AWS (Amazon Web Services) Certification
60 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The AWS (Amazon Web Services) AWS Certified Developer – Associate (DVA-C02) certification validates professional expertise in AWS (Amazon Web Services) technologies. This study guide covers all 60 practice questions from our DVA-C02 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
You are deploying a Lambda function that needs to access a DynamoDB table in another AWS account. What is the most secure way to grant this access?
Cross-account access should use IAM roles with trust relationships, not hardcoded credentials. This follows the principle of least privilege and avoids exposing sensitive credentials.
Which AWS service allows you to create a fully managed message broker that supports MQTT and WebSocket protocols for real-time communication?
AWS IoT Core is the managed service designed for IoT devices and real-time messaging using MQTT and WebSocket protocols. Amazon MQ provides traditional message brokers like ActiveMQ, while SNS and SQS are different messaging services.
You need to ensure that your API Gateway REST API only accepts requests from a specific IP address range. What is the most appropriate approach?
API Gateway resource policies support IP-based access control directly at the API level. While Lambda authorizers and CloudFront can also help, resource policies are the most direct and native approach.
An application running on EC2 instances needs to write logs to CloudWatch Logs. The instances do not have public IP addresses. What is the most cost-effective solution?
VPC endpoints for CloudWatch Logs provide private connectivity without requiring NAT gateways or public IP addresses, making this the most cost-effective solution for private instances.
When using AWS SAM (Serverless Application Model), which file defines the infrastructure and resources for your serverless application?
AWS SAM uses a template.yaml (or template.json) file to define serverless resources. buildspec.yml is for CodeBuild, serverless.yml is for the Serverless Framework, and package.json is for Node.js projects.
Your Lambda function processes large JSON payloads from S3 and sometimes times out. You've already increased the timeout to 900 seconds. What should you consider next?
All three approaches can address timeout issues: more memory increases CPU, S3 Select reduces data transfer, and concurrent processing via SQS distributes the workload. The best choice depends on the specific bottleneck.
You want to trace requests across multiple AWS services in your application. Which AWS service provides this capability?
AWS X-Ray is designed for distributed tracing across microservices and AWS services. CloudWatch Metrics tracks performance data, CloudTrail logs API calls, and EventBridge routes events between services.
A DynamoDB table is receiving inconsistent read latencies. You notice that some items are much larger than others (50KB vs 1KB). What optimization should you consider?
Large item sizes in DynamoDB consume more capacity and can cause hot partitions. Splitting items into smaller chunks reduces read latency and improves efficiency. DAX helps with caching but doesn't solve the underlying schema issue.
When deploying an application with AWS CodeDeploy, which configuration file specifies how the application should be deployed?
CodeDeploy uses appspec.yaml (or appspec.json) to define deployment actions, lifecycle event hooks, and file locations. buildspec.yml is for CodeBuild, not CodeDeploy.
Your application uses Cognito user pools for authentication. You need to implement multi-factor authentication (MFA) for certain user groups. What is the best approach?
Lambda triggers in Cognito allow conditional logic to enforce MFA for specific groups. While you can enable MFA at the app client level (option A), Lambda triggers provide finer-grained control based on user attributes or groups.
You are using RDS with read replicas. An application query is running slowly even though you've added read replicas. What should you investigate first?
If a query runs slowly on a read replica, the first step is to analyze the query execution plan and verify proper indexing, as read replicas have identical schema and data. While replication lag and network latency are possible issues, schema/index problems are more common.
An API Gateway REST API endpoint is responding with 429 (Too Many Requests) errors. What is the primary cause?
HTTP 429 responses indicate throttling due to exceeded request limits. API Gateway has default throttle limits (10,000 RPS) that can be adjusted. Backend errors would return 5xx codes, invalid API keys would return 403.
You need to process a large number of files from S3 in parallel. Which approach is most suitable for a serverless architecture?
S3 event notifications automatically trigger Lambda for each object creation, providing native parallel processing in a serverless manner. This scales automatically without managing compute resources.
When implementing API versioning in API Gateway, what is a drawback of using path-based versioning (e.g., /v1/resource vs /v2/resource)?
Path-based versioning requires maintaining separate code paths or resources for each version, which can lead to duplication and maintenance challenges. Header-based versioning avoids this by using the same endpoint with different logic based on headers.
Your Lambda function needs to retrieve a secret from AWS Secrets Manager on every invocation. What optimization should you implement?
Caching secrets in global variables (outside the handler) persists across warm invocations, reducing API calls to Secrets Manager. Environment variables are not suitable for secrets, and both services have similar performance.
