AWS Certified Developer Associate 5: Multiple Choice Questions And Correct Answers with Rationale,100% Verified

AWS Certified Developer Associate 5: Multiple Choice Questions And Correct Answers with Rationale,100% Verified A developer is writing an application that will run on -premises, but must access AWS services through an AWS SDK. How can the Developer allow the SDK to access the AWS services? A. Create an IAM EC2 role with correct permissions and assign it to the on-premises server. B. Create an IAM user with correct permissions, generate an access key and store it in aws credentials C. Create an IAM role with correct permissions and request an STS token to assume the role. D. Create an IAM user with correct permissions, generate an access key and store it in a Dynamo DB table. Answer - B When working on development, you need to use the AWS Access keys to work with the AWS Resources The AWS Documentation additionally mentions the following You use different types of security credentials depending on how you interact with AWS. For example, you use a user name and password to sign in to the AWS Management Console. You use access keys to make programmatic calls to AWS API operations. Option A is incorrect since we need to do this from an on-premise server you cannot use an EC2 role to work with an on-premise server. Option C is incorrect. If you want to test your application on your local machine, you're going to need to generate temporary security credentials (access key id, secret access key, and session token). You can do this by using the access keys from an IAM user to call assumeRole ( include credentials that you can use to set the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN (note without the token, they keys will be invalid). The SDK/CLI should then use these credentials. This will give your app a similar experience to running in an Amazon EC2 instance that was launched using an IAM role. Option D is incorrect since the access keys should be on the local machine For more information on usage of credentials in AWS , please refer to the below link: A Developer is migrating an on-premises web application to the AWS Cloud. The application currently runs on a 32-processor server and stores session state in memory. On Friday afternoons the server runs at 75% CPU utilization, but only about 5% CPU utilization at other times. How should the Developer change to code to better take advantage of running in the cloud? A. Compress the session state data in memory B. Store session state on EC2 instance Store C. Encrypt the session state data in memory D. Store session state in an ElastiCache cluster. Answer - D ElastiCache is the perfect solution for managing session state. This is also given in the AWS Documentation In order to address scalability and to provide a shared data storage for sessions that can be accessible from any individual web server, you can abstract the HTTP sessions from the web servers themselves. A common solution to for this is to leverage an In-Memory Key/Value store such as Redis and Memcached. Option A is incorrect since compression is not the ideal solution Option B is incorrect since EC2 Instance Store is too volatile. Option C is incorrect since this is ok from a security standpoint but will just make the performance worse for the application For more information on Session Management , please refer to the below Link: An organization's application needs to monitor application specific events with a standard AWS service. The service should capture the number of logged in users and trigger events accordingly. During peak times, monitoring frequency will occur every 10 seconds. What should be done to meet these requirements? A. Create an Amazon SNS notification B. Create a standard resolution custom Amazon CloudWatch log C. Create a high-resolution custom Amazon CloudWatch metric D. Create a custom Amazon CloudTrail log. Answer - C This is clearly mentioned in the AWS Documentation When creating an alarm, select a period that is greater than or equal to the frequency of the metric to be monitored. For example, basic monitoring for Amazon EC2 provides metrics for your instances every 5 minutes. When setting an alarm on a basic monitoring metric, select a period of at least 300 seconds (5 minutes). Detailed monitoring for Amazon EC2 provides metrics for your instances every 1 minute. When setting an alarm on a detailed monitoring metric, select a period of at least 60 seconds (1 minute). If you set an alarm on a high-resolution metric, you can specify a high-resolution alarm with a period of 10 seconds or 30 seconds, or you can set a regular alarm with a period of any multiple of 60 seconds Option A is incorrect since the question does not mention anything on notifications. Option B is incorrect since the standard resolution counters will not help define triggers within a 10 second interval Option D is incorrect since Cloudtrail is used for API Activity logging For more information on Cloudwatch metrics , please refer to the below Link: A Developer is writing an application that runs on EC2 instances and stores 2 GB objects in an S3 bucket. The Developer wants to minimize the time required to upload each item. Which API should the Developer use to minimize upload time? A. MultipartUpload B. BatchGetltem C. BatchWriteItem D. Putltem Answer - A The AWS Documentation mentions the following to support this The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object (see Operations on Objects). Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket. Option B is incorrect since this is used to get a batch of items Option C is incorrect since this is used to write a batch of items and would not help to upload a large item Option D is incorrect since this is used to Put a single item but does not offer performance benefits for uploading large objects. For more information on Amazon S3 Multipart file upload, please refer to the below Link: A Developer working on an AWS CodeBuild project wants to override a build command as part of a build run to test a change. The developer has access to run the builds but does not have access to edit the CodeBuild project What process should the Developer use to override the build command? A. Update the configuration file that is part of the source code and run a new build. B. Update the command in the Build Commands section during the build run in the AWS console. C. Run the start build AWS CLI command with buildspecOverride property set to the new file. D. Update the buildspec property in the StartBuild API to override the build command during build run. Answer - C Use the AWS CLI command to specify different parameters that need to be run for the build. Since the developer has access to run the build , he can run the build changing the parameters from the command line. The same is also mentioned in the AWS Documentation All other option are incorrect since we need to use the AWS CLI For more information on running the command via the CLI, please refer to the below Link: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this? A. Lazy loading B. Write-through C. Error retries D. Exponential backoff Answer - A The AWS Documentation mentions the different caching strategies, for the above scenario the best one to choose is Lazy Loading. Whenever your application requests data, it first makes the request to the ElastiCache cache. If the data exists in the cache and is current, ElastiCache returns the data to your application. If the data does not exist in the cache, or the data in the cache has expired, your application requests the data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested. All other options are incorrect since there is only one which matches the requirement of the question. For more information on the strategies for ElastiCache, please refer to the below Link: A Developer is writing an application that will run on EC2 instances and read messages from an SQS queue. The messages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages? A. Use long polling B. Set a custom visibility timeout C. Use short polling D. Implement exponential backoff. Answer - A Option B is invalid because this is valid only for the processing time for the Messages. Option C is invalid because this would not be a cost effective option Option D is invalid because this is not a practice for SQS queues Long polling will help in ensuring that the applications makes less requests for messages in a shorter period of time. This is more cost effective. Since the messages are only going to be available after 15 seconds and we don't know exactly when they would be available, its better to use Long Polling For more information on Long polling, please refer to the below Link: html A Developer is building an application that needs access to an S3 bucket. An IAM role is created with the required permissions to access the S3 bucket. Which API call should the Developer use in the application so that the code can access to the S3 bucket? A. IAM: AccessRole B. STS: GetSessionToken C. IAM:GetRoleAccess D. STS:AssumeRole Answer - D This is given in the AWS Documentation A role specifies a set of permissions that you can use to access AWS resources. In that sense, it is similar to an IAM user. An application assumes a role to receive permissions to carry out required tasks and interact with AWS resources. The role can be in your own account or any other AWS account. For more information about roles, their benefits, and how to create and configure them, see IAM Roles, and Creating IAM Roles. To learn about the different methods that you can use to assume a role, see Using IAM Roles. Important The permissions of your IAM user and any roles that you assume are not cumulative. Only one set of permissions is active at a time. When you assume a role, you temporarily give up your previous user or role permissions and work with the permissions that are assigned to the role. When you exit the role, your user permissions are automatically restored. To assume a role, an application calls the AWS STS AssumeRole API operation and passes the ARN of the role to use. When you call AssumeRole, you can optionally pass a JSON policy. This allows you to restrict permissions for that for the role's temporary credentials. This is useful when you need to give the temporary credentials to someone else. They can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use the passed policy to grant permissions that are in excess of those allowed by the permissions policy of the role that is being assumed. To learn more about how AWS determines the effective permissions of a role, see Policy Evaluation Logic. All other options are invalid since the right way for the application to use the Role is to assume the role to get access to the S3 bucket. For more information on switching roles, please refer to the below Link: A developer has recently deployed an AWS Lambda function that computes a Fibonacci sequence using recursive Lambda invocations. A pre-defined AWS IAM policy is