Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Development with AWS Services practice sets

DVA-C02 Development with AWS Services • Complete Question Bank

DVA-C02 Development with AWS Services — All Questions With Answers

Complete DVA-C02 Development with AWS Services question bank — all 0 questions with answers and detailed explanations.

518
Questions
Free
No signup
Certifications/DVA-C02/Practice Test/Development with AWS Services/All Questions
Question 1mediummultiple choice
Read the full Development with Services explanation →

A developer has an AWS Lambda function that processes messages from an Amazon SQS queue. The function is configured with a batch size of 10, reserved concurrency of 5, and a timeout of 5 minutes. The SQS queue has a large backlog, and CloudWatch metrics show high throttling (Throttles) for the Lambda function. The function is idempotent and can process up to 100 messages in a single invocation. What is the MOST effective way to increase throughput without increasing the reserved concurrency?

Question 2mediummultiple choice
Read the full Development with Services explanation →

A developer has an AWS Lambda function that processes messages from an Amazon SQS standard queue. The function is idempotent and currently has a batch size of 10. The developer wants to increase throughput and increases the batch size to 100. After the change, CloudWatch metrics show a significant increase in throttles and the queue backlog is growing. The function's reserved concurrency is set to 10. What is the most effective action to resolve the throttling and improve throughput?

Question 3hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS X-Ray to trace a serverless application. The application uses an AWS Lambda function to query a DynamoDB table. The trace shows that the DynamoDB subsegment takes a significant portion of the total response time. The developer wants to reduce the DynamoDB query latency. Which service should the developer integrate with the Lambda function to achieve the lowest latency for repeated read queries?

Question 4mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Step Functions to orchestrate multiple AWS Lambda functions. One of the Lambda functions occasionally fails due to a transient error. The developer wants the Step Functions execution to automatically retry the failed task up to three times with exponential backoff. Which configuration should the developer set in the Step Functions state machine definition?

Question 5mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that processes orders. An order is placed and an event is published to an Amazon SNS topic. The SNS topic has multiple subscribers, including an SQS queue for order processing and a Lambda function for sending notifications. The developer wants to ensure that the SQS queue receives all messages reliably, even if the processing Lambda function fails temporarily. Which configuration should the developer set?

Question 6hardmultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API receives a large number of requests with duplicate payloads from the same client within a short time window. To reduce Lambda invocations and improve performance, the developer wants to return the previously computed response for identical requests based on a unique client ID in the header. How can the developer achieve this using API Gateway features?

Question 7mediummultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API using Amazon API Gateway (HTTP API) and AWS Lambda. The API receives a large number of requests with duplicate payloads within a short time window. To improve performance and reduce costs, the developer wants to ensure that if the same request (based on a unique client ID) is sent within 5 minutes, the Lambda function is not invoked again, and the previously calculated response is returned. Which API Gateway feature should the developer use?

Question 8mediummultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API using Amazon API Gateway and AWS Lambda. The API needs to support custom domain names with SSL/TLS certificates. The developer has created the custom domain name in API Gateway and uploaded the certificate to AWS Certificate Manager (ACM) in the same region. However, when accessing the custom domain, users get an SSL error. What is the most likely cause?

Question 9mediummultiple choice
Read the full NAT/PAT explanation →

A developer is building a system that reads messages from an Amazon SQS queue, processes them, and stores results in an Amazon DynamoDB table. The developer wants to use a managed service to coordinate the processing steps, including error handling and retry logic, without provisioning any servers. Which AWS service should the developer use?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The API must support different HTTP methods (GET, POST, PUT, DELETE) for the same resource path. The developer wants to define the API in a single Lambda function that can handle all methods without additional mapping configuration. Which Lambda integration type should the developer use?

Question 11mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that processes user-submitted images. The images are uploaded to an S3 bucket, which triggers an AWS Lambda function that creates a thumbnail and stores it in another S3 bucket. The developer notices that sometimes the Lambda function is invoked multiple times for a single image upload. What should the developer configure to ensure idempotent processing?

Question 12mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that uses an Amazon SQS FIFO queue to process orders. The orders must be processed exactly once and in the order they are received. The developer uses an AWS Lambda function as the consumer. Despite using a FIFO queue, the developer notices that some orders are being processed more than once. What is the most likely cause of this behavior?

Question 13hardmultiple choice
Read the full Development with Services explanation →

A developer is building a multi-region application using Amazon DynamoDB global tables. The application needs to read data from a replica table in a different region shortly after a write in the primary region. The developer notices that reads sometimes return stale data. Which of the following explains this behavior?

Question 14hardmultiple choice
Read the full Development with Services explanation →

A developer is migrating a monolithic application to a microservices architecture on AWS. The application uses a relational database. The developer wants to use Amazon RDS for the database and needs to ensure that each microservice can only access its own set of tables. Which approach should the developer take?

Question 15mediummultiple choice
Read the full Development with Services explanation →

A developer is running a web application on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The application needs to store user session state that must be available across all instances. The session data is small and temporary but must survive individual instance failures. Which AWS service should the developer use to store this session state?

Question 16mediummultiple choice
Read the full Development with Services explanation →

A developer is building a web application that uses Amazon DynamoDB as the database. The application needs to store user session data and must support eventual consistency reads for most use cases, but strongly consistent reads for critical operations. The developer wants to minimize costs. Which read capacity unit (RCU) configuration should the developer use?

Question 17mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS SAM. The application includes an Amazon API Gateway endpoint with a Lambda function that processes user uploads. The developer wants to enable API caching in the development stage to speed up repeated requests, but disable caching in the production stage. What is the most efficient way to achieve this?

Question 18mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon DynamoDB. The application needs to store large JSON documents (up to 1 MB) and retrieve them by a primary key. The documents are updated frequently. Which DynamoDB feature should the developer consider to optimize performance and cost for storing and retrieving these large items?

Question 19mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Step Functions. The workflow must execute hundreds of thousands of short-lived tasks per day, each taking less than 30 seconds. The tasks need to run in parallel, and a small number of duplicate executions are acceptable. Which type of Step Functions workflow should the developer choose?

Question 20mediummultiple choice
Read the full Development with Services explanation →

A developer is using the AWS Serverless Application Model (SAM) to define a serverless application with an API Gateway endpoint. The developer wants to enable API caching only in the development stage to speed up testing, but disable it in the production stage to ensure data freshness. What is the most efficient way to achieve this with SAM?

Question 21mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS SAM that includes an API Gateway REST API and a Lambda function. The developer wants to pass environment variables to the Lambda function based on the deployment stage (dev/prod). The stage name is provided as a SAM parameter. How should the developer define this in the SAM template?

Question 22easymultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API that allows clients to query a database and retrieve results. The backend logic is implemented in AWS Lambda, which queries an Amazon DynamoDB table. The developer wants to expose the API over HTTPS and manage authentication and throttling. Which AWS service should the developer use to create and manage the API endpoints?

Question 23mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that uses Amazon S3 event notifications to trigger an AWS Lambda function for thumbnail generation. The developer wants to ensure that duplicate S3 events do not cause the same image to be processed multiple times. Which approach should the developer implement to ensure idempotent processing?

Question 24mediummultiple choice
Read the full Development with Services explanation →

A developer configures an AWS Lambda function to process image files uploaded to an S3 bucket. The bucket receives a mix of .jpg, .png, and .pdf files. To reduce costs, the developer wants the Lambda function to be invoked only for image files (.jpg and .png). How should the developer configure the S3 event notification?

Question 25easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that needs to store user session data. The data is small (a few KB per user) and must be accessible across multiple invocations of the same Lambda function and across different Lambda functions. The session data should persist for the duration of the user session (up to 1 hour). Which storage solution should the developer use?

Question 26mediummultiple choice
Read the full Development with Services explanation →

A developer wants to update an AWS CloudFormation stack that includes an Amazon SQS queue. The queue is currently processing messages. The developer needs to change the queue's default visibility timeout without losing any messages. Which approach should the developer take?

Question 27mediummultiple choice
Read the full Development with Services explanation →

A developer is implementing an e-commerce application where a purchase operation must deduct inventory and create an order atomically. The inventory and orders are stored in separate DynamoDB tables. Which DynamoDB feature should the developer use to execute these operations as a single, all-or-nothing transaction?

Question 28mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The API requires that the same Lambda function handle different HTTP methods (GET, POST, DELETE) for the same resource. The developer wants to minimize code and configuration. Which integration type should the developer use?

Question 29easymultiple choice
Read the full Development with Services explanation →

An application running on Amazon EC2 instances behind an Application Load Balancer (ALB) intermittently returns 503 errors. The ALB health checks are failing for some instances intermittently. The developer checks the instance system logs and finds no application errors. What is the most likely cause of the health check failures?

Question 30mediummultiple choice
Read the full Development with Services explanation →

A company is building a RESTful API using Amazon API Gateway and AWS Lambda. The API must allow users to authenticate using an identity provider that supports OpenID Connect (OIDC). The developer wants to offload authentication and authorization to API Gateway. Which API Gateway feature should the developer use?

Question 31mediummultiple choice
Read the full Development with Services explanation →

A developer is creating a REST API using Amazon API Gateway with Lambda proxy integration. The API needs to accept and return binary data such as images or PDF files. The developer has configured the API to use the Lambda proxy integration. What additional configuration is required to support binary data?

Question 32mediummultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway that will serve static content from an Amazon S3 bucket. The API should cache responses for frequently accessed objects to reduce latency. Which API Gateway feature should the developer enable?

Question 33mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS SAM. The application includes a Lambda function that needs read-only access to an S3 bucket. The developer wants to use SAM's built-in policy templates to grant this permission. Which policy template should be used in the SAM template?

Question 34mediummultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API must support request validation, request throttling, and API keys. Which API Gateway feature should the developer use to enforce a daily request limit for each API key?

Question 35mediummultiple choice
Read the full Development with Services explanation →

A developer is creating a REST API using Amazon API Gateway and multiple AWS Lambda functions for different endpoints. The API must support CORS for a web application hosted on a different domain. The developer is using Lambda proxy integration. Which configuration is required to enable CORS?

Question 36mediummultiple choice
Read the full Development with Services explanation →

A developer is building a microservices application composed of multiple AWS Lambda functions and an Amazon API Gateway. The developer needs to trace requests as they travel through different services to identify performance bottlenecks. Which AWS service should the developer integrate?

Question 37mediummultiple choice
Read the full Development with Services explanation →

An independent software vendor (ISV) is building a serverless application that processes incoming HTTP requests. The incoming requests must be validated against an OpenAPI schema before being passed to the Lambda function. Which AWS service should the ISV use to perform this validation?

Question 38easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless web application using AWS Lambda and Amazon DynamoDB. The application needs to perform complex aggregations on data stored in DynamoDB. Which AWS service should the developer use to perform these aggregations efficiently without reading all the data into Lambda?

Question 39easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless API using Amazon API Gateway and AWS Lambda. The API accepts JSON payloads in the request body. The developer wants to ensure that incoming requests have a valid structure before being passed to the Lambda function to reduce unnecessary invocations. Which API Gateway feature should the developer use?

Question 40easymultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API using Amazon API Gateway. The API experiences high traffic spikes, and many requests are for the same data (e.g., a product catalog). The developer wants to reduce the load on the backend Lambda functions and improve response times for repeated requests. Which feature should the developer enable?

Question 41mediummultiple choice
Read the full NAT/PAT explanation →

A developer is building an application that needs to store session state data for a web application running on multiple EC2 instances behind an ALB. The data is ephemeral and should not persist if an instance is terminated. Which storage option should the developer use?

Question 42mediummultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and wants to transform the request data before sending it to the backend Lambda function. The transformation includes mapping query string parameters to a JSON body. Which API Gateway feature should be used?

Question 43mediummultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API using Amazon API Gateway and Lambda. The API should support CORS for a specific origin (https://example.com) and allow only GET and POST methods. Which configuration in the OPTIONS method response will satisfy these requirements?

Question 44mediummultiple choice
Read the full Development with Services explanation →

A company wants to build a RESTful API that handles file uploads. The API needs to support multipart/form-data content type. The developer is using Amazon API Gateway and AWS Lambda. Which approach should the developer use to handle file uploads efficiently?

Question 45easymultiple choice
Read the full Development with Services explanation →

A developer is building a web application that requires user authentication. The application will run on Amazon EC2 instances behind an Application Load Balancer. The developer wants to offload authentication to a managed service that supports social login providers. Which AWS service should the developer use?

Question 46mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon API Gateway with a Lambda authorizer to control access to an API. The authorizer function needs to decode a JWT token from the request header and return an IAM policy. Which type of Lambda authorizer should be used?

Question 47easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that needs to process messages from an Amazon SQS queue and store the results in an Amazon DynamoDB table. Which AWS service should the developer use to orchestrate the processing logic without managing servers?

Question 48mediummultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and wants to validate the incoming request body against a JSON schema before passing the request to the backend Lambda function. Which API Gateway feature should the developer use?

Question 49easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless REST API using Amazon API Gateway and AWS Lambda. The API will be consumed by a web application hosted on a different domain. The developer needs to enable Cross-Origin Resource Sharing (CORS) for all HTTP methods. What is the most efficient way to achieve this?

Question 50easymultiple choice
Read the full Development with Services explanation →

A developer has an Amazon S3 bucket containing private user documents. The application must generate a time-limited URL for users to download their own documents without requiring the users to have AWS credentials. Which solution should the developer use?

Question 51easymultiple choice
Read the full Development with Services explanation →

A developer is building a microservices application that processes event messages from multiple sources. The application requires at-least-once delivery, but message ordering is not important. Which Amazon SQS queue type should the developer use?

Question 52easymultiple choice
Read the full Development with Services explanation →

A developer is building an AWS Lambda function that needs to retrieve a database password securely. The password is stored in AWS Secrets Manager and is rotated every 30 days. The function must minimize the number of API calls to Secrets Manager. Which approach should the developer use?

Question 53easymultiple choice
Read the full Development with Services explanation →

A developer configures an AWS Lambda function to process image files uploaded to an S3 bucket. The bucket receives a mix of .jpg, .png, and .pdf files. The developer wants to invoke the Lambda function only for image files to reduce costs. Which configuration should the developer use?

Question 54easymultiple choice
Read the full Development with Services explanation →

A developer is designing a REST API using Amazon API Gateway that experiences high traffic with many repeated requests for the same data. The developer wants to reduce backend load and improve response times. Which feature should the developer enable on the API Gateway method?

Question 55easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless REST API using Amazon API Gateway and AWS Lambda. The API should return JSON responses to client requests. The developer is using the Lambda proxy integration. What is the simplest way to return a JSON response from the Lambda function?

Question 56easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon DynamoDB. The application needs to store and retrieve session data. The session data has a TTL of 30 minutes. Which DynamoDB feature should the developer use to automatically delete expired items?

Question 57easymultiple choice
Read the full Development with Services explanation →

A developer is creating a new DynamoDB table to store order data. The orders have a unique order ID and are retrieved by order ID. Occasionally, the developer needs to query orders by customer ID. Which design approach would minimize costs and provide the fastest queries?

Question 58easymultiple choice
Read the full Development with Services explanation →

A developer is writing an AWS Lambda function that processes files uploaded to an S3 bucket. The function should only be triggered when a new object is created in a specific subfolder (e.g., /uploads/). Which S3 event notification configuration should the developer use?

Question 59easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that uses Amazon DynamoDB. The application needs to retrieve an item by its primary key frequently. Which DynamoDB API call should the developer use to achieve the lowest latency?

Question 60easymultiple choice
Read the full Development with Services explanation →

A developer is storing application configuration data in DynamoDB. The data is frequently accessed by partition key, and items are small (less than 1KB). The read traffic is consistent and predictable. Which read capacity mode is most cost-effective for this workload?

Question 61easymultiple choice
Read the full Development with Services explanation →

A developer is building a RESTful API using AWS Lambda and Amazon API Gateway. The API needs to support HTTP methods GET, POST, and DELETE. The developer wants to minimize code and operational overhead. Which API Gateway integration type should the developer use?

Question 62mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS AppSync to build a GraphQL API. The API needs to allow clients to receive real-time updates when data changes in a DynamoDB table. Which AppSync feature should the developer use?

Question 63easymultiple choice
Read the full NAT/PAT explanation →

A developer wants to store session state data for a web application running on multiple EC2 instances behind an Application Load Balancer. The data is ephemeral and should not persist if an instance is terminated. Which storage option should the developer use?

Question 64easymultiple choice
Read the full Development with Services explanation →

A developer is creating an AWS Lambda function that needs to access files from an Amazon EFS file system. The Lambda function must be configured to access the VPC. Which of the following is required to allow the Lambda function to mount the EFS file system?

Question 65easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda that needs to connect to an Amazon RDS MySQL database. The function will be deployed in a VPC. Which resource should the developer use to ensure secure and efficient database connections?

Question 66easymultiple choice
Read the full Development with Services explanation →

A developer is creating an API with Amazon API Gateway that needs to accept binary data (e.g., images) and store them directly in an S3 bucket. The developer wants to minimize backend complexity. Which integration type should be used?

Question 67easymultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API needs to support a custom domain name and an SSL/TLS certificate. Which AWS service should the developer use to manage the SSL/TLS certificate?

