Practice Free DVA-C02 Exam Online Questions
A company has an application that uses an AWS Lambda function to process customer orders. The company notices that the application processes some orders more than once.
A developer needs to update the application to prevent duplicate processing.
Which solution will meet this requirement with the LEAST implementation effort?
- A . Implement a de-duplication mechanism that uses Amazon DynamoDB as the control database. Configure the Lambda function to check for the existence of a unique identifier before processing each event.
- B . Create a custom Amazon ECS task to perform idempotency checks. Use AWS Step Functions to integrate the ECS task with the Lambda function.
- C . Configure the Lambda function to retry failed invocations. Implement a retry mechanism that has a fixed delay between attempts to handle duplicate events.
- D . Use Amazon Athena to query processed events to identify duplicate records. Add processing logic to the Lambda function to handle the duplication scenarios that the query identifies.
A
Explanation:
Requirement Summary:
Orders are being processed more than once
Need to prevent duplicate processing
Looking for least implementation effort
Key Concept:
Lambda + Event-driven patterns can occasionally result in duplicate invocations (at-least-once delivery model)
You need idempotency (i.e., prevent repeated processing of same event)
Evaluate Options:
A developer is building an application that uses Amazon DynamoDB. The developer wants to retrieve multiple specific items from the database with a single API call.
Which DynamoDB API call will meet these requirements with the MINIMUM impact on the database?
- A . BatchGetltem
- B . Getltem
- C . Scan
- D . Query
An application uses an Amazon API Gateway API that is integrated with an AWS Lambda function. Specific API requests are returning the HTTP 504 (Gateway Timeout) error message. The Lambda function is configured with a 20-second timeout. The API Gateway integration is configured with a 15-second timeout and a rate of 10 requests every second. There are no errors in the logs for the Lambda function.
Which solution will prevent the HTTP 504 error responses?
- A . Increase the reserved concurrency of the Lambda function.
- B . Increase the timeout of the Lambda function.
- C . Increase the timeout of the API Gateway integration.
- D . Increase the per-client throttling limit.
C
Explanation:
The correct answer is C because the API Gateway integration timeout is set to 15 seconds, while the Lambda function timeout is 20 seconds. If the Lambda function takes longer than 15 seconds to return a response, API Gateway will stop waiting and return an HTTP 504 Gateway Timeout to the client, even if the Lambda function itself has not yet timed out. This exactly matches the symptom described in the question.
The fact that there are no errors in the Lambda logs is also an important clue. If Lambda were failing internally, timing out at its own limit, or throwing exceptions, those events would typically appear in Lambda logs. Instead, the likely problem is that API Gateway is timing out first, before Lambda reaches its own timeout threshold or produces an error.
Option A is incorrect because reserved concurrency affects the number of concurrent executions available to Lambda, not the integration response wait time.
Option B is incorrect because increasing the Lambda timeout beyond 20 seconds would not help if API Gateway is still configured to stop waiting after 15 seconds.
Option D is incorrect because per-client throttling limits control request rates, not backend timeout behavior.
The proper fix is to increase the API Gateway integration timeout so that API Gateway can wait long enough for the Lambda function to complete. This ensures that requests that legitimately need more than 15 seconds can still return successful responses instead of 504 errors.
A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs reach production.
Which solution should the developer implement to meet these requirements?
- A . Run the amplify add test command in the Amplify CLI.
- B . Create unit tests in the application. Deploy the unit tests by using the amplify push command in the Amplify CLI.
- C . Add a test phase to the amplify.yml build settings for the application.
- D . Add a test phase to the aws-exports.js file for the application.
C
Explanation:
The solution that will meet the requirements is to add a test phase to the amplify.yml build settings for the application. This way, the developer can run end-to-end tests on every code commit and catch any bugs before deploying to production. The other options either do not support end-to-end testing, or do not run tests automatically.
