Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsDVA-C02Exam Questions

Amazon Web Services · Free Practice Questions · Last reviewed May 2026

DVA-C02 Exam Questions and Answers

24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

65 exam questions
130 min time limit
Pass: 720/1000 / 1000
4 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Development with AWS Services2. Security3. Deployment4. Troubleshooting and Optimization
1

Domain 1: Development with AWS Services

All Development with AWS Services questions
Q1
mediumFull explanation →

A developer has an AWS Lambda function that processes messages from an Amazon SQS queue. The function is configured with a batch size of 10, reserved concurrency of 5, and a timeout of 5 minutes. The SQS queue has a large backlog, and CloudWatch metrics show high throttling (Throttles) for the Lambda function. The function is idempotent and can process up to 100 messages in a single invocation. What is the MOST effective way to increase throughput without increasing the reserved concurrency?

A

Increase the batch size to 100.

Increasing the batch size allows each invocation to process more messages, reducing the number of invocations and the likelihood of throttling without increasing reserved concurrency.

B

Increase the reserved concurrency to 10.

C

Reduce the batch size to 1.

D

Enable the SQS queue to use long polling.

Why: Increasing the batch size to 100 allows each Lambda invocation to process up to 100 messages from the SQS queue instead of the current 10. Since the function is idempotent and can handle 100 messages per invocation, this change maximizes the number of messages processed per invocation without altering the reserved concurrency of 5. With a batch size of 100, each of the 5 concurrent invocations can process up to 100 messages, yielding a potential throughput of 500 messages per invocation cycle, which directly reduces the backlog and throttling by consuming messages faster.
Q2
mediumFull explanation →

A developer has an AWS Lambda function that processes messages from an Amazon SQS standard queue. The function is idempotent and currently has a batch size of 10. The developer wants to increase throughput and increases the batch size to 100. After the change, CloudWatch metrics show a significant increase in throttles and the queue backlog is growing. The function's reserved concurrency is set to 10. What is the most effective action to resolve the throttling and improve throughput?

A

Increase the reserved concurrency of the Lambda function

Higher concurrency allows more invocations to run simultaneously, reducing throttling and enabling the function to consume the larger batch size effectively.

B

Increase the memory allocation of the Lambda function

C

Switch the SQS queue to a FIFO queue

D

Decrease the batch size back to 10

Why: Increasing the reserved concurrency from 10 to a higher value directly addresses the root cause of throttling. With a batch size of 100, each invocation processes more messages, but the function's reserved concurrency of 10 limits the maximum number of concurrent executions to 10. This means the Lambda service can only invoke the function 10 times at once, regardless of how many messages are in the queue. By raising reserved concurrency, you allow more concurrent invocations to handle the larger batches, reducing throttling and improving throughput.
Q3
hardFull explanation →

A developer is using AWS X-Ray to trace a serverless application. The application uses an AWS Lambda function to query a DynamoDB table. The trace shows that the DynamoDB subsegment takes a significant portion of the total response time. The developer wants to reduce the DynamoDB query latency. Which service should the developer integrate with the Lambda function to achieve the lowest latency for repeated read queries?

A

DynamoDB Accelerator (DAX)

Correct. DAX is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to 10x read performance improvement by caching frequently accessed data.

B

Amazon ElastiCache for Redis

C

DynamoDB Global Tables

D

DynamoDB Streams

Why: DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to 10x read performance improvement by reducing response times from milliseconds to microseconds for repeated read queries. By integrating DAX with the Lambda function, the developer can cache the results of frequent DynamoDB queries directly in memory, bypassing the read capacity units and the underlying storage engine, which directly addresses the latency bottleneck shown in the X-Ray trace.
Q4
mediumFull explanation →

A developer is building a serverless application using AWS Step Functions to orchestrate multiple AWS Lambda functions. One of the Lambda functions occasionally fails due to a transient error. The developer wants the Step Functions execution to automatically retry the failed task up to three times with exponential backoff. Which configuration should the developer set in the Step Functions state machine definition?

A

Add a Retry clause in the Lambda function's configuration with a maximum retry count of 3.

