68 Essential DVA-C02 Questions to Master AWS Development

A developer wants to package a Lambda function as a container image to include a large machine learning model. Where should the container image be stored so that Lambda can access it?

A developer is creating a policy for an IAM role. The policy must allow all actions on EC2 (`ec2:*`) but explicitly forbid terminating instances (`ec2:TerminateInstances`). How should the IAM policy be structured?

A developer needs to programmatically create, update, and delete AWS infrastructure using a familiar programming language like Python or TypeScript instead of writing YAML/JSON templates. Which AWS Infrastructure as Code (IaC) tool should be used?

A Lambda function is experiencing high latency during its first invocation after a period of inactivity. Subsequent invocations are much faster. What is this phenomenon called, and what is a common strategy to mitigate it for latency-sensitive applications?

A developer needs to package a Lambda function and its dependencies. The total size of the deployment package is over 50 MB, but less than 250 MB. How should the developer deploy this function?

A web application requires user sign-up, sign-in, and management of user profiles. The developer wants to offload this functionality to a managed service that also supports federation with social identity providers like Google and Facebook. Which AWS service should be used?

When deploying a containerized application to Amazon ECS, the developer wants AWS to manage the underlying EC2 instances, including patching and scaling. The developer only wants to define the task (container definitions, CPU, memory). What ECS launch type should be used?

A developer needs to deploy a new version of a Lambda function with minimal risk. The strategy should involve directing a small percentage of production traffic (e.g., 10%) to the new version first. If it performs well, traffic can be gradually increased. What deployment strategy does this describe?

A developer needs to deploy a Dockerized web application to AWS. The service should automatically handle load balancing, auto scaling, and application health monitoring with minimal configuration. The developer wants a simple, PaaS-like experience. Which service is the best fit?

A CloudFormation stack update fails. By default, what is the state of the stack after the failure?

Which of the following is a key characteristic of a ‘stateless’ application?

A developer is writing unit tests for a Lambda function that interacts with S3. To avoid making actual API calls to S3 during the tests, what is a common practice?

What does an explicit `Deny` in an IAM policy statement do?

When configuring a DynamoDB table, a developer chooses a partition key with low cardinality (e.g., a ‘status’ field with only three possible values: ‘pending’, ‘complete’, ‘failed’). What is the likely performance consequence of this design?

An application is reading data from a DynamoDB global secondary index (GSI). The query is using a filter expression, but the developer notices that this is consuming a large number of read capacity units (RCUs), even for queries that return few items. What is the reason for this high RCU consumption?

A developer is building a serverless application where a Lambda function needs to read data from a DynamoDB table. To adhere to security best practices, how should the Lambda function be configured to access the DynamoDB table?

Which section of an AWS CloudFormation template is mandatory?

A Lambda function is experiencing high latency during its first invocation after a period of inactivity. Subsequent invocations are much faster. What is this phenomenon called, and what is a common strategy to mitigate it for latency-sensitive applications?

A developer wants to model and provision a serverless application consisting of Lambda functions, an API Gateway, and a DynamoDB table using infrastructure as code. They prefer a simplified, declarative syntax focused on serverless resources. Which AWS service or framework is most appropriate?

A developer needs to deploy a new version of a Lambda function with minimal risk. The strategy should involve directing a small percentage of production traffic (e.g., 10%) to the new version first. If it performs well, traffic can be gradually increased. What deployment strategy does this describe?

To improve the read performance of a high-traffic, read-heavy RDS for PostgreSQL database, what is the MOST effective strategy?

A developer needs to create a REST API endpoint that returns a list of items from a DynamoDB table. The integration should be as fast as possible, without invoking a Lambda function for this simple read operation. How can this be achieved in API Gateway?

A developer is using the AWS CLI and needs to work with multiple AWS accounts. What is the recommended way to configure the CLI to easily switch between accounts without repeatedly entering credentials?

A developer is creating a CloudFormation template and needs to set the EC2 instance type based on the environment (e.g., ‘t2.micro’ for dev, ‘m5.large’ for prod) that is specified as an input parameter. Which section of the template should be used to define this mapping?

A developer is building a serverless application where a Lambda function needs to read data from a DynamoDB table. To adhere to security best practices, how should the Lambda function be configured to access the DynamoDB table?

A developer needs to ensure that write operations to a DynamoDB table do not overwrite updates made by another process. For example, if two users try to update an item’s quantity at the same time, the final result should reflect both changes correctly. What is the recommended strategy for this?

