AWS Certified Developer - Associate · Domain 3 · 24% of exam

Deployment

Drill 20 practice questions focused entirely on Deployment for the AWS DVA-C02 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A developer maintains a production CloudFormation stack that runs a public-facing API. Before applying a modified template that alters an RDS instance and several IAM policies, the team wants to review exactly which resources will be added, modified, or replaced — and specifically whether any resource will require replacement — WITHOUT actually making any changes to the running stack. What should the developer do?

Reviewed for accuracy · Report an issue
Question 2 of 20

A team manages its production infrastructure with an AWS CloudFormation stack. An engineer reports that a security group rule was manually modified in the AWS Management Console outside of CloudFormation, and the team wants to identify which stack resources no longer match their template definitions before the next deployment. Which CloudFormation capability should they use?

Reviewed for accuracy · Report an issue
Question 3 of 20

A developer is preparing to deploy a serverless application defined in an AWS CloudFormation template. The template references a Lambda function whose code lives in a local directory. When the developer tries to deploy with 'aws cloudformation deploy', the function's local code path is not accepted by CloudFormation. What is the correct step to prepare the deployment artifacts so the template can be deployed?

Reviewed for accuracy · Report an issue
Question 4 of 20

A developer is authoring a CloudFormation template that provisions an RDS database. The template accepts the master database password as an input parameter. During code review, a colleague notes that the password value appears in plaintext in the CloudFormation console's Parameters tab and in the stack events. The developer wants to prevent the parameter value from being displayed or logged while still allowing it to be passed at stack creation time. Which change should the developer make to the template?

Reviewed for accuracy · Report an issue
Question 5 of 20

A development team builds Node.js microservices and installs npm packages during their AWS CodeBuild stage. They want a private repository to store their own internal packages while also being able to pull public packages from the npm public registry, so that all dependencies are resolved through a single endpoint that can be cached and controlled. Which AWS service and configuration meets this requirement with the least operational overhead?

Reviewed for accuracy · Report an issue
Question 6 of 20

A development team uses AWS CodePipeline with AWS CodeBuild to build a containerized microservice. The buildspec.yml must authenticate to Amazon ECR, build the Docker image, tag it, and push it so a later CodeDeploy stage can reference the image. During builds, the push step fails with an authentication error even though the CodeBuild service role has ECR permissions. What should the team add to the buildspec.yml to correctly authenticate Docker to the private ECR registry before pushing?

Reviewed for accuracy · Report an issue
Question 7 of 20

A development team uses AWS CodeBuild to build a Java application. Their buildspec.yml runs unit tests during the build phase, but they notice that when a unit test command returns a non-zero exit code, CodeBuild still continues to the post_build phase and produces artifacts, resulting in broken builds being deployed. They want the build to stop immediately and be marked as FAILED if any command in the build phase fails. What is the correct explanation of CodeBuild behavior and how to fix this?

Reviewed for accuracy · Report an issue
Question 8 of 20

A development team uses AWS CodeBuild to build a containerized application. The build process needs a database password that is stored in AWS Systems Manager Parameter Store as a SecureString parameter named /myapp/db/password. The team wants the value injected as an environment variable during the build without hardcoding the secret anywhere in the repository or buildspec. What is the recommended way to accomplish this?

Reviewed for accuracy · Report an issue
Question 9 of 20

A developer is configuring an AWS CodeBuild project to build a Docker container image from a Dockerfile and push it to Amazon ECR. The buildspec runs 'docker build' and 'docker push' commands, but every build fails during the 'docker build' step with an error indicating that it cannot connect to the Docker daemon. The developer has confirmed the build role has ECR permissions. What is the most likely cause and correct fix?

Reviewed for accuracy · Report an issue
Question 10 of 20

A development team uses AWS CodeDeploy to deploy a Node.js application to an Amazon EC2/On-Premises deployment group. Their revision bundle is stored in Amazon S3 as a .zip file. During deployment, every attempt fails immediately with the error 'The deployment failed because no instances were found for your deployment group' does not appear, but instead the agent reports that the AppSpec file could not be located. Where must the AppSpec file be placed within the application revision so that the CodeDeploy agent can process it?

