AWS Certified Developer - Associate Dumps July 2026
PDF + Test Engine
$139 $97
Test Engine
$119 $83
PDF
$99 $69
Here are Amazon DVA-C02 PDF available features:
608 questions with answers
Updation Date : 16 Jul, 2026
1 day study required to pass exam
100% Passing Assurance
100% Money Back Guarantee
Free 3 Months Updates
Amazon DVA-C02 Sample Questions
Question # 111
A developer is troubleshooting an Amazon API Gateway API Clients are receiving HTTP 400 response errors when the clients try to access an endpoint of the API. How can the developer determine the cause of these errors?
A. Create an Amazon Kinesis Data Firehose delivery stream to receive API call logs fromAPI Gateway. Configure Amazon CloudWatch Logs as the delivery stream's destination. B. Turn on AWS CloudTrail Insights and create a trail Specify the Amazon Resource Name(ARN) of the trail for the stage of the API. C. Turn on AWS X-Ray for the API stage Create an Amazon CtoudWalch Logs log groupSpecify the Amazon Resource Name (ARN) of the log group for the API stage. D. Turn on execution logging and access logging in Amazon CloudWatch Logs for the APIstage. Create a CloudWatch Logs log group. Specify the Amazon Resource Name (ARN)of the log group for the API stage.
Answer: D Explanation: This solution will meet the requirements by using Amazon CloudWatch Logs to capture and analyze the logs from API Gateway. Amazon CloudWatch Logs is a servicethat monitors, stores, and accesses log files from AWS resources. The developer can turnon execution logging and access logging in Amazon CloudWatch Logs for the API stage,which enables logging information about API execution and client access to the API. Thedeveloper can create a CloudWatch Logs log group, which is a collection of log streamsthat share the same retention, monitoring, and access control settings. The developer canspecify the Amazon Resource Name (ARN) of the log group for the API stage, whichinstructs API Gateway to send the logs to the specified log group. The developer can thenexamine the logs to determine the cause of the HTTP 400 response errors. Option A is notoptimal because it will create an Amazon Kinesis Data Firehose delivery stream to receiveAPI call logs from API Gateway, which may introduce additional costs and complexity for delivering and processing streaming data. Option B is not optimal because it will turn onAWS CloudTrail Insights and create a trail, which is a feature that helps identify andtroubleshoot unusual API activity or operational issues, not HTTP response errors. OptionC is not optimal because it will turn on AWS X-Ray for the API stage, which is a servicethat helps analyze and debug distributed applications, not HTTP response errors.References: [Setting Up CloudWatch Logging for a REST API], [CloudWatch LogsConcepts]
Question # 112
A developer wants to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes before the API is deployed to the production environment. For the test, the developer will send test requests to the API through a testing tool. Which solution will meet these requirements with the LEAST operational overhead?
A. Export the existing API to an OpenAPI file. Create a new API. Import the OpenAPI file.Modify the new API to add request validation. Perform the tests. Modify the existing API toadd request validation. Deploy the existing API to production. B. Modify the existing API to add request validation. Deploy the updated API to a new APIGateway stage. Perform the tests. Deploy the updated API to the API Gateway productionstage. C. Create a new API. Add the necessary resources and methods, including new requestvalidation. Perform the tests. Modify the existing API to add request validation. Deploy theexisting API to production. D. Clone the existing API. Modify the new API to add request validation. Perform the tests.Modify the existing API to add request validation. Deploy the existing API to production.
Answer: B Explanation: Amazon API Gateway allows you to create, deploy, and manage a RESTful API to exposebackend HTTP endpoints, AWS Lambda functions, or other AWS services1. You can useAPI Gateway to perform basic validation of an API request before proceeding with theintegration request1. When the validation fails, API Gateway immediately fails the request,returns a 400 error response to the caller, and publishes the validation results in CloudWatch Logs1.To test changes before deploying to a production environment, you can modify the existingAPI to add request validation and deploy the updated API to a new API Gateway stage1.This allows you to perform tests without affecting the production environment. Once testingis complete and successful, you can then deploy the updated API to the API Gatewayproduction stage1.This approach has the least operational overhead as it avoids unnecessary creation of newAPIs or exporting and importing of APIs. It leverages the existing infrastructure and onlyrequires changes in the configuration of the existing API1.