What is the purpose of the `sam deploy –guided` command in the AWS SAM CLI?

A developer is using the AWS CLI and needs to work with multiple AWS accounts. What is the recommended way to configure the CLI to easily switch between accounts without repeatedly entering credentials?

An application needs to publish messages to a large number of subscribers. Some subscribers are SQS queues, some are Lambda functions, and some are external HTTP endpoints. The application should not need to know the details of each subscriber. Which service facilitates this pub/sub messaging pattern?

An S3 bucket is configured to host a static website. When users try to access the website using the S3 website endpoint URL, they receive a 403 Forbidden error. The objects in the bucket are not publicly accessible. What is the most likely cause and solution?

Which section of an AWS CloudFormation template is mandatory?

When configuring a DynamoDB table, a developer chooses a partition key with low cardinality (e.g., a ‘status’ field with only three possible values: ‘pending’, ‘complete’, ‘failed’). What is the likely performance consequence of this design?

A developer needs to store sensitive database credentials that an application on an EC2 instance will use. The credentials must be rotated automatically every 30 days. Which AWS service is best suited for this requirement?

An application needs to store and retrieve large objects (e.g., videos and images) up to several gigabytes in size. The objects must be highly durable and available. Which storage service is the most appropriate choice?

A Lambda function processes sensitive data and must write its logs to CloudWatch Logs. How can a developer ensure that the log data is protected at rest in CloudWatch Logs?

A developer needs to ensure that write operations to a DynamoDB table do not overwrite updates made by another process. For example, if two users try to update an item’s quantity at the same time, the final result should reflect both changes correctly. What is the recommended strategy for this?

A developer needs to configure an Application Load Balancer (ALB) to route traffic to different target groups based on the hostname in the request (e.g., `api.example.com` goes to one group, `www.example.com` goes to another). What feature of the ALB listener should be used?

An application is reading data from a DynamoDB global secondary index (GSI). The query is using a filter expression, but the developer notices that this is consuming a large number of read capacity units (RCUs), even for queries that return few items. What is the reason for this high RCU consumption?

A developer is using AWS CodeCommit as a source repository. Which of the following is a valid method for authenticating Git commands from a local development machine?

A developer wants to ensure that an API endpoint is idempotent, meaning that making the same POST request multiple times has the same effect as making it once. What is a common technique to implement idempotency in an API design?

A developer wants to package a Lambda function as a container image to include a large machine learning model. Where should the container image be stored so that Lambda can access it?

What is the function of the AWS SDK in application development?

What is the purpose of the `sam deploy –guided` command in the AWS SAM CLI?

A developer needs to package a Lambda function and its dependencies. The total size of the deployment package is over 50 MB, but less than 250 MB. How should the developer deploy this function?

A developer needs to configure an Application Load Balancer (ALB) to route traffic to different target groups based on the hostname in the request (e.g., `api.example.com` goes to one group, `www.example.com` goes to another). What feature of the ALB listener should be used?

An application needs to publish messages to a large number of subscribers. Some subscribers are SQS queues, some are Lambda functions, and some are external HTTP endpoints. The application should not need to know the details of each subscriber. Which service facilitates this pub/sub messaging pattern?

An application is being refactored from a monolith to a microservices architecture. The developer needs a service to orchestrate a complex, multi-step workflow that involves several Lambda functions, some of which may run for a long time. The workflow requires error handling, retries, and parallel execution branches. Which AWS service is best suited for this?

A developer needs to provide an application running on-premises with temporary, limited-privilege access to an S3 bucket. The company uses an identity provider that supports SAML 2.0. Which AWS STS API call should be used to get temporary AWS credentials?

An S3 bucket is configured to host a static website. When users try to access the website using the S3 website endpoint URL, they receive a 403 Forbidden error. The objects in the bucket are not publicly accessible. What is the most likely cause and solution?

A team is using AWS CodePipeline to automate their release process. They need to add a stage where a manager must manually approve the deployment before it proceeds to the production environment. How can this be achieved in CodePipeline?

A Lambda function needs to be triggered whenever a new object is created in a specific S3 bucket. How should this be configured?

An application is designed using an event-driven architecture. A single event from an SNS topic needs to be processed independently and in parallel by multiple downstream services (SQS queues, Lambda functions, etc.). Which architectural pattern should be implemented?

An API Gateway REST API must be accessible only from within a specific VPC. No traffic from the public internet should be able to reach the API. What type of API endpoint should be configured?

A developer is using AWS CodeCommit as a source repository. Which of the following is a valid method for authenticating Git commands from a local development machine?

A Lambda function written in Python needs to use an external library that is not included in the AWS SDK. How should this dependency be included in the Lambda deployment package?

A developer needs to give an EC2 instance permission to call the S3 `GetObject` API. The EC2 instance is already running. What is the most secure and efficient way to grant these permissions?

An application writes data to a Kinesis Data Stream. A Lambda function is configured to process records from this stream. Under heavy load, the Lambda function is getting throttled and cannot keep up with the incoming data. What is the most direct way to increase the processing capacity of the Kinesis-Lambda integration?

What is the primary purpose of a `buildspec.yml` file in an AWS CodeBuild project?

During a CI/CD pipeline run with CodeBuild, the build process needs access to a password stored in AWS Secrets Manager. What is the recommended way to provide this access?

A developer is building a stateless REST API using API Gateway and Lambda. Where should the application’s session state (e.g., user login status, shopping cart contents) be stored?

An application is being refactored from a monolith to a microservices architecture. The developer needs a service to orchestrate a complex, multi-step workflow that involves several Lambda functions, some of which may run for a long time. The workflow requires error handling, retries, and parallel execution branches. Which AWS service is best suited for this?

A developer needs to configure a CloudWatch alarm that triggers when a Lambda function’s error rate exceeds 5% over a 10-minute period. However, the standard `Errors` and `Invocations` metrics are not sufficient to create this specific alarm directly. What feature of CloudWatch can be used to create the required alarm?

A developer is building a stateless REST API using API Gateway and Lambda. Where should the application’s session state (e.g., user login status, shopping cart contents) be stored?

A developer is using AWS CodeDeploy to deploy an application to a fleet of EC2 instances. The deployment fails on a few instances. By default, what will CodeDeploy do?

What is a primary use case for Amazon EventBridge?

A web application requires user sign-up, sign-in, and management of user profiles. The developer wants to offload this functionality to a managed service that also supports federation with social identity providers like Google and Facebook. Which AWS service should be used?

An X-Ray service map shows that a downstream microservice is a significant bottleneck, with high latency. The developer wants to capture more detailed timing information about the specific database queries being made within that service. What should be added to the service’s code?

A developer needs to configure a custom domain name for an API deployed with API Gateway. The API also needs to be secured with an SSL/TLS certificate. Which service should be used to provide and manage the certificate?

A developer needs to deploy a Dockerized web application to AWS. The service should automatically handle load balancing, auto scaling, and application health monitoring with minimal configuration. The developer wants a simple, PaaS-like experience. Which service is the best fit?

A developer needs to store sensitive database credentials that an application on an EC2 instance will use. The credentials must be rotated automatically every 30 days. Which AWS service is best suited for this requirement?

A developer is using the AWS CDK to define their infrastructure. What is the purpose of the `cdk synth` command?

A developer needs to use the AWS CLI to get details about a specific EC2 instance, but only wants to see the `InstanceId`, `InstanceType`, and `State`. How can the output be filtered on the client side to show only these fields?

A Lambda function written in Python needs to use an external library that is not included in the AWS SDK. How should this dependency be included in the Lambda deployment package?

An application deployed using AWS Elastic Beanstalk needs to be updated. The developer wants to ensure zero downtime during the update and wants to have a new, fully functional environment running alongside the old one for a period of time to allow for testing before switching traffic. Which Elastic Beanstalk deployment method is most suitable?

A Lambda function is configured to process messages from an SQS queue. Some messages contain invalid data that causes the function to fail and throw an exception. These ‘poison pill’ messages are repeatedly retried, blocking other valid messages. What should be configured to handle these failed messages?

A REST API built with API Gateway and Lambda needs to handle different business logic based on the HTTP method (GET, POST, DELETE) for the same resource path (e.g., `/items`). How should this be configured in API Gateway?

An application running on EC2 instances processes messages from an SQS standard queue. During periods of high load, some messages are processed more than once, causing data duplication. What is the most effective way to prevent this issue while maintaining high throughput?

A developer needs to store application configuration data, including database connection strings and feature flags, in a centralized location. Some of this data is sensitive. The application should be able to retrieve this configuration dynamically. Which service provides a simple key-value store suitable for both plain-text and encrypted configuration data?

A developer is writing unit tests for a Lambda function that interacts with S3. To avoid making actual API calls to S3 during the tests, what is a common practice?

An application needs to cache frequently accessed data from a database to reduce latency and database load. The caching solution must support advanced data structures like sorted sets and lists, and offer replication for high availability. Which ElastiCache engine should be chosen?