Question 68easymultiple choice
Read the full Development with Services explanation →

A developer is building a microservice that needs to invoke another AWS Lambda function and wait for the result to continue processing. Which Lambda invocation type must the developer use to achieve synchronous invocation?

Question 69easymultiple choice
Read the full Development with Services explanation →

A developer is writing a Lambda function that processes images uploaded to an S3 bucket. The function needs to extract metadata from the image. Which S3 feature can be used to automatically trigger the Lambda function?

Question 70easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda. The function needs to access an S3 bucket to read a configuration file. What is the best way to provide the Lambda function with the bucket name?

Question 71easymultiple choice
Read the full Development with Services explanation →

A developer is creating an AWS Lambda function to process events from an Amazon SQS queue. The function must process each message exactly once and in order. Which SQS queue type should the developer use?

Question 72hardmulti select
Read the full Development with Services explanation →

A Lambda function processes messages from an SQS standard queue and writes results to DynamoDB. Duplicate writes occasionally occur after retries. Which two changes best make the processing idempotent?

Question 73mediummultiple choice
Read the full Development with Services explanation →

An API Gateway REST API invokes Lambda synchronously. Clients receive 502 responses after a deployment, but Lambda logs show a successful business operation. What is the most likely issue?

Question 74hardmultiple choice
Read the full NAT/PAT explanation →

A Step Functions workflow calls three independent Lambda functions and should continue only after all results are available. Which state pattern should be used?

Question 75mediummultiple choice
Read the full Development with Services explanation →

A developer needs an S3 upload workflow where clients upload large files directly to S3 without exposing AWS credentials through the browser. What should the backend generate?

Question 76hardmultiple choice
Read the full Development with Services explanation →

A DynamoDB table uses partition key customerId. One enterprise customer generates most traffic and is throttled while the table has unused capacity elsewhere. What design change best addresses the hot partition?

Question 77mediummultiple choice
Read the full Development with Services explanation →

A Lambda function receives events from EventBridge. The developer wants failed invocations to be retried and then stored for later analysis if retries are exhausted. Which configuration should be used?

Question 78hardmultiple choice
Read the full Development with Services explanation →

A service publishes order events to SNS. Several consumers need different filtered subsets of events without changing publisher code. What should the developer configure?

Question 79mediummultiple choice
Read the full Development with Services explanation →

A Lambda function must retrieve feature flags at runtime with low latency and controlled rollout. Which AWS service is most appropriate?

Question 80hardmultiple choice
Read the full Development with Services explanation →

A developer uses the AWS SDK to list thousands of DynamoDB items from a query. Only the first page is processed. What should be implemented?

Question 81mediummulti select
Read the full Development with Services explanation →

A Kinesis consumer Lambda shows increasing IteratorAge. Which two changes may improve throughput when processing is CPU-bound?

Question 82hardmultiple choice
Read the full Development with Services explanation →

A developer wants exactly-once processing semantics for commands submitted to a queue where duplicate command IDs must be rejected within five minutes. Which SQS feature is most directly relevant?

Question 83mediummultiple choice
Read the full Development with Services explanation →

A Lambda function must share reusable validation code across several functions without packaging the same library into every deployment artifact. What should be used?

Question 84hardmultiple choice
Read the full Development with Services explanation →

An application uses DynamoDB Streams to trigger downstream processing. The processor must receive both old and new item images after updates. Which stream view type should be configured?

Question 85mediummultiple choice
Read the full Development with Services explanation →

A REST API requires request validation before invoking Lambda to reduce unnecessary function executions for malformed payloads. Where should validation be configured?

Question 86hardmultiple choice
Read the full Development with Services explanation →

A developer wants a Lambda function to process SQS messages in batches but avoid losing the whole batch when only one record fails. Which feature should be enabled?

Question 87mediummultiple choice
Read the full Development with Services explanation →

A service needs loosely coupled asynchronous communication where one producer sends events to many different AWS service targets using rules. Which service fits best?

Question 88hardmultiple choice
Read the full Development with Services explanation →

A Lambda function connects to an RDS database and causes too many database connections during traffic spikes. Which service should be introduced?

Question 89mediummultiple choice
Read the full Development with Services explanation →

A developer must locally test a SAM-based Lambda function with an API event before deployment. Which tool command family is designed for this?

Question 90hardmultiple choice
Read the full Development with Services explanation →

An application stores session data in DynamoDB and must expire sessions automatically after a timestamp. Which feature should be used?

Question 91mediummultiple choice
Read the full Development with Services explanation →

A Lambda function needs temporary scratch space larger than the default while processing images. Which setting should be adjusted?

Question 92hardmulti select
Read the full Development with Services explanation →

A Lambda function writes order records to DynamoDB after receiving API Gateway requests. Which two practices improve reliability during client retries?

Question 93mediummulti select
Read the full Development with Services explanation →

A developer is implementing S3 multipart upload for large files. Which two actions are required to complete the upload?

Question 94hardmulti select
Review the full routing breakdown →

An event-driven application uses EventBridge rules to route partner events. Which two design choices improve maintainability?

Question 95mediummulti select
Read the full Development with Services explanation →

A DynamoDB query must support lookup by email address as well as by user ID. Which two changes may be required?

Question 96hardmulti select
Read the full Development with Services explanation →

A Lambda function processes a batch of SQS messages. Which two configurations reduce duplicate or failed-message impact?

Question 97mediumdrag order
Read the full Development with Services explanation →

Drag and drop the steps to configure an S3 bucket for static website hosting in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6
Question 98mediumdrag order
Read the full Development with Services explanation →

Drag and drop the steps to create a Lambda function that processes S3 events in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 99mediumdrag order
Read the full Development with Services explanation →

Drag and drop the steps to encrypt an EBS volume using AWS KMS in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 100mediummatching
Read the full Development with Services explanation →

Match each AWS service to its primary use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Object storage

NoSQL database

Serverless compute

RESTful API creation

Message queuing

Question 101mediummatching
Read the full Development with Services explanation →

Match each AWS security feature to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Temporary permissions for services

Stateful firewall for EC2

Web application firewall

DDoS protection

SSL/TLS certificate management

Question 102mediummatching
Read the full Development with Services explanation →

Match each AWS service to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Pub/sub messaging

Queue-based messaging

Real-time streaming data

Event bus service

Managed message broker

Question 103easymultiple choice
Read the full Development with Services explanation →

A developer needs to store session state for a stateless web application running on EC2 instances behind an Application Load Balancer. Which AWS service should the developer use to ensure session data is not lost if an instance fails?

Question 104mediummultiple choice
Read the full Development with Services explanation →

A developer is designing a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. The application experiences occasional throttling on the Lambda function during peak traffic. The developer needs to reduce the number of throttling errors without changing the Lambda function code. Which solution should the developer implement?

Question 105hardmultiple choice
Read the full NAT/PAT explanation →

A company has a monolithic application running on an EC2 instance that needs to be migrated to a microservices architecture on AWS. The development team wants to use AWS services to handle service discovery, configuration management, and secrets management. Which combination of AWS services should the team use?

Question 106easymultiple choice
Read the full Development with Services explanation →

A developer is building a data processing pipeline that uses AWS Lambda to process files uploaded to an S3 bucket. The S3 bucket receives thousands of files per second, and the developer wants to minimize processing latency. Which approach should the developer use to trigger the Lambda function?

Question 107mediummultiple choice
Read the full Development with Services explanation →

A developer is troubleshooting an AWS Lambda function that occasionally fails with a timeout error. The function makes HTTP requests to external APIs. The function's current timeout setting is 30 seconds. The developer wants to implement a solution that reduces the chance of timeouts without increasing the Lambda timeout. Which approach should the developer take?

Question 108hardmultiple choice
Read the full Development with Services explanation →

A company is deploying a containerized application on Amazon ECS with Fargate launch type. The application needs to store sensitive configuration data such as database passwords. The developer must ensure that the secrets are encrypted at rest and in transit, and that they are rotated automatically. Which solution should the developer use?

Question 109easymultiple choice
Read the full Development with Services explanation →

A developer wants to share an Amazon Machine Image (AMI) from one AWS account to another. The AMI is backed by Amazon EBS snapshots. What must the developer do to ensure the target account can launch an EC2 instance from the AMI?

Question 110mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon S3 to store application logs. The logs are generated every hour and must be retained for 90 days. After 90 days, the logs should be deleted automatically. Which S3 lifecycle policy should the developer configure?

Question 111mediummultiple choice
Read the full Development with Services explanation →

A developer is debugging an AWS Lambda function that processes messages from an Amazon SQS queue. The function is failing with an error when processing certain messages. The developer wants to isolate the failed messages for later analysis without losing them. What should the developer do?

Question 112easymulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to store and retrieve application configuration data? (Choose two.)

Question 113mediummulti select
Read the full Development with Services explanation →

Which THREE actions can be performed using AWS Lambda and Amazon S3 event notifications? (Choose three.)

Question 114hardmulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to send messages between microservices in a decoupled manner? (Choose two.)

Question 115hardmultiple choice
Read the full Development with Services explanation →

An IAM policy attached to an IAM user. What is the effect of this policy on the user's ability to delete objects in the bucket my-bucket?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    }
  ]
}
```
Question 116mediummultiple choice
Read the full Development with Services explanation →

An IAM policy attached to an AWS Lambda function's execution role. What actions can this Lambda function perform?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
    },
    {
      "Effect": "Allow",
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-east-1:123456789012:my-queue"
    }
  ]
}
```
Question 117easymultiple choice
Read the full Development with Services explanation →

A developer runs the AWS CLI command to invoke a Lambda function synchronously. What does the output indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key": "value"}' response.jsonRefer to the exhibit.```"StatusCode": 200,"ExecutedVersion": "$LATEST"$ cat response.json
Question 118easymultiple choice
Read the full Development with Services explanation →

A developer wants to store application logs in Amazon S3 with automatic transition to Glacier after 30 days and deletion after 365 days. Which S3 feature should be used?

Question 119mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS Lambda with an Amazon RDS MySQL database. The Lambda function frequently times out when connecting to the database. What is the MOST likely cause?

Question 120hardmultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The developer wants to enable caching for API responses to reduce latency and cost. Which step is REQUIRED to enable caching?

Question 121easymultiple choice
Read the full Development with Services explanation →

A company uses AWS CodeCommit and wants to automatically trigger a build in AWS CodePipeline when code is pushed to the master branch. Which action should be taken?

Question 122mediummultiple choice
Read the full Development with Services explanation →

A developer needs to securely store database credentials for a Lambda function that accesses an Amazon RDS instance. The credentials must be automatically rotated every 30 days. Which AWS service should be used?

Question 123hardmultiple choice
Read the full NAT/PAT explanation →

A developer is deploying a microservice using Amazon ECS with Fargate. The service needs to scale based on CPU utilization. Which combination of actions is required? (Select TWO)

Question 124mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS Elastic Beanstalk to deploy a web application. The application needs to store session state. Which configuration is MOST cost-effective and scalable?

Question 125hardmultiple choice
Read the full Development with Services explanation →

A developer is building a real-time chat application using Amazon API Gateway WebSockets and AWS Lambda. The developer notices that messages are sometimes delivered out of order. What should the developer do to ensure ordered message delivery?

Question 126mediummulti select
Read the full Development with Services explanation →

Which TWO actions should a developer take to improve the security of an AWS Lambda function that processes sensitive data?

Question 127hardmulti select
Read the full Development with Services explanation →

A developer is designing a serverless application that uses Amazon DynamoDB as the data store. The application must handle sudden spikes in read traffic without throttling. Which THREE actions should the developer take?

Question 128easymulti select
Read the full Development with Services explanation →

Which TWO of the following are valid use cases for Amazon S3 event notifications?

Question 129easymultiple choice
Read the full Development with Services explanation →

The exhibit shows the output of a command. What does this output indicate about the bucket?

Network Topology
aws s3api get-bucket-versioningbucket my-bucketRefer to the exhibit."Status": "Enabled","MFADelete": "Disabled"
Question 130mediummultiple choice
Read the full Development with Services explanation →

The exhibit shows an IAM policy attached to a user. The user reports being unable to upload files to S3 bucket 'my-bucket'. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
Question 131hardmultiple choice
Read the full Development with Services explanation →

A developer is running a Lambda function that uses the 'requests' library. The error shown in the exhibit occurs when invoking the function. Which step should the developer take to fix this?

Exhibit

Refer to the exhibit.

Error: Runtime.ImportModuleError: Unable to import module 'lambda_function': No module named 'requests'
Question 132mediummultiple choice
Read the full Development with Services explanation →

A developer runs the query shown in the exhibit on a DynamoDB table named 'Orders' and gets an error. What is the MOST likely cause?

Network Topology
aws dynamodb querytable-name Orderskey-condition-expression "OrderID = :id"Refer to the exhibit.
Question 133mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda functions that process events from Amazon SQS. The developer notices that some messages are being processed multiple times. What is the MOST likely cause of this issue?

Question 134hardmultiple choice
Read the full Development with Services explanation →

A company runs a critical web application on Amazon EC2 instances behind an Application Load Balancer. The application needs to authenticate users via an external OpenID Connect (OIDC) identity provider. The company wants to offload authentication to the load balancer and use IAM roles to access AWS resources. Which solution should the developer implement?

Question 135easymultiple choice
Study the full Python automation breakdown →

A developer is writing an AWS Lambda function in Python that needs to download a file from Amazon S3, process it, and upload the result to a different S3 bucket. The function currently runs within the default 3-second timeout, but the developer expects the file size to increase. What is the MOST cost-effective way to handle the increase in processing time?

Question 136mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying an application using AWS Elastic Beanstalk. The application reads and writes data to an Amazon RDS database. The developer wants to ensure that database credentials are not stored in the application code or configuration files. What should the developer do?

Question 137hardmultiple choice
Read the full Development with Services explanation →

A developer is building a real-time chat application using Amazon API Gateway WebSocket APIs and AWS Lambda. The application needs to send messages to connected clients. The developer notices that the 'connectionId' changes every time a client reconnects. How should the developer store the mapping between user identity and connectionId?

Question 138easymultiple choice
Read the full Development with Services explanation →

A developer is creating a CloudFormation template to deploy an Amazon S3 bucket. The developer wants the bucket to be deleted automatically when the CloudFormation stack is deleted. What should the developer specify in the template?

Question 139mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon API Gateway to expose a REST API. The API needs to validate request parameters and payload before invoking the backend Lambda function. What is the MOST efficient way to perform this validation?

Question 140hardmultiple choice
Read the full Development with Services explanation →

A developer is building a data processing pipeline that uses Amazon Kinesis Data Streams. The developer wants to ensure that records are processed in order within each shard. The consumer application runs on Amazon EC2 instances in an Auto Scaling group. What should the developer do to maintain ordering?

Question 141easymultiple choice
Read the full Development with Services explanation →

A developer is writing code to upload an object to an Amazon S3 bucket. The object is 200 MB in size. Which AWS SDK method should the developer use to perform this upload?

Question 142mediummulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda functions that need to access an Amazon RDS database. Which of the following are best practices for managing database credentials? (Choose TWO.)

Question 143hardmulti select
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate its deployment pipeline. The pipeline has a source stage that pulls code from Amazon S3, a build stage using AWS CodeBuild, and a deploy stage using AWS CodeDeploy. The developer wants to add a manual approval step before deployment to production. Which of the following are correct steps to implement this? (Choose THREE.)

Question 144easymulti select
Read the full Development with Services explanation →

A developer is troubleshooting an AWS Lambda function that is timing out. The function is configured with a 3-second timeout. Which of the following could cause the function to timeout? (Choose THREE.)

Question 145easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda. The function needs to access a DynamoDB table and write logs to Amazon CloudWatch. What is the minimum set of IAM permissions the Lambda execution role must have?

Question 146mediummultiple choice
Read the full Development with Services explanation →

A company runs a microservices architecture on Amazon ECS with Fargate. The application experiences intermittent high latency. The operations team wants to trace requests across services and identify bottlenecks. Which AWS service should be used?

Question 147hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying a Node.js application on AWS Lambda. The function uses the 'axios' library to call an external API. After deployment, the function times out after 3 seconds. The external API response time is normally under 500 ms. What should the developer do to resolve this issue?

Question 148easymultiple choice
Read the full Development with Services explanation →

A developer wants to store application configuration securely and retrieve it programmatically from EC2 instances. The configuration includes database passwords and API keys. Which AWS service should be used?

Question 149mediummultiple choice
Read the full Development with Services explanation →

A company uses Amazon API Gateway with a Lambda authorizer to secure its APIs. The authorizer must verify a JWT token from a third-party identity provider. The team notices that the authorizer is called on every API request, causing additional latency. How can the team reduce the number of authorizer invocations?

Question 150hardmultiple choice
Read the full Development with Services explanation →

A developer is optimizing an S3 bucket for static website hosting. The site has a main page (index.html) and an error page (error.html). Users report seeing a generic 403 error instead of the error page when accessing a missing object. What is the likely cause?

Question 151easymultiple choice
Read the full Development with Services explanation →

A developer needs to deploy a containerized application on AWS. The application requires persistent storage for stateful data. Which AWS compute service should the developer choose?

