AWS CDA Certified Developer Associate
Practice Exam 1 Questions & Answers
1.A multi-national company has just moved to AWS Cloud and it has
configured forecast-based AWS Budgets alerts for cost management.
However, no alerts have been received even though the account and the
budgets have been created almost three weeks ago.
What could be the issue with the AWS Budgets configuration?
- Amazon CloudWatch could be down and hence alerts are not being sent
- Account has to be part of AWS Organizations to receive AWS Budget alerts
- Budget forecast has been created from an account that does not
have enough privileges
- AWS requires approximately 5 weeks of usage data to generate budget
forecasts:
ANS AWS requires approximately 5 weeks of usage data to generate
budget forecasts.
If you set a budget to alert based on a forecasted amount, this budget
alert isn't triggered until you have enough historical usage information.
2.A developer is configuring a bucket policy that denies upload object per-
mission to any requests that do not include the x-amz-server-side-
encryption header requesting server-side encryption with SSE-KMS for an
,Amazon S3 bucket - examplebucket.
Which of the following policies is the right fit for the given requirement?
ANS -: {
"Version":"2012-10-17",
"Id":"PutObjectPolicy",
"Statement":[{
"Sid":"DenyUnEncryptedObjectUploads
", "Effect":"Deny",
"Principal":"",
"Action":"s3:PutObject", "Resource":"arn:aws:s3:::examplebucket/",
"Condition":{ "StringNotEquals":{
"s3:x-amz-server-side-encryption":"aws:kms" } } } ] }
This bucket policy denies upload object (s3:PutObject) permission if
the re- quest does not include the x-amz-server-side-encryption
header requesting serv- er-side encryption with SSE-KMS. To ensure
that a particular AWS KMS CMK
be used to encrypt the objects in a bucket, you can use the s3:x-amz-
serv-
er-side-encryption-aws-kms-key-id condition key. To specify the AWS KM
CMK, you must use a key Amazon Resource Name (ARN) that is in the
"arn:aws:kms:re-
gion:acct-id:key/key-id" format.
When you upload an object, you can specify the AWS KMS CMK using the
,x-amz-server-side-encryption-aws-kms-key-id header. If the header is
not present in the request, Amazon S3 assumes the AWS-managed
CMK.
3.A company is creating a gaming application that will be deployed on
mobile devices. The application will send data to a Lambda function-based
RESTful API. The application will assign each API request a unique
identifier. The
volume of API requests from the application can randomly vary at any given
time of day. During request throttling, the application might need to retry
requests. The API must be able to address duplicate requests without
inconsistencies or data loss.
Which of the following would you recommend to handle these requirements?
- Persist the unique identifier for each request in a DynamoDB table. Change
the Lambda function to check the table for the identifier before processing
the request
- Persist the unique identifier for each request in an ElastiCache for Mem-
cached cache. Change the Lambda function to check the cache for the
identifier before processing the request
- Persist the unique identifier for each request in an RDS MySQL table.
Change the Lambda function to check the table for the identifier before
processing the request
- Persist the unique identifier for each request in a DynamoDB table.
Change the Lambda function to send a client error response when the func:
ANS Persist the unique identifier for each request in a DynamoDB table.
, Change the Lambda function to check the table for the identifier before
processing the request
DynamoDB is a fully managed, serverless, key-value NoSQL database
designed to run high-performance applications at any scale. DynamoDB
offers built-in security, continuous backups, automated multi-Region
replication, in-memory caching, and data import and export tools. On-
demand backup and restore allows you to create full backups of your
DynamoDB. Point-in-time recovery (PITR) helps protect your DynamoDB
tables from accidental write or delete operations. PITR provides
continuous backups of your DynamoDB table data, and you can restore
that table to any point in time up to the second during the preceding 35
days.
These features ensure that there is no data loss for the application,
thereby meeting a key requirement for the given use case. The solution
should also be able to address
any duplicate requests without inconsistencies, so the Lambda function
should be changed to inspect the table for the given identifier and
process the request only if the identifier is unique.
4.Which of the following best describes how KMS Encryption works?
