AWS Certified Developer Associate DVA-C02 Q81-Q90

81. A developer updates an AWS Lambda function that an Amazon API Gateway API uses. The API is the backend for a web application.

The developer needs to test the updated Lambda function before deploying the Lambda function to production. The testing must not affect any production users of the web application.

Which solution will meet these requirements in the MOST operationally efficient way?

A. Create a canary release deployment for the existing API stage. Deploy the API to the existing stage. Test the updated Lambda function by using the existing URL.
B. Update the API Gateway API endpoint type to private. Deploy the changes to the existing API stage. Test the API by using the existing URL.
C. Create a new test API stage in API Gateway. Add stage variables to deploy the updated Lambda function to only the test stage. Test the updated Lambda function by using the new stage URL.
D. Create a new AWS CloudFormation stack to deploy a copy of the entire production API and Lambda function. Use the stack’s API URL to test the updated Lambda function.

---

82. A developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.

How can the developer achieve this with MINIMAL impact on users?

A. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version.
B. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version.
C. Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN).
D. Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.

---

83. A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.
B. The updateAuthorizer method must be called to update the API’s authorizer to include the newly created API key.
C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.
D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

---

84. A company uses an AWS CloudFormation template to deploy and manage its AWS infrastructure. The CloudFormation template creates Amazon VPC security groups and Amazon EC2 security groups.

A manager finds out that some engineers modified the security groups of a few EC2 instances for testing purposes. A developer needs to determine what modifications occurred.

Which solution will meet this requirement?

A. Add a Conditions section statement in the source YAML file of the template. Run the CloudFormation stack.
B. Perform a drift detection operation on the CloudFormation stack.
C. Execute a change set for the CloudFormation stack.
D. Use Amazon Detective to detect the modifications.

---

85. An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.

Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

A. The EC2 instance will only be able to list the S3 buckets.
B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
C. The EC2 instance will be able to perform all actions on any S3 bucket.
D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

---

86. A company uses an AWS Lambda function to transfer files from an Amazon S3 bucket to the company’s SFTP server. The Lambda function connects to the SFTP server by using credentials such as username and password. The company uses Lambda environment variables to store these credentials.

A developer needs to implement encrypted username and password credentials.

Which solution will meet these requirements?

A. Remove the user credentials from the Lambda environment. Implement IAM database authentication.
B. Move the user credentials from Lambda environment variables to AWS Systems Manager Parameter Store.
C. Move the user credentials from Lambda environment variables to AWS Key Management Service (AWS KMS).
D. Move the user credentials from the Lambda environment to an encrypted .txt file. Store the file in an S3 bucket.

---

87. A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.

Which solution meets these requirements?

A. Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.
B. Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.
C. Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.
D. Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

---

88. A company has an application that receives batches of orders from partners every day. The application uses an AWS Lambda function to process the batches.

If a batch contains no orders, the Lambda function must publish to an Amazon Simple Notification Service (Amazon SNS) topic as soon as possible.

Which combination of steps will meet this requirement with the LEAST implementation effort? (Choose two.)

A. Update the existing Lambda function’s code to send an Amazon CloudWatch custom metric for the number of orders in a batch for each partner.
B. Create a new Lambda function as an Amazon Kinesis data stream consumer. Configure the new Lambda function to track orders and to publish to the SNS topic when a batch contains no orders.
C. Set up an Amazon CloudWatch alarm that will send a notification to the SNS topic when the value of the custom metric is 0.
D. Schedule a new Lambda function to analyze Amazon CloudWatch metrics every 24 hours to identify batches that contain no orders. Configure the Lambda function to publish to the SNS topic.
E. Modify the existing Lambda function to log orders to an Amazon Kinesis data stream.

---

89. A developer manages a website that distributes its content by using Amazon CloudFront. The website’s static artifacts are stored in an Amazon S3 bucket.

The developer deploys some changes and can see the new artifacts in the S3 bucket. However, the changes do not appear on the webpage that the CloudFront distribution delivers.

How should the developer resolve this issue?

A. Configure S3 Object Lock to update to the latest version of the files every time an S3 object is updated.
B. Configure the S3 bucket to clear all old objects from the bucket before new artifacts are uploaded.
C. Set CloudFront to invalidate the cache after the artifacts have been deployed to Amazon S3.
D. Set CloudFront to modify the distribution origin after the artifacts have been deployed to Amazon S3.

---

90. A company has a development team that uses AWS CodeCommit for version control. The development team has CodeCommit repositories in multiple AWS accounts. The team is expanding to include developers who work in various locations.

The company must ensure that the developers have secure access to the repositories.

Which solution will meet these requirements in the MOST operationally efficient way?

A. Configure IAM roles for each developer and grant access individually.
B. Configure permission sets in AWS IAM Identity Center to grant access to the accounts.
C. Share AWS access keys with the development team for direct repository access.
D. Use public SSH keys for authentication to the CodeCommit repositories.