You are deploying a containerized application using ECS with a load balancer. The application needs to scale based on CPU utilization. Which service should you use?
Application Auto Scaling targets ECS services directly and scales the number of tasks based on metrics like CPU utilization. EC2 Auto Scaling manages the cluster infrastructure, but Application Auto Scaling manages the service-level scaling.
A developer is using the AWS CLI to query DynamoDB and wants to filter results based on a complex condition. Which parameter should be used?
FilterExpression is used to filter results after a Query or Scan operation. KeyConditionExpression is for specifying partition and sort key conditions. ScanFilter is deprecated, and ConditionExpression is for put/update/delete operations.
You need to ensure that an S3 bucket can only be accessed through a specific CloudFront distribution. What should you configure?
Using an Origin Access Identity (OAI) and configuring the bucket policy to allow access only from that OAI ensures all S3 content is served through CloudFront. Block Public Access prevents public access but doesn't restrict to CloudFront specifically.
When creating a Lambda function, which runtime would be appropriate for a Python application that uses compiled C extensions?
Custom Docker images allow full control over system libraries and compiled dependencies needed for C extensions. Standard Python runtimes have limited ability to include compiled native extensions, though Lambda layers can help in some cases.
An application uses SQS for asynchronous processing. Messages are occasionally processed more than once. What is the most likely cause?
If visibility timeout is too short, a message becomes visible again before the consumer finishes processing, causing duplicate processing. This is the most common cause of message duplication in SQS. Long polling is a retrieval mechanism and doesn't cause duplication.
You are designing a system where DynamoDB needs to perform transactions across multiple items. What constraint should you be aware of?
DynamoDB transactions (TransactWriteItems and TransactGetItems) support up to 100 operations and can span multiple partition keys. The 4 MB limit applies to individual items, and transactions work fine with Streams.
A Lambda function uses boto3 to interact with multiple AWS services. To optimize performance, what should you do with the boto3 clients?
Creating boto3 clients at the module level (outside the handler) allows them to be reused across warm invocations, improving performance by reusing connections. The client should be created once and reused, not recreated per invocation.
You need to implement blue-green deployment for an application on EC2 using CodeDeploy. What is a key advantage of this approach?
Blue-green deployment runs two identical production environments. You deploy to the inactive (green) environment, test it, then switch traffic. This allows quick rollback if issues are detected. It doesn't eliminate load balancers, auto-scaling, or reduce instance count needs.
An application deployed on Elastic Beanstalk is experiencing slow performance. The .ebextensions configuration contains commands that run during deployment. What could be the issue?
Commands in .ebextensions run during deployment and can significantly increase deployment time if they're inefficient or sequential. This doesn't directly cause runtime performance issues, but long commands can delay environment availability. However, inefficient commands during deployment are the most likely cause here.
When using AWS Amplify to build a web application, which feature allows you to add authentication without writing backend code?
Amplify Authentication provides pre-built UI components and libraries that integrate with Amazon Cognito, enabling authentication without backend development. Other Amplify features provide different capabilities but not authentication specifically.
A developer is building a serverless application using AWS Lambda. The function needs to process messages from an SQS queue and occasionally experiences timeout errors. Which approach should be used to improve reliability?
Reducing batch size prevents processing too many messages at once, and a Dead Letter Queue captures failed messages for later analysis. This improves reliability and allows for proper error handling.
What is the primary purpose of AWS Secrets Manager in application development?
AWS Secrets Manager is specifically designed to store sensitive information, automatically rotate credentials, and manage secrets throughout their lifecycle.
A developer has deployed an API using Amazon API Gateway and AWS Lambda. The API requires authentication for certain endpoints. Which approach provides the most fine-grained control over authorization?
Lambda custom authorizers (authorizers) allow developers to implement sophisticated authorization logic that evaluates tokens and claims to make fine-grained access control decisions.
When deploying an application with AWS CloudFormation, a developer needs to pass environment-specific values to the template. What is the recommended way to handle different configurations for dev, staging, and production environments?
CloudFormation parameter files allow developers to define environment-specific values separately from the template, enabling consistent deployments across different environments without template modification.
A Lambda function reads data from DynamoDB and occasionally encounters throttling errors. What is the most appropriate solution to handle this scenario?
Exponential backoff with jitter is the recommended approach for handling throttling as it allows the service to recover while spreading retry requests over time, preventing cascading failures.
A developer is using AWS X-Ray to trace requests through a distributed application. Which of the following best describes what X-Ray provides?
