DVA-C02 Amazon Web Services AWS Certified Developer - Associate Free Practice Exam Questions (2025 Updated)

Amazon Machine Images (AMIs) are encrypted snapshots of EC2 instances that can be used to launch new instances. The developer can create new AMIs from the existing instances and specify encryption parameters. The developer can copy the encrypted AMIs to the destination Region and use them to create a new application stack. The developer can delete the unencrypted AMIs after the encryption process is complete. This solution will meet the encryption requirement and allow the developer to expand the application to run in the destination Region.

API Gateway Stage Variables:These are designed for configuring dynamic values for your APIs in different deployment stages (dev, test, prod). Here's how to use them for third-party endpoints:

In the API Gateway console, access the "Stages" section of your API.

For each stage, create a stage variable named something like thirdPartyEndpoint.

Set the value of this variable to the actual endpoint URL for that specific environment.

When configuring API requests within your API Gateway method, reference this endpoint using ${stageVariables.thirdPartyEndpoint}.

Why Stage Variables Excel Here:

Environment Isolation: This approach keeps the endpoint configuration specific to each deployment stage, ensuring the right endpoints are used during development, testing, and production cycles.

Ease of Management: You manage the endpoints directly through the API Gateway console without additional infrastructure.

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and consistent performance with seamless scalability. The developer can store each employee’s contact information in a DynamoDB table along with the object keys for the photos stored in Amazon S3. Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. The developer can use AWS APIs to search and retrieve the employee details and photos from DynamoDB and S3.

Requirement Summary:

Lambda function:

Retrieves an item fromDynamoDB

Updates its attributesor creates it if it does not exist

Hasprimary key

Needsminimum required IAM permissions

Analysis of Required Permissions:

Toget an itemandupdate it or create it if it doesn't exist, the Lambda function must use the **PutItem** or **UpdateItem** API, and read with **GetItem**.

✅Valid API options:

GetItem: Read the item from the table.

UpdateItem: Update existing item attributes or insert if it doesn't exist (withUpdateExpressionandConditionExpression).

When UpdateItem is used without a conditional check for existence, it cancreatea new item if it does not exist (acts like upsert).

DescribeTable: (Optional) Used if you need table metadata (not strictly required here).

Evaluate the Choices:

Option A:

DeleteItem –❌Not needed

GetItem –✅

PutItem –✅(can create/replace but not partial update)

✅Close, but PutItemoverwrites the full item, not update-in-place. Acceptable, butUpdateItemis better suited.

Option B:

UpdateItem –✅Required to modify attributes or insert new item

GetItem –✅Required to check existence or read data

DescribeTable –✅Optional, but not harmful

✅✅BEST FIT – Matches theupdate-or-createlogic.

Option C:

GetRecords –❌This is used forDynamoDB Streams, not standard GetItem

PutItem –✅

UpdateTable –❌Used to change table settings,not data manipulation

❌Incorrect usage context

Option D:

UpdateItem, GetItem, PutItem –✅all valid

But UpdateItem alone is sufficient; including PutItem might not be necessary Also, image is faded (possibly invalid), and it's redundant

UpdateItem API:https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html

PutItem vs UpdateItem:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html

IAM actions for DynamoDB:https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html

The correct answer is C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.

C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event. This is correct. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers.Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of thecompute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging1.Amazon EventBridge is a serverlessevent bus service that enables you to connect your applications with data from a variety of sources2.EventBridge can create rules that run on a schedule, either at regular intervals or at specific times and dates, and invoke targets such as Lambdafunctions3. This solution meets the requirements of creating a small application that makes the same API call once each day at a designated time, without requiring any infrastructure in the AWS Cloud or any operational overhead.

A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS). This is incorrect.Amazon EKS is a fully managed Kubernetes service that allows you to run containerized applications on AWS4.Kubernetes cron jobs are tasks that run periodically on a given schedule5. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EKS cluster, which would incur additional costs and complexity.

