Practice Free DVA-C02 Exam Online Questions
A developer creates an AWS CloudFormation template that defines one AWS Lambda function, one Amazon S3 bucket, and one IAM role. The developer wants to deploy multiple stacks from the same template across different environments. Each resource must have a unique name per environment.
Which combination of solutions will meet this requirement? (Select TWO.)
- A . Create a parameter for the environment name.
- B . Create a condition for the environment name.
- C . Create a rule for the environment name.
- D . Define resource names by using Fn: : Sub and !Ref with the environment name parameter.
- E . Define resource names by using Fn: : GetAtt and !Ref with the environment name parameter.
A, D
Explanation:
AWS CloudFormation parameters allow templates to be reused across multiple environments by injecting environment-specific values at deployment time. AWS documentation recommends parameters for environment names such as dev, test, and prod.
To ensure unique resource names, CloudFormation intrinsic functions can dynamically construct names. Fn: : Sub allows string interpolation, and !Ref retrieves the parameter value. Together, they enable resource names like myapp-dev-bucket or myapp-prod-role.
Conditions (Option B) control whether resources are created but do not generate unique names. Rules (Option C) validate parameters but do not affect naming. Fn: : GetAtt (Option E) retrieves resource attributes and is not used to build names.
Therefore, defining an environment name parameter and using Fn: : Sub with !Ref is the correct and AWS-recommended approach.
A company hosts a stateless web application with low data storage in a single AWS Region. The company wants to increase the resiliency of the application to include a multi-Region presence. The company wants to set the recovery time objective (RTO) and recovery point objective (RPO) to hours. The company needs a low-cost and low-complexity disaster recovery (DR) strategy.
Which DR strategy should the company use?
- A . Warm standby
- B . Pilot light
- C . Backup and restore
- D . Multi-site active-active
B
Explanation:
Why Option B is Correct: The pilot light strategy keeps a minimal version of the environment in another Region and scales up during a disaster. It achieves an RTO and RPO of hours at a low cost and complexity.
Why Other Options are Incorrect:
Option A: Warm standby is more expensive as it keeps a scaled-down, fully functioning version running in another Region.
Option C: Backup and restore has a longer RTO and RPO than hours.
Option D: Multi-site active-active is costly and more complex than required.
AWS Documentation
Reference: Disaster Recovery Strategies on AWS
A company runs an application on AWS. The application stores data in an Amazon DynamoDB table. Some queries are taking a long time to run. These slow queries involve an attribute that is not the table’s partition key or sort key. The amount of data that the application stores in the DynamoDB table is expected to increase significantly. A developer must increase the performance of the queries.
Which solution will meet these requirements?
- A . Increase the page size for each request by setting the Limit parameter to be higher than the default value.
- B . Create a global secondary index (GSI). Set the query attribute to be the partition key of the index.
- C . Perform a parallel scan operation by issuing individual scan requests.
- D . Turn on read capacity auto scaling for the DynamoDB table. Increase the maximum read capacity units (RCUs).
B
Explanation:
In DynamoDB, queries can only be performed on the Partition Key and Sort Key. If you need to perform high-performance queries on a non-key attribute, you must create a Global Secondary Index (GSI). A GSI allows you to define a new partition key (and optional sort key) for the existing data, enabling efficient queries on those attributes. Scans (Option C) are inefficient and get slower as data grows, regardless of parallelism.
An online food company provides an Amazon API Gateway HTTP API 1o receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table.
The company expects to onboard additional partners Some to me panthers require additional Lambda function to receive orders. The company has created an Amazon S3 bucket. The company needs 10 store all orders and updates m the S3 bucket for future analysis
How can the developer ensure that an orders and updates are stored to Amazon S3 with the LEAST development effort?
- A . Create a new Lambda function and a new API Gateway API endpoint. Configure the new Lambda function to write to the S3 bucket. Modify the original Lambda function to post updates to the new API endpoint.
- B . Use Amazon Kinesis Data Streams to create a new data stream. Modify the Lambda function to publish orders to the oats stream Configure in data stream to write to the S3 bucket.
- C . Enable DynamoDB Streams on me DynamoOB table. Create a new lambda function. Associate the stream’s Amazon Resource Name (ARN) with the Lambda Function Configure the Lambda function to write to the S3 bucket as records appear in the table’s stream.
- D . Modify the Lambda function to punish to a new Amazon. Simple Lambda function receives orders. Subscribe a new Lambda function to the topic. Configure the new Lambda function to write to the S3 bucket as updates come through the topic.
C
Explanation:
This solution will ensure that all orders and updates are stored to Amazon S3 with the least development effort because it uses DynamoDB Streams to capture changes in the DynamoDB table and trigger a Lambda function to write those changes to the S3 bucket. This way, the original Lambda function and API Gateway API endpoint do not need to be modified, and no additional services are required.
