AWS-Certified-Developer-Associate Exam Questions - Online Test
AWS-Certified-Developer-Associate Premium VCE File
150 Lectures, 20 Hours
Q1. A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?
A. IAM will throw an error for policy conflict
B. It is not possible to set a policy based on the time or IP
C. It will deny access
D. It will allow access
Answer: D
Explanation:
With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:
By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)
An explicit allow policy overrides this default. An explicit deny policy overrides any allows. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EvaIuationLogic.htmI
Q2. Which one of the following operations is NOT a DynamoDB operation?
A. BatchWrite|tem
B. DescribeTabIe
C. BatchGetItem
D. BatchDeIeteItem
Answer: D
Explanation:
In DynamoDB, Deleteltem deletes a single item in a table by primary key, but BatchDeIeteItem doesn’t exist.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/operationIist.htmI
Q3. When you use the AWS Elastic Beanstalk console to deploy a new application .
A. you’II need to upload each file separately
B. you’II need to create each file and path
C. you’II need to upload a source bundle
D. you’II need to create each file
Answer: C
Explanation:
When you use the AWS Elastic Beanstalk console to deploy a new application or an application version, you’II need to upload a source bundle.
Reference:
http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/using-features.depIoyment.source.html
Q4. A user has an S3 object in the US Standard region with the content "coIor=red". The user updates the object with the content as "coIor="white". If the user tries to read the value 1 minute after it was uploaded, what will S3 return?
A. It will return "coIor=white"
B. It will return "coIor=red"
C. It will return an error saying that the object was not found
D. It may return either "coIor=red" or "color=white" i.e. any of the value
Answer: D
Explanation:
AWS S3 follows the eventual consistent model in the US Standard Region. Once the object is updated it
may return the new value or the old value based on whether all the content is replicated across multiple servers until it becomes consistent (eventual).
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/Introduction.htmI
Q5. An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?
A. Apply the latest patch of OS and always keep it updated.
B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
C. Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.
D. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
Answer: B
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/
Q6. Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?
A. Enable MFA for prMleged users
B. Create indMdual IAM users
C. Keep rotating your secure access credentials at regular intervals
D. Create strong access key and secret access key and attach to the root account
Answer: D
Explanation:
It is a recommended approach to avoid using the access and secret access keys of the root account.
Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
Q7. A user is part of a group which has a policy allowing him just read only access to EC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance?
A. It will allow the user to launch the instance
B. It will fail since the user has just read only access
C. It will allow or deny based on the group under which the user has logged into EC2
D. It will not allow the user to add to the conflicting groups
Answer: A
Explanation:
The IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/PoIiciesOverview.htmI
Q8. An orgAMzation has 20 employees. The orgAMzation wants to give all the users access to the orgAMzation AWS account. Which of the below mentioned options is the right solution?
A. Share the root credentials with all the users
B. Create an IAM user for each employee and provide access to them
C. It is not advisable to give AWS access to so many users
D. Use the IAM role to allow access based on STS
Answer: B
Explanation:
AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at orgAMzations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the orgAMzaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|
Q9. In relation to Amazon SQS, how can you ensure that messages are delivered in order?
A. Increase the size of your queue
B. Send them with a timestamp
C. Give each message a unique id.
D. AWS cannot guarantee that you will receive messages in the exact order you sent them
Answer: D
Explanation:
Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt.
Reference: https://aws.amazon.com/items/1343?externaI|D=1343
Q10. Can a user associate and use his own DNS with ELB instead ofthe DNS provided by AWS ELB?
A. Yes, by creating a CNAME with the existing domain name provider
B. Yes, by configuring DNS in the AWS Console
C. No
D. Yes, only through Route 53 by mapping ELB and DNS
Answer: A
Explanation:
The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/using-domain-names-with-elb. html
- [2021-New] Amazon AWS-Certified-Developer-Associate Dumps With Update Exam Questions (81-90)
- [2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (141-150)
- [2021-New] Amazon AWS-Solution-Architect-Associate Dumps With Update Exam Questions (151-160)
- [2021-New] Amazon AWS-Certified-Developer-Associate Dumps With Update Exam Questions (71-80)
- [2021-New] Amazon AWS-Solution-Architect-Associate Dumps With Update Exam Questions (81-90)
- [2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (1-10)
- [2021-New] Amazon AWS-Solution-Architect-Associate Dumps With Update Exam Questions (41-50)
- [2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (41-50)
- [2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (131-140)
- [2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (21-30)