Question 152mediummultiple choice
Read the full Development with Services explanation →

A company uses AWS CodeBuild to run unit tests. The buildspec.yml file is stored in the source repository. The build fails intermittently with 'command not found' for a tool that is installed in the build environment. What should the developer do to ensure the tool is available?

Question 153hardmultiple choice
Read the full Development with Services explanation →

A developer is designing a serverless application that processes images uploaded to an S3 bucket. Each image must be resized and then stored in a different S3 bucket. The process must be asynchronous and fault-tolerant. Which AWS service should trigger the Lambda function?

Question 154easymulti select
Read the full Development with Services explanation →

A developer is using Amazon DynamoDB for a gaming leaderboard. The table has a sort key of 'score' (Number). The developer wants to retrieve the top 10 players. Which TWO operations can achieve this? (Choose TWO.)

Question 155mediummulti select
Read the full Development with Services explanation →

A developer is deploying a web application using AWS Elastic Beanstalk. The application needs to store session state. Which THREE services can be used for session state storage? (Choose THREE.)

Question 156hardmulti select
Read the full Development with Services explanation →

A developer is using Amazon S3 to store sensitive data. The compliance team requires that all objects be encrypted at rest using server-side encryption with a customer-managed key (SSE-KMS). Which THREE steps must the developer take to enforce this requirement? (Choose THREE.)

Question 157easymultiple choice
Read the full Development with Services explanation →

A developer runs the command above. The output.txt file is empty. What could be the reason?

Network Topology
aws lambda invokefunction-name my-functionpayload '{"key1":"value1"}' output.txtRefer to the exhibit.```"StatusCode": 200,"ExecutedVersion": "$LATEST"
Question 158mediummultiple choice
Read the full Development with Services explanation →

A developer attaches this IAM policy to a user. The user tries to upload an object to example-bucket without specifying encryption. What will happen?

Exhibit

Refer to the exhibit.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::example-bucket/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        }
    ]
}
```
Question 159hardmultiple choice
Read the full Development with Services explanation →

A developer deploys this CloudFormation template. The Lambda function fails to access the DynamoDB table 'MyTable'. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
Resources:
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: my-bucket
        S3Key: my-function.zip
      Handler: index.handler
      Role: arn:aws:iam::123456789012:role/lambda-role
      Runtime: nodejs18.x
      Environment:
        Variables:
          TABLE_NAME: MyTable
```
Question 160easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda. The function needs to access a private S3 bucket in the same AWS account. What is the BEST way to grant the Lambda function access to the bucket?

Question 161mediummultiple choice
Read the full Development with Services explanation →

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores session state in an S3 bucket. Users report that after logging in, they are sometimes redirected to the login page again on subsequent requests. What is the MOST likely cause?

Question 162hardmultiple choice
Read the full Development with Services explanation →

A company is using Amazon API Gateway to expose a set of RESTful APIs. Each API call is processed by an AWS Lambda function. The company wants to enforce throttling limits to prevent abuse. Specifically, the company wants to allow 100 requests per second per API key. What is the SIMPLEST way to achieve this?

Question 163easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to automate a build and deploy process. The pipeline has a build stage that uses AWS CodeBuild and a deploy stage that uses AWS CodeDeploy. The build stage produces a build artifact that is stored in Amazon S3. The deploy stage fails with 'NoSuchKey' error. What is the MOST likely cause?

Question 164mediummultiple choice
Read the full Development with Services explanation →

A company is developing a microservices architecture using Amazon ECS with Fargate launch type. Each microservice needs to store sensitive configuration data such as database passwords. The company wants to avoid storing secrets in the application code or environment variables. What is the MOST secure and recommended approach?

Question 165hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS Lambda with Amazon API Gateway to build a REST API. The Lambda function is written in Node.js and uses the 'aws-sdk' to interact with DynamoDB. When the function is invoked, it consistently takes more than 10 seconds to complete, causing API Gateway to timeout (default timeout is 29 seconds). The developer wants to reduce latency. What should the developer do FIRST?

Question 166easymultiple choice
Read the full Development with Services explanation →

A company is using AWS CloudFormation to deploy infrastructure. The developer wants to update a stack and needs to know what changes will be made before executing the update. Which AWS CLI command should the developer use?

Question 167mediummultiple choice
Review the full subnetting walkthrough →

A developer is deploying an application on Amazon ECS using the Fargate launch type. The application needs to communicate with a DynamoDB table. The developer creates a VPC with private subnets and configures the ECS service to use those subnets. However, the tasks cannot reach DynamoDB. What is the MOST likely cause?

Question 168hardmultiple choice
Read the full Development with Services explanation →

A company is using AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The developer wants to identify the specific error on a failed instance. Which AWS CLI command should the developer use?

Question 169easymulti select
Read the full Development with Services explanation →

A developer is designing a serverless application using AWS Lambda. The function needs to process messages from an Amazon SQS queue. The developer wants to configure the Lambda function to be triggered by the SQS queue. Which TWO actions are required? (Choose TWO.)

Question 170mediummulti select
Read the full Development with Services explanation →

A company is using Amazon API Gateway to expose a REST API. The API is integrated with an AWS Lambda function. The developer wants to implement caching to improve performance. Which THREE steps are necessary to enable caching for a specific stage? (Choose THREE.)

Question 171hardmulti select
Read the full Development with Services explanation →

A developer is building a CI/CD pipeline using AWS CodePipeline. The pipeline has a source stage from Amazon S3, a build stage using AWS CodeBuild, and a deploy stage using AWS CodeDeploy. The developer wants to ensure that a manual approval step is required before deploying to production. Which THREE components must be configured? (Choose THREE.)

Question 172easymultiple choice
Read the full Development with Services explanation →

The above CLI output shows the versioning status of an S3 bucket. A developer wants to enable MFA Delete on the bucket. What should the developer do?

Network Topology
$ aws s3api get-bucket-versioningbucket my-bucketRefer to the exhibit.```"Status": "Enabled","MFADelete": "Disabled"
Question 173mediummultiple choice
Read the full Development with Services explanation →

The above IAM policy is attached to an IAM role used by a Lambda function. The function tries to scan the table 'MyTable' but receives an AccessDenied error. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

```json
{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"
        }
    ]
}
```
Question 174hardmultiple choice
Read the full Development with Services explanation →

The above command invokes a Lambda function. The response includes 'FunctionError': 'Handled'. What does this indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key": "value"}' response.jsonRefer to the exhibit.```"StatusCode": 200,"FunctionError": "Handled","LogResult": "U1RBUlQgUmVxdWVzdElkOiA1ZTc4...","ExecutedVersion": "$LATEST"
Question 175easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS Lambda to process messages from an Amazon SQS queue. The function needs to access an Amazon DynamoDB table. What is the MOST secure way to grant the Lambda function access to DynamoDB?

Question 176mediummultiple choice
Read the full Development with Services explanation →

A development team is using AWS CodeBuild to compile and test their code. They want to store build artifacts in an Amazon S3 bucket. The buildspec.yml file includes an artifacts section. Which configuration correctly specifies the output artifacts?

Question 177hardmultiple choice
Read the full Development with Services explanation →

A company has a microservices architecture running on Amazon ECS with Fargate. Each service exposes an API through an Application Load Balancer (ALB). The development team needs to implement canary deployments for one of the services. What is the MOST efficient way to achieve this?

Question 178mediummulti select
Read the full Development with Services explanation →

A developer is troubleshooting a Lambda function that times out when processing large files from Amazon S3. The function is configured with a 3-minute timeout and 128 MB memory. Which TWO actions would MOST likely resolve the issue? (Choose TWO.)

Question 179hardmulti select
Read the full Development with Services explanation →

A company is using AWS CloudFormation to deploy a web application. The template creates an Auto Scaling group, an Application Load Balancer, and a security group. The developer wants to ensure that the stack update fails if the new Auto Scaling group instances fail health checks. Which THREE steps should the developer take? (Choose THREE.)

Question 180easymulti select
Read the full Development with Services explanation →

A developer is using Amazon API Gateway to expose a Lambda function as a REST API. The API should only be accessible from a specific VPC. Which TWO steps are required to achieve this? (Choose TWO.)

Question 181mediummultiple choice
Read the full Development with Services explanation →

The IAM policy above is attached to a user. The user tries to decrypt a KMS key with encryption context {"department": "finance"}. What will happen?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "kms:Decrypt",
      "Resource": "arn:aws:kms:us-east-1:123456789012:key/abc123",
      "Condition": {
        "StringEquals": {
          "kms:EncryptionContext:department": "finance"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "kms:Decrypt",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "kms:EncryptionContext:department": "finance"
        }
      }
    }
  ]
}
Question 182easymultiple choice
Read the full Development with Services explanation →

An S3 bucket has versioning enabled with MFA Delete. A developer tries to permanently delete a specific version of an object using the AWS CLI without providing MFA. What is the result?

Network Topology
$ aws s3api get-bucket-versioningbucket my-bucketRefer to the exhibit."Status": "Enabled","MFADelete": "Enabled"
Question 183hardmultiple choice
Read the full Development with Services explanation →

A developer creates the CloudFormation stack with the template above. After the stack is created, messages that are not processed after 5 receives are moved to the DLQ. However, the developer notices that the RedrivePolicy references a queue ARN that is hardcoded. What is the best practice to avoid this hardcoded ARN?

Exhibit

Refer to the exhibit.

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "MyQueue": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "QueueName": "my-queue",
        "RedrivePolicy": {
          "deadLetterTargetArn": "arn:aws:sqs:us-east-1:123456789012:my-dlq",
          "maxReceiveCount": 5
        }
      }
    },
    "MyDLQ": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "QueueName": "my-dlq"
      }
    }
  }
}
Question 184mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS Elastic Beanstalk to deploy a web application. The application writes logs to the local file system. The developer wants to ensure that logs are automatically rotated and retained for 30 days. What should the developer do?

Question 185hardmultiple choice
Review the full subnetting walkthrough →

A company is using AWS CodePipeline to automate their CI/CD pipeline. The pipeline includes a stage that runs a set of integration tests using AWS CodeBuild. The tests require access to a database running on a private subnet in a VPC. The CodeBuild project is configured to use a managed compute image. How can the CodeBuild project access the database?

Question 186easymulti select
Read the full Development with Services explanation →

A developer is using Amazon DynamoDB as a data store for a serverless application. The application requires strongly consistent reads and must be able to recover from failures. Which THREE measures should the developer implement? (Choose THREE.)

Question 187mediummulti select
Read the full Development with Services explanation →

A company is using Amazon S3 to store sensitive documents. They must encrypt all objects at rest. Which TWO methods can be used to enforce server-side encryption? (Choose TWO.)

Question 188easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS Lambda to process events from an Amazon Kinesis stream. The function has been failing with 'ProvisionedThroughputExceededException' errors when writing to a DynamoDB table. What should the developer do to resolve this issue?

Question 189hardmultiple choice
Read the full Development with Services explanation →

A company is using AWS Step Functions to orchestrate a workflow that processes orders. The workflow includes a task that calls a Lambda function to validate the order. If the validation fails, the workflow should wait for manual approval before proceeding. What is the MOST efficient way to implement this manual approval step?

Question 190easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda. The application needs to process messages from an Amazon SQS queue and store results in an Amazon DynamoDB table. Which AWS service should the developer use to trigger the Lambda function when new messages arrive in the SQS queue?

Question 191mediummultiple choice
Read the full NAT/PAT explanation →

A developer is deploying a new version of an AWS Lambda function. The function uses an environment variable for a database password. The developer wants to securely store the password and automatically rotate it. Which combination of AWS services should the developer use?

Question 192hardmultiple choice
Read the full Development with Services explanation →

A company has a production AWS Lambda function that processes critical financial transactions. The function's code is stored in an S3 bucket. A developer accidentally deletes the S3 bucket, causing the function to fail. The developer wants to prevent this in the future by ensuring that the Lambda function can always be updated and deployed even if the original S3 bucket is deleted. What should the developer do?

Question 193mediummulti select
Read the full Development with Services explanation →

A developer is designing a microservices architecture using Amazon ECS with Fargate. The application needs to store and retrieve user session data. Which TWO AWS services can be used to store session state?

Question 194hardmulti select
Read the full Development with Services explanation →

A developer is building an API using Amazon API Gateway and AWS Lambda. The API must authenticate users using a third-party OAuth 2.0 provider. Which THREE components are required to implement this authentication?

Question 195easymulti select
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to automate the deployment of a web application. The pipeline has a source stage that pulls code from an Amazon S3 bucket. Which TWO actions can the developer take to automatically trigger the pipeline when new code is uploaded to the S3 bucket?

Question 196mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy is attached to an IAM user. The user tries to upload an object to the S3 bucket 'example-bucket' from an IP address 198.51.100.5. What will happen?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    }
  ]
}
Question 197hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer runs the AWS CLI command to invoke a Lambda function. The command succeeds, but the function returns an error. The developer wants to see the error message and logs from the function execution. What should the developer add to the command?

Network Topology
function-name my-functionaws lambda invokepayload '{"key1": "value1"}' response.json
Question 198mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy statement is attached to an AWS Lambda function's execution role. The function needs to invoke another Lambda function named 'my-function'. However, the invocation fails with an access denied error. What is the most likely cause?

Exhibit

{
  "Effect": "Allow",
  "Action": "lambda:InvokeFunction",
  "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
}
Question 199easymultiple choice
Read the full Development with Services explanation →

A developer wants to deploy a containerized application to Amazon ECS using Fargate. The application requires persistent storage that can be shared across multiple containers in the same task. Which storage option should the developer use?

Question 200hardmultiple choice
Read the full Development with Services explanation →

A company runs a critical application on AWS Lambda that processes real-time data from Kinesis Data Streams. The function is idempotent, but occasionally duplicate records are processed due to retries. The company wants to ensure exactly-once processing. Which approach should the developer implement?

Question 201easymultiple choice
Read the full Development with Services explanation →

A developer is using Amazon API Gateway to create a REST API. The API must support CORS (Cross-Origin Resource Sharing) to allow requests from a web application hosted on a different domain. What must the developer do to enable CORS?

Question 202mediummulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon DynamoDB. The application experiences occasional throttling on DynamoDB writes. The developer wants to implement a retry mechanism with exponential backoff. Which THREE steps should the developer take?

Question 203mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer invokes an AWS Lambda function and receives this error. The function is configured with a 3-second timeout. The developer needs to process data that sometimes takes up to 10 seconds. What should the developer do?

Exhibit

Error: Function 'my-function' timed out after 3 seconds
Question 204hardmultiple choice
Read the full Development with Services explanation →

A company uses AWS CodeBuild to build and test code. The buildspec.yml includes a pre-build phase that downloads dependencies from a private repository. The developer wants to securely store the credentials for the private repository. Which AWS service should the developer use to store these credentials and reference them in the buildspec?

Question 205mediummultiple choice
Read the full Development with Services explanation →

A company is building a serverless application using AWS Lambda and Amazon DynamoDB. The Lambda function processes user uploads from Amazon S3 and stores metadata in DynamoDB. The function is experiencing high latency during peak hours. Which action would MOST improve the performance without increasing the function timeout?

Question 206easymultiple choice
Read the full Development with Services explanation →

A developer needs to store temporary session data for a web application running on Amazon EC2 behind an Application Load Balancer. The data must be accessible across multiple EC2 instances. Which AWS service should the developer use?

Question 207hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to deploy a microservices application to Amazon ECS using the 'Rolling update' deployment type. The pipeline includes a source stage (CodeCommit), build stage (CodeBuild), and deploy stage (CodeDeploy to ECS). After a recent commit, the build stage succeeds, but the deploy stage fails with 'The service has reached the maximum number of running tasks.' What is the MOST likely cause?

Question 208mediummultiple choice
Read the full Development with Services explanation →

A company runs a containerized web application on Amazon ECS using Fargate. The application needs to store files in Amazon S3. The developer wants to follow the principle of least privilege for the ECS task IAM role. Which IAM policy should be attached to the task role?

Question 209easymultiple choice
Read the full Development with Services explanation →

A developer is writing an AWS Lambda function that processes messages from an Amazon SQS queue. The function should process each message at least once, but duplicates are acceptable. The function is triggered by a Lambda event source mapping. If the function returns an error, what happens to the message?

Question 210hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS Step Functions to orchestrate a workflow that includes a Lambda function for data transformation. The Lambda function occasionally times out after 15 seconds. The Step Function execution fails with a 'States.Timeout' error. The developer wants to retry the Lambda task up to 3 times with exponential backoff. Which configuration should the developer add to the state definition in the Amazon States Language (ASL)?

Question 211mediummultiple choice
Read the full Development with Services explanation →

A company uses Amazon API Gateway to expose a REST API. The API uses a Lambda authorizer to validate JWT tokens. Recently, the API has been returning 401 Unauthorized errors for valid tokens. The developer notices that the tokens are signed with a new key but the authorizer still uses the old key. What is the MOST efficient way to update the authorizer with the new key?

Question 212easymultiple choice
Read the full Development with Services explanation →

A developer needs to send large files (up to 5 GB) from a web application to Amazon S3. The application runs on EC2 instances. Which approach is MOST efficient and reliable?

Question 213hardmultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that processes images uploaded to an S3 bucket. The bucket triggers a Lambda function that creates a thumbnail and stores it in another S3 bucket. The developer notices that the Lambda function is invoked multiple times for the same object, causing duplicate thumbnails. What is the MOST likely cause?