B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. This is incorrect.Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud6.Crontab is a Linux utility that allows you to schedule commands orscripts to run automatically at a specified time or date7. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EC2 instance, which would incur additional costs and complexity.

D. Use an AWS Batch job that is submitted to an AWS Batch job queue. This is incorrect.AWS Batch enables you to run batch computing workloads on the AWS Cloud8.Batch jobs are units of work that can be submitted to job queues, where they are executed in parallel or sequentially on compute environments9. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to configure and manage an AWS Batch environment, which would incur additional costs and complexity.

Requirement Summary:

Trigger anAWS Step Functions state machine(test execution)

Only when aspecific AWS CloudFormation stack is deployed

Option A: Create a Lambda function to invoke the state machine

✅Valid approach: Lambda can be used as anintermediary triggerfor Step Functions using the SDK (e.g., StartExecution API).

Offers flexibility (custom filtering, additional logic).

Option B: Create EventBridge rule filtering on UPDATE_IN_PROGRESS

❌Incorrect: UPDATE_IN_PROGRESS triggersbeforethe stack is fully deployed.

You need totrigger after deployment, such as UPDATE_COMPLETE or CREATE_COMPLETE.

Option C: EventBridge Pipes with Lambda target filtering on UPDATE_IN_PROGRESS

❌Incorrect for same reason as B (wrong timing).

Also, EventBridge Pipes are not necessary here if you're using rules directly.

Option D: Pipe with EventBridge Rule as source and Step Functions as target

❌Invalid setup: EventBridge Pipes useevent sources, not rules, as input.

This configuration is unsupported.

Option E: Add the state machine as a target of the EventBridge rule

✅Direct and low-overhead approach.

EventBridgenatively supports Step Functionsas a target.

You can trigger the state machinewithout a Lambdaif the filter matches (e.g., ResourceStatus = CREATE_COMPLETE, with the correct StackId).

Step Functions as EventBridge target:https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-target-step-functions.html

EventBridge CloudFormation events:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-listing-event-history.html

StartExecution API:https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html

Amazon API Gateway supports mock integration responses, which are predefined responses that can be returned without sending requests to a backend service. Mock integration responses can be used for testing or prototyping purposes, or for simulating different backend responses based on certain conditions. A request mapping template can be used to select a mock integration response based on an expression that evaluates some aspects of the request, such as headers, query strings, or body content. This solution does not require any additionalresources or code changes and has the least operational overhead. Reference: Set up mock integrations for an API Gateway REST API

https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-mock-integration.html

AWS CloudFormation is a service that enables developers to model and provision AWS resources using templates. The developer can add a CloudFormation Deletion Policy attribute with the Retain value to the database resource. This will prevent the database from being deleted when the stack is deleted or updated. The developer can also update the CloudFormation stack policy to prevent updates to the database. This will prevent accidental changes to the database configuration or properties.

This solution allows the developer to keep the dependencies of the Lambda functions up to date with the least additional complexity because it eliminates the need to update each function individually. A Lambda layer is a ZIP archive that contains libraries, custom runtimes, or other dependencies. The developer can create a layer that contains all of the shared dependencies and attach it to multiple Lambda functions. When the developer updates the layer, all of the functions that use the layer will have access to the latest version of the dependencies.

Why Option B is Correct:A customer-managed AWS Key Management Service (KMS) key allows for encryption at rest and provides the ability to rotate the key on demand. This ensures compliance with security requirements for key management and database encryption.

RDS integrates natively with AWS KMS, allowing the use of a customer-managed key for encrypting data at rest.

Key rotation can be managed directly in AWS KMS without needing custom solutions.

Why Other Options are Incorrect:

Option A:AWS KMS managed encryption keys (AWS-owned keys) do not support key rotation on demand.

Option C & D:Storing keys in AWS Secrets Manager with custom rotation is not a recommended approach for database encryption. AWS KMS is designed specifically for secure key management and encryption.