- KMS receives CMK from the client at every encrypt call, and encrypts
the data with that
- KMS sends the CMK to the client, which performs the encryption and
Practice Exam 1 Questions & Answers
1.A multi-national company has just moved to AWS Cloud and it has
configured forecast-based AWS Budgets alerts for cost management.
However, no alerts have been received even though the account and the
budgets have been created almost three weeks ago.
What could be the issue with the AWS Budgets configuration?
- Amazon CloudWatch could be down and hence alerts are not being sent
- Account has to be part of AWS Organizations to receive AWS Budget alerts
- Budget forecast has been created from an account that does not
have enough privileges
- AWS requires approximately 5 weeks of usage data to generate budget
forecasts:
ANS AWS requires approximately 5 weeks of usage data to generate
budget forecasts.
If you set a budget to alert based on a forecasted amount, this budget
alert isn't triggered until you have enough historical usage information.
2.A developer is configuring a bucket policy that denies upload object per-
mission to any requests that do not include the x-amz-server-side-
encryption header requesting server-side encryption with SSE-KMS for an
,Amazon S3 bucket - examplebucket.
Which of the following policies is the right fit for the given requirement?
ANS -: {
"Version":"2012-10-17",
"Id":"PutObjectPolicy",
"Statement":[{
"Sid":"DenyUnEncryptedObjectUploads
", "Effect":"Deny",
"Principal":"",
"Action":"s3:PutObject", "Resource":"arn:aws:s3:::examplebucket/",
"Condition":{ "StringNotEquals":{
"s3:x-amz-server-side-encryption":"aws:kms" } } } ] }
This bucket policy denies upload object (s3:PutObject) permission if
the re- quest does not include the x-amz-server-side-encryption
header requesting serv- er-side encryption with SSE-KMS. To ensure
that a particular AWS KMS CMK
be used to encrypt the objects in a bucket, you can use the s3:x-amz-
serv-
er-side-encryption-aws-kms-key-id condition key. To specify the AWS KM
CMK, you must use a key Amazon Resource Name (ARN) that is in the
"arn:aws:kms:re-
gion:acct-id:key/key-id" format.
When you upload an object, you can specify the AWS KMS CMK using the
,x-amz-server-side-encryption-aws-kms-key-id header. If the header is
not present in the request, Amazon S3 assumes the AWS-managed
CMK.
3.A company is creating a gaming application that will be deployed on
mobile devices. The application will send data to a Lambda function-based
RESTful API. The application will assign each API request a unique
identifier. The
volume of API requests from the application can randomly vary at any given
time of day. During request throttling, the application might need to retry
requests. The API must be able to address duplicate requests without
inconsistencies or data loss.
Which of the following would you recommend to handle these requirements?
- Persist the unique identifier for each request in a DynamoDB table. Change
the Lambda function to check the table for the identifier before processing
the request
- Persist the unique identifier for each request in an ElastiCache for Mem-
cached cache. Change the Lambda function to check the cache for the
identifier before processing the request
- Persist the unique identifier for each request in an RDS MySQL table.
Change the Lambda function to check the table for the identifier before
processing the request
- Persist the unique identifier for each request in a DynamoDB table.
Change the Lambda function to send a client error response when the func:
ANS Persist the unique identifier for each request in a DynamoDB table.
, Change the Lambda function to check the table for the identifier before
processing the request
DynamoDB is a fully managed, serverless, key-value NoSQL database
designed to run high-performance applications at any scale. DynamoDB
offers built-in security, continuous backups, automated multi-Region
replication, in-memory caching, and data import and export tools. On-
demand backup and restore allows you to create full backups of your
DynamoDB. Point-in-time recovery (PITR) helps protect your DynamoDB
tables from accidental write or delete operations. PITR provides
continuous backups of your DynamoDB table data, and you can restore
that table to any point in time up to the second during the preceding 35
days.
These features ensure that there is no data loss for the application,
thereby meeting a key requirement for the given use case. The solution
should also be able to address
any duplicate requests without inconsistencies, so the Lambda function
should be changed to inspect the table for the given identifier and
process the request only if the identifier is unique.
4.Which of the following best describes how KMS Encryption works?
- KMS receives CMK from the client at every encrypt call, and encrypts
the data with that
- KMS sends the CMK to the client, which performs the encryption and
