AWS Certified Developer Associate Sample Questions DVA-C02 ( 2026 )
- CertiMaan
- Sep 23, 2025
- 35 min read
Updated: 7 days ago
Get ready for success with our AWS Certified Developer Associate sample questions, crafted to reflect real exam scenarios. Whether you're preparing for DVA-C02 or revisiting AWS Certified Developer Associate DVA-C01 dumps, these questions help sharpen your AWS development skills. Perfect for those practicing with DVA-C02 exam dumps, DVA-C02 practice exams, or reviewing with an AWS developer associate practice exam, this resource ensures deep understanding and readiness. Strengthen your preparation using actual AWS developer associate exam questions tailored to the current certification format.
AWS Certified Developer Associate Sample Questions List :
1. To enhance browser security, you are planning to enable CORS. To enable CORS on a resource using API Gateway for the GET method, which of the following actions needs to be performed for all types of response except 200 response in case of Lambda custom integration?
Add Access-Control-Allow-Methods header in the integration response
Add Access-Control-Allow-Origin header in the integration response
Add Access-Control-Allow-Credentials header in the integration response
Add Access-Control-Allow-Headers header in the integration response
2. You are developing an application with the following architecture: a set of EC2 instances to process messages, which are spun up by an Autoscaling group, and SQS Queues to maintain the processing messages. There will be 2 pricing tiers. How will you ensure that the premium customers’ messages are given more preference?
Use SQS FIFO queues for premium messages
Use two separate SQS queues for standard and premium messages
Use Amazon SNS to push premium messages to EC2 instances directly
Use message attributes to set priority and process based on priority attribute
3. Your company is developing an application in .NET Core with DynamoDB. There is a requirement that all data needs to be encrypted at rest. If the DynamoDB table has already been created, what else is needed to achieve this?
Enable encryption at rest using AWS Management Console
No further action is needed as encryption at rest is automatically enabled
Create a new DynamoDB table with encryption enabled and migrate data
Modify the table to enable encryption using the AWS CLI
4. You are planning to use AWS Kinesis streams for an application being developed for a company. The company policy mandates that all data is encrypted at rest. How can you accomplish this in the easiest way possible for Kinesis streams?
Store data in an encrypted S3 bucket and read from there
Enable server-side encryption with AWS KMS
Use a custom encryption library in the application
Use client-side encryption before sending data to Kinesis
5. A construction firm has stored all its project documents in an Amazon S3 bucket, with external vendors accessing this data on a need basis. The Security Team performs an audit for this access and is looking for cryptographic protocols used by vendors to access this data. Which of the following can help collect this data?
AWS CloudTrail
Amazon S3 Server Access Logging
AWS Config
Amazon S3 Inventory
6. The Application Team is setting up a test application using AWS Elastic Beanstalk. For this new application, the team is expecting a high amount of HTTP 4xx errors. They need to prevent the environment instance health status from being marked as ‘Severe’ due to these errors. What solution will meet this requirement?
Deploy a custom error page for handling 4xx errors
Configure a custom 4xx error threshold in Elastic Beanstalk environment configuration
Use AWS WAF to filter out unwanted requests generating 4xx errors
Increase the instance health check interval to reduce the frequency of health status checks
7. You have defined some custom policies in AWS. You need to test the permissions assigned to those policies. Which of the following can be used for this purpose via the CLI? (Select TWO)
aws iam simulate-custom-policy
aws iam list-policies
aws iam simulate-principal-policy
aws iam get-policy
8. You have created an Amazon DynamoDB table with a Global Secondary Index. Which of the following can be used to get the latest results quickly with the least impact on Read Capacity Units (RCU)?
Scan with Eventually Consistent Read
Parallel Scan with Consistent Read
Query with Eventually Consistent Read
Query with Consistent Read
9. Your team is developing a solution that will make use of DynamoDB tables. Currently, the application is designed to perform scans on the entire table. What can be done to improve the application's performance when it interacts with the DynamoDB table? (Select TWO)
Implement global secondary indexes (GSIs)
Use query operations instead of scan operations
Increase the provisioned throughput of the table
Use parallel scans
10. A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application that needs to handle thousands of requests. Currently, the dev environment is running on a t1.micro instance. What is the best way for the developer to provision a new production environment with a m4.large instance instead of a t1.micro?
Configure the instance type in the Elastic Beanstalk environment configuration
Modify the instance type directly in the EC2 dashboard after environment creation
Create a configuration file with the desired instance type and include it in the source code
Use the Elastic Beanstalk CLI to deploy the environment with the desired instance type
11. You are creating a Lambda function that will be accessing a database. Due to compliance reasons, all database connection strings must be stored encrypted at rest. How can you accomplish this in the Lambda function? Choose 2 answers from the options given below.
Store the connection strings in AWS Systems Manager Parameter Store with encryption
Store the connection strings in a plaintext file within the Lambda package
Store the connection strings in AWS Secrets Manager
Store the connection strings in the Lambda environment variables
12. You are the team lead for an application that is already in production and using S3 buckets. Users from another country have now started actively using the objects in the S3 bucket. What can be done to reduce the latency of access to objects for the new users?
Enable S3 Event Notifications
Create an Amazon CloudFront distribution with the S3 bucket as the origin
Enable Cross-Region Replication for the S3 bucket
Enable Transfer Acceleration on the S3 bucket
13. You are developing an application that will be hosted in AWS Lambda. The function needs to make calls to a database, and there is a requirement that all database connection strings must be kept secure. Which of the following is the most secure way to implement this?
Store the connection strings in environment variables
Store the connection strings in a plain text file on an EBS volume
Store the connection strings in AWS Secrets Manager
Store the connection strings in the Lambda function code
14. As an API developer, you have configured an API with the AWS API Gateway service. During testing, you receive the following response when an action is made to an undefined API resource: { "message": "Missing Authentication Token" } You want to customize this error response to make it more user-friendly. How can you achieve this?
Modify the API Gateway stage settings
Enable CORS in API Gateway
Use AWS Lambda to handle errors
Create a custom Gateway Response for the 'MISSING_AUTHENTICATION_TOKEN' error type
15. You have an application that is hosted on an EC2 instance and is part of the custom domain www.demo.com. The application has been modified to make calls to the API Gateway, but the browser is not rendering the responses, and JavaScript errors are appearing in the developer console. What must be done to resolve this issue?