Option A is not optimal because it will require more development effort to create a new Lambda function and a new API Gateway API endpoint, and to modify the original Lambda function to post updates to the new API endpoint.
Option B is not optimal because it will introduce additional costs and complexity to use Amazon Kinesis Data Streams to create a new data stream, and to modify the Lambda function to publish orders to the data stream.
Option D is not optimal because it will require more development effort to modify the Lambda function to publish to a new Amazon SNS topic, and to create and subscribe a new Lambda function to the topic.
Reference: Using DynamoDB Streams, Using AWS Lambda with Amazon S3
A developer is working on a web application that runs on Amazon ECS and uses an Amazon DynamoDB table to store data. The application performs a large number of read requests against a small set of the table data.
How can the developer improve the performance of these requests? (Select TWO.)
- A . Create an Amazon ElastiCache cluster. Configure the application to cache data in the cluster.
- B . Create a DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster for DynamoDB requests.
- C . Configure the application to make strongly consistent read requests against the DynamoDB table.
- D . Increase the read capacity of the DynamoDB table.
- E . Enable DynamoDB adaptive capacity.
A,B
Explanation:
The workload is a classic “hot key / hot dataset” pattern: many reads repeatedly target a small subset of items. The best way to improve performance and reduce latency is to add a caching layer so the application does not hit DynamoDB for every read.
Option B is purpose-built for DynamoDB read acceleration: DynamoDB Accelerator (DAX) is an in-memory cache that sits in front of DynamoDB and is API-compatible for many DynamoDB operations. DAX can dramatically reduce read latency (often to microseconds) for frequently accessed items and offload read traffic from the table.
Option A can also help: ElastiCache (Redis/Memcached) can be used as an application-managed cache. This is useful when the application wants more control over caching strategy, TTLs, and non-DynamoDB data caching. For ECS applications, ElastiCache is a common high-performance caching choice.
Why not the others:
C (strongly consistent reads) typically increases latency and capacity consumption; it does not improve performance for repeated reads.
D (increase read capacity) can reduce throttling, but it does not reduce latency as effectively as caching and can be more expensive for hot-read patterns.
E (adaptive capacity) helps DynamoDB handle uneven workloads, but it is not a direct performance boost like caching for repeated reads of a small dataset.
Therefore, adding caching via ElastiCache and/or DAX best improves performance. With “select two,” A and B are correct.
A company needs to deploy all its cloud resources by using AWS CloudFormation templates A developer must create an Amazon Simple Notification Service (Amazon SNS) automatic notification to help enforce this rule. The developer creates an SNS topic and subscribes the email address of the company’s security team to the SNS topic.
The security team must receive a notification immediately if an 1AM role is created without the use of CloudFormation.
Which solution will meet this requirement?
- A . Create an AWS Lambda function to filter events from CloudTrail if a role was created without CloudFormation Configure the Lambda function to publish to the SNS topic. Create an Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
- B . Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) to filter events from CloudTrail if a role was created without CloudFormation Configure the Fargate task to publish to the SNS topic Create an Amazon EventBridge schedule to run the Fargate task every 15 minutes
- C . Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail if a role was created without CloudFormation. Configure the script to publish to the SNS topic. Create a cron job to run the script on the EC2 instance every 15 minutes.
- D . Create an Amazon EventBridge rule to filter events from CloudTrail if a role was created without CloudFormation Specify the SNS topic as the target of the EventBridge rule.
D
Explanation:
EventBridge (formerly CloudWatch Events) is the ideal service for real-time event monitoring.
CloudTrail logs IAM role creation.
EventBridge rules can filter CloudTrail events and trigger SNS notifications instantly.
A company hosts its application in the us-west-1 Region. The company wants to add redundancy in the us-east-1 Region. The application secrets are stored in AWS Secrets Manager in us-west-1. A developer needs to replicate the secrets to us-east-1.
Which solution will meet this requirement?
- A . Configure secret replication for each secret. Add us-east-1 as a replication Region. Choose an AWS KMS key in us-east-1 to encrypt the replicated secrets.
- B . Create a new secret in us-east-1 for each secret. Configure secret replication in us-east-1. Set the source to be the corresponding secret in us-west-1. Choose an AWS KMS key in us-west-1 to encrypt the replicated secrets.
- C . Create a replication rule for each secret. Set us-east-1 as the destination Region. Configure the rule to run during secret rotation. Choose an AWS KMS key in us-east-1 to encrypt the replicated secrets.
- D . Create a Secrets Manager lifecycle rule to replicate each secret to a new Amazon S3 bucket in us-west-1. Configure an S3 replication rule to replicate the secrets to us-east-1.
A
Explanation:
AWS Secrets Manager supports multi-Region secret replication, which is designed specifically for redundancy, disaster recovery, and multi-Region applications. With this feature, the primary secret resides in one Region (here, us-west-1) and Secrets Manager automatically maintains a replica in another Region (us-east-1). This provides local read access and resilience if one Region is impaired.
