Amazon DVA-C02 AWS Certified Developer - Associate Exam Practice Test

Page: 1 / 14
Total 344 questions

Want more questions? Get Premium Access.
()

Question 1

A company created an application to consume and process dat

a. The application uses Amazon SQS and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly. The company needs to clear these messages to prevent the queue from becoming blocked. A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis. What is the MOST operationally efficient solution that meets these requirements?

AConfigure Amazon CloudWatch Logs to save the error messages to a separate log stream.

BCreate a new SQS queue. Set the new queue as a dead-letter queue for the application queue. Configure the Maximum Receives setting.

CChange the SQS queue to a FIFO queue. Configure the message retention period to 0 seconds.

DConfigure an Amazon CloudWatch alarm for Lambda function errors. Publish messages to an Amazon SNS topic to notify administrator users.

Answer : B

Using a dead-letter queue (DLQ) with Amazon SQS is the most operationally efficient solution for handling unprocessable messages.

Amazon SQS Dead-Letter Queue:

A DLQ is used to capture messages that fail processing after a specified number of attempts.

Allows the application to continue processing other messages without being blocked.

Messages in the DLQ can be analyzed later for debugging and resolution.

Why DLQ is the Best Option:

Operational Efficiency: Automatically defers messages with errors, ensuring the queue is not blocked.

Analysis Ready: Messages in the DLQ can be inspected to identify recurring issues.

Scalable: Works seamlessly with Lambda and SQS at scale.

Why Not Other Options:

Option A: Logs the messages but does not resolve the queue blockage issue.

Option C: FIFO queues and 0-second retention do not provide error handling or analysis capabilities.

Option D: Alerts administrators but does not handle or store the unprocessable messages.

Steps to Implement:

Create a new SQS queue to serve as the DLQ.

Attach the DLQ to the primary queue and configure the Maximum Receives setting.

Using Amazon SQS Dead-Letter Queues

Best Practices for Using Amazon SQS with AWS Lambda

Question 2

A company has a serverless application that uses an Amazon API Gateway API to invoke an AWS Lambda function. A developer creates a fix for a defect in the Lambda function code. The developer wants to deploy this fix to the production environment. To test the changes, the developer needs to send 10% of the live production traffic to the updated Lambda function version.

Options:

APublish a new version of the Lambda function that contains the updated code.

BSet up a new stage in API Gateway with a new Lambda function version. Enable weighted routing in API Gateway stages.

CCreate an alias for the Lambda function. Configure weighted routing on the alias. Specify a 10% weight for the new Lambda function version.

DSet up a routing policy on a Network Load Balancer. Configure 10% of the traffic to go to the new Lambda function version.

ESet up a weighted routing policy by using Amazon Route 53. Configure 10% of the traffic to go to the new Lambda function version.

Answer : A, C

Step 1: Understanding the Requirements

Gradual Traffic Shift: Test the new version by routing only 10% of production traffic to it.

Lambda Deployment: Use versioning and aliases to manage Lambda function updates.

Step 2: Solution Analysis

Option A:

Publishing a new version creates an immutable version of the Lambda function with the updated code.

This is a prerequisite for deploying changes using weighted aliases.

Correct option.

Option B:

API Gateway stages are not used for weighted routing; they represent environments like 'dev' or 'prod.'

Weighted routing is implemented using Lambda aliases, not API Gateway stages.

Not suitable.

Option C:

Lambda aliases allow traffic to be split between versions using weighted routing.

Assign a 90% weight to the old version and 10% to the new version to implement the gradual rollout.

Correct option.

Option D:

Network Load Balancers are not suitable for managing Lambda function traffic directly.

Not applicable.

Option E:

Route 53 routing policies apply at the DNS level and are not designed for Lambda version management.

Not suitable.

Step 3: Implementation Steps

Publish a New Version:

Publish the updated Lambda function code as a new version.

Create an Alias and Configure Weighted Routing:

Create an alias (e.g., prod) and associate it with both the old and new versions.

Set weights for traffic distribution:

aws lambda update-alias --function-name my-function \

--name prod --routing-config '{'AdditionalVersionWeights': {'2': 0.1}}'

AWS Developer Reference:

Lambda Function Aliases

Weighted Traffic Routing with Lambda

Question 3

A social media company is designing a platform that allows users to upload data, which is stored in Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that only the company can decrypt the uploaded content using an asymmetric encryption key. The data must always be encrypted in transit and at rest.