Update the DNS settings for the custom domain
Enable SSL/TLS on the custom domain
Enable CORS in API Gateway
Modify the security group of the EC2 instance
16. You are developing an application that will stream records to Amazon Simple Storage Service (S3). Your company policy mandates that all data must be encrypted at rest. How can you achieve this with Kinesis Firehose? Choose 2 answers from the options given below.
Enable server-side encryption (SSE) in the Firehose delivery stream
Use client-side encryption before sending data to Kinesis Firehose
Use AWS KMS to manage the encryption keys
Configure S3 bucket policies to deny unencrypted object uploads
17. You are developing a set of Lambda functions for your application. The company mandates that all API calls to Lambda functions be recorded. Which of the below service can help achieve this?
AWS X-Ray
Amazon CloudWatch
AWS CloudTrail
AWS Config
18. You have several Lambda functions that need to be deployed using AWS CodeDeploy. These Lambda functions have undergone multiple code revisions, and you are using versioning in Lambda to maintain these revisions. What must be done to ensure that the correct version of the function is deployed using AWS CodeDeploy?
Include the version number in the function name
Use aliases to point to the specific versions
Specify the version number in the deployment configuration
Manually update the Lambda function before deployment
19. You are using Amazon Cognito identity pools to assign authenticated SAML users temporary access for downloading data from Amazon S3 buckets. For this, you have created multiple rules for each role that gets assigned to users. Which of the following criteria is matched for evaluating these rules?
The rules are evaluated in parallel and the most restrictive one is applied
The rules are evaluated in the order in which they are created
The rules are evaluated based on the priority assigned to them
The rules are evaluated based on the alphabetical order of role names
20. Last week there was an incident in your company where critical files were deleted from the Amazon S3 bucket. Your manager has asked you to configure event notification for changes made to objects in Amazon S3. While publishing events from Amazon S3, which of the following cannot be used as the destination?
Amazon DynamoDB
AWS Lambda
Amazon SQS
Amazon SNS
21. An organization’s application needs to monitor application-specific events with a standard AWS service. The service should capture the number of logged-in users and trigger events accordingly. During peak times, monitoring frequency will occur every 10 seconds. What should be done to meet these requirements?
Use Amazon CloudWatch to create custom metrics and alarms
Use AWS CloudTrail to log and monitor application events
Use Amazon S3 to store and retrieve log data for monitoring
Use Amazon SNS to send notifications based on logged-in users
22. As a developer, you are tasked with creating an API Gateway stage that will directly interact with DynamoDB tables. Which feature of the API Gateway must be used to fulfill this requirement?
Integration Requests
Proxy Integration
Resource Policies
Method Request
23. A leading automobile dealer company expanding globally is facing problems ensuring a consistent state of provisioning and maintenance of environments. Their current architecture involves rolling out Kubernetes jobs through AWS EKS using Spot instances to create new microservices for a new environment requested by a user. However, Spot instances are deleting the underlying nodes, and jobs are getting terminated, thus disrupting the entire chain of environment creation for different business units. From the solutions proposed below, select the right options to resolve the issue. (Select TWO)
Implement Spot Instance Interruption Handling
Switch entirely to On-Demand Instances
Use a combination of On-Demand and Spot Instances
Use Amazon EC2 Auto Scaling
24. An organization is using AWS Elastic Beanstalk for a web application. The Developer needs to configure the Elastic Beanstalk environment with deployment methods to create new instances and deploy code to those instances. Which methods will deploy code ONLY to new instances? Choose 2 answers from the options given below.
Rolling deployment
Immutable deployment
Blue/Green deployment
All-at-once deployment
25. Your company currently stores its objects in S3. The current request rate is around 11000 GET requests per second. There is now a mandate for objects to be encrypted at rest, so you enable encryption using KMS. However, performance issues are now being encountered. What could be the main reason behind this?
Network bandwidth is insufficient
There is a bug in S3 causing slow performance
KMS has a quota limit for requests per second
S3 does not support encryption with KMS for high request rates
26. A developer is building a web application that uses Amazon API Gateway. A new version is released by the development team. Publishing of this new release should not impact users and production traffic should not be hampered by any bugs in the new release. What solutions will meet these requirements in a cost-effective way?
Use canary release deployment in API Gateway
Implement blue/green deployments using two separate API Gateway instances
Create a new stage in API Gateway for the new version and gradually shift traffic
Deploy the new version in a separate AWS account and switch the DNS upon successful testing
27. A developer team has deployed an application in AWS Cloud infrastructure and is using AWS Private Certificate Authority for issuing certificates. The security team is observing a private key being exposed and looking to revoke certificates issued by AWS Private Certificate Authority. While revoking certificates, a synchronous approach should be preferred instead of a memory intensive method. For security purposes, client querying for revoked certificates should use a distinct public URL. What solution will meet this requirement?
Use AWS Lambda for revocation checks
Use AWS CloudFront with S3
Use Certificate Revocation List (CRL)
Use Online Certificate Status Protocol (OCSP)
28. You have been asked to develop an application on the AWS Cloud that will store confidential documents in an S3 bucket. You need to ensure that the bucket is configured to reject any objects that are not encrypted. How can you achieve this?
Use a bucket policy that denies any put request without server-side encryption
Use an S3 Lifecycle policy to transition unencrypted objects to Glacier
Enable default encryption on the bucket
Use AWS Config rules to monitor the bucket for unencrypted objects and alert you
29. Your team has been instructed to develop a completely new solution on AWS. Currently, you have a limitation on the tools available to manage the complete lifecycle of the project. Which AWS service could help you handle all aspects of development and deployment?
AWS CodeBuild
AWS CodeStar
AWS CodeDeploy
AWS CodePipeline
30. You’re developing an AWS Lambda function that interacts with a DynamoDB table. The function was performing well, but now it is returning results with a time delay. You need to debug the code to identify the bottleneck causing the performance issue. What is the ideal way to debug the code?