Reference: End-to-end testing
A large company has its application components distributed across multiple AWS accounts. The company needs to collect and visualize trace data across these accounts.
What should be used to meet these requirements?
- A . AWS X-Ray
- B . Amazon CloudWatch
- C . Amazon VPC flow logs
- D . Amazon OpenSearch Service
A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket. The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS STS to assume a role with access to perform the S3 PUT operation to upload the file.
The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an IAM instance profile in the same AWS account that owns the S3 bucket.
What is the MOST secure solution for the developer to use to migrate the automation code?
- A . Remove the code that calls the STS AssumeRole operation. Use the same access key and secret
key from the server to access the S3 bucket. - B . Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.
- C . Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an IAM instance profile role that grants access to the S3 bucket.
- D . Remove the access key, the secret key, and the code that calls the STS AssumeRole operation.
Create a new access key and secret key. Use the new keys to access the S3 bucket.
C
Explanation:
The most secure approach on Amazon EC2 is to avoid long-term static credentials entirely and rely on IAM roles for Amazon EC2 (instance profiles). When an EC2 instance is associated with an instance profile, AWS automatically provides temporary security credentials to the instance through the instance metadata service (IMDS). The AWS SDK and CLI can retrieve and rotate these credentials automatically, eliminating the need to store an access key and secret key on disk. This reduces the risk of credential leakage and removes the operational burden of key rotation.
In this scenario, the EC2 instance is already configured with an IAM instance profile in the same account as the S3 bucket. Because the bucket is in the same account and the instance profile can be granted the required permissions, there is no security benefit to keeping a separate stored access key/secret key or performing an additional STS AssumeRole hop. The simplest and most secure design is to attach an IAM policy to the instance profile role that allows the required s3: PutObject (and any related actions such as s3: PutObjectAcl if needed) on the specific bucket/prefix. The application code can then call S3 directly using the AWS SDK, which will automatically use the instance profile credentials.
Option A continues to use long-lived static credentials stored on the server, which is less secure than instance profiles.
Option D is the same problem with different keys: still long-lived credentials that must be protected and rotated.
Option B removes stored keys but keeps an AssumeRole call; although AssumeRole uses temporary credentials, it adds complexity and is unnecessary here because the instance already has an IAM role and the S3 bucket is in the same account.
Therefore, the most secure solution is C: remove static keys and the AssumeRole code and use the instance profile role with least-privilege S3 permissions.
A developer is migrating an application to Amazon Elastic Kubernetes Service (Amazon EKS). The developer migrates the application to Amazon Elastic Container Registry (Amazon ECR) with an EKS cluster.
As part of the application migration to a new backend, the developer creates a new AWS account. The developer makes configuration changes to the application to point the application to the new AWS account and to use new backend resources. The developer successfully tests the changes within the application by deploying the pipeline.
The Docker image build and the pipeline deployment are successful, but the application is still connecting to the old backend. The developer finds that the application’s configuration is still referencing the original EKS cluster and not referencing the new backend resources.
Which reason can explain why the application is not connecting to the new resources?
- A . The developer did not successfully create the new AWS account.
- B . The developer added a new tag to the Docker image.
- C . The developer did not update the Docker image tag to a new version.
- D . The developer pushed the changes to a new Docker image tag.
C
Explanation:
The correct answer is C. The developer did not update the Docker image tag to a new version.
C. The developer did not update the Docker image tag to a new version. This is correct. When deploying an application to Amazon EKS, the developer needs to specify the Docker image tag that contains the application code and configuration. If the developer does not update the Docker image tag to a new version after making changes to the application, the EKS cluster will continue to use the old Docker image tag that references the original backend resources. To fix this issue, the developer should update the Docker image tag to a new version and redeploy the application to the EKS cluster.
A developer is working on a web application that requires selective activation of specific features. The developer wants to keep the features hidden from end users until the features are ready for public access.
Which solution will meet these requirements?