Question # 113
A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for me configuration. The developer wants to receive notifications. Before the configuration expires. Which solution will meet these requirements with the LEAST operational overhead?
A. Create a standard parameter in AWS Systems Manager Parameter Store Set Expiationand Expiration Notification policy types. B. Create a standard parameter in AWS Systems Manager Parameter Store Create anAWS Lambda function to expire the configuration and to send Amazon Simple NotificationService (Amazon SNS) notifications. C. Create an advanced parameter in AWS Systems Manager Parameter Store SetExpiration and Expiration Notification policy types. D. Create an advanced parameter in AWS Systems Manager Parameter Store Create anAmazon EC2 instance with a corn job to expire the configuration and to send notifications.
Answer: C Explanation: This solution will meet the requirements by creating an advanced parameter in AWS Systems Manager Parameter Store, which is a secure and scalable service forstoring and managing configuration data and secrets. The advanced parameter allowssetting expiration and expiration notification policy types, which enable specifying anexpiration date and time for the configuration and receiving notifications before theconfiguration expires. The Lambda code will be refactored to load the Root CA Cert fromthe parameter store and modify the runtime trust store outside the Lambda functionhandler, which will improve performance and reduce latency by avoiding repeated calls toParameter Store and trust store modifications for each invocation of the Lambda function.Option A is not optimal because it will create a standard parameter in AWS SystemsManager Parameter Store, which does not support expiration and expiration notificationpolicy types. Option B is not optimal because it will create a secret access key and access key ID with permission to access the S3 bucket, which will introduce additional securityrisks and complexity for storing and managing credentials. Option D is not optimal becauseit will create a Docker container from Node.js base image to invoke Lambda functions,which will incur additional costs and overhead for creating and running Docker containers.References: AWS Systems Manager Parameter Store, [Using SSL/TLS to Encrypt aConnection to a DB Instance]
Question # 114
A developer at a company needs to create a small application that makes the same API call once each day at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the company wants to implement this functionality on AWS. Which solution meets these requirements in the MOST operationally efficient manner?
A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (AmazonEKS). B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduledevent. D. Use an AWS Batch job that is submitted to an AWS Batch job queue.
Answer: C Explanation: The correct answer is C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduledevent. This is correct. AWS Lambda is a serverless compute service that lets you run codewithout provisioning or managing servers. Lambda runs your code on a high-availabilitycompute infrastructure and performs all of the administration of the compute resources,including server and operating system maintenance, capacity provisioning and automaticscaling, and logging1. Amazon EventBridge is a serverless event bus service that enablesyou to connect your applications with data from a variety of sources2. EventBridge cancreate rules that run on a schedule, either at regular intervals or at specific times anddates, and invoke targets such as Lambda functions3. This solution meets therequirements of creating a small application that makes the same API call once each day ata designated time, without requiring any infrastructure in the AWS Cloud or any operationaloverhead.A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (AmazonEKS). This is incorrect. Amazon EKS is a fully managed Kubernetes service that allowsyou to run containerized applications on AWS4. Kubernetes cron jobs are tasks that runperiodically on a given schedule5. This solution could meet the functional requirements ofcreating a small application that makes the same API call once each day at a designatedtime, but it would not be the most operationally efficient manner. The company would needto provision and manage an EKS cluster, which would incur additional costs andcomplexity.B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. This isincorrect. Amazon EC2 is a web service that provides secure, resizable compute capacityin the cloud6. Crontab is a Linux utility that allows you to schedule commands or scripts torun automatically at a specified time or date7. This solution could meet the functionalrequirements of creating a small application that makes the same API call once each day ata designated