Use AWS CloudWatch Logs
Increase DynamoDB read capacity
Enable AWS Lambda Dead Letter Queues
Use AWS X-Ray
31. In API Gateway, when a stage variable is used as part of an HTTP integration URL, which of the following are correct ways of defining a "subdomain" and the "path"? (Select TWO)
https://${stageVariables.example.com}/${stageVariables.subdomain}/${stageVariables.path}
https://example.${stageVariables.subdomain}.com/${stageVariables.path}
https://example.com/${stageVariables.subdomain}/${stageVariables.path}
https://${stageVariables.subdomain}.example.com/${stageVariables.path}
32. You are configuring Cross-Origin Resource Sharing (CORS) for your S3 bucket. You need to ensure that external domain sites can only issue GET requests against your bucket. Which of the following would you modify as part of the CORS configuration for this requirement?
ExposeHeaders
AllowedHeaders
AllowedMethods
AllowedOrigins
33. You are a developer for a company developing a .NET-based application to be hosted on AWS. The application requires data encryption, but the company currently lacks a key store for managing encryption keys. Which of the following services can be used in your code to encrypt data?
AWS KMS
AWS IAM
AWS Shield
AWS CloudHSM
34. Your application must write to an SQS queue. The application can be deployed using EC2, Lambda, or Elastic Beanstalk. Your corporate security policies require that AWS credentials are always encrypted and are rotated at least once a week. How can you securely provide credentials that allow your application to write to the queue?
Store credentials in AWS Secrets Manager and retrieve them dynamically
Use IAM roles with appropriate policies
Embed the credentials in the application's code and encrypt the code
Use environment variables to store the credentials and update them weekly
35. You’re developing an application on AWS based on Microservices, which will be created using AWS Lambda functions. Due to the complexity of the flow between these components, you need an efficient way to manage the workflow of execution for these Lambda functions. How can you manage this effectively now and in the future as you add more Lambda functions to the application?
AWS CloudFormation
AWS Step Functions
Amazon SQS
AWS CodePipeline
36. You are planning on deploying an application to the worker role in Elastic Beanstalk. This worker application will run periodic tasks. Which of the following is a must-have as part of the deployment?
tasks.json file
config.yml file
schedule.xml file
cron.yaml file
37. You have developed a web-based application that makes calls to backend APIs. Which headers must web browsers set up in each API method that has CORS enabled? (Select TWO)
Access-Control-Allow-Headers
Access-Control-Request-Method
Access-Control-Allow-Methods
Access-Control-Allow-Origin
38. You are working with an architecture team and several cloud engineers. The project requires containerization, and you are responsible for maintaining the Amazon ECS tasks. What concepts are correct when it comes to task definitions?
Task definitions do not support data volumes
Task definitions specify the Docker image to use for the container
Task definitions include IAM roles for tasks
Task definitions define CPU and memory requirements
39. A developer has recently deployed an AWS Lambda function that computes a Fibonacci sequence using recursive Lambda invocations. A pre-defined AWS IAM policy is being used for this function, and only the required dependencies were packaged. A few days after deployment, the Lambda function is being throttled. What should the Developer have done to prevent this, according to best practices?
Package fewer dependencies
Configure reserved concurrency for the Lambda function
Increase the timeout setting of the Lambda function
Use AWS Step Functions to manage the recursive invocations
40. You have a VPC with a subnet that houses an AWS RDS instance. Your manager has asked you to start monitoring all modifications made to its data by applications. You decide to use a Lambda function to do this. However, you need to allow the function access to the VPC. How will you go about doing this?
Configure the Lambda function to connect to the VPC by specifying the subnet ID and security group ID
Create a VPC endpoint for Lambda
Use AWS Direct Connect
Use VPC Peering
41. A developer is working on an application that needs to store AWS IoT devices' real-time streaming data to AWS Cloud. This is sensitive, critical data, and the Security Head requires all the data streams to be encrypted in the most appropriate way. Which solutions will meet these requirements?
Apply AWS IoT Core with encryption at rest
Utilize AWS Kinesis Data Streams with server-side encryption
Implement client-side encryption before sending data to AWS IoT
Use AWS IoT Device SDK with server-side encryption
42. You are planning to launch a web-based application in two different regions within the US on AWS due to your organization's compliance policies. You have set up two EC2 instances attached to an Elastic Load Balancer in us-east-1 and replicated the same setup in us-west-1. You now have two load balancers that need to handle traffic from the internet. How should you configure your Route 53 record sets to split the requests equally between both load balancers?
Create an A record with a simple routing policy, listing both load balancers
Create an A record with a weighted routing policy, assigning a weight of 50 to each load balancer
Create an A record with a failover routing policy and configure primary and secondary load balancers
Create an A record with a latency routing policy, specifying each region
43. Your team has completed the development of an application. Now, this application needs to be deployed to run on an EC2 instance. The application data will be stored on a separate volume which needs to be encrypted at rest. How can you ensure this requirement is met?
Enable encryption when creating the EBS volume
Modify the EC2 instance metadata to enforce encryption
Implement encryption in the application layer
Use EC2 instance store with encryption
44. You’ve developed an AWS Lambda function but are running into a lot of performance issues. You decide to use the AWS X-Ray service to diagnose the issues. Which of the following must be done to ensure that you can use the X-Ray service with your Lambda function?
Add the AWS X-Ray SDK to your Lambda function code
Configure your Lambda function to be traced by X-Ray
Add the necessary IAM permissions for X-Ray
Enable active tracing when creating or updating your Lambda function
45. You are using AWS SAM templates to deploy a serverless application. Which of the following resources will embed nested applications from Amazon S3 buckets?
AWS::Serverless::Application
AWS::Serverless::Function
AWS::Serverless::Api
AWS::Serverless::LayerVersion
46. A financial institute is storing all its critical documents in the Amazon S3 bucket which has versioning enabled. The retention period is applied to documents using object lock, but you are observing some objects are getting overwritten. Which of the following could be a possible reason?
Versioning is not working correctly
Compliance Mode
Object lock is not enabled properly
Governance Mode
47. A software engineer is developing an application in AWS using AWS SDK. You need to implement a mechanism in the AWS SDK to handle "re-trying" errors. Which of the following mechanisms is suitable?
