DVA-C02 Amazon Web Services AWS Certified Developer - Associate Free Practice Exam Questions (2025 Updated)

Why Option B is Correct:

Amazon S3 Standard provides immediate access to files and is cost-effective for files that need to be accessed within 5 minutes.

By adding the S3 location to the SQS queue, you avoid transferring large files directly, which is both more efficient and scalable.

Why Other Options are Incorrect:

Option A:S3 Glacier Deep Archive is designed for archival storage with retrieval times ranging from minutes to hours, which does not meet the 5-minute requirement.

Option C:Amazon EBS is designed for block storage attached to EC2 instances, which adds unnecessary complexity and cost.

Option D:SQS is not designed to handle large file content directly and has message size limits (256 KB).

AWS Documentation References:

Amazon S3 Overview

Amazon SQS Best Practices

Comprehensive and Detailed Step-by-Step Explanation:

To confirm that the HTTP headers, body, and responses meet expectations, you need to test the specific HTTP Task state in isolation and inspect the details.

Option A: TestState API with TRACE:

The TestState API allows developers to test individual states in a state machine without executing the entire workflow.

Setting the inspection level to TRACE provides detailed information about the HTTP request and response, including headers, body, and status codes.

This option provides the precise and granular testing required to verify the HTTP Task functionality.

Why Other Options Are Incorrect:

Option B:The DEBUG inspection level provides less detailed information than TRACE and focuses on general debugging, not a detailed view of HTTP interactions.

Option C:Step Functions does not have a "data flow simulator" to test individual tasks; this option is not valid.

Option D:Changing the state machine’s log level to ALL increases logging granularity for the entire state machine but does not allow isolated testing of a specific HTTP Task.

The immutable deployment method is the best option for this scenario, because it meets the requirements of maintaining full capacity, avoiding service interruption, and minimizing the cost of additional resources.

The immutable deployment method creates a new set of instances in a separate Auto Scaling group and deploys the new version of the application to them. Then, it swaps the new instances with the old ones and terminates the old instances. This way, the application maintains full capacity during the deployment and avoids any downtime. The cost of additional resources is also minimized, because the new instances are only created for a short time and then replaced by the old ones.

The other deployment methods do not meet all the requirements:

The all at once method deploys the new version to all instances simultaneously, which causes a short period of downtime and reduced capacity.

The rolling with additional batch method deploys the new version in batches, but for the first batch it creates new instances instead of using the existing ones. This increases the cost of additional resources and reduces the capacity of the original environment.

The blue/green method creates a new environment with a new set of instances and deploys the new version to them. Then, it swaps the URLs between the old and new environments. This method maintains full capacity and avoids service interruption, but it also increases the cost of additional resources significantly, because it duplicates the entire environment.

The solution that will meet the requirements with the most operational efficiency is to create a new CodePipeline stage that occurs after the container image is built. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings. This way, the container image is analyzed earlier in the CI/CD pipeline and any vulnerabilities are detected and reported before deploying to the EKS cluster. The other options either delay the analysis until after deployment, which increases the risk of exposing insecure images, or perform analysis on the source code instead of the container image, which may not capture all the dependencies and configurations that affect the security posture of the image.

The solution that will meet the requirements most efficiently is to create a Lambda environment variable to store the table name. Use the standard method for the programming language to retrieve the variable. This way, the developer can avoid hard-coding the table name in the Lambda function code and easily change the table name by updating the environment variable. The other options either involve storing the table name in a file, which is less efficient and secure than using an environment variable, or creating a global variable, which is not recommended as it can cause concurrency issues.

AWS Secrets Manager: Built for managing secrets, providing encryption, automatic rotation, and access control.

Customer Master Key (CMK): Provides an extra layer of control over encryption through AWS KMS.

Automatic Rotation: Enhances security by regularly changing the secret.

User Data Script: Allows secrets retrieval at instance startup and sets them as environment variables for seamless use within the application.

This solution allows the developer to test the changes without affecting the production environment. Cloning an API creates a copy of the API definition that can be modified independently. The developer can then add request validation to the new API and test itusing a testing tool. After verifying that the changes work as expected, the developer can apply the same changes to the existing API and deploy it to production.

This solution will meet the requirements by using AWS Config to monitor and evaluate whether Secrets Manager secrets are unused or have been deleted, based on specified time periods. The secrets manager-secret-unused managed rule is a predefined rule that checks whether Secrets Manager secrets have been rotated within a specified number of days or have been deleted within a specified number of days after last accessed date. The Amazon EventBridge rule will trigger a notification when the AWS Config managed rule is met, alerting the developer about unused secrets that can be removed without causing application downtime. Option A is not optimal because it will use AWS CloudTrail log file delivery to an Amazon S3 bucket, which will incur additional costs and complexity for storing and analyzing log files that may not contain relevant information about secret usage. Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss. Option D is not optimal because it will use AWS X-Ray to trace secret usage, which will introduce additional overhead and latency for instrumenting and sampling requests that may not be related to secret usage.