time, but it would not be the most operationally efficient manner. Thecompany would need to provision and manage an EC2 instance, which would incuradditional costs and complexity.D. Use an AWS Batch job that is submitted to an AWS Batch job queue. This is incorrect.AWS Batch enables you to run batch computing workloads on the AWS Cloud8. Batch jobsare units of work that can be submitted to job queues, where they are executed in parallelor sequentially on compute environments9. This solution could meet the functionalrequirements of creating a small application that makes the same API call once each day ata designated time, but it would not be the most operationally efficient manner. Thecompany would need to configure and manage an AWS Batch environment, which wouldincur additional costs and complexity.References:1: What is AWS Lambda? - AWS Lambda2: What is Amazon EventBridge? - Amazon EventBridge 3: Creating an Amazon EventBridge rule that runs on a schedule - AmazonEventBridge4: What is Amazon EKS? - Amazon EKS5: CronJob - Kubernetes6: What is Amazon EC2? - Amazon EC27: Crontab in Linux with 20 Useful Examples to Schedule Jobs - Tecmint8: What is AWS Batch? - AWS Batch9: Jobs - AWS Batch
Question # 115
An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials. How can a developer configure access to the S3 bucket in the MOST secure way?
A. Hardcode the credentials that are required to access the S3 objects in the applicationcode. Use the credentials to access me required S3 objects. B. Create a secret access key and access key ID with permission to access the S3 bucket.Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects. C. Create a Lambda function execution role Attach a policy to the rote that grants access tospecific objects in the S3 bucket. D. Create a secret access key and access key ID with permission to access the S3 bucketStore the key and key ID as environment variables m Lambda. Use the environmentvariables to access the required S3 objects.
Answer: C Explanation: This solution will meet the requirements by creating a Lambda function execution role, which is an IAM role that grants permissions to a Lambda function toaccess AWS resources such as Amazon S3 objects. The developer can attach a policy tothe role that grants access to specific objects in the S3 bucket that are required by theapplication, following the principle of least privilege. Option A is not optimal because it willhardcode the credentials that are required to access S3 objects in the application code,which is insecure and difficult to maintain. Option B is not optimal because it will create asecret access key and access key ID with permission to access the S3 bucket, which willintroduce additional security risks and complexity for storing and managing credentials.Option D is not optimal because it will store the secret access key and access key ID asenvironment variables in Lambda, which is also insecure and difficult to maintain.References: [AWS Lambda Execution Role], [Using AWS Lambda with Amazon S
Question # 116
A developer is modifying an existing AWS Lambda function White checking the code the developer notices hardcoded parameter various for an Amazon RDS for SQL Server user name password database host and port. There also are hardcoded parameter values for an Amazon DynamoOB table. an Amazon S3 bucket, and an Amazon Simple Notification Service (Amazon SNS) topic. The developer wants to securely store the parameter values outside the code m an encrypted format and wants to turn on rotation for the credentials. The developer also wants to be able to reuse the parameter values from other applications and to update the parameter values without modifying code. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an RDS database secret in AWS Secrets Manager. Set the user namepassword, database, host and port. Turn on secret rotation. Create encrypted Lambdaenvironment variables for the DynamoDB table, S3 bucket and SNS topic. B. Create an RDS database secret in AWS Secrets Manager. Set the user namepassword, database, host and port. Turn on secret rotation. Create Secure Stringparameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3bucket and SNS topic. C. Create RDS database parameters in AWS Systems Manager Parameter. Store for theuser name password, database, host and port. Create encrypted Lambda environmentvariables for me DynamoDB table, S3 bucket, and SNS topic. Create a Lambda functionand set the logic for the credentials rotation task Schedule the credentials rotation task inAmazon EventBridge. D. Create RDS database parameters in AWS Systems Manager Parameter. Store for theuser name password database, host, and port. Store the DynamoDB table. S3 bucket, andSNS topic in Amazon S3 Create a Lambda function and set the logic for the credentialsrotation Invoke the Lambda function on a schedule.