B

Use the Amazon States Language (ASL) Retry field in the Task state definition.

The ASL Retry field allows defining retry policies, including exponential backoff and maximum retry attempts.

C

Wrap the Lambda function invocation in a custom while loop within the function code.

D

Use the Amazon States Language Catch field in the Task state to redirect to a retry logic.

Why: Option B is correct because the Amazon States Language (ASL) provides a native Retry field within a Task state definition that allows you to specify retry policies, including a maximum retry count and exponential backoff. This is the intended mechanism for handling transient failures in Step Functions without requiring custom code or external retry logic.
Q5
mediumFull explanation →

A developer is building a serverless application that processes orders. An order is placed and an event is published to an Amazon SNS topic. The SNS topic has multiple subscribers, including an SQS queue for order processing and a Lambda function for sending notifications. The developer wants to ensure that the SQS queue receives all messages reliably, even if the processing Lambda function fails temporarily. Which configuration should the developer set?

A

Enable a dead-letter queue on the SQS queue

Correct. A DLQ captures messages that cannot be processed after retries, ensuring no messages are lost.

B

Enable SNS delivery retries for HTTP endpoints

C

Set the SQS queue's visibility timeout to a value greater than the Lambda function's processing time

D

Configure the SNS topic to use server-side encryption

Why: A dead-letter queue (DLQ) on the SQS queue ensures that messages that cannot be processed successfully after the configured number of retries (maxReceiveCount) are moved to a separate queue for later analysis or reprocessing. This prevents message loss when the Lambda function fails temporarily, as the SQS queue will continue to receive messages from SNS reliably, and only messages that exceed the retry limit are redirected to the DLQ.
Q6
hardFull explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API receives a large number of requests with duplicate payloads from the same client within a short time window. To reduce Lambda invocations and improve performance, the developer wants to return the previously computed response for identical requests based on a unique client ID in the header. How can the developer achieve this using API Gateway features?

A

Enable API Gateway caching on the stage and configure the client ID header as a cache key parameter. Set a cache TTL of 5 minutes.

API Gateway caching uses cache key parameters to index responses. By including the client ID header in the cache key, different clients get separate cached responses. The TTL controls how long the response is cached.

B

Configure a usage plan with a quota and throttle settings to limit requests per client ID.

C

Use request validation to reject requests that have the same client ID within 5 minutes.

D

Reduce the Lambda function's batch size to 1 and implement caching logic inside the function using an external cache like ElastiCache.

Why: Option A is correct because API Gateway caching allows you to store responses for a configurable TTL and use the client ID header as a cache key parameter. This means that when a request with the same client ID arrives within the TTL window, API Gateway returns the cached response directly without invoking the Lambda function, reducing invocations and improving performance.

Want more Development with AWS Services practice?

Practice this domain
2

Domain 2: Security

All Security questions
Q1
mediumFull explanation →

A developer has an AWS Lambda function that needs to read objects from an S3 bucket in another account. The Lambda function's execution role includes an IAM policy that allows s3:GetObject on the bucket. The bucket owner has added a bucket policy that grants s3:GetObject to the Lambda execution role. However, the Lambda function receives Access Denied errors. The S3 bucket uses SSE-KMS for encryption. What is the most likely cause?

A

The S3 bucket does not have versioning enabled.

B

The Lambda function's execution role does not have an explicit allow for s3:GetObject.

C

The Lambda function is not in the same AWS region as the S3 bucket.

D

The Lambda function does not have kms:Decrypt permission on the KMS key used by the bucket.

SSE-KMS requires both S3 read permissions and KMS decrypt permission. The bucket policy does not grant KMS permissions; the KMS key policy must allow the Lambda execution role.

Why: When an S3 bucket uses SSE-KMS, the Lambda function must have explicit kms:Decrypt permission on the KMS key to decrypt the object after s3:GetObject retrieves the encrypted data. Even though the bucket policy and execution role allow s3:GetObject, the missing KMS permission causes an Access Denied error because S3 returns the encrypted object and the Lambda runtime cannot decrypt it without the key.
Q2
hardFull explanation →

A company has multiple AWS accounts managed under AWS Organizations. The security team requires that all Amazon S3 buckets with bucket names containing 'logs' must be encrypted with a specific KMS key (key ID: alias/logs-key) at rest. A developer must enforce this using an SCP (Service Control Policy). Which SCP effect and condition key should be used to deny any PutObject request that does not use the required KMS key?

