Practice Free DVA-C02 Exam Online Questions
A healthcare company develops a patient monitoring application that uses AWS AppSync and an AWS Lambda function. The application stores patient data in an Amazon DynamoDB database. The application processes real-time patient vital signs from thousands of IoT devices. The application must support queries from medical staff who access patient historical data. A developer notices significant latency when medical staff query patient histories, specifically for frequently-accessed records of patients currently under observation. The developer observes that the Lambda functions are consuming high read capacity units (RCUs) from DynamoDB. The developer needs to optimize the application’s performance and maintain data consistency.
Which solution will meet these requirements?
- A . Enable response caching in AppSync with a TTL value of 1 hour for all queries. Update the Lambda code to use in-memory caching.
- B . Increase the Lambda function memory allocation to maximum. Configure provisioned concurrency for the function.
- C . Create a caching Lambda function that aggregates patient data periodically and stores it in Amazon S3. Implement a read-through cache pattern.
- D . Implement in-memory caching by using Amazon ElastiCache for frequently-accessed patient records. Configure the Lambda functions to check the cache before querying the database. Set up cache invalidation when patient data is updated.
D
Explanation:
For frequently accessed data that causes high RCUs and latency in DynamoDB, ElastiCache (Redis or Memcached) is the recommended solution. It sits in front of DynamoDB as a high-speed, in-memory cache. Implementing a "Cache-Aside" or "Read-Through" pattern reduces the load on DynamoDB and provides sub-millisecond response times for queries. Invalidation ensures that when vital signs are updated, the cache is refreshed, maintaining data consistency.
A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.
What is the simplest way to do this?
- A . Write a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance.
- B . Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.
- C . Each day, create a new table to hold session data; delete the previous day’s table.
- D . Add an attribute with the expiration time; name the attribute ItemExpiration.
A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?
- A . Use Amazon CloudFront with signed URLs for Amazon S3.
- B . Create a dedicated Amazon CloudFront Distribution for each customer.
- C . Use Amazon CloudFront with AWS Lambda@Edge.
- D . Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.
A
Explanation:
This solution allows easy and secure control of access to the downloads at the lowest cost because it uses a content delivery network (CDN) that can cache and distribute firmware updates to customers around the world, and uses a mechanism that can restrict access to specific files or versions. Amazon CloudFront is a CDN that can improve performance, availability, and security of web applications by delivering content from edge locations closer to customers. Amazon S3 is a storage service that can store firmware updates in buckets and objects. Signed URLs are URLs that include additional information, such as an expiration date and time, that give users temporary access to specific objects in S3 buckets. The developer can use CloudFront to serve firmware updates from S3 buckets and use signed URLs to control who can download them and for how long. Creating a dedicated CloudFront distribution for each customer will incur unnecessary costs and complexity. Using Amazon CloudFront with AWS Lambda@Edge will require additional programming overhead to implement custom logic at the edge locations. Using Amazon API Gateway and AWS Lambda to control access to an S3 bucket will also require additional programming overhead and may not provide optimal performance or availability.
Reference: [Serving Private Content through CloudFront], [Using CloudFront with Amazon S3]
A company’s application uses an Amazon API Gateway REST API and AWS Lambda functions to upload media files to and fetch media files from a standard Amazon S3 Standard bucket. The company runs a nightly job on an Amazon EC2 instance to create dashboards and other visualizations for application users. The job usually runs for 1 to 2 hours.
A developer observes request throttling while the function is running. The application generates multiple 429 exceptions in the Lambda function logs when files do not process successfully. The developer needs to resolve the issue and ensure that all of the application ingests all files.
Which solution will meet these requirements?
- A . Enable S3 Transfer Acceleration on the bucket. Use the appropriate endpoint.
- B . Call the CreateMultipartUpload API in the Lambda functions to upload the files in pieces.
- C . Implement the retry with a backoff pattern in the Lambda functions.
- D . Set up an S3 Lifecycle policy to automatically move the media files to the S3 Intelligent-Tiering storage class.