Answer: B Explanation: This solution will meet the requirements by using AWS Secrets Manager and AWS Systems Manager Parameter Store to securely store the parameter values outsidethe code in an encrypted format. AWS Secrets Manager is a service that helps protectsecrets such as database credentials by encrypting them with AWS Key ManagementService (AWS KMS) and enabling automatic rotation of secrets. The developer can createan RDS database secret in AWS Secrets Manager and set the user name, password,database, host, and port for accessing the RDS database. The developer can also turn onsecret rotation, which will change the database credentials periodically according to aspecified schedule or event. AWS Systems Manager Parameter Store is a service thatprovides secure and scalable storage for configuration data and secrets. The developercan create Secure String parameters in AWS Systems Manager Parameter Store for theDynamoDB table, S3 bucket, and SNS topic, which will encrypt them with AWS KMS. Thedeveloper can also reuse the parameter values from other applications and update themwithout modifying code. Option A is not optimal because it will create encrypted Lambdaenvironment variables for the DynamoDB table, S3 bucket, and SNS topic, which may notbe reusable or updatable without modifying code. Option C is not optimal because it willcreate RDS database parameters in AWS Systems Manager Parameter Store, which doesnot support automatic rotation of secrets. Option D is not optimal because it will store theDynamoDB table, S3 bucket, and SNS topic in Amazon S3, which may introduce additionalcosts and complexity for accessing configuration data.References: AWS Secrets Manager, [AWS Systems Manager Parameter Store]
Question # 117
A company is building an application for stock trading. The application needs submillisecond latency for processing trade requests. The company uses Amazon DynamoDB to store all the trading data that is used to process each trading request A development team performs load testing on the application and finds that the data retrieval time is higher than expected. The development team needs a solution that reduces the data retrieval time with the least possible effort. Which solution meets these requirements'?
A. Add local secondary indexes (LSis) for the trading data. B. Store the trading data m Amazon S3 and use S3 Transfer Acceleration. C. Add retries with exponential back off for DynamoDB queries. D. Use DynamoDB Accelerator (DAX) to cache the trading data.
Answer: D Explanation: This solution will meet the requirements by using DynamoDB Accelerator(DAX), which is a fully managed, highly available, in-memory cache for DynamoDB thatdelivers up to a 10 times performance improvement - from milliseconds to microseconds -even at millions of requests per second. The developer can use DAX to cache the tradingdata that is used to process each trading request, which will reduce the data retrieval time with the least possible effort. Option A is not optimal because it will add local secondaryindexes (LSIs) for the trading data, which may not improve the performance or reduce thelatency of data retrieval, as LSIs are stored on the same partition as the base table andshare the same provisioned throughput. Option B is not optimal because it will store thetrading data in Amazon S3 and use S3 Transfer Acceleration, which is a feature thatenables fast, easy, and secure transfers of files over long distances between S3 bucketsand clients, not between DynamoDB and clients. Option C is not optimal because it will addretries with exponential backoff for DynamoDB queries, which is a strategy to handletransient errors by retrying failed requests with increasing delays, not by reducing dataretrieval time.References: [DynamoDB Accelerator (DAX)], [Local Secondary Indexes]
Question # 118
A company is using AWS CioudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application. What is the MOST operationally efficient solution that meets these requirements'?
A. Use an AWS Lambda function as a CloudFormation custom resource to generate androtate the password. B. Use an AWS Systems Manager Parameter Store resource with the SecureString datatype to generate and rotate the password. C. Use a cron daemon on the application s host to generate and rotate the password. D. Use an AWS Secrets Manager resource to generate and rotate the password.