A

Deny effect with a Condition: StringNotEquals on s3:x-amz-server-side-encryption-aws-kms-key-id

This SCP will deny any PutObject request that specifies a KMS key that is not the required key. The StringNotEquals condition ensures that if the request does not use the specific key ID, the request is denied. This is the standard way to enforce encryption with a specific KMS key using SCPs.

B

Deny effect with a Condition: StringEquals on s3:x-amz-server-side-encryption

C

Allow effect with a Condition: StringEquals on kms:RequestTag/key-id

D

Deny effect with a Condition: IpAddress on aws:SourceIp

Why: Option A is correct because SCPs use a Deny effect to block non-compliant requests. The condition key `s3:x-amz-server-side-encryption-aws-kms-key-id` with `StringNotEquals` ensures that any PutObject request that does not specify the exact KMS key alias/logs-key is denied. This enforces encryption with the required key for all S3 buckets containing 'logs' in their name.
Q3
hardFull explanation →

A developer needs to grant a user in another AWS account (Account B) read-only access to objects in an Amazon S3 bucket owned by Account A. The developer has already added a bucket policy that grants s3:GetObject access to the IAM user in Account B. However, the user in Account B still gets Access Denied when trying to read objects. What additional configuration is required?

A

The user in Account B must have an IAM policy that allows s3:GetObject on the bucket ARN

Cross-account access requires both a bucket policy that grants the user permissions and an IAM policy in the user's account that allows the action. The IAM policy is necessary because the default is to deny all actions.

B

The bucket must be made public by unchecking 'Block all public access'

C

The developer must create a new IAM role in Account A and have the user in Account B assume that role

D

The user in Account B must use the S3 console instead of the AWS CLI

Why: The bucket policy in Account A grants s3:GetObject access to the IAM user in Account B, but this alone is insufficient. For cross-account access, the IAM user in Account B must also have an IAM policy attached that explicitly allows s3:GetObject on the bucket ARN. Without this, the user’s own account denies the request before it reaches Account A’s bucket policy, resulting in Access Denied.
Q4
hardFull explanation →

A developer needs to ensure that every cryptographic operation performed on an AWS KMS customer master key (CMK) used for server-side encryption in Amazon S3 is recorded in AWS CloudTrail for auditing. The developer has already enabled CloudTrail and is logging management events. However, the security team wants to see all calls to the KMS Decrypt and Encrypt APIs for this specific key. What must the developer do?

A

Enable CloudTrail data events for the S3 bucket containing the encrypted objects.

B

Create an additional CloudTrail trail that logs all management events for the KMS key.

C

Enable CloudTrail data events for the specific KMS key ARN.

CloudTrail data events for KMS record every call to Decrypt, Encrypt, GenerateDataKey, etc. By specifying the key ARN in the data event selector, only operations on that key are logged, meeting the audit requirement without excessive logging.

D

Enable CloudTrail Insights events on the existing trail.

Why: Option C is correct because CloudTrail data events can be configured to log individual API operations (such as Decrypt and Encrypt) on specific KMS keys. By default, CloudTrail management events do not include these data-plane operations; enabling data events for the specific KMS key ARN ensures every cryptographic call is recorded for auditing.
Q5
mediumFull explanation →

A developer is building a mobile application that uses Amazon Cognito for user authentication. After a user signs in, the application needs to access an Amazon DynamoDB table. The developer has set up an identity pool with an authenticated role. The IAM role attached to the authenticated identity has a policy allowing the required DynamoDB actions. However, users report that they cannot perform DynamoDB operations. What is the MOST likely cause of this issue?

A

The identity pool is not configured to use the authenticated role.

B

The app is not passing the correct identity ID.

C

The IAM role's trust policy does not allow Cognito to assume it.

The trust policy of the IAM role must grant the Cognito Identity service principal the sts:AssumeRole permission. Without it, Cognito cannot issue credentials, resulting in denied actions.