Bulkhead Isolation
Exponential Backoff
Circuit Breaker
Dead Letter Queue
48. An application requires users to authenticate using AWS, and MFA must be enabled when logging into the application. Which of the following services can be used to achieve this?
Amazon Cognito
AWS IAM
AWS KMS
AWS Directory Service
49. AWS CodeDeploy is used to configure a deployment group to automatically roll back to the last known good revision when a deployment fails. During the rollback, files required for deployment to the earlier revision cannot be retrieved by AWS CodeDeploy. Which of the following actions can be executed for a successful rollback? Choose 2 correct options.
Ensure the application revision is retained in the source repository
Verify the IAM role has necessary permissions to access the revision files
Increase the revision history limit in CodeDeploy settings
Manually re-upload the previous revision to the deployment bucket
50. Your team has developed an application that makes use of AWS resources. In order to provide frequent releases to the customer, you are required to automate the CI/CD process. Which of the following can be used for this purpose?
AWS CloudFormation
Amazon S3
AWS Lambda
AWS CodePipeline
51. As a cloud engineer, you have been granted access to an Amazon ECR image repository. You need to pull images from the repository as part of a container definition when creating an Amazon ECS task. Which statement correctly describes this scenario?
The ECS task definition must specify the ECR repository URI.
The ECS service must have a security group that allows access to the ECR repository.
The ECS task execution role must have permissions to use Amazon ECR.
The container instance must have permissions to use Amazon ECR.
52. A company has a CloudFormation template that is used to create a large number of resources, including a VPC, subnets, EC2 Instances, Auto Scaling Groups, and Load Balancers. Which of the following should be considered when designing such CloudFormation templates?
Limit the number of resources in a single template
Use nested stacks to organize resources logically
Avoid using parameters and mappings
Include detailed metadata for resources
53. Which of the following is true with respect to strongly consistent read requests from an application to a DynamoDB with a DAX cluster?
Application must bypass DAX for strongly consistent reads
DAX provides strong consistency by default
Strongly consistent reads are not possible with DynamoDB
DAX supports strongly consistent reads directly
54. A company is storing sensitive data in their S3 bucket. The company policy states that all objects in the S3 bucket need to be encrypted at rest. Which of the following helps ensure this policy is met?
Enabling default encryption on the S3 bucket
Setting up Amazon Macie to monitor sensitive data
Creating a bucket policy that denies uploads of unencrypted objects
Using AWS CloudTrail to log S3 bucket access
55. You need to set up a RESTful API service in AWS that would be serviced via the following URL: https://democompany.com/customers?ID=1. Customers should be able to get their details by providing the ID to the API. Which of the following would you define to fulfill this requirement? Choose 2 answers from the options given below.
Amazon RDS
Amazon S3
AWS Lambda
Amazon API Gateway
56. You have created the following stages in CodePipeline: Source > Build > Staging. What happens if a failure is detected in the "Build" stage?
The pipeline proceeds to the Staging stage but marks the Build stage as failed.
The pipeline stops and does not proceed to the Staging stage.
The pipeline sends a notification but continues to the Staging stage.
The pipeline retries the Build stage automatically.
57. You are developing a .NET Core application that will be hosted in an Elastic Beanstalk environment. The application needs to make backend calls to a database. To improve performance during the testing phase, how can you diagnose performance issues most easily?
Enable Elastic Beanstalk enhanced health reporting
Use Amazon CloudWatch to monitor metrics
Use AWS X-Ray to trace requests
Enable Amazon RDS Performance Insights
58. Your architect has drawn out the details for a mobile-based application. Below are the key requirements when it comes to authentication. Users should have the ability to sign in using external identities such as Facebook or Google. There should be a facility to manage user profiles. Which of the following would you consider as part of the development process for the application?
AWS IAM
AWS Lambda
Amazon EC2
Amazon Cognito
59. You are developing a Java-based application that needs to use the AWS KMS service for encryption. What must be done for the encryption and decryption process? Choose 2 answers from the options given below.
Use the AWS SDK for Java to interact with the KMS service
Configure the KMS endpoint in the VPC for the application to connect
Store the KMS keys within the application code for easy access
Ensure that the Java application has the necessary IAM permissions
60. You are using AWS Envelope Encryption to encrypt all of your sensitive data. Which of the following is true with regards to the AWS Envelope Encryption service?
The data key is stored in plaintext
The data is encrypted with a data key and the data key is encrypted with a master key
The master key is stored in plaintext
The data is encrypted with a master key directly
61. An application is currently accessing a DynamoDB table. The table queries were performing well initially, but after recent changes to the application, the performance has started to degrade. Upon reviewing the changes, you notice that the queries are now using an attribute that is not the partition key. Which of the following would be the appropriate change to make to resolve this issue?
Use parallel scans instead of queries
Increase the read capacity units of the table
Change the attribute to be the partition key
Create a Global Secondary Index (GSI) on the attribute
62. A developer team is working on a new web application that will be deployed in AWS Cloud. They will use AWS Elastic Beanstalk for creating AWS resources for this application. The team is looking to package configuration files and multiple WAR (Web Application Resource) files required for this application and seeks your help to build the application source bundle. How can a developer create a source bundle for application deployment?
Zip the application files into a single .zip file. Ensure the .zip file includes all the necessary configuration files and WAR files.
Create an S3 bucket and upload each file individually.
Create a .tar.gz archive containing the application files.
Upload the WAR files directly to Elastic Beanstalk without bundling.
63. A developer is using Amazon API Gateway as an HTTP proxy to a backend endpoint. There are three separate environments: Development, Testing, and Production, with three corresponding stages in the API gateway. How should traffic be directed to different backend endpoints for each of these stages without creating a separate API for each?
Use custom domain names for each stage
Use stage variables in API Gateway
Use different resource paths for each stage
Use Lambda functions to redirect traffic
64. A developer is using Amazon DynamoDB as a database for a mobile application. Multiple tables are created within the DynamoDB instance, and all these tables are encrypted using customer-managed KMS keys. In addition to the key policy, the Security team requires additional authorization to allow DynamoDB to perform background system maintenance and create table keys. How can this configuration be achieved?
