DVA-C02 : BUNDLE PACK LEARNING TOOLS INCLUDED

Who should take this exam?

AWS Certified Developer - Associate is a great starting point on the AWS Certification path for individuals who may have any of the following:
Experience working in a developer role with in-depth knowledge of at least one high-level programming language
Experience in AWS technology
Strong on-premises IT experience and understanding of mapping on-premises to cloud
Experience working in other cloud services

What does it take to earn this certification?
To earn this certification, you’ll need to take and pass the AWS Certified Developer – Associate exam. (DVA-C02). The exam features a combination of two question formats: multiple choice and multiple response. Additional information, such as the exam content outline and passing score, is in the exam guide.

Introduction
The AWS Certified Developer - Associate (DVA-C02) exam is intended for individuals who perform a developer role. The exam validates a candidate’s ability to demonstrate proficiency in developing, testing, deploying, and debugging AWS cloud-based applications.

The exam also validates a candidate’s ability to complete the following tasks:
• Develop and optimize applications on AWS
• Package and deploy by using continuous integration and continuous delivery (CI/CD) workflows
• Secure application code and data
• Identify and resolve application issues

Target candidate description
The target candidate has 1 or more years of hands-on experience in developing and maintaining applications by using AWS services.
Recommended general IT knowledge

The target candidate should have the following:
• Proficiency in at least one high-level programming language
• Understanding of application lifecycle management
• Basic understanding of cloud-native applications to write code
• Ability to develop functional applications
• Experience in using development tools

Recommended AWS knowledge
The target candidate should be able to do the following:
• Develop and secure applications by using AWS service APIs, the AWS CLI, and SDKs
• Use a CI/CD pipeline to deploy applications on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
• Design architectures (for example, distributed systems, microservices, database schemas and modeling)
• Design and create CI/CD pipelines
• Administer IAM users and groups
• Administer servers and operating systems
• Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)

Domain % of Exam
Domain 1: Development with AWS Services 32%
Domain 2: Security 26%
Domain 3: Deployment 24%
Domain 4: Troubleshooting and Optimization 18%
TOTAL 100%

Domain 1: Development with AWS Services

Task statement 1: Develop code for applications hosted on AWS.
Knowledge of:
• Architectural patterns (for example, event-driven, microservices, monolithic, choreography, orchestration, fanout)
• Idempotency
• Differences between stateful and stateless concepts
• Differences between tightly coupled and loosely coupled components
• Fault-tolerant design patterns (for example, retries with exponential backoff and jitter, dead-letter queues)
• Differences between synchronous and asynchronous patterns

Skills in:
• Creating fault-tolerant and resilient applications in a programming language (for example, Java, C#, Python, JavaScript, TypeScript, Go)
• Creating, extending, and maintaining APIs (for example, response/request transformations, enforcing validation rules, overriding status codes)
• Writing and running unit tests in development environments (for example, using AWS Serverless Application Model [AWS SAM])
• Writing code to use messaging services
• Writing code that interacts with AWS services by using APIs and AWS SDKs
• Handling data streaming by using AWS services

Task Statement 2: Develop code for AWS Lambda.
Knowledge of:
• Event source mapping
• Stateless applications
• Unit testing
• Event-driven architecture
• Scalability
• The access of private resources in VPCs from Lambda code

Skills in:
• Configuring Lambda functions by defining environment variables and parameters (for example, memory, concurrency, timeout, runtime, handler, layers, extensions, triggers, destinations)
• Handling the event lifecycle and errors by using code (for example, Lambda Destinations, dead-letter queues)
• Writing and running test code by using AWS services and tools
• Integrating Lambda functions with AWS services
• Tuning Lambda functions for optimal performance

Task Statement 3: Use data stores in application development.
Knowledge of:
• Relational and non-relational databases
• Create, read, update, and delete (CRUD) operations
• High-cardinality partition keys for balanced partition access
• Cloud storage options (for example, file, object, databases)
• Database consistency models (for example, strongly consistent, eventually consistent)
• Differences between query and scan operations
• Amazon DynamoDB keys and indexing
• Caching strategies (for example, write-through, read-through, lazy loading, TTL)
• Amazon S3 tiers and lifecycle management
• Differences between ephemeral and persistent data storage patterns

Skills in:
• Serializing and deserializing data to provide persistence to a data store
• Using, managing, and maintaining data stores
• Managing data lifecycles
• Using data caching services

Domain 2: Security

Task Statement 1: Implement authentication and/or authorization for applications and AWS services.
Knowledge of:
• Identity federation (for example, Security Assertion Markup Language [SAML], OpenID Connect [OIDC], Amazon Cognito)
• Bearer tokens (for example, JSON Web Token [JWT], OAuth, AWS Security Token Service [AWS STS])
• The comparison of user pools and identity pools in Amazon Cognito
• Resource-based policies, service policies, and principal policies
• Role-based access control (RBAC)
• Application authorization that uses ACLs
• The principle of least privilege
• Differences between AWS managed policies and customer-managed policies
• Identity and access management (IAM)

Skills in:
• Using an identity provider to implement federated access (for example, Amazon Cognito, AWS Identity and Access Management [IAM])
• Securing applications by using bearer tokens
• Configuring programmatic access to AWS
• Making authenticated calls to AWS services
• Assuming an IAM role
• Defining permissions for principals

