Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified Developer AssociateFree trialFree trial

By amazon
Aug, 2025

Verified

25Q per page

Question 26

A developer is creating an AWS CloudFormation template for an application. The application includes an Amazon RDS database. The password to be set for the resource's MasterUserPassword property is already stored in AWS Secrets Manager.
How can the developer reference the value of the password in the CloudFormation template?

  • A: Use a parameter in the CloudFormation template with the same name of the secret.
  • B: Use the ssm dynamic reference by specifying the name of the secret and its version.
  • C: Use the secretsmanager dynamic reference by specifying the appropriate reference-key segment.
  • D: Use the ssm-secure dynamic reference by specifying the name of the secret and its version.

Question 27

An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size.
To what value should the table's provisioned read throughput be set?

  • A: 50 read capacity units
  • B: 100 read capacity units
  • C: 200 read capacity units
  • D: 500 read capacity units

Question 28

A developer created a Lambda function for a web application backend. When testing the Lambda function from the AWS Lambda console, the developer can see that the function is being run, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes.
What could cause this situation?

  • A: The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs.
  • B: The Lambda function is missing CloudWatch Logs as a source trigger to send log data.
  • C: The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.
  • D: The Lambda function is missing a target CloudWatch Log group.

Question 29

A developer has written code for an application and wants to share it with other developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking.
Which AWS service should the developer use?

  • A: AWS CodeBuild
  • B: Amazon S3
  • C: AWS CodeCommit
  • D: AWS Cloud9

Question 30

A developer has created a new IAM user that has the s3:PutObject permission to write to a specific Amazon S3 bucket. The S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. When an application uses the access key and secret key of the IAM user to call the PutObject API operation, the application receives an access denied error.
What should the developer do to resolve this error?

  • A: Update the policy of the IAM user to allow the s3:EncryptionConfiguration action.
  • B: Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
  • C: Update the policy of the IAM user to allow the kms:GenerateDataKey action.
  • D: Update the ACL of the S3 bucket to allow the IAM user to upload objects.

Question 31

A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket. These images are not displayed when users browse the site.
What is the possible cause for the issue?

  • A: The referenced Amazon S3 bucket is in another region.
  • B: The images must be stored in the same Amazon S3 bucket.
  • C: Port 80 must be opened on the security group in which the Amazon S3 bucket is located.
  • D: Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.

Question 32

An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center, and the encryption is handled by
S3.
Which type of encryption should be used?

  • A: Use server-side encryption with Amazon S3-managed keys.
  • B: Use server-side encryption with AWS KMS-managed keys.
  • C: Use client-side encryption with AWS KMS-managed keys.
  • D: Use server-side encryption with customer-provided keys.

Question 33

A developer is building a serverless application that is based on AWS Lambda. The developer initializes the AWS software development kit (SDK) outside of the
Lambda handler function.
What is the PRIMARY benefit of this action?

  • A: Improves legibility and stylistic convention
  • B: Takes advantage of runtime environment reuse
  • C: Provides better error handling
  • D: Creates a new SDK instance for each invocation

Question 34

A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster.
How should the application authenticate with AWS services in production?

  • A: Configure an ECS task IAM role for the application to use.
  • B: Refactor the application to call AWS STS AssumeRole based on an instance role.
  • C: Configure AWS access key/secret access key environment variables with new credentials.
  • D: Configure the credentials file with a new access key/secret access key.

Question 35

A company is using AWS CodeDeploy for all production deployments. A developer has an Amazon Elastic Container Service (Amazon ECS) application that uses the CodeDeployDefault.ECSAIIAtOnce configuration. The developer needs to update the production environment in increments of 10% until the entire production environment is updated.
Which CodeDeploy configuration should the developer use to meet these requirements?

  • A: CodeDeployDefault.ECSCanary10Percent5Minutes
  • B: CodeDeployDefault.ECSLinear10PercentEvery3Minutes
  • C: CodeDeployDefault.OneAtATime
  • D: CodeDeployDefault.LambdaCanary10Percent5Minutes

Question 36

A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3,000 MB file is uploaded, the Lambda function does not launch.
Which of the following is a possible reason for the Lambda function's inability to launch?

  • A: The S3 event notification does not activate for files that are larger than 1,000 MB.
  • B: The resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3.
  • C: Lambda functions cannot be invoked directly from an S3 event.
  • D: The S3 bucket needs to be made public.

Question 37

A company stores documents in Amazon S3 with default settings. A new regulation requires the company to encrypt the documents at rest, rotate the encryption keys annually, and keep a record of when the encryption keys were rotated. The company does not want to manage the encryption keys outside of AWS.
Which solution will meet these requirements?

  • A: Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
  • B: Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
  • C: Use server-side encryption with customer-provided encryption keys (SSE-C).
  • D: Use client-side encryption before sending the data to Amazon S3.

Question 38

A developer has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind. The application is capable of processing multiple messages in one invocation, but is only receiving one message at a time.
What should the developer do to increase the number of messages the application receives?

  • A: Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
  • B: Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1.
  • C: Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.
  • D: Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

Question 39

A developer is using an Amazon Kinesis Data Firehose delivery stream to store data in Amazon S3. Before storing the data in Amazon S3, the developer wants to enrich the data by combining the data with data from an Amazon DynamoDB table.
How can the developer implement the data enrichment?

  • A: Create a Kinesis Data Firehose data transformation by using an Amazon EC2 instance.
  • B: Configure the Kinesis Data Firehose delivery stream to send data to a Kinesis data stream. Enrich the data by using an AWS Lambda function.
  • C: Configure the Kinesis Data Firehose delivery stream to store data in the DynamoDB table. Export the table to Amazon S3.
  • D: Create a Kinesis Data Firehose data transformation by using an AWS Lambda function.