Question 214mediummulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to decouple components of a microservices architecture?

Question 215hardmulti select
Read the full Development with Services explanation →

Which THREE actions can a developer take to improve the cold start latency of an AWS Lambda function?

Question 216mediummulti select
Read the full Development with Services explanation →

Which TWO IAM policy conditions can be used to enforce multi-factor authentication (MFA) for API calls?

Question 217mediummultiple choice
Read the full Development with Services explanation →

A company is building a serverless application using AWS Lambda and Amazon API Gateway. The application needs to process user uploads to an S3 bucket. The Lambda function should be invoked only when new objects are created in the bucket. Which service should be used to trigger the Lambda function?

Question 218easymultiple choice
Read the full Development with Services explanation →

A developer needs to store configuration parameters securely for a Lambda function. The parameters include database credentials and API keys. Which AWS service should be used?

Question 219hardmultiple choice
Read the full Development with Services explanation →

A developer notices that an AWS Lambda function is timing out after 15 seconds. The function makes HTTP requests to an external API. How can the developer resolve this issue without changing the function code?

Question 220mediummultiple choice
Read the full Development with Services explanation →

A company is using Amazon API Gateway to expose a REST API. The API must authenticate requests using an external OAuth 2.0 provider. Which API Gateway feature should be used?

Question 221easymultiple choice
Read the full Development with Services explanation →

A developer is building an application that needs to send email notifications to users. Which AWS service is designed for sending transactional emails?

Question 222hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodeBuild to build a Java application. The build fails with 'OutOfMemoryError: Java heap space'. How can the developer fix this without changing the source code?

Question 223mediummultiple choice
Read the full Development with Services explanation →

A company is deploying a microservices architecture on Amazon ECS. Each service needs to store secrets such as database passwords. Which service should be used to securely inject these secrets into containers?

Question 224easymultiple choice
Read the full Development with Services explanation →

A developer wants to debug an AWS Lambda function by viewing real-time logs. Which AWS service should the developer use?

Question 225mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon DynamoDB as the data store for a web application. The application experiences frequent throttling errors. Which action can reduce throttling without changing the application code?

Question 226mediummulti select
Read the full Development with Services explanation →

A developer is designing a serverless application that uses AWS Lambda and Amazon DynamoDB. The application needs to handle high traffic spikes without data loss. Which TWO actions should the developer take?

Question 227hardmulti select
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate its CI/CD pipeline. The pipeline has a source stage that pulls code from an Amazon S3 bucket. Which THREE steps should the developer take to ensure that only approved changes are deployed to production?

Question 228easymulti select
Read the full Development with Services explanation →

A developer needs to monitor the performance of an Amazon RDS for MySQL database. Which TWO metrics should the developer monitor to detect a potential CPU bottleneck?

Question 229hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy is attached to an IAM user. The user tries to upload an object to s3://my-bucket/confidential/report.pdf. What is the outcome?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-bucket/confidential/*"
    }
  ]
}
Question 230mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer ran the AWS CLI command to invoke a Lambda function. The response indicates an error. What should the developer do to see the error details?

Network Topology
aws lambda invokefunction-name my-functionpayload '{"key": "value"}' output.txtRefer to the exhibit."StatusCode": 200,"FunctionError": "Unhandled","LogResult": "U1RBUlQgUmVxdWVzdElkOiA4ZDk4M2Y2MC1mNTU4LTExZTgtYjE4Zi05YjI5M2I5ZjFhNTMgVmVyc2lvbjogJExBVEVTVAo=..."
Question 231easymultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer created this CloudFormation template for an S3 bucket. What is the expected behavior?

Exhibit

Refer to the exhibit.

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ExpireOldVersions
            Status: Enabled
            NoncurrentVersionExpirationInDays: 30
Question 232mediummultiple choice
Read the full Development with Services explanation →

A company has a Lambda function that processes records from an SQS queue. The function is failing intermittently with timeout errors. The processing time per record varies, but the SQS queue has a visibility timeout of 30 seconds. The Lambda function has a timeout of 1 minute. What is the MOST likely cause of the timeout errors?

Question 233easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon DynamoDB. The Lambda function needs to read and write items to a DynamoDB table. What is the BEST way to securely provide the Lambda function with the necessary AWS credentials?

Question 234hardmultiple choice
Read the full Development with Services explanation →

A company is using AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed to deploy.' The CodeDeploy agent logs show that the BeforeInstall lifecycle event script returned a non-zero exit code. What is the MOST likely cause of this issue?

Question 235mediummultiple choice
Read the full Development with Services explanation →

A developer is writing a Lambda function that processes events from an Amazon S3 bucket. The function needs to access a DynamoDB table to store metadata about the S3 objects. Which of the following is the MOST efficient way to initialize the DynamoDB client in the Lambda function?

Question 236easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration data, such as database connection strings and API keys, for a microservices application running on Amazon ECS. The configuration must be encrypted at rest and easily auditable. Which AWS service should the developer use?

Question 237hardmultiple choice
Read the full Development with Services explanation →

A company runs a stateful web application on EC2 instances behind an Application Load Balancer. The application uses WebSockets for real-time communication. The company wants to use AWS CodeDeploy to deploy updates with minimal downtime. Which deployment configuration should the developer use?

Question 238mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon API Gateway to expose a Lambda function as a REST API. The Lambda function queries an Amazon RDS database. Under heavy load, the database connection pool is exhausted, causing errors. What is the BEST way to manage database connections in this serverless architecture?

Question 239easymultiple choice
Read the full Development with Services explanation →

A developer is building a CI/CD pipeline using AWS CodePipeline. The source stage is an Amazon S3 bucket. The developer wants to automatically start the pipeline when a new file is uploaded to the S3 bucket. What should the developer do?

Question 240hardmultiple choice
Read the full Development with Services explanation →

A developer is designing a serverless application that processes user-uploaded images. The images are uploaded to an S3 bucket, which triggers a Lambda function to create a thumbnail and store metadata in DynamoDB. The thumbnail creation is CPU-intensive and can take up to 10 seconds. The developer wants to minimize costs and ensure that the thumbnail is created as soon as possible. Which approach should the developer choose?

Question 241mediummulti select
Read the full Development with Services explanation →

A developer is configuring an Amazon S3 bucket for static website hosting. The website includes JavaScript that makes AJAX calls to an API Gateway endpoint. Which TWO actions should the developer take to allow cross-origin requests?

Question 242hardmulti select
Read the full Development with Services explanation →

A company uses AWS CloudFormation to deploy infrastructure. A developer needs to update a stack that includes an RDS DB instance. The update requires modifying the DB instance's DB engine version. Which THREE strategies can the developer use to minimize downtime during the update?

Question 243easymulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda. The Lambda function needs to access a VPC to connect to an RDS database. Which TWO resources must the developer configure to allow the Lambda function to access the VPC?

Question 244mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process images uploaded to an S3 bucket. The Lambda function needs to resize the image and store the result in another S3 bucket. The developer notices that the Lambda function fails intermittently with timeout errors for large images. What is the MOST efficient solution to resolve this issue?

Question 245hardmultiple choice
Read the full Development with Services explanation →

A company runs a containerized application on Amazon ECS using Fargate launch type. The application needs to read and write files to a shared file system across multiple tasks. The development team wants a solution that provides high throughput and is POSIX-compliant. Which storage solution should the team use?

Question 246easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration data (key-value pairs) that can be accessed by multiple microservices running on EC2 instances. The configuration data changes infrequently but must be retrievable with low latency. Which AWS service should the developer use?

Question 247mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying an application using AWS CodeDeploy with an in-place deployment configuration. The application runs on an EC2 instance behind an Application Load Balancer. The deployment fails because the health check fails after the new version is installed. What should the developer do to prevent the deployment from failing due to health checks?

Question 248hardmultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda to process messages from an Amazon SQS queue. The Lambda function is configured with a reserved concurrency of 10. The SQS queue receives a burst of 1000 messages. The Lambda function processes each message in about 5 seconds. What is the most likely behavior of the system?

Question 249easymultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API should allow users to retrieve data from an Amazon DynamoDB table. The developer wants to minimize latency for frequently accessed data. What should the developer do?

Question 250mediummultiple choice
Read the full Development with Services explanation →

A company is running a monolithic application on an EC2 instance. The application currently stores session state in local memory on the instance. The company plans to scale the application horizontally by adding more instances behind a load balancer. What change is required to ensure that session state is preserved across requests?

Question 251hardmultiple choice
Read the full Development with Services explanation →

A developer is creating an AWS Lambda function that processes events from an Amazon S3 bucket. The function writes logs to Amazon CloudWatch Logs. The developer wants to ensure that the Lambda function has the minimum required permissions. Which IAM policy should be attached to the Lambda execution role?

Question 252easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application and wants to invoke an AWS Lambda function every hour to perform a cleanup task. Which AWS service should the developer use to schedule the invocation?

Question 253mediummulti select
Read the full Development with Services explanation →

A developer is designing a system that requires processing of streaming data from IoT devices in real time. The processed data will be stored in an S3 bucket for analytics. Which AWS services should the developer use together to build this solution? (Choose TWO.)

Question 254hardmulti select
Read the full Development with Services explanation →

A company has a web application running on Amazon ECS with Fargate launch type. The application needs to store and retrieve user session data. The sessions are small and require very low latency access. The development team wants a fully managed solution. Which storage options meet these requirements? (Choose TWO.)

Question 255mediummulti select
Read the full Development with Services explanation →

A developer is deploying a serverless application using the AWS Serverless Application Model (SAM). The application consists of an API Gateway, Lambda functions, and a DynamoDB table. The developer wants to define and deploy this infrastructure as code. Which files and tools are required? (Choose THREE.)

Question 256mediummultiple choice
Read the full Development with Services explanation →

A developer is troubleshooting an issue where an IAM user is unable to upload a file to an S3 bucket that uses server-side encryption with AWS KMS (SSE-KMS). The IAM policy shown in the exhibit is attached to the user. What is the likely cause of the failure?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "arn:aws:kms:us-east-1:123456789012:key/abc123"
    }
  ]
}
Question 257hardmultiple choice
Read the full Development with Services explanation →

A developer is investigating why an AWS Lambda function is not writing logs to CloudWatch Logs. The function has been invoked multiple times, but the log group shows 0 stored bytes. What is the most likely cause?

Network Topology
$ aws logs describe-log-groupslog-group-name-prefix /aws/lambda/my-functionRefer to the exhibit."logGroups": ["logGroupName": "/aws/lambda/my-function","creationTime": 1620000000000,"metricFilterCount": 0,"arn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-function:*","storedBytes": 0
Question 258easymultiple choice
Read the full Development with Services explanation →

A developer is setting up an S3 bucket to trigger an AWS Lambda function when a new object is created. After configuring the event notification, the Lambda function is not invoked. The developer checks the Lambda resource-based policy, which is shown in the exhibit. What is the issue?

Exhibit

Refer to the exhibit.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "FunctionName": "arn:aws:lambda:us-east-1:123456789012:function:my-function",
      "Principal": "s3.amazonaws.com"
    }
  ]
}
Question 259mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda functions to process events from Amazon S3. The functions are writing logs to CloudWatch Logs. Recently, they noticed that some logs are missing and the functions are experiencing throttling errors. What is the MOST likely cause?

Question 260hardmultiple choice
Read the full NAT/PAT explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The API has a REST endpoint that triggers a Lambda function to write data to an Amazon DynamoDB table. Under high traffic, some requests are failing with 5xx errors. The developer notices that the Lambda function's duration is spiking. Which combination of actions should the developer take to improve performance and reduce errors?

Question 261easymultiple choice
Read the full Development with Services explanation →

A developer wants to deploy a containerized application on AWS. The application requires persistent storage that can be accessed by multiple containers running on different EC2 instances. Which AWS service should the developer use?

Question 262mediummultiple choice
Read the full Development with Services explanation →

A company has an AWS Lambda function that processes messages from an Amazon SQS queue. The function is triggered by the SQS queue. Recently, the function started failing due to timeout errors when processing large messages. The function's timeout is set to the maximum of 15 minutes. What should a developer do to resolve this issue?

Question 263hardmultiple choice
Read the full Development with Services explanation →

A developer is building a real-time chat application using WebSocket APIs in Amazon API Gateway. The backend is an AWS Lambda function that stores connection IDs in an Amazon DynamoDB table. After a few days, the application stops working for new users. The developer checks CloudWatch Logs and sees that the Lambda function is returning 'AccessDeniedException' when calling DynamoDB. What is the MOST likely cause?

Question 264easymultiple choice
Read the full Development with Services explanation →

A developer is creating a CI/CD pipeline for a serverless application using AWS CodePipeline. The application consists of an AWS Lambda function, an Amazon API Gateway REST API, and an Amazon DynamoDB table. Which action should the developer take to automate the deployment of the API Gateway updates?

Question 265mediummultiple choice
Read the full Development with Services explanation →

A company is using Amazon S3 to store sensitive documents. The security team requires that all data be encrypted at rest using AWS KMS with a Customer Managed Key (CMK). The developer enabled default encryption on the S3 bucket with the CMK. However, some PUT requests are failing with 'Access Denied'. What is the MOST likely cause?

Question 266hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS X-Ray to trace requests through a microservices application. The application consists of several AWS Lambda functions that call each other and Amazon DynamoDB. The developer notices that some traces are incomplete and missing segments for downstream calls. What is the MOST likely cause?

Question 267easymultiple choice
Read the full Development with Services explanation →

A developer is writing a script to programmatically create an Amazon EC2 instance. The script will run on an EC2 instance that already has an IAM role attached. Which AWS SDK method should the developer use to securely obtain temporary credentials for the script?

Question 268mediummulti select
Read the full Development with Services explanation →

A developer is designing a highly available application using Amazon SQS and AWS Lambda. Which TWO strategies should the developer implement to ensure that messages are processed at least once? (Choose TWO.)

Question 269hardmulti select
Read the full Development with Services explanation →

A company is running a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses Amazon ElastiCache for session state. Recently, users are experiencing intermittent session timeouts and slow page loads. The developer suspects the issue is related to the ElastiCache cluster. Which THREE actions should the developer take to troubleshoot and resolve the issue? (Choose THREE.)

Question 270mediummulti select
Read the full Development with Services explanation →

A developer is using AWS Lambda to process files uploaded to an S3 bucket. The Lambda function is triggered by S3 events. The developer notices that the function sometimes processes the same file multiple times. Which TWO steps should the developer take to make the processing idempotent? (Choose TWO.)

Question 271hardmulti select
Read the full Development with Services explanation →

A developer is deploying a serverless application using the AWS Serverless Application Model (SAM). The application includes an API Gateway REST API and a Lambda function. The developer wants to enable access logging for the API Gateway. Which THREE resources or configurations are required? (Choose THREE.)

Question 272hardmultiple choice
Read the full NAT/PAT explanation →

A company runs a data processing pipeline using AWS Step Functions. The pipeline starts with a task that reads a CSV file from Amazon S3 and then fans out to multiple parallel Lambda functions for data transformation. The final step aggregates the results and writes to an Amazon DynamoDB table. Recently, the pipeline has been failing intermittently with 'StateMachineExecutionLimitExceeded' errors. The development team has already increased the execution history limit to the maximum. The pipeline runs about 500 executions per day. Meanwhile, the operations team reports that some executions are timing out after 5 minutes, even though each Lambda function completes within 30 seconds. The Step Function definition uses a Map state with a max concurrency of 20. The developer needs to fix both issues. Which combination of actions should the developer take? (Choose the BEST option.)

Question 273mediummultiple choice
Read the full Development with Services explanation →

A developer is building a mobile backend using Amazon API Gateway and AWS Lambda. The API has a single endpoint that accepts POST requests with a JSON payload and stores the data in an Amazon DynamoDB table. The developer wants to implement caching to reduce latency and costs. The data is user-specific and should not be shared between users. The developer configures API Gateway caching with a TTL of 300 seconds. After testing, the developer notices that users are seeing other users' data. What should the developer do to fix this issue?

Question 274mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda functions behind an Amazon API Gateway REST API. Users report intermittent 503 errors. The Lambda function code appears correct. Which action is MOST likely to resolve the issue?

Question 275easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon DynamoDB. The Lambda function reads from a DynamoDB table. The function fails with a timeout error when processing large items. What is the MOST efficient solution?

Question 276hardmultiple choice
Read the full Development with Services explanation →

A developer attached the above IAM policy to an IAM user. The user reports being denied access to objects in the S3 bucket 'my-bucket' from an IP address in the 10.0.0.0/24 range. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/24"
        }
      }
    }
  ]
}
Question 277mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a web application on AWS Elastic Beanstalk. The application requires a fixed IP address for outbound traffic to a third-party API. What is the MOST cost-effective solution?

Question 278easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration data that can be read by multiple EC2 instances. The data is less than 1 KB and changes frequently. Which AWS service is BEST suited for this?

