Free Amazon Web Services DVA-C02 Practice Exam with Questions & Answers | Set: 10

AWS Lambda automatically integrates with Amazon CloudWatch Logs, but logging only works if the function’s execution role has the correct IAM permissions . AWS documentation states that Lambda functions require permissions for logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents to successfully publish log entries.

In this scenario, CloudWatch metrics show errors, which confirms that the function is executing. The absence of logs despite logging statements in the code strongly indicates a missing IAM permission issue , not a runtime or tracing issue.

CloudWatch Lambda Insights (Option B) provides performance metrics but does not enable basic logging. AWS X-Ray (Option C) provides distributed tracing but does not replace CloudWatch Logs. Option D is invalid because CloudWatch does not assume roles to collect logs.

AWS documentation explicitly identifies missing log permissions as the most common cause of absent Lambda logs. Therefore, granting the Lambda execution role the appropriate CloudWatch Logs permissions resolves the issue.

To create a central logging solution for microservices, using Amazon CloudWatch Logs is a recommended and effective approach. Here ' s why:

Amazon CloudWatch Logs Streams allow you to centralize logs from different services, which is crucial as the number of microservices increases.

Each microservice can have its own dedicated log stream within Amazon CloudWatch Logs, providing clear segregation of logs while still allowing centralized management.

This setup enables developers to monitor, search, and analyze logs efficiently using tools like CloudWatch Insights.

Other options like CloudTrail (B) are designed for API activity monitoring, not application logs. VPC Flow Logs (C) focus on network traffic rather than application behavior. AWS Cloud Map (D) is for service discovery and routing, not logging.

Amazon API Gateway stages are designed to represent different deployment environments such as development, testing, and production. AWS documentation recommends using separate stages combined with stage variables to reference different backend resources without duplicating API definitions.

In this scenario, the development stage already uses a stage variable to reference the Lambda dev alias. To expose the production alias safely, the developer should deploy the API to a new stage named production and configure a stage variable that points to the Lambda prod alias. This approach allows the same API configuration and methods to be reused while cleanly separating environments.

Stage variables are resolved at runtime and are commonly used to reference Lambda aliases in integration ARNs. This enables controlled promotion of code from development to production without modifying methods or integrations.

Creating new methods (Options A and B) is unnecessary and increases operational complexity. Directly hardcoding the Lambda alias in the integration (Option D) removes flexibility and deviates from AWS best practices for environment separation.

Therefore, deploying a new API stage and using stage variables to reference the prod Lambda alias is the correct and most efficient solution.

The solution that will meet the requirements is to use the AWS SDK ssm PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter type to SecureString. This way, the developer can store the API credentials with minimal operational overhead, as AWS Systems Manager Parameter Store provides secure and scalable storage for configuration data. The SecureString parameter type encrypts the parameter value with AWS Key Management Service (AWS KMS). The other options either involve adding additional resources to the CloudFormation template, which increases complexity and cost, or do not encrypt the parameter value, which reduces security.

AWS Lambda is a service that lets developers run code without provisioning or managing servers. Lambda provides a local file system that can be used to store temporary files during invocation. The local file system is mounted under the /tmp directory and has a limit of 512 MB. The temporary files are accessible only by the Lambda function that created them and are deleted after the function execution ends. The developer can store temporary files that are less than 10 MB in the /tmp directory and access and modify them multiple times during invocation.

The goal is minimal downtime during deployment and fast rollback if problems occur. In Elastic Beanstalk, the approach that best satisfies both is a blue/green deployment.

With blue/green, the developer deploys the new application version to a separate environment (green) while the current production environment (blue) continues serving traffic. Once validation is complete (health checks, smoke tests), the developer performs a controlled CNAME swap (or routing switch) so traffic shifts from blue to green with near-zero downtime. This reduces risk because the existing environment remains intact and can immediately resume traffic if issues are detected.

Rollback time is also minimized because reverting is simply switching traffic back to the original environment (swap back), rather than rolling back changes across the same environment.

Why the other options are weaker:

All-at-once (C) introduces the highest downtime and risk because it replaces all instances at once, potentially taking the application fully offline and making rollback slower.

