Scroll down to see your responses and detailed results
Prepare for the AWS Certified Developer Associate DVA-C02 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
Which configuration under Amazon API Gateway allows a developer to associate a REST API with a custom domain name?
Custom Domain Names
Resource Policies
Base Path Mapping
Stage Variables
API Gateway Custom Domain Names are used to define a custom domain for your API Gateway APIs and map individual paths to different stages in your API. This functionality enables serverless applications to be accessible via human-friendly URLs. Custom Domain Names are distinctly different from Stages, which are essentially different snapshots of your API and do not inherently provide the means to use custom URLs.
AI Generated Content may display inaccurate information, always double-check anything important.
A company is looking to encrypt data at rest for their Amazon DynamoDB table, which contains sensitive information. They want to guarantee that the encryption does not affect the performance of their application. Which service should they use to accomplish this without managing server-side encryption themselves?
Implement client-side encryption before storing the data in the DynamoDB table
Force all connections to the DynamoDB table to use SSL/TLS
Enable Amazon DynamoDB's default encryption at rest using AWS managed keys
Create an IAM role with a policy that enforces encryption at rest
Using AWS managed encryption with Amazon DynamoDB provides transparent data encryption at rest without affecting the performance of the application. It uses AWS Key Management Service (AWS KMS) to manage the encryption keys, which eliminates the overhead of managing server-side encryption directly. While client-side encryption could also protect data at rest, it would add complexity to the application and could impact performance. Additionally, SSL/TLS ensures encryption in transit but does not encrypt data at rest, and IAM roles are used for access control and do not address encryption needs.
AI Generated Content may display inaccurate information, always double-check anything important.
What best describes the practice of periodically changing the encryption key used to secure data in AWS?
Key agreement
Key rotation
Key revocation
Key escrow
Key rotation refers to the practice of regularly changing encryption keys, which is a security best practice to limit the amount of data encrypted with a single key and to decrease the chances of unauthorized access. This is important to minimize the risk associated with the potential compromise of encryption keys. Enabling key rotation allows this process to occur automatically, and it helps in maintaining a stronger security posture.
AI Generated Content may display inaccurate information, always double-check anything important.
Your web application is experiencing unpredictable traffic spikes, leading to increased latency and timeouts. To address this, you aim to implement a caching strategy to store frequently accessed data. Which service should you use to cache query results and reduce database load while also providing a distributed in-memory cache that can scale with your application traffic?
Amazon Relational Database Service (RDS)
Amazon CloudFront
Amazon ElastiCache
Amazon Elastic Beanstalk
Amazon ElastiCache is a fully managed in-memory caching service compatible with Redis or Memcached that can improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying solely on slower disk-based databases. It also offers automatic scaling to handle traffic spikes, making it an ideal solution for the scenario described. Amazon RDS is a relational database service, not a caching service, and does not offer in-memory caching capabilities. Amazon CloudFront is primarily used as a Content Delivery Network (CDN) for caching static web content geographically closer to users, but would not be appropriate for caching database query results. Amazon Elastic Beanstalk is an orchestration service for deploying infrastructure which includes a variety of services, but itself is not a caching solution.
AI Generated Content may display inaccurate information, always double-check anything important.
To increase the transparency into the performance of a critical web application, a developer needs to record event-specific information that can indicate the system's health. Without altering the existing infrastructure setup, which method should the developer choose to directly integrate this telemetry capture within the application's code base?
Utilize a configuration management service to automate the creation of telemetry resources for the monitoring service.
Adapt the system agent pre-installed on the host machine to gather and dispatch the new set of metrics.
Incorporate the necessary API calls to the monitoring service to transmit the custom telemetry data as required.
Leverage the high-level functionalities of a software development kit to streamline the transmission process of telemetry data.
The correct method for a developer to directly insert custom telemetry from within the application is to use the monitoring service's API to publish these metrics. This technique is immediate, requires minimal additional setup, and enables straightforward integration into the code base. The other options, such as utilizing configuration management tools, system agents for metric collection, or SDKs that simplify API interactions, are valid in certain contexts but may be more indirect or less efficient for the task of custom metric emission directly from the application.
AI Generated Content may display inaccurate information, always double-check anything important.
A software company utilizes AWS Lambda for deploying a mission-critical application. In their upcoming release, they plan to incorporate a canary release strategy to introduce a new feature incrementally while mitigating risks. Assuming they already have a Lambda alias for their production environment, how should the company configure the alias to slowly route a small percentage of user traffic to the new feature while the majority still accesses the stable version?
Adjust the production alias to serve both the old and the new Lambda versions, and configure the alias routing with a small weight towards the new version, gradually increasing it based on the monitoring results.
Deploy the new version as a separate Lambda function without an alias and manually invoke the new function to represent a percentage of total traffic.
Configure the Lambda alias to immediately redirect 100% of traffic to the new version to test the new feature in live conditions.
Deploy the new feature as a new Lambda function and update the production alias configuration to point solely to the new function, relying on Lambda's inherent traffic shifting capabilities.
The team should update their production alias to point to both the old and new versions of the Lambda function and then use version weights within the alias configuration to specify the percentage of traffic that each version receives. This setup allows them to control the traffic flow and incrementally increase the weight towards the new version as confidence in stability increases. Assigning 100% to one version, updating the function code directly, or deploying without aliases, does not provide the gradual traffic shifting capability required for a canary release strategy. Therefore, careful allocation of weights to the alias is the correct approach.
AI Generated Content may display inaccurate information, always double-check anything important.
When using the AWS SDK for Python (Boto3) to perform an operation on an Amazon S3 bucket, which exception would typically be raised if the specified bucket does not exist?
BucketNotFound
NoSuchBucket
S3BucketMissing
ClientError
The NoSuchBucket
error occurs when a specified bucket does not exist in Amazon S3. When operations such as reading from or writing to an S3 bucket are attempted and the bucket name provided in the request does not exist or is not spelled correctly, the S3 service will respond with a NoSuchBucket
error, which is then raised by the AWS SDK as an exception. BucketNotFound
and S3BucketMissing
are not standard exceptions raised by the AWS SDK for issues regarding nonexistent S3 buckets. While ClientError
is a generic exception that might be raised by Boto3, it is not specific to the case where a bucket does not exist.
AI Generated Content may display inaccurate information, always double-check anything important.
Which design pattern allows components of a system to interact with each other with minimal interdependencies, thereby enhancing flexibility and maintenance?
Tightly coupled design
Monolithic design
Choreography pattern
Loosely coupled design
Loosely coupled components communicate with each other in a way that reduces the dependencies between them, which makes it easier to maintain and update one component without affecting the others. This is opposed to tightly coupled components, where components depend heavily on each other, making changes more difficult without affecting the entire system.
AI Generated Content may display inaccurate information, always double-check anything important.
A developer has deployed a web application that is exhibiting intermittent failures. To effectively monitor application behavior and quickly pinpoint these issues, which service could be used to analyze log data in real time and trigger appropriate responses based on specific log patterns?
Utilize Amazon RDS Performance Insights for log events assessment.
Implement Amazon S3 event notifications to monitor log object changes.
Use Amazon CloudWatch Logs to establish metric filters and alarms.
Set up AWS Lambda to poll logs periodically and act on them.
Amazon CloudWatch Logs is the suitable service for analyzing log data in real time and setting up mechanisms to act upon particular log patterns, such as setting up metric filters and alarms. It facilitates the continuous monitoring, storing, and accessing log files. Additionally, application issues can be addressed rapidly by using its features to trigger automated responses. Options involving other services are incorrect as they are not primarily used for log data analysis or don't support triggering actions based on log events.
AI Generated Content may display inaccurate information, always double-check anything important.
A developer is troubleshooting an application that intermittently fails to connect to an Amazon RDS database instance. The logs indicate occasional connection timeouts. The application and database have not been modified recently, and there is no predictable pattern for the timeout occurrences. After ensuring there are no network issues and the database is healthy, what should the developer investigate NEXT to identify the root cause?
Profile the application code to identify any performance bottlenecks that could cause delays.
Inspect the number of database connections and ensure proper management in the application's connection pooling configuration.
Review the application's usage of Amazon SQS to check for any unprocessed messages accumulating in a dead-letter queue.
Analyze the application's interaction with the Amazon EC2 instance to gauge the processing time of web requests.
Check for any misconfigured request headers impacting CloudFront distributions, assuming it serves content to the application.
Enable AWS X-Ray tracing for in-depth analysis of the underlying Lambda function's execution flow.
When experiencing intermittent connection timeouts to an RDS database that is otherwise healthy and without network issues, it is important to check the number of database connections. RDS instances have a limit on the number of concurrent connections they can handle. If an application sporadically opens too many connections, it might hit this limit, leading to connection timeouts. Inspecting the connection patterns and pool management in the application code or configuration is the next logical step to identifying the issue. Other provided incorrect options are either less related to the symptoms described (such as inspecting SQS for dead-letter queues or reviewing CloudFront distributions when there's no mention of these services being part of the issue) or are too broad and do not specifically address the intermittent connection timeouts (like general code profiling that does not focus on the connections).
AI Generated Content may display inaccurate information, always double-check anything important.
A development team is utilizing a CI/CD service provided by AWS to streamline their application deployment. They have automated their release process but require a senior developer's sign-off before the application is pushed to the live environment. Which step should be taken to guarantee that the senior developer is notified to review and approve the release after the automated tests pass?
Implement an approval action linked to a notification mechanism using an Amazon SNS topic which the senior developer is subscribed to for email alerts.
Develop a function within a serverless compute service to dispatch emails after validation checks have been passed.
Configure a monitoring service to send an alert to the senior developer when the automated testing phase succeeds.
Arrange for a service hook to issue an email notice to the senior developer upon the conclusion of the verification procedures.
