Amazon Web Services selftestengine new Release Dva-c02 Aws Certified Associate Questions by Michaela q39 vce pdf

Page: 19 / 44

Exam Name:	AWS Certified Developer - Associate
Exam Code:	DVA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	600 Q&A's	Shared By:	michaela

Question 76

A developer previously deployed an AWS Lambda function as a .zip package. The developer needs to deploy the Lambda function as a container.

Options:

Create an Amazon ECR repository in the same AWS Region as the Lambda function. Package the Lambda function into a container image. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function configuration to specify the repository URI and container image tag.

Create an AWS SAM template that defines the Lambda function and its resources as code. Include a container image in the template, and store the container image in an Amazon S3 bucket. Deploy the AWS SAM template. Specify the S3 bucket URI.

Create an AWS CloudFormation template that defines the Lambda function and its resources as code. Include a container image in the template, and store the image in an Amazon S3 bucket. Deploy the CloudFormation template. Specify the S3 bucket URI.

Create an Amazon ECR repository in the same AWS Region as the Lambda function. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function to use the new image by specifying the repository URI.

Discussion

Question 77

A developer maintains a legacy ecommerce application that sends logs to an Amazon CloudWatch Logs log group. During an audit, the developer discovers that the application sends credit card numbers and credit card verification codes to the log group.

The developer needs a solution to give support staff the ability to view the logs. However, the support staff must not be able to view the sensitive credit card information. Application administrators must be able to view the logs and must have access to the sensitive credit card data. The developer cannot modify the application code.

Which solution will meet these requirements?

Options:

Enable a data protection policy on the log group. Specify the sensitive credit card data to mask. Assign the logs:Unmask IAM permission to the application administrators.

Create an AWS KMS key and associate it with the log group. Assign the kms:Decrypt permission to application administrators.

Create an AWS Lambda function to redact the sensitive credit card information. Configure Amazon Macie to scan the log group for sensitive information and to run the Lambda function.

Configure a WAF for the application. Create a WAF rule to inspect and sanitize log data before it reaches CloudWatch.

Discussion

Answer:

Explanation:

Because the developer cannot change the legacy application code, the solution must apply controls at the logging layer . CloudWatch Logs provides data protection policies that can automatically detect sensitive data using managed data identifiers (including credit card data) and apply masking (de-identification) as log events are ingested. This ensures that sensitive values such as card numbers and verification codes are not displayed in plaintext to general viewers of the log group.

With option A, enabling a data protection policy on the log group and configuring it to mask the relevant credit card data ensures that when support staff query or view logs, the sensitive fields appear redacted. CloudWatch Logs also supports controlled access to view the original unmasked values through an explicit permission: users who have the appropriate IAM authorization (such as logs:Unmask) can retrieve or view the sensitive data, while everyone else sees only the masked version. Granting logs:Unmask to application administrators satisfies the requirement that administrators can access the sensitive data, while withholding it from support staff enforces the restriction.

Option B (KMS encryption) provides encryption at rest for the log group but does not prevent authorized readers from seeing sensitive data once decrypted. Support staff who can read logs would still see plaintext card data. Option C is not a standard or operationally efficient pattern for CloudWatch Logs redaction; Macie is primarily for discovering sensitive data in S3 and does not serve as the native masking mechanism for CloudWatch Logs ingestion. Option D is not applicable: AWS WAF inspects HTTP requests/responses at the edge or load balancer/API layer, not application log streams already being emitted to CloudWatch.

Therefore, A is the correct solution: use CloudWatch Logs data protection to mask sensitive data by default and grant logs:Unmask only to administrators.

Addison

Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.

Libby Apr 17, 2026

That's good to know. I might check it out for my next IT certification exam. Thanks for the info.

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Apr 18, 2026

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Apr 2, 2026

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Apr 9, 2026

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Robin

Cramkey is highly recommended.

Jonah Apr 11, 2026

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Question 78

A company has three AWS Lambda functions that are written in Node.js. The Lambda functions include a mix of custom code and open source modules. When bugs are occasionally detected in the open source modules, all three Lambda functions must be patched. What is the MOST operationally efficient solution to deploy a patched open source library for all three Lambda functions?

Options:

Create a custom AWS CloudFormation public registry extension. Reference a GitHub repository that hosts the open source modules in the extension.

Create an Amazon CloudFront distribution with an Amazon S3 bucket as the origin. Upload the patched modules to Amazon S3 when needed. Modify each Lambda function to download the patched modules during the cold start.

Launch an Amazon EC2 instance. Host a private open source module registry on the EC2 instance. Upload the modified open source modules to the private registry. Modify deployment scripts to download from the private registry.

Create a Lambda layer with the open source modules. Modify all three Lambda functions to depend on the layer. Remove the open source modules from each Lambda function. Patch the Lambda layer and update the Lambda functions to reference the new layer version.

Discussion

Question 79

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments

Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.

Configure the environment variables in the application code Use different names for each environment type

Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret