AWS Certified Developer Associate 2: Multiple Choice Questions And Correct Answers with Rationale,100% Verified

AWS Certified Developer Associate 2: Multiple Choice Questions And Correct Answers with Rationale,100% Verified A Lambda function has been developed with the default settings and is using N. The function makes calls to a DynamoDB table. The code was first tested and executed on an EC2 Instance in the same language and took 300 seconds to execute. When the lambda function is executed , it is not adding the required rows to the DynamoDB table. What needs to be changed in order to ensure that the Lambda function works as desired? A. Ensure that the underlying programming language is changed to python B. Change the timeout for the function C. Change the memory assigned to the function to 1 GB D. Assign an IAM user to the Lambda function Answer - B Explanation : If the lambda function was created with the default settings , it would have the default timeout of 3 seconds as shown below. Since the function executes in a timespan of 300 seconds on an EC2 instance , this value needs to be changed. Option A is incorrect since the programming language is not an issue Option C is incorrect since there is no mention on the amount of memory required in the question Option D is incorrect since IAM roles should be assigned to the Lambda function For more information on configuring Lambda functions , please refer to the below URL You need to setup a RESTful API service in AWS that would be serviced via the following url Which of the following combination of services can be used for development and hosting of the RESTful service? Choose 2 answers from the options below A. AWS Lambda and AWS API gateway B. AWS S3 and Cloudfront C. AWS EC2 and AWS Elastic Load Balancer D. AWS SQS and Cloudfront Answer - A and C Explanation: AWS Lambda can be used to host the code and the API gateway can be used to access the API's which point to AWS Lambda Alternatively, you can create your own API service, host it on an EC2 Instance and then use the AWS Application Load balancer to do path based routing. Option B is incorrect since AWS S3 is normally is used to host static content Option D is incorrect since AWS SQS is a queuing service For more information on an example with RESTful API's , please refer to the below URL You are developing a mobile based application that needs to make use of an authentication service. There are a set of videos files which need to be accessed via unauthenticated identities. How can you BEST achieve this using AWS? A. Create an IAM user with public access B. Create an IAM group with public access C. Use AWS Cognito with unauthenticated identities enabled. D. Use AWS STS with SAML Answer - C Explanation: This is also mentioned in the AWS Documentation Using Identity Pools (Federated Identities) Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. An identity pool is a store of user identity data specific to your account. To create a new identity pool in the console 1. Sign in to the Amazon Cognito console, choose Manage Federated Identities, and then choose Create new identity pool. 2. Type a name for your identity pool. 3. To enable unauthenticated identities select Enable access to unauthenticated identities from the Unauthenticated identities collapsible section. 4. If desired, configure an authentication provider in the Authentication providers section. Options A and B are incorrect since it's not the right approach to use IAM users or groups for access for mobile based applications Option D is incorrect since SAML is used for federated access. For more information on identity pools , please refer to the below URL You're a developer at a company that needs to deploy an application using Elastic Beanstalk. There is a requirement to place a g file for the environment. In which of the following location should this config file be placed to ensure it is part of the elastic beanstalk environment? A. In the application root folder B. In the config folder C. In the packages folder D. In the .ebextensions folder Answer - D Explanation : The AWS Documentation mentions the following Elastic Beanstalk supports two methods of saving configuration option settings. Configuration files in YAML or JSON format can be included in your application's source code in a directory named .ebextensions and deployed as part of your application source bundle. You create and manage configuration files locally. All other options are incorrect because the AWS documentation specifically mentions that you need to place custom configuration files in the .ebextensions folder An application needs to make use of a messaging system. The messages need to be processed in the order they are received and also no duplicates should be allowed. Which of the following would you use for this purpose? A. Enable FIFO on an existing SQS Standard Queue. B. Add the .fifo extension to the Standard SQS Queue C. Consider using SNS D. Use the FIFO SQS Queues Answer - D Explanation: This is also mentioned in the AWS Documentation FIFO (First-In-First-Out) queues are designed to enhance messaging between applications when the order of operations and events is critical, or where duplicates can't be tolerated, for example: · Ensure that user-entered commands are executed in the right order. · Display the correct product price by sending price modifications in the right order. · Prevent a student from enrolling in a course before registering for an account. Options A and B are incorrect since FIFO queues are already available for this purpose. Option C is incorrect since this is a notification service and not a queuing service For more information on SQS FIFO Queues , please refer to the below URL Which of the following is the right sequence of hooks that get called in AWS CodeDeploy? A. Application Stop-BeforeInstall-After Install-Application Start B. BeforeInstall-After Install- Application Stop- Application Start C. BeforeInstall-After Install-Validate Service- Application Start D. BeforeInstall-Application Stop- Validate Service- Application Start Answer - A Explanation : This is also mentioned in the AWS Documentation Because of the order of events given in the AWS Documentation , all other options are invalid. For more information on the hooks order , please refer to the below URL #reference-appspec-file-structure-hooks-run-order As a developer, you have created a Lambda function that is used to work with a bucket in Amazon S3. The Lambda function is not working as expected. You need to debug the issue and understand what's the underlying issue. How can you accomplish this? A. Use AWS Cloudwatch metrics B. Put logging statements in your code C. Set the Lambda function debugging level to verbose D. Use AWS Cloudtrail logs Answer - B Explanation : This is also mentioned in the AWS Documentation You can insert logging statements into your code to help you validate that your code is working as expected. Lambda automatically integrates with Amazon CloudWatch Logs and pushes