Amazon DVA-C02 Online Practice
Questions and Exam Preparation
DVA-C02 Exam Details
Exam Code
:DVA-C02
Exam Name
:AWS Certified Developer - Associate (DVA-C02)
Certification
:Amazon Certifications
Vendor
:Amazon
Total Questions
:574 Q&As
Last Updated
:May 27, 2026
Amazon DVA-C02 Online Questions &
Answers
Question 371:
A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub.
The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant
Git branch. The company wants to use HTTPS for all data exchange. The company needs a solution that does not require servers to run continuously.
Which solution will meet these requirements with the LEAST operational overhead?
A. Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch. B. Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch. Integrate AWS CodePipeline to automate deployments from version control code merges. C. Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control. Add an AWS CodeBuild stage to copy source code to Amazon S3. D. Host each website on its own Amazon EC2 instance. Write a custom deployment script to bundle each website's static assets. Copy the assets to Amazon EC2. Set up a workflow to run the script when code is merged.
A. Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.
A developer created an AWS Lambda function to process data in an application. The function pulls large objects from an Amazon S3 bucket, processes the data, and loads the processed data into a second S3 bucket. Application users have reported slow response times. The developer checks the logs and finds that Lambda function invocations run much slower than expected. The function itself is simple and has a small deployment package. The function initializes quickly. The developer needs to improve the performance of the application.
Which solution will meet this requirement with the LEAST operational overhead?
A. Store the data in an Amazon EFS file system. Mount the file system to a local directory in the function. B. Create an Amazon EventBridge rule to schedule invocations of the function every minute. C. Configure the function to use ephemeral storage. Upload the objects and process data in the /tmp directory. D. Create a Lambda layer to package the function dependencies. Add the layer to the function.
C. Configure the function to use ephemeral storage. Upload the objects and process data in the /tmp directory.
Explanation
Configuring the Lambda function to use ephemeral storage and processing data in the /tmp directory improves performance by leveraging local storage during execution.
Why Option C is Correct:
Ephemeral Storage: Lambda provides temporary storage (up to 10 GB) in the /tmp directory for each invocation, which is faster than pulling data directly from S3 multiple times. Performance Boost: Data can be downloaded to /tmp, processed
locally, and uploaded to the destination S3 bucket, minimizing S3 network calls.
Low Overhead: This approach requires only minimal changes to the function's configuration.
Why Not Other Options:
Option A: Using Amazon EFS adds complexity and is unnecessary for this use case.
Option B: Scheduling the function does not address the root cause of slow performance.
Option D: Lambda layers improve deployment efficiency, not runtime performance for this scenario.
References:
Using Ephemeral Storage in AWS Lambda
Best Practices for S3 and Lambda Performance
Question 373:
A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which AWS service or tool should the developer use to define serverless resources in YAML?
A. CloudFormation serverless intrinsic functions B. AWS Elastic Beanstalk C. AWS Serverless Application Model (AWS SAM) D. AWS Cloud Development Kit (AWS CDK)
C. AWS Serverless Application Model (AWS SAM)
Explanation
https://aws.amazon.com/serverless/sam/
Question 374:
A developer is creating an Amazon DynamoDB table by using the AWS CLI. The DynamoDB table must use server-side encryption with an AWS owned encryption key.
How should the developer create the DynamoDB table to meet these requirements?
A. Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table. B. Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table. C. Create an AWS owned key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table. D. Create the DynamoDB table with the default encryption options
D. Create the DynamoDB table with the default encryption options
Explanation
Default SSE in DynamoDB: DynamoDB tables are encrypted at rest by default using an AWS owned key (SSE-S3).
No Additional Action Needed: Creating a table without explicitly specifying a KMS key will use this default encryption.
A company has an application that uses an AWS Lambda function to process data. A developer must implement encryption in transit for all sensitive configuration data, such as API keys, that is stored in the application. The developer creates an AWS Key Management Service (AWS KMS) customer managed key.
What should the developer do next to meet the encryption requirement?
A. Create parameters of the String type in AWS Systems Manager Parameter Store. For each parameter, specify the KMS key ID to encrypt the parameter in transit. Reference the GetParameter API call in the Lambda environment variables. B. Create secrets in AWS Secrets Manager by using the customer managed KMS key. Create a new Lambda function and set up a Lambda layer. Configure the Lambda layer to retrieve the values from Secrets Manager. C. Create objects in Amazon S3 for each sensitive data field. Specify the customer managed KMS key to encrypt the object. Configure the Lambda function to retrieve the objects from Amazon S3 during data processing. D. Create encrypted Lambda environment variables. Specify the customer managed KMS key to encrypt the variables. Enable encryption helpers for encryption in transit. Grant permission to the Lambda function's execution role to access the KMS key.
D. Create encrypted Lambda environment variables. Specify the customer managed KMS key to encrypt the variables. Enable encryption helpers for encryption in transit. Grant permission to the Lambda function's execution role to access the KMS key.