Reviewed for accuracy · Report an issue
Question 11 of 20

A team runs a web application on an Amazon EC2 Auto Scaling group behind an Application Load Balancer. They want to use AWS CodeDeploy to deploy new versions to a brand-new set of instances, run smoke tests against them, and only then shift live traffic. If validation fails, the old instances must still be available for an instant rollback with zero downtime. Which CodeDeploy deployment approach meets these requirements?

Reviewed for accuracy · Report an issue
Question 12 of 20

A development team deploys a monolithic Java application to a fleet of EC2 instances behind an Application Load Balancer using AWS CodeDeploy with an in-place deployment configuration. They need to run a validation script that checks the application is responding correctly AFTER the new revision is installed and started, but BEFORE the instance is placed back into the load balancer's rotation to serve production traffic. In which AppSpec lifecycle event hook should they place this validation script?

Reviewed for accuracy · Report an issue
Question 13 of 20

A team deploys a containerized order-processing service to Amazon ECS using AWS CodeDeploy with a blue/green deployment. After production traffic shifts to the new (green) task set, a downstream error rate spikes. The team wants CodeDeploy to automatically stop the deployment and revert traffic to the original (blue) task set without manual intervention. Which configuration achieves this?

Reviewed for accuracy · Report an issue
Question 14 of 20

A team deploys a containerized service to Amazon ECS using AWS CodeDeploy with a blue/green deployment. Before shifting any production traffic to the new (green) task set, they must run an automated smoke test against the newly provisioned green tasks. If the smoke test fails, no production traffic should ever reach the new version. Which CodeDeploy lifecycle event hook should the team use to invoke the Lambda function that performs this smoke test?

Reviewed for accuracy · Report an issue
Question 15 of 20

A development team maintains an internal, non-customer-facing Lambda function used by a nightly batch job. Deployments are infrequent and the team wants each new version to be fully live immediately without any gradual traffic shifting, since brief errors during off-hours are acceptable and easily rolled back manually. Which AWS CodeDeploy deployment configuration for Lambda should they choose?

Reviewed for accuracy · Report an issue
Question 16 of 20

A team deploys a Lambda function through AWS CodeDeploy using a canary configuration that shifts 10% of traffic for 5 minutes before completing. During a recent deployment, the new version returned a spike of errors, but CodeDeploy still completed the full traffic shift because no automatic rollback occurred. The team wants future deployments to automatically roll back when the new version misbehaves during the canary window. What should they configure to achieve this with the least custom code?

Reviewed for accuracy · Report an issue
Question 17 of 20

A development team deploys a Lambda function that processes financial transactions. They want new versions to receive 10% of production traffic for 5 minutes so they can monitor CloudWatch alarms before the remaining 90% is shifted. If an alarm triggers during the monitoring window, the deployment must automatically roll back. Which approach satisfies these requirements with the least custom code?

Reviewed for accuracy · Report an issue
Question 18 of 20

A development team deploys a Lambda function through AWS CodeDeploy. The business requires that new function versions receive an increasing percentage of traffic gradually over time rather than a single large shift, so that any latent errors surface progressively. They want 10% of traffic added every 3 minutes until the new version handles 100%. Which predefined CodeDeploy deployment configuration meets this requirement?

Reviewed for accuracy · Report an issue
Question 19 of 20

A development team creates a new AWS CodePipeline using the console. During the source stage, artifacts produced by CodeCommit need to be passed to a CodeBuild stage. The team wants to understand how output artifacts are stored and moved between stages so they can grant the correct permissions to a custom CodeBuild service role. Where does CodePipeline store the artifacts that are passed between stages?

Reviewed for accuracy · Report an issue
Question 20 of 20

A development team runs a CodeBuild project as part of a CodePipeline. Each build downloads hundreds of Node.js dependencies from the internet, taking several minutes and increasing build costs. The dependencies rarely change between builds. Which change will MOST reduce build duration with the least ongoing maintenance effort?

Reviewed for accuracy · Report an issue

More DVA-C02 practice

Keep going with the other AWS Certified Developer - Associate domains, or take a full timed mock exam.

← Back to DVA-C02 overview