Create a VPC endpoint for DynamoDB
Update the key policy to include DynamoDB service principal
Enable automatic key rotation for customer-managed keys
Attach an IAM policy to the DynamoDB service role
65. You are developing an application that works with a DynamoDB table. During the development phase, you want to monitor the Consumed capacity for the queries being executed. How can this be achieved?
Use the ReturnConsumedCapacity parameter in the query request
Inspect the AWS CloudTrail logs
Utilize AWS X-Ray for detailed insights
Enable CloudWatch detailed monitoring for DynamoDB
66. You’re the lead developer for a company that uses AWS KMS to decrypt passwords from an AWS RDS MySQL database using an asymmetric CMK. While decrypting the data, you receive an InvalidCiphertextException error which causes the application to fail. You have made sure that the CMK ID used is accurate. What could have caused this error?
The ciphertext is corrupted or altered
The CMK is disabled
The IAM role does not have decrypt permissions
The encryption context does not match
67. An application has a database in an AWS RDS Instance. When traffic is high, the application's response time increases due to many read queries to the RDS database. Which of the following can be used to decrease the response time for the application?
Increase RDS Instance Size
Use Amazon ElastiCache
Enable Multi-AZ Deployment
Use Amazon RDS Read Replicas
68. A Developer is working on an application that will use an AWS Lambda function to process clicks within a custom mobile application. The team is creating a custom Lambda runtime API for this application using OpenAPI specifications. From the invocation path, they want to identify the entity which initiated the function invocation. Which header can be used to track the invocation within the Lambda function?
Lambda-Runtime-Client-Context
Lambda-Runtime-Trace-Id
Lambda-Runtime-Invoked-Function-Arn
Lambda-Runtime-Aws-Request-Id
69. A legal firm has archived its legal documents in two storage classes: S3 Glacier storage class & S3 Glacier Deep Archive storage class. For liaising with new international clients, they need to submit some of the documents urgently. They are looking for these documents at the earliest time to get restored. Which of the following is a recommended way to get the data available in the fastest possible way?
Use Expedited Retrieval for S3 Glacier
Use Standard Retrieval for S3 Glacier
Use Bulk Retrieval
Use Standard Retrieval for Deep Archive
70. A media firm is using EBS-backed EC2 instances for their application deployment. They have a process of taking daily snapshots of these EBS volumes. During an outage, they observed a delay in restoration while restoring these snapshots, causing financial loss to the firm. The IT Head has demanded to use Fast Snapshot Restore (FSR) for performance improvement and assigned you the task of setting up FSR on Snapshots. Which of the following statements concerning FSR for EBS is correct?
Fast Snapshot Restore requires additional configuration in the instance launch template.
Fast Snapshot Restore is automatically enabled for all snapshots by default.
Fast Snapshot Restore can be used with both EBS and S3 snapshots.
Fast Snapshot Restore can be enabled on a snapshot to ensure that EBS volumes created from it are fully-initialized at creation.
71. Which of the following options can be used as Multi-Factor Authentication (MFA) in Amazon Cognito? (Select two)
SMS-based MFA
Time-based One-Time Password (TOTP)
Email-based MFA
Biometric-based MFA
72. You are developing an application using AWS Lambda, where a Lambda function is placed in a private subnet without internet access. This Lambda function receives bank account information as a JSON object of about 7 Kb in size. You need to encrypt this information and then save it to DynamoDB. Which approach could satisfy this requirement?
Use client-side encryption before sending data to Lambda
Use AWS Key Management Service (KMS) to encrypt the data
Use AWS Secrets Manager to store and retrieve the encrypted data
Use a VPC endpoint to access DynamoDB and encrypt data with AWS KMS
73. You are managing a central AWS account in your company. You need a tool to analyze access control policies in resources such as S3 and determine if resources can be accessed publicly or from other AWS accounts. With this tool, you can protect the resources from unexpected access from outside. Which option should be selected to achieve the requirement?
AWS Trusted Advisor
AWS IAM Access Analyzer
AWS CloudTrail
AWS Config
74. The development team has successfully deployed a new application on an Amazon EC2 instance in the us-west-2 region. They now need to deploy the same application on Amazon EC2 instances in other regions, ensuring that the instances include images built from the instances in us-west-2 along with the latest security patches. Which action will be best suited for this requirement?
Use Elastic Beanstalk for multi-region deployment
Use AWS CodeDeploy for deployment
Copy the Amazon Machine Image (AMI) to other regions
Create a CloudFormation template
75. A financial application is using Amazon SNS to publish messages to HTTPS endpoints across multiple regions, all targeting a single publisher server in the us-east-1 region. In case of server-side errors, the application team needs a solution for message retries and storing discarded messages for further analysis. Which solution will meet this requirement?
Configure SNS topic delivery policies with exponential backoff retries
Use Amazon SQS to buffer messages before sending to HTTPS endpoints
Enable dead-letter queues and set up retry policies
Implement AWS Lambda for message processing and error handling
76. You are building a Lambda function that connects to an AWS Aurora cluster and performs SQL queries. You want to use IAM database authentication to connect to the DB cluster so that the Lambda function does not need to use a username and password. IAM should manage the authentication process. How would you implement this?
Use an IAM database authentication token in the connection string
Enable IAM database authentication in the Aurora cluster parameter group
Attach an IAM role to the Lambda function with necessary permissions
Create an IAM policy allowing access to the Aurora cluster and attach it to the Lambda function
77. During the development, definition, and deployment of a backend you are building, you have to decide how to use user and identity pools as a part of a serverless application. What statements are correct in this scenario?
Identity pools provide temporary AWS credentials to access AWS services.
User pools provide user directories to manage sign-up and sign-in functionality.
User pools can be used to authenticate users through social identity providers.
Identity pools cannot be used with unauthenticated users.
78. A developer is working on an application that will be deployed on multiple OS platforms. The application will be deployed in Amazon ECS with multi-architecture images stored in Amazon ECR. The developer is looking for options to push the required images from Docker to Amazon ECR. Which solution will meet these requirements?