AWS Documentation References:

Encrypting Amazon RDS Resources

AWS Key Management Service (KMS)

Comprehensive and Detailed Step-by-Step Explanation:

Option A: Provisioned Capacity with Exponential Backoff:

Using provisioned capacity ensures sufficient throughput for the DynamoDB table.

Configuring the Lambda function to implement exponential backoff retries reduces the chance of exceeding capacity during peak usage.

This combination addresses the root cause (ProvisionedThroughputExceededException) and prevents errors without overprovisioning.

Why Other Options Are Incorrect:

Option B:Using SQS adds unnecessary latency and complexity. The issue lies in DynamoDB throughput, not request management.

Option C:A usage plan for the API does not address throughput issues in DynamoDB.

Option D:Invoking the Lambda function asynchronously does not resolve the DynamoDB capacity issue and might lead to delayed processing.

Increasing the number of shards of the Kinesis data stream will increase the throughput and parallelism of the data processing. Increasing the memory that is allocated to the Lambda function will also increase the CPU and network performance of the function, which will reduce the run duration and improve the processing speed. Option B is not correct because decreasing the timeout of the Lambda function will not affect the processing speed, but may cause some records to fail if they exceed thetimeout limit. Option D is not correct because decreasing the number of shards of the Kinesis data stream will decrease the throughput and parallelism of the data processing, which will slow down the processing speed. Option E is not correct because increasing the timeout of the Lambda function will not affect the processing speed, but may increase the cost of running the function.

Step-by-Step Breakdown:

Requirement Summary:

Get notified when EC2CPU Utilization > 80%

Option A: CloudWatch Alarm with SNS

✅Correct and standard AWS practice

CloudWatch automatically collectsEC2 metrics, including CPUUtilization.

You can set aCloudWatch Alarmwith a threshold (80% in this case).

Then,trigger an SNS notificationto email, SMS, Lambda, etc.

Option B: AWS CloudTrail alarm

❌Incorrect: CloudTrail logsAPI activity, not performance metrics.

It doesn’t track metrics like CPU utilization.

Option C: Cron job on EC2 running --describe-instance-information

❌Incorrect: This doesn’t give CPU usage.

Also inefficient, and polling is bad practice when CloudWatch already monitors this natively.

Option D: Lambda function querying CloudTrail for CPU usage

❌Incorrect and conceptually flawed.

CloudTrail does not store performance metrics; CloudWatch does.

CloudWatch Alarms for EC2:https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html

EC2 Metrics in CloudWatch:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html

Amazon SNS Notification Setup:https://docs.aws.amazon.com/sns/latest/dg/sns-email-notifications.html

Why Option A is Correct:Converting a Lambda function to use a container image involves packaging the function code into a container image, storing the image in Amazon Elastic Container Registry (ECR), and updating the function to use the ECR repository URI.

Why Other Options are Incorrect:

Option B:SAM templates support container-based Lambda deployment, but storing the image in S3 is not applicable.

Option C:CloudFormation does not natively support specifying Lambda container images in S3.

Option D:While partially correct, it omits the need to specify the image tag for the deployment.

AWS Documentation References:

Lambda Container Images

Why Option B is Correct:Amazon ECS does not natively process docker-compose.yml files. Instead, the configurations from docker-compose.yml must be converted into ECS-compatible configurations within a task definition. Task definitions are the primary way to specify container configurations in ECS, including service dependencies like databases, caches, and volumes.

Steps to Resolve the Error:

Extract the configurations from the docker-compose.yml file.

Map the dependencies and settings to the appropriate ECS task definition fields.

Deploy the task definition to the ECS cluster.

Why Other Options are Incorrect:

Option A:Docker labels do not directly impact ECS task execution or integrate with ECS service configurations.

Option C:ECS namespaces do not exist as a feature.

Option D:Changing the service type to REPLICA does not resolve the issue of missing service dependency configurations.

AWS Documentation References:

Amazon ECS Task Definitions

Migrating Docker Compose Workloads to ECS