100% Free Amazon DVA-C02 Practice Test Questions

Question 1

A developer is using an AWS CloudFormation template to create a pipeline in AWS CodePipeline. Thetemplate creates an Amazon S3 bucket that the pipeline references in a source stage. The template also createsan AWS CodeBuild project for a build stage. The pipeline sends notifications to an Amazon SNS topic. Logsfor the CodeBuild project are stored in Amazon CloudWatch Logs.The company needs to ensure that the pipeline's artifacts are encrypted with an existing customer-managedAWS KMS key. The developer has granted the pipeline permissions to use the KMS key.Which additional step will meet these requirements?

A : Create an Amazon S3 gateway endpoint that the pipeline can access.

B : In the CloudFormation template, use the KMS key to encrypt the logs in CloudWatch Logs.

C : Apply an S3 bucket policy that ensures the pipeline sends only encrypted objects to the S3 bucket.

D : Configure the notification topic to use the existing KMS key to enable encryption with the existing KMS key.

Answer: C

Question 2

A website serves static content from an Amazon Simple Storage Service (Amazon S3) bucket and dynamic content from an application load balancer. The user base is spread across the world and latency should be minimized for a better user experience.

Which technology/service can help access the static and dynamic content while keeping the data latency low?

A : Use CloudFront's Lambda@Edge feature to server data from S3 buckets and load balancer programmatically on-the-fly

B : Use Global Accelerator to transparently switch between S3 bucket and load balancer for different data needs

C : Use CloudFront's Origin Groups to group both static and dynamic requests into one request for further processing

D : Configure CloudFront with multiple origins to serve both static and dynamic content at low latency to global users

Answer: D

Question 3

A developer is troubleshooting an application in an integration environment. In the application, an Amazon Simple Queue Service (Amazon SQS) queue consumes messages and then an AWS Lambda function processes the messages. The Lambda function transforms the messages and makes an API call to a third-party service. There has been an increase in application usage. The third-party API frequently returns an HTTP 429 Too Many Requests error message. The error message prevents a significant number of messages from being processed successfully. How can the developer resolve this issue?

A : Increase the SQS event source’s batch size setting.

B : Configure provisioned concurrency for the Lambda function based on the third-party API’s documented rate limits.

C : Increase the retry attempts and maximum event age in the Lambda function’s asynchronous configuration.

D : Configure maximum concurrency on the SQS event source based on the third-party service’s documented rate limits.

Answer: D

Question 4

A company has an existing application that has hardcoded database credentials. A developer needs to modify the existing application. The application is deployed in two AWS Regions with an active-passive failover configuration to meet company’s disaster recovery strategy.

The developer needs a solution to store the credentials outside the code. The solution must comply with the company’s disaster recovery strategy.

Which solution will meet these requirements in the MOST secure way?

A : Store the credentials in AWS Secrets Manager in the primary Region. Enable secret replication to the secondary Region. Update the application to use the Amazon Resource Name (ARN) based on the Region.

B : Store credentials in AWS Systems Manager Parameter Store in the primary Region. Enable parameter replication to the secondary Region. Update the application to use the Amazon Resource Name (ARN) based on the Region.

C : Store credentials in a config file. Upload the config file to an S3 bucket in the primary Region. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region. Update the application to access the config file from the S3 bucket, based on the Region.

D : Store credentials in a config file. Upload the config file to an Amazon Elastic File System (Amazon EFS) file system. Update the application to use the Amazon EFS file system Regional endpoints to access the config file in the primary and secondary Regions.

Answer: A

Question 5

A company has deployed a new web application that uses Amazon Cognito for authentication. The company wants to allow sign-in from any source but wants to automatically block all sign-in attempts if the risk level is elevated.

Which Amazon Cognito feature will meet these requirements?

A : Advanced security metrics.

B : Adaptive authentication.

C : Case sensitive user pools.

D : Multi-factor authentication (MFA).

Answer: B

Free Practice Amazon DVA-C02 Exam Questions 2025