Reinforce DEA-C01 concepts with active-recall study cards covering all 4 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For DEA-C01 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the DEA-C01 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your DEA-C01 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real DEA-C01 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass DEA-C01.
Sample cards from the DEA-C01 flashcard bank. Read the question, think of the answer, then read the explanation below.
A data engineer needs to ingest streaming data from an IoT fleet into Amazon S3 for near-real-time analytics. The data volume is approximately 5 GB per hour, and each event is less than 1 KB. Which AWS service should be used as the ingestion endpoint?
AWS IoT Core
AWS IoT Core is purpose-built for ingesting data from IoT devices, supporting MQTT, HTTP, and WebSocket protocols. It can handle millions of devices and high-throughput, small-message payloads (each event <1 KB) and integrates directly with Amazon S3 via IoT Core rules, making it the ideal ingestion endpoint for near-real-time analytics on streaming IoT data.
A data engineer notices that an AWS Glue job processing data from an Amazon S3 bucket frequently fails with 'OutOfMemoryError'. The job reads CSV files, applies transformations, and writes Parquet to another S3 bucket. The job has 10 workers of type G.1X. Which change is MOST likely to resolve the issue?
Change the worker type from G.1X to G.2X
The G.1X worker type provides 16 GB of memory per worker. An OutOfMemoryError indicates that the job's memory requirements exceed this limit. Upgrading to G.2X doubles the memory per worker to 32 GB, directly addressing the memory shortage without changing the parallelism or incurring the overhead of additional workers.
A data engineer needs to ensure that an Amazon S3 bucket used for sensitive data is encrypted at rest using a customer-managed AWS KMS key. The bucket policy must enforce encryption for all PUT requests. Which policy statement should be added to the bucket policy?
{"Effect":"Deny","Principal":"*","Action":"s3:PutObject","Resource":"arn:aws:s3:::bucket/*","Condition":{"StringNotEquals":{"s3:x-amz-server-side-encryption":"aws:kms"},"Null":{"s3:x-amz-server-side-encryption-aws-kms-key-id":"true"}}}
Option C is correct because it uses a Deny effect with a condition that blocks PUT requests unless the encryption header specifies 'aws:kms' (SSE-KMS) AND the KMS key ID matches the required customer-managed key. The combination of StringNotEquals on the encryption type and Null on the key ID ensures that any request not using the specified KMS key is denied, enforcing both encryption at rest and the use of the customer-managed key.
A company has an Amazon RDS for MySQL DB instance with read replicas. The primary DB instance fails. What is the correct procedure to promote a read replica to become the new primary?
Manually promote the read replica to a standalone DB instance.
When an Amazon RDS for MySQL primary DB instance fails, read replicas do not automatically become the new primary. The correct procedure is to manually promote the read replica using the AWS Management Console, CLI, or API, which converts it into a standalone DB instance. After promotion, you must update your application endpoints to point to the new primary, as RDS does not handle this automatically.
A data pipeline uses Kinesis Data Firehose to deliver streaming data to an S3 bucket. The data volume spikes occasionally, causing the Firehose buffer to fill up and leading to increased delivery latency. The latency must remain under 60 seconds. What should be done to minimize latency?
Reduce the buffer interval to 60 seconds.
Reducing the buffer interval to 60 seconds ensures that Firehose delivers data to S3 at most every 60 seconds, directly capping latency even if the buffer size is not full. This aligns with the requirement to keep latency under 60 seconds, as Firehose delivers data when either the buffer interval or buffer size threshold is met first.
An e-commerce company uses AWS Glue to run ETL jobs that transform clickstream data from Amazon S3. The job reads Parquet files, performs aggregations, and writes the results to Amazon Redshift. The job runs successfully but takes longer than expected. The data volume is increasing. Which design change would MOST improve the job's performance?
Increase the number of Glue worker nodes (DPUs) for the job.
Increasing the number of Glue worker nodes (DPUs) directly scales the distributed processing capacity of the ETL job, allowing it to process larger volumes of Parquet data in parallel. This is the most straightforward way to reduce execution time when data volume is growing, as AWS Glue automatically partitions the workload across the additional workers.
A data engineering team uses Amazon Kinesis Data Analytics for Apache Flink to process streaming data. They notice that the application's checkpointing is failing intermittently, causing data reprocessing. The application uses a large state. Which configuration change should the team make to improve checkpoint reliability?
Increase the checkpointing interval.
Increasing the checkpointing interval reduces the frequency of checkpoint operations, giving the system more time to complete each checkpoint before the next one starts. This alleviates backpressure and resource contention, which is critical when dealing with large state, as checkpointing large state is I/O and CPU intensive and can fail if intervals are too tight.
A company uses AWS Glue to process streaming data from Amazon Kinesis Data Streams. The job reads JSON records and writes Parquet to Amazon S3. Recently, the job started failing with 'Out of Memory' errors. Which change is MOST likely to resolve the issue?
Increase the number of DPUs allocated to the Glue job.
The 'Out of Memory' error in AWS Glue indicates that the job's allocated resources are insufficient for the data volume or processing complexity. Increasing the number of DPUs (Data Processing Units) directly increases the available memory and compute capacity, which is the most straightforward fix for OOM errors in Glue streaming jobs. Option C is correct because it addresses the root cause—resource exhaustion—by scaling the job horizontally.
A data engineer applies the above bucket policy to an S3 bucket containing sensitive data. The goal is to allow only encrypted (HTTPS) requests. However, a user reports being able to access an object using an HTTP (non-HTTPS) request. What is the most likely reason?
The condition key aws:SecureTransport is used with BoolIfExists instead of Bool
Option C is correct. The policy uses "BoolIfExists" instead of "Bool" for the aws:SecureTransport condition. "BoolIfExists" evaluates to true if the key is absent (as in HTTP requests), thus the Deny effect is not triggered, allowing HTTP access. Option A is wrong because using Allow or Deny is not the issue; the condition key's evaluation is the problem. Option B is incorrect because the resource ARN must include the bucket itself when using bucket policies, but this is not relevant here. Option D is wrong because a principal of "*" includes all authenticated users (not anonymous).
A company uses AWS Glue to catalog data in Amazon S3. The security team requires that all sensitive data be identified and encrypted at rest using customer-managed KMS keys. Which combination of steps should a data engineer take to meet these requirements?
Configure AWS Glue to use Detect Sensitive Data and write encrypted output to S3 with SSE-KMS.
Option D is correct because AWS Glue provides a 'Detect Sensitive Data' transform (such as FindMatches or custom classifiers) that can be used in a Glue ETL job to identify sensitive data within the catalog. The same ETL job can then write the processed data to Amazon S3 with server-side encryption using customer-managed KMS keys (SSE-KMS), meeting both identification and encryption-at-rest requirements. Option A is incorrect because S3 Access Logs and Athena queries do not directly identify sensitive data patterns reliably, nor do they enforce encryption. Option B is incorrect because Amazon Macie can scan for sensitive data, but it does not automatically apply S3 default encryption; moreover, default encryption uses S3-managed keys, not customer-managed KMS keys. Option C is incorrect because enabling S3 default encryption and using IAM policies addresses encryption and access control but lacks the sensitive data identification step required by the security team.
Refer to the exhibit. A data engineer is using a Kinesis Data Stream with 2 shards. The producer uses a partition key that is the user ID (a UUID). The consumer is falling behind. Which change would improve throughput?
Increase the number of shards
The consumer is falling behind because the total throughput of the stream (1 MB/s or 1,000 records/s per shard for writes, and 2 MB/s per shard for reads) is insufficient for the incoming data volume. Increasing the number of shards scales both the write and read capacity linearly, allowing the consumer to process records faster and catch up. Changing the partition key or retention period does not increase throughput, and switching to Firehose changes the delivery model but does not inherently solve the consumer lag.
A company uses Amazon DynamoDB with on-demand capacity. They notice higher than expected costs due to a sudden spike in read traffic from a reporting job. The reporting job scans the entire table daily. What is the most cost-effective way to reduce costs while maintaining the same reporting output?
Use a Global Secondary Index (GSI) with a sort key that matches the reporting query pattern.
Option B is correct because using a Global Secondary Index (GSI) with a sort key tailored to the reporting query pattern allows the reporting job to query only the relevant items instead of scanning the entire table. This reduces the read capacity units consumed per operation, directly lowering costs under on-demand capacity, which charges per RCU consumed. The reporting output remains identical because the GSI returns the same data filtered by the query pattern.
A company wants to monitor and alert on unauthorized API calls in their AWS account. Which AWS service should be used to detect and notify on such events?
AWS CloudTrail and Amazon CloudWatch Events
D is correct because AWS CloudTrail records all API calls in the AWS account, and Amazon CloudWatch Events (or EventBridge) can be configured with rules to detect specific API calls (e.g., unauthorized actions) and trigger notifications. Option A is incorrect because Amazon GuardDuty and AWS Security Hub are threat detection and security management services, not primarily for monitoring all API calls. Option B is incorrect because Amazon VPC Flow Logs capture network traffic metadata, not API calls. Option C is incorrect because AWS Config monitors resource configuration changes, not API calls.
A data engineer needs to migrate an on-premises MySQL database to Amazon RDS for MySQL with minimal downtime. Which approach should they use?
Use AWS Database Migration Service (DMS) with ongoing replication from the source database.
AWS DMS with ongoing replication (change data capture, CDC) is the correct approach because it allows continuous synchronization from the on-premises MySQL source to the RDS target, enabling a cutover with minimal downtime. Unlike one-time export/import tools, DMS captures ongoing changes during the migration, so the target stays up-to-date until you switch over.
A company uses AWS KMS to encrypt sensitive data in S3. The security team requires that the KMS key must be rotated automatically every year. Which key type should be used?
Customer managed key with automatic rotation enabled
Option D is correct because customer managed keys can be configured with automatic rotation every year, meeting the security team's requirement. Option B is incorrect because AWS managed keys (aws/s3) rotate automatically every 3 years, not annually. Option A is incorrect because asymmetric keys do not support automatic rotation. Option C is incorrect because custom key stores backed by CloudHSM do not offer automatic rotation.
A data engineer is designing a data ingestion pipeline for IoT sensor data. The data arrives as JSON via AWS IoT Core, and must be stored in Amazon S3 in partitioned Parquet format. The pipeline must handle late-arriving data (up to 1 hour) and ensure exactly-once processing. Which combination of services should the engineer use?
Amazon Kinesis Data Firehose with data transformation via AWS Lambda, delivering to Amazon S3.
Amazon Kinesis Data Firehose is the correct choice because it can directly ingest streaming data from AWS IoT Core, use a built-in AWS Lambda function to transform JSON to Parquet, and deliver the data to Amazon S3 with automatic partitioning. It also supports buffering and retry logic to handle late-arriving data (up to 1 hour) and provides exactly-once delivery to S3 when configured with the appropriate error handling and idempotent transformations.
A data engineer needs to transform JSON data from an S3 bucket using AWS Glue. The JSON contains nested arrays and objects. Which Glue transform is best suited for flattening nested structures?
Relationalize
The Relationalize transform is specifically designed to flatten nested JSON structures (arrays and objects) into a set of related tables, making it ideal for this use case. It automatically handles complex nesting by creating separate DataFrames for each nested level and linking them via foreign keys, which is exactly what is needed when ingesting JSON with nested arrays and objects into a relational format.
A data engineer needs to ingest data from an on-premises Oracle database into Amazon S3. The data volume is about 500 GB initially, with daily incremental updates of 10 GB. The pipeline must minimize operational overhead. Which AWS service should be used for the initial and incremental loads?
AWS Database Migration Service (DMS) with change data capture (CDC) to Amazon S3.
AWS DMS with CDC is the correct choice because it supports continuous replication from Oracle to Amazon S3 with minimal overhead. It handles both the initial 500 GB full load and ongoing 10 GB daily increments via change data capture, without requiring custom code or complex pipeline management.
A company has a Glue ETL job that reads from an Amazon RDS for MySQL table and writes to Amazon S3. The job runs hourly and processes new records based on a 'last_modified' timestamp column. Recently, the job started missing some records because the timestamp in MySQL is stored with microsecond precision but Glue's job bookmark only tracks second precision. Which solution addresses this issue?
Use a job parameter to store the last processed timestamp with millisecond precision and query records greater than that value.
Option A is correct because AWS Glue job bookmarks track timestamps with only second precision, so records with microsecond differences within the same second are missed. By using a custom job parameter to store the last processed timestamp with millisecond precision and querying records greater than that value, you bypass Glue's bookmark limitation and capture all new or modified records.
A data engineer is ingesting CSV files from an Amazon S3 bucket into a Glue Data Catalog table. The files have headers, but some files have extra columns not present in the first file. The engineer wants the Glue crawler to automatically detect the schema. Which crawler configuration option should be used?
Configure the crawler to 'Create a single schema for each S3 path' and enable 'Merge tables'.
Option B is correct because when CSV files have varying schemas (extra columns), the Glue crawler must be configured to 'Create a single schema for each S3 path' with 'Merge tables' enabled. This configuration instructs the crawler to union the schemas from all files in the S3 path, adding new columns as they appear, rather than creating separate tables for each schema variation.
A company wants to ingest streaming data from thousands of IoT devices into Amazon S3 with minimal latency and then transform the data using Spark SQL. Which AWS service should be used for data ingestion?
Amazon Kinesis Data Firehose
Amazon Kinesis Data Firehose is the correct choice because it is a fully managed service designed for ingesting streaming data into Amazon S3 with near-real-time latency (typically 60 seconds or less). It can directly write data to S3 without requiring custom code or additional infrastructure, and it supports optional transformations via AWS Lambda, making it ideal for the described use case of streaming IoT data ingestion.
A company uses AWS Data Pipeline to copy data from DynamoDB to S3 daily. Recently, the pipeline started failing with 'ThrottlingException' errors. The DynamoDB table has on-demand capacity. Which action should be taken to resolve the issue?
Configure the pipeline to use a retry strategy with exponential backoff.
Option C is correct because ThrottlingException errors in AWS Data Pipeline when reading from DynamoDB indicate that the pipeline's read requests are exceeding the table's available throughput. Since the table uses on-demand capacity, which can handle spikes but has a per-second throughput limit, implementing exponential backoff in the pipeline's retry strategy allows it to reduce request rate upon throttling, aligning with AWS SDK best practices for handling DynamoDB throttling.
The DEA-C01 flashcard bank covers all 4 official blueprint domains published by Amazon Web Services. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Data Ingestion and Transformation
Data Operations and Support
Data Security and Governance
Data Store Management
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that DEA-C01 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.DEA-C01 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective DEA-C01 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
Yes. Courseiva provides free DEA-C01 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.
Courseiva has 1786+ original DEA-C01 flashcards across all 4 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Amazon Web Services exam objectives.
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official DEA-C01 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included