Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified Developer AssociateFree trialFree trial

By amazon
Aug, 2025

Verified

25Q per page

Question 76

A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI.

Which step should the developer complete prior to deploying the application?

  • A: Compress the application to a .zip file and upload it into AWS Lambda.
  • B: Test the new AWS Lambda function by first tracing it in AWS X-Ray.
  • C: Bundle the serverless application using a SAM package.
  • D: Create the application environment using the eb create my-env command.

Question 77

A developer is working on an ecommerce website. The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available.

How can the developer update the application to meet these requirements with MINIMUM changes?

  • A: Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch.
  • B: Set up centralized logging by using Amazon OpenSearch Service (Amazon Elasticsearch Service), Logstash, and OpenSearch Dashboards (Kibana).
  • C: Scale down the application to one larger EC2 instance where only one instance is recording logs.
  • D: Install the unified Amazon CloudWatch agent on the EC2 instances. Configure the agent to push the application logs to CloudWatch.

Question 78

A company needs an event-management platform to accept registrations for an upcoming event. The platform must perform a single invocation of an existing AWS Lambda function 10 minutes after a user completes a new account registration.

Which solution will meet these requirements?

  • A: Add an item to an Amazon DynamoDB table. Set the item TTL to 10 minutes. Invoke the Lambda function when the TTL expires.
  • B: Create an ongoing Amazon EventBridge (Amazon CloudWatch Events) rule with a rate expression of 600 seconds. Create a rule/target to invoke the Lambda function.
  • C: Send a message to an Amazon Simple Queue Service (Amazon SQS) delay queue. Set the queue to 600 seconds. Configure the Lambda function with the queue as an event source.
  • D: Put a record in Amazon Kinesis Data Streams. Configure the Lambda function to use the data stream as an event source. Define the shard iterator AT_TIMESTAMP setting to 10 minutes.

Question 79

A developer is implementing user authentication and authorization for a web application that is hosted on an Amazon EC2 instance. The developer needs to ensure that the user credentials are encrypted and secure when they are stored and transmitted.
Which solution will meet these requirements?

  • A: Activate web server modules for authentication and authorization on the instance. Use HTTP basic authentication for the user login.
  • B: Deploy a custom authentication and authorization API over HTTP. Store the user credentials on Amazon ElastiCache for Redis.
  • C: Use Amazon Cognito to configure a user pool. Use the Amazon Cognito API to authenticate and authorize the users.
  • D: Create IAM users. Assign the users to different IAM groups. Use AWS Single Sign-On to authenticate and authorize each user.

Question 80

How would a developer notify users when a new item is written to a DynamoDB table without affecting the provisioned throughput?

  • A: Set up a DynamoDB stream to trigger a Lambda function that sends an SNS notification to users.
  • B: Schedule an Amazon CloudWatch event to regularly trigger a Lambda function that scans the DynamoDB table.
  • C: Run a polling application that queries the DynamoDB table at one-second intervals and send SNS notification to users.
  • D: Embed a Lambda notification function in DynamoDB and configure DynamoDB to trigger the embedded Lambda function when changes are made.

Question 81

A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.

Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)

  • A: Restrict viewer access by using signed URLs.
  • B: Set the Origin Protocol Policy setting to Match Viewer.
  • C: Enable field-level encryption.
  • D: Enable automatic object compression.
  • E: Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.

Question 82

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

  • A: Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.
  • B: Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.
  • C: Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.
  • D: Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Question 83

A company wants to migrate an existing web application to AWS. The application consists of two web servers and a MySQL database.

The company wants the application to automatically scale in response to demand. The company also wants to reduce its operational overhead for database backups and maintenance. The company needs the ability to deploy multiple versions of the application concurrently.

What is the MOST operationally efficient solution that meets these requirements?

  • A: Deploy the application to AWS Elastic Beanstalk. Migrate the database to an Amazon RDS Multi-AZ DB instance.
  • B: Create an Amazon Machine Image (AMI) that contains the application code. Create an Auto Scaling group that is based on the AMI. Integrate the Auto Scaling group with an Application Load Balancer for the web servers. Migrate the database to a MySQL instance that runs on an Amazon EC2 instance.
  • C: Deploy the application to AWS Elastic Beanstalk. Migrate the database to a MySQL instance that runs on an Amazon EC2 instance.
  • D: Create an Amazon Machine Image (AMI) that contains the application code. Create an Auto Scaling group that is based on the AMI. Integrate the Auto Scaling group with an Application Load Balancer for the web servers. Migrate the database to an Amazon RDS Multi-AZ DB instance.

Question 84

A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations. PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.

A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.

What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

  • A: Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.
  • B: Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.
  • C: Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.
  • D: Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

Question 85

A developer is designing an AWS Lambda function that creates temporary files that are less than 10 MB during invocation. The temporary files will be accessed and modified multiple times during invocation. The developer has no need to save or retrieve these files in the future.

Where should the temporary files be stored?

  • A: the /tmp directory
  • B: Amazon Elastic File System (Amazon EFS)
  • C: Amazon Elastic Block Store (Amazon EBS)
  • D: Amazon S3

Question 86

A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources.

What is the MOST secure solution that the developer can implement to allow access for guest users?

  • A: Use an Amazon Cognito credentials provider to issue temporary credentials that are linked to an unauthenticated role that has access to the required resources.
  • B: Set up an IAM user that has permissions to the required resources. Hardcode the IAM credentials in the web and mobile application.
  • C: Generate temporary keys that are stored in AWS Key Management Service (AWS KMS). Use the temporary keys to access the required resources.
  • D: Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use the temporary credentials to access the required resources.

Question 87

A developer is using AWS Elastic Beanstalk to create a deployment for a web application that supports ecommerce. According to a company requirement. Amazon EC2 instances that host one version of the application must be retired when the deployment of a new version is complete.

Which deployment methods can the developer use to meet this requirement? (Choose two.)

  • A: All-al-once deployment
  • B: In-place deployment
  • C: Rolling deployment without an additional batch
  • D: Blue/green deployment
  • E: Immutable deployment

Question 88

A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.

What is the simplest way to do this?

  • A: Write a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance.
  • B: Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.
  • C: Each day, create a new table to hold session data; delete the previous day’s table.
  • D: Add an attribute with the expiration time; name the attribute ItemExpiration.

Question 89

A company's new mobile app uses Amazon API Gateway. As the development team completes a new release of its APIs, a developer must safely and transparently roll out the API change.

What is the SIMPLEST solution for the developer to use for rolling out the new API version to a limited number of users through API Gateway?

  • A: Create a new API in API Gateway. Direct a portion of the traffic to the new API using an Amazon Route 53 weighted routing policy.
  • B: Validate the new API version and promote it to production during the window of lowest expected utilization.
  • C: Implement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined threshold.
  • D: Use the canary release deployment option in API Gateway. Direct a percentage of the API traffic using the canarySettings setting.

That’s the end of your free questions

You’ve reached the preview limit for AWS Certified Developer Associate

Consider upgrading to gain full access!

Page 4 of 18 • Questions 76-100 of 443
23456

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!