AWS-Certified-Developer-Associate Premium Bundle

AWS-Certified-Developer-Associate Premium Bundle

AWS Certified Developer Associate Certification Exam

4.5 
(4905 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
January 4, 2025Last update

Amazon AWS-Certified-Developer-Associate Free Practice Questions

Q1. An orgAMzation has 20 employees. The orgAMzation wants to give all the users access to the orgAMzation AWS account. Which of the below mentioned options is the right solution?

A. Share the root credentials with all the users

B. Create an IAM user for each employee and provide access to them

C. It is not advisable to give AWS access to so many users

D. Use the IAM role to allow access based on STS 

Answer: B

Explanation:

AWS Identity and Access Management is a web service that enables the AWS customers to manage  users and user permissions in AWS. The IAM is targeted at orgAMzations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the orgAMzaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

Reference:       http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|

Q2. A user has created a blank EBS volume in the US-East-1 region. The user is unable to attach the volume to a running instance in the same region. What could be the possible reason for this?

A. The instance must be in a running state. It is required to stop the instance to attach volume

B. The AZ for the instance and volume are different

C. The instance is from an instance store backed AMI

D. The instance has enabled the volume attach protection 

Answer: B

Explanation:

An EBS volume provides persistent data storage. The user can attach a volume to any instance provided they are both in the same AZ. Even if they are in the same region but in a different AZ, it will not be able to attach the volume to that instance.

Reference:       http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.htmI

Q3. In regard to DynamoDB, can I delete local secondary indexes?

A. Yes, if it is a primary hash key index

B. No

C. Yes, if it is a local secondary indexes

D. Yes, if it is a Global secondary indexes 

Answer: B

Explanation:

In DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor

Q4. Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

A. Enable MFA for prMleged users

B. Create indMdual IAM users

C. Keep rotating your secure access credentials at regular intervals

D. Create strong access key and secret access key and attach to the root account 

Answer: D

Explanation:

It is a recommended approach to avoid using the access and secret access keys of the root account.

Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always  generated by AWS.

Reference:       http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

Q5. A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB?

A. Better throughput with PIOPS

B. Automated backup

C. NIS SQL is not supported with RDS

D. High availability with multi AZs 

Answer: B

Explanation:

Comparing with on-premises or EC2 based NIS SQL, RDS provides an automated backup feature. PIOPS is available with both RDS and EBS. However, HA is not available with NIS SQL.

Reference: https://aws.amazon.com/rds/faqs/

Q6. ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiI|er wants to make the AWS console login URL for all IAM users like: https://examki||er.signin.aws.amazon.com/consoIe/. How can this be configured?

A. The user needs to use Route 53 to map the examkiller domain and IAM URL

B. Create an IAM AWS account alias with the name examkiller

C. It is not possible to have a personalized IAM login URL

D. Create an IAM hosted zone Identity for the domain examkiller 

Answer: B

Explanation:

If a user wants the URL of the AWS IAM sign-in page to have a company name instead of the AWS account ID, he can create an alias for his AWS account ID.

Reference:       http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html

Q7. A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?

A. It is not possible to access RDS of the US East region from the US West region

B. Open the security group of the US West region in the RDS security group’s ingress rule

C. Configure the IP range of the US West region instance as the ingress security rule of RDS

D. Create an IAM role which has access to RDS and launch an instance in the US West region with it 

Answer: C

Explanation:

The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region.

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

Q8. In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support operations.

A. None of the above

B. Both

C. Query

D. Scan

Answer: C

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations.

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI

Q9. A user has setup an application on EC2 which uses the IAM user access key and secret access key to make secure calls to S3. The user wants to temporarily stop the access to S3 for that IAM user. What should the root owner do?

A. Delete the IAM user

B. Change the access key and secret access key for the users

C. Disable the access keys for the IAM user

D. Stop the instance 

Answer: C

Explanation:

If the user wants to temporarily stop the access to S3 the best solution is to disable the keys. Deleting the user will result in a loss of all the credentials and the app will not be useful in the future. If the user stops the instance IAM users can still access S3. The change of the key does not help either as they are still active. The best possible solution is to disable the keys.

Reference:       http://docs.aws.amazon.com/IAM/latest/UserGuide/NIanagingCredentia|s.html

Q10. Can you configure an RDS Read Replica using CIoudFormation templates?

A. Yes, provided that you have root access.

B. Yes, when you create a new CIoudFormation template

C. Yes, but not for all Regions.

D. No, you can add the ReadRepIica only when the resource is made available by CIoudFormation 

Answer: B

Explanation:

AWS CIoudFormation gives developers and systems administrators an easy way to create and manage collections of AWS resources. You can now set Read Replicas for your databases with RDS when you create a new C|oudFormation tempIate.You can start using it with the sample template of C|oudFormation.

Reference:

https://s3.amazonaws.com/cloudformation-templates-us-east-1/RDS_MySQL_With_Read_RepIica.tempI

Q11. A user had defined an IAM policy similar to the one given below on a bucket:

{

"Version": "2012-10-17",

"Statement": [{

"Effect": "A||ow",

"PrincipaI": {

"AWS": "arn:aws:iam::12112112:user/test"

}!

"Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:GetObject"

]!

"Resource": [ "arn:aws:s3:::examkiI|er"

}

}

What will this do?

A. It will result in an error saying invalid policy statement

B. It will create an IAM policy for the user test

C. Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket examkiller

D. It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket examkiller

Answer:

Explanation:

The IAM policy allows to test a user in the account 12112112 to perform: s3:GetBucketLocation

s3:ListBucket s3:GetObject

Amazon S3 permissions on the examkiller bucket.

Reference:        http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-policy-language-overview.html

Q12. In DynamoDB, the default table size is:

A. 5 GB

B. 1 GB

C. 10 GB

D. There is no table size 

Answer: D

Explanation:

DynamoDB has seamless scalability with no table size limits and unlimited storage, so you shouIdn't be worried about managing storage on the host or to provisioning more drive, as your data requirement changes.

Reference: http://aws.amazon.com/dynamodb/

Q13. In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

A. Client secret

B. Client ID

C. Device token

D. Registration ID 

Answer: C

Explanation:

To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following: Registration ID and Client secret.

Reference:       http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePushPrereq.htmI

Q14. AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when:

A. AWS Elastic Beanstalk detects other problems with the environment that are known to make the application unavailable

B. Your application hasn't responded to the application health check URL within the last one hour.

C. Your application hasn't responded to the application health check URL within the last five minutes.

D. Your appIication's health status is unknown because status is reported when the application is not in the ready state.

Answer:

Explanation:

AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when your appIication's health status is unknown (because status is reported when the application is not in the ready state).

Reference:        http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/using-features.heaIthstatus.htmI

Q15. A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?

A. IAM will throw an error for policy conflict

B. It is not possible to set a policy based on the time or IP

C. It will deny access

D. It will allow access 

Answer: D

Explanation:

With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:

By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)

An explicit allow policy overrides this default. An explicit deny policy overrides any allows. Reference:

http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EvaIuationLogic.htmI

START AWS-Certified-Developer-Associate EXAM