Question 279hardmultiple choice
Read the full Development with Services explanation →

A developer runs the above AWS CLI command to invoke a Lambda function. The response shows StatusCode 200 but FunctionError is 'Unhandled'. What does this indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key1":"value1"}' output.txtRefer to the exhibit."StatusCode": 200,"FunctionError": "Unhandled","LogResult": "U1RBUlQgUmVxdWVzdElkOiA4ZDli..."
Question 280mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon SQS to decouple microservices. The consumer service processes messages from the queue. To reduce processing time, the developer wants to receive multiple messages in a single API call. What is the maximum number of messages that can be received at once?

Question 281easymultiple choice
Read the full Development with Services explanation →

A developer needs to store a small amount of session state data (less than 1 MB) for a web application running on EC2. The data must be shared across multiple instances. Which solution is MOST cost-effective?

Question 282hardmultiple choice
Read the full Development with Services explanation →

A company has a Lambda function that writes to an S3 bucket. The IAM role used by the function has an inline policy allowing s3:PutObject on the bucket. However, writes fail with an access denied error. What is the MOST likely cause?

Question 283mediummulti select
Read the full Development with Services explanation →

A developer is designing a system that ingests high-volume data from IoT devices. The data must be processed in near real-time and then stored in Amazon S3 for analytics. Which TWO AWS services should the developer use together to meet these requirements? (Choose TWO.)

Question 284hardmulti select
Read the full Development with Services explanation →

A developer is creating a CI/CD pipeline for a serverless application using AWS CodePipeline. The application includes Lambda functions and an API Gateway REST API. The pipeline should automatically deploy changes when code is pushed to a Git repository. Which THREE actions are required to set this up? (Choose THREE.)

Question 285mediummulti select
Read the full Development with Services explanation →

A company is running a web application on EC2 instances behind an Application Load Balancer. The application experiences high latency during peak hours. A developer needs to improve performance. Which TWO actions should the developer take? (Choose TWO.)

Question 286hardmulti select
Read the full Development with Services explanation →

A developer is using AWS Secrets Manager to rotate database credentials. The rotation Lambda function fails with an error. Which THREE steps should the developer take to troubleshoot? (Choose THREE.)

Question 287hardmultiple choice
Read the full NAT/PAT explanation →

A company has a production application running on AWS Lambda that processes real-time streaming data from Amazon Kinesis Data Streams. The Lambda function is configured with a batch size of 100 and a maximum concurrency of 5. Recently, the application has been experiencing failures with a high number of invocation errors. The errors indicate that the function is timing out. The developer checks the CloudWatch metrics and notices that the IteratorAge metric for the Kinesis stream is increasing rapidly, and there are many Throttles events for the Lambda function. The average execution duration of the function is 30 seconds, and the function timeout is set to 1 minute. The Kinesis stream has 10 shards. The company expects the data volume to double in the next month. Which combination of actions should the developer take to resolve the issue and prepare for future growth?

Question 288mediummultiple choice
Review the full subnetting walkthrough →

A developer is deploying a web application using AWS Elastic Beanstalk. The application uses an Amazon RDS MySQL database. The developer wants to ensure that database credentials are not stored in the application code or environment variables. The solution must automatically rotate credentials every 90 days. The developer has created a secret in AWS Secrets Manager containing the database credentials. The Elastic Beanstalk environment is configured with an IAM instance profile that has permission to read the secret. However, when the application is deployed, it fails to connect to the database. The developer checks the application logs and sees a 'Host not found' error. The RDS instance is in a private subnet, and the Elastic Beanstalk environment is in the same VPC. What is the MOST likely cause of the connection failure?

Question 289mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda to process messages from an Amazon SQS queue. The Lambda function sometimes fails to process a message due to a transient error. The company wants to automatically retry failed messages up to 3 times, with a 5-minute delay between retries. What should the company configure?

Question 290hardmultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway REST API. The API Gateway is configured to use a Lambda proxy integration. The developer wants to return a custom error message with a specific HTTP status code (e.g., 404) when a resource is not found. How should the developer implement this?

Question 291mediummulti select
Read the full Development with Services explanation →

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The application writes to the database using the primary endpoint. The company wants to improve read performance and offload read traffic from the primary instance. Which TWO actions should the company take? (Choose TWO.)

Question 292mediummulti select
Read the full Development with Services explanation →

A developer is deploying an application on Amazon ECS using Fargate. The application needs to securely access an Amazon RDS database. The developer wants to avoid hardcoding database credentials in the application code. Which THREE actions should the developer take to meet these requirements? (Choose THREE.)

Question 293hardmulti select
Read the full Development with Services explanation →

A company is running a containerized application on Amazon ECS with Fargate. The application needs to process messages from an Amazon SQS queue. The developer must ensure that the application can scale out based on the queue depth. Which THREE steps should the developer take to implement this? (Choose THREE.)

Question 294mediummultiple choice
Read the full Development with Services explanation →

A company is building a serverless application using AWS Lambda. The application processes messages from an Amazon SQS queue. The Lambda function is idempotent and handles duplicate messages correctly. The company needs to ensure that messages are processed in the order they were sent. Which solution should the company use?

Question 295easymulti select
Read the full Development with Services explanation →

A developer needs to implement a serverless API using Amazon API Gateway and AWS Lambda. The API should support CORS (Cross-Origin Resource Sharing) to allow requests from a web application hosted on a different domain. Which TWO configurations are required? (Choose TWO.)

Question 296easymulti select
Read the full Development with Services explanation →

A company is using Amazon S3 to store sensitive data. The security team requires that all data be encrypted at rest. The developer must implement a solution that uses server-side encryption with AWS KMS managed keys (SSE-KMS). Which TWO steps are required to meet this requirement? (Choose TWO.)

Question 297easymultiple choice
Study the full Python automation breakdown →

A developer is writing an AWS Lambda function that needs to read a secret from AWS Secrets Manager. The function is written in Python. What is the BEST practice for retrieving the secret?

Question 298hardmulti select
Read the full Development with Services explanation →

A developer is building a real-time chat application using Amazon API Gateway WebSocket APIs and AWS Lambda. The application needs to send messages to all connected clients. Which THREE actions are required to implement this functionality? (Choose THREE.)

Question 299hardmultiple choice
Read the full Development with Services explanation →

A company uses Amazon API Gateway with a Lambda authorizer to control access to its APIs. The Lambda authorizer returns an IAM policy that grants access to the API. Recently, the company noticed that some API calls are being throttled due to high latency from the authorizer. What is the MOST effective way to reduce latency?

Question 300easymultiple choice
Read the full Development with Services explanation →

An IAM policy is attached to an IAM user. The user attempts to upload an object to s3://my-bucket/confidential/report.pdf from an IP address 192.168.1.100. What will happen?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-bucket/confidential/*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    }
  ]
}
Question 301mediummultiple choice
Read the full NAT/PAT explanation →

A developer is deploying a web application using AWS Elastic Beanstalk. The application needs to store session state. The developer wants to ensure that session data is not lost if an EC2 instance is terminated. Which solution should the developer implement?

Question 302hardmultiple choice
Read the full Development with Services explanation →

A company runs a microservices application on Amazon ECS with Fargate. The application consists of three services: frontend, orders, and payments. The frontend service is behind an Application Load Balancer (ALB). The orders service processes requests from frontend and sends messages to the payments service via an Amazon SQS queue. The payments service polls the queue. Recently, during peak hours, the orders service experiences high latency and the SQS queue depth increases significantly. The monitoring shows that the payments service is not keeping up. The company wants to scale the payments service based on the queue depth. The developer has configured an ECS Service Auto Scaling target tracking policy using the SQS queue's ApproximateNumberOfMessagesVisible metric. However, the payments service is not scaling up as expected. What is the most likely cause?

Question 303easymultiple choice
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate its CI/CD pipeline. The pipeline has a source stage that uses Amazon S3. The developer updates a file in the S3 bucket, but the pipeline does not start automatically. What is the MOST likely cause?

Question 304mediummultiple choice
Read the full Development with Services explanation →

A developer is building an application that processes user-uploaded images. The application uses Amazon S3 to store the images and AWS Lambda to generate thumbnails. When a user uploads an image to an S3 bucket, an S3 event notification triggers a Lambda function. The Lambda function processes the image and saves the thumbnail to another S3 bucket. The developer notices that sometimes the Lambda function is not triggered after an upload. The developer checks the Lambda function's CloudWatch logs and sees no invocation records for those uploads. The S3 bucket event notification configuration appears correct. What is the most likely cause of this issue?

Question 305hardmultiple choice
Read the full Development with Services explanation →

A company is running a containerized application on Amazon ECS with Fargate launch type. The application needs to access an Amazon S3 bucket. The company wants to follow the principle of least privilege. How should the developer provide the necessary permissions?

Question 306mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon DynamoDB as the data store for a serverless application. The application experiences high read traffic, and the developer wants to reduce latency. The data is not frequently updated. Which DynamoDB feature should the developer use?

Question 307easymultiple choice
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate the deployment of a web application. The pipeline has three stages: Source (Amazon S3), Build (AWS CodeBuild), and Deploy (AWS CodeDeploy). The application is deployed to an Auto Scaling group of EC2 instances. Recently, a deployment failed because the CodeDeploy agent on one of the instances was not running. The developer wants to ensure that the CodeDeploy agent is always running on all instances. What is the MOST efficient solution?

Question 308easymultiple choice
Read the full Development with Services explanation →

A developer is creating an AWS Lambda function that processes files uploaded to an S3 bucket. The developer wants to invoke the Lambda function automatically when a new file is uploaded. Which approach should the developer use?

Question 309hardmultiple choice
Read the full Development with Services explanation →

A developer is working on a serverless application that uses Amazon DynamoDB as the database. The application reads and writes data to a DynamoDB table named 'Orders'. The table has a partition key 'OrderID' and a sort key 'OrderDate'. The application experiences high read latency during peak hours. The developer checks the CloudWatch metrics and notices high ReadThrottleEvents for the table. The table's read capacity is set to on-demand mode. The developer also notices that the application performs many queries that scan the entire table to find orders by customer ID, which is not a key attribute. What should the developer do to reduce read throttling?

Question 310hardmultiple choice
Read the full Development with Services explanation →

A company is using AWS CloudFormation to deploy infrastructure. The developer wants to create a custom resource that runs a Lambda function during stack creation and update. What must the developer do to ensure the custom resource works correctly?

Question 311mediummultiple choice
Read the full Development with Services explanation →

A company has a legacy application that generates log files on an EC2 instance. The developer needs to stream these log files to Amazon CloudWatch Logs in real time. The developer installed the CloudWatch agent on the EC2 instance and configured it to monitor the log files. However, the logs are not appearing in CloudWatch Logs. The developer checks the agent status and sees that the agent is running. What is the most likely cause of this issue?

Question 312mediummulti select
Read the full Development with Services explanation →

A developer is implementing a solution to store application logs from multiple EC2 instances. The logs must be stored in a centralized location for analysis. Which services can the developer use to achieve this? (Choose TWO.)

Question 313mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS Lambda to process records from an Amazon Kinesis Data Stream. The Lambda function is invoked with a batch of records. The function processes each record and then returns a response. The developer notices that some records are being processed multiple times. The function's execution time is within the Lambda timeout. The Kinesis stream has 10 shards. The developer wants to ensure that each record is processed exactly once. What should the developer do?

Question 314hardmulti select
Read the full Development with Services explanation →

A developer is designing a serverless application that processes streaming data from IoT devices. The application must be able to handle data from millions of devices and store the data in a durable, scalable data store. Which AWS services should the developer use? (Choose THREE.)

Question 315mediummulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process images uploaded to an S3 bucket. The Lambda function needs to resize each image and store the result in another S3 bucket. Which TWO actions should the developer take to ensure the function can access the S3 buckets securely?

Question 316mediummulti select
Read the full Development with Services explanation →

A developer is using AWS CodeCommit as the source repository for a CI/CD pipeline. The developer wants to trigger a build automatically when changes are pushed to a specific branch. Which services can be used to achieve this? (Choose TWO.)

Question 317hardmulti select
Read the full Development with Services explanation →

A company uses Amazon API Gateway to expose a REST API backed by AWS Lambda. The API has a resource /items with GET and POST methods. The GET method returns items from a DynamoDB table. The POST method adds an item to the table. Currently, all methods are open to the public. Security requirements mandate that only authenticated users can access the POST method, while the GET method remains public. Which THREE steps should the developer take to meet these requirements?

Question 318easymultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy is attached to an IAM user. The user tries to upload a file to s3://my-bucket/confidential/report.pdf. What will happen?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-bucket/confidential/*"
    }
  ]
}
Question 319easymultiple choice
Read the full Development with Services explanation →

A developer is designing a microservices architecture where each service runs in its own Amazon ECS container. Services need to communicate with each other. The developer wants to simplify service discovery and load balancing. Which AWS service should the developer use?

Question 320mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer invoked a Lambda function and received the response shown. What does the response indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key1":"value1"}' response.jsonRefer to the exhibit."StatusCode": 200,"FunctionError": "Unhandled","LogResult": "","ExecutedVersion": "$LATEST"$ cat response.json"errorType": "ValueError","errorMessage": "Invalid input","stackTrace": [raise ValueError('Invalid input')
Question 321mediummultiple choice
Read the full Development with Services explanation →

A company runs a production application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application receives high traffic and needs to process incoming HTTP requests, store the request payload in an S3 bucket for auditing, and return a response. The development team uses AWS Lambda to process the payload. The team wants to ensure that the solution is scalable, fault-tolerant, and decoupled. The current approach is to have the EC2 instances send requests directly to the Lambda function via the AWS SDK. However, the team notices that during traffic spikes, some requests are lost and the Lambda function throttles. What should the team do to improve the architecture?

Question 322hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer created the CloudFormation template snippet. After deployment, the developer uploads a file to the bucket, but the Lambda function is not invoked. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-app-bucket
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ArchiveRule
            Status: Enabled
            Prefix: logs/
            Transitions:
              - StorageClass: GLACIER
                TransitionInDays: 30
      NotificationConfiguration:
        LambdaConfigurations:
          - Event: s3:ObjectCreated:*
            Function: !GetAtt MyLambdaFunction.Arn
Question 323hardmultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that uses AWS Step Functions to orchestrate multiple AWS Lambda functions. The workflow involves three steps: validate input, process data, and store results. The developer notices that the workflow occasionally fails due to transient errors in the process data step. The developer wants to implement error handling so that the workflow retries the process data step up to three times with an exponential backoff. Additionally, if all retries fail, the workflow should send a notification to an Amazon SNS topic and transition to a failure state. The developer has defined the state machine in Amazon States Language (ASL). How should the developer configure the state machine?

Question 324mediummultiple choice
Read the full Development with Services explanation →

A company is building a serverless application using AWS Lambda to process user uploads to Amazon S3. The Lambda function needs to access a DynamoDB table to store metadata. What is the MOST secure way to grant the Lambda function access to DynamoDB?

Question 325mediummultiple choice
Read the full NAT/PAT explanation →

A company is using Amazon DynamoDB as the database for a web application. The application reads and writes items based on a primary key. The traffic pattern shows that reads are 10 times more frequent than writes. The development team wants to reduce read latency and costs. They are considering adding a cache layer. The data is not sensitive, but stale data is acceptable for up to 5 minutes. The application runs on EC2 instances. What should the team do to implement caching?

Question 326easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodeCommit as a source repository and AWS CodePipeline for CI/CD. The developer wants to automatically trigger a pipeline execution when changes are pushed to the main branch. Which action should the developer take?

Question 327hardmultiple choice
Read the full Development with Services explanation →

A developer attached the above IAM policy to an IAM user. The user tries to upload an object to the S3 bucket my-bucket without specifying server-side encryption. What will happen?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringNotEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
Question 328hardmultiple choice
Read the full Development with Services explanation →

A Lambda function processes messages from an SQS queue. The function occasionally fails due to network timeouts when calling an external API. The developer wants to retry failed messages automatically. What should the developer do?

Question 329easymultiple choice
Review the full routing breakdown →

A developer is deploying a new version of an AWS Lambda function using the AWS CLI. The developer wants to ensure that the new version is stable before routing all traffic to it. The developer has already published version 1 and version 2 of the function. The developer wants to send 10% of the traffic to version 2 and 90% to version 1. The developer then plans to gradually increase the traffic to version 2. Which approach should the developer use?

Question 330mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a serverless application using AWS SAM. The application includes an API Gateway endpoint that invokes a Lambda function. The developer wants to pass a stage name as a parameter to the Lambda function. How should the developer define the Lambda function's environment variable in the SAM template?

Question 331easymultiple choice
Read the full Development with Services explanation →

A company uses AWS Elastic Beanstalk to deploy a web application. The application stores user-uploaded images in an S3 bucket. The developer needs to ensure that the application can read and write to the S3 bucket. What should the developer do?

Question 332hardmultiple choice
Read the full Development with Services explanation →

A developer is writing a Lambda function that processes events from an Amazon Kinesis stream. The function must ensure that records are processed in the order they were received and that each shard is processed by only one instance of the function at a time. How should the developer configure the Lambda function?

Question 333easymultiple choice
Study the full Python automation breakdown →

A developer is using the AWS SDK for Python (Boto3) to upload objects to an S3 bucket. The developer wants to encrypt the objects at rest using server-side encryption with AWS KMS managed keys (SSE-KMS). Which parameter should the developer include in the put_object call?

Question 334mediummultiple choice
Read the full Development with Services explanation →

A company has a Node.js application running on an EC2 instance. The application needs to store session state. The developer wants to ensure high availability and scalability by storing session data externally. Which AWS service is BEST suited for this purpose?

