Question #201
A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?
- A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
- B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
- C. Make an GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
- D. Make an GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data D
Correct Answer: Explanation
Question #202
A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?
- A. A GitHub secure authentication token
- B. A public and private SSH key file
- C. A set of Git credentials generated from IAM
- D. An Amazon EC2 IAM role with CodeCommit permissions
Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-migrate-repository-existing.html
Question #203
A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?
- A. Enable request validation
- B. Include the Amazon Resource Name (ARN) of the Lambda function
- C. Change the integration type
- D. Create a mapping template C
Correct Answer: Explanation
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html
Question #204
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?
- A. Separate the Lambda handler from the core logic
- B. Use Amazon CloudWatch Events to send the processed data
- C. Publish the processed data to an Amazon SNS topic
- D. Push the processed data to Amazon SQS
Correct Answer: B
Question #205
A Developer is storing documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?
- A. Encrypt the data before sending it to Amazon S3
- B. Import a custom key into AWS KMS with annual rotation enabled
- C. Use AWS KMS with automatic key rotation
- D. Export a key from AWS KMS to encrypt the data
Correct Answer: B
Question #206
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service run different versions for testing purposes.
What would be the BEST way to accomplish this?
- A. Use an x-Version header to denote which version is being called and pass that header to the Lambda function(s)
- B. Create an API Gateway Lambda authorizer to route API clients to the correct API version
- C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
- D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
Correct Answer: C
Question #207
A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?
- A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
- B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
- C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
- D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table
Correct Answer: D
Question #208
An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?
- A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
- B. Create an RDS Read Replica and direct all read traffic to the replica.
- C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
- D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic. B
Correct Answer: Explanation
Question #209
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? (Choose two.)
- A. Upload an html page named welcome.html to their S3 bucket
- B. Create a welcome subfolder in their S3 bucket
- C. Set the Index Document property to welcome.html
- D. Move the index.html page to a welcome subfolder
- E. Set the Error Document property to welcome.html
Correct Answer: AC
Question #210
What type of block cipher does Amazon S3 offer for server side encryption?
- A. Triple DES
- B. Advanced Encryption Standard
- C. Blowfish
- D. RC5
Correct Answer: B
Thank you !!
Helped me in achieving my aws developer certification.