FREE PRACTICE QUESTIONS
AWS Certified Developer Associate
Are you ready to sit your AWS Developer Associate exam? Test your knowledge with these free practice questions.
Simply click on the questions below to reveal the correct answers and explanations with reference links.
A. Create the application within an Amazon VPC and use a VPC endpoint with a trust policy to grant access to the employees.
B. Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with
C. Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only.
D. Use an Amazon Cognito identity pool, federate with the SAML provider, and use a trust policy with an IAM condition key to limit employee access.
The correct answer is D. “Use an Amazon Cognito identity pool, federate with the SAML provider, and use a trust policy with an IAM condition key to limit employee access”.
Amazon Cognito leverages IAM roles to generate temporary credentials for your application’s users. Access to permissions is controlled by a role’s trust relationships.
In this example the Developer must limit access to specific identities in the SAML directory. The Developer can create a trust policy with an IAM condition key that limits access to a specific set of app users by checking the value of cognito-identity.amazonaws.com:sub:
A. “Create the application within an Amazon VPC and use a VPC endpoint with a trust policy to grant access to the employees” is incorrect. You cannot provide access to an on-premises SAML directory using a VPC endpoint.
B. “Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy” is incorrect. A user pool can be used to authenticate but the identity pool is used to provide authorized access to AWS services.
C: “Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only” is incorrect. This is not an integration into the SAML directory and would be very difficult to manage.
A. An IAM role must be added to the instance that has permissions to write to the S3 bucket
B. A bucket policy needs to be added specifying the principles that are allowed to write data to the bucket
C. A VPN should be established to enable private connectivity to S3
D. A VPC endpoint should be provisioned for S3
The correct answer is D. “A VPC endpoint should be provisioned for S3”.
Please note that the question specifically asks how to enable connectivity so this is not about permissions. When using a private subnet with no Internet connectivity there are only two options available for connecting to Amazon S3 (which remember, is a service with a public endpoint, it’s not in your VPC).
The first option is to enable Internet connectivity through either a NAT Gateway or a NAT Instance. However, there is no answer offering either of these as a solution. The other option is to enable a VPC endpoint for S3.
The specific type of VPC endpoint to S3 is a Gateway Endpoint. EC2 instances running in private subnets of a VPC can use the endpoint to enable controlled access to S3 buckets, objects, and API functions that are in the same region as the VPC. You can then use an S3 bucket policy to indicate which VPCs and which VPC Endpoints have access to your S3 buckets.
In the following diagram, instances in subnet 2 can access Amazon S3 through the gateway endpoint.
Therefore, the only answer that presents a solution to this challenge is to provision an VPC endpoint for S3.
A. “An IAM role must be added to the instance that has permissions to write to the S3 bucket” is incorrect. You do need to do this, but the question is asking about connectivity, not permissions.
B. “A bucket policy needs to be added specifying the principles that are allowed to write data to the bucket” is incorrect. You may choose to use a bucket policy to enable permissions but the question is asking about connectivity, not permissions.
C. “A VPN should be established to enable private connectivity to S3” is incorrect. You can create a VPN to establish an encrypted tunnel into a VPC from a location outside of AWS. However, you cannot create a VPN connection from a subnet within a VPC to Amazon S3.
C. All at once
D. Rolling with additional batch
The correct answer is D. “Rolling with additional batch”.
AWS Elastic Beanstalk provides several options for how deployments are processed, including deployment policies (All at once, Rolling, Rolling with additional batch, and Immutable) and options that let you configure batch size and health check behavior during deployments.
For this scenario, we need to ensure we do not reduce the capacity of the application but we also need to minimize cost. In the table below you can see the different deployment policies available and how they impact capacity and cost:
The Rolling with additional batch deployment policy does require extra cost but the extra cost is the size of a batch of instances, therefore you can reduce cost by reducing the batch size. The Immutable deployment policy requires a total deployment of new instances – i.e. if you have 4 instances this will double to 8 instances.
Therefore, the best deployment policy to use for this scenario is the Rolling with additional batch.
A. “Immutable” is incorrect as this would require a higher cost as you need a total deployment of new instances.
B. “Rolling” is incorrect as this will result in a reduction in capacity which will affect performance.
C. “All at once” is incorrect as this results in a total reduction in capacity, i.e. your entire application is taken down at once while the application update is installed.
Looking for more Practice Questions?
This free AWS practice quiz for the AWS Developer Associate consists of 20 questions with a mix of questions on core AWS services, including AWS Lambda, Amazon DynamoDB and Amazon API Gateway. Please note that unlike our online exam simulator, this free sample quiz is not timed – so you can take as much time as required to answer each question. At the end of the test, you get to review your answers and find detailed explanations why each answer is correct or incorrect along with reference links for each question. This will help you identify your strength and weaknesses.
Practice makes perfect. To maximize your chances of success, check out our ultimate training package for the AWS Developer Associate that gives you access to our online exam simulator with more than 500 unique practice questions that are timed and scored. The 6 sets of full-length practice tests reflect the difficulty of the Amazon Web Services exam questions and are the most similar to the real AWS exam experience available.
Simply the best way to assess your exam readiness and ensure you pass your exam the first time with a great score.