AWS Certified Developer Associate 3 Multiple Choice Questions And Correct Answers With Rationale.

AWS Certified Developer Associate 3 Multiple Choice Questions And Correct Answers With Rationale. You are the lead for your development team. There is a requirement to provision an application using the Elastic beanstalk service. It's a custom application wherein there are a lot of configuration files and patches that need to be download. Which of the following would be the best way to provision the environment in the least time possible? A. Use a custom AMI for the underlying instances B. Use configuration files to download and install the updates C. Use the User data section for the Instances to download the updates D. Use the metadata data section for the Instances to download the updates Explanation : Answer - A The AWS Documentation mentions the following When you create an AWS Elastic Beanstalk environment, you can specify an Amazon Machine Image (AMI) to use instead of the standard Elastic Beanstalk AMI included in your platform configuration's solution stack. A custom AMI can improve provisioning times when instances are launched in your environment if you need to install a lot of software that isn't included in the standard AMIs. Using configuration files ( and customizing your environment quickly and consistently. Applying configurations, however, can start to take a long time during environment creation and updates. If you do a lot of server configuration in configuration files, you can reduce this time by making a custom AMI that already has the software and configuration that you need. Options B and C are invalid since these options would not result in the least amount of time for setting up the environment. Option D is invalid since the metadata data section is used for getting information about the underlying instances For more information on working with custom environments, please refer to the below URL A development team is developing a mobile based application. They want to use AWS services for data storage and for managing authentication. It also needs to be ensured that a second level of authentication is available for users. Which of the following would assist in this? Choose 2 answers from the options given below A. Use the AWS Cognito Service B. Use the AWS Config Service C. Enable MFA for the underlying user pool D. Enable user names and passwords for the underlying user pools Explanation : Answer - A and C The AWS Documentation mentions the following Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google. Multi-factor authentication (MFA) increases security for your app by adding another authentication method, and not relying solely on user name and password. You can choose to use SMS text messages, or time-based one-time (TOTP) passwords as second factors in signing in your users. Option B is invalid since this is a configuration service Option D is invalid since user names and passwords is not a valid second level of authentication For more information on MFA with AWS Cognito, please refer to the below URL Your development team is working with Docker containers. These containers need to encrypt data. The data key needs to be generated using the KMS service. The data key should be in the encrypted format. Which of the following would you most ideally use? A. The GenerateDataKey command B. The GenerateDataKeyWithoutPlaintext command C. Use the CMK Keys D. Use client-side keys Explanation : Answer - B The AWS Documentation mentions the following Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to GenerateDataKey ( only the encrypted copy of the data key. Option A is invalid since this also returns a plain text key as well Option C is invalid since you should not use the CMK keys for encrypting data Option D is invalid since the question states that you need to use the KMS service For more information on Generating data keys, please refer to the below URL Your development team is developing several Lambda functions for testing. These functions will be called by a single .Net program. The program needs to call each Lambda function in a sequential manner for testing purposes. How can you accomplish this in the easiest way to ensure that least changes need to be made to the .Net program to call the various Lambda functions? A. Create different environment variables for the Lambda function B. Create different versions for the Lambda function C. Create an ALIAS and reference is in the program D. Use the SAM for deployment of the functions Explanation : Answer - C The AWS Documentation mentions the following You can create one or more aliases for your Lambda function. An AWS Lambda alias is like a pointer to a specific Lambda function version. By using aliases, you can access the Lambda function an alias is pointing to (for example, to invoke the function) without the caller having to know the specific version the alias is pointing to Option A is invalid since environment variables in AWS Lambda are used to dynamically pass settings to your function code and libraries, without making changes to the Lambda code. Option B is invalid since this is used to publish one or more versions of your Lambda function Option D is invalid since this is used to define serverless applications For more information on ALIAS, please refer to the below URL You are starting to develop an application using AWS services. You are testing the services out by querying them using REST API. Which of the following would be needed to make successful calls to AWS services using REST API A. User name and password B. SSL certificates C. Access Keys D. X.509 certificates Explanation : Answer - C The AWS Documentation mentions the following Access keys consist of an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign programmatic requests that you make to AWS if you use the AWS SDKs, REST, or Query API operations. Because of what is mentioned in the AWS Documentation , all other options are invalid For more information on Access Keys, please refer to the below URL You've currently set up an API gateway service in AWS. The API gateway is calling a custom API hosted on an EC2 Instance. There are severe latency issues and you need to diagnose the reason for those latency issues. Which of the following could be used to address this concern? A. AWS X-Ray B. AWS Cloudwatch C. AWS Cloudtrail D. AWS VPC Flow logs Explanation : Answer - A The AWS Documentation mentions the following AWS X-Ray is an AWS service that allows you to trace latency issues with your Amazon API Gateway APIs. X-Ray collects metadata from the API Gateway service and any downstream services that make up your API. X-Ray uses this metadata to generate a detailed service graph that illustrates latency spikes and other issues that impact the performance of your API. Option B is invalid since this is used to log API execution operations Option C is invalid since this is used to log API Gateway API management operations Option D is invalid since this is used to log calls into the VPC For more information on API monitoring overview, please refer to the below URL Your company has setup an application in AWS. The application has been developed inhouse which consists of many distributed components. After initial launch of the application, important information which gets exchanged between components gets lost whenever one of the components is down. As a developer what can you suggest in resolving this issue? A. Suggest the usage of the SQS service for messaging across the distributed components B. Suggest the usage of the SNS service for messaging across the distributed components C. Suggest the use of Cloudwatch logs to detect the issue in more detail D. Suggest the use of Cloudtrail logs to detect the issue in more detail Explanation : Answer - A The AWS Documentation mentions the following Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. Option B is invalid since this is used to send messages to different endpoints Options C and D are invalid since we already know that there is an issue which is related to the underlying messaging between components. For more information on SQS queues, please refer to the below URL Your company has a set of EC2 Instances and On-premise. They now want to automate the deployment of their applications using the AWS Code Deploy tool in AWS. Which of the following is not a TRUE complete requirement that needs to be fulfilled for preparation of the servers? A. Ensure both EC2 Instances and On-premise servers have the Code Deploy agent installed B. Ensure both EC2 Instances and On-premise servers can connect to the Code Deploy service C. Ensure both EC2 Instances and On-premise servers are tagged D. Ensure both EC2 Instances and On-premise servers have instance profile attached to them Explanation : Answer - D Because of what is mentioned in the AWS Documentation, the other options are TRUE and hence not valid from an answer standpoint. The below snapshot from the AWS Documentation shows the comparison of deployment of AWS Code Deploy for On-premise vs Amazon EC2 Instances For more information on Instances for Code Deploy, please refer to the below URL You are in charge of developing Cloudformation templates which would be used to deploy databases in different AWS Accounts. In order to ensure that the passwords for the database are passed in a secure manner which of the following could you use with Cloudformation? A. Outputs B. Metadata C. Parameters D. Resources Answer - C The AWS Documentation mentions the following Option A is incorrect since this is used to describes the values that are returned whenever you view your stack's properties Option B is incorrect since this is used to specify Objects that provide additional information about the template. Option D is incorrect since here you would need to add the hard-coded passwords For more information on best practises for Cloudformation, please refer to the below URL Your team needs to develop an application that needs to make use of SQS queues. There is a requirement that when a message is added to the queue, the message is not visible for 5 minutes to consumers. How can you achieve this? Choose 2 answers from the options given below A. Increase the visibility timeout of the queue B. Implement long polling for the SQS queue C. Implement delay queues in AWS D. Change the message timer value for each individual message Explanation : Answer - C and D The AWS Documentation mentions the following Delay queues let you postpone the delivery of new messages to a queue for a number of seconds. If you create a delay queue, any messages that you send to the queue remain invisible to consumers for the duration of the delay period. The default (minimum) delay for a queue is 0 seconds. The maximum is 15 minutes. To set delay seconds on individual messages, rather than on an entire queue, use message timers (