Options:

AUse server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the data.

BUse server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the data.

CUse client-side encryption with a data key to encrypt the data.

DUse client-side encryption with a customer-managed encryption key to encrypt the data.

Answer : D

Step 1: Problem Understanding

Asymmetric Encryption Requirement: Users encrypt data with a public key, and only the company can decrypt it using a private key.

Data Encryption at Rest and In Transit: The data must be encrypted during upload (in transit) and when stored in Amazon S3 (at rest).

Step 2: Solution Analysis

Option A: Server-side encryption with Amazon S3 managed keys (SSE-S3).

Amazon S3 manages the encryption and decryption keys.

This does not meet the requirement for asymmetric encryption, where the company uses a private key.

Not suitable.

Option B: Server-side encryption with customer-provided keys (SSE-C).

Requires the user to supply encryption keys during the upload process.

Does not align with the asymmetric encryption requirement.

Not suitable.

Option C: Client-side encryption with a data key.

Data key encryption is symmetric, not asymmetric.

Does not satisfy the requirement for a public-private key pair.

Not suitable.

Option D: Client-side encryption with a customer-managed encryption key.

Data is encrypted on the client side using the public key.

Only the company can decrypt the data using the corresponding private key.

Data remains encrypted during upload (in transit) and in S3 (at rest).

Correct option.

Step 3: Implementation Steps for Option D

Generate Key Pair:

The company generates an RSA key pair (public/private) for encryption and decryption.

Encrypt Data on Client Side:

Use the public key to encrypt the data before uploading to S3.

S3 Upload:

Upload the encrypted data to S3 over an HTTPS connection.

Decrypt Data on the Server:

Use the private key to decrypt data when needed.

AWS Developer Reference:

Amazon S3 Encryption Options

Asymmetric Key Cryptography in AWS

Question 4

A developer is building an application to process a stream of customer orders. The application sends processed orders to an Amazon Aurora MySQL database. The application needs to process the orders in batches.

The developer needs to configure a workflow that ensures each record is processed before the application sends each order to the database.

Options:

AUse Amazon Kinesis Data Streams to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 300.

BUse Amazon SQS to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 0.

CUse Amazon Managed Streaming for Apache Kafka (Amazon MSK) to stream the orders. Use an Amazon EC2 instance to process the orders. Configure an event source mapping for the EC2 instance, and increase the payload size limit to 36 MB.

DUse Amazon DynamoDB Streams to stream the orders. Use an Amazon ECS cluster on AWS Fargate to process the orders. Configure an event source mapping for the cluster, and set the BatchSize setting to 1.

Answer : A

Step 1: Understanding the Problem

Processing in Batches: The application must process records in groups.

Sequential Processing: Each record in the batch must be processed before writing to Aurora.

Solution Goals: Use services that support ordered, batched processing and integrate with Aurora.

Step 2: Solution Analysis

Option A:

Amazon Kinesis Data Streams supports ordered data processing.

AWS Lambda can process batches of records via event source mapping with MaximumBatchingWindowInSeconds for timing control.

Configuring the batching window ensures efficient processing and compliance with the workflow.

Correct Option.

Option B:

Amazon SQS is not designed for streaming; it provides reliable, unordered message delivery.

Setting MaximumBatchingWindowInSeconds to 0 disables batching, which is contrary to the requirement.

Not suitable.

Option C:

Amazon MSK provides Kafka-based streaming but requires custom EC2-based processing.

This increases system complexity and operational overhead.

Not ideal for serverless requirements.

Option D:

DynamoDB Streams is event-driven but lacks strong native integration for batch ordering.

Using ECS adds unnecessary complexity.

Not suitable.

Step 3: Implementation Steps for Option A

Set up Kinesis Data Stream:

Configure shards based on the expected throughput.

Configure Lambda with Event Source Mapping:

Enable Kinesis as the event source for Lambda.

Set MaximumBatchingWindowInSeconds to 300 to accumulate data for processing.

Example:

{

'EventSourceArn': 'arn:aws:kinesis:region:account-id:stream/stream-name',

'BatchSize': 100,

'MaximumBatchingWindowInSeconds': 300

}

Write Processed Data to Aurora:

Use AWS RDS Data API for efficient database operations from Lambda.

