Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Amazon Web Services DVA-C02 Practice Exam with Questions & Answers | Set: 9

Questions 81

A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.

A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token must also be accessible from other AWS accounts.

Which solution will meet these requirements with the LEAST management overhead?

Options:
A.

Use an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token. Add a resource-based policy to the parameter to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Parameter Store. Retrieve the token from Parameter Store with the decrypt flag enabled. Use the decrypted access token to send the mess

B.

Encrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key. Store the access token in an Amazon DynamoDB table. Update the IAM role of the EC2 instances with permissions to access DynamoDB and AWS KMS. Retrieve the token from DynamoDB. Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the message to the chat.

C.

Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token. Add a resource-based policy to the secret to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager. Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to the chat.

D.

Encrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key. Store the access token in an Amazon S3 bucket. Add a bucket policy to the S3 bucket to allow access from other accounts. Update the IAM role of the EC2 instances with permissions to access Amazon S3 and AWS KMS. Retrieve the token from the S3 bucket. Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send the ma

Amazon Web Services DVA-C02 Premium Access
Questions 82

A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code.

Which combination of actions should the developer take to achieve this goal? (Select TWO)

Options:
A.

Install the Amazon CloudWatch agent on the EC2 instances.

B.

Install the AWS X-Ray daemon on the EC2 instances.

C.

Configure the application to write JSON-formatted togs to /var/log/cloudwatch.

D.

Configure the application to write trace data to /Var/log-/xray.

E.

Install and configure the AWS X-Ray SDK for Python in the application.

Questions 83

A company requires that all applications running on Amazon EC2 use 1AM roles to gam access to AWS services. A developer is modifying an application that currently relies on 1AM user access keys stored in environment variables to access Amazon DynamoDB tables using boto, the AWS SDK for Python.

The developer associated a role with the same permissions as the 1AM user to the EC2 instance, then deleted the 1AM user. When the application was restarted, the AWS

Access Denied Exception messages started appearing in the application logs. The developer was able to use their personal account on the server to run DynamoDB API commands using the AWS CLI.

What is the MOST likely cause of the exception?

Options:
A.

1AM policies might take a few minutes to propagate to resources.

B.

Disabled environment variable credentials are still being used by the application.

C.

The AWS SDK does not support credentials obtained using an instance role.

D.

The instance's security group does not allow access to http://169.254.169.254.

Questions 84

An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application tier. To process orders during checkout, the application calls a POST API from the frontend. The POST API invokes the Lambda function asynchronously. In rare situations, the application has not processed orders. The Lambda application logs show no errors or failures.

What should a developer do to solve this problem?

Options:
A.

Inspect the frontend logs for API failures. Call the POST API manually by using the requests from the log file.

B.

Create and inspect the Lambda dead-letter queue. Troubleshoot the failed functions. Reprocess the events.

C.

Inspect the Lambda logs in Amazon CloudWatch for possible errors. Fix the errors.

D.

Make sure that caching is disabled for the POST API in API Gateway.

Questions 85

A developer is updating an Amazon API Gateway REST API to have a mock endpoint. The developer wants to update the integration request mapping template so the endpoint will respond to mock integration requests with specific HTTP status codes based on various conditions.

Options:
A.

{ if( $input.params(‘integration’) == "mock" ) "statusCode": 404 else "statusCode": 500 end }

B.

{ if( $input.params('scope') == "internal" ) "statusCode": 200 else "statusCode": 500 end }

C.

{ if( $input.path("integration") ) "statusCode": 200 else "statusCode":404 end }

D.

{ if( $context.integration.status ) "statusCode": 200 else "statusCode": 500 end }

Questions 86

A company has an existing application that has hardcoded database credentials A developer needs to modify the existing application The application is deployed in two AWS Regions with an active-passive failover configuration to meet company’s disaster recovery strategy

The developer needs a solution to store the credentials outside the code. The solution must comply With the company's disaster recovery strategy

Which solution Will meet these requirements in the MOST secure way?

Options:
A.

Store the credentials in AWS Secrets Manager in the primary Region. Enable secret replication to the secondary Region Update the application to use the Amazon Resource Name (ARN) based on the Region.

