Free Practice Questions for Amazon Web Services DVA-C02 Exam

Increasing the number of shards of the Kinesis data stream will increase the throughput and parallelism of the data processing. Increasing the memory that is allocated to the Lambda function will also increase the CPU and network performance of the function, which will reduce the run duration and improve the processing speed. Option B is not correct because decreasing the timeout of the Lambda function will not affect the processing speed, but may cause some records to fail if they exceed the timeout limit. Option D is not correct because decreasing the number of shards of the Kinesis data stream will decrease the throughput and parallelism of the data processing, which will slow down the processing speed. Option E is not correct because increasing the timeout of the Lambda function will not affect the processing speed, but may increase the cost of running the function.

Comprehensive Detailed and Lengthy Step-by-Step Explanation with All AWS Developer References:

1. Understanding the Use Case:

The API needs to:

Generate responses without backend integrations: This indicates the use of mock responses for testing.

Be used by multiple internal teams during development.

Minimize operational overhead.

2. Key Features of Amazon API Gateway:

REST APIs: Fully managed API Gateway option that supports advanced capabilities like mock integrations, request/response transformation, and more.

HTTP APIs: Lightweight option for building APIs quickly. It supports fewer features but has lower operational complexity and cost.

Mock Integration: Allows API Gateway to return pre-defined responses without requiring backend integration.

3. Explanation of the Options:

Option A: " Create an Amazon API Gateway REST API. Set up a proxy resource that has the HTTP proxy integration type. " A proxy integration requires a backend service for handling requests. This does not meet the requirement of " no backend integrations. "

Option B: " Create an Amazon API Gateway HTTP API. Provision a VPC link, and set up a private integration on the API to connect to a VPC. " This requires setting up a VPC and provisioning resources, which increases operational overhead and is unnecessary for this use case.

Option C: " Create an Amazon API Gateway HTTP API. Enable mock integration on the method of the API resource. " While HTTP APIs can enable mock integrations, they have limited support for advanced features compared to REST APIs, such as detailed request/response customization. REST APIs are better suited for development environments requiring mock responses.

Option D: " Create an Amazon API Gateway REST API. Enable mock integration on the method of the API resource. " This is the correct answer. REST APIs with mock integration allow defining pre-configured responses directly within API Gateway, making them ideal for scenarios where backend services are unavailable. It provides flexibility for testing while minimizing operational overhead.

4. Implementation Steps:

To enable mock integration with REST API:

Create a REST API in API Gateway:

Open the API Gateway Console.

Choose Create API > REST API.

Define the API Resource and Methods:

Add a resource and method (e.g., GET or POST).

Set Up Mock Integration:

Select the method, and in the Integration Type, choose Mock Integration.

Configure the Mock Response:

Define a 200 OK response with the desired response body and headers.

Deploy the API:

Deploy the API to a stage (e.g., dev) to make it accessible.

5. Why REST API Over HTTP API?

REST APIs support detailed request/response transformations and robust mock integration features, which are ideal for development and testing scenarios.

While HTTP APIs offer lower cost and simplicity, they lack some advanced features required for fine-tuned mock integrations.

A function alias is a pointer to a specific Lambda function version. You can use aliases to create different environments for your function, such as development, testing, and production. You can also use aliases to perform blue/green deployments by shifting traffic between two versions of your function gradually. This way, you can easily roll back to a previous version if something goes wrong, without having to redeploy your code or change your configuration. Reference: AWS Lambda function aliases

To determine who deleted an Amazon RDS DB instance, the correct source of truth is AWS CloudTrail, which records API activity and includes the identity (IAM user, role, assumed role session) that made the call. Deleting an RDS instance is performed through the RDS API action DeleteDBInstance, and CloudTrail logs an event for this action that contains key fields such as userIdentity, eventTime, eventName, sourceIPAddress, and request parameters identifying the DB instance (for example, dBInstanceIdentifier).

Because the DB instance was deleted within the past 90 days, CloudTrail Event History is commonly sufficient (Event History typically retains 90 days of management events). If the company has a CloudTrail trail configured to deliver logs to S3/CloudWatch Logs, those logs can also be queried for the same event.

Option A directly matches this: retrieve CloudTrail events for DeleteDBInstance related to mysql-db and inspect the userIdentity section to identify the IAM principal that performed the deletion.

Option B is not reliable because RDS log groups (when enabled) capture database engine logs (slow query log, error log, general log) and do not record control-plane actions like who deleted the instance.

Option C is incorrect because X-Ray traces application-level request flows; it does not audit administrative actions like RDS deletion.

Option D is not applicable: Systems Manager inventory does not provide authoritative records of RDS deletions or the IAM principal responsible.

Therefore, CloudTrail lookup for DeleteDBInstance events is the correct solution.

To monitor end-to-end requests and debug issues across microservices, you need distributed tracing. Among AWS tools, AWS X-Ray is specifically built for this use case.

Step-by-Step Breakdown:

Step 1: Understand the Requirement

The developer needs:

End-to-end request tracing across microservices

Debugging capability for performance issues or failures

This points directly to a distributed tracing solution rather than just logs or metrics.

Step 2: Evaluate the Options

Option A: Amazon CloudWatch

CloudWatch is powerful for metrics, logs, and alerts.

But it does not provide distributed tracing or request path visualization between microservices.

So, it ' s not sufficient alone for the requirement.

Option B: AWS CloudTrail

CloudTrail tracks API calls made through the AWS Management Console, CLI, SDKs.

It is meant for auditing and governance, not microservices request tracing.

Not suitable for debugging microservices interactions.

