[Q141-Q163] Excellent AWS-Certified-Developer-Associate PDF Dumps With 100% ITexamReview Exam Passing Guaranted [Oct-2021]

Excellent AWS-Certified-Developer-Associate PDF Dumps With 100% ITexamReview Exam Passing Guaranted [Oct-2021]

100% Pass Your AWS-Certified-Developer-Associate AWS Certified Developer - Associate at First Attempt with ITexamReview

NEW QUESTION 141
In relation to Amazon SQS, how can you ensure that messages are delivered in order?

• A. Give each message a unique id.
• B. AWS cannot guarantee that you will receive messages in the exact order you sent them
• C. Send them with a timestamp
• D. Increase the size of your queue

Answer: B

Explanation:
Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt.
https://aws.amazon.com/items/1343?externalID=1343

 

NEW QUESTION 142
A developer is testing an application that invokes an AWS Lambda function asynchronously During the testing phase, the Lambda function fails to process after two retries
How can the developer troubleshoot the failure?

• A. Configure Amazon Simple Workflow Service to process any direct unprocessed events
• B. Configure Dead Letter Queues by sending events to Amazon SQS for investigation.
• C. Configure AWS Config to process any direct unprocessed events
• D. Configure AWS CloudTrail logging to investigate the invocation failures

Answer: D

 

NEW QUESTION 143
An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below:

An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized.
Which of the following techniques will resolve this issue? (Select Two.)

• A. Batch login requests from hundreds of users together as a single read request to the database.
• B. Use Amazon Application Load Balancer to load balance the traffic to the website.
• C. Call the database asynchronously so the code can continue executing.
• D. Use Amazon ElastiCache for MemCached to cache user data.
• E. Implement the user login page as an asynchronous Lambda function.

Answer: C,D

Explanation:
Explanation
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/making-asynchronous-calls.html

 

NEW QUESTION 144
Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

• A. Keep rotating your secure access credentials at regular intervals
• B. Create individual IAM users
• C. Create strong access key and secret access key and attach to the root account
• D. Enable MFA for privileged users

Answer: C

Explanation:
It is a recommended approach to avoid using the access and secret access keys of the root account. Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

 

NEW QUESTION 145
A Security Engineer is looking for a way to control access to data that is being encrypted under a CMK. The Engineer is also looking to use additional authenticated data (AAD) to prevent tampering with ciphertext.
Which action would provide the required functionality?

• A. Use key policies to restrict access to the appropriate IAM groups.
• B. Use kms:EncryptionContextas a condition when defining IAM policies for the CMK.
• C. Pass the key alias to AWS KMS when calling Encryptand DecryptAPI actions.
• D. Use IAM policies to restrict access to Encryptand DecryptAPI actions.

Answer: A

Explanation:
Explanation/Reference: https://docs.aws.amazon.com/crypto/latest/userguide/crypto-ug.pdf

 

NEW QUESTION 146
A developer is setting up Amazon API Gateway for their company's products The API will be used by registered developers to query and update their environments. The company wants to limit the amount of requests end users can send for both cost and security reasons Management wants to offer registered developers the option of buying larger packages that allow for more requests.
How can the developer accomplish this with the LEAST amount of overhead management?

• A. Enable Amazon CloudWatch metrics for the API Gateway stage Set up CloudWatch alarms based off the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts when request rates pass the threshold Set the alarm action to Deny If a registered user chooses a larger package create a user-specific alarm and adjust the values
• B. Set up Amazon CloudWatch API logging in API Gateway Create a filter based on the user and requestTime fields and create an alarm on this filter Write an AWS Lambda function to analyze the values and requester information, and respond accordingly Set up the function as the target for the alarm If a registered user chooses a larger package, update the Lambda code with the values.
• C. Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity If a registered user chooses a larger package, create a stage for them, adjust the values, and share the new URL with them.
• D. Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage, if a registered user chooses a larger package, create a custom plan with the appropriate values and associate the plan with the user

Answer: C

 

NEW QUESTION 147
n on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, "LimitExceeded" errors are being logged.
What should be changed to fix this error?

• A. Add a one second delay to each API call.
• B. Load balance the application to multiple servers.
• C. Implement exponential backoffs in the application.
• D. Move the application to Amazon EC2.

Answer: C

 

NEW QUESTION 148
Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?

• A. "Fn::Join" : ["". [ "http://", {"Ref" : "ElasticLoadBalancerUrl"}]]
• B. "Fn::Join" : [".", [ "http://", {"Ref" : "ElasticLoadBalancerDNSName"}]]
• C. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]
• D. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","Url"]}]]

Answer: D

 

NEW QUESTION 149
An organization has 10000 employees. The organization wants to give restricted AWS access to each employee. How can the organization achieve this?

• A. It is not recommended to support 10000 users with IAM
• B. Create an IAM user for each employee and make them a part of the group
• C. Use Identity federation with SSO
• D. Use STS and create the users' run time

Answer: C

Explanation:
Identity federation enables users from an existing directory to access resources within your AWS account, making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

 

NEW QUESTION 150
A developer must increase read performance from an unencrypted Amazon S3 bucket. The application requires 100,000 read requests each second. Cost-effectiveness is a priority.
What would be the SIMPLEST approach to implement these requirements?

• A. Create 20 or more prefixes in Amazon S3. Place files by prefixes. Read in parallel by prefixes.
• B. Create 20 or more AWS accounts. Create a bucket in each account. Read in parallel by bucket.
• C. Deploy Memcached on Amazon EC2. Cache the files in memory. Retrieve from the Memcached cache.
• D. Copy all files to Amazon DynamoDB. Index the files with S3 metadata. Retrieve from DynamoDB.

