30 Free AWS DVA-C02 Practice Questions

DVA-C02 Practice Questions

1. Question 1.Which of the following are good use cases for how Amazon ElastiCache can help an application? (Select TWO)

   • A.Improve the performance of S3 PUT operations.
   • B.Improve the latency of deployments performed by AWS CodeDeploy.
   • C.Improve latency and throughput for read-heavy application workloads.(correct answer)
   • D.Reduce the time required to merge AWS CodeCommit branches.
   • E.Improve performance of compute-intensive applications.(correct answer)
   Show answer & explanationHide answer

   Correct answer: C, E

   Improve latency and throughput for read-heavy application workloads. / Improve performance of compute-intensive applications.

   Explanation

   Amazon ElastiCache is an in-memory database service that improves latency and throughput for read-heavy workloads (by caching database queries) and improves the performance of compute-intensive applications (by storing results of heavy calculations).

2. Question 2.Which of the following services are key/value stores? (Choose 3 answers)

   • A.Amazon ElastiCache.(correct answer)
   • B.Simple Notification Service.
   • C.DynamoDB.(correct answer)
   • D.Simple Workflow Service.
   • E.Simple Storage Service.(correct answer)
   Show answer & explanationHide answer

   Correct answer: A, C, E

   Amazon ElastiCache. / DynamoDB. / Simple Storage Service.

   Explanation

   Amazon ElastiCache (Redis), DynamoDB, and Amazon S3 are all examples of key/value stores in AWS. SNS is a pub/sub service, and SWF is a workflow coordination service.

3. Question 3.A developer wants to send multi-value headers to an AWS Lambda function that is registered as a target with an Application Load Balancer (ALB). What should the developer do to achieve this?

   • A.Place the Lambda function and target group in the same account.
   • B.Send the request body to the Lambda function with a size less than 1 MB 0.
   • C.Include the Base64 encoding status status code, status description, and headers in the Lambda function.
   • D.Enable the multi-value headers on the ALB.(correct answer)
   Show answer & explanationHide answer

   Correct answer: D

   Enable the multi-value headers on the ALB.

   Explanation

   To send multi-value headers from an Application Load Balancer to a Lambda target, you must explicitly enable the 'Multi-value headers' setting on the ALB target group.

4. Question 4.A company's ecommerce website is experiencing massive traffic spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time. A developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent. Which cache writing policy will satisfy these requirements?

   • A.Write to the cache directly and sync the backend at a later time.
   • B.Write to the backend first and wait for the cache to expire.
   • C.Write to the cache and the backend at the same time.
   • D.Write to the backend first and invalidate the cache.(correct answer)
   Show answer & explanationHide answer

   Correct answer: D

   Write to the backend first and invalidate the cache.

   Explanation

   To ensure strong consistency between the database and the cache, the 'Write-Through' or 'Write-to-the-backend-first-and-invalidate-cache' policy is best. This ensures that the next time the data is read, the cache is updated with the latest version from the database.

5. Question 5.A Developer wants to upload data to Amazon S3 and must encrypt the data in transit. Which of the following solutions will accomplish this task? (Choose TWO)

   • A.Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint.
   • B.Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key.(correct answer)
   • C.Set up Server-Side Encryption with AWS KMS-Managed Keys.
   • D.Transfer the data over an SSL connection.
   • E.Set up Server-Side Encryption with S3-Managed Keys.(correct answer)
   Show answer & explanationHide answer

   Correct answer: B, E

   Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key. / Set up Server-Side Encryption with S3-Managed Keys.

   Explanation

   Encryption in transit is primarily handled by SSL/TLS (HTTPS). Client-side encryption also ensures that the data is encrypted before it even leaves the source, providing security during transit.

6. Question 6.A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application. Which type of encryption meets these requirements?

   • A.Server-side encryption using S3-managed keys.
   • B.Server-side encryption with AWS KMS-managed keys.(correct answer)
   • C.Client-side encryption with a client-side symmetric master key.
   • D.Client-side encryption with AWS KMS-managed keys.
   Show answer & explanationHide answer

   Correct answer: B

   Server-side encryption with AWS KMS-managed keys.

