Practice Free DVA-C02 Exam Online Questions
Question #101
A developer at a company needs to create a small application that makes the same API call once each day at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the company wants to implement this functionality on AWS.
Which solution meets these requirements in the MOST operationally efficient manner?
- A . Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS).
- B . Use an Amazon Linux crontab scheduled job that runs on Amazon EC2.
- C . Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.
- D . Use an AWS Batch job that is submitted to an AWS Batch job queue.
Correct Answer: C
C
Explanation:
The correct answer is
C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.
C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event. This is correct. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging1. Amazon EventBridge is a serverless event bus service that enables you to connect your applications with data from a variety of sources2. EventBridge can create rules that run on a schedule, either at regular intervals or at specific times and dates, and invoke targets such as Lambda functions3. This solution meets the requirements of creating a small application that makes the same API call once each day at a designated time, without requiring any infrastructure in the AWS Cloud or any operational overhead.
C
Explanation:
The correct answer is
C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.
C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event. This is correct. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging1. Amazon EventBridge is a serverless event bus service that enables you to connect your applications with data from a variety of sources2. EventBridge can create rules that run on a schedule, either at regular intervals or at specific times and dates, and invoke targets such as Lambda functions3. This solution meets the requirements of creating a small application that makes the same API call once each day at a designated time, without requiring any infrastructure in the AWS Cloud or any operational overhead.
Question #102
A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.
- A . "Condition": { "ArnLike": { "aws":"arn:aws:states:ap-south-1:111111111111:stateMachine" } }
- B . "Condition": { "ArnLike": { "aws":"arn:aws:states:ap-south-1:*:stateMachine" } }
Correct Answer: A
A
Explanation:
Comprehensive Detailed Step by Step Explanation with All AWS Developer
Reference: To ensure that only a specific AWS Step Functions state machine (myStateMachine) can assume the service role, you must configure the correct trust policy in AWS IAM.
Trust Policies: Trust policies determine which entities (services or users) are allowed to assume the role. In this case, we want to restrict the trust policy to only allow the specific state machine (myStateMachine) to assume the role.
Using ArnLike: The condition "ArnLike" is used to specify that the SourceArn (which refers to the ARN of the entity assuming the role) must match a specific ARN.
Option A specifies the exact ARN of the myStateMachine state machine, ensuring that only this state machine can assume the role.
Option B: This option is incorrect because it uses a wildcard (*) for the account ID, which would allow any state machine in the ap-south-1 region to assume the role, not just the specific one.
AWS Step Functions IAM Policies
A
Explanation:
Comprehensive Detailed Step by Step Explanation with All AWS Developer
Reference: To ensure that only a specific AWS Step Functions state machine (myStateMachine) can assume the service role, you must configure the correct trust policy in AWS IAM.
Trust Policies: Trust policies determine which entities (services or users) are allowed to assume the role. In this case, we want to restrict the trust policy to only allow the specific state machine (myStateMachine) to assume the role.
Using ArnLike: The condition "ArnLike" is used to specify that the SourceArn (which refers to the ARN of the entity assuming the role) must match a specific ARN.
Option A specifies the exact ARN of the myStateMachine state machine, ensuring that only this state machine can assume the role.
Option B: This option is incorrect because it uses a wildcard (*) for the account ID, which would allow any state machine in the ap-south-1 region to assume the role, not just the specific one.
AWS Step Functions IAM Policies
Question #103
A developer needs to give a new application the ability to retrieve configuration data.
The application must be able to retrieve new configuration data values without the need to redeploy the application code. If the application becomes unhealthy because of a bad configuration change, the developer must be able to automatically revert the configuration change to the previous value.
- A . Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule that has remediation actions to track changes in the application and to roll back any bad configuration changes.
- B . Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule. Attach a custom AWS Systems Manager document to the rule that automatically rolls back any bad configuration changes.
- C . Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up an alarm to automatically roll back any bad configuration changes.
- D . Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up CloudWatch Application Signals to roll back any bad configuration changes.
