplicationIds on the SQS queue
C. Configure each message with unique MessageGroupIds.
D. Enable ContentBasedDeduplication on the SQS queue
C. Configure each message with unique MessageGroupIds
Q3 A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account. What is the MOST likely cause of this situation?
A. An IAM inline policy is being used on the IAM role
B. An IAM managed policy is being used on the IAM role
C. The AWS CLI is corrupt and needs to be reinstalled
D. The AWS credential provider looks for instance profile credentials last
B. An IAM managed policy is being used on the IAM role
Q4 A Developer is writing transactions into a DynamoDB table called SystemUpdates that has 5 write capacity units. Which option has the highest read throughput?
A. Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size
B. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size
C. Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size
D. Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size
B. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size
Q5 Where should an Elastic Beanstalk configuration file named healthcheckur1.config be placed in the application source bundle?
A. In the root of the application
B. In the bin folder
C. In healthcheckur1.config.ebextension under root
D. In the .ebextensions folder
D. In the .ebextensions folder
Q6 During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
A. Use parallel scans while limiting the rate
B. Use sequential scans
C. Increase read capacity units during the scan operation
D. Change consistency to eventually consistent during the scan operation
B. Use sequential scans
Q7 A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries. What action would minimize the Lambda compute time consumed?
A. Install the dependencies and external libraries at the beginning of the Lambda function.
B. Create a Lambda deployment package that includes the external libraries.
C. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location.
D. Install the external libraries in Lambda to be available to all Lambda functions.
D. Install the external libraries in Lambda to be available to all Lambda functions.
Q8 A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Application requirements state that the application must maintain full capacity during updates while minimizing cost. Which type of Elastic Beanstalk deployment policy should the Developer specify for the environment?
A. Immutable
B. Rolling
C. All at Once
D. Rolling with additional batch
A. Immutable
Q9 An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file. How should the Developer code the application?
A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.
B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
Q10 A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?
A. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.
B. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/.
C. Get the application to run IFCONFIG to get the public IP address.
D. Get the application to run IPCONFIG to get the public IP address.
A. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.
Q11 An application running on Amazon EC2 instances must access objects within an Amazon S3 bucket that are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the customer master key (CMK) to decrypt the objects. Which combination of steps will grant the application access? (Choose two.)
A. Write an S3 bucket policy that grants the bucket access to the key.
B. Grant access to the key in the IAM EC2 role attached to the applications EC2 instances.
C. Write a key policy that enables IAM policies to grant access to the key.
D. Grant access to the key in the S3 buckets ACL
E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.
E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances. A. Write an S3 bucket policy that grants the bucket access to the key.
Q12 An application will ingest data at a very high throughput from many sources and must store the data in an Amazon S3 bucket. Which service would BEST accomplish this task?
A. Amazon Kinesis Firehose
B. Amazon S3 Acceleration Transfer
C. Amazon SQS
D. Amazon SNS
A. Amazon Kinesis Firehose
Q13 A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records. In which order will these records be processed?
A. Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method
B. Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first-in, first-out) method.
C. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards.
D. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API.
C. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards.
Q14 A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket. These images are not displayed when users browse the site. What is the possible cause for the issue?
A. The referenced Amazon S3 bucket is in another region.
B. The images must be stored in the same Amazon S3 bucket.
C. Port 80 must be opened on the security group in which the Amazon S3 bucket is located.
D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.
D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.
Q15 Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?
A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip
B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip
C. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip
D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip
A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip and B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip
Q16 For a deployment using AWS CodeDeploy, what is the run order of the hooks for in-place deployments?
A. Before Install -> Application Stop -> Application Start -> After Install
B. Application Stop -> Before Install -> After Install -> Application Start
C. Before Install -> Application Stop -> Validate Service -> Application Start
D. Application Stop -> Before Install -> Validate Service -> Application Start
B. Application Stop -> Before Install -> After Install -> Application Start
Q17 A Developer is developing an application that manages financial transactions. To improve security, multi-factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?
A. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
B. Amazon Cognito with MFA
C. AWS Directory Service
D. AWS IAM with MFA enabled
D. AWS IAM with MFA enabled
Q18 A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users game data. How can this be accomplished?
A. Encrypt the game data with individual user keys.
B. Restrict access to specific items based on certain primary key values.
C. Stage data in SQS queues to inject metadata before accessing DynamoDB
D. Read records from DynamoDB and discard irrelevant data client-side.
B. Restrict access to specific items based on certain primary key values.
Q19 A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model. Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?
A. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
B. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
C. Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
D. Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
A. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
Q20 A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint. http://www.supplierdomain.com/status/customerID Which of the following application designs meet the requirements? (Choose two.)
A. Amazon SQS; Amazon SNS
B. Elastic Load Balancing; Amazon EC2
C. Amazon ElastiCache; Amazon Elacticsearch Service
D. Amazon API Gateway; AWS Lambda
E. Amazon S3; Amazon CloudFront
D. Amazon API Gateway; AWS Lambda E. Amazon S3; Amazon CloudFront
Q21 A Developer is creating a mobile application that will not require users to log in. What is the MOST efficient method to grant users access to AWS resources?
A. Use an identity provider to securely authenticate with the application.
B. Create an AWS Lambda function to create an IAM user when a user accesses the application.
C. Create credentials using AWS KMS and apply these credentials to users when using the application.
D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.
C. Create credentials using AWS KMS and apply these credentials to users when using the application.
Q22 A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?
A. Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
B. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
C. Create a SOAP API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
D. Create a SOAP API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
B. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
Q23 A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website. How should the Developer identify the cause of the failures?
A. Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
B. Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
C. Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
D. Manually re-run the build process on a local machine so that the output can be visualized.
A. Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
Q24 A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours. How can the Developer implement encryption at rest for data within the Kinesis Streams?
A. Enable SSL connections to Kinesis
B. Use Amazon Kinesis Consumer Library
C. Encrypt the data once it is at rest with a Lambda function
D. Enable server-side encryption in Kinesis Streams
D. Enable server-side encryption in Kinesis Streams
Q25 A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available. Which of the following could create this situation? (Choose two.)
A. The traces are reaching X-Ray, but the Developer does not have access to view the records.
B. The X-Ray daemon is not installed on the EC2 instance.
C. The X-Ray endpoint specified in the application configuration is incorrect.
D. The instance role does not have xray:BatchGetTraces and xray:GetTraceGraph permissions.
E. The instance role does not have xray:PutTraceSegments and xray:PutTelemetryRecords permissions.
E. The instance role does not have xray:PutTraceSegments and xray:PutTelemetryRecords permissions. B. The X-Ray daemon is not installed on the EC2 instance.
Q26 A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers. More than 95 percent of the Amazon DynamoDB requests are repeated read-requests. How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?
A. Amazon EMR
B. Amazon DynamoDB Accelerator
C. Amazon SQS
D. Amazon CloudFront
B. Amazon DynamoDB Accelerator
Q27 A company is using Amazon API Gateway to manage access to a set of microservices implemented as AWS Lambda functions. Following a bug report, the company makes a minor breaking change to one of the APIs. In order to avoid impacting existing clients when the new API is deployed, the company wants to allow clients six months to migrate from v1 to v2. Which approach should the Developer use to handle this change?
A. Update the underlying Lambda function and provide clients with the new Lambda invocation URL.
B. Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.
C. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.
D. Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.
C. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.
Q28 A company has written a Java AWS Lambda function to be triggered whenever a user uploads an image to an Amazon S3 bucket. The function converts the original image to several different formats and then copies the resulting images to another Amazon S3 bucket. The Developers find that no images are being copied to the second Amazon S3 bucket. They have tested the code on an Amazon EC2 instance with 1GB of RAM, and it takes an average of 500 seconds to complete. What is the MOST likely cause of the problem?
A. The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance
B. Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted.
C. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is not completing.
D. There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js.
C. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is not completing.
Q29 An application stops working with the following error: The specified bucket does not exist. Where is the BEST place to start the root cause analysis?
A. Check the Elastic Load Balancer logs for DeleteBucket requests.
B. Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors.
C. Check AWS X-Ray for Amazon S3 DeleteBucket alarms.
D. Check AWS CloudTrail for a DeleteBucket event.
D. Check AWS CloudTrail for a DeleteBucket event.
Q30 An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security policies require that all data written to this bucket be encrypted. How can compliance with this policy be ensured?
A. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.
B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.
C. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.
D. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.
B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.
Please leave your valuable feedback in the comment section.
Telegram Group: https://t.me/randomskoolQnA
Telegram Channel: https://t.me/randomskool
0 Response to "AWS Certified Developer - Associate | Free Practice Test | Practice Test 2 | AWS Certification"
Post a Comment
Hey Random,
Please let me know if you have any query :)