Question 335hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying a microservices architecture on Amazon ECS using Fargate launch type. The services need to communicate with each other. The developer wants to use service discovery so that services can find each other by name. Which AWS service should the developer use?

Question 336mediummultiple choice
Read the full Development with Services explanation →

The developer runs a scan on the DynamoDB table 'orders' with a filter expression to find items with order_status equal to 'SHIPPED'. The output shows ScannedCount of 10000 but Count of 0. Which statement is correct?

Network Topology
aws dynamodb scantable-name ordersfilter-expression "order_status = :status"Refer to the exhibit."Items": [],"Count": 0,"ScannedCount": 10000,"ConsumedCapacity": {"TableName": "orders","CapacityUnits": 10.0
Question 337easymultiple choice
Read the full Development with Services explanation →

A developer is reviewing a CloudFormation template that creates an S3 bucket and a Lambda function. The Lambda function's code is stored in the S3 bucket. What is a potential issue with this template?

Exhibit

Refer to the exhibit.

Consider the following CloudFormation template snippet:

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-unique-bucket-12345
      VersioningConfiguration:
        Status: Enabled
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Handler: index.handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Code:
        S3Bucket: !Ref MyBucket
        S3Key: function.zip
      Runtime: nodejs18.x
Question 338hardmultiple choice
Read the full Development with Services explanation →

A developer attaches this IAM policy to an IAM user. The user tries to upload an object to the S3 bucket my-bucket from an IP address of 10.0.1.5. What will happen?

Exhibit

Refer to the exhibit.

Consider the following IAM policy JSON:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/24"
        }
      }
    }
  ]
}
Question 339mediummulti select
Read the full Development with Services explanation →

A developer is designing a serverless application that uses Amazon API Gateway and AWS Lambda. The API receives a high volume of requests, and the developer needs to cache responses to reduce latency and cost. Which TWO actions should the developer take? (Choose TWO.)

Question 340hardmulti select
Read the full Development with Services explanation →

A company is deploying a containerized application on Amazon ECS using the Fargate launch type. The application must be highly available across multiple Availability Zones. The developer needs to configure the ECS service. Which THREE configuration options are required? (Choose THREE.)

Question 341easymulti select
Read the full Development with Services explanation →

A developer is using AWS Step Functions to orchestrate a workflow. The developer wants to handle errors and retries for a task. Which TWO fields can be used in a state definition to configure error handling? (Choose TWO.)

Question 342mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda to process events from an SQS queue. The Lambda function runs for an average of 45 seconds and processes approximately 100 messages per second. The company notices that the Lambda function is being throttled, causing messages to remain in the queue for longer than expected. Which action would MOST effectively reduce throttling?

Question 343hardmultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using API Gateway and Lambda. The API must support multiple HTTP methods and use a custom domain name with an SSL certificate. The developer wants to enable caching for the /products GET endpoint to reduce latency. Which step is essential to enable caching for this specific endpoint?

Question 344easymultiple choice
Read the full Development with Services explanation →

A company stores sensitive user data in an S3 bucket. The security team requires that all data be encrypted at rest using a customer-managed KMS key. The bucket already has default encryption configured with SSE-S3. What is the MINIMUM change needed to meet the requirement?

Question 345mediummultiple choice
Read the full Development with Services explanation →

A developer is using the AWS CLI to upload a large file to S3. The file is 2 GB. The developer uses the following command: aws s3 cp largefile.zip s3://mybucket/. The upload is taking longer than expected. Which change would MOST improve the upload speed?

Question 346hardmultiple choice
Read the full Development with Services explanation →

A company runs a containerized application on Amazon ECS using the Fargate launch type. The application needs to store temporary data that must persist across container restarts but does not need to be shared across multiple tasks. The data should be automatically deleted when the task stops. Which storage option should the developer use?

Question 347easymultiple choice
Read the full Development with Services explanation →

A developer is writing a Lambda function that processes records from a Kinesis stream. The function must handle duplicate records and ensure exactly-once processing. Which approach should the developer use?

Question 348mediummultiple choice
Read the full Development with Services explanation →

A company has a DynamoDB table that stores order data. The table has a partition key of OrderID and a sort key of OrderDate. The company frequently queries orders by CustomerID, which is not a key attribute. The queries are slow and consume a lot of read capacity. Which design change would MOST improve query performance?

Question 349hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying an application using AWS CloudFormation. The template includes an AWS::Lambda::Function resource. The developer wants to ensure that the Lambda function's code is automatically updated when the source code in S3 changes. Which approach should the developer use?

Question 350easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application logs in a highly available and durable storage service. The logs must be retained for 7 years for compliance purposes. The logs are accessed infrequently after the first 30 days. Which storage solution is MOST cost-effective?

Question 351mediummulti select
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate deployments. The pipeline has a source stage that retrieves code from an S3 bucket, a build stage using CodeBuild, and a deploy stage using CodeDeploy. The build stage sometimes fails due to intermittent network issues. Which TWO actions would make the pipeline more resilient to such failures?

Question 352hardmulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The application must authenticate users using a third-party OAuth 2.0 provider. Which THREE options can the developer use to integrate with the OAuth provider?

Question 353easymulti select
Read the full Development with Services explanation →

A company is using AWS Elastic Beanstalk to deploy a web application. The environment is running behind a load balancer. The developer needs to ensure that the application logs are centralized and retained for analysis. Which TWO services can be used to collect and store logs from the EC2 instances?

Question 354mediummulti select
Read the full Development with Services explanation →

A developer is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other securely. Which THREE methods can be used to enable service-to-service authentication?

Question 355mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process events from an Amazon SQS queue. The Lambda function is CPU-bound and currently experiences timeouts. What is the MOST cost-effective way to reduce execution time?

Question 356hardmultiple choice
Read the full Development with Services explanation →

A company uses Amazon DynamoDB as a session store for a web application. The application recently experienced a spike in traffic, causing increased read latency. The DynamoDB table has a read capacity of 5000 RCUs and uses eventual consistent reads. The application performs many GetItem calls. What should a developer do to improve read performance with minimal cost?

Question 357easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration settings that may change at runtime and wants to avoid redeploying the application. Which AWS service should be used?

Question 358mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a new version of an AWS Lambda function. The deployment failed because the new function code references a layer that is not available. Which AWS CLI command can be used to list all layers associated with the function?

Question 359hardmultiple choice
Read the full Development with Services explanation →

A company runs a containerized application on Amazon ECS with Fargate. The application writes logs to stdout. The operations team wants to send these logs to a centralized log management tool that requires logs in JSON format. What is the BEST way to achieve this without modifying application code?

Question 360easymultiple choice
Read the full Development with Services explanation →

A developer is creating an Amazon S3 bucket to store sensitive documents. The bucket must encrypt objects at rest using an AWS Key Management Service (KMS) key. Which S3 bucket property should be configured?

Question 361mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to automate deployments. The pipeline has a manual approval action that requires a developer to approve before deploying to production. The developer wants to receive an email notification when an approval action is pending. Which AWS service should be used to send the notification?

Question 362hardmultiple choice
Read the full Development with Services explanation →

A developer is designing a microservice that processes orders. The service must ensure that each order is processed exactly once. The developer uses an SQS queue to decouple the order submission from processing. Which SQS feature should be used to prevent duplicate processing?

Question 363easymultiple choice
Read the full Development with Services explanation →

A developer needs to store a large number of binary files (e.g., images) that are accessed infrequently but must be retrievable within minutes. The storage solution should be cost-effective. Which Amazon S3 storage class is MOST suitable?

Question 364mediummulti select
Read the full Development with Services explanation →

Which TWO actions can improve the performance of an Amazon DynamoDB table that experiences frequent throttling due to hot partitions? (Choose TWO.)

Question 365hardmulti select
Read the full Development with Services explanation →

Which THREE steps are required to set up cross-account access for an Amazon S3 bucket? (Choose THREE.)

Question 366easymulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to decouple microservices in a distributed application? (Choose TWO.)

Question 367easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda that processes files uploaded to an S3 bucket. The function needs to read the file content and store metadata in DynamoDB. Which AWS service should be used to trigger the Lambda function when a new object is created in S3?

Question 368mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a Node.js application on AWS Elastic Beanstalk. The application uses environment variables for database credentials. The developer wants to ensure that the credentials are encrypted at rest and rotated automatically. Which solution meets these requirements with minimal effort?

Question 369hardmultiple choice
Read the full VPN explanation →

A company runs a microservices architecture on Amazon ECS with Fargate. Each service exposes an HTTP API and needs to be accessible only from the company's internal network via a VPN. The services are deployed in private subnets. What is the MOST secure and scalable way to expose these services?

Question 370easymulti select
Read the full Development with Services explanation →

Which TWO of the following are benefits of using Amazon API Gateway to manage APIs? (Choose two.)

Question 371mediummulti select
Read the full Development with Services explanation →

Which THREE of the following are valid use cases for AWS Lambda? (Choose three.)

Question 372hardmulti select
Read the full Development with Services explanation →

Which TWO of the following are required to enable cross-origin resource sharing (CORS) for an API hosted on Amazon API Gateway? (Choose two.)

Question 373easymultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy is attached to a user. What is the effect when the user tries to upload an object to s3://example-bucket/secret/file.txt?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::example-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/secret/*"
    }
  ]
}
Question 374mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer runs the AWS CLI command to invoke a Lambda function asynchronously. What does the response indicate?

Network Topology
$ aws lambda invokefunction-name my-functioninvocation-type Eventpayload '{"key1":"value1"}' output.txtRefer to the exhibit."StatusCode": 202,"FunctionError": "Unhandled"
Question 375hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer deploys this CloudFormation stack. The Lambda function is triggered by SQS messages. However, the function fails to process messages. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

Resources:
  MyQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: my-queue
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: my-function
      Handler: index.handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Code:
        ZipFile: |
          exports.handler = async (event) => {
            console.log('Received event:', JSON.stringify(event));
            return { statusCode: 200 };
          };
      Events:
        SQSEvent:
          Type: SQS
          Properties:
            Queue: !GetAtt MyQueue.Arn
            BatchSize: 10
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Question 376easymultiple choice
Read the full Development with Services explanation →

A developer is using Amazon DynamoDB to store session data for a web application. The application experiences read-heavy traffic and the developer wants to reduce latency. Which feature should be used to improve read performance?

Question 377mediummultiple choice
Read the full Development with Services explanation →

A company has a REST API running on Amazon EC2 instances behind an Application Load Balancer. The API is accessed by mobile clients. The company wants to add authentication and authorization without modifying the backend code. Which AWS service should be used?

Question 378hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to deploy a serverless application. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CloudFormation). The developer wants to automatically roll back the deployment if the CloudFormation stack update fails. Which configuration should be used?

Question 379easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application logs from multiple EC2 instances in a centralized location for analysis. The logs should be retained for 90 days. Which AWS service should be used to collect and store the logs?

Question 380mediummultiple choice
Review the full routing breakdown →

A developer is building a chat application using WebSockets. The application runs on multiple EC2 instances and needs to broadcast messages to all connected clients. Which AWS service can handle the WebSocket connections and route messages?

Question 381hardmultiple choice
Read the full Development with Services explanation →

A developer is debugging a Lambda function that is triggered by an S3 event. The function is supposed to process images and store metadata in DynamoDB. However, the function times out after 3 seconds for large images. The function's timeout is currently set to 5 seconds. What should the developer do to resolve the issue without increasing the timeout?

Question 382mediummultiple choice
Read the full Development with Services explanation →

A company uses AWS Lambda to process incoming messages from an Amazon SQS queue. The Lambda function sometimes fails with a timeout error when the queue has a large backlog. What is the MOST efficient way to increase throughput without causing duplicate processing?

Question 383hardmultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway with a Lambda integration. The API must validate that the 'Authorization' header contains a valid JWT token before invoking the backend. Which approach provides the LOWEST latency for token validation?

Question 384easymultiple choice
Read the full Development with Services explanation →

A developer is deploying a containerized application on Amazon ECS using Fargate. The application needs to store sensitive configuration data, including database passwords, that must be rotated regularly. Which service should the developer use to manage these secrets securely?

Question 385mediummultiple choice
Read the full Development with Services explanation →

A company runs a Node.js application on AWS Elastic Beanstalk. The application experiences high latency during peak hours. The developer suspects that the environment's EC2 instances are under-provisioned. Which configuration change would MOST effectively address the latency issue with minimal cost increase?

Question 386hardmultiple choice
Read the full Development with Services explanation →

A developer is designing a serverless application that processes large files uploaded to Amazon S3. Each file can be up to 5 GB. The processing involves extracting metadata and generating thumbnails. The developer wants to minimize processing time and cost. Which approach should the developer take?

Question 387easymultiple choice
Read the full Development with Services explanation →

A developer is writing a Lambda function that needs to access an Amazon RDS MySQL database. The function will be invoked frequently. What is the BEST practice for managing the database connection?

Question 388mediummultiple choice
Read the full Development with Services explanation →

A company uses Amazon CloudFront to distribute content from an S3 bucket. The content is static and rarely changes. The developer wants to reduce the load on the origin and improve performance for users. Which configuration change would achieve this?

Question 389hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying a microservices architecture on Amazon ECS with Fargate. The services need to communicate with each other using service discovery. The developer wants to use AWS Cloud Map for service discovery. Which configuration is required for the services to register and discover each other?

Question 390easymultiple choice
Read the full Development with Services explanation →

A developer needs to store session state for a web application running on multiple EC2 instances behind an Application Load Balancer. Which AWS service should the developer use for a fully managed, highly available session store?

Question 391mediummulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to build a serverless event-driven application that processes data from Amazon S3 and stores results in Amazon DynamoDB? (Choose 2.)

Question 392hardmulti select
Read the full Development with Services explanation →

Which THREE actions should a developer take to secure an AWS Lambda function that processes sensitive data? (Choose 3.)

Question 393mediummulti select
Read the full Development with Services explanation →

A developer is designing a messaging system where orders are placed into an SQS queue and processed by a Lambda function. The developer wants to ensure that failed messages are not lost and can be analyzed later. Which TWO steps should the developer take? (Choose 2.)

Question 394easymultiple choice
Read the full Development with Services explanation →

An IAM policy is attached to a user. What is the effect when the user tries to download an object from the 'confidential' folder in 'my-bucket' from an IP address within the 192.0.2.0/24 range?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-bucket/confidential/*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    }
  ]
}
```
Question 395hardmultiple choice
Read the full Development with Services explanation →

A developer invoked a Lambda function using the AWS CLI. The response includes 'FunctionError': 'Handled'. What does this indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key1":"value1"}' output.txtRefer to the exhibit.```"StatusCode": 200,"FunctionError": "Handled","LogResult": "UklEQlB...","ExecutedVersion": "$LATEST"
Question 396mediummultiple choice
Read the full Development with Services explanation →

A developer deployed this CloudFormation template. What happens to a message after it has been received from 'MyQueue' 3 times but not deleted?

Exhibit

Refer to the exhibit.