Correct Answer: D
D
Explanation:
Comprehensive and Detailed Step-by-Step
Option D: AWS AppConfig with CloudWatch Application Signals
AWS AppConfig is designed for managing and deploying application configurations dynamically, without redeployment.
CloudWatch Application Signals provide automatic rollback mechanisms in case of an unhealthy application state due to bad configuration changes.
This solution meets the requirements with minimal operational overhead by ensuring both dynamic updates and rollback functionality.
Why Other Options Are Incorrect:
Option A and B: AWS Secrets Manager is designed for secrets management, not dynamic application configuration. Custom Config rules add unnecessary complexity.
Option C: While CloudWatch alarms can monitor application changes, using alarms for rollback requires manual setup and lacks the automatic rollback provided by Application Signals.
Reference: AWS AppConfig Documentation
D
Explanation:
Comprehensive and Detailed Step-by-Step
Option D: AWS AppConfig with CloudWatch Application Signals
AWS AppConfig is designed for managing and deploying application configurations dynamically, without redeployment.
CloudWatch Application Signals provide automatic rollback mechanisms in case of an unhealthy application state due to bad configuration changes.
This solution meets the requirements with minimal operational overhead by ensuring both dynamic updates and rollback functionality.
Why Other Options Are Incorrect:
Option A and B: AWS Secrets Manager is designed for secrets management, not dynamic application configuration. Custom Config rules add unnecessary complexity.
Option C: While CloudWatch alarms can monitor application changes, using alarms for rollback requires manual setup and lacks the automatic rollback provided by Application Signals.
Reference: AWS AppConfig Documentation
Question #104
A mobile app stores blog posts in an Amazon DynacnoDB table Millions of posts are added every day and each post represents a single item in the table. The mobile app requires only recent posts. Any
post that is older than 48 hours can be removed.
What is the MOST cost-effective way to delete posts that are older man 48 hours?
- A . For each item add a new attribute of type String that has a timestamp that is set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are order than 48 hours by using the Balch Write ltem API operation. Schedule a cron job on an Amazon EC2 instance once an hour to start the script.
- B . For each item add a new attribute of type. String that has a timestamp that its set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are Oder than 48 hours by using the Batch Write item API operating. Place the script in a container image. Schedule an Amazon Elastic Container Service (Amazon ECS) task on AWS Far gate that invokes the container every 5 minutes.
- C . For each item, add a new attribute of type Date that has a timestamp that is set to 48 hours after the blog post creation time. Create a global secondary index (GSI) that uses the new attribute as a sort key. Create an AWS Lambda function that references the GSI and removes expired items by using the Batch Write item API operation Schedule me function with an Amazon CloudWatch event every minute.
- D . For each item add a new attribute of type. Number that has timestamp that is set to 48 hours after the blog post. creation time Configure the DynamoDB table with a TTL that references the new attribute.
Correct Answer: D
D
Explanation:
This solution will meet the requirements by using the Time to Live (TTL) feature of DynamoDB, which enables automatically deleting items from a table after a certain time period. The developer can add a new attribute of type Number that has a timestamp that is set to 48 hours after the blog post creation time, which represents the expiration time of the item. The developer can configure the DynamoDB table with a TTL that references the new attribute, which instructs DynamoDB to delete the item when the current time is greater than or equal to the expiration time. This solution is also cost-effective as it does not incur any additional charges for deleting expired items.
Option A is not optimal because it will create a script to find and remove old posts with a table scan and a batch write item API operation, which may consume more read and write capacity units and incur more costs.
Option B is not optimal because it will use Amazon Elastic Container Service (Amazon ECS) and AWS Fargate to run the script, which may introduce additional costs and complexity for managing and scaling containers.
Option C is not optimal because it will create a global secondary index (GSI) that uses the expiration time as a sort key, which may consume more storage space and incur more
costs.
Reference: Time To Live, Managing DynamoDB Time To Live (TTL)
D
Explanation:
This solution will meet the requirements by using the Time to Live (TTL) feature of DynamoDB, which enables automatically deleting items from a table after a certain time period. The developer can add a new attribute of type Number that has a timestamp that is set to 48 hours after the blog post creation time, which represents the expiration time of the item. The developer can configure the DynamoDB table with a TTL that references the new attribute, which instructs DynamoDB to delete the item when the current time is greater than or equal to the expiration time. This solution is also cost-effective as it does not incur any additional charges for deleting expired items.
