Free AWS Certified Developer Associate DVA-C02 Practice Test

API Gateway Custom Domain Names are used to define a custom domain for your API Gateway APIs and map individual paths to different stages in your API. This functionality enables serverless applications to be accessible via human-friendly URLs. Custom Domain Names are distinctly different from Stages, which are essentially different snapshots of your API and do not inherently provide the means to use custom URLs.

Using AWS managed encryption with Amazon DynamoDB provides transparent data encryption at rest without affecting the performance of the application. It uses AWS Key Management Service (AWS KMS) to manage the encryption keys, which eliminates the overhead of managing server-side encryption directly. While client-side encryption could also protect data at rest, it would add complexity to the application and could impact performance. Additionally, SSL/TLS ensures encryption in transit but does not encrypt data at rest, and IAM roles are used for access control and do not address encryption needs.

Key rotation refers to the practice of regularly changing encryption keys, which is a security best practice to limit the amount of data encrypted with a single key and to decrease the chances of unauthorized access. This is important to minimize the risk associated with the potential compromise of encryption keys. Enabling key rotation allows this process to occur automatically, and it helps in maintaining a stronger security posture.

Amazon ElastiCache is a fully managed in-memory caching service compatible with Redis or Memcached that can improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying solely on slower disk-based databases. It also offers automatic scaling to handle traffic spikes, making it an ideal solution for the scenario described. Amazon RDS is a relational database service, not a caching service, and does not offer in-memory caching capabilities. Amazon CloudFront is primarily used as a Content Delivery Network (CDN) for caching static web content geographically closer to users, but would not be appropriate for caching database query results. Amazon Elastic Beanstalk is an orchestration service for deploying infrastructure which includes a variety of services, but itself is not a caching solution.

The correct method for a developer to directly insert custom telemetry from within the application is to use the monitoring service's API to publish these metrics. This technique is immediate, requires minimal additional setup, and enables straightforward integration into the code base. The other options, such as utilizing configuration management tools, system agents for metric collection, or SDKs that simplify API interactions, are valid in certain contexts but may be more indirect or less efficient for the task of custom metric emission directly from the application.

The team should update their production alias to point to both the old and new versions of the Lambda function and then use version weights within the alias configuration to specify the percentage of traffic that each version receives. This setup allows them to control the traffic flow and incrementally increase the weight towards the new version as confidence in stability increases. Assigning 100% to one version, updating the function code directly, or deploying without aliases, does not provide the gradual traffic shifting capability required for a canary release strategy. Therefore, careful allocation of weights to the alias is the correct approach.

The NoSuchBucket error occurs when a specified bucket does not exist in Amazon S3. When operations such as reading from or writing to an S3 bucket are attempted and the bucket name provided in the request does not exist or is not spelled correctly, the S3 service will respond with a NoSuchBucket error, which is then raised by the AWS SDK as an exception. BucketNotFound and S3BucketMissing are not standard exceptions raised by the AWS SDK for issues regarding nonexistent S3 buckets. While ClientError is a generic exception that might be raised by Boto3, it is not specific to the case where a bucket does not exist.

Loosely coupled components communicate with each other in a way that reduces the dependencies between them, which makes it easier to maintain and update one component without affecting the others. This is opposed to tightly coupled components, where components depend heavily on each other, making changes more difficult without affecting the entire system.

Amazon CloudWatch Logs is the suitable service for analyzing log data in real time and setting up mechanisms to act upon particular log patterns, such as setting up metric filters and alarms. It facilitates the continuous monitoring, storing, and accessing log files. Additionally, application issues can be addressed rapidly by using its features to trigger automated responses. Options involving other services are incorrect as they are not primarily used for log data analysis or don't support triggering actions based on log events.

When experiencing intermittent connection timeouts to an RDS database that is otherwise healthy and without network issues, it is important to check the number of database connections. RDS instances have a limit on the number of concurrent connections they can handle. If an application sporadically opens too many connections, it might hit this limit, leading to connection timeouts. Inspecting the connection patterns and pool management in the application code or configuration is the next logical step to identifying the issue. Other provided incorrect options are either less related to the symptoms described (such as inspecting SQS for dead-letter queues or reviewing CloudFront distributions when there's no mention of these services being part of the issue) or are too broad and do not specifically address the intermittent connection timeouts (like general code profiling that does not focus on the connections).

The question aims to validate the candidate's knowledge of setting up notifications for manual approval processes. The correct configuration would be to utilize an approval action that leverages Amazon SNS for email notifications. The senior developer would receive these notifications as they would be subscribed to the designated SNS topic. The incorrect answers involve using unrelated AWS services, like CloudWatch, which is primarily for monitoring and alarms, and AWS Lambda, which does serve for custom automation tasks but is not directly related to notification setup for pipeline approvals. The mention of webhooks also does not directly pertain to this scenario, as they are generally used for external event triggering rather than user notifications for approvals.

To integrate corporate Active Directory with Amazon Cognito and provide authenticated sessions, the team should set up an Amazon Cognito Identity Pool with SAML-based federation. Identity Pools support federating users from external identity providers through SAML 2.0, which is typically used for enterprise identity federation. Additionally, Amazon Cognito User Pools would be necessary if the team requires a user directory to manage user profiles. However, the integration of User Pools alone would not suffice for federating with Active Directory. IAM Identity Center (formerly AWS SSO) is for centralizing user access to AWS accounts and business applications, which is not the requirement here. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, is not appropriate in this situation since it is used to run Microsoft Active Directory on AWS, and not for integrating web application sign-in directly.

The correct service for the scenario described is CodeBuild, which has the capacity to automatically execute unit tests and other commands each time there is an update to the repository, ensuring that new commits don't break the application. CodeDeploy is mainly focused on deployment tasks and doesn't inherently run tests. CodePipeline is responsible for orchestrating the flow of updates, rather than executing the tests themselves. CodeCommit is a source control service and does not directly handle testing; it would integrate with other tools to achieve this functionality.

Creating an IAM policy with permissions to allow only dynamodb:GetItem, dynamodb:BatchGetItem, dynamodb:Query, and dynamodb:Scan and attaching it to the IAM role assumed by the microservice would strictly limit the microservice to read operations, adhering to the principle of least privilege. Granting full access to DynamoDB would grant more permissions than necessary for the microservice, contrary to the principle of least privilege, while dynamodb:PutItem and dynamodb:UpdateItem are write operations and should not be included if the microservice is intended to only read records.

Automating the certificate lifecycle with an integrated certificate manager helps ensure that encryption on communication channels remains uninterrupted by automatically renewing and deploying certificates before they expire. This minimizes the risk of service disruption due to expired credentials. Handling certificate rotation manually increases the potential for human error and service outages. Storing sensitive materials in an object storage service without added security layers is not in line with best practice due to potential unauthorized access risk. Utilizing public certificates for all communication channels, including private or internal, can imply exposure to external validation and may not be suitable for sensitive or closed-network environments.