   Explanation

   Server-side encryption with AWS KMS-managed keys (SSE-KMS) provides an audit trail via AWS CloudTrail, showing who used the key and when, with minimal performance impact on the S3 application.

7. Question 7.An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?

   • A.Configure cross-account roles in each audited account. Write code in Account A that assumes those roles.(correct answer)
   • B.Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions.
   • C.Deploy an application in each audited account with its own role. Have Account A authenticate with the application.
   • D.Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys.
   Show answer & explanationHide answer

   Correct answer: A

   Configure cross-account roles in each audited account. Write code in Account A that assumes those roles.

   Explanation

   Cross-account IAM roles are the recommended way to grant access across AWS accounts. The application in Account A uses STS to assume the role in Account B or C, receiving temporary credentials for those accounts.

8. Question 8.A company uses a third-party tool to build, bundle, and package rts applications on-premises and store them locally. The company uses Amazon EC2 instances to run its front-end applications. How can an application be deployed from the source control system onto the EC2 instances?

   • A.Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle m a zip. tar. or tar.gz format.
   • B.Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.(correct answer)
   • C.Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances.
   • D.Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances.
   Show answer & explanationHide answer

   Correct answer: B

   Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.

   Explanation

   AWS CodeDeploy can deploy application revisions from Amazon S3 or GitHub. In this scenario, uploading the locally built bundle to S3 is the necessary step before triggering CodeDeploy.

9. Question 9.A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted. What should a developer do to ensure the data is encrypted on disk without impacting performance?

   • A.Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.(correct answer)
   • B.Add logic to write all data to an encrypted Amazon S3 bucket.
   • C.Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
   • D.Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.
   Show answer & explanationHide answer

   Correct answer: A

   Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.

   Explanation

   EBS encryption is performed on the host that runs the EC2 instance, providing high performance with low latency. It is the best way to ensure data at rest is encrypted without application-level overhead.

10. Question 10.A global company has an application running on Amazon EC2 instances that serves image files from Amazon S3. User requests from the browser are causing high traffic, which results in degraded performance. Which optimization solution should a Developer implement to increase application performance?

    • A.Create multiple prefix in the S3 bucket to increase the request rate.
    • B.Create an Amazon ElastiCache cluster to cache and serve frequently accessed items.
    • C.Use Amazon CloudFront to serve the content of images stored in Amazon S3.(correct answer)
    • D.Submit a ticket to AWS support to request a rate limit increase for the S3 bucket.
    Show answer & explanationHide answer

    Correct answer: C

    Use Amazon CloudFront to serve the content of images stored in Amazon S3.

    Explanation

    Amazon CloudFront is a Content Delivery Network (CDN) that caches content at edge locations, significantly reducing latency and offloading traffic from the origin (S3) for global users.

11. Question 11.An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket. Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

    • A.Use the default AWS KMS customer master key for S3 in the Lambda function code.
    • B.Use the S3 managed key and call the `GenerateDataKey` API to encrypt the file.
    • C.Use the `GenerateDataKey` API, then use that data key to encrypt the file in the Lambda function code.(correct answer)
    • D.Use a custom KMS customer master key created for S3 in the Lambda function code.
    Show answer & explanationHide answer

    Correct answer: C

    Use the `GenerateDataKey` API, then use that data key to encrypt the file in the Lambda function code.

    Explanation

    To perform client-side encryption, you typically use the KMS `GenerateDataKey` API to obtain a unique data key. You then use this data key to encrypt the file locally before uploading it to S3.

12. Question 12.Company D is running their corporate website on Amazon S3 accessed from `http://www.companyd.com`. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint `https://s3-us-west-1.amazonaws.com/cdfonts`. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?

    • A.Enable versioning on the cdfonts bucket for each web font.
    • B.Create a policy on the cdfonts bucket to enable access to everyone.
    • C.Add the `Content-MD5` header to the request for webfonts in the cdfonts bucket from the website.
    • D.Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration.

    Explanation

    Cross-Origin Resource Sharing (CORS) must be configured on the S3 bucket containing the fonts to allow the website's domain (`www.companyd.com`) to access resources from a different origin.