Option A is not optimal because it will create a script to find and remove old posts with a table scan and a batch write item API operation, which may consume more read and write capacity units and incur more costs.
Option B is not optimal because it will use Amazon Elastic Container Service (Amazon ECS) and AWS Fargate to run the script, which may introduce additional costs and complexity for managing and scaling containers.
Option C is not optimal because it will create a global secondary index (GSI) that uses the expiration time as a sort key, which may consume more storage space and incur more
costs.
Reference: Time To Live, Managing DynamoDB Time To Live (TTL)
Question #105
A developer is using an AWS Lambda function to generate avatars for profile pictures that are uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for profile pictures
that are saved under the /original/ S3 prefix. The developer notices that some pictures cause the Lambda function to time out. The developer wants to implement a fallback mechanism by using another Lambda function that resizes the profile picture.
Which solution will meet these requirements with the LEAST development effort?
- A . Set the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing.
- B . Create an Amazon Simple Queue Service (Amazon SQS) queue. Set the SQS queue as a destination with an on failure condition for the avatar generator Lambda function. Configure the image resize Lambda function to poll from the SQS queue.
- C . Create an AWS Step Functions state machine that invokes the avatar generator Lambda function and uses the image resize Lambda function as a fallback. Create an Amazon EventBridge rule that matches events from the S3 bucket to invoke the state machine.
- D . Create an Amazon Simple Notification Service (Amazon SNS) topic. Set the SNS topic as a destination with an on failure condition for the avatar generator Lambda function. Subscribe the image resize Lambda function to the SNS topic.
Correct Answer: A
A
Explanation:
The solution that will meet the requirements with the least development effort is to set the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing. This way, the fallback mechanism is automatically triggered by the Lambda service without requiring any additional components or configuration. The other options involve creating and managing additional resources such as queues, topics, state machines, or rules, which would increase the complexity and cost of the solution.
Reference: Using AWS Lambda destinations
A
Explanation:
The solution that will meet the requirements with the least development effort is to set the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing. This way, the fallback mechanism is automatically triggered by the Lambda service without requiring any additional components or configuration. The other options involve creating and managing additional resources such as queues, topics, state machines, or rules, which would increase the complexity and cost of the solution.
Reference: Using AWS Lambda destinations
Question #106
A developer is building an ecommerce application that uses multiple AWS Lambda functions. Each function performs a specific step in a customer order workflow, such as order processing and inventory management.
The developer must ensure that the Lambda functions run in a specific order.
Which solution will meet this requirement with the LEAST operational overhead?
- A . Configure an Amazon Simple Queue Service (Amazon SQS) queue to contain messages about each step a function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue.
- B . Configure an Amazon Simple Notification Service (Amazon SNS) topic to contain notifications about each step a function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step each function must perform.
- C . Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order.
- D . Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order.
Correct Answer: C
C
Explanation:
The requirement here is to ensure that Lambda functions are executed in a specific order. AWS Step Functions is a low-code workflow orchestration service that enables you to sequence AWS services, such as AWS Lambda, into workflows. It is purpose-built for situations like this, where different steps need to be executed in a strict sequence.
AWS Step Functions: Step Functions allows developers to design workflows as state machines, where each state corresponds to a particular function. In this case, the developer can create a Step Functions state machine where each step (order processing, inventory management, etc.) is represented by a Lambda function.
Operational Overhead: Step Functions have very low operational overhead because it natively handles retries, error handling, and function sequencing.
Alternatives:
Amazon SQS (Option A): While SQS can manage message ordering, it requires more manual handling of each step and the logic to sequentially invoke the Lambda functions.
Amazon SNS (Option B): SNS is a pub/sub service and is not designed to handle sequences of Lambda executions.