C
Explanation:
HTTP 429 errors indicate throttling (“Too Many Requests”). In this architecture, throttling can occur at multiple layers (API Gateway rate limits, downstream AWS service API throttles, or dependency throttling). Regardless of which service is throttling, the correct resilience pattern is to implement retries with exponential backoff and jitter for retryable failures. AWS SDKs and AWS best practices recommend backoff to reduce contention and allow the system to recover, while ensuring requests eventually succeed.
Option C directly addresses the problem and the requirement “ensure that all of the application ingests all files.” With a retry + backoff pattern, transient throttling is handled gracefully: failed operations are retried after increasing delays, avoiding immediate retry storms that worsen throttling. This increases successful completion rate without requiring major architectural changes.
Option A (Transfer Acceleration) can improve upload latency from geographically distributed clients, but it does not resolve request throttling (429) caused by API limits.
Option B (multipart upload) helps with large object uploads and can improve throughput/reliability for big files, but it does not inherently prevent 429 throttling at API Gateway or other throttled calls.
Option D (Intelligent-Tiering) affects storage cost optimization, not ingestion throttling.
A company’s developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values
When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.
Which solution will meet these requirements with the LEAST development effort?
- A . Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
- B . Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table
- C . Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table
- D . Modify the CloudFormation stack policy to deny updates on Parameter Store parameters
A
Explanation:
Problem: CloudFormation updates reset Parameter Store parameters, disrupting application behavior.
Deletion Policy: CloudFormation has a deletion policy that controls resource behavior when a stack is deleted or updated. The ‘Retain’ policy instructs CloudFormation to preserve a resource’s current state.
Least Development Effort: This solution involves a simple CloudFormation template modification, requiring minimal code changes.
Reference: CloudFormation Deletion
Policies: https: //docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html
A company has a web application that contains an Amazon API Gateway REST API. A developer has created an AWS CloudFormation template for the initial deployment of the application. The developer has deployed the application successfully as part of an AWS CodePipeline CI/CD process. All resources and methods are available through the deployed stage endpoint.
The CloudFormation template contains the following resource types:
• AWS: : ApiGateway: : RestApi
• AWS: : ApiGateway: : Resource
• AWS: : ApiGateway: : Method
• AWS: : ApiGateway: : Stage
• AWS: : ApiGateway: : Deployment
The developer adds a new resource to the REST API with additional methods and redeploys the template. CloudFormation reports that the deployment is successful and that the stack is in the UPDATE_COMPLETE state. However, calls to all new methods are returning 404 (Not Found) errors.
What should the developer do to make the new methods available?
- A . Specify the disable-rollback option during the update-stack operation.
- B . Unset the CloudFormation stack failure options.
- C . Add an AWS CodeBuild stage to CodePipeline to run the aws apigateway create-deployment AWS CLI command.
- D . Add an action to CodePipeline to run the aws cloudfront create-invalidation AWS CLI command.
C
Explanation:
For API Gateway REST APIs, configuration changes (new resources/methods) do not automatically become callable from a stage until a new API Gateway Deployment is created and associated with the stage. In CloudFormation, an AWS: : ApiGateway: : Deployment resource is immutable and effectively represents a snapshot of the API configuration at a point in time. If the Deployment resource does not change (for example, its logical ID or a property that forces replacement), CloudFormation may not create a new deployment even though the stack update succeeds―resulting in the stage still pointing to the old deployment. The symptom is exactly what’s described:
new methods return 404 because they are not part of the deployed snapshot.
A common operational fix is to create a new deployment explicitly during CI/CD.
Option C does this by running aws apigateway create-deployment, which creates a fresh deployment that includes the new resources/methods and makes them available on the stage.
Option D is unrelated (CloudFront invalidation).
Options A and B do not affect API Gateway deployment snapshots.
In pure CloudFormation, another common pattern is to force a new deployment by changing the Deployment logical ID or embedding a timestamp/hash in the deployment description. But among the options given, running create-deployment is the direct fix.
Therefore, add a pipeline step to run aws apigateway create-deployment.
A developer deployed an application to an Amazon EC2 instance The application needs to know the public IPv4 address of the instance
How can the application find this information?
- A . Query the instance metadata from http./M69.254.169.254. latestmeta-data/.