Question 40

A company created an application to consume and process data. The application uses Amazon Simple Queue Service (Amazon SQS) and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly. The company needs to clear these messages to prevent the queue from becoming blocked.
A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis.
What is the MOST operationally efficient solution that meets these requirements?

  • A: Configure Amazon CloudWatch Logs to save the error messages to a separate log stream.
  • B: Create a new SQS queue. Set the new queue as a dead-letter queue for the application queue. Configure the Maximum Receives setting.
  • C: Change the SQS queue to a FIFO queue. Configure the message retention period to 0 seconds.
  • D: Configure an Amazon CloudWatch alarm for Lambda function errors. Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrator users.

Question 41

A company has a website that is developed in PHP and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible.
What deployment method should be used?

  • A: All at once
  • B: Rolling
  • C: Snapshots
  • D: Immutable

Question 42

An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A requirement for the application is that all messages must be encrypted at rest.
Developers are instructed to use methods that allow for centralized key management and minimize possible support requirements whenever possible.
Which of the following solutions supports these requirements?

  • A: Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.
  • B: Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.
  • C: Create an SQS queue, and encrypt the queue by using server-side encryption with AWS KMS.
  • D: Create an SQS queue, and encrypt the queue by using client-side encryption.

Question 43

A company is running a web application that is using Amazon Cognito for authentication. The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company's security team has concerns about compromised credentials. The development team needs to configure mandatory
MFA only when suspicious sign-in attempts are detected.
Which Amazon Cognito feature will meet these requirements?

  • A: Short message service (SMS) text message MFA
  • B: Advanced security metrics
  • C: Time-based one-time password (TOTP) software token MFA
  • D: Adaptive authentication

Question 44

A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity. During peak times, the backend servers that process orders are overloaded with requests. This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Choose two.)

  • A: Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.
  • B: Implement an Amazon SQS queue to decouple the front-end and backend servers.
  • C: Use an Amazon SNS queue to decouple the front-end and backend servers.
  • D: Migrate the backend servers to on-premises and pull from an Amazon SNS queue.
  • E: Modify the backend servers to pull from an Amazon SQS queue.

Question 45

A developer is creating an AWS Lambda function that generates a new file each time it runs. Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account.
How should the developer accomplish this?

  • A: When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change.
  • B: After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository.
  • C: Use an AWS SDK to instantiate a CodeCommit client. Invoke the putjile method to add the file to the repository.
  • D: Upload the new file to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the repository.

Question 46

A company is using AWS Elastic Beanstalk to deploy a three-tier application. The application uses an Amazon RDS DB instance as the database tier. The company wants to decouple the DB instance from the Elastic Beanstalk environment.
Which combination of steps should a developer lake to meet this requirement? (Choose two.)

  • A: Create a new Elastic Beanstalk environment that connects to the DB instance.
  • B: Create a new DB instance from a snapshot of the previous DB instance.
  • C: Use the Elastic Beanstalk CLI to decouple the DB instance.
  • D: Use the AWS CLI to decouple the DB instance.
  • E: Modify the current Elastic Beanstalk environment to connect to the DB instance.

Question 47

A developer is designing an Amazon DynamoDB table for an application. The application will store user information that includes a unique identifier and an email address for each user. The application must be able to query the table by using either the unique identifier or the email address.
How should the developer design the DynamoDB table to meet these requirements?

  • A: For the primary key of the table, specify the unique identifier as the partition key and specify the email address as the sort key.
  • B: For the primary key of the table, specify the unique identifier as the partition key. Create a local secondary index (LSI) based on the email address.
  • C: For the primary key of the table, specify the email address as the partition key and specify the unique identifier as the sort key.
  • D: For the primary key of the table, specify the unique identifier as the partition key. Create a global secondary index (GSI) based on the email address.

Question 48

A developer has an application that asynchronously invokes an AWS Lambda function. The developer wants to store messages that resulted in failed invocations of the Lambda function so that the application can retry the call later.
What should the developer do to accomplish this goal with the LEAST operational overhead?

  • A: Set up Amazon CloudWatch Logs log groups to filter and store the messages in an Amazon S3 bucket. Import the messages in Lambda. Run the Lambda function again.
  • B: Configure Amazon EventBridge (Amazon CloudWatch Events) to send the messages to Amazon Simple Notification Service (Amazon SNS) to initiate the Lambda function again.
  • C: Implement a dead-letter queue for discarded messages. Set the dead-letter queue as an event source for the Lambda function.
  • D: Send Amazon EventBridge (Amazon CloudWatch Events) events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the Lambda function to pull messages from the SQS queue. Run the Lambda function again.

Question 49

A developer is writing an application in Python. The application runs on AWS Lambda. The application generates a file and needs to upload this file to Amazon S3.
The developer must implement this upload functionality with the least possible change to the application code.
Which solution meets these requirements?

  • A: Make an HTTP request directly to the S3 API to upload the file.
  • B: Include the AWS SDK for Python in the Lambda function. Use the SDK to upload the file.
  • C: Use the AWS SDK for Python that is installed in the Lambda environment to upload the file.
  • D: Use the AWS CLI that is installed in the Lambda environment to upload the file.

Question 50

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

  • A: Update the IAM instance profile that is attached to the EC2 instance to include the S3:' permission for the S3 bucket.
  • B: Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
  • C: Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
  • D: Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.
Page 2 of 18 • Questions 26-50 of 443
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!