Explanation
Question 376:
A developer is writing an application that will retrieve sensitive data from a third-party system. The application will format the data into a PDF file. The PDF file could be more than 1 MB. The application will encrypt the data to disk by using AWS Key Management Service (AWS KMS). The application will decrypt the file when a user requests to download it. The retrieval and formatting portions of the application are complete.
The developer needs to use the GenerateDataKey API to encrypt the PDF file so that the PDF file can be decrypted later. The developer needs to use an AWS KMS symmetric customer managed key for encryption.
Which solutions will meet these requirements?
A. Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file. B. Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file. C. Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API D. Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API
A. Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
Explanation
The GenerateDataKey API returns a data key that is encrypted under a symmetric encryption KMS key that you specify, and a plaintext copy of the same data key1. The data key is a random byte string that can be used with any standard encryption algorithm, such as AES or SM42. The plaintext data key can be used to encrypt or decrypt data outside of AWS KMS, while the encrypted data key can be stored with the encrypted data and later decrypted by AWS KMS1. In this scenario, the developer needs to use the GenerateDataKey API to encrypt the PDF file so that it can be decrypted later. The developer also needs to use an AWS KMS symmetric customer managed key for encryption. To achieve this, the developer can follow these steps:
Question 377:
A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations. PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.
A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.
What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?
A. Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII. B. Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII. C. Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII. D. Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.
C. Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.
Explanation
The best solution for the given requirements is to use an S3 Object Lambda function to remove the PII from the document. S3 Object Lambda is a new feature that allows the developer to add custom code to S3 GET requests. The developer can create an S3 Object Lambda function to remove the PII from the document and configure S3 to use the function whenever an object is requested from a specific access point. This way, depending on who accesses the document, the document will either be returned as is or with the PII removed, without having to store multiple copies of the document.
Therefore, option C is the correct answer. The developer should create an S3 Object Lambda access point from the S3 console, select the removePii function, and use S3 Access Points to access the object without PII. The S3 Object Lambda function will automatically remove the PII from the document whenever an object is requested from the access point.
Question 378:
A developer has an application that uses an Amazon DynamoDB table with a configured local secondary index (LSI). During application testing, the DynamoDB table metrics report a ProvisionedThroughputExceededException error message. The number of requests made by the test suite did not exceed the table's provisioned capacity limits.
What is the cause of this issue?
A. The data in the table's partition key column is not evenly distributed. B. The LSI's capacity is different from the table's capacity. C. The application is not implementing exponential backoff retry logic while interacting with the DynamoDB API. D. The application has the IAM permission to query the DynamoDB table but not to query the LSI.
A. The data in the table's partition key column is not evenly distributed.
Explanation
In DynamoDB, the provisioned throughput capacity is distributed across all the partitions in the table. If the data in the partition key column is not evenly distributed, some partitions may receive more traffic than others. This can lead to hot partitions, which consume more read/write capacity units than others, resulting in ProvisionedThroughputExceededException errors even if the overall request rate is within the table's provisioned throughput limits.
Question 379:
A developer designed an application on an Amazon EC2 instance. The application makes API requests to objects in an Amazon S3 bucket. Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Choose two.)
A. Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group B. Create an IAM role that has permissions to the S3 bucket. C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance. D. Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AM group E. Store the credentials of the IAM user in the environment variables on the EC2 instance
B. Create an IAM role that has permissions to the S3 bucket. C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
Explanation
- Create an IAM role that has permissions to the S3 bucket. - Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance. We first need to create a n IAM Role with permissions to read and eventually write a specific S3 bucket. Then, we need to attach the role to the EC2 isntance through an instance profile. In this way, the ec2 instance has the permissions to read and eventually write the specified S3 bucket
Question 380:
A company has a web application that contains an Amazon API Gateway REST API. A developer has created an AWS CloudFormation template for the initial deployment of the application. The developer has deployed the application
successfully as part of an AWS CodePipeline continuous integration and continuous delivery (CI/CD) process. All resources and methods are available through the deployed stage endpoint.
The CloudFormation template contains the following resource types:
1.AWS::ApiGateway::RestApi
2.AWS::ApiGateway::Resource
3.AWS::ApiGateway::Method
4.AWS::ApiGateway::Stage
5.AWS::ApiGateway::Deployment
The developer adds a new resource to the REST API with additional methods and redeploys the template. CloudFormation reports that the deployment is successful and that the stack is in the UPDATE_COMPLETE state. However, calls to all new methods are returning 404 (Not Found) errors.
What should the developer do to make the new methods available?
A. Specify the disable-rollback option during the update-stack operation. B. Unset the CloudFormation stack failure options. C. Add an AWS CodeBuild stage to CodePipeline to run the aws apigateway create-deployment AWS CLI command. D. Add an action to CodePipeline to run the aws cloudfront create-invalidation AWS CLI command.
C. Add an AWS CodeBuild stage to CodePipeline to run the aws apigateway create-deployment AWS CLI command.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your DVA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.