D

The DynamoDB table is encrypted with a different KMS key.

Why: The most likely cause is that the IAM role's trust policy does not include a statement allowing Amazon Cognito (specifically the `cognito-identity.amazonaws.com` service principal) to assume the role. Even if the identity pool is configured to use the authenticated role and the role's permissions policy grants DynamoDB actions, Cognito must be able to assume the role via AWS Security Token Service (STS) `AssumeRoleWithWebIdentity`. Without the correct trust relationship, Cognito cannot obtain temporary credentials for the user, so all DynamoDB operations fail.
Q6
hardFull explanation →

A company uses a customer managed AWS KMS key to encrypt sensitive data stored in DynamoDB. A Lambda function reads from the DynamoDB table and needs to decrypt the data. The Lambda function's execution role has an IAM policy that allows kms:Decrypt on the key. However, access is denied. What must the developer add to the KMS key policy to resolve the issue?

A

Add a statement granting kms:Decrypt to the Lambda function's execution role.

Correct. The key policy must explicitly allow the IAM role to perform kms:Decrypt.

B

Add a statement granting kms:Decrypt to the Lambda function's resource-based policy.

C

Add a statement granting kms:Decrypt to the Lambda service principal.

D

Add a statement granting kms:Decrypt to the account root user with a condition for the Lambda function.

Why: The correct answer is A because KMS key policies are resource-based policies that control access to the key itself. Even if the Lambda execution role has an IAM policy granting kms:Decrypt, the KMS key policy must explicitly allow the role (or the user/account) to perform that action. Without this statement in the key policy, the IAM permission is ineffective, resulting in an access denied error.

Want more Security practice?

Practice this domain
3

Domain 3: Deployment

All Deployment questions
Q1
hardFull explanation →

A developer is using AWS CodeDeploy with a blue/green deployment strategy to update an application running on Amazon ECS with the Fargate launch type. After the new (green) task set is created and traffic is shifted to it, users immediately report errors when trying to write data. The developer discovers that the green task set is connecting to a different database than the blue task set. The database endpoints are configured in the ECS task definition. What is the simplest way to prevent this issue in future deployments?

A

Modify the blue/green deployment configuration to use the same database endpoint for both task sets by updating the environment variables in the task definition before deployment.

Environment variables in the task definition can be changed without modifying the container image. Set the database endpoint to the same value for both blue and green task sets. This is the simplest solution.

B

Create two separate Amazon RDS databases and use an Amazon Route 53 weighted routing policy to distribute traffic.

C

Use an Application Load Balancer (ALB) with stickiness to route each user to the correct task set.

D

Use AWS CloudFormation to create a new database stack for each deployment and update the task definition dynamically.

Why: Option A is correct because the issue stems from the green task set using a different database endpoint than the blue task set, which is configured via environment variables in the ECS task definition. By updating the task definition to use the same database endpoint before deployment, both task sets will connect to the same database, ensuring consistency during the traffic shift. This is the simplest fix as it requires no additional infrastructure or complex routing changes.
Q2
hardFull explanation →

A developer is using AWS CodeDeploy with a blue/green deployment on an Amazon ECS service running on Fargate. The developer wants to ensure that the new (green) task set is fully healthy and serving traffic before the old (blue) task set is terminated. The deployment should automatically roll back to the blue task set if the green task set fails health checks. Which configuration should the developer set in the CodeDeploy deployment group?

A

Deployment type: blue/green, with rollback configuration enabled to trigger automatic rollback and reroute traffic to the original task set

Correct. This configuration ensures that if the new task set fails, CodeDeploy rolls back to the previous version.

