Medium DVA-C02 practice questions
Applied — put a concept to work in a realistic situation. 136 medium questions available — no sign-up, always free.
A developer is deploying a customer-facing web application behind an Application Load Balancer (ALB). The security team requires that all traffic between clients and the application be encrypted in transit using TLS, and that the TLS certificate be automatically renewed before expiration to avoid outages. The developer wants the least amount of operational overhead. What should the developer do?
A developer maintains a REST API on Amazon API Gateway that serves a product catalog. The GET /products endpoint receives thousands of identical requests per minute, and each request invokes a Lambda function that reads from a database. The catalog data changes only a few times per day. The team wants to reduce Lambda invocations, lower latency, and cut cost with minimal code changes. What is the MOST appropriate solution?
A developer exposes a REST API through Amazon API Gateway that forwards requests to a Lambda function. The Lambda code is being invoked with malformed JSON bodies and missing required query parameters, wasting compute and generating errors. The team wants to reject these bad requests before they reach Lambda, without adding custom validation code. What is the MOST appropriate approach?
A developer maintains a monolithic web application backed by an Amazon Aurora MySQL cluster with a single writer instance. Product teams now run heavy read-only reporting queries during business hours, and these queries are causing latency spikes for the transactional traffic on the primary. The reporting queries can tolerate data that is a few seconds stale. What is the MOST cost-effective way to offload the reporting workload while keeping application code changes minimal?
A developer maintains a production CloudFormation stack that runs a public-facing API. Before applying a modified template that alters an RDS instance and several IAM policies, the team wants to review exactly which resources will be added, modified, or replaced — and specifically whether any resource will require replacement — WITHOUT actually making any changes to the running stack. What should the developer do?
A team manages its production infrastructure with an AWS CloudFormation stack. An engineer reports that a security group rule was manually modified in the AWS Management Console outside of CloudFormation, and the team wants to identify which stack resources no longer match their template definitions before the next deployment. Which CloudFormation capability should they use?
A developer is preparing to deploy a serverless application defined in an AWS CloudFormation template. The template references a Lambda function whose code lives in a local directory. When the developer tries to deploy with 'aws cloudformation deploy', the function's local code path is not accepted by CloudFormation. What is the correct step to prepare the deployment artifacts so the template can be deployed?
A developer is authoring a CloudFormation template that provisions an RDS database. The template accepts the master database password as an input parameter. During code review, a colleague notes that the password value appears in plaintext in the CloudFormation console's Parameters tab and in the stack events. The developer wants to prevent the parameter value from being displayed or logged while still allowing it to be passed at stack creation time. Which change should the developer make to the template?
A developer runs a media website on an Application Load Balancer backed by EC2 instances. Product images and CSS/JS files rarely change but are requested millions of times daily by users across many countries. Origin CPU is saturated serving these static files, and users far from the region report slow page loads. Which change most effectively reduces origin load and improves global latency for these assets?
A developer supports a Lambda function that processes uploaded orders. During flash sales, customers report failed order submissions. In CloudWatch, the developer observes that the function's Throttles metric spikes to hundreds per minute while the Errors metric remains near zero, and the ConcurrentExecutions metric flatlines at a fixed value during the spikes. What is the most likely root cause of the failed submissions?
A developer maintains a REST API backed by Lambda and DynamoDB. Support tickets report that the API feels slow for some users, but the CloudWatch alarm monitoring the Average of the API Gateway Latency metric never triggers because the mean stays low. The team wants an alarm that reliably catches the intermittent slowness affecting a minority of requests. What is the most effective change?
A developer needs to publish custom application metrics (such as order value and items-per-order) from a high-throughput Lambda function. The function already writes structured JSON logs to CloudWatch Logs. Calling the PutMetricData API on every invocation has caused throttling and added latency to the function. What is the MOST efficient way to emit these custom metrics while avoiding the API throttling and extra latency?
A developer runs a Lambda function triggered by API Gateway. Users intermittently receive 502 errors during traffic peaks. The developer suspects the function is failing to keep up with demand. Which CloudWatch metric should the developer examine first to confirm whether requests are being rejected before they can execute?