Step-by-Step Breakdown:

Requirement Summary:

AWS AppSync API needs toinvoke Lambda functions

Some Lambda functions arelong-running

AppSync shouldreturn immediately, minimizingoperational overhead

**Option A: AppSync + Lambda as data source usingEvent Mode

✅Correct: AWS AppSync supportsasynchronous (event) invocationof Lambda data sources usingEvent Mode.

Event Mode means:

AppSync invokes Lambdaasynchronously

Immediately returns aresponseto the client (typically a predefined payload or null)

Ideal forfire-and-forgetworkloads or when the response is not immediately needed

Option B: Increase Lambda timeout

❌Incorrect: This keeps AppSync waiting.

Even with increased timeout, synchronous invocations wouldblock AppSync responses.

Option C: SQS queue + polling Lambda

❌Possible but too complex for this use case.

Requires additional infrastructure: queue + mapping + custom logic.

Higheroperational overheadcompared to built-in AppSync Event Mode.

Option D: Enable caching in AppSync

❌Irrelevant: AppSync cache is for optimizing repeated read queries,not for async workflows.

Asynchronous Lambda with AppSync:https://docs.aws.amazon.com/appsync/latest/devguide/resolver-mapping-template-reference-lambda.html#async-lambda-invocation

Lambda as AppSync Data Source:https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-lambda-resolvers.html

Event Mode Docs:https://docs.aws.amazon.com/appsync/latest/devguide/lambda-resolvers.html#event-invocation-mode

Why Option A is Correct:

The ArnLike condition with the specific ARN for myStateMachine ensures that only this state machine can assume the role. The format urn:aws:states is correct for specifying Step Functions resources.

Why Other Options are Incorrect:

Option B:Wildcards (*) in the ARN allow more resources to assume the role, which violates the requirement.

Option C:This condition restricts the account but not the specific state machine.

Option D:A StringNotEquals condition is used to deny specific values, which does not ensure exclusivity for the desired state machine.

AWS Documentation References:

IAM Trust Policies for Step Functions

This solution will meet the requirements by using Amazon CloudFront, which is a content delivery network (CDN) service that speeds up the delivery of web content and APIs to end users. The developer can configure the CloudFront cache, which is a set of edge locations that store copies of popular or recently accessed content close to the viewers. The developer can also update the application to return cached content based upon the default request headers, which are a set of HTTP headers that CloudFront automatically forwards to the origin server and uses to determine whether an object in an edge location is still valid. By caching the POST requests, the developer can optimize the API resources and reduce the latency for repeated queries. Option B is not optimal because it will override the cache method in the selected stage of API Gateway, which is not possible or effective as API Gateway does not support caching for POST methods by default. Option C is not optimal because it will save the latest request response in Lambda /tmp directory, which is a local storage space that is available for each Lambda function invocation, not a cache that can be shared across multiple invocations or requests. Option D is not optimal because it will save the latest request in AWS Systems Manager Parameter Store, which is a service that provides secure and scalable storage for configuration data and secrets, not a cache for API responses.

The solution that will meet the requirements is to add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior’s settings unchanged. This way, the login page can be accessed without authentication, while all other content remains secure and requires signed cookies. The other options either do not allow unauthenticated access to the login page, or expose private content to unauthorized users.

Visibility Timeout:When an SQS message is processed by a consumer (here, the Lambda function), it's temporarily hidden from other consumers. Visibility timeout controls this duration.

How It Helps:

Increase the visibility timeout beyond the maximum processing time your Lambda might typically take for long videos.

This prevents the message from reappearing in the queue while Lambda is still working, avoiding premature timeouts.

Requirement Summary:

Deployserverless applicationusing:

API Gateway

AWS Lambda

Needdev, test, and prodenvironments

Wantleast development effort

Evaluate Options:

Option A: API Gateway stage variables + Lambda aliases

✅Most efficient and scalable

API Gateway supportsstage variables(like env)

Lambda supportsaliases(e.g., dev, test, prod)

You can configureeach stage to point to a different aliasof the same function version

Enablesversioning,isolation, andlow effort management

Option B: Use Amazon ECS

❌Overkill for a serverless setup

ECS is container-based, not serverless

Introduces unnecessary complexity

Option C: Duplicate code for each environment

❌High operational overhead and poor maintainability

Option D: Use Elastic Beanstalk

❌Not applicable: Elastic Beanstalk is for traditional app hosting, not optimal forLambda + API Gateway

Lambda Aliases:https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html

API Gateway Stage Variables:https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html

The combination of steps that will resolve the latency issue is to create an Amazon CloudFront distribution to cache the static content and store the application’s static content in Amazon S3. This way, the company can use CloudFront to deliver the static content from edge locations that are closer to the website users, reducing latency and improving performance. The company can also use S3 to store the static content reliably and cost-effectively, and integrate it with CloudFront easily. The other options either do not address the latency issue, or are not necessary or feasible for the given scenario.