DVA-C01 | The Renovate Guide To DVA-C01 Dumps Questions

NEW QUESTION 1
Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?

• A. User ID, where the application has many different users.
• B. Status Code where most status codes are the same
• C. Device ID, where one is by far more popular than all the others.
• D. Game Type, where there are three possible game types

Answer: A

NEW QUESTION 2
A user has launched a MySQL RDS. The user wants to plan for the DR and automate the snapshot. Which of the below mentioned functionality offers this option with RDS?

• A. Copy snapshot
• B. Automated synchronization
• C. Snapshot
• D. Automated backup

Answer: D

Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances: automated backups and DB snapshots. Automated backups automatically back up the DB instance during a specific, user-definable backup window, and keep the backups for a limited, user-specified period of time.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI

NEW QUESTION 3
In regard to DynamoDB, what is the Global secondary index?

• A. An index with a hash and range key that can be different from those on the table.
• B. An index that has the same range key as the table, but a different hash key
• C. An index that has the same hash key and range key as the table
• D. An index that has the same hash key as the table, but a different range key

Answer: A

Explanation:
Global secondary index - an index with a hash and range key that can be different from those on the table.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html

NEW QUESTION 4
A user has created an RDS instance with MySQL. The user is using the HeidiSQL client to connect with the RDS DB. The client is unable to connect to DB from his home machine. What is a possible reason for the failure?

• A. The user has to open port 80 in the RDS security group to connect with RDS DNS
• B. The security group is not configured to allow a request from the user’s IP on port 3306
• C. You can never connect to RDS from your desktop
• D. The user has to open port 22 in the RDS security group to connect with RDS DNS

Answer: B

Explanation:
If the user needs to connect to RDS then he has to open port 3306 in the RDS security group for his IP address.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

NEW QUESTION 5
An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?

• A. Apply the latest patch of OS and always keep it updated.
• B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
• C. Disable the password based login for all the user
• D. All the users should use their own keys to connect with the instance securely.
• E. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.

Answer: B

Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/

NEW QUESTION 6
In regards to Amazon SQS how can you secure the messages in your queues?

• A. You can't
• B. Amazon SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity
• C. Through your IAM access keys
• D. Don't use root access

Answer: B

Explanation:
Authentication mechAMsms are provided to ensure that messages stored in Amazon SQS queues are secured against unauthorized access. Only the AWS account owners can access the queues they create. Amazon SQS uses proven cryptographic methods to authenticate your identity, either through the use of your Access Key ID and request signature, or through the use of an X.509 certificate.
Reference: https://aws.amazon.com/sqs/faqs/

NEW QUESTION 7
A user is enabling a static website hosting on an S3 bucket. Which of the below mentioned parameters cannot be configured by the user?

• A. Error document
• B. Conditional error on object name
• C. Index document
• D. Conditional redirection on object name

Answer: B

Explanation:
To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The user can configure the index, error document as well as configure the conditional routing of on object name.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/HowDoIWebsiteConfiguration.htm|

NEW QUESTION 8
A user is uploading archives to Glacier. The user is trying to understand key Glacier resources. Which of the below mentioned options is not a Glacier resource?

• A. Notification configuration
• B. Archive ID
• C. Job
• D. Archive

Answer: B

Explanation:
AWS Glacier has four resources. Vault and Archives are core data model concepts. Job is required to initiate download of archive. The notification configuration is required to send user notification when archive is available for download.
Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/amazon-glacier-data-model.html

NEW QUESTION 9
A user is launching an AWS RDS instance with MySQL. The user wants to enable the Nlulti AZ feature. Which of the below mentioned parameters will not be allowed to configure by RDS?

• A. Availability Zone
• B. Region
• C. DB subnet group
• D. Database port

Answer: A

Explanation:
If the user is launching RDS with Multi AZ the user cannot provision the Availability Zone. RDS is launched automatically instead
Reference: https://console.aws.amazon.com/rds/

NEW QUESTION 10
In regards to Amazon SQS how many times will you receive each message?