Option A accurately describes the standard configuration: enable secret replication and add us-east-1 as the replica Region. Because encryption keys are Region-scoped, the replica secret in us-east-1 should be encrypted with a KMS key in us-east-1 (either the default Secrets Manager key for that Region or a customer managed key), satisfying encryption requirements and proper key locality.
Option B is incorrect because you don’t configure replication “from the destination.” Replication is configured on the primary secret, and the replica uses a KMS key in the replica Region, not in the source Region.
Option C is not how Secrets Manager replication works. Replication is not only during rotation; it maintains replicas continuously. The “replication rule during rotation” framing is not the standard mechanism.
Option D is inappropriate and insecure/operationally complex: exporting secrets to S3 for replication is not the recommended pattern and introduces unnecessary exposure.
Therefore, enable Secrets Manager multi-Region replication and encrypt replicas with a KMS key in the destination Region.
A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?
- A . Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws: SecureTransport”: “false”.
- B . Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws: SecureTransport”: “false”.
- C . Define a role-based policy on the other accounts’ roles to deny access when a request meets the condition of “aws: SecureTransport”: “false”.
- D . Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws: SecureTransport”: “false”.
A
Explanation:
Amazon S3 supports resource-based policies, which are JSON documents that specify the permissions for accessing S3 resources. A resource-based policy can be used to enforce encryption in transit by denying access to requests that do not use HTTPS. The condition key aws: SecureTransport can be used to check if the request was sent using SSL. If the value of this key is false, the request is denied; otherwise, the request is allowed.
Reference: How do I use an S3 bucket policy to require
requests to use Secure Socket Layer (SSL)?
A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.
The developer needs to implement a solution to support the following use cases:
For a given title and release year, get all details about the movie that has that title and release year.
For a given title, get all details about all movies that have that title.
For a given genre, get all details about all movies in that genre.
Which data store configuration will meet these requirements?
- A . Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.
- B . Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.
- C . On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.
- D . On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.
A
Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and consistent performance with seamless scalability. The developer can create a DynamoDB table and configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. This will enable querying for a given title and release year efficiently. The developer can also create a global secondary index that uses the genre as the partition key and the title as the sort key. This will enable querying for a given genre efficiently. The developer can store additional properties about the cast and production crew as attributes in the DynamoDB table. These attributes can have different data types and structures, and they do not need to be consistent across items.
Reference: [Amazon DynamoDB]
[Working with Queries – Amazon DynamoDB]
[Working with Global Secondary Indexes – Amazon DynamoDB]
A developer needs to automate deployments for a serverless, event-based workload. The developer needs to create standardized templates to define the infrastructure and to test the functionality of the workload locally before deployment.
The developer already uses a pipeline in AWS CodePipeline. The developer needs to incorporate any other infrastructure changes into the existing pipeline.
Which solution will meet these requirements?
- A . Create an AWS SAM template. Configure the pipeline stages in CodePipeline to run the necessary AWS SAM CLI commands to deploy the serverless workload.
- B . Create an AWS Step Functions workflow template based on the infrastructure by using the Amazon States Language. Start the Step Functions state machine from the existing pipeline.
- C . Create an AWS CloudFormation template. Use the existing pipeline workflow to build a pipeline for AWS CloudFormation stacks.
- D . Create an AWS SAM template. Use an automated script to deploy the serverless workload by using the AWS SAM CLI deploy command.
A
Explanation:
The requirements call for (1) standardized templates to define serverless infrastructure, (2) the ability to test locally before deployment, and (3) integrating deployment and infrastructure changes into an existing AWS CodePipeline workflow. AWS Serverless Application Model (AWS SAM) is designed specifically for serverless applications and extends CloudFormation with serverless-specific resources (such as AWS: : Serverless: : Function, APIs, event sources). SAM also provides the SAM CLI, which includes local testing capabilities (for example, sam local invoke and sam local start-api) that emulate Lambda and API Gateway behavior for rapid iteration before deployment.
Option A fits all requirements: create an AWS SAM template as the infrastructure definition and add
pipeline stages that execute the necessary SAM CLI commands (commonly sam build and sam deploy, and optionally test commands) as part of the CI/CD process. This makes deployments repeatable and automated, ensures infrastructure changes are deployed in lockstep with application changes, and keeps everything governed by the existing CodePipeline.
Option D uses SAM but relies on a standalone script outside the pipeline, which conflicts with the requirement to incorporate infrastructure changes into the existing pipeline.
Option C (plain CloudFormation) can define infrastructure, but it does not inherently provide the same streamlined local testing workflow that SAM CLI provides for serverless event sources and APIs.
Option B is unrelated: Step Functions is an orchestration service and its definition language is not a general infrastructure templating and local-testing solution for serverless deployments.
Therefore, A is the correct strategy: use AWS SAM templates and integrate SAM CLI build/deploy steps into CodePipeline to automate deployments and support local testing while managing infrastructure as code.