AWS X-Ray creates visual service maps that show how requests traverse through microservices and identifies latency issues, errors, and performance bottlenecks in distributed applications.
When using Amazon DynamoDB with a global secondary index (GSI), a developer notices that queries on the GSI are returning stale data. What is the likely cause?
Global secondary indexes in DynamoDB are eventually consistent, meaning there is a replication delay before writes to the base table appear in GSI results, unlike the base table which offers strong consistency options.
A developer needs to deploy a Node.js application using AWS Elastic Beanstalk and wants to run custom commands during the deployment process. Which approach should be used?
AWS Elastic Beanstalk uses .ebextensions configuration files (YAML format) to define custom commands that run during different deployment phases, allowing automated setup without manual intervention.
A Lambda function is invoked asynchronously and occasionally fails. The developer wants to capture failed invocations for later analysis. What is the best solution?
Lambda DLQs automatically capture failed asynchronous invocations and send them to an SQS queue or SNS topic, allowing developers to examine and reprocess failed messages.
When developing with AWS SDK for JavaScript, a developer needs to handle errors from an API call. Which error handling mechanism is most appropriate for managing both service-specific errors and generic failures?
AWS SDK errors in JavaScript have specific error properties like 'code' and 'message' that can be examined in promise .catch() handlers to distinguish between service errors and network failures for appropriate handling.
A developer is using Amazon S3 to store application data and needs to ensure that sensitive files are not accidentally exposed to the public. What combination of controls provides the strongest protection?
S3 Block Public Access combined with restrictive bucket policies provides defense-in-depth, preventing both accidental and intentional public exposure through multiple layers of protection.
What is the key difference between using SQS FIFO queues and standard SQS queues in terms of message ordering and delivery?
FIFO (First-In-First-Out) queues guarantee message ordering and exactly-once delivery semantics, while standard queues provide higher throughput with at-least-once delivery and best-effort ordering.
A developer has created an AWS Lambda function that connects to a relational database. The function experiences connection pool exhaustion under load. Which approach best addresses this issue?
Amazon RDS Proxy acts as a database proxy that manages connection pooling, allowing thousands of Lambda functions to share a smaller number of database connections, preventing exhaustion.
When using AWS CodePipeline to automate application deployment, a developer wants to perform manual approval before deploying to the production environment. How should this be configured?
AWS CodePipeline has a native Approval action that stops pipeline execution and sends notifications, requiring manual review and approval before the next stage executes.
A developer is building an application that uses Amazon Cognito for user authentication. Which statement best describes the purpose of Cognito User Pools versus Identity Pools?
Cognito User Pools manage user authentication, registration, and JWT token generation, while Identity Pools (Federated Identities) exchange authentication tokens for temporary AWS credentials to access services like S3 or DynamoDB.
A Lambda function is being invoked by multiple AWS services including API Gateway, SNS, and CloudWatch Events. The function needs to handle different event structures appropriately. What is the best practice for structuring the handler code?
Implementing event source detection logic allows a single Lambda function to handle multiple event types by routing to specialized handlers based on event structure characteristics.
When implementing a continuous integration pipeline with AWS CodeBuild, a developer needs to run unit tests and build the application. Which configuration element defines the build process?
AWS CodeBuild uses a buildspec.yml file (or inline buildspec) to define the build process including phases (install, pre_build, build, post_build) and environment variables for each project.
A developer is designing a caching strategy for frequently accessed data. The application uses both DynamoDB for persistent storage and ElastiCache for caching. What is the recommended pattern for ensuring cache consistency?
Write-through and write-behind patterns maintain consistency by ensuring updates to the persistent store (DynamoDB) trigger appropriate cache updates or invalidations.
A developer needs to log structured application events to CloudWatch Logs. Which approach best implements this for easy querying and analysis?
Structured JSON logging with consistent fields enables CloudWatch Logs Insights to parse and query events efficiently, making troubleshooting and analysis much easier.
When using AWS SAM (Serverless Application Model) to deploy a serverless application, what is the primary advantage over using raw CloudFormation templates?
AWS SAM provides a shorthand syntax specifically optimized for serverless resources (Lambda, API Gateway, DynamoDB) that automatically transforms into standard CloudFormation templates during deployment.
A developer is implementing request validation in API Gateway for a REST API. Which validation method is most efficient for catching malformed requests before they reach Lambda?
API Gateway Request Validators can validate request structure against a JSON Schema before the request reaches Lambda, preventing unnecessary function invocations and improving efficiency.
A developer is using Amazon S3 versioning and needs to retrieve a specific version of an object. Which API call should be used to access previous object versions?