```yaml
Resources:
  MyQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: my-queue
      VisibilityTimeout: 30
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt MyDeadLetterQueue.Arn
        maxReceiveCount: 3
  MyDeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: my-dlq
```
Question 397easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process files uploaded to an S3 bucket. The Lambda function needs to read the uploaded file, transform it, and write the result to a DynamoDB table. Which IAM policy statement should be attached to the Lambda execution role?

Question 398mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS Elastic Beanstalk to deploy a web application. The application experiences high latency during peak hours. The developer wants to scale the application automatically based on CPU utilization. Which configuration should the developer use?

Question 399hardmultiple choice
Read the full Development with Services explanation →

A company runs a microservices application on Amazon ECS with Fargate. Each service has its own task definition and uses service discovery via AWS Cloud Map. Recently, one service is failing to connect to another service using the service discovery endpoint. The developer verified that both services are running and the security groups allow traffic. What is the most likely cause of the connectivity issue?

Question 400easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration data, such as database connection strings and third-party API keys, securely. The data must be encrypted at rest and automatically rotated. Which AWS service should the developer use?

Question 401mediummultiple choice
Read the full Development with Services explanation →

A developer is using API Gateway to expose a Lambda function as a REST API. The API must be accessible from a web application hosted on a different domain. The developer configured CORS but the browser still shows CORS errors. What should the developer do to resolve the issue?

Question 402hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to automate CI/CD. The pipeline has a Source stage (CodeCommit), a Build stage (CodeBuild), and a Deploy stage (CodeDeploy). The Build stage runs tests and packages the application. The developer notices that the Deploy stage is triggered even when the Build stage fails. How can the developer prevent deployment on build failure?

Question 403easymultiple choice
Read the full Development with Services explanation →

A developer wants to invoke an AWS Lambda function every hour to perform a maintenance task. Which AWS service should be used to schedule the invocation?

Question 404mediummultiple choice
Read the full Development with Services explanation →

A developer is using Amazon S3 to host a static website. The website uses JavaScript to fetch data from an API Gateway endpoint. Users report that the website loads but API calls fail with HTTP 403 errors. The developer checks the S3 bucket policy and finds it allows public read access. What is the most likely cause?

Question 405hardmultiple choice
Review the full subnetting walkthrough →

An application running on Amazon EC2 instances in an Auto Scaling group processes messages from an SQS queue. The application runs in a private subnet and needs to send metrics to Amazon CloudWatch. How can the developer ensure the EC2 instances can send metrics without traversing the internet?

Question 406mediummulti select
Read the full Development with Services explanation →

A developer is deploying a new version of an AWS Lambda function using the AWS CLI. The function is currently active and handling traffic. The developer wants to gradually shift traffic to the new version and rollback if errors increase. Which TWO actions should the developer take? (Choose TWO.)

Question 407hardmulti select
Read the full Development with Services explanation →

A company is using AWS CloudFormation to manage infrastructure. A developer needs to create a stack that will launch an EC2 instance and associate an Elastic IP address. The Elastic IP must be released when the stack is deleted. Which TWO resources should the developer include in the CloudFormation template? (Choose TWO.)

Question 408easymulti select
Read the full Development with Services explanation →

A developer is building a REST API using API Gateway and Lambda. The API must be secured using a Lambda authorizer. Which THREE steps are necessary to implement the Lambda authorizer? (Choose THREE.)

Question 409mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer attached the IAM policy to a Lambda function's execution role. The function reads items from a DynamoDB table that uses AWS KMS customer managed key (CMK) for encryption at rest. When the function tries to read an item, it receives an access denied error. What is the cause?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:GetItem",
        "dynamodb:PutItem"
      ],
      "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt"
      ],
      "Resource": "*"
    }
  ]
}
Question 410hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer creates a CloudFormation stack with the template. After the stack is created, the developer tries to access https://my-app-data-123.s3.amazonaws.com/index.html but gets a 403 Forbidden error. The S3 bucket has public access blocked at the account level. What should the developer do to allow public read access?

Exhibit

Refer to the exhibit.
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "MyBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "my-app-data-123",
        "VersioningConfiguration": {
          "Status": "Enabled"
        }
      }
    },
    "MyBucketPolicy": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": { "Ref": "MyBucket" },
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": "*",
              "Action": "s3:GetObject",
              "Resource": { "Fn::Sub": "${MyBucket.Arn}/*" }
            }
          ]
        }
      }
    }
  }
}
Question 411easymultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer invokes a Lambda function using the AWS CLI. The response shows StatusCode 200 and FunctionError: Unhandled. What does this indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key": "value"}' output.txtRefer to the exhibit."StatusCode": 200,"FunctionError": "Unhandled","ExecutedVersion": "$LATEST"
Question 412mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS Lambda with a 1 GB memory configuration. The function processes large CSV files from S3 and occasionally times out after 15 seconds. The function currently uses synchronous invocation. What is the MOST cost-effective solution to handle larger files without losing data?

Question 413easymultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using API Gateway and Lambda. The API Gateway REST API endpoint needs to be accessible only from a specific VPC. Which configuration should be used?

Question 414hardmultiple choice
Read the full Development with Services explanation →

An application running on Amazon ECS Fargate uses a DynamoDB table with on-demand capacity. The table has a partition key of 'userId' and a sort key of 'timestamp'. During peak hours, some requests experience throttling errors. The application performs updates to existing items using 'UpdateItem' with ConditionExpression to ensure the 'status' attribute is 'active'. Which design change will BEST reduce throttling?

Question 415mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS SAM to deploy a serverless application. The template includes a Lambda function that connects to an RDS MySQL database. The function works correctly in the developer's account but fails with a timeout when deployed to a production account. What is the MOST likely cause?

Question 416easymultiple choice
Read the full Development with Services explanation →

A company is using Amazon SQS to decouple microservices. The producer sends messages, and the consumer processes them. The consumer occasionally fails to process a message due to transient errors. What is the BEST way to ensure such messages are retried automatically?

Question 417hardmultiple choice
Read the full Development with Services explanation →

An organization uses AWS CodeBuild to run tests for a Node.js application. The build environment is Linux. The buildspec.yml includes a pre_build phase that runs 'npm install'. Occasionally, the build fails with an error 'npm ERR! code EINTEGRITY'. The developer wants to resolve this issue without compromising security. Which action should be taken?

Question 418mediummultiple choice
Read the full Development with Services explanation →

A developer is designing a system where an S3 bucket receives uploads, and each upload triggers a Lambda function to process the file. The processed output is stored in another S3 bucket. The developer notices that sometimes the same file is processed multiple times. How can this be prevented?

Question 419easymultiple choice
Read the full Development with Services explanation →

A developer needs to securely store database credentials for a Lambda function. The credentials must be automatically rotated every 30 days. Which service should be used?

Question 420mediummultiple choice
Read the full Development with Services explanation →

A company is using Amazon CloudFront to distribute static content from an S3 bucket. The content is updated frequently, but users see stale content. The developer wants to ensure that new content is served as soon as possible after an update. Which action should be taken?

Question 421hardmulti select
Read the full Development with Services explanation →

A developer is building a real-time chat application using WebSocket APIs in API Gateway and Lambda. The application must handle thousands of concurrent connections. Which TWO actions should the developer take to ensure the application scales properly?

Question 422mediummulti select
Read the full Development with Services explanation →

A developer is designing a serverless application that processes orders. The order processing must be transactional: either all steps succeed or none. Which TWO AWS services can be combined to achieve this?

Question 423mediummulti select
Read the full Development with Services explanation →

A company uses AWS CodePipeline to deploy a web application to an EC2 instance. The deployment often fails because the application is still running when new files are copied. Which THREE actions can be combined to achieve zero-downtime deployments?

Question 424mediummultiple choice
Read the full Development with Services explanation →

A company is building a serverless application using AWS Lambda functions that write results to an Amazon DynamoDB table. The Lambda functions are invoked by an Amazon API Gateway REST API. During testing, some requests fail with a 503 status code. The Lambda function code is correct. What is the MOST likely cause of the 503 errors?

Question 425easymultiple choice
Read the full Development with Services explanation →

A developer wants to upload a large file (5 GB) to an Amazon S3 bucket using the AWS SDK. Which approach is MOST efficient and resilient?

Question 426hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying a microservices architecture on Amazon ECS with Fargate. Each service needs to store sensitive configuration data such as database passwords. The developer wants to avoid hardcoding secrets in the application code. Which approach should the developer use?

Question 427mediummultiple choice
Read the full Development with Services explanation →

A company is using Amazon CloudFront to serve content from an Application Load Balancer (ALB) origin. The ALB is configured as an internal load balancer in a VPC. Users are getting HTTP 502 errors when accessing the CloudFront distribution. What is the MOST likely cause?

Question 428easymultiple choice
Read the full Development with Services explanation →

A developer needs to analyze real-time streaming data from thousands of devices. The data consists of JSON messages that must be processed and stored in Amazon S3. Which AWS service should the developer use to ingest and buffer the streaming data?

Question 429hardmultiple choice
Read the full Development with Services explanation →

A developer is building an application that uses Amazon DynamoDB as a data store. The application reads the same item frequently but writes rarely. The developer wants to reduce read costs. Which DynamoDB feature should the developer use?

Question 430mediummultiple choice
Read the full Development with Services explanation →

A company has an AWS Lambda function that processes messages from an Amazon SQS queue. The function sometimes fails due to transient errors. The developer wants to ensure that failed messages are retried automatically and then sent to a dead-letter queue after three failed attempts. How should the developer configure this?

Question 431easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to automate the deployment of a web application. The developer wants to run unit tests after the source stage and before deploying to a staging environment. Which action should the developer add to the pipeline?

Question 432hardmultiple choice
Read the full Development with Services explanation →

A developer is designing a serverless application that uses Amazon API Gateway and AWS Lambda. The application needs to handle a sudden spike in traffic. The Lambda function performs CPU-intensive operations. What should the developer do to ensure the application scales without errors?

Question 433mediummulti select
Read the full Development with Services explanation →

A developer is designing a mobile application that needs to upload files to Amazon S3. The developer wants to use temporary credentials to avoid storing long-term AWS credentials on the device. Which TWO services should the developer use together?

Question 434hardmulti select
Read the full Development with Services explanation →

A company is using AWS CloudFormation to deploy infrastructure. The developer needs to update a stack but wants to avoid downtime for a critical database. Which THREE strategies should the developer consider?

Question 435easymulti select
Read the full Development with Services explanation →

A developer is troubleshooting an AWS Lambda function that is invoked by an Amazon S3 bucket notification. The function processes new objects but sometimes fails because the object is not fully written before Lambda reads it. Which TWO actions can the developer take to fix this?

Question 436mediummultiple choice
Read the full Development with Services explanation →

A developer attaches the IAM policy shown to a user. The user attempts to upload an object to example-bucket using the AWS CLI with the command: `aws s3 cp file.txt s3://example-bucket/`. The upload fails. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::example-bucket/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        }
    ]
}
Question 437hardmultiple choice
Read the full Development with Services explanation →

A developer runs the AWS CLI command shown. The Lambda function returns a 200 status code but the output file is null and the response includes FunctionError: Unhandled. What does this indicate?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key1": "value1"}' output.txtRefer to the exhibit."StatusCode": 200,"ExecutedVersion": "$LATEST","FunctionError": "Unhandled"
Question 438easymultiple choice
Read the full Development with Services explanation →

A developer creates an AWS CloudFormation stack with the template snippet shown. The stack creation fails with the error: "Bucket with name my-unique-bucket-12345 already exists." What is the MOST likely cause?

Exhibit

Refer to the exhibit.

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-unique-bucket-12345
      VersioningConfiguration:
        Status: Enabled
Question 439easymultiple choice
Read the full Development with Services explanation →

A developer wants to store session state for a web application that runs on multiple EC2 instances behind an Application Load Balancer. Which AWS service should the developer use to store the session state in a centralized, highly available location?

Question 440mediummultiple choice
Read the full Development with Services explanation →

A company is developing a serverless application using AWS Lambda and API Gateway. The application needs to process user uploads to Amazon S3. The Lambda function must be invoked asynchronously after an object is uploaded to an S3 bucket. Which configuration should the developer use to invoke the Lambda function?

Question 441hardmultiple choice
Read the full NAT/PAT explanation →

A developer is deploying a microservices application using Amazon ECS with Fargate. The application consists of multiple services that need to communicate with each other over HTTP. The developer wants to ensure that service-to-service communication is encrypted in transit and that the services can discover each other by logical service names instead of IP addresses. Which combination of AWS services should the developer use?

Question 442easymultiple choice
Read the full Development with Services explanation →

A developer has written an AWS Lambda function that processes messages from an Amazon SQS queue. The function is configured with a reserved concurrency of 5. The SQS queue has 10,000 messages waiting to be processed. What will happen when the Lambda function is invoked?

Question 443mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate its CI/CD pipeline. The pipeline has a build stage that uses AWS CodeBuild. The developer wants to run unit tests and only proceed to the deploy stage if the tests pass. Which configuration should the developer use to achieve this?

Question 444hardmultiple choice
Read the full Development with Services explanation →

A development team is building a real-time chat application using Amazon API Gateway WebSocket APIs and AWS Lambda. The application needs to maintain a connection to each user and broadcast messages to all connected clients. Which approach should the developer use to scale the application efficiently?

Question 445easymultiple choice
Read the full Development with Services explanation →

A developer is using AWS SAM to define a serverless application. The application includes an AWS Lambda function that needs to access an Amazon DynamoDB table. The developer wants to grant the Lambda function the minimum required permissions to read and write items in the table. Which resource should the developer use to define the IAM permissions?

Question 446mediummultiple choice
Read the full Development with Services explanation →

A company runs a batch processing job on Amazon ECS using Fargate. The job processes files from an S3 bucket and writes results to another S3 bucket. The job runs once per day and takes about 30 minutes. The company wants to reduce costs by stopping the ECS service when not in use. Which solution should the developer implement?

Question 447hardmultiple choice
Read the full Development with Services explanation →

A developer is deploying a web application on Amazon EKS. The application needs to read configuration data from an Amazon S3 bucket at startup. The developer wants to ensure that the configuration is securely accessed without embedding AWS credentials in the application code. Which solution should the developer use?

Question 448mediummulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to store and retrieve application configuration data in a serverless application? (Choose two.)

Question 449hardmulti select
Read the full Development with Services explanation →

Which THREE AWS services are commonly used together to build a serverless event-driven architecture that processes real-time streaming data? (Choose three.)

Question 450easymulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to deploy and manage containerized applications? (Choose two.)

Question 451easymultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. The IAM policy is attached to an IAM role that is assumed by an AWS Lambda function. The Lambda function needs to read and write objects in the 'my-bucket' S3 bucket, but it should never delete objects. What will happen when the function attempts to delete an object?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
Question 452mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer runs the AWS CLI command to invoke a Lambda function. The output shows StatusCode 200 and no FunctionError. However, the application that depends on this function's output is not working correctly. What should the developer check next?

Network Topology
$ aws lambda invokefunction-name my-functionpayload '{"key1":"value1"}' output.txtRefer to the exhibit."StatusCode": 200,"ExecutedVersion": "$LATEST","FunctionError": ""
Question 453hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer creates a CloudFormation stack with the above template. The stack creation fails with the error 'The runtime parameter of nodejs18.x is not supported.' What is the most likely cause?

Exhibit

Refer to the exhibit.

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        ZipFile: !Sub |
          exports.handler = async (event) => {
            console.log('Processing event:', JSON.stringify(event));
            return { statusCode: 200, body: 'Hello from Lambda' };
          };
      Handler: index.handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: nodejs18.x
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Question 454mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process files uploaded to an S3 bucket. The files are encrypted with S3 server-side encryption using AWS KMS (SSE-KMS). The Lambda function needs to read the files and store metadata in DynamoDB. Which IAM policy statement should be attached to the Lambda execution role to allow it to decrypt the objects?

Question 455hardmultiple choice
Read the full Development with Services explanation →

A company runs a containerized application on Amazon ECS with Fargate launch type. The application needs to access an Amazon RDS MySQL database using credentials stored in AWS Secrets Manager. The ECS task role has the following IAM policy: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["secretsmanager:GetSecretValue"],"Resource":"arn:aws:secretsmanager:us-east-1:123456789012:secret:prod-db-*"}]}. The application fails to retrieve the secret with an AccessDeniedException. What is the most likely cause?

Question 456easymultiple choice
Read the full Development with Services explanation →

A developer wants to store application configuration data that can be accessed by multiple microservices. The data is sensitive and should be encrypted at rest. Which AWS service should be used to meet these requirements?

Question 457mediummultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodePipeline to deploy a web application to an Auto Scaling group. The pipeline includes a deploy action that uses CodeDeploy. The deployment fails with the error: 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' Which of the following is the MOST likely cause?

Question 458hardmultiple choice
Read the full Development with Services explanation →

An organization has a Lambda function that processes messages from an Amazon SQS queue. The function is configured with a reserved concurrency of 5. The SQS queue has a visibility timeout of 30 seconds. The Lambda function takes an average of 45 seconds to process each message. What is the likely behavior of this setup?

Question 459easymultiple choice
Read the full Development with Services explanation →

A developer wants to trigger an AWS Lambda function every time a new object is created in an Amazon S3 bucket. Which S3 event notification configuration should be used?

Question 460mediummultiple choice
Read the full Development with Services explanation →

A company uses Amazon API Gateway to expose a REST API backed by AWS Lambda. The API is experiencing high latency. The developer suspects cold starts are contributing to the latency. Which action would be MOST effective in reducing cold start latency?

Question 461hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CloudFormation to deploy a stack that includes an Amazon RDS DB instance. The developer wants to ensure that the DB instance is not accidentally deleted when the stack is updated. Which property should be set on the DB instance resource?

Question 462easymultiple choice
Read the full Development with Services explanation →

A developer needs to store session state data for a web application running on multiple EC2 instances. The data must be highly available and durable. Which AWS service should be used?

Question 463mediummulti select