- B . Query the instance user data from http ‘169 254.169 254. latest/user-data/
- C . Query the Amazon Machine Image (AMI) information from http: //169.254.169.254/latest/meta-data/ami/.
- D . Check the hosts file of the operating system
A
Explanation:
Instance Metadata Service: EC2 instances have access to an internal metadata service. It provides instance-specific information like instance ID, security groups, and public IP address.
Accessing Metadata:
Make an HTTP GET request to the base URL: http: //169.254.169.254/latest/meta-data/ You’ll get a list of available categories. The public IPv4 address is under public-ipv4.
Reference: Instance Metadata and User
Data: https: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
A company wants to deploy and maintain static websites on AWS. Each website’s source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub.
The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The company needs a solution that does not require servers to run continuously.
Which solution will meet these requirements with the LEAST operational overhead?
- A . Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.
- B . Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch. Integrate AWS CodePipeline to automate deployments from version control code merges.
- C . Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control. Add an AWS CodeBuild stage to copy source code to Amazon S3.
- D . Host each website on its own Amazon EC2 instance. Write a custom deployment script to bundle each website’s static assets. Copy the assets to Amazon EC2. Set up a workflow to run the script when code is merged.
A
Explanation:
AWS Amplify is a set of tools and services that enables developers to build and deploy full-stack web and mobile applications that are powered by AWS. AWS Amplify supports hosting static websites on Amazon S3 and Amazon CloudFront, with HTTPS enabled by default. AWS Amplify also integrates with various version control systems, such as AWS CodeCommit, Bitbucket, and GitHub, and allows developers to connect different branches to different environments. AWS Amplify automatically builds and deploys the website whenever code changes are merged to a connected branch, enabling phased releases with minimal operational overhead.
Reference: AWS Amplify Console
A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud based applications has hundreds of AWS Lambda functions that pull date from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambdas deployment bundle.
After 3 months of development the root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing and production environment. Each environment is managed in a separate AWS account.
When combination of steps Would the developer take to meet these environments MOST cost-effectively? (Select TWO)
- A . Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret
- B . Store the Root CA Cert as a Secure Sting parameter in aws Systems Manager Parameter Store Create a resource-based policy. Add IAM users to allow access to the policy.
- C . Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy to allow access to the bucket.
- D . Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location. Modify the runtime trust store inside the Lambda function handler.
- E . Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store outside the Lambda function handler.
B,E
Explanation:
This solution will meet the requirements by storing the Root CA Cert as a Secure String parameter in AWS Systems Manager Parameter Store, which is a secure and scalable service for storing and managing configuration data and secrets. The resource-based policy will allow IAM users in different AWS accounts and environments to access the parameter without requiring cross-account roles or permissions. The Lambda code will be refactored to load the Root CA Cert from the parameter store and modify the runtime trust store outside the Lambda function handler, which will improve performance and reduce latency by avoiding repeated calls to Parameter Store and trust store modifications for each invocation of the Lambda function.
Option A is not optimal because it will use AWS Secrets Manager instead of AWS Systems Manager Parameter Store, which will incur additional costs and complexity for storing and managing a non-secret configuration data such as Root CA Cert.
Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss.
Option D is not optimal because it will modify the runtime trust store inside the Lambda function handler, which will degrade performance and increase latency by repeating unnecessary operations for each invocation of the Lambda function.
Reference: AWS Systems Manager Parameter Store, [Using SSL/TLS to Encrypt a Connection to a DB Instance]
A company launched an online portal to announce a new product that the company will release in 6 months. The portal requests that users enter an email address to receive communications about the product. The company needs to create a REST API that will store the email addresses in Amazon DynamoDB.
A developer has created an AWS Lambda function that can store the email addresses. The developer will deploy the Lambda function by using the AWS Serverless Application Model (AWS SAM). The developer must provide access to the Lambda function over HTTP.
Which solutions will meet these requirements with the LEAST additional configuration? (Select TWO.)
- A . Expose the Lambda function by using function URLs.
- B . Expose the Lambda function by using a Gateway Load Balancer.
- C . Expose the Lambda function by using a Network Load Balancer.
- D . Expose the Lambda function by using AWS Global Accelerator
- E . Expose the Lambda function by using Amazon API Gateway.