13. Question 13.A developer must extend an existing application that is based on the AWS Serverless Application Model (AWS SAM). The developer has used the AWS SAM CLI to create the project. The project contains different AWS Lambda functions. Which combination of commands must the developer use to redeploy the AWS SAM application? (Select TWO)

    • A.`sam init`.
    • B.`sam validate`.
    • C.`sam build`.(correct answer)
    • D.`sam deploy`.(correct answer)
    • E.`sam publish`.
    Show answer & explanationHide answer

    Correct answer: C, D

    `sam build`. / `sam deploy`.

    Explanation

    `sam build` processes the SAM template and application code to create artifacts for deployment, and `sam deploy` uploads those artifacts to AWS and creates/updates the CloudFormation stack.

14. Question 14.An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances. Which deployment policy will meet these requirements while using the existing instances?

    • A.All at once.
    • B.Rolling.
    • C.Rolling with additional batch.(correct answer)
    • D.Immutable.
    Show answer & explanationHide answer

    Correct answer: C

    Rolling with additional batch.

    Explanation

    'Rolling with additional batch' deployment launches a new batch of instances to maintain full capacity throughout the deployment process, unlike standard rolling deployments which reduce capacity.

15. Question 15.A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?

    • A.Get the instance metadata by retrieving `http://169.254.169.254/latest/metadata/`.(correct answer)
    • B.Get the instance user data by retrieving `http://169.254.169.254/latest/userdata/`.
    • C.Get the application to run `IFCONFIG` to get the public IP address.
    • D.Get the application to run `IPCONFIG` to get the public IP address.
    Show answer & explanationHide answer

    Correct answer: A

    Get the instance metadata by retrieving `http://169.254.169.254/latest/metadata/`.

    Explanation

    Instance metadata is available at `http://169.254.169.254/latest/meta-data/` (note the hyphen). It provides information about the instance, including its public and private IP addresses.

16. Question 16.The development team is working on an API that will be served from Amazon API gateway. The API will be served from three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all three stages. Which is the MOST cost-efficient deployment strategy?

    • A.Create a single API Gateway with all three stages.
    • B.Create three API Gateways, one for each stage in a single AWS account.
    • C.Create an API Gateway in three separate AWS accounts.
    • D.Enable the cache for development and test environments only when needed.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Enable the cache for development and test environments only when needed.

    Explanation

    Since API Gateway caching is charged per hour and per GB, only enabling it in development and test environments when actively needed is the most cost-efficient approach.

17. Question 17.A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries. How can this objective be met?

    • A.Add database retries to effectively use RDS with vertical scaling.
    • B.Use RDS with multi-AZ deployment.
    • C.Add a connection string to use an RDS read replica for read queries.(correct answer)
    • D.Add a connection string to use a read replica on an EC2 instance.
    Show answer & explanationHide answer

    Correct answer: C

    Add a connection string to use an RDS read replica for read queries.

    Explanation

    RDS Read Replicas are designed to offload read-heavy workloads from the primary database instance, thereby increasing read throughput and vertical scaling.

18. Question 18.A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed for analysis in a nightly batch. The system analysts do not want to wait unit the next day to view the processed data and have asked to have it available in near-real time. Which application architect pattern would enables the data to be processed as it is received?

    • A.Event driven.(correct answer)
    • B.Client served driven.
    • C.Fan-out driven.
    • D.Schedule driven.
    Show answer & explanationHide answer

    Correct answer: A

    Event driven.

    Explanation

    An event-driven architecture, using DynamoDB Streams triggered by item changes and AWS Lambda for processing, enables near-real-time data analysis.

19. Question 19.A developer has built an application that inserts data into an Amazon DynamoDB table. The table is configured to use provisioned capacity. The application is deployed on a burstable nano Amazon EC2 Instance. The application logs show that the application has been failing because of a `ProvisionedThroughputExceedException` error. Which actions should the developer take to resolve this issue? (Choose two.)