AWS Developer Reference:

Amazon Kinesis Data Streams Developer Guide

AWS Lambda Event Source Mapping

Batch Processing with Lambda

Question 5

A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment.

Which solution will meet this requirement with the LEAST operational overhead?

ASet up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.

BCreate separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.

CCreate an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.

DUse AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code.

Answer : C

Comprehensive Detailed and Lengthy Step-by-Step Explanation with All AWS Developer Reference:

1. Understanding the Use Case:

The company wants to gradually release a new feature to 15% of users to perform testing. AWS AppConfig is designed to manage and deploy configurations, including feature flags, allowing controlled rollouts.

2. Key AWS AppConfig Features:

Feature Flags: Enable or disable features dynamically without redeploying code.

Variants: Define different configurations for subsets of users.

Targeting Rules: Specify rules for which users receive a particular variant.

3. Explanation of the Options:

Option A:

'Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.'

While possible, this approach requires significant operational effort to manage user selection and ensure randomness. It does not leverage AWS AppConfig's built-in capabilities, which increases overhead.

Option B:

'Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.'

Creating multiple feature flags for different user groups complicates configuration management and does not optimize the use of AWS AppConfig.

Option C:

'Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.'

This is the correct solution. Using AWS AppConfig feature flags with variants and targeting rules is the most efficient approach. It minimizes operational overhead by leveraging AWS AppConfig's built-in targeting and rollout capabilities.

Option D:

'Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code.'

This approach requires custom implementation within the application code, increasing complexity and operational effort.

4. Implementation Steps for Option C:

Set Up AWS AppConfig:

Open the AWS Systems Manager Console.

Navigate to AppConfig.

Create a Feature Flag:

Define a new configuration for the feature flag.

Add variants (e.g., 'enabled' for the new feature and 'disabled' for no change).

Define a Targeting Rule:

Use percentage-based targeting to define a rule that applies the 'enabled' variant to 15% of users.

Targeting rules can use attributes like user IDs or geographic locations.

Deploy the Configuration:

Deploy the configuration using a controlled rollout to ensure gradual exposure.

AWS AppConfig Documentation

Feature Flags in AWS AppConfig

AWS AppConfig Targeting Rules

Question 6

A developer is creating an application that must be able to generate API responses without backend integrations. Multiple internal teams need to work with the API while the application is still in development.

Which solution will meet these requirements with the LEAST operational overhead?

ACreate an Amazon API Gateway REST API. Set up a proxy resource that has the HTTP proxy integration type.

BCreate an Amazon API Gateway HTTP API. Provision a VPC link, and set up a private integration on the API to connect to a VPC.

CCreate an Amazon API Gateway HTTP API. Enable mock integration on the method of the API resource.

DCreate an Amazon API Gateway REST API. Enable mock integration on the method of the API resource.

Answer : D

Comprehensive Detailed and Lengthy Step-by-Step Explanation with All AWS Developer Reference:

1. Understanding the Use Case:

The API needs to:

Generate responses without backend integrations: This indicates the use of mock responses for testing.

Be used by multiple internal teams during development.

Minimize operational overhead.

2. Key Features of Amazon API Gateway:

REST APIs: Fully managed API Gateway option that supports advanced capabilities like mock integrations, request/response transformation, and more.

HTTP APIs: Lightweight option for building APIs quickly. It supports fewer features but has lower operational complexity and cost.

Mock Integration: Allows API Gateway to return pre-defined responses without requiring backend integration.

3. Explanation of the Options:

Option A:

'Create an Amazon API Gateway REST API. Set up a proxy resource that has the HTTP proxy integration type.'

A proxy integration requires a backend service for handling requests. This does not meet the requirement of 'no backend integrations.'

Option B:

'Create an Amazon API Gateway HTTP API. Provision a VPC link, and set up a private integration on the API to connect to a VPC.'

This requires setting up a VPC and provisioning resources, which increases operational overhead and is unnecessary for this use case.

Option C:

'Create an Amazon API Gateway HTTP API. Enable mock integration on the method of the API resource.'

While HTTP APIs can enable mock integrations, they have limited support for advanced features compared to REST APIs, such as detailed request/response customization. REST APIs are better suited for development environments requiring mock responses.