Answer: B

 

NEW QUESTION 151
A Developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings. The Developer is required to use an AWS KMS Customer Master Key (CMK) supplied by the Information Security department in order to adhere to company standards for securing Lambda environment variables.
Which of the following are required for this configuration to work? (Choose two.)

• A. The Lambda execution role must have the kms:Encryptpermission added in the AWS IAM policy.
• B. The KMS key policy must allow permissions for the Developer to use the KMS key.
• C. The Developer must configure Lambda access to the VPC using the --vpc-configparameter.
• D. The Lambda function execution role must have the kms:Decryptpermission added in the AWS IAM policy.
• E. The AWS IAM policy assigned to the Developer must have the kms:GenerateDataKeypermission added.

Answer: A,E

 

NEW QUESTION 152
A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table.
What is the MOST secure approach the Developer should take to accomplish this task?

• A. Run all code with only AWS account root user access keys to ensure maximum access to services.
• B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.
• C. Use an IAM role with Administrator access applied to the EC2 instance.
• D. Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.

Answer: C

 

NEW QUESTION 153
A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities.
Which approach would provide the BEST user experience?

• A. Enable session stickness in the existing Network Load Balancer and manage the session data in the container.
• B. Provision a Redic cluster in Amazon ElasticCache and save the session data in the cluster
• C. Create a session table in Amazon Redshift and save the session data in the database table.
• D. Use an Amazon S3 bucket as data store and save the session data in the bucket.

Answer: A

 

NEW QUESTION 154
A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source categories the subscription cannot be configured?

• A. DB snapshot
• B. DB security group
• C. DB parameter group
• D. DB options group

Answer: D

 

NEW QUESTION 155
A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services.
Review the following response:

Based on the response displayed what permissions are associated with the call from the application?

• A. Permissions associated with the default role used when the AWS service was built
• B. Permissions associated with the account that owns the AWS service
• C. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1
• D. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE

Answer: D

 

NEW QUESTION 156
How does Amazon SQS allow multiple readers to access the same message queue without losing
messages or processing them many times?

• A. By identifying a user by his unique id
• B. By using unique cryptography
• C. Amazon SQS queue has a configurable visibility timeout.
• D. Multiple readers can't access the same message queue

Answer: C

Explanation:
Every Amazon SQS queue has a configurable visibility timeout. For the designated amount of time after a
message is read from a queue, it will not be visible to any other reader. As long as the amount of time that
it takes to process the message is less than the visibility timeout, every message will be processed and
deleted. In the event that the component processing the message fails or becomes unavailable, the
message will again become visible to any component reading the queue once the visibility timeout ends.
This allows you to have many components all reading messages from the same queue, with each working
to process different messages.
Reference: https://aws.amazon.com/sqs/faqs/

 

NEW QUESTION 157
The Developer for a retail company must integrate a fraud detection solution into the order processing solution.
The fraud detection solution takes between ten and thirty minutes to verify an order. At peak, the web site can receive one hundred orders per minute.
What is the most scalable method to add the fraud detection solution to the order processing pipeline?

• A. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.
• B. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders.
  Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.
• C. Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.
• D. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.

Answer: B

 

NEW QUESTION 158
A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object?

• A. Define the policy for the IAM user
• B. Define the policy for the bucket
• C. Define the policy for the object
• D. Define the ACL for the object

Answer: C

Explanation:
Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies.
Access policies, such as ACL and resource policy can be attached to the bucket. With the object the user can only have ACL and not an object policy. The user can also attach access policies to the IAM users in the account. These are called user policies.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html

 

NEW QUESTION 159
Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

• A. Enable versioning on the cdfonts bucket for each web font
• B. Create a policy on the cdfonts bucket to enable access to everyone
• C. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website
• D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration

Answer: D

 

NEW QUESTION 160
A Security Engineer signed in to the AWS Management Console as an IAM user and switched to the security role IAM role. To perform a maintenance operation, the Security Engineer needs to switch to the maintainer role IAM role, which lists the security role as a trusted entity. The Security Engineer attempts to switch to the maintainer role, but it fails.
What is the likely cause of the failure?

• A. The Security Engineer should have logged in as the AWS account root user, which is allowed to assume any role directly.
• B. The security role does not include a statement in its policy to allow an sts:AssumeRole action.
• C. The maintainer role does not include the IAM user as a trusted entity.
• D. The security role and the maintainer role are not assigned to the IAM user that the Security Engineer used to sign in to the account.

Answer: B

Explanation:
Explanation/Reference: https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-policy-issues/

 

NEW QUESTION 161
A Developer has created a Lambda function and is finding that the function is taking longer to complete than expected. After some debugging, the Developer has discovered that increasing compute capacity would improve performance.
How can the Developer increase the Lambda compute resources?

• A. Specify a larger compute capacity when calling the Lambda function.
• B. Increase the maximum execution time.
• C. Run on a larger instance size with more compute capacity.
• D. Increase the allocated memory for the Lambda function.

Answer: D

 

NEW QUESTION 162
A user has configured an automated backup between 5 AM ?5:30 AM for the MySQL RDS DB.
Will the performance of RDS get frozen momentarily during a backup?

• A. No
• B. Yes, provided it is a single zone implementation
• C. Yes, only if the instance size is smaller than large size
• D. Yes, always

Answer: B

Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances. A brief I/O freeze, typically lasting a few seconds, occurs during both automated backups and DB snapshot operations on Single-AZ DB instances.

 

NEW QUESTION 163
......

Trend for AWS-Certified-Developer-Associate pdf dumps before actual exam: https://www.itexamreview.com/AWS-Certified-Developer-Associate-exam-dumps.html

Real Exam Questions & Answers - Amazon AWS-Certified-Developer-Associate Dump is Ready: https://drive.google.com/open?id=1UCoGRWUp53D7UhlqmQjXsqjdaDDinXFI