Use AWS CodeBuild to build and push the images to Amazon ECR
Use the AWS CLI to authenticate Docker to the Amazon ECR registry and push the images
Use AWS Elastic Beanstalk CLI to deploy the Docker images to Amazon ECR
Use the Amazon ECR Docker Credential Helper to authenticate Docker to the Amazon ECR registry and push the images
79. You need to deploy an application on AWS EC2 using a CloudFormation template to prepare the infrastructure, including VPC, public subnet, and private subnet. The EC2 instances should be placed into private subnets and must connect to the internet to download software packages. Which resources should be included in the CloudFormation template? (Select TWO)
NAT Gateway
VPC Peering
Internet Gateway
Route Table with NAT Gateway routes
80. Your company needs to develop an application that requires a caching feature. The application must have high availability and cannot afford many cache failures. Which service should you choose for this purpose?
Amazon ElastiCache with Memcached
Amazon ElastiCache with Redis
Amazon S3
Amazon RDS
81. Your team is developing a set of Lambda functions. They need to debug the Lambda functions using the X-Ray service. Which of the following are environment variables that AWS Lambda uses to communicate with the X-Ray service? Choose 3 answers from the options given below.
AWS_LAMBDA_EXEC_WRAPPER
AWS_XRAY_CONTEXT_MISSING
AWS_XRAY_DAEMON_ADDRESS
XAMZN_TRACE_ID
82. Your team is developing a set of Lambda functions. You need to ensure the team uses the best practices for working with AWS Lambda. Which practice should you follow?
Package dependencies with Lambda deployment package
Keep the functions stateless
Use environment variables to pass operational parameters
Avoid using AWS Lambda with other AWS services
83. You have a launch template where a subnet is specified in its network interface. Now you need to use AWS CLI (aws autoscaling create-auto-scaling-group) to create an Auto Scaling group with the launch template. However, the ASG should be launched in another subnet that is different from the one specified in the launch template. How would you create the ASG with the AWS CLI command?
Modify the launch template to remove the subnet configuration
Use the --vpc-zone-identifier parameter with the desired subnet ID
Specify the --subnets parameter with the desired subnet ID
Update the network interface configuration in the launch template
84. Your team is planning to use the AWS CodeBuild service to test the build of an application. The application needs to connect to a database. How should you securely store the database password so that it is available during the build process?
Store the password in a plaintext environment variable
Store the password directly in the buildspec.yml file
Store the password in an encrypted parameter in AWS Systems Manager Parameter Store
Store the password in AWS Secrets Manager
85. The AWS accounts in your company are managed in AWS Organizations and Organizational Units (OUs). In one AWS account, there is an S3 bucket that stores sensitive documents. The S3 bucket should only allow the AWS accounts from one OU of your Organization to get its objects. Which of the following methods is the easiest one to achieve the requirement?
Use VPC Endpoint policies to restrict access to the S3 bucket
Use IAM roles and trust policies to restrict access
Use an S3 bucket policy that allows access based on the AWS PrincipalOrgID condition
Use AWS Lambda to validate the access requests
86. You are developing a Lambda in your Dev1 account, the purpose of this Lambda is to save QR codes in two S3 buckets, one bucket (BucketDev1) is in the same account as the Lambda and the second bucket (BucketDev2) is in another AWS account called Dev2. A requirement is to only allow this specified Lambda from Dev1 to create objects in BucketDev2. What do you need to grant access to this Lambda function for both S3 buckets?
Add a bucket policy to BucketDev1
Use an IAM role with cross-account access
Add a resource-based policy to BucketDev2
Add a VPC endpoint to the S3 bucket
87. You have an application storing objects in an Amazon S3 bucket. Due to massive popularity, these objects are frequently accessed from the S3 bucket. Which of the following can be used to reduce the latency of these objects?
Amazon CloudFront
AWS Direct Connect
Amazon ElastiCache
Amazon RDS Read Replicas
88. The developer team is deploying a containerized application using Amazon ECS. They need to pass sensitive credentials for the RDS instance to this container with fine-grain access policies, meet security compliance requirements of automatic rotation, and ensure the container applications can automatically retrieve credentials once there is an update. Retrieving credentials at runtime is not a constraint. What solution should the developers opt for to meet these requirements?
AWS Secrets Manager
Environment Variables
AWS IAM Roles for Tasks
AWS Systems Manager Parameter Store
89. A developer has deployed an application in a production environment. The developer team is proposing configuration changes to this application which needs to safely implement this critical application. There will not be any changes in the application code. All the configuration changes need to be validated and need to have roll-back in case of any impact on existing applications. How can configuration changes be implemented for this requirement?
Use AWS CloudFormation with change sets
Use AWS CodeDeploy with blue/green deployment
Use AWS Systems Manager Parameter Store
Use AWS Elastic Beanstalk with saved configurations
90. Several teams share one AWS account, and there is a large number of IAM roles. You need a method to periodically check each IAM role and identify unused roles based on a time window that you define. Then you can determine if some roles are obsolete and can be safely removed. Which option is the most appropriate?
AWS Trusted Advisor
AWS IAM Access Advisor
AWS CloudTrail logs
AWS Config rules
91. A deployment team is using Amazon ECR to store images required for deploying Amazon ECS. The operations team is observing some of the image tags are getting overwritten. They are looking for a permanent fix to avoid any impact on image deployment. What configuration changes need to be done to resolve this issue?
Configure lifecycle policies
Set repository permissions
Enable image scanning
Enable image tag immutability
92. The deployment team is working on a new serverless application. The application needs to be tested for any errors before deploying to the production environment. The team should be able to debug the code while testing to fix any issues observed during the testing phase. Which combination of actions should the developer perform to meet these requirements? (Select TWO)
Utilize AWS CloudFormation for deploying resources
Use AWS SAM CLI to run Lambda functions locally
Implement AWS X-Ray to trace requests and analyze service behavior
Use AWS CodePipeline to automate the deployment process
93. A telecom firm provides access to data stored in an Amazon S3 bucket to external vendors on a project basis. Once the project is completed, public access to this Amazon S3 bucket is removed. During a security check, it was found that some of the buckets still have public access even though projects are completed. The Security Head needs you to determine all Amazon S3 buckets with public access. Which action can be initiated to complete this task in the shortest time frame?