EventBridge (Option D): EventBridge Scheduler allows you to invoke Lambda functions based on scheduled times, but it doesn’t directly support sequencing based on workflow logic.Therefore, AWS Step Functions is the most appropriate solution due to its native orchestration capabilities and minimal operational complexity.
AWS Step Functions documentation
C
Explanation:
The requirement here is to ensure that Lambda functions are executed in a specific order. AWS Step Functions is a low-code workflow orchestration service that enables you to sequence AWS services, such as AWS Lambda, into workflows. It is purpose-built for situations like this, where different steps need to be executed in a strict sequence.
AWS Step Functions: Step Functions allows developers to design workflows as state machines, where each state corresponds to a particular function. In this case, the developer can create a Step Functions state machine where each step (order processing, inventory management, etc.) is represented by a Lambda function.
Operational Overhead: Step Functions have very low operational overhead because it natively handles retries, error handling, and function sequencing.
Alternatives:
Amazon SQS (Option A): While SQS can manage message ordering, it requires more manual handling of each step and the logic to sequentially invoke the Lambda functions.
Amazon SNS (Option B): SNS is a pub/sub service and is not designed to handle sequences of Lambda executions.
EventBridge (Option D): EventBridge Scheduler allows you to invoke Lambda functions based on scheduled times, but it doesn’t directly support sequencing based on workflow logic.Therefore, AWS Step Functions is the most appropriate solution due to its native orchestration capabilities and minimal operational complexity.
AWS Step Functions documentation
Question #106
A developer is building an ecommerce application that uses multiple AWS Lambda functions. Each function performs a specific step in a customer order workflow, such as order processing and inventory management.
The developer must ensure that the Lambda functions run in a specific order.
Which solution will meet this requirement with the LEAST operational overhead?
- A . Configure an Amazon Simple Queue Service (Amazon SQS) queue to contain messages about each step a function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue.
- B . Configure an Amazon Simple Notification Service (Amazon SNS) topic to contain notifications about each step a function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step each function must perform.
- C . Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order.
- D . Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order.
Correct Answer: C
C
Explanation:
The requirement here is to ensure that Lambda functions are executed in a specific order. AWS Step Functions is a low-code workflow orchestration service that enables you to sequence AWS services, such as AWS Lambda, into workflows. It is purpose-built for situations like this, where different steps need to be executed in a strict sequence.
AWS Step Functions: Step Functions allows developers to design workflows as state machines, where each state corresponds to a particular function. In this case, the developer can create a Step Functions state machine where each step (order processing, inventory management, etc.) is represented by a Lambda function.
Operational Overhead: Step Functions have very low operational overhead because it natively handles retries, error handling, and function sequencing.
Alternatives:
Amazon SQS (Option A): While SQS can manage message ordering, it requires more manual handling of each step and the logic to sequentially invoke the Lambda functions.
Amazon SNS (Option B): SNS is a pub/sub service and is not designed to handle sequences of Lambda executions.
EventBridge (Option D): EventBridge Scheduler allows you to invoke Lambda functions based on scheduled times, but it doesn’t directly support sequencing based on workflow logic.Therefore, AWS Step Functions is the most appropriate solution due to its native orchestration capabilities and minimal operational complexity.
AWS Step Functions documentation
C
Explanation:
The requirement here is to ensure that Lambda functions are executed in a specific order. AWS Step Functions is a low-code workflow orchestration service that enables you to sequence AWS services, such as AWS Lambda, into workflows. It is purpose-built for situations like this, where different steps need to be executed in a strict sequence.
AWS Step Functions: Step Functions allows developers to design workflows as state machines, where each state corresponds to a particular function. In this case, the developer can create a Step Functions state machine where each step (order processing, inventory management, etc.) is represented by a Lambda function.
Operational Overhead: Step Functions have very low operational overhead because it natively handles retries, error handling, and function sequencing.
Alternatives:
Amazon SQS (Option A): While SQS can manage message ordering, it requires more manual handling of each step and the logic to sequentially invoke the Lambda functions.
Amazon SNS (Option B): SNS is a pub/sub service and is not designed to handle sequences of Lambda executions.