Read the full Development with Services explanation →

A company is designing a microservices architecture using AWS Lambda. Each microservice has its own DynamoDB table. The Lambda functions need to perform CRUD operations on their respective tables. Which TWO IAM best practices should be applied? (Choose TWO.)

Question 464hardmulti select
Read the full Development with Services explanation →

A developer is using Amazon Kinesis Data Streams to ingest real-time events. The application uses the Kinesis Client Library (KCL) to process records. The developer notices that one shard is falling behind while others are processing fine. Which THREE actions can help improve processing of the lagging shard? (Choose THREE.)

Question 465easymulti select
Read the full Development with Services explanation →

A developer is building a serverless application that uses Amazon S3 for static website hosting and AWS Lambda for dynamic API calls. The developer wants to enable logging of all API requests. Which TWO services can be used to log API requests? (Choose TWO.)

Question 466mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application that processes images uploaded to an S3 bucket. The processing includes generating thumbnails and storing metadata in DynamoDB. The developer wants to ensure that the processing function is triggered only when new objects are created, not when existing objects are updated. Which S3 event notification configuration should be used?

Question 467hardmultiple choice
Study the full Python automation breakdown →

A company uses AWS Lambda functions behind an API Gateway REST API. The Lambda functions are written in Python and use the boto3 SDK to interact with DynamoDB. After a recent deployment, some users report sporadic 502 Bad Gateway errors when calling the API. The Lambda function logs show occasional 'AccessDeniedException' errors. What is the most likely cause and solution?

Question 468easymultiple choice
Read the full Development with Services explanation →

A developer needs to store application configuration that can be accessed by multiple microservices running on Amazon ECS. The configuration must be encrypted at rest and automatically rotate secrets. Which AWS service should be used?

Question 469mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a Lambda function that processes messages from an SQS queue. The queue has a batch size of 10. To optimize cost and performance, the developer wants to minimize the number of Lambda invocations while ensuring that all messages are processed within the SQS visibility timeout. Which configuration should the developer use?

Question 470hardmultiple choice
Read the full Development with Services explanation →

A developer is using AWS CodeDeploy to deploy a new version of an application to an Auto Scaling group. The deployment fails because the new instances do not pass the health check. The developer wants to automatically roll back the deployment if the health check fails. Which CodeDeploy setting should be configured?

Question 471easymultiple choice
Read the full Development with Services explanation →

A developer needs to access a DynamoDB table from a Lambda function. The Lambda function is in the same AWS account as the DynamoDB table. What is the most secure way to grant the Lambda function access to the DynamoDB table?

Question 472mediummultiple choice
Read the full Development with Services explanation →

A company runs a web application on EC2 instances behind an Application Load Balancer. The application uses sessions stored in an ElastiCache Redis cluster. Recently, users have been experiencing session timeouts and errors. The developer notices that the Redis cluster is running out of memory. What should the developer do to resolve this issue?

Question 473hardmultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API must support CORS to allow requests from a web application hosted on a different domain. The developer has enabled CORS on the API Gateway resource and configured the Lambda function to return the appropriate headers. However, the web application is still receiving CORS errors. What is the most likely cause?

Question 474easymultiple choice
Read the full Development with Services explanation →

A developer wants to store session state for a web application running on multiple EC2 instances. Which AWS service provides a fully managed, in-memory data store that is ideal for this use case?

Question 475mediummulti select
Read the full Development with Services explanation →

A developer is designing a serverless application using AWS Lambda and Amazon S3. The application must process files immediately after they are uploaded to an S3 bucket. Which TWO services can be used to trigger the Lambda function?

Question 476hardmulti select
Read the full Development with Services explanation →

A developer is configuring an Amazon API Gateway REST API with a Lambda function as the backend. The Lambda function returns a JSON response. The developer wants to enable caching to reduce the number of calls to the Lambda function. Which TWO steps are required to enable caching for a specific stage?

Question 477easymulti select
Read the full Development with Services explanation →

A developer is building a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which TWO AWS services can be used for service discovery?

Question 478mediummulti select
Read the full Development with Services explanation →

A developer is deploying an application using AWS Elastic Beanstalk. The application requires a relational database. Which THREE components are created by Elastic Beanstalk when you add a database to your environment?

Question 479hardmulti select
Read the full Development with Services explanation →

A developer is troubleshooting a Lambda function that is failing with a 'Task timed out' error. The function is configured with a 3-second timeout. The function makes an HTTP request to an external API that sometimes takes more than 3 seconds to respond. Which THREE actions should the developer take to resolve this issue?

Question 480hardmultiple choice
Read the full Development with Services explanation →

A company runs a critical application on AWS Lambda that processes real-time financial transactions. The Lambda function is triggered by an SQS queue that receives messages from an API Gateway. Recently, the team has observed an increase in processing errors and occasional data loss. Upon investigation, they find that the Lambda function's concurrency limit is set to 5, and the SQS queue has a visibility timeout of 30 seconds. The function typically takes 2 seconds to process a message, but during peak hours, the queue depth grows to thousands of messages. The errors occur when the Lambda function throws an exception, causing the message to return to the queue after the visibility timeout expires. However, some messages are never processed again and are eventually lost. The team suspects that the messages are being sent to the dead-letter queue (DLQ) after multiple retries, but the DLQ is not configured. The team needs to ensure that no messages are lost and that processing errors are handled appropriately. What should the team do to resolve this issue?

Question 481mediummultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda to process events from Amazon S3. The Lambda function needs to persist data to an Amazon RDS MySQL database. Which of the following is the MOST secure way to pass database credentials to the Lambda function?

Question 482hardmultiple choice
Read the full NAT/PAT explanation →

A company runs a containerized application on Amazon ECS Fargate. The application writes logs to stdout. The operations team wants to centralize log monitoring and set up alarms for error patterns. What should a developer do to meet these requirements with minimal operational overhead?

Question 483easymultiple choice
Read the full Development with Services explanation →

A developer is implementing a REST API using Amazon API Gateway and AWS Lambda. The API should return a static response from an Amazon S3 bucket for a specific GET endpoint without invoking a Lambda function. Which API Gateway integration type should be used?

Question 484hardmultiple choice
Read the full NAT/PAT explanation →

A developer is designing a workflow using AWS Step Functions that includes a task to invoke an AWS Lambda function. The Lambda function sometimes times out due to long-running operations. The developer needs the workflow to wait for the Lambda function to complete asynchronously and retry on failure. Which Step Functions pattern should the developer use?

Question 485easymultiple choice
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate deployments. The pipeline has a source stage that retrieves code from Amazon S3, a build stage using AWS CodeBuild, and a deploy stage using AWS CodeDeploy. The build stage is failing intermittently with errors related to missing dependencies. What should a developer do to ensure the build environment has all required dependencies?

Question 486mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a web application using AWS Elastic Beanstalk. The application uses a MySQL database. During deployment, the developer needs to apply database schema migrations. Which approach should the developer use to run database migrations as part of the Elastic Beanstalk deployment?

Question 487hardmultiple choice
Read the full NAT/PAT explanation →

A developer is using Amazon DynamoDB to store session data for a web application. The application reads and writes a single item per user session. The traffic pattern shows occasional spikes. The developer wants to minimize read and write costs. Which DynamoDB capacity mode should the developer choose?

Question 488mediummultiple choice
Read the full Development with Services explanation →

A company uses AWS CloudFormation to deploy infrastructure. The developer needs to pass a list of security group IDs to an EC2 instance launch configuration. The security groups are created in another stack. How should the developer obtain the security group IDs?

Question 489easymultiple choice
Read the full Development with Services explanation →

A developer is creating an AWS Lambda function that processes messages from an Amazon SQS queue. The function should process each message only once. Which SQS queue type should the developer use?

Question 490hardmulti select
Read the full Development with Services explanation →

A developer is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which TWO options can the developer use for service discovery?

Question 491easymulti select
Read the full Development with Services explanation →

A developer is using AWS CodeBuild to run unit tests as part of a CI/CD pipeline. The developer wants to store the test results for later analysis. Which TWO AWS services can the developer use to store and view the test reports?

Question 492hardmulti select
Read the full Development with Services explanation →

A developer is using AWS Lambda with an Amazon DynamoDB trigger. The Lambda function processes items from a DynamoDB Stream. The developer needs to ensure that the function processes each change exactly once and in order. Which TWO configurations should the developer use?

Question 493mediummultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. An IAM policy is attached to a Lambda function's execution role. The Lambda function is triggered by an S3 event and needs to invoke another Lambda function and decrypt an S3 object encrypted with a customer-managed KMS key. However, the invocation fails with an access denied error. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

IAM Policy JSON:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "arn:aws:kms:us-east-1:123456789012:key/abc123"
    }
  ]
}
Question 494hardmultiple choice
Read the full Development with Services explanation →

Refer to the exhibit. A developer creates a CloudFormation stack with this template. The developer wants to ensure that all objects uploaded to the bucket are encrypted at rest using SSE-KMS. However, the current policy allows anyone to put objects without encryption. What additional change is needed to enforce SSE-KMS?

Exhibit

Refer to the exhibit.

CloudFormation snippet:
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "${AWS::StackName}-bucket"
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ExpireOldVersions
            Status: Enabled
            NoncurrentVersionExpirationInDays: 30
  MyQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: !Sub "${AWS::StackName}-queue"
  MyBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyBucket
      PolicyDocument:
        Statement:
          - Effect: Allow
            Principal: "*"
            Action: "s3:PutObject"
            Resource: !Sub "${MyBucket.Arn}/*"
            Condition:
              StringEquals:
                s3:x-amz-server-side-encryption: "aws:kms"
Question 495mediummultiple choice
Read the full Development with Services explanation →

A company runs a production web application on AWS. The application consists of an Application Load Balancer (ALB) that distributes traffic across multiple EC2 instances in an Auto Scaling group. The application uses an Amazon Aurora MySQL database. The operations team reports that the application is experiencing intermittent latency spikes, especially during peak hours. Investigation reveals that the database CPU utilization is consistently above 80% and there are many slow queries. The developer is asked to improve database performance without changing the application code. Which solution should the developer implement?

Question 496mediummultiple choice
Read the full Development with Services explanation →

A company uses AWS Lambda to process user-uploaded images stored in an S3 bucket. Recently, the Lambda function started timing out, and CloudWatch Logs show 'Error: Unable to locate credentials' in the function logs. What is the most likely cause?

Question 497hardmultiple choice
Read the full Development with Services explanation →

A developer is building a REST API using API Gateway and AWS Lambda. The API must support long-running operations that can take up to 30 minutes. The current implementation uses synchronous Lambda invocation, causing API Gateway to timeout after 29 seconds. What solution should the developer implement?

Question 498mediummulti select
Read the full Development with Services explanation →

Which TWO actions should a developer take to securely store secrets (e.g., database passwords) used by a Lambda function?

Question 499hardmulti select
Read the full Development with Services explanation →

Which THREE steps are required to enable cross-account access to a DynamoDB table from a Lambda function in another AWS account?

Question 500easymulti select
Read the full Development with Services explanation →

Which TWO AWS services can be used to trigger an AWS Lambda function asynchronously?

Question 501mediummulti select
Read the full Development with Services explanation →

Which THREE statements are true about AWS Lambda concurrency and scaling?

Question 502hardmultiple choice
Read the full Development with Services explanation →

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon RDS MySQL database. Recently, the application started experiencing frequent database connection timeouts. The development team discovered that the application is not closing database connections properly, leading to exhausted database connections. The team wants a solution that does not require code changes. Which option should they choose?

Question 503mediummultiple choice
Read the full Development with Services explanation →

A developer is deploying a serverless application using AWS SAM. The application includes an API Gateway REST API and several Lambda functions. The developer wants to enable X-Ray tracing to debug performance issues. What is the MINIMUM set of actions required to enable X-Ray tracing for the entire application?

Question 504easymultiple choice
Read the full Development with Services explanation →

An organization uses AWS CodeCommit for source control and AWS CodeBuild for building a Java application. The build process needs to run integration tests that require a MySQL database. The team wants to ensure the database is provisioned only during the build and cleaned up afterward to minimize costs. What is the most efficient solution?

Question 505mediummultiple choice
Read the full Development with Services explanation →

A developer is working on an application that uses Amazon SQS as a message queue. The application polls the queue using long polling with a wait time of 20 seconds. Recently, the team noticed that messages are being processed multiple times. The application is idempotent, but duplicate processing is causing unnecessary costs. What should the developer do to reduce duplicate message processing?

Question 506hardmultiple choice
Read the full Development with Services explanation →

A company runs a microservices architecture on Amazon ECS with Fargate. Each service uses an Application Load Balancer and stores data in Amazon DynamoDB. The operations team notices that during traffic spikes, some requests fail with HTTP 503 errors. CloudWatch metrics show that the ALB's TargetResponseTime is increasing, and the DynamoDB table's ConsumedWriteCapacityUnits are reaching the provisioned limit. The team wants to handle traffic spikes gracefully without manual intervention. What should they do?

Question 507easymultiple choice
Read the full Development with Services explanation →

A developer is deploying a web application using AWS Elastic Beanstalk. The application requires a relational database. The developer wants the database to be automatically created and configured as part of the Elastic Beanstalk environment. Which approach should they use?

Question 508mediummultiple choice
Read the full Development with Services explanation →

A company is using AWS CodePipeline to automate deployments of a serverless application. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CloudFormation). The deploy stage fails intermittently with the error 'Rate exceeded' when creating or updating stacks. What should the developer do to resolve this issue?

Question 509hardmultiple choice
Read the full Development with Services explanation →

A developer is building a real-time chat application using WebSockets via API Gateway. The backend uses AWS Lambda functions to handle connect, disconnect, and message events. The application needs to broadcast messages to all connected clients. What is the most scalable and cost-effective way to maintain the list of connection IDs and broadcast messages?

Question 510easymultiple choice
Read the full Development with Services explanation →

A developer is creating a CI/CD pipeline using AWS CodeBuild and AWS CodeDeploy for a Java application that runs on EC2 instances. The build process must compile the code, run unit tests, and package the application into a WAR file. The deployment should use the blue/green deployment strategy. What is the correct sequence of actions?

Question 511easymulti select
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda and Amazon API Gateway. The application processes user uploads stored in an S3 bucket. The developer needs to ensure that the Lambda function can read objects from the S3 bucket. Which TWO steps should the developer take to meet this requirement? (Choose two.)

Question 512mediummulti select
Read the full Development with Services explanation →

A company is using AWS Elastic Beanstalk to deploy a web application. The application uses an Amazon RDS MySQL database. The development team wants to ensure that database credentials are not exposed in the application code. Which THREE actions should the team take to securely manage and retrieve database credentials? (Choose three.)

Question 513hardmulti select
Read the full Development with Services explanation →

A developer is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a source stage that uses an Amazon S3 bucket, a build stage that uses AWS CodeBuild, and a deploy stage that uses AWS CodeDeploy. The developer wants to ensure that the pipeline automatically triggers when a new file is uploaded to the S3 source bucket. Which TWO steps should the developer take to configure this? (Choose two.)

Question 514mediummulti select
Read the full Development with Services explanation →

A developer is building a RESTful API using AWS Lambda and Amazon API Gateway. The API will be accessed by external customers. The developer needs to implement authentication and authorization. Which THREE steps should the developer take to secure the API? (Choose three.)

Question 515easymultiple choice
Read the full Development with Services explanation →

A developer is deploying a new version of a microservice that runs on AWS Fargate. The service is part of an Amazon ECS cluster and has an associated Application Load Balancer (ALB). The developer wants to perform a rolling update without downtime and ensure that at least 50% of the service's desired count remains available during the deployment. The current desired count is 4. The developer updates the task definition and triggers a new service deployment using the AWS CLI. After the update, the developer notices that the service briefly goes to 0 running tasks during the deployment, causing downtime. The ECS service deployment configuration has: minimumHealthyPercent=50 and maximumPercent=200. What is the most likely cause of this downtime?

Question 516mediummultiple choice
Read the full Development with Services explanation →

A company runs a Node.js application on AWS Elastic Beanstalk. The application writes log files to /var/log/app/. The operations team wants to stream these logs to Amazon CloudWatch Logs for monitoring and alerting. The developer configures the Elastic Beanstalk environment to include a .ebextensions configuration file that sets up the CloudWatch Logs agent. The configuration file specifies the log group and the log stream prefix. After deploying the updated environment, the logs are not appearing in CloudWatch Logs. The developer checks the EC2 instance and confirms that the CloudWatch Logs agent is running and the configuration file is present in /etc/awslogs/. What is the most likely reason the logs are not being sent?

Question 517hardmultiple choice
Read the full Development with Services explanation →

A developer is building a serverless application using AWS Lambda that processes messages from an Amazon SQS queue. The queue receives about 100 messages per second, and each message takes about 30 seconds to process. The Lambda function is configured with a reserved concurrency of 10. The developer notices that messages are frequently being sent to the dead-letter queue (DLQ) after three failed processing attempts. The Lambda function's execution role has the necessary permissions to read from the SQS queue and write to the DLQ. The SQS queue's visibility timeout is set to 60 seconds, and the Lambda function's timeout is set to 60 seconds. What is the most likely cause of the messages being sent to the DLQ?

Question 518hardmultiple choice
Read the full Development with Services explanation →

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores user session data in an Amazon ElastiCache for Redis cluster. Recently, users have been experiencing intermittent session timeouts and data loss. The developer examines the application logs and finds errors indicating that the Redis cluster is returning 'READONLY You can't write against a read-only replica.' The ElastiCache cluster is configured as a Redis replication group with one primary and two replicas. The application's connection code uses the primary endpoint. What is the most likely cause of this issue?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

DVA-C02 Practice Test 1 — 10 Questions→DVA-C02 Practice Test 2 — 10 Questions→DVA-C02 Practice Test 3 — 10 Questions→DVA-C02 Practice Test 4 — 10 Questions→DVA-C02 Practice Test 5 — 10 Questions→DVA-C02 Practice Exam 1 — 20 Questions→DVA-C02 Practice Exam 2 — 20 Questions→DVA-C02 Practice Exam 3 — 20 Questions→DVA-C02 Practice Exam 4 — 20 Questions→Free DVA-C02 Practice Test 1 — 30 Questions→Free DVA-C02 Practice Test 2 — 30 Questions→Free DVA-C02 Practice Test 3 — 30 Questions→DVA-C02 Practice Questions 1 — 50 Questions→DVA-C02 Practice Questions 2 — 50 Questions→DVA-C02 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Development with AWS ServicesSecurityDeploymentTroubleshooting and Optimization

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Development with AWS Services setsAll Development with AWS Services questionsDVA-C02 Practice Hub