all logs from your code to a CloudWatch Logs group associated with a Lambda function (/aws/lambda/). Option A is incorrect since the metrics will only give the rate at which the function is executing , but not help debug the actual error Option C is incorrect since there is no such option Option D is incorrect since this is only used for API monitoring For more information on monitoring functions , please refer to the below URL You are developing a function that will be hosted in AWS Lambda. The function will be developed in .Net. There are a number of external libraries that are needed for the code to run. Which of the following is the best practice when it comes to working with external dependencies for AWS Lambda? A. Make sure that the dependencies are put in the root folder B. Selectively only include the libraries that are required C. Make sure the libraries are installed in the beginning of the function D. Place the entire SDK dependencies in Amazon S3 Answer - B Explanation : This is also mentioned in the AWS Documentation Minimize your deployment package size to its runtime necessities. This will reduce the amount of time that it takes for your deployment package to be downloaded and unpacked ahead of invocation. For functions authored in Java or .NET Core, avoid uploading the entire AWS SDK library as part of your deployment package. Instead, selectively depend on the modules which pick up components of the SDK you need Option A is incorrect since dependencies don't need to be in the root folder Option C is incorrect since they can run at runtime and don't need to be installed prior Option D is incorrect since using the entire SDK sets is not advisable For more information on best practices for AWS Lambda , please refer to the below URL Your team has a Code Commit repository in your account. You need to give access to a set of developer's in another account access to your Code Commit repository. Which of the following is the most effective way to grant access? A. Create IAM users for each developer and provide access to the repository B. Create an IAM Group , add the IAM users and then provide access to the repository C. Create a cross account role , give the role the privileges. Provide the role ARN to the developers. D. Enable public access for the repository. Answer - C Explanation : This is also mentioned in the AWS Documentation Configure Cross-Account Access to an AWS CodeCommit Repository You can configure access to AWS CodeCommit repositories for IAM users and groups in another AWS account. This is often referred to as cross-account access. This section provides examples and stepby- step instructions for configuring cross-account access for a repository named MySharedDemoRepo in the US East (Ohio) Region in an AWS account (referred to as AccountA) to IAM users who belong to an IAM group named DevelopersWithCrossAccountRepositoryAccess in another AWS account (referred to as AccountB). All other options are incorrect because all of them are not recommended practises for giving access For more information on an example for cross account role access , please refer to the below URL You have a lambda function that is processed asynchronously. You need a way to check and debug issues if the function fails? How could you accomplish this? A. Use AWS Cloudwatch metrics B. Assign a dead letter queue C. Configure SNS notifications D. Use AWS Cloudtrail logs Explanation : Answer - B This is also mentioned in the AWS Documentation Any Lambda function invoked asynchronously is retried twice before the event is discarded. If the retries fail and you're unsure why, use Dead Letter Queues (DLQ) to direct unprocessed events to an Amazon SQS ( queue or an Amazon SNS ( Option A is incorrect since the metrics will only give the rate at which the function is executing , but not help debug the actual error Option C is incorrect since this will only provide notifications but not give the actual events which failed. Option D is incorrect since this is only used for API monitoring For more information on dead letter queues with AWS Lambda , please refer to the below URL You are planning to use AWS Kinesis streams for an application being developed for a company. The company policy mandates that all data is encrypted at rest. How can you accomplish this in the easiest way possible for Kinesis streams? A. Use the SDK for Kinesis to encrypt the data before being stored at rest B. Enable server-side encryption for Kinesis streams C. Enable client-side encryption for Kinesis streams D. Use the AWS CLI to encrypt the data Explanation : Answer - B The easiest way is to use the in-built server-side encryption that is available with Kinesis streams The AWS Documentation mentions the following Server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it's at rest by using an AWS KMS customer master key (CMK) you specify. Data is encrypted before it's written to the Kinesis stream storage layer, and decrypted after it's retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service. This allows you to meet strict regulatory requirements and enhance the security of your data. Options A and C are invalid since this would involve too much of effort for encrypting and decrypting to the streams Option D is invalid since this is the same as encrypting the data before it reaches the stream For more information on server-side encryption with streams , please refer to the below URL You are developing an application that is going to make use of Amazon Kinesis. Due to the high throughput, you decide to have multiple shards for the streams. Which of the following is TRUE when it comes to processing data across multiple shards? A. You cannot guarantee the order of data across multiple shards. Its possible only within a shard B. Order of data is possible across all shards in a stream C. Order of data is not possible at all in Kinesis streams D. You need to use Kinesis firehose to guarantee the order of data Explanation : Answer - A Kinesis Data Streams lets you order records and read and replay records in the same order to many Kinesis Data Streams applications. To enable write ordering, Kinesis Data Streams expects you to call the PutRecord API to write serially to a shard while using the sequenceNumberForOrdering parameter. Setting this parameter guarantees strictly increasing sequence numbers for puts from the same client and to the same partition key. Option A is correct as it cannot guarantee the ordering of records across multiple shards. Option B,C and D are incorrect because Kinesis Data Streams can order records on a single shard. Each data record has a sequence number that is unique within its shard. Kinesis Data Streams assigns the sequence number after you write to the stream with putRecords or Record. For more information please refer: by-using-amazon-dynamodb-streams/ ( by-using-amazon-dynamodb-streams/) A company is planning on developing an application that is going to make use of a DynamoDB table. The structure of the table is given below