DVA-C02 Amazon Web Services AWS Certified Developer

AWS Certified Developer - Associate

Last Update 5 hours ago Total Questions : 425

The AWS Certified Developer - Associate content is now fully updated, with all current exam questions added 5 hours ago. Deciding to include DVA-C02 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our DVA-C02 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these DVA-C02 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified Developer - Associate practice test comfortably within the allotted time.

Question # 4

A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution The external library is a collection of files with a total size of 100 MB The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space

Which solution will meet these requirements with the LEAST operational overhead?

Create a Lambda layer to store the external library Configure the Lambda function to use the layer

Create an Amazon S3 bucket Upload the external library into the S3 bucket. Mount the S3 bucket folder in the Lambda function Import the library by using the proper folder in the mount point.

Load the external library to the Lambda function's /tmp directory during deployment of the Lambda package. Import the library from the /tmp directory.

Create an Amazon Elastic File System (Amazon EFS) volume. Upload the external library to the EFS volume Mount the EFS volume in the Lambda function. Import the library by using the proper folder in the mount point.

Question # 5

In a move toward using microservices, a company’s management team has asked all development teams to build their services so that API requests depend only on that service’s data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.

What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

Use AWS Glue to perform frequent ETL updates from the Accounts database to the Payments database.

Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

Use Amazon Data Firehose to deliver all changes from the Accounts database to the Payments database.

Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Question # 6

A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS KMS keys, which can be rotated on demand.

Which combination of steps will meet these requirements? (Select TWO.)

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.

Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key

Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.

Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.

Answer:

C, D

Explanation:

Step-by-Step Breakdown:

Requirement Summary:

In-transit encryption (when data is moving between client and S3)

Encryption at rest using AWS KMS keys (which are rotatable on-demand)

Option A: Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary

Incorrect: Permissions boundaries are for IAM policy control, not S3 bucket policies.

Also, encryption enforcement in-transit is not achieved through permissions boundaries.

Option B: Configure an S3 bucket policy to enable client-side encryption

Incorrect: AWS does not enforce client-side encryption via S3 bucket policies.

Client-side encryption must be handled entirely by the application.

Also, KMS is for server-side encryption, not client-side.

Option C: Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects

Correct: This fulfills the requirement of encrypting objects at rest using a KMS CMK, which can be rotated.

You can specify the KMS key using the SSE-KMS option when putting an object.

Option D: Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition

Correct: This enforces in-transit encryption, which ensures that only HTTPS connections are allowed.

This is the AWS-recommended way to enforce encryption in transit via bucket policy.

Option E: Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS

Incorrect: Block Public Access is used to prevent public exposure of the bucket.

It has nothing to do with encryption enforcement, whether in transit or at rest.

Using SSE-KMS: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html

aws:SecureTransport condition in bucket policies: https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html

Server-side encryption with AWS KMS: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html

Question # 7

A developer needs to perform geographic load testing of an API. The developer must deploy resources to multiple AWS Regions to support the load testing of the API.

How can the developer meet these requirements without additional application code?

Create and deploy an AWS Lambda function in each desired Region. Configure the Lambda function to create a stack from an AWS CloudFormation template in that Region when the function is invoked.

Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.

Create an AWS Systems Manager document that defines the resources. Use the document to create the resources in the desired Regions.

Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI deploy command to create a stack from the template in each Region.

Question # 8

A developer created an AWS Lambda function to process data in an application. The function pulls large objects from an Amazon S3 bucket, processes the data, and loads the processed data into a second S3 bucket. Application users have reported slow response times. The developer checks the logs and finds that Lambda function invocations run much slower than expected. The function itself is simple and has a small deployment package. The function initializes quickly. The developer needs to improve the performance of the application. Which solution will meet this requirement with the LEAST operational overhead?

Store the data in an Amazon EFS file system. Mount the file system to a local directory in the function.

Create an Amazon EventBridge rule to schedule invocations of the function every minute.

Configure the function to use ephemeral storage. Upload the objects and process data in the /tmp directory.

Create a Lambda layer to package the function dependencies. Add the layer to the function.

Question # 9

An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Select TWO)

Use AWS KMS t0 encrypt traffic between cloudFront and the web application.

Set the Origin Protocol Policy to "HTTPS Only".

Set the Origin’s HTTP Port to 443.

Set the Viewer Protocol Policy to "HTTPS Only" or Redirect HTTP to HTTPS"

Enable the CloudFront option Restrict Viewer Access.

Question # 10

A banking company is building an application for users to create accounts, view balances, and review recent transactions. The company integrated an Amazon API Gateway REST API with AWS Lambda functions. The company wants to deploy a new version of a Lambda function that gives customers the ability to view their balances. The new version of the function displays customer transaction insights. The company wants to test the new version with a small group of users before deciding whether to make the feature available for all users. Which solution will meet these requirements with the LEAST disruption to users?

Create a canary deployment for the REST API. Gradually increase traffic to the new version of the function. Revert traffic to the old version if issues are detected.

Redeploy the REST API stage to use the new version of the function. If issues are detected, update the REST API to point to the previous version of the function.

Deploy the new version of the function to a new stage in the REST API. Route traffic to the new stage. If the new version fails, route traffic to the original stage.

Create a new REST API stage for the new version of the function. Create a weighted alias record set in Amazon Route 53 to distribute traffic between the original stage and the new stage.