A developer is investigating an increase in HTTP 500 errors reported by an application running on AWS Lambda behind API Gateway. The Lambda function writes structured JSON logs (including a 'level' field and 'errorType' field) to Amazon CloudWatch Logs. The developer needs to quickly identify which specific error type is most frequently associated with the failures over the last hour, without exporting logs to another service. What is the FASTEST way to do this?
A developer runs a Java application on Amazon EC2 that writes plain-text logs to a CloudWatch Logs log group. Operations wants to be paged whenever the phrase "OutOfMemoryError" appears more than 3 times within a 5-minute window. There is currently no numeric metric that tracks these occurrences. What is the most appropriate way to enable this alerting with the least custom code?
A developer's Lambda function currently writes plain-text log lines such as 'Processed order 12345 in 240ms'. The operations team wants to build CloudWatch Logs Insights queries and metric filters that can reliably extract the order ID, duration, and status without brittle string parsing. What is the MOST effective change the developer should make to the logging approach?
A developer manages a Lambda-based order processing service whose traffic varies predictably across the day, with higher volume during business hours and much lower volume overnight. The team wants a CloudWatch alarm on the function's error count that adapts to these normal traffic patterns and only alerts when errors deviate meaningfully from expected behavior, without constant false alarms from a fixed threshold. What should the developer configure?
A development team builds Node.js microservices and installs npm packages during their AWS CodeBuild stage. They want a private repository to store their own internal packages while also being able to pull public packages from the npm public registry, so that all dependencies are resolved through a single endpoint that can be cached and controlled. Which AWS service and configuration meets this requirement with the least operational overhead?
A development team uses AWS CodePipeline with AWS CodeBuild to build a containerized microservice. The buildspec.yml must authenticate to Amazon ECR, build the Docker image, tag it, and push it so a later CodeDeploy stage can reference the image. During builds, the push step fails with an authentication error even though the CodeBuild service role has ECR permissions. What should the team add to the buildspec.yml to correctly authenticate Docker to the private ECR registry before pushing?
A development team uses AWS CodeBuild to build a Java application. Their buildspec.yml runs unit tests during the build phase, but they notice that when a unit test command returns a non-zero exit code, CodeBuild still continues to the post_build phase and produces artifacts, resulting in broken builds being deployed. They want the build to stop immediately and be marked as FAILED if any command in the build phase fails. What is the correct explanation of CodeBuild behavior and how to fix this?
A development team uses AWS CodeBuild to build a containerized application. The build process needs a database password that is stored in AWS Systems Manager Parameter Store as a SecureString parameter named /myapp/db/password. The team wants the value injected as an environment variable during the build without hardcoding the secret anywhere in the repository or buildspec. What is the recommended way to accomplish this?
A developer is configuring an AWS CodeBuild project to build a Docker container image from a Dockerfile and push it to Amazon ECR. The buildspec runs 'docker build' and 'docker push' commands, but every build fails during the 'docker build' step with an error indicating that it cannot connect to the Docker daemon. The developer has confirmed the build role has ECR permissions. What is the most likely cause and correct fix?
A development team uses AWS CodeDeploy to deploy a Node.js application to an Amazon EC2/On-Premises deployment group. Their revision bundle is stored in Amazon S3 as a .zip file. During deployment, every attempt fails immediately with the error 'The deployment failed because no instances were found for your deployment group' does not appear, but instead the agent reports that the AppSpec file could not be located. Where must the AppSpec file be placed within the application revision so that the CodeDeploy agent can process it?
A team runs a web application on an Amazon EC2 Auto Scaling group behind an Application Load Balancer. They want to use AWS CodeDeploy to deploy new versions to a brand-new set of instances, run smoke tests against them, and only then shift live traffic. If validation fails, the old instances must still be available for an instant rollback with zero downtime. Which CodeDeploy deployment approach meets these requirements?
A development team deploys a monolithic Java application to a fleet of EC2 instances behind an Application Load Balancer using AWS CodeDeploy with an in-place deployment configuration. They need to run a validation script that checks the application is responding correctly AFTER the new revision is installed and started, but BEFORE the instance is placed back into the load balancer's rotation to serve production traffic. In which AppSpec lifecycle event hook should they place this validation script?