• A. At least twice
• B. Exactly once
• C. As many times as you want
• D. At least once

Answer: D

Explanation:
Amazon SQS is engineered to provide "at least once" delivery of all messages in its queues. Although most of the time, each message will be delivered to your application exactly once, you should design your system so that processing a message more than once does not create any errors or inconsistencies. Reference: https://aws.amazon.com/sqs/faqs/

NEW QUESTION 11
Which header received at the EC2 instance identifies the port used by the client while requesting ELB?

• A. X-Forvvarded-Proto
• B. X-Requested-Proto
• C. X-Forvvarded-Port
• D. X-Requested-Port

Answer: C

Explanation:
The X-Forvvarded-Port request header helps the user identify the port used by the client while sending a request to ELB.
Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/TerminologyandKeyConcepts. html

NEW QUESTION 12
A root account owner is trying to setup an additional level of security for all his IAM users. Which of the below mentioned options is a recommended solution for the account owner?

• A. Enable access key and secret access key for all the IAM users
• B. Enable MFA for all IAM users
• C. Enable the password for all the IAM users
• D. Enable MFA for the root account

Answer: B

Explanation:
Multi-Factor Authentication adds an extra level of security for all the users. The user can enable MFA for all IAM users which ensures that each user has to provide an extra six digit code for authentication. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingMFA.htmI

NEW QUESTION 13
Which of the following programming languages have an officially supported AWS SDK? Choose 2 answers

• A. Perl
• B. PHP
• C. Pascal
• D. Java
• E. SQL

Answer: BD

NEW QUESTION 14
ExamKiIIer (with AWS account ID 111122223333) has created 50 IAM users for its orgAMzation’s employees. What will be the AWS console URL for these associates?

• A. https:// 111122223333.signin.aws.amazon.com/conso|e/
• B. https:// signin.aws.amazon.com/consoIe/
• C. https://signin.aws.amazon.com/111122223333/conso|e/
• D. https://signin.aws.amazon.com/console/111122223333/

Answer: A

Explanation:
When an orgAMzation is using AWS IAM for creating various users and manage their access rights, the IAM user cannot use the login URL http://aws.amazon.com/console to access AWS management console. The console login URL for the IAM user will have AWS account ID of that orgAMzation to identify the IAM user belongs to particular account. The AWS console login URL for the IAM user will be https://
<AWS_Account_|D>.signin.aws.amazon.com/consoIe/. In this case it will be https:// 111122223333.signin.aws.amazon.com/consoIe/
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html

NEW QUESTION 15
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

• A. AWS CIoudWatch + AWS SES.
• B. AWS CIoudWatch + AWS SNS.
• C. AWS CIoudWatch + AWS SQS.
• D. AWS EC2 + AWS Cloudwatc

Answer: B

Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
Reference: http://aws.amazon.com/sns/

NEW QUESTION 16
An orgAMzation has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the orgAMzation wants to implement two separate SSLs for the separate modules although it is already using VPC. How can the orgAMzation achieve this with a single instance?

• A. Create a VPC instance which will have both the ACL and the security group attached to it and haveseparate rules for each IP address.
• B. Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses.
• C. You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
• D. Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP address.

Answer: B

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. With VPC the user can specify multiple private IP addresses for his instances.
The number of network interfaces and private IP addresses that a user can specify for an instance depends on the instance type. With each network interface the orgAMzation can assign an EIP. This scenario helps when the user wants to host multiple websites on a single EC2 instance by using multiple SSL certificates on a single server and associating each certificate with a specific EIP address. It also helps in scenarios for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html

NEW QUESTION 17
An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses?

• A. Perform SQL injection for application testing.
• B. Run penetration testing on AWS with prior approval from Amazon.
• C. Perform a hardening test on the AWS instance.
• D. Perform a Code Check for any memory leak

Answer: D

Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the orgAMzation wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 18
......