B

Deployment type: blue/green, Deployment configuration: CodeDeployDefault.ECSAllAtOnce

C

Deployment type: blue/green, Deployment configuration: CodeDeployDefault.ECSLinear10PercentEvery1Minutes

D

Deployment type: blue/green, with an Application Load Balancer

Why: Option A is correct because the developer needs to configure the CodeDeploy deployment group with a blue/green deployment type and enable automatic rollback. This ensures that if the green task set fails health checks, CodeDeploy automatically terminates the green deployment and reroutes traffic back to the original blue task set, meeting the requirement for a fully healthy green task set before termination.
Q3
mediumFull explanation →

A developer is deploying a serverless application using the AWS Serverless Application Model (SAM). The application includes an Amazon API Gateway HTTP API and several AWS Lambda functions. The developer wants to implement a canary deployment for the API Gateway stage so that 10% of traffic is shifted to the new version for 30 minutes before the remaining 90% is shifted. Which SAM resource attribute should the developer configure on the API Gateway resource?

A

AutoPublishAlias

B

DeploymentPreference

DeploymentPreference with a Canary setting enables gradual traffic shifting for the API Gateway stage.

C

ProvisionedConcurrencyConfig

D

EventInvokeConfig

Why: The `DeploymentPreference` attribute on an AWS::Serverless::Api resource in SAM enables canary deployments by allowing you to specify traffic-shifting patterns, such as `Canary10Percent30Minutes`. This shifts 10% of traffic to the new API Gateway stage for 30 minutes before rolling out the remaining 90%, exactly matching the requirement.
Q4
hardFull explanation →

A developer is deploying a multi-container Docker application on Amazon ECS using the Fargate launch type. The application consists of a web server and a background worker. The web server must be scaled independently and must be accessible from the internet via an Application Load Balancer. The worker should not be accessible from the internet. Which ECS configuration should the developer use?

A

Create one ECS service with both containers in the same task definition, but only expose the web server port.

B

Create two separate ECS services, each with its own task definition, and place the web server in a public subnet with the worker in a private subnet.

Correct. Separate services allow independent scaling. Placing the web server in a public subnet with an ALB provides internet access, while the worker in a private subnet remains isolated.

C

Create one ECS service with two tasks, each containing one container.

D

Create one ECS service with two containers in the same task, and use a service discovery to expose the worker.

Why: Option B is correct because it uses two separate ECS services, each with its own task definition, allowing independent scaling of the web server and worker. Placing the web server in a public subnet with an Application Load Balancer makes it internet-accessible, while the worker in a private subnet is isolated from direct internet traffic, meeting the security requirement.
Q5
mediumFull explanation →

A developer is using AWS CodeDeploy to deploy an application to an EC2 Auto Scaling group. The application must remain fully available; only one instance should be taken offline at a time. The developer wants to configure the deployment to update instances one by one, ensuring that the deployment fails fast if any instance fails to deploy. Which deployment configuration should the developer choose?

A

CodeDeployDefault.AllAtOnce

B

CodeDeployDefault.HalfAtATime

C

CodeDeployDefault.OneAtATime

This deploys to one instance at a time, minimizing impact and providing fast failure detection.

D

CodeDeployDefault.BlueGreen

Why: Option C, CodeDeployDefault.OneAtATime, is correct because it deploys the application to one instance at a time, ensuring that only one instance is taken offline during the deployment. This satisfies the requirement for the application to remain fully available. Additionally, this configuration fails fast: if any instance fails to deploy, the deployment stops immediately, preventing further instances from being updated.
Q6
mediumFull explanation →

A developer is deploying an application to Amazon ECS using AWS CodeDeploy with a blue/green deployment strategy. After the new task set is created, it fails health checks. The developer wants to immediately route traffic back to the original task set without waiting for CodeDeploy to complete the rollback process. Which action should the developer take?

A

Update the ECS service to set the desired count of the new task set to zero.

B

Use the CodeDeploy console to stop the deployment and then choose to reroute traffic.

Correct. CodeDeploy allows you to stop the deployment and reroute traffic to the original task set.

C

Delete the new task set.

D

Update the Application Load Balancer listener rule to forward traffic to the original target group.

Why: Option B is correct because CodeDeploy's blue/green deployments for ECS include a built-in 'Reroute traffic' option that allows you to immediately redirect traffic back to the original task set when a deployment fails health checks. This action bypasses the normal rollback process, which would wait for the deployment to complete or for the configured rollback triggers to fire, giving the developer instant control over traffic routing.

Want more Deployment practice?

