Free AWS-Certified-Developer-Associate Exam Braindumps

An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.
Which option will meet these requirements with the HIGHEST level of security?

1. A. Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).
2. B. Save the details of the uploaded files in a separate Amazon DynamoDB tabl
3. C. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.
4. D. Use Amazon API Gateway and an AWS Lambda function to upload and download file
5. E. Validate each request in the Lambda function before performing the requested operation.
6. F. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Correct Answer: D
https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

A developer maintains applications that store several secrets in AWS Secrets Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.
What should the developer do to meet these requirements?

1. A. Configure an AWS CloudTrail log file delivery to an Amazon S3 bucke
2. B. Create an Amazon CloudWatch alarm for the GetSecretValu
3. C. Secrets Manager API operation requests
4. D. Create a secrets manager-secret-unused AWS Config managed rul
5. E. Create an Amazon EventBridge rule to Initiate notification when the AWS Config managed rule is met.
6. F. Deactivate the applications secrets and monitor the applications error logs temporarily.
7. G. Configure AWS X-Ray for the application
8. H. Create a sampling rule lo match theGetSecretValue Secrets Manager API operation requests.

Correct Answer: B
This solution will meet the requirements by using AWS Config to monitor and evaluate whether Secrets Manager secrets are unused or have been deleted, based on specified time periods. The secrets manager-secret-unused managed rule is a predefined rule that checks whether Secrets Manager secrets have been rotated within a specified number of days or have been deleted within a specified number of days after last accessed date. The Amazon EventBridge rule will trigger a notification when the AWS Config managed rule is met, alerting the developer about unused secrets that can be removed without causing application downtime. Option A is not optimal because it will use AWS CloudTrail log file delivery to an Amazon S3 bucket, which will incur additional costs and complexity for storing and analyzing log files that may not contain relevant information about secret usage. Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss. Option D is not optimal because it will use AWS X-Ray to trace secret usage, which will introduce additional overhead and latency for instrumenting and sampling requests that may not be related to secret usage.
References: [AWS Config Managed Rules], [Amazon EventBridge]

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-effectively?

1. A. Amazon S3 with encrypted files prefixed with “config”
2. B. AWS Secrets Manager secrets with a tag that is named SecretString
3. C. AWS Systems Manager Parameter Store SecureString parameters
4. D. CloudFormation NoEcho parameters

Correct Answer: C
AWS Systems Manager Parameter Store is a service that provides secure, hierarchical storage for configuration data and secrets. Parameter Store supports SecureString parameters, which are encrypted using AWS Key Management Service (AWS KMS) keys. SecureString parameters can be used to store license keys in AWS and retrieve them securely from automation scripts that run in EC2 instances or CloudFormation stacks. Parameter Store is a cost-effective solution because it does not charge for storing parameters or API calls. Reference: Working with Systems Manager parameters

A company developed an API application on AWS by using Amazon CloudFront, Amazon API Gateway, and AWS Lambda. The API has a minimum of four requests every second. A developer notices that many API users run the same query by using the POST method. The developer wants to cache the POST request to optimize the API resources. Which solution will meet these requirements?

1. A. Configure the CloudFront cach
2. B. Update the application to return cached content based upon the default request headers.
3. C. Override the cache method in the selected stage of API Gatewa
4. D. Select the POST method.
5. E. Save the latest request response in Lambda /tmp director
6. F. Update the Lambda function to check the /tmp directory.
7. G. Save the latest request in AWS Systems Manager Parameter Stor
8. H. Modify the Lambda function to take the latest request response from Parameter Store.

Correct Answer: B
Amazon API Gateway provides tools for creating and documenting web APIs that route HTTP requests to Lambda functions2. You can secure access to your API with authentication and authorization controls. Your APIs can serve traffic over the internet or can be accessible only within your VPC2. You can override the cache method in the selected stage of API Gateway2. Therefore, option B is correct.

A developer wants to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes
before the API is deployed to the production environment. For the test, the developer will send test requests to the API through a testing tool.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Export the existing API to an OpenAPI fil
2. B. Create a new AP
3. C. Import the OpenAPI file.Modify the new API to add request validatio
4. D. Perform the test
5. E. Modify the existing API to add request validatio
6. F. Deploy the existing API to production.
7. G. Modify the existing API to add request validatio
8. H. Deploy the updated API to a new API Gateway stag
9. I. Perform the test
10. J. Deploy the updated API to the API Gateway production stage.
11. K. Create a new AP
12. L. Add the necessary resources and methods, including new request validatio
13. M. Perform the test
14. N. Modify the existing API to add request validatio
15. O. Deploy the existing API to production.
16. P. Clone the existing AP
17. Q. Modify the new API to add request validatio
18. R. Perform the test
19. S. Modify the existing API to add request validatio
20. T. Deploy the existing API to production.

Correct Answer: B
Amazon API Gateway allows you to create, deploy, and manage a RESTful API to expose backend HTTP endpoints, AWS Lambda functions, or other AWS services1. You can use API Gateway to perform basic validation of an API request before proceeding with the integration request1. When the validation fails, API Gateway immediately fails the request, returns a 400 error response to the caller, and publishes the validation results in CloudWatch Logs1.
To test changes before deploying to a production environment, you can modify the existing API to add request validation and deploy the updated API to a new API Gateway stage1. This allows you to perform tests without affecting the production environment. Once testing is complete and successful, you can then deploy the updated API to the API Gateway production stage1.
This approach has the least operational overhead as it avoids unnecessary creation of new APIs or exporting and importing of APIs. It leverages the existing infrastructure and only requires changes in the configuration of the existing API1.