Free DVA-C01 Sample Questions — AWS Certified Developer Associate

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway. Amazon DynamoDB, and AWS Lambda. Which AWS service or tool should the developer use to define serverless resources in YAML?

• A. CloudFormation serverless intrinsic functions
• B. AWS Elastic Beanstalk
• C. AWS Serverless Application Model (AWS SAM)
• D. AWS Cloud Development Kit (AWS CDK)

A developer is deploying on application on Amazon EC2 instances that run in Account A. In certain cases, this application needs to read data from a private Amazon S3 bucket in Account B. The developer must provide the application access to the S3 bucket without exposing the S3 bucket to anyone else. Which combination of actions should the developer take to meet these requirements? (Choose two.)

• A. Create an IAM role with S3 read permissions in Account B
• B. Update the instance profile IAM role in Account A with S3 read permissions
• C. Make the S3 bucket public with limited access for Account A
• D. Configure the bucket policy in Account B to grant permissions to the instance profile role
• E. Add a trust policy that allows s3:Get* permissions to the IAM rote in Account B

A developer must build a mobile application that allows users to read and write data from an Amazon DynamoDB table to store user state for each unique user. The solution needs to limit data access to allow users access only to their own data. Which solution below is the most secure?

• A. Embed AWS access credentials into the application and create DynamoDB queries that limit user access
• B. Use Amazon Cognito identity pools to assign unique identifiers and provide user access
• C. Modify the DynamoDB table to allow public read and writes, then add client-side filtering
• D. Create a web portal for users to create an account on AWS Directory Service

A developer has created a Java application that makes HTTP requests directly to AWS services. Application logging shows 5xx HTTP response codes that occur at irregular intervals. The errors are affecting users. How should the developer update the application to improve the application's resiliency?

• A. Revise the request content in the application code
• B. Use the AWS SDK for Java to interact with AWS APIs
• C. Scale out the application so that more instances of the application are running
• D. Add additional logging to the application code

A company deployed an application as a set of microservices that run on Amazon Elastic Container Service (Amazon ECS) behind an Application Load Balancer (ALB). The performance of the microservices has started to degrade for a specific set of user requests. The company needs to gain deeper insight into the request behavior that is associated with the performance degradation. Which process will meet this requirement?

• A. Create a Docker image that runs the AWS X-Ray daemon. Run the image alongside the microservices in Amazon ECS. Use the X-Ray console to view requests to the microservices
• B. Perform distributed tracing based on the ALB's built-in traffic request metrics
• C. Use Amazon CloudWatch to collect metrics and logs from Amazon ECS. Perform distributed tracing based on the ECS metrics and logs
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to capture the ECS metrics and logs. Use the EventBridge console to view the requests to the microservices

A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit. Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)

• A. CacheHitCount
• B. IntegrationLatency
• C. CacheMissCount
• D. Latency
• E. Count

A developer is writing an application in Python. The application runs on AWS Lambda. The application generates a file and needs to upload this file to Amazon S3. The developer must implement this upload functionality with the least possible change to the application code. Which solution meets these requirements?

• A. Make an HTTP request directly to the S3 API to upload the file
• B. Include the AWS SDK for Python in the Lambda function. Use the SDK to upload the file
• C. Use the AWS SDK for Python that is installed in the Lambda environment to upload the file
• D. Use the AWS CLI that is installed in the Lambda environment to upload the file

A developer is working on a serverless application that needs to process any changes to an Amazon DynamoDB table with an AWS Lambda function. How should the developer configure the Lambda function to detect changes to the DynamoDB table?

• A. Create an Amazon Kinesis data stream, and attach it to the DynamoDB table. Create a trigger to connect the data stream to the Lambda function
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda function on a regular schedule. Connect to the DynamoDB table from the Lambda function to detect changes
• C. Enable DynamoDB Streams on the table. Create a trigger to connect the DynamoDB stream to the Lambda function
• D. Create an Amazon Kinesis Data Firehose delivery stream, and attach it to the DynamoDB table. Configure the delivery stream destination as the Lambda function

A company has an application that runs on AWS Elastic Beanstalk in a load-balanced environment. The company needs to update the instance types in the environment to a more recent generation of instance types. The company must minimize downtime during the deployment of this configuration change. Which deployment options will meet these requirements? (Choose two.)

• A. Disabled
• B. Rolling based on Health
• C. Immutable
• D. All at once
• E. Canary

A development team uses AWS CodeDeploy to deploy software changes to Amazon EC2 instances. The deployments begin to fail. The team traces the problem to a specific EC2 instance. The CodeDeploy agent's log file contains the following error message: InvalidSignatureException Signature expired: |time| is now earlier than |time| What is the underlying cause of this issue?