Answer: D Explanation: This solution will meet the requirements by using AWS Secrets Manager, which is a service that helps protect secrets such as database credentials by encryptingthem with AWS Key Management Service (AWS KMS) and enabling automatic rotation ofsecrets. The developer can use an AWS Secrets Manager resource in AWSCloudFormation template, which enables creating and managing secrets as part of aCloudFormation stack. The developer can use an AWS::SecretsManager::Secret resourcetype to generate and rotate the password for accessing RDS database during deployment.The developer can also specify a RotationSchedule property for the secret resource, whichdefines how often to rotate the secret and which Lambda function to use for rotation logic.Option A is not optimal because it will use an AWS Lambda function as a CloudFormationcustom resource, which may introduce additional complexity and overhead for creating andmanaging a custom resource and implementing rotation logic. Option B is not optimalbecause it will use an AWS Systems Manager Parameter Store resource with theSecureString data type, which does not support automatic rotation of secrets. Option C isnot optimal because it will use a cron daemon on the application’s host to generate androtate the password, which may incur more costs and require more maintenance forrunning and securing a host.References: [AWS Secrets Manager], [AWS::SecretsManager::Secret]
Question # 119
A developer is building an application that uses AWS API Gateway APIs. AWS Lambda function, and AWS Dynamic DB tables. The developer uses the AWS ServerlessApplication Model (AWS SAM) to build and run serverless applications on AWS. Each time the developer pushes of changes for only to the Lambda functions, all the artifacts in the application are rebuilt. The developer wants to implement AWS SAM Accelerate by running a command to only redeploy the Lambda functions that have changed. Which command will meet these requirements?
A. sam deploy -force-upload B. sam deploy -no-execute-changeset C. sam package D. sam sync -watch
Answer: D Explanation: The command that will meet the requirements is sam sync -watch. Thiscommand enables AWS SAM Accelerate mode, which allows the developer to onlyredeploy the Lambda functions that have changed. The -watch flag enables file watching,which automatically detects changes in the source code and triggers a redeployment. Theother commands either do not enable AWS SAM Accelerate mode, or do not redeploy theLambda functions automatically.Reference: AWS SAM Accelerate
Question # 120
A company built a new application in the AWS Cloud. The company automated the bootstrapping of new resources with an Auto Scaling group by using AWS Cloudf-ormation templates. The bootstrap scripts contain sensitive data. The company needs a solution that is integrated with CloudFormation to manage the sensitive data in the bootstrap scripts. Which solution will meet these requirements in the MOST secure way?
A. Put the sensitive data into a CloudFormation parameter. Encrypt the CloudFormationtemplates by using an AWS Key Management Service (AWS KMS) key. B. Put the sensitive data into an Amazon S3 bucket Update the CloudFormation templatesto download the object from Amazon S3 during bootslrap. C. Put the sensitive data into AWS Systems Manager Parameter Store as a secure stringparameter. Update the CloudFormation templates to use dynamic references to specifytemplate values. D. Put the sensitive data into Amazon Elastic File System (Amazon EPS) Enforce EFSencryption after file system creation. Update the CloudFormation templates to retrieve datafrom Amazon EFS.
Answer: C Explanation: This solution meets the requirements in the most secure way because it usesa service that is integrated with CloudFormation to manage sensitive data in encryptedform. AWS Systems Manager Parameter Store provides secure, hierarchical storage forconfiguration data management and secrets management. You can store sensitive data assecure string parameters, which are encrypted using an AWS Key Management Service(AWS KMS) key of your choice. You can also use dynamic references in yourCloudFormation templates to specify template values that are stored in Parameter Store orSecrets Manager without having to include them in your templates. Dynamic references areresolved only during stack creation or update operations, which reduces exposure risks forsensitive data. Putting sensitive data into a CloudFormation parameter will not encryptthem or protect them from unauthorized access. Putting sensitive data into an Amazon S3bucket or Amazon Elastic File System (Amazon EFS) will require additional configurationand integration with CloudFormation and may not provide fine-grained access control orencryption for sensitive data.Reference: [What Is AWS Systems Manager Parameter Store?], [Using DynamicReferences to Specify Template Values]