Use the Amazon S3 Inventory to create a report of all bucket permissions
Run the aws s3api list-buckets --query "Buckets[].Name" command followed by aws s3api get-bucket-acl for each bucket
Enable and use AWS Trusted Advisor to check bucket permissions
Use the AWS S3 console to manually check each bucket's permissions
94. You and your team have a productive REST API with API Gateway and Lambda as the backend. You want to make code improvements to this API without disrupting your customers. After completing the modifications to the Lambda code, you want to deploy this new version. How can you achieve this?
Create a new API Gateway endpoint for the new version
Deploy new Lambda versions directly to production
Update the existing Lambda function with new code
Use API Gateway Stages and Lambda Aliases
95. You are the lead developer for an application that uses WebSockets through API Gateway to push payloads between the clients and server. Your API has a proxy integration with Lambda. When the client connects for the first time, it receives a preflight error message. Which steps will you take to resolve this issue?
Check and correct the preflight request headers
Add appropriate CORS headers in the API Gateway method response
Enable CORS in API Gateway settings
Update the Lambda function to handle preflight requests
96. The AWS accounts in your company are managed in AWS Organizations and Organizational Units (OUs). In one AWS account, there is an S3 bucket that stores sensitive documents. The S3 bucket should only allow the AWS accounts from one OU of your Organization to get its objects. Which of the following methods is the easiest one to achieve the requirement?
Use VPC Endpoint policies to restrict access to the S3 bucket
Use an S3 bucket policy that allows access based on the AWS PrincipalOrgID condition
Use AWS Lambda to validate the access requests
Use IAM roles and trust policies to restrict access
97. You work for a travel company that books accommodation for customers. The company has decided to release a new feature that will allow customers to book accommodation in real-time through their API. As a developer, you have planned to deploy this new feature. How will you test the new API feature with minimal impact to customers?
Use a feature toggle
Use a blue-green deployment
Conduct A/B testing
Use a canary release strategy
98. A developer team is working on an application in which the AWS Lambda function is used to process messages from an Amazon SQS standard queue. It is observed that when there are errors occurring in message processing, all the messages are processed again, resulting in messages being processed multiple times. What action can be taken to prevent the AWS Lambda function from processing messages multiple times?
Implement message deduplication
Increase the visibility timeout of the SQS queue
Use an SQS dead-letter queue
Enable long polling for the SQS queue
99. As an API developer for a large manufacturing company, you have developed an API resource that adds new products to the distributor's inventory using a POST HTTP request. The request includes an Origin header and accepts application/x-www-form-urlencoded as the request content type. Which response header will allow access to this resource from another origin?
Access-Control-Allow-Headers
Access-Control-Allow-Credentials
Access-Control-Allow-Origin
Access-Control-Allow-Methods
100. Your team is building an application, and an Amazon Elastic File System (EFS) is required to share data across different nodes. For the EFS file system, you need to configure a policy to enforce some default security rules. For example, root access should be disabled, and connections from EFS clients must use TLS. Which method is the most suitable?
Use Network ACLs
Use Security Groups
Use EFS Access Points
Use IAM Policies
101. Your application is currently configured to interact with an S3 bucket. Now you are getting errors that the bucket does not exist. Which of the following is the best way to understand how the bucket was deleted?
Inspect IAM policies
Use AWS Config to review bucket configuration changes
Review S3 access logs
Check the CloudTrail logs for bucket deletion events
102. The developer team is using AWS CodeBuild to compile source code, run tests, and produce artifacts ready for deployment. To meet audit compliance, the team wants to store a buildspec file with an alternate name and in a different location than the default one. What solution can be implemented to meet this requirement?
Use a build phase to download the buildspec file
Specify the buildspec file name and location in the AWS CodeBuild project configuration
Store the buildspec file in the S3 bucket
Configure the buildspec file in the build environment variables
103. A banking institute is storing all its critical data in an Amazon S3 bucket in the us-west-1 region. For security compliance, this data needs to be replicated in multiple regions. You have been assigned the task of creating a replication configuration for the source bucket. Which of the following should be considered while creating rules for replication configuration?
Use IAM roles to grant S3 permissions
Enable versioning on the source and destination buckets
Select the appropriate storage class for replicated objects
Configure the bucket policy to allow replication
104. You work for a large bank and are tasked with building an application that allows 30 large customers to perform more than 1000 online transactions per second swiftly and collectively in the us-east-1 region. The size of each transaction is around 5 KB. Your manager has told you to ensure data is encrypted end-to-end. You decide to use AWS KMS to meet your requirements. While using the SDK and testing, you see a ThrottlingException error. How will you deliver the application with optimum performance metrics?
Increase the KMS request quota
Implement batching of transactions
Use AWS KMS with a custom key store
Use data key caching
105. A deployment team is working on an application revision for an application deployed on an Amazon EC2 instance with Amazon Linux OS. For this deployment, they will be using an application named “Demo-APP” stored in the GitHub repository “TEST-RepositaryName”. The team is looking for a way to specify a repository name to push the application revision. How can an application revision be pushed from the GitHub repository?
Use the AWS CLI to push the application revision
Use AWS CodeDeploy to directly deploy from the GitHub repository
Use the AWS Management Console to manually upload the application revision
Use AWS CodePipeline to connect to the GitHub repository
106. A developer team is deploying a containerized application on Amazon ECS using AWS Copilot. Post-deployment, the Operations team is looking to fetch configuration and interface details of the API which will assist them during troubleshooting. How can details be fetched for this API?
Access the ECS task logs
Use the AWS Copilot CLI command copilot svc show
Use the AWS CLI to describe the ECS service
Query the AWS CloudFormation stack outputs
107. The development team uses AWS CodePipeline to deploy a new application from an Amazon S3 bucket to a fleet of Amazon EC2 instances across multiple Availability Zones (AZs). The team needs to run tests before the Deploy stage to ensure there are no bugs in the source code. What is an additional requirement for a Custom Action in AWS CodePipeline?