B.

Store credentials in AWS Systems Manager Parameter Store in the primary Region. Enable parameter replication to the secondary Region. Update the application to use the Amazon Resource Name (ARN) based on the Region.

C.

Store credentials in a config file. Upload the config file to an S3 bucket in me primary Region. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region. Update the application to access the config file from the S3 bucket based on the Region.

D.

Store credentials in a config file. Upload the config file to an Amazon Elastic File System (Amazon EFS) file system. Update the application to use the Amazon EFS file system Regional endpoints to access the config file in the primary and secondary Regions.

Questions 87

A developer is creating an application that uses an AWS Lambda function to transform and load data from an Amazon S3 bucket. When the developer tests the application, the developer finds that some invocations of the Lambda function are slower than others.

The developer needs to update the Lambda function to have predictable invocation durations that run with low latency. Any initialization activities, such as loading libraries and instantiating clients, must run during allocation time rather than during actual function invocations.

Which combination of steps will meet these requirements? (Select TWO.)

Options:
A.

Create a schedule group in Amazon EventBridge Scheduler to invoke the Lambda function.

B.

Configure provisioned concurrency for the Lambda function to have the necessary number of execution environments.

C.

Use the SLATEST version of the Lambda function.

D.

Configure reserved concurrency for the Lambda function to have the necessary number of execution environments.

E.

Deploy changes, and publish a new version of the Lambda function.

Questions 88

A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation.

Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call?

Options:
A.

"Condition": {

"ForAllValues:StringEquals": {

"dynamodb:LeadingKeys": ["${www.amazon.com:user_id} "],

"dynamodb:Attributes": ["user_name"]

}

}

B.

"Condition": {

"ForAllValues:StringEquals": {

"dynamodb:LeadingKeys": ["${www.amazon.com:user_name} "],

"dynamodb:Attributes": ["user_id"]

}

}

C.

"Condition": {

"ForAllValues:StringEquals": {

"dynamodb:LeadingKeys": ["${www.amazon.com:user_id} "],

"dynamodb:Attributes": ["user_name", "user_id"]

}

}

D.

"Condition": {

"ForAllValues:StringEquals": {

"dynamodb:LeadingKeys": ["${www.amazon.com:user_name} "],

"dynamodb:Attributes": ["username", "userid"]

}

}

Questions 89

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.

What is the MOST secure way to resolve this issue?

Options:
A.

Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.

B.

Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.

C.

Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.

D.

Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

Questions 90

A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.

The developer needs to implement a solution to support the following use cases:

For a given title and release year, get all details about the movie that has that title and release year.

For a given title, get all details about all movies that have that title.

For a given genre, get all details about all movies in that genre.

Which data store configuration will meet these requirements?

Options:
A.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

B.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

C.

On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

D.

On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

Exam Code: DVA-C02
Certification Provider: Amazon Web Services
Exam Name: AWS Certified Developer - Associate
Last Update: Jul 15, 2025
Questions: 368

Amazon Web Services Related Exams

How to pass Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate Exam
How to pass Amazon Web Services SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02) Exam
How to pass Amazon Web Services SAA-C03 - AWS Certified Solutions Architect - Associate (SAA-C03) Exam
SCS-C02 - AWS Certified Security - Specialty
SAP-C02 - AWS Certified Solutions Architect - Professional
CLF-C02 - AWS Certified Cloud Practitioner
Data-Engineer-Associate - AWS Certified Data Engineer - Associate (DEA-C01)
AIF-C01 - AWS Certified AI Practitioner Exam(AI1-C01)
ANS-C01 - Amazon AWS Certified Advanced Networking - Specialty
DOP-C02 - AWS Certified DevOps Engineer - Professional
AXS-C01 - AWS Certified Alexa Skill Builder-Specialty
MLS-C01 - AWS Certified Machine Learning - Specialty
Amazon Web Services Free Access
Get Amazon Web Services Full Access

Amazon Web Services Free Exams
Amazon Web Services Free Exams
Get free access to Amazon Web Services exam prep materials and practice tests at Examstrack. Achieve your Amazon Web Services certification goals by exploring Examstrack.