• A. The development team signed the CodeDeploy revision after the team created the deployment
• B. The development team signed the CodeDeploy revision with a key that was not valid
• C. The deployment did not finish within the specified time frame
• D. The date setting or the time setting on the EC2 instance is not correct

A developer is debugging an AWS Lambda function behind an Amazon API Gateway. Whenever the API Gateway endpoint is called, HTTP status code 200 is returned even though AWS Lambda is recording a 4xx error. What change needs to be made to return a proper error code through the API Gateway?

• A. Enable CORS in the API Gateway method settings
• B. Use a Lambda proxy integration to return HTTP codes and headers
• C. Enable API Gateway error pass-through
• D. Return the value in the header x-Amzn-ErrorType

A company is running its application on the most recent generation of hare metal Amazon EC2 instances. A developer is adding a low-latency computation feature to the application. The feature depends on highly sensitive personally identifiable information (PII). When computation occurs on unencrypted data, the feature needs to run in an isolated environment that provides CPU and memory isolation. Which solution will meet these requirements?

• A. Build and deploy the feature on the original EC2 instance store
• B. Add the now feature in the original application. Deploy the application on a Dedicated Host
• C. Package the now feature and deploy the now feature on AWS Lambda. Use AWS Key Management Service (AWS KMS) to encrypt and decrypt the PII
• D. Build and deploy the now feature as part of the original application. Run the feature on AWS Nitro Enclaves

A company has deployed a single-page application on AWS. The application stores assets in an Amazon S3 bucket. The application has an Amazon CloudFront distribution that is configured with the S3 bucket as the origin. Amazon API Gateway APIs access AWS Lambda functions that store information in an Amazon DynamoDB table. The application ingests a payload that includes 20 fields of sensitive data. Which combination of steps should a developer take to protect the sensitive data through its entire lifecycle in AWS? (Choose two.)

• A. Create a Lambda@Edge function to encrypt data when CloudFront processes a client request. Configure the distribution to invoke the Lambda@Edge function when the origin request event occurs
• B. Generate an AWS Key Management Service (AWS KMS) customer managed key that Lambda@Edge can use
• C. Create an SSL/TLS certificate in AWS Certificate Manager (ACM). Associate the certificate with the Network Load Balancer
• D. Set up a Network Load Balancer for API Gateway private integrations
• E. Store the data in the S3 bucket by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Transfer the encrypted data from the S3 bucket to the DynamoDB table

A developer is creating an Amazon DynamoDB table by using the AWS CLI. The DynamoDB table must use server-side encryption with an AWS owned encryption key. How should the developer create the DynamoDB table to meet these requirements?

• A. Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table
• B. Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table
• C. Create an AWS owned key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table
• D. Create the DynamoDB table with the default encryption options

A developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that run behind an Amazon API Gateway HTTP API. The developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities. Which solution will meet these requirements?

• A. Create Amazon Cognito user pools for external social identity providers. Configure IAM roles for the identity pools
• B. Program the sign-in page to create users' IAM groups with the IAM roles attached to the groups
• C. Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the background resources in AWS
• D. Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached IAM policy

A developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize. How should the environment variables be passed to the container?

• A. Define an array that includes the environment variables under the environment parameter within the service definition
• B. Define an array that includes the environment variables under the environment parameter within the task definition
• C. Define an array that includes the environment variables under the entryPoint parameter within the task definition
• D. Define an array that includes the environment variables under the entryPoint parameter within the service definition

A developer wants to use AWS Elastic Beanstalk to test a new version of on application in a test environment. Which deployment method offers the FASTEST deployment?

• A. Immutable
• B. Rolling
• C. Rolling with additional batch
• D. All at once

A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose two.)

• A. Use Amazon Cognito to create a user pool and create users in the user pool
• B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code
• C. Enable multi-factor authentication for the Amazon Cognito user pool
• D. Use AWS IAM to create IAM users
• E. Enable multi-factor authentication for the users created in AWS IAM

A developer needs to create an application that supports Security Assertion Markup Language (SAML) and authentication with social media providers. It must also allow access to AWS services, such as Amazon DynamoDB. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

• A. AWS AppSync
• B. Amazon Cognito identity pools
• C. Amazon Cognito user pools
• D. Amazon Lambda@Edge

A developer deploys a custom application to three Amazon EC2 instances. The application processes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue with default settings. When the developer runs a load test on the Amazon SQS queue, the developer discovers that the application processes many messages multiple times. How can the developer ensure that the application processes each message exactly once?

• A. Modify the SQS standard queue to an SQS FIFO queue
• B. Process the messages on one EC2 instance instead of three instances
• C. Create a new SQS FIFO queue. Point the application to the new queue
• D. Increase the DelaySeconds value on the current SQS queue