Amazon AWS Certified Developer

Associate Exam Practice Questions

Q1. When launching containers in Amazon ECS, where may PortMapping be defined?
A. Security groups
B. Amazon Elastic Container Registry (Amazon ECR)
C. Container agent
D. Task definition
Answer: D

Q2. How should access keys be handled in AWS according to best practices? (Select
two.)
A. Use the same access key in all applications for consistency.
B. Delete all access keys for the account root user.
C. Leave unused access keys in the account for tracking purposes.
D. Embed and encrypt access keys in code for continuous deployment.
E. Use Amazon IAM roles instead of access keys where possible.
Answer: BE

Q3. What is the run order of the hooks for in-place deployments in an AWS CodeDeploy
deployment?
A. Before Install -> Application Stop -> Application Start -> After Install
B. Application Stop -> Before Install -> After Install -> Application Start
C. Before Install -> Application Stop -> Validate Service -> Application Start
D. Application Stop -> Before Install -> Validate Service -> Application Start
Answer: B

Q4. Data is read from an Amazon DynamoDB database by an application. The program
gets several ProvisionedThroughputExceeded errors many times a day for a duration of
15 seconds. What should be done with this exception?
A. Create a new global secondary index for the table to help with the additional
requests.
B. Retry the failed read requests with exponential backoff.
C. Immediately retry the failed read requests.
D. Use the DynamoDB ‫ג‬€UpdateItem‫ג‬€ API to increase the provisioned throughput
capacity of the table.
Answer: B
Q5. All data in transit between an EC2 instance and an Amazon EBS volume must be
secured for a physician's office management application.
Which one of the following strategies satisfies this criterion? (Select two.)

A. Create encrypted snapshots into Amazon S3.

B. Use Amazon RDS with encryption.
C. Use IAM roles to limit access to the Amazon EBS volume.
D. Enable EBS encryption.
E. Leverage OS-level encryption.
Answer: AD

Q6. What section of the document root must be included in an AWS CloudFormation
template to include objects specified by the AWS Serverless Application Model (SAM) in
addition to Resources?
A. Conditions
B. Globals
C. Transform
D. Properties

Answer: D

Q7. A developer recognizes the need for centralized storage of application-level logs
while designing an application that runs on Amazon EC2 in an Amazon VPC.
Which AWS service can be utilized to store these logs securely?

A. Amazon EC2 VPC Flow Logs

B. Amazon CloudWatch Logs
C. Amazon CloudSearch
D. AWS CloudTrail

Answer: B

Q8. What are the requirements for configuring container instances in an AWS Elastic
Beanstalk multi-container Docker environment?
A. An Amazon ECS task definition
B. An Amazon ECS cluster
C. A Dockerfile in an application package
D. A CLI for Elastic Beanstalk
Answer: A

Q9. A developer must install a serverless RESTful API on AWS regularly and
consistently.

Which strategies will be effective? (Select two.)

A. Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.
B. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.
 C. Deploy a SAM template with an inline Swagger definition.
D. Define a Swagger file. Deploy a SAM template that references the Swagger
file.
E. Define an inline Swagger definition in a Lambda function. Invoke the Lambda
function.
Answer: DE

Q10. Amazon Kinesis is used to load data into a stock market monitoring application.
The Kinesis stream cannot keep up with the incoming data during simulated peak data
rates testing.
What step will enable Kinesis to handle peak-hour traffic?
A. Install the Kinesis Producer Library (KPL) for ingesting data into the stream.
B. Reduce the data retention period to allow for more data ingestion using
DecreaseStreamRetentionPeriod.
C. Increase the shard count of the stream using UpdateShardCount.
D. Ingest multiple records into the stream in a single call using PutRecords.
Answer: A

Q11. AWS services must be accessed and API calls must be made by an application
running on an Amazon EC2 instance.
What is the SAFEST approach to grant access to AWS services with the least amount
of administration overhead?

A. Use AWS KMS to store and retrieve credentials.

B. Use EC2 instance profiles.
C. Use AWS root user to make requests to the application.
D. Store and retrieve credentials from AWS CodeCommit.
Answer: B

Q12. With production-distributed applications created as AWS Lambda functions, a

developer must investigate performance issues. Other components of the applications
are invoked by these distributed Lambda applications.What is the best way for a
developer to discover and resolve the root cause of production performance issues?

A. Add logging statements to the Lambda functions, then use Amazon

CloudWatch to view the logs.
B. Use AWS CloudTrail and then examine the logs.
C. Use AWS X-Ray, then examine the segments and errors.
D. Run Amazon Inspector agents and then analyze performance.
Answer: C

Q13. What is the advantage of instantiating AWS clients outside the scope of the
handler when constructing a Lambda function?
A. Legibility and stylistic convention
B. Taking advantage of connection re-use
C. Better error handling
 D. Creating a new instance per invocation
Answer: B

Q14. Thousands of sensitive audio and video data must be stored in an Amazon S3
bucket. All data written to this bucket must be encrypted according to organizational
security rules. How can this policy's compliance be ensured?

A. Use AWS Lambda to send notifications to the security team if unencrypted

objects are pun in the bucket.
B. Configure an Amazon S3 bucket policy to prevent the upload of objects that
do not contain the x-amz-server-side-encryption header.
C. Create an Amazon CloudWatch event rule to verify that all objects stored in
the Amazon S3 bucket are encrypted.
D. Configure an Amazon S3 bucket policy to prevent the upload of objects that
contain the x-amz-server-side-encryption header.
Answer: B

Q15. Before code is released into the production environment, the release process
workflow of an application needs human review. What is the MOST EFFECTIVE
method to do this using AWS CodePipeline?

A. Use multiple pipelines to allow approval

B. Use an approval action in a stage
C. Disable the stage transition to allow manual approval
D. Disable a stage just prior the deployment stage
Answer: D

Q16. When attempting to start or stop an Amazon EC2 instance using a boto3 script,
the developer gets the following error message.

What is the developer's responsibility in resolving this error message?

A. Assign an IAM role to the EC2 instance to allow necessary API calls on behalf
of the client.
B. Implement an exponential backoff algorithm for optimizing the number of API
requests made to Amazon EC2.
C. Increase the overall network bandwidth to handle higher API request rates.
D. Upgrade to the latest AWS CLI version so that boto3 can handle higher
request rates.
Answer: B
Q17. On an EC2 instance, an application is executing. The developer wishes to keep a
statistic about his program in Amazon CloudWatch. How should this requirement be
implemented optimally?

A. Use the PUT Object API call to send data to an S3 bucket. Use an event
notification to invoke a Lambda function to publish data to CloudWatch.
B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API
call. Subscribe a Lambda function that publishes data to CloudWatch.
C. Use the CloudWatch PutMetricData API call to submit a custom metric to
CloudWatch. Provide the required credentials to enable the API call.
D. Use the CloudWatch PutMetricData API call to submit a custom metric to
CloudWatch. Launch the EC2 instance with the required IAM role to enable the
API call.
Answer: D
Use the CloudWatch PutMetricData API call to submit a custom metric to
CloudWatch. Launch the EC2 instance with the required IAM role to enable the API
call.

Q18. What are the best practices for using bespoke libraries in AWS Lambda?
A. Host the library on Amazon S3 and reference to it from the Lambda function.
B. Install the library locally and upload a ZIP file of the Lambda function.
C. Import the necessary Lambda blueprint when creating the function.
D. Modify the function runtime to include the necessary library.
Answer: