Free Amazon Web Services DVA-C02 Practice Exam with Questions & Answers | Set: 2

Amazon API Gateway is a service that enables developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon CloudFront is a content delivery network (CDN) service that can improve the performance and security of web applications. The developer can use CloudFront and a custom domain name for the API Gateway REST API. To do so, the developer needs to import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. This is because CloudFront requires certificates from ACM to be in this Region. The developer also needs to create a DNS CNAME record for the custom domain that points to the CloudFront distribution.

This solution meets the requirements in the most operationally efficient manner because it does not require any infrastructure provisioning or management. The developer can create a Lambda function that makes the API call and configure an EventBridge rule that triggers the function once a day at a designated time. This is a serverless solution that scales automatically and only charges for the execution time of the function.

Browsers enforce the Same-Origin Policy, which restricts web pages from requesting resources (like JavaScript files, fonts, and other assets) from a different domain/origin unless the target explicitly allows it. When the developer moved shared JavaScript and web fonts into a separate “central” S3 bucket, the applications likely began fetching these assets from a different origin than the app’s primary origin (for example, different domain, subdomain, or CloudFront distribution). As a result, the browser blocks those requests unless the response includes the appropriate CORS headers.

AWS documentation for Amazon S3 explains that to allow cross-origin requests from browsers, you must configure Cross-Origin Resource Sharing (CORS) on the S3 bucket that serves the resources. A CORS configuration defines allowed origins, methods (such as GET), and headers. For fonts in particular, browsers are strict and commonly require CORS headers to load fonts across origins.

Option C directly addresses this by adding a CORS policy to the central bucket, allowing the subsidiary application origins to retrieve JS and font files without being blocked.

Option B (bucket policy) controls authorization at the AWS request level, but it does not instruct browsers to allow cross-origin access. Even if the request is authorized, the browser can still block it if CORS headers are missing.

Option A (access points) is also about access management and does not solve browser CORS enforcement.

Option D (Content-MD5) is for integrity checking and is unrelated to cross-origin browser blocking.

The customer must be able to download the generated video for at least 3 hours, which requires durable storage that persists beyond the Lambda execution environment. The best fit is Amazon S3 with a presigned URL.

Lambda’s /tmp storage (Option A) is ephemeral and scoped to the execution environment. It is not intended for durable customer downloads and can be deleted when the execution environment is recycled. A Lambda function URL also does not solve durable file hosting and would require the function to serve the content itself.

Option C uses S3 to store the video object durably and then issues a presigned URL that grants time-limited access to that specific object. Presigned URLs are designed for exactly this scenario: allow unauthenticated users temporary access to a private S3 object without making the bucket public. The developer can set the URL expiration to 3 hours (or longer), meeting the access requirement cleanly.

Option B is incorrect because S3 presigned URLs are for S3 objects, not EFS files. EFS does not natively use S3-style presigned URLs for external downloads.

Option D is not the right model: CloudFront can distribute S3 content and supports signed URLs/cookies, but CloudFront is a distribution layer, not an origin storage solution by itself. You would still need to store the video in S3 (or another origin). For the stated requirement, S3 + presigned URL is simpler and has less overhead.

Therefore, store videos in Amazon S3 and provide presigned URLs with a 3-hour expiration.

CodeDeploy Predefined Configurations: CodeDeploy offers built-in deployment configurations for common scenarios.

Canary Deployment: Canary deployments gradually shift traffic to a new version, ideal for controlled rollouts like this requirement.

CodeDeployDefault.ECSCanary10Percent15Minutes: This configuration matches the company's requirements, shifting 10% of traffic initially and then completing the rollout after 15 minutes.

Why Option B is Correct:Amazon ECS does not natively process docker-compose.yml files. Instead, the configurations from docker-compose.yml must be converted into ECS-compatible configurations within a task definition. Task definitions are the primary way to specify container configurations in ECS, including service dependencies like databases, caches, and volumes.

Steps to Resolve the Error:

Extract the configurations from the docker-compose.yml file.

Map the dependencies and settings to the appropriate ECS task definition fields.

Deploy the task definition to the ECS cluster.

Why Other Options are Incorrect:

Option A: Docker labels do not directly impact ECS task execution or integrate with ECS service configurations.

Option C: ECS namespaces do not exist as a feature.

Option D: Changing the service type to REPLICA does not resolve the issue of missing service dependency configurations.

AWS Documentation References:

Amazon ECS Task Definitions

Migrating Docker Compose Workloads to ECS

A feature branch is a branch that is created from the main branch to work on a specific feature or task1. Feature branches allow developers to isolate their work from the main branch and avoid conflicts with other changes1. Feature branches can be merged back to the main branch when the feature or task is completed and tested1.

In this scenario, the developer needs to maintain two parallel streams of work: one for fixing and updating the current version of the application that is deployed in production, and another for developing the new version of the application. The developer can use feature branches to achieve this goal.

The developer can create a feature branch from the main branch for production bug fixes. This branch will contain the code that is currently deployed in production, and any fixes or updates that need to be applied to it. The developer can push this branch to the CodeCommit repository and use it to deploy changes to the production environment.

The developer can also create a second feature branch from the main branch for development of the new version of the application. This branch will contain the code that is under development for the new version, and any changes or enhancements that are part of it. The developer can push this branch to the CodeCommit repository and use it to test and deploy the new version of the application in a separate environment.

By using feature branches, the developer can keep the main branch stable and clean, and avoid mixing code from different versions of the application. The developer can also easily switch between branches and merge them when needed.

Why Option A is Correct:DynamoDB supports incremental exports to Amazon S3 natively, making data analytics-ready with minimal operational overhead.

Why Other Options are Incorrect:

Option B: DynamoDB Streams require additional processing logic to write to S3, increasing complexity.

Option C & D: Using EMR for data movement adds unnecessary operational overhead compared to native exports.

AWS Documentation References:

DynamoDB Exports to S3