Practice this domain
4

Domain 4: Troubleshooting and Optimization

All Troubleshooting and Optimization questions
Q1
hardFull explanation →

A developer deployed a new version of an AWS Lambda function that is part of a serverless application. The function uses an Amazon DynamoDB table as a data store. After deployment, the developer notices that the function's latency has increased significantly for some requests. CloudWatch traces show that the increase is due to DynamoDB throttle events. The function is configured with a reserved concurrency of 100 and the DynamoDB table has 5 read capacity units (RCUs) and 5 write capacity units (WCUs). What is the most effective way to reduce the throttling while maintaining application performance?

A

Decrease the reserved concurrency of the Lambda function to 10

B

Increase the read and write capacity units on the DynamoDB table

Increasing RCU and WCU directly increases the number of operations the table can handle, reducing throttling.

C

Enable DynamoDB Accelerator (DAX) for caching reads

D

Enable auto scaling on the DynamoDB table

Why: The primary cause of the throttling is insufficient DynamoDB capacity to handle the request volume from the Lambda function. Increasing the read and write capacity units (RCUs/WCUs) directly addresses the throttle events by providing more throughput to match the function's concurrency of 100. This is the most effective solution because it resolves the bottleneck at the data store level without reducing the application's ability to process requests concurrently.
Q2
hardFull explanation →

A developer is running an AWS Lambda function that is triggered by Amazon S3 events. The function writes processed data to an Amazon DynamoDB table. Over time, the function's execution time has increased significantly. CloudWatch Logs show many DynamoDBProvisionedThroughputExceededException errors. The table is configured with 5 read capacity units (RCUs) and 5 write capacity units (WCUs). The function performs both reads and writes. Which optimization will MOST effectively reduce throttling errors while maintaining performance?

A

Increase the RCUs and WCUs of the table to 50 each

B

Switch the DynamoDB table to on-demand capacity mode

On-demand mode automatically scales read and write capacity based on traffic. This eliminates throttling caused by insufficient provisioned capacity and requires no capacity planning.

C

Implement a DynamoDB Accelerator (DAX) cluster for caching reads

D

Increase Lambda function memory to 1024 MB

Why: The DynamoDBProvisionedThroughputExceededException errors indicate that the Lambda function is exceeding the provisioned write capacity of 5 WCUs. Switching to on-demand capacity mode eliminates the need to manage throughput, automatically scaling to handle the workload without throttling. This directly resolves the root cause—capacity exhaustion—without requiring manual adjustments or architectural changes.
Q3
hardFull explanation →

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). During peak hours, users report receiving HTTP 503 (Service Unavailable) errors. The developer checks Amazon CloudWatch metrics and finds that the ALB's request count is high but below the limit, and the target group's healthy host count drops to zero intermittently. The Auto Scaling group for the instances is configured with a minimum of 2, maximum of 10, and a simple scaling policy to add 2 instances when CPU utilization exceeds 70% for 5 consecutive minutes. What is the most likely cause of the 503 errors?

A

The Auto Scaling group's cooldown period prevents new instances from being added quickly enough during rapid traffic spikes

After a scaling activity, the cooldown period (300s by default) pauses further scaling, causing delays that can result in all instances becoming unhealthy and returning 503 errors.

B

The ALB's idle timeout is set too low, causing dropped connections

C

The Auto Scaling group's maximum capacity of 10 is insufficient

D

The health check grace period is preventing instances from being marked healthy

Why: The 503 errors occur because the simple scaling policy has a cooldown period (default 300 seconds) that prevents the Auto Scaling group from launching new instances during rapid traffic spikes. When CPU exceeds 70% for 5 minutes, the policy adds 2 instances, but the cooldown blocks further scaling actions until it expires, even if the newly launched instances are still initializing and the healthy host count drops to zero. This mismatch between traffic demand and scaling responsiveness causes the ALB to have no healthy targets, resulting in 503 errors.
Q4
hardFull explanation →

A developer is troubleshooting an AWS Lambda function that processes large CSV files (up to 1 GB) uploaded to an Amazon S3 bucket. The function uses Python and the pandas library to perform data transformations. Recently, the function started timing out on large files. CloudWatch Logs show that the function's execution time is close to the 15-minute Lambda timeout, and memory utilization peaks at around 80% of the configured 3,008 MB. The function has not been modified in months. Which action will most likely resolve the timeout issue without requiring code changes?

A

Increase the memory allocation of the Lambda function to the maximum available (10,240 MB)

More memory provides more CPU, speeding up the CPU-intensive pandas processing and reducing execution time below the timeout.

B

Increase the function timeout to the maximum allowed (900 seconds is already the max)

C

Use S3 Select to filter columns and rows before invoking the Lambda function

D

Increase the batch size of the S3 event notification to invoke the function with multiple files

Why: Increasing the memory allocation to the maximum (10,240 MB) proportionally increases the CPU and network throughput allocated to the Lambda function, which directly reduces execution time for CPU-bound pandas operations. Since memory utilization is only at 80% of the current 3,008 MB, the bottleneck is likely CPU, not memory, and Lambda's CPU scales linearly with memory configuration. This action resolves the timeout without any code changes.
Q5
mediumFull explanation →

A developer is troubleshooting an AWS Lambda function that processes records from an Amazon Kinesis Data Stream. The function is configured with a batch size of 100 and a parallelization factor of 1. The developer notices that the iterator age is increasing, indicating that the function is not keeping up with the stream. CloudWatch Logs show that the function is not experiencing errors or throttling, but the execution time per invocation is close to the 5-minute timeout. The stream has 10 shards. Which action will most likely increase processing throughput?

A

Increase the batch size to 500.

B

Increase the parallelization factor to 10.

C

Increase the Lambda function memory and CPU allocation.

Increasing memory increases CPU allocation proportionally, which can make each invocation faster. This reduces the per-batch processing time, allowing the function to keep up with the stream and decrease the iterator age.

D

Split the stream into more shards.

Why: Option C is correct because the function's execution time is already near the 5-minute timeout, indicating a CPU-bound or memory-bound operation. Increasing memory proportionally increases CPU allocation in Lambda, which directly reduces execution time per invocation, allowing each batch to be processed faster and thus increasing overall throughput without changing the batch size or shard count.
Q6
hardFull explanation →

A developer is troubleshooting an AWS Lambda function that is invoked from an Amazon S3 bucket via event notifications. The function processes images and stores metadata in Amazon DynamoDB. The developer notices that some images are being processed multiple times, resulting in duplicate entries in DynamoDB. The S3 event notification is configured to send events to the Lambda function with the 's3:ObjectCreated:*' event type. The function uses the 'uuid' library to generate a unique ID for each image upon processing. What is the most likely cause of the duplicate processing?

A

S3 event notifications are delivered at least once, and the Lambda function is not idempotent.

S3 can send the same event multiple times. Without idempotency checks (e.g., using the S3 object key as the DynamoDB primary key), each event creates a new item, causing duplicates.

B

The Lambda function's concurrency is set too high, causing race conditions.

C

The DynamoDB table does not have a primary key that prevents duplicates.

D

The S3 bucket is configured with versioning, causing multiple object creation events.

Why: Amazon S3 event notifications are delivered on an 'at least once' basis, meaning the same event can be sent to Lambda multiple times. If the Lambda function is not idempotent—i.e., processing the same event multiple times produces duplicate side effects—then duplicate DynamoDB entries will occur. The use of a 'uuid' library inside the function does not help because a new UUID is generated on each invocation, so the same image gets different IDs and is stored as a separate item each time.

Want more Troubleshooting and Optimization practice?

Practice this domain

Frequently asked questions

How many questions are on the DVA-C02 exam?

The DVA-C02 exam has 65 questions and must be completed in 130 minutes. The passing score is 720/1000.

What types of questions appear on the DVA-C02 exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are DVA-C02 questions organised by domain?

The exam covers 4 domains: Development with AWS Services, Security, Deployment, Troubleshooting and Optimization. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual DVA-C02 exam questions?

No. These are original exam-style practice questions written against the official Amazon Web Services DVA-C02 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 65 DVA-C02 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all DVA-C02 questionsTake a timed practice test