EventBridge (Option D): EventBridge Scheduler allows you to invoke Lambda functions based on scheduled times, but it doesn’t directly support sequencing based on workflow logic.Therefore, AWS Step Functions is the most appropriate solution due to its native orchestration capabilities and minimal operational complexity.
AWS Step Functions documentation
Question #108
A developer has a financial application. The application uses AWS Secrets Manager to manage an Amazon RDS for PostgreSQL database’s username and password. The developer needs to rotate the password while maintaining the application’s high availability.
Which solution will meet these requirements with LEAST development effort?
- A . Rotate the secret by using the alternating-users rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.
- B . Use the PostgreSQL client to create a new database username and password. Include the new secret values by performing an immediate rotation. Use the AWS CLI to update the RDS database password. Perform an immediate rotation of the Secrets Manager secrets.
- C . Rotate the secret by using multivalue answer rotation. Update the application with an appropriate retry strategy to handle authentication failures.
- D . Rotate the secret by using the single-user rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.
Correct Answer: D
D
Explanation:
Requirement Summary:
Secrets managed in AWS Secrets Manager
DB: Amazon RDS for PostgreSQL
Need automated password rotation
Must maintain high availability
Least development effort
Rotation Strategies:
Single-user rotation strategy
Simplest to implement
The secret contains one set of credentials used by app and rotation logic Supports automated rotation AWS provides built-in Lambda rotation templates for RDS
D
Explanation:
Requirement Summary:
Secrets managed in AWS Secrets Manager
DB: Amazon RDS for PostgreSQL
Need automated password rotation
Must maintain high availability
Least development effort
Rotation Strategies:
Single-user rotation strategy
Simplest to implement
The secret contains one set of credentials used by app and rotation logic Supports automated rotation AWS provides built-in Lambda rotation templates for RDS
Question #109
A developer creates a static website for their department The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket
The developer notices users can access the root URL and specific pages but cannot access directories without specifying a file name. For example, /products/index.html works, but /products returns an error The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly.
Which solution will meet these requirements?
- A . Update the CloudFront distribution’s settings to index.html as the default root object is set
- B . Update the Amazon S3 bucket settings and enable static website hosting. Specify index html as the Index document Update the S3 bucket policy to enable access. Update the CloudFront distribution’s origin to use the S3 website endpoint
- C . Create a CloudFront function that examines the request URL and appends index.html when directories are being accessed Add the function as a viewer request CloudFront function to the CloudFront distribution’s behavior.
- D . Create a custom error response on the CloudFront distribution with the HTTP error code set to the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP response code to the HTTP 200 OK response code
Correct Answer: B
B
Explanation:
Problem: Directory access without file names fails.
S3 Static Website Hosting:
Configuring S3 as a static website enables automatic serving of index.html for directory requests.
Bucket policies ensure correct access permissions.
Updating the CloudFront origin simplifies routing.
Avoiding Public Exposure: The S3 website endpoint allows CloudFront to access content without making the bucket public.
Reference: S3 Static Website
Hosting: https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html
B
Explanation:
Problem: Directory access without file names fails.
S3 Static Website Hosting:
Configuring S3 as a static website enables automatic serving of index.html for directory requests.
Bucket policies ensure correct access permissions.
Updating the CloudFront origin simplifies routing.
Avoiding Public Exposure: The S3 website endpoint allows CloudFront to access content without making the bucket public.
Reference: S3 Static Website
Hosting: https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html
Question #110
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.
How can the developer incorporate the list of approved instance types in the CloudFormation template?
- A . Create a separate CloudFormation template for each EC2 instance type in the list.
- B . In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.
- C . In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.
- D . In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.
Correct Answer: D
D
Explanation:
In the CloudFormation template, the developer should create a parameter with the list of approved EC2 instance types as AllowedValues. This way, users can select the instance type they want to use when launching the CloudFormation stack, but only from the approved list.
D
Explanation:
In the CloudFormation template, the developer should create a parameter with the list of approved EC2 instance types as AllowedValues. This way, users can select the instance type they want to use when launching the CloudFormation stack, but only from the approved list.