The question aims to validate the candidate's knowledge of setting up notifications for manual approval processes. The correct configuration would be to utilize an approval action that leverages Amazon SNS for email notifications. The senior developer would receive these notifications as they would be subscribed to the designated SNS topic. The incorrect answers involve using unrelated AWS services, like CloudWatch, which is primarily for monitoring and alarms, and AWS Lambda, which does serve for custom automation tasks but is not directly related to notification setup for pipeline approvals. The mention of webhooks also does not directly pertain to this scenario, as they are generally used for external event triggering rather than user notifications for approvals.
AI Generated Content may display inaccurate information, always double-check anything important.
Your development team is creating a web application that should allow users to authenticate using their corporate Active Directory credentials. The team has decided to employ Amazon Cognito to facilitate this process. Which combination of Amazon Cognito features should be used to integrate the corporate Active Directory and provide authenticated user sessions?
Combine Amazon Cognito Identity Pools with SAML based federation
Integrate AWS IAM Identity Center with Amazon Cognito User Pools
Configure AWS Directory Service with Amazon Cognito User Pools
Use Amazon Cognito User Pools with corporate Active Directory as a custom identity provider
To integrate corporate Active Directory with Amazon Cognito and provide authenticated sessions, the team should set up an Amazon Cognito Identity Pool with SAML-based federation. Identity Pools support federating users from external identity providers through SAML 2.0, which is typically used for enterprise identity federation. Additionally, Amazon Cognito User Pools would be necessary if the team requires a user directory to manage user profiles. However, the integration of User Pools alone would not suffice for federating with Active Directory. IAM Identity Center (formerly AWS SSO) is for centralizing user access to AWS accounts and business applications, which is not the requirement here. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, is not appropriate in this situation since it is used to run Microsoft Active Directory on AWS, and not for integrating web application sign-in directly.
AI Generated Content may display inaccurate information, always double-check anything important.
As part of setting up the CI/CD pipeline for a newly developed serverless application, your team needs to ensure that code changes are automatically tested before they are merged into the main branch of the repository. Which service would you use to perform this action after every commit?
CodePipeline
CodeBuild
CodeDeploy
CodeCommit
The correct service for the scenario described is CodeBuild, which has the capacity to automatically execute unit tests and other commands each time there is an update to the repository, ensuring that new commits don't break the application. CodeDeploy is mainly focused on deployment tasks and doesn't inherently run tests. CodePipeline is responsible for orchestrating the flow of updates, rather than executing the tests themselves. CodeCommit is a source control service and does not directly handle testing; it would integrate with other tools to achieve this functionality.
AI Generated Content may display inaccurate information, always double-check anything important.
Your company is deploying a new microservice on AWS that will access an Amazon DynamoDB table to only read records. As an AWS developer, you are tasked with ensuring that the microservice's access adheres to the principle of least privilege. Which of the following would be the most appropriate action to take?
Remove any DynamoDB permissions from the microservice as it can assume the required permissions dynamically at runtime
Create an IAM policy that includes dynamodb:PutItem
and dynamodb:UpdateItem
and attach it to the microservice's IAM role
Create an IAM policy with permissions for dynamodb:GetItem
, dynamodb:BatchGetItem
, dynamodb:Query
, and dynamodb:Scan
and attach it to the microservice's IAM role
Grant the microservice full access to the Amazon DynamoDB table
Creating an IAM policy with permissions to allow only dynamodb:GetItem
, dynamodb:BatchGetItem
, dynamodb:Query
, and dynamodb:Scan
and attaching it to the IAM role assumed by the microservice would strictly limit the microservice to read operations, adhering to the principle of least privilege. Granting full access to DynamoDB would grant more permissions than necessary for the microservice, contrary to the principle of least privilege, while dynamodb:PutItem
and dynamodb:UpdateItem
are write operations and should not be included if the microservice is intended to only read records.
AI Generated Content may display inaccurate information, always double-check anything important.
Your application hosted on a cloud platform requires encrypted communication channels to prevent eavesdropping. As a best practice, how should you handle the certificate lifecycle for securing these channels?
Regularly engage in a manual process to update and manage the required credentials on the respective servers.
Implement a certificate manager to automate the lifecycle management, including the renewal and application of necessary credentials for secured channels.
Maintain necessary credentials in a publicly accessible object storage service and programmatically pull them when initializing secured channels.
Apply universally accepted public credentials for the encryption of all channels, both public and private, within the application's architecture.
Automating the certificate lifecycle with an integrated certificate manager helps ensure that encryption on communication channels remains uninterrupted by automatically renewing and deploying certificates before they expire. This minimizes the risk of service disruption due to expired credentials. Handling certificate rotation manually increases the potential for human error and service outages. Storing sensitive materials in an object storage service without added security layers is not in line with best practice due to potential unauthorized access risk. Utilizing public certificates for all communication channels, including private or internal, can imply exposure to external validation and may not be suitable for sensitive or closed-network environments.
AI Generated Content may display inaccurate information, always double-check anything important.
Looks like that's it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features