    • A.Move the application to a larger EC instance.
    • B.Increase the number or read capacity units (RCUs) that are provisioned for the DynamoDB table.
    • C.Reduce the frequency of requests to DynamoDB by implement ng exponential backoff.(correct answer)
    • D.Increase the frequency of requests to DynamoDB by decreasing the retry delay.
    • E.Change the capacity mode of the DynamoDB table from provisioned to on-demand.(correct answer)
    Show answer & explanationHide answer

    Correct answer: C, E

    Reduce the frequency of requests to DynamoDB by implement ng exponential backoff. / Change the capacity mode of the DynamoDB table from provisioned to on-demand.

    Explanation

    Exponential backoff allows the application to retry requests after a short delay, reducing immediate load. Switching to on-demand capacity mode also eliminates provisioned throughput limits by automatically adjusting to traffic.

20. Question 20.A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company does not want to manage the security infrastructure in-house, but the company still needs extra protection to ensure it has control over its encryption keys due to industry regulations. Which encryption strategy should a developer use to meet these requirements?

    • A.Server-side encryption with Amazon S3 managed keys (SSE-S3).
    • B.Server-side encryption with customer-provided encryption keys (SSE-C).
    • C.Server-side encryption with AWS KMS managed keys (SSE-KMS).(correct answer)
    • D.Client-side encryption.
    Show answer & explanationHide answer

    Correct answer: C

    Server-side encryption with AWS KMS managed keys (SSE-KMS).

    Explanation

    SSE-KMS allows AWS to manage the encryption process while giving you full control over the KMS keys, fulfilling both the 'no in-house management' and 'key control' requirements.

21. Question 21.An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the `hot` shard is resharded. Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

    • A.12.
    • B.6.(correct answer)
    • C.4.
    • D.1.
    Show answer & explanationHide answer

    Correct answer: B

    6.

    Explanation

    In Kinesis Data Streams, the Kinesis Client Library (KCL) ensures that each shard is processed by exactly one consumer instance at a time. Therefore, the maximum number of consumer instances is equal to the number of shards (6 in this case).

22. Question 22.A gaming company is developing a mobile game application for iOS® and Android® platforms. This mobile game securely stores user data locally on the device. The company wants to allow users to use multiple device for the game, which requires user data synchronization across device.Which service should be used to synchronize user data across devices without the need to create a backend application?

    • A.AWS Lambda.
    • B.Amazon S3.
    • C.Amazon DynamoDB.
    • D.Amazon Cognito.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Amazon Cognito.

    Explanation

    Amazon Cognito Sync (now part of AppSync/Cognito) is designed specifically for synchronizing user profiles and game data across devices without needing a custom backend.

23. Question 23.A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk. After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose TWO)

    • A.Package the application code into a `.zip` file, and upload, then deploy the packaged application from the AWS Management Console.(correct answer)
    • B.Package the application code into a `.tar` file, create a new application version from the AWS Management Console, then update the environment by using AWS CLI.
    • C.Package the application code into a `.tar` file, and upload and deploy the packaged application from the AWS Management Console.
    • D.Package the application code into a `.zip` file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI.(correct answer)
    • E.Package the application code into a `.zip` file, create a new application version from the AWS Management Console, then rebuild the environment by using AWS CLI.
    Show answer & explanationHide answer

    Correct answer: A, D

    Package the application code into a `.zip` file, and upload, then deploy the packaged application from the AWS Management Console. / Package the application code into a `.zip` file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI.

    Explanation

    Updating Elastic Beanstalk involves creating a new application version (via Console or CLI) and then deploying it to the environment. Supported package formats include `.zip` and Docker images.

24. Question 24.A company is running an application built on AWS Lambda functions. One Lambda function has performance issues when it has to download a 50MB file from the Internet in every execution. This function is called multiple times a second. What solution would give the BEST performance increase?

    • A.Cache the file in the `/tmp` directory.(correct answer)
    • B.Increase the Lambda maximum execution time.
    • C.Put an Elastic Load Balancer in front of the Lambda function.
    • D.Cache the file in Amazon S3.
    Show answer & explanationHide answer

    Correct answer: A

    Cache the file in the `/tmp` directory.