The S3 GetObject API with the VersionId parameter directly retrieves a specific version of an object from a versioned bucket.
When developing with AWS SDK, a developer encounters rate limiting errors from an AWS service. What is the most appropriate SDK-level solution for handling transient failures?
AWS SDKs include built-in automatic retry logic with exponential backoff for transient failures like rate limiting, reducing the need for custom retry implementation.
A developer is designing an application that processes large files from S3. The files need to be transformed before being written back to S3. Which approach provides the best scalability for variable file sizes?
Lambda functions triggered by S3 events automatically scale to handle concurrent file uploads, and developers can adjust memory/timeout for different file sizes, making this highly scalable.
In a microservices architecture using API Gateway with multiple backend Lambda functions, a developer notices latency issues due to cold starts. Which combination of strategies would most effectively reduce cold start impact?
Provisioned concurrency keeps Lambda functions initialized and ready, while scheduled invocations prevent cold starts; combined with memory optimization, these strategies significantly reduce latency.
You are developing a Lambda function that needs to write logs to CloudWatch Logs. The function currently lacks permissions to perform this action. Which service should you use to grant the Lambda function the necessary permissions?
IAM roles and policies are used to grant permissions to AWS services like Lambda. You attach an execution role to the Lambda function with a policy that allows CloudWatch Logs actions such as logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents.
Your application uses Amazon DynamoDB and you need to retrieve multiple items that share the same partition key efficiently. Which DynamoDB operation should you use?
The Query operation is designed to retrieve all items with a specific partition key, optionally filtered by sort key conditions. It is more efficient than Scan as it only accesses items with the matching partition key, not the entire table.
You are deploying an application that requires environment-specific configuration values such as database endpoints and API keys. These values should not be hardcoded in your application code. What is the best practice for managing these values?
Using Lambda environment variables, Systems Manager Parameter Store, or AWS Secrets Manager allows you to externalize configuration from code, supporting different environments without code changes. This follows the twelve-factor app methodology and improves security.
A developer wants to trace requests across multiple AWS services in their application. Which AWS service provides distributed tracing capabilities to visualize the flow of requests through their application?
AWS X-Ray provides distributed tracing functionality that helps developers analyze and debug distributed applications by tracking requests as they travel through various AWS services and components.
You have a Lambda function that processes messages from an SQS queue. The function occasionally fails and you want failed messages to be automatically retried. Additionally, you want messages that fail after multiple retries to be sent to a separate queue for dead-letter handling. How should you configure this?
When using SQS as a Lambda event source, you configure the event source mapping with retry behavior. The SQS queue itself has a redrive policy that automatically sends messages that exceed the visibility timeout (after retries) to a designated dead-letter queue.
Your application needs to store temporary session data that expires after a set period of time. The data must be highly available and support fast access. Which AWS service is best suited for this use case?
ElastiCache provides in-memory caching with Redis or Memcached, offering very fast access to session data. While DynamoDB with TTL could work, ElastiCache is optimized for this high-performance caching scenario.
You are writing a Lambda function that calls an external API. The API has rate limiting restrictions. You want to implement exponential backoff with jitter when the API returns a 429 (Too Many Requests) status code. Where should you implement this logic?
Exponential backoff with jitter should be implemented within the Lambda function code using exception handling and retry logic. This gives you fine-grained control over the retry behavior when specific status codes like 429 are encountered.
Your serverless application uses API Gateway to expose Lambda functions. You need to validate incoming request payloads against a JSON schema before the request reaches the Lambda function. What is the most efficient way to accomplish this?
API Gateway request validators allow you to validate request payloads, query parameters, and headers against JSON schemas before the request reaches your Lambda function. This approach is more efficient as it prevents invalid requests from consuming Lambda resources.
You have deployed a Lambda function with an API Gateway trigger. The function occasionally times out when calling a third-party service. You want to implement a timeout handling strategy that gracefully degrades the service by returning cached data when the external call fails. What approach should you use?
Implementing try-catch error handling with a fallback to cached data directly in the Lambda function is the most straightforward and efficient approach. This allows graceful degradation without adding additional complexity or AWS service dependencies.
You are developing a microservices application where one service needs to asynchronously invoke another service. The invocation should be decoupled and reliable. Which AWS service combination is best suited for this asynchronous communication pattern?
SQS provides reliable, decoupled asynchronous communication between services. By configuring Lambda with SQS as an event source, messages are reliably queued and processed by the consuming Lambda function, providing automatic retry and dead-letter queue capabilities.
You've reviewed all 60 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free