- A . Create a feature flag configuration profile in AWS AppSync. Store the feature flag values in the configuration profile. Activate and deactivate feature flags as needed.
- B . Store prerelease data in an Amazon DynamoDB table. Enable Amazon DynamoDB Streams in the table. Toggle between hidden and visible states by using DynamoDB Streams.
- C . Create a feature flag configuration profile in AWS AppConfig. Store the feature flag values in the configuration profile. Activate and deactivate feature flags as needed.
- D . Store prerelease data in AWS Amplify DataStore. Toggle between hidden and visible states by using Amplify DataStore cloud synchronization.
C
Explanation:
The correct answer is C because AWS AppConfig provides built-in support for feature flags, allowing developers to enable or disable features dynamically without redeploying application code. This is exactly what the question requires: keeping features hidden from end users until the features are ready for release, and then selectively activating them when appropriate.
AWS documentation describes AppConfig as a service for managing application configuration in a safe and controlled way. Feature flags in AppConfig let teams separate deployment from release, which is a core best practice in modern application development. A developer can deploy code that contains unfinished or hidden functionality, while the actual visibility and activation of that functionality is controlled through feature flag values stored in an AppConfig configuration profile. When the feature is ready, the flag can be turned on without changing the application package.
Option A is incorrect because AWS AppSync is a managed GraphQL service and is not the AWS feature flag service for application configuration management.
Option B is incorrect because DynamoDB Streams are used for capturing item-level changes and reacting to table updates, not for controlled feature activation.
Option D is incorrect because Amplify DataStore is intended for client-side data synchronization and offline access patterns, not centralized production feature flag management.
Using AppConfig also provides operational benefits such as deployment strategies, configuration validation, and rollback support, which make it safer than building a custom feature toggle mechanism. For these reasons, AWS AppConfig feature flags are the most appropriate and AWS-recommended solution for hiding prerelease features and selectively enabling them later.
Therefore, C is the correct answer.
A developer is creating a video search application for a global company. The video files have an average size of 2.5 TB. The video storage system must provide instant access to the video files for the first 90 days. After the first 90 days, the video files can take more than 10 minutes to load.
Which solution will meet these requirements MOST cost-effectively?
- A . Upload the video files to the Amazon EFS Standard storage class for the first 90 days. After 90 days, transition the video files to the EFS Standard-Infrequent Access (Standard-IA) storage class.
- B . Upload the video files to Amazon S3. Use the S3 Glacier Deep Archive storage class for the first 90 days. After 90 days, transition the video files to the S3 Glacier Flexible Retrieval storage class.
- C . Use Amazon EBS to store the video files for the first 90 days. After 90 days, transition the video files to the Amazon S3 Glacier Deep Archive storage class.
- D . Upload the video files to Amazon S3. Use the S3 Glacier Instant Retrieval storage class for the first 90 days. After 90 days, transition the video files to the S3 Glacier Flexible Retrieval storage class.
D
Explanation:
S3 Glacier Instant Retrieval is designed for long-lived data that is rarely accessed but requires millisecond retrieval when needed (meeting the "instant access" requirement for the first 90 days).
After 90 days, moving to S3 Glacier Flexible Retrieval (formerly Standard) is more cost-effective because it has lower storage costs, though it has retrieval times of minutes to hours (meeting the "more than 10 minutes" requirement).
An application ingests data from an Amazon Kinesis data stream. The shards in the data stream are set for normal traffic.
During tests for peak traffic, the application ingests data slowly. A developer needs to adjust the data stream to handle the peak traffic.
What should the developer do to meet this requirement MOST cost-effectively?
- A . Install the Kinesis Producer Library {KPL) to ingest data into the data stream.
- B . Switch to on-demand capacity mode for the data stream. Specify a partition key when writing data to the data stream.
- C . Decrease the amount of time that data is kept in the data stream by using the DecreaseStreamRetention Period API operation.
- D . Increase the shard count in the data stream by using the UpdateShardCount API operation.