What is the primary purpose of a `buildspec.yml` file in an AWS CodeBuild project?

Which AWS service is a fully managed source control service that hosts secure Git-based repositories?

An application needs to cache frequently accessed data from a database to reduce latency and database load. The caching solution must support advanced data structures like sorted sets and lists, and offer replication for high availability. Which ElastiCache engine should be chosen?

A developer is creating a policy for an IAM role. The policy must allow all actions on EC2 (`ec2:*`) but explicitly forbid terminating instances (`ec2:TerminateInstances`). How should the IAM policy be structured?

An API Gateway endpoint is protected by a Cognito User Pool authorizer. What must the client include in the request to be authenticated successfully?

A developer is creating a CloudFormation template and needs to set the EC2 instance type based on the environment (e.g., ‘t2.micro’ for dev, ‘m5.large’ for prod) that is specified as an input parameter. Which section of the template should be used to define this mapping?

An API Gateway REST API must be accessible only from within a specific VPC. No traffic from the public internet should be able to reach the API. What type of API endpoint should be configured?

A Lambda function needs to be triggered whenever a new object is created in a specific S3 bucket. How should this be configured?

A developer needs to provide an application running on-premises with temporary, limited-privilege access to an S3 bucket. The company uses an identity provider that supports SAML 2.0. Which AWS STS API call should be used to get temporary AWS credentials?

A developer needs to configure a custom domain name for an API deployed with API Gateway. The API also needs to be secured with an SSL/TLS certificate. Which service should be used to provide and manage the certificate?

A team uses a Git repository in AWS CodeCommit. They want to ensure that all code pushed to the `main` branch has been reviewed and approved by another team member. How can this be enforced?

An API is built using API Gateway with a Lambda integration. The API should return a custom HTTP status code (e.g., 201 Created) and custom headers. What type of integration must be used?

To trace and analyze user requests as they travel through a distributed system composed of API Gateway, Lambda, and DynamoDB, a developer needs to visualize the entire request path, identify performance bottlenecks, and debug errors. Which AWS service should be used?

A REST API built with API Gateway and Lambda needs to handle different business logic based on the HTTP method (GET, POST, DELETE) for the same resource path (e.g., `/items`). How should this be configured in API Gateway?

A developer needs to give an EC2 instance permission to call the S3 `GetObject` API. The EC2 instance is already running. What is the most secure and efficient way to grant these permissions?

A CloudFormation stack update fails. By default, what is the state of the stack after the failure?

A team uses a Git repository in AWS CodeCommit. They want to ensure that all code pushed to the `main` branch has been reviewed and approved by another team member. How can this be enforced?

A developer needs to configure a CloudWatch alarm that triggers when a Lambda function’s error rate exceeds 5% over a 10-minute period. However, the standard `Errors` and `Invocations` metrics are not sufficient to create this specific alarm directly. What feature of CloudWatch can be used to create the required alarm?

A Lambda function processes sensitive data and must write its logs to CloudWatch Logs. How can a developer ensure that the log data is protected at rest in CloudWatch Logs?

To optimize DynamoDB costs for a table with unpredictable read/write traffic, which capacity mode should be used?

A team is using AWS CodePipeline to automate their release process. They need to add a stage where a manager must manually approve the deployment before it proceeds to the production environment. How can this be achieved in CodePipeline?

A developer wants to ensure that an API endpoint is idempotent, meaning that making the same POST request multiple times has the same effect as making it once. What is a common technique to implement idempotency in an API design?

A developer needs to create a REST API endpoint that returns a list of items from a DynamoDB table. The integration should be as fast as possible, without invoking a Lambda function for this simple read operation. How can this be achieved in API Gateway?

An application needs to process a real-time stream of data, such as clickstream data from a website. The data must be processed in order for each user, and multiple consumers must be able to read the same stream concurrently. Which service is designed for this use case?

A developer is writing a Python application using the Boto3 SDK to interact with DynamoDB. The application needs to write an item to a table but only if an item with the same primary key does not already exist. How can this be achieved efficiently?

A developer wants to model and provision a serverless application consisting of Lambda functions, an API Gateway, and a DynamoDB table using infrastructure as code. They prefer a simplified, declarative syntax focused on serverless resources. Which AWS service or framework is most appropriate?

An application needs to store and retrieve large objects (e.g., videos and images) up to several gigabytes in size. The objects must be highly durable and available. Which storage service is the most appropriate choice?

When deploying a containerized application to Amazon ECS, the developer wants AWS to manage the underlying EC2 instances, including patching and scaling. The developer only wants to define the task (container definitions, CPU, memory). What ECS launch type should be used?

A developer is using AWS CodeDeploy to deploy an application to a fleet of EC2 instances. The deployment fails on a few instances. By default, what will CodeDeploy do?

What is the function of the AWS SDK in application development?

An API Gateway endpoint is protected by a Cognito User Pool authorizer. What must the client include in the request to be authenticated successfully?

An application consists of an API Gateway that invokes a Lambda function. The developer wants to validate the body of incoming POST requests against a JSON Schema before the request is sent to the Lambda function. How can this be achieved?

To improve the read performance of a high-traffic, read-heavy RDS for PostgreSQL database, what is the MOST effective strategy?

What does an explicit `Deny` in an IAM policy statement do?

An application writes data to a Kinesis Data Stream. A Lambda function is configured to process records from this stream. Under heavy load, the Lambda function is getting throttled and cannot keep up with the incoming data. What is the most direct way to increase the processing capacity of the Kinesis-Lambda integration?

A developer needs to use the AWS CLI to get details about a specific EC2 instance, but only wants to see the `InstanceId`, `InstanceType`, and `State`. How can the output be filtered on the client side to show only these fields?

A developer wants to reduce the size of a Lambda deployment package. The function uses several large, common libraries that are also used by other functions. What is the most efficient way to manage these shared libraries?

A developer needs to store application configuration data, including database connection strings and feature flags, in a centralized location. Some of this data is sensitive. The application should be able to retrieve this configuration dynamically. Which service provides a simple key-value store suitable for both plain-text and encrypted configuration data?

An application is designed using an event-driven architecture. A single event from an SNS topic needs to be processed independently and in parallel by multiple downstream services (SQS queues, Lambda functions, etc.). Which architectural pattern should be implemented?

An X-Ray service map shows that a downstream microservice is a significant bottleneck, with high latency. The developer wants to capture more detailed timing information about the specific database queries being made within that service. What should be added to the service’s code?

An application consists of an API Gateway that invokes a Lambda function. The developer wants to validate the body of incoming POST requests against a JSON Schema before the request is sent to the Lambda function. How can this be achieved?

To optimize DynamoDB costs for a table with unpredictable read/write traffic, which capacity mode should be used?

An application deployed using AWS Elastic Beanstalk needs to be updated. The developer wants to ensure zero downtime during the update and wants to have a new, fully functional environment running alongside the old one for a period of time to allow for testing before switching traffic. Which Elastic Beanstalk deployment method is most suitable?

A developer wants to reduce the size of a Lambda deployment package. The function uses several large, common libraries that are also used by other functions. What is the most efficient way to manage these shared libraries?

An API is built using API Gateway with a Lambda integration. The API should return a custom HTTP status code (e.g., 201 Created) and custom headers. What type of integration must be used?

A Lambda function is configured to process messages from an SQS queue. Some messages contain invalid data that causes the function to fail and throw an exception. These ‘poison pill’ messages are repeatedly retried, blocking other valid messages. What should be configured to handle these failed messages?

An application needs to process a real-time stream of data, such as clickstream data from a website. The data must be processed in order for each user, and multiple consumers must be able to read the same stream concurrently. Which service is designed for this use case?

During a CI/CD pipeline run with CodeBuild, the build process needs access to a password stored in AWS Secrets Manager. What is the recommended way to provide this access?

A developer needs to programmatically create, update, and delete AWS infrastructure using a familiar programming language like Python or TypeScript instead of writing YAML/JSON templates. Which AWS Infrastructure as Code (IaC) tool should be used?

Which of the following is a key characteristic of a ‘stateless’ application?

A developer is writing a Python application using the Boto3 SDK to interact with DynamoDB. The application needs to write an item to a table but only if an item with the same primary key does not already exist. How can this be achieved efficiently?

Which AWS service is a fully managed source control service that hosts secure Git-based repositories?

To trace and analyze user requests as they travel through a distributed system composed of API Gateway, Lambda, and DynamoDB, a developer needs to visualize the entire request path, identify performance bottlenecks, and debug errors. Which AWS service should be used?

A developer is using the AWS CDK to define their infrastructure. What is the purpose of the `cdk synth` command?

An application running on EC2 instances processes messages from an SQS standard queue. During periods of high load, some messages are processed more than once, causing data duplication. What is the most effective way to prevent this issue while maintaining high throughput?

What is a primary use case for Amazon EventBridge?