DVA-C02 Exam: Absolutely Free Online Practice

Question 1
- A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks. Which solution will meet these requirements MOST cost-effectively?
  
  A : Amazon S3 with encrypted files prefixed with “config”
  
  B : AWS Secrets Manager secrets with a tag that is named SecretString
  
  C : AWS Systems Manager Parameter Store SecureString parameters
  
  D : CloudFormation NoEcho parameters
  
  Answer: C
Question 2
- An application that is being migrated to AWS and refactored requires a storage service. The storage service should provide a standards-based REST web service interface and store objects based on keys.
  Which AWS service would be MOST suitable?
  
  A : Amazon DynamoDB
  
  B : Amazon S3
  
  C : Amazon EFS
  
  D : Amazon EBS
  
  Answer: B
Question 3
- A financial company must store original customer records for 10 years for legal reasons. A complete recordcontains personally identifiable information (PII). According to local regulations, PII is available to onlycertain people in the company and must not be shared with third parties. The company needs to make therecords available to third-party organizations for statistical analysis without sharing the PII.A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3document, the document should be returned as is or with all the PII removed. The developer has written anAWS Lambda function to remove the PII from the document. The function is named removePii.What should the developer do so that the company can meet the PII requirements while maintaining only onecopy of the document?
  A : Set up an S3 event notification that invokes the removePii function when an S3 GET request is made.Call Amazon S3 by using a GET request to access the object without PII.
  
  B : Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made.Call Amazon S3 by using a PUT request to access the object without PII.
  
  C : Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3Access Points to access the object without PII.
  
  D : Create an S3 access point from the S3 console. Use the access point name to call theGetObjectLegalHold S3 API function. Pass in the removePii function name to access the object withoutPII.
  
  Answer: C
Question 4
- A company is implementing an application on Amazon EC2 instances. The application needs to processincoming transactions. When the application detects a transaction that is not valid, the application must send achat message to the company ' s support team. To send the message, the application needs to retrieve theaccess token to authenticate by using the chat API.A developer needs to implement a solution to store the access token. The access token must be encrypted atrest and in transit. The access token must also be accessible from other AWS accounts.Which solution will meet these requirements with the LEAST management overhead?
  A : Use an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS KeyManagement Service (AWS KMS) AWS managed key to store the access token. Add a resource-basedpolicy to the parameter to allow access from other accounts. Update the IAM role of the EC2 instanceswith permissions to access Parameter Store. Retrieve the token from Parameter Store with the decryptflag enabled. Use the decrypted access token to send the message to the chat.
  
  B : Encrypt the access token by using an AWS Key Management Service (AWS KMS) customer managedkey. Store the access token in an Amazon DynamoDB table. Update the IAM role of the EC2 instanceswith permissions to access DynamoDB and AWS KMS. Retrieve the token from DynamoDB. Decryptthe token by using AWS KMS on the EC2 instances. Use the decrypted access token to send themessage to the chat.
  
  C : Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managedkey to store the access token. Add a resource-based policy to the secret to allow access from otheraccounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager.Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to thechat.
  
  D : Encrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key.Store the access token in an Amazon S3 bucket. Add a bucket policy to the S3 bucket to allow accessfrom other accounts. Update the IAM role of the EC2 instances with permissions to access Amazon S3and AWS KMS. Retrieve the token from the S3 bucket. Decrypt the token by using AWS KMS on theEC2 instances. Use the decrypted access token to send the massage to the chat.
  
  Answer: C
Question 5
- A team of Developers require read-only access to an Amazon DynamoDB table. The Developers have been added to a group. What should an administrator do to provide the team with access whilst following the principal of least privilege?
  
  A : Assign the AmazonDynamoDBReadOnlyAccess AWS managed policy to the group
  
  B : Assign the AWSLambdaDynamoDBExecutionRole AWS managed policy to the group
  
  C : Create a customer managed policy with read/write access to DynamoDB for all resources. Attach the policy to the group
  
  D : Create a customer managed policy with read only access to DynamoDB and specify the ARN of the table for the “Resource” element. Attach the policy to the group
  
  Answer: D

Free Amazon DVA-C02 Exam Questions

Absolute Free DVA-C02 Exam Practice for Comprehensive Preparation