Free AWS-Certified-Developer-Associate Exam Braindumps

A company is creating an application that processes csv files from Amazon S3 A developer has created an S3 bucket The developer has also created an AWS Lambda function to process the csv files from the S3 bucket
Which combination of steps will invoke the Lambda function when a csv file is uploaded to Amazon S3? (Select TWO.)

1. A. Create an Amazon EventBridge rule Configure the rule with a pattern to match the S3 object created event
2. B. Schedule an Amazon EventBridge rule to run a new Lambda function to scan the S3 bucket.
3. C. Add a trigger to the existing Lambda functio
4. D. Set the trigger type to EventBridge Select the Amazon EventBridge rule.
5. E. Create a new Lambda function to scan the S3 bucket for recently added S3 objects
6. F. Add S3 Lifecycle rules to invoke the existing Lambda function

Correct Answer: AC
To invoke a Lambda function when a csv file is uploaded to Amazon S3, you can use Amazon EventBridge to create a rule that matches the S3 object created event. Then, you can add a trigger to the existing Lambda function and set the trigger type to EventBridge. This way, the Lambda function will be invoked whenever a new csv file is added to the S3 bucket. References
✑ Tutorial: Using an Amazon S3 trigger to invoke a Lambda function
✑ How to trigger my Lambda Function once the file is uploaded to s3 bucket
✑ Lambda Function to be invoked or triggered by S3(csv file upload …

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

1. A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
2. B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
3. C. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
4. D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

Correct Answer: B
IAM instance profiles are containers for IAM roles that can be associated with EC2 instances. An IAM role is a set of permissions that grant access to AWS resources. An IAM role can be used to allow an EC2 instance to access an S3 bucket by including the appropriate permissions in the role’s policy. The S3:ListBucket permission allows listing the objects in an S3 bucket. By updating the IAM instance profile with this permission, the application on the EC2 instance can retrieve the objects from the S3 bucket and display them to the user. Reference: Using an IAM role to grant permissions to applications running on Amazon EC2 instances

A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud based applications has hundreds of AWS Lambda functions that pull date from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambdas deployment bundle.
After 3 months of development the root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing and production environment. Each environment is managed in a separate AWS account.
When combination of steps Would the developer take to meet these environments MOST cost-effectively? (Select TWO)
Solution:
This solution will meet the requirements by storing the Root CA Cert as a Secure String parameter in AWS Systems Manager Parameter Store, which is a secure and scalable service for storing and managing configuration data and secrets. The resource-based policy will allow IAM users in different AWS accounts and environments to access the parameter without requiring cross-account roles or permissions. The Lambda code will be refactored to load the Root CA Cert from the parameter store and modify the runtime trust store outside the Lambda function handler, which will improve performance and reduce latency by avoiding repeated calls to Parameter Store and trust store modifications for each invocation of the Lambda function. Option A is not optimal because it will use AWS Secrets Manager instead of AWS Systems Manager Parameter Store, which will incur additional costs and complexity for storing and managing a non-secret configuration data such as Root CA Cert. Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss. Option D is not optimal because it will modify the runtime trust store inside the Lambda function handler, which will degrade performance and increase latency by repeating unnecessary operations for each invocation of the Lambda function.
References: AWS Systems Manager Parameter Store, [Using SSL/TLS to Encrypt a Connection to a DB Instance]

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

A company has a multi-node Windows legacy application that runs on premises. The application uses a network shared folder as a centralized configuration repository to store configuration files in .xml format. The company is migrating the application to Amazon EC2 instances. As part of the migration to AWS, a developer must identify a solution that provides high availability for the repository.
Which solution will meet this requirement MOST cost-effectively?

1. A. Mount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instance
2. B. Deploy a file system on the EBS volum
3. C. Use the host operating system to share a folde
4. D. Update the application code to read and write configuration files from theshared folder.
5. E. Deploy a micro EC2 instance with an instance store volum
6. F. Use the host operating system to share a folde
7. G. Update the application code to read and write configuration files from the shared folder.
8. H. Create an Amazon S3 bucket to host the repositor
9. I. Migrate the existing .xml files to the S3 bucke
10. J. Update the application code to use the AWS SDK to read and write configuration files from Amazon S3.
11. K. Create an Amazon S3 bucket to host the repositor
12. L. Migrate the existing .xml files to the S3 bucke
13. M. Mount the S3 bucket to the EC2 instances as a local volum
14. N. Update the application code to read and write configuration files from the disk.

Correct Answer: C
Amazon S3 is a service that provides highly scalable, durable, and secure object storage. The developer can create an S3 bucket to host the repository and migrate the existing .xml files to the S3 bucket. The developer can update the application code to use the AWS SDK to read and write configuration files from S3. This solution will meet the requirement of high availability for the repository in a cost-effective way.
References:
✑ [Amazon Simple Storage Service (S3)]
✑ [Using AWS SDKs with Amazon S3]

A developer must use multi-factor authentication (MFA) to access data in an Amazon S3
bucket that is in another AWS account. Which AWS Security Token Service (AWS STS) API operation should the developer use with the MFA information to meet this requirement?

1. A. AssumeRoleWithWebidentity
2. B. GetFederationToken
3. C. AssumeRoleWithSAML
4. D. AssumeRole

Correct Answer: D
The AssumeRole API operation returns a set of temporary security credentials that can be used to access resources in another AWS account. The developer can specify the MFA device serial number and the MFA token code in the request parameters. This option enables the developer to use MFA to access data in an S3 bucket that is in another AWS account. The other options are not relevant or effective for this scenario. References
✑ AssumeRole
✑ Requesting Temporary Security Credentials