    Explanation

    Caching files in the `/tmp` directory allows subsequent invocations (re-using the same execution environment) to access the file locally, avoiding redundant network downloads and significantly improving performance.

25. Question 25.Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data. How can DynamoDB costs be minimized while maximizing application performance?

    • A.Batch all the writes, and perform the write operations when no or few reads are being performed.
    • B.Create a global secondary index with a minimum set of projected attributes.(correct answer)
    • C.Implement exponential backoffs in the application.
    • D.Load balance the reads to the table using an Application Load Balancer.
    Show answer & explanationHide answer

    Correct answer: B

    Create a global secondary index with a minimum set of projected attributes.

    Explanation

    Creating a Global Secondary Index (GSI) with a 'Projected' attribute set allowed you to query only the necessary data, reducing the amount of data transferred and the RCU consumption.

26. Question 26.A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?

    • A.Enable request validation.
    • B.Include the Amazon Resource Name (ARN) of the Lambda function.
    • C.Change the integration type.
    • D.Create a mapping template.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Create a mapping template.

    Explanation

    API Gateway mapping templates allow you to transform the incoming request (including query strings, headers, and body) into a format that the backend Lambda function expects.

27. Question 27.A development team is creating a new application designed to run on AWS. While the test and production environments will run on Amazon EC2 instances, developers will each run their own environment on their laptops. Which of the following is the simplest and MOST secure way to access AWS services from the local development machines?

    • A.Use an IAM role to assume a role and execute API calls using the role.
    • B.Create an IAM user to be shared with the entire development team, provide the development team with the access key.
    • C.Create an IAM user for each developer on the team: provide each developer with a unique access key.(correct answer)
    • D.Set up a federation through an Amazon Cognito user pool.
    Show answer & explanationHide answer

    Correct answer: C

    Create an IAM user for each developer on the team: provide each developer with a unique access key.

    Explanation

    For local development on laptops (which are not AWS resources), the most secure approach is to use individual IAM users with unique access keys (Access Key ID and Secret Access Key) for each developer.

28. Question 28.How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?

    • A.Strongly consistent reads use the same amount of throughput as eventually consistent reads.
    • B.Strongly consistent reads use more throughput than eventually consistent reads.(correct answer)
    • C.Strongly consistent reads use less throughput than eventually consistent reads.
    • D.Strongly consistent reads use variable throughput depending on read activity.
    Show answer & explanationHide answer

    Correct answer: B

    Strongly consistent reads use more throughput than eventually consistent reads.

    Explanation

    Strongly consistent reads in DynamoDB consume exactly double the Read Capacity Units (RCU) compared to eventually consistent reads for the same amount of data.

29. Question 29.A developer needs to deploy a new version to an AWS Elastic Beanstalk application. How can the developer accomplish this task?

    • A.Upload and deploy the new application version in the Elastic Beanstalk console.(correct answer)
    • B.Use the eb init CLI command to deploy a new version.
    • C.Terminate the current Elastic Beanstalk environment and create a new one.
    • D.Modify the ebextensions folder to add a source option to services.
    Show answer & explanationHide answer

    Correct answer: A

    Upload and deploy the new application version in the Elastic Beanstalk console.

    Explanation

    The Elastic Beanstalk management console provides a straightforward way to upload a source bundle (zip or war) and deploy it to an existing environment as a new application version.

30. Question 30.A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: `user_id`, `user_name`, `user_score`, and `user_rank`. The users are allowed to update their names only if a user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the `dynamodb:PutItem` API call?

    • A.Option A.(correct answer)
    • B.Option B.
    • C.Option C.
    • D.Option D.
    Show answer & explanationHide answer

    Correct answer: A

    Option A.

    Explanation

    Web identity federation allows using `dynamodb:LeadingKeys` in the IAM policy condition to restrict access so that a user can only process items where the partition key matches their unique user ID.

Frequently Asked Questions

Keep studying

Full exam

AWS Developer Associate (DVA-C02) details

Free practice

AWS SAA-C03

Free practice

AWS SOA-C03

Free practice

AWS CLF-C02