Option C: AWS X-Ray SDK with X-Ray service map

Purpose-built for distributed tracing

Automatically collects data about requests as they travel through your microservices

You can instrument your code with the AWS X-Ray SDK in Java, Node.js, Python, Go, .NET, etc.

Visualizes requests using a service map, showing latency, errors, and time spent in downstream services.

How it works:

Instrument each microservice using the AWS X-Ray SDK.

Use the SDK to trace requests, propagate trace headers across services.

The X-Ray daemon collects and sends trace data to the X-Ray service.

You can view the service map, see bottlenecks, error rates, etc.

Option D: AWS Health

AWS Health provides information on AWS service outages or account-level events.

It does not monitor your application or microservices health or request flows.

Correct Choice: C is the only option that meets the developer ' s requirement to monitor end-to-end request paths and debug issues in a microservices architecture.

AWS Developer References:

AWS X-Ray Documentation: https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html

Instrumenting your application: https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk.html

Viewing the Service Map: https://docs.aws.amazon.com/xray/latest/devguide/xray-console-service-map.html

Tracing Microservices with AWS X-Ray: https://aws.amazon.com/blogs/compute/tracing-microservices-aws-x-ray/

CloudWatch custom metrics are the most cost-effective and operationally simple solution for tracking callback counts over time and alerting on thresholds. The application can publish a custom metric such as CallbackCount, and CloudWatch can retain metric data long enough for the required 10-day rolling view. CloudWatch alarms can notify administrators automatically when a threshold is breached. RDS would require database provisioning, schema management, queries, and separate alerting logic. X-Ray is for distributed tracing, not business metric aggregation and threshold alerting. Kinesis plus Lambda plus DynamoDB would work, but it is unnecessarily complex and more expensive for a simple count metric. AWS documentation confirms that custom metrics can be published to CloudWatch and alarms can send notifications when thresholds are breached. ( AWS Documentation )

===============

An Application Load Balancer can invoke Lambda functions as targets, but ALB must be explicitly granted permission to invoke the function. This is done by adding a resource-based permission to the Lambda function policy that allows the Elastic Load Balancing service principal to call lambda:InvokeFunction, typically scoped to the specific target group ARN.

If the developer registers the function as a target but does not add the required permission, the ALB will not be able to invoke the function when requests arrive. This is a common integration oversight: the target registration succeeds, but invocation fails because Lambda denies the call.

Option A is incorrect because ALB does support Lambda targets.

Option B is incorrect because Lambda targets can be configured through the console, CLI, or APIs.

Option D is unrelated: cross-zone load balancing affects distribution of traffic across AZs for instance/IP targets, not whether Lambda invocation is authorized.

API Gateway mock integration is designed for exactly this situation: generating API responses directly from API Gateway without requiring a working backend. This lets dependent teams test immediately while the real backend is still being developed. The developer can configure the integration request and integration response mapping to return specific payloads and status codes. Request validators check incoming requests but do not generate backend responses. Gateway responses customize API Gateway-generated error responses, not normal business responses for application testing. A Lambda authorizer controls access and would require a Lambda function, which adds unnecessary implementation work. AWS documentation confirms that mock integrations let API developers generate responses directly from API Gateway and unblock teams before backend development is complete. ( AWS Documentation )

===============

The correct answer is C because the API Gateway integration timeout is set to 15 seconds , while the Lambda function timeout is 20 seconds . If the Lambda function takes longer than 15 seconds to return a response, API Gateway will stop waiting and return an HTTP 504 Gateway Timeout to the client, even if the Lambda function itself has not yet timed out. This exactly matches the symptom described in the question.

The fact that there are no errors in the Lambda logs is also an important clue. If Lambda were failing internally, timing out at its own limit, or throwing exceptions, those events would typically appear in Lambda logs. Instead, the likely problem is that API Gateway is timing out first, before Lambda reaches its own timeout threshold or produces an error.

Option A is incorrect because reserved concurrency affects the number of concurrent executions available to Lambda, not the integration response wait time. Option B is incorrect because increasing the Lambda timeout beyond 20 seconds would not help if API Gateway is still configured to stop waiting after 15 seconds. Option D is incorrect because per-client throttling limits control request rates, not backend timeout behavior.

The proper fix is to increase the API Gateway integration timeout so that API Gateway can wait long enough for the Lambda function to complete. This ensures that requests that legitimately need more than 15 seconds can still return successful responses instead of 504 errors.

AWS CloudFormation is a service that allows developers to model and provision AWS resources using templates. A CloudFormation template can define the load test resources, such as EC2 instances, load balancers, and Auto Scaling groups. A CloudFormation stack set is a collection of stacks that can be created and managed from a single template in multiple Regions and accounts. The AWS CLI create-stack-set command can be used to create a stack set from a template and specify the Regions where the stacks should be created. Reference: Working with AWS CloudFormation stack sets

The correct security best practice is to assign the Lambda function an execution role with only the S3 permissions it needs. Lambda assumes this IAM role at runtime, so no long-term access keys need to be stored in source code. Option A is unacceptable because hardcoded IAM user credentials create a serious secret-management risk. Option C misunderstands the access model; the Lambda service principal is not the same as granting the function’s execution role permission to access the bucket. Option D uses an execution role, but attaching AmazonS3FullAccess is excessive and violates least privilege. The role should allow only the specific bucket actions required, such as listing the target bucket. AWS Lambda documentation states that a function’s execution role grants the function permission to access AWS services and resources. ( AWS Documentation )

===============

In the CloudFormation template, the developer should create a parameter with the list of approved EC2 instance types as AllowedValues. This way, users can select the instance type they want to use when launching the CloudFormation stack, but only from the approved list.