Rolling (A) reduces downtime compared to all-at-once, but instances are still updated in-place; if issues appear mid-deployment, rollback is more complex and slower than swapping environments.

Rolling with additional batches (B) can further reduce capacity impact by adding extra instances during deployment, but rollback still involves reversing updates in the same environment and is typically slower than blue/green.

Therefore, deploying to a new environment and using blue/green provides the least downtime and the fastest rollback.

Step Functions Retriers: Retriers provide a built-in way to gracefully handle transient errors within State Machines. Here ' s how to use them:

Directly attach a retrier to the problematic ' GetResource ' task.

Configure the retrier:

ErrorEquals: Set this to [ ' TooManyRequestsException ' ] to target the specific error.

IntervalSeconds: Set to 10 for the desired retry delay.

MaxAttempts: Set to 1, as you want only one retry attempt.

Error Handling:

Upon ' TooManyRequestsException ' , the retrier triggers the task again after 10 seconds.

On a second failure, Step Functions moves to the next state or fails the workflow, as per your design.

' IllegalArgumentException ' causes error propagation as intended.

Increasing the number of shards of the Kinesis data stream will increase the throughput and parallelism of the data processing. Increasing the memory that is allocated to the Lambda function will also increase the CPU and network performance of the function, which will reduce the run duration and improve the processing speed. Option B is not correct because decreasing the timeout of the Lambda function will not affect the processing speed, but may cause some records to fail if they exceed the timeout limit. Option D is not correct because decreasing the number of shards of the Kinesis data stream will decrease the throughput and parallelism of the data processing, which will slow down the processing speed. Option E is not correct because increasing the timeout of the Lambda function will not affect the processing speed, but may increase the cost of running the function.

Centralized logging for microservices means collecting application logs from many services into a single managed logging backend where logs can be searched, retained, and monitored. For containerized microservices on AWS, the standard approach is to send each service’s stdout/stderr logs to Amazon CloudWatch Logs.

Option A is the appropriate solution: create separate CloudWatch Logs streams (and typically log groups) per microservice. This scales naturally as microservices increase, supports retention policies, metric filters, alarms, and integrations with tools like CloudWatch Logs Insights for querying across services. Container orchestrators (ECS/EKS) can be configured to use the CloudWatch Logs log driver so logs are shipped automatically without custom log shipping agents.

Option B (CloudTrail) logs AWS API activity, not application logs.

Option C (VPC Flow Logs) captures network flow metadata, not application-level logs.

Option D (Cloud Map) is service discovery, not logging.

Therefore, using CloudWatch Logs streams per microservice is the correct central logging approach.

Amazon API Gateway has a hard integration timeout that determines how long it waits for a backend response. If the backend (Lambda) does not respond within this time, API Gateway returns an HTTP 504 error to the client.

In this scenario, the Lambda function timeout is longer (20 seconds) than the API Gateway integration timeout (15 seconds). AWS documentation states that API Gateway will terminate the request once its timeout is exceeded, even if Lambda continues executing successfully. This explains why there are no Lambda errors despite 504 responses.

Increasing the Lambda timeout (Option B) does not help because API Gateway times out first. Reserved concurrency (Option A) and throttling limits (Option D) are unrelated to request duration.

The correct solution is to increase the API Gateway integration timeout so that it exceeds the maximum expected Lambda execution time. This ensures API Gateway waits long enough for the Lambda response.

Therefore, increasing the API Gateway timeout prevents HTTP 504 errors.

Why Option C is Correct:Implementing a connection pool in the Redis client reduces connection overhead and avoids frequent connection establishment, which helps to reduce latency and connection failures.

Why Other Options are Incorrect:

Option A: Exponential backoff retry strategies help with transient failures but do not resolve latency caused by frequent connection establishment.

Option B: Storing scores in application memory adds complexity and risks inconsistency.

Option D: Adding more nodes is unnecessary unless the cluster is under heavy load. Latency due to connection failures is better addressed at the application level.

AWS Documentation References:

Amazon ElastiCache Best Practices