The custom action must be defined in a separate AWS CloudFormation stack
The custom action must have a valid IAM role
The custom action must include a manual approval step
The custom action must have a Lambda function
108. The application team is using AWS Systems Manager Parameter Store to store database password credentials. The Operations Head wants to send notifications to all application owners to modify passwords at regular intervals. Owners should get a reminder when the password has not been changed for a specific period. What configuration changes can be implemented in AWS Systems Manager Parameter Store to meet this requirement?
Use AWS Lambda with an Amazon SNS topic
Set up an Amazon CloudWatch Event rule
Enable AWS Config rules to monitor parameter changes
Configure a parameter policy with expiration notification
109. A new application is being deployed on an Amazon EC2 instance. This is a critical financial application for which data needs to be encrypted end to end. Data encryption should be done using AWS KMS in a cost-effective way, and control of the key is not a criterion. The security compliance team requires key rotation for these keys. Which keys can be selected for this requirement?
AWS managed CMKs
Imported key material
Customer managed CMKs
AWS owned CMKs
110. A project team is using Docker images stored in an Amazon ECR private registry for application deployment in Amazon ECS. The Quality Control team, having a different AWS account, needs to use the same images for performing testing on this application. The project team needs to replicate these images to the Quality Control team’s private registry securely with proper access control. What configuration changes will be required on the private registry for this requirement?
Create a cross-account IAM role
Use AWS Organizations Service Control Policies (SCP)
Configure repository policies for cross-account access
Enable cross-region replication
111. A deployment team is working on a new application where AWS Lambda will fetch data from Amazon SQS and write to an Amazon RDS instance. The Amazon RDS instance is deployed in a VPC private subnet. AWS Lambda will also require access to external APIs deployed outside the VPC. What configuration changes are needed to enable AWS Lambda to access both services?
Use AWS Direct Connect to establish a dedicated network connection between the VPC and external APIs
Deploy AWS Lambda in the same private subnet as Amazon RDS and configure a VPC endpoint for external APIs
Configure a VPC with private and public subnets, and attach an Internet Gateway to the VPC
Create a VPC endpoint for Amazon SQS and configure a NAT Gateway for external API access
FAQs
1. What is the AWS Certified Developer Associate certification?
The AWS Certified Developer Associate validates your ability to develop, deploy, and debug cloud-based applications using AWS services.
2. Who should take the AWS Developer Associate exam?
It’s ideal for software developers with at least one year of experience developing and maintaining AWS-based applications.
3. Is AWS Certified Developer Associate worth it?
Yes, it’s highly respected in the industry and boosts your credentials as a cloud developer.
4. What are the benefits of AWS Developer Associate certification?
You gain professional recognition, better job opportunities, and validation of your AWS development skills.
5. How does the AWS Developer Associate compare to AWS Solutions Architect?
Developer Associate focuses on coding and building applications, while Solutions Architect focuses on designing infrastructure.
6. How many questions are on the AWS Developer Associate exam?
The exam consists of 65 multiple-choice and multiple-response questions.
7. What is the format of the AWS Certified Developer Associate exam?
It is an online or in-person, proctored exam with scenario-based multiple-choice questions.
8. How difficult is the AWS Certified Developer Associate exam?
It’s moderately difficult, especially if you're unfamiliar with real-world AWS development practices.
9. What is the duration of the AWS Developer Associate exam?
You have 130 minutes to complete the exam.
10. What topics are covered in the AWS Developer Associate exam?
Topics include deployment, development using AWS SDKs, monitoring, troubleshooting, and best practices.
11. How do I prepare for AWS Certified Developer Associate exam?
Use CertiMaan’s practice questions and study materials alongside AWS’s official training and documentation.
12. What are the best resources to study for AWS Developer Associate?
CertiMaan mock tests and the AWS Skill Builder platform offer quality preparation content.
13. Are there free practice tests for AWS Developer Associate certification?
Yes, CertiMaan and AWS both offer sample questions and free practice materials.
14. Can I pass AWS Developer Associate without experience?
Yes, if you commit to consistent study using trusted sources like CertiMaan and AWS official docs.
15. Does CertiMaan provide AWS Developer Associate exam dumps or mock tests?
Yes, CertiMaan provides up-to-date mock exams and practice questions aligned with the official exam.
16. What is the cost of the AWS Certified Developer Associate exam?
The exam costs $150 USD.
17. Are there any prerequisites for the AWS Developer Associate exam?
There are no formal prerequisites, but basic experience with AWS and programming is recommended.
18. How do I register for the AWS Certified Developer Associate exam?
You can register through the AWS Certification portal (https://aws.amazon.com/certification/).
19. Can I reschedule or cancel my AWS Developer Associate exam?
Yes, you can do so via the AWS Certification portal at least 24 hours before your exam.
20. Do I need a coding background for AWS Developer Associate?
Yes, familiarity with programming languages like Python, Java, or JavaScript is beneficial.
21. What is the passing score for AWS Developer Associate exam?
The passing scaled score is 720 out of 1000.
22. How is the AWS Developer Associate exam scored?
It’s scored based on a weighted system, and results are delivered within a few days.
23. How long is the AWS Developer Associate certification valid?
It’s valid for 3 years from the date of certification.
24. Can I retake the AWS Certified Developer Associate exam if I fail?
Yes, but you must wait 14 days before retaking it.
25. How long should I study for AWS Developer Associate certification?
Most candidates need 4 to 8 weeks of focused study, depending on prior AWS and coding knowledge.
26. What is the average salary of an AWS Certified Developer Associate?
On average, certified professionals earn between $105,000 to $130,000 annually.
27. What jobs can I get with AWS Certified Developer Associate certification?
You can work as a Cloud Developer, AWS Software Engineer, DevOps Developer, or Cloud Consultant.
28. Does AWS Certified Developer Associate help in getting a job?
Yes, it opens up opportunities in cloud development roles at startups and enterprise companies.
29. Do employers value AWS Developer Associate certification?
Yes, it is widely respected and shows that you can effectively build and deploy applications on AWS.
30. Is AWS Developer Associate good for beginners?
Yes, especially for developers with some programming knowledge looking to enter the cloud domain.