Option D:

'Create an Amazon API Gateway REST API. Enable mock integration on the method of the API resource.'

This is the correct answer. REST APIs with mock integration allow defining pre-configured responses directly within API Gateway, making them ideal for scenarios where backend services are unavailable. It provides flexibility for testing while minimizing operational overhead.

4. Implementation Steps:

To enable mock integration with REST API:

Create a REST API in API Gateway:

Open the API Gateway Console.

Choose Create API > REST API.

Define the API Resource and Methods:

Add a resource and method (e.g., GET or POST).

Set Up Mock Integration:

Select the method, and in the Integration Type, choose Mock Integration.

Configure the Mock Response:

Define a 200 OK response with the desired response body and headers.

Deploy the API:

Deploy the API to a stage (e.g., dev) to make it accessible.

5. Why REST API Over HTTP API?

REST APIs support detailed request/response transformations and robust mock integration features, which are ideal for development and testing scenarios.

While HTTP APIs offer lower cost and simplicity, they lack some advanced features required for fine-tuned mock integrations.

Amazon API Gateway REST API Features

Mock Integration in API Gateway

Comparison of REST and HTTP APIs in API Gateway

Question 7

A developer needs to export the contents of several Amazon DynamoDB tables into Amazon S3 buckets to comply with company data regulations. The developer uses the AWS CLI to run commands to export from each table to the proper S3 bucket. The developer sets up AWS credentials correctly and grants resources appropriate permissions. However, the exports of some tables fail.

What should the developer do to resolve this issue?

AEnsure that point-in-time recovery is enabled on the DynamoDB tables.

BEnsure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

CEnsure that DynamoDB streaming is enabled for the tables.

DEnsure that DynamoDB Accelerator (DAX) is enabled.

Answer : B

Comprehensive Detailed and Lengthy Step-by-Step Explanation with All AWS Developer Reference:

1. Understanding the Use Case:

The developer needs to export DynamoDB table data into Amazon S3 buckets using the AWS CLI, and some exports are failing. Proper credentials and permissions have already been configured.

2. Key Conditions to Check:

Region Consistency:

DynamoDB exports require that the target S3 bucket and the DynamoDB table reside in the same AWS Region. If they are not in the same Region, the export process will fail.

Point-in-Time Recovery (PITR):

PITR is not required for exporting data from DynamoDB to S3. Enabling PITR allows recovery of table states at specific points in time but does not directly influence export functionality.

DynamoDB Streams:

Streams allow real-time capture of data modifications but are unrelated to the bulk export feature.

DAX (DynamoDB Accelerator):

DAX is a caching service that speeds up read operations for DynamoDB but does not affect the export functionality.

3. Explanation of the Options:

Option A:

'Ensure that point-in-time recovery is enabled on the DynamoDB tables.'

While PITR is useful for disaster recovery and restoring table states, it is not required for exporting data to S3. This option does not address the export failure.

Option B:

'Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.'

This is the correct answer. DynamoDB export functionality requires the target S3 bucket to reside in the same AWS Region as the DynamoDB table. If the S3 bucket is in a different Region, the export will fail.

Option C:

'Ensure that DynamoDB streaming is enabled for the tables.'

Streams are useful for capturing real-time changes in DynamoDB tables but are unrelated to the export functionality. This option does not resolve the issue.

Option D:

'Ensure that DynamoDB Accelerator (DAX) is enabled.'

DAX accelerates read operations but does not influence the export functionality. This option is irrelevant to the issue.

4. Resolution Steps:

To ensure successful exports:

Verify the Region of the DynamoDB tables:

Check the Region where each table is located.

Verify the Region of the target S3 buckets:

Confirm that the target S3 bucket for each export is in the same Region as the corresponding DynamoDB table.

If necessary, create new S3 buckets in the appropriate Regions.

Run the export command again with the correct setup:

aws dynamodb export-table-to-point-in-time \

--table-name <TableName> \

--s3-bucket <BucketName> \

--s3-prefix <Prefix> \

--export-time <ExportTime> \

--region <Region>

Exporting DynamoDB Data to Amazon S3

S3 Bucket Region Requirements for DynamoDB Exports

AWS CLI Reference for DynamoDB Export