Task Statement 2: Implement encryption by using AWS services.
Knowledge of:
• Encryption at rest and in transit
• Certificate management (for example, AWS Certificate Manager Private Certificate Authority)
• Key protection (for example, key rotation)
• Differences between client-side encryption and server-side encryption
• Differences between AWS managed and customer-managed AWS Key Management Service (AWS KMS) keys

Skills in:
• Using encryption keys to encrypt or decrypt data
• Generating certificates and SSH keys for development purposes
• Using encryption across account boundaries
• Enabling and disabling key rotation

Task Statement 3: Manage sensitive data in application code.
Knowledge of:
• Data classification (for example, personally identifiable information [PII], protected health information [PHI])
• Environment variables
• Secrets management (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store)
• Secure credential handling

Skills in:
• Encrypting environment variables that contain sensitive data
• Using secret management services to secure sensitive data
• Sanitizing sensitive data

Domain 3: Deployment
Task Statement 1: Prepare application artifacts to be deployed to AWS.
Knowledge of:
• Ways to access application configuration data (for example, AWS AppConfig, Secrets Manager, Parameter Store)
• Lambda deployment packaging, layers, and configuration options
• Git-based version control tools (for example, Git, AWS CodeCommit)
• Container images

Skills in:
• Managing the dependencies of the code module (for example, environment variables, configuration files, container images) within the package
• Organizing files and a directory structure for application deployment
• Using code repositories in deployment environments
• Applying application requirements for resources (for example, memory, cores)

Task Statement 2: Test applications in development environments.
Knowledge of:
• Features in AWS services that perform application deployment
• Integration testing that uses mock endpoints
• Lambda versions and aliases

Skills in:
• Testing deployed code by using AWS services and tools
• Performing mock integration for APIs and resolving integration dependencies
• Testing applications by using development endpoints (for example, configuring stages in Amazon API Gateway)
• Deploying application stack updates to existing environments (for example, deploying an AWS SAM template to a different staging environment)

Task Statement 3: Automate deployment testing.
Knowledge of:
• API Gateway stages
• Branches and actions in the continuous integration and continuous delivery (CI/CD) workflow
• Automated software testing (for example, unit testing, mock testing)

Skills in:
• Creating application test events (for example, JSON payloads for testing Lambda, API Gateway, AWS SAM resources)
• Deploying API resources to various environments
• Creating application environments that use approved versions for integration testing (for example, Lambda aliases, container image tags, AWS Amplify branches, AWS Copilot environments)
• Implementing and deploying infrastructure as code (IaC) templates (for example, AWS SAM templates, AWS CloudFormation templates)
• Managing environments in individual AWS services (for example, differentiating between development, test, and production in API Gateway)

Task Statement 4: Deploy code by using AWS CI/CD services.
Knowledge of:
• Git-based version control tools (for example, Git, AWS CodeCommit)
• Manual and automated approvals in AWS CodePipeline
• Access application configurations from AWS AppConfig and Secrets Manager
• CI/CD workflows that use AWS services
• Application deployment that uses AWS services and tools (for example, CloudFormation, AWS Cloud Development Kit [AWS CDK], AWS SAM, AWS CodeArtifact, Copilot, Amplify, Lambda)
• Lambda deployment packaging options
• API Gateway stages and custom domains
• Deployment strategies (for example, canary, blue/green, rolling)

Skills in:
• Updating existing IaC templates (for example, AWS SAM templates, CloudFormation templates)
• Managing application environments by using AWS services
• Deploying an application version by using deployment strategies
• Committing code to a repository to invoke build, test, and deployment actions
• Using orchestrated workflows to deploy code to different environments
• Performing application rollbacks by using existing deployment strategies
• Using labels and branches for version and release management
• Using existing runtime configurations to create dynamic deployments (for example, using staging variables from API Gateway in Lambda functions)

Domain 4: Troubleshooting and Optimization
Task Statement 1: Assist in a root cause analysis.
Knowledge of:
• Logging and monitoring systems
• Languages for log queries (for example, Amazon CloudWatch Logs Insights)
• Data visualizations
• Code analysis tools
• Common HTTP error codes
• Common exceptions generated by SDKs
• Service maps in AWS X-Ray

Skills in:
• Debugging code to identify defects
• Interpreting application metrics, logs, and traces
• Querying logs to find relevant data
• Implementing custom metrics (for example, CloudWatch embedded metric format [EMF])
• Reviewing application health by using dashboards and insights
• Troubleshooting deployment failures by using service output logs

Task Statement 2: Instrument code for observability.
Knowledge of:
• Distributed tracing
• Differences between logging, monitoring, and observability
• Structured logging
• Application metrics (for example, custom, embedded, built-in)

Skills in:
• Implementing an effective logging strategy to record application behavior and state
• Implementing code that emits custom metrics
• Adding annotations for tracing services
• Implementing notification alerts for specific actions (for example, notifications about quota limits or deployment completions)
• Implementing tracing by using AWS services and tools

Task Statement 3: Optimize applications by using AWS services and features.
Knowledge of:
• Caching
• Concurrency
• Messaging services (for example, Amazon Simple Queue Service [Amazon SQS], Amazon Simple Notification Service [Amazon SNS])

Skills in:
• Profiling application performance
• Determining minimum memory and compute power for an application
• Using subscription filter policies to optimize messaging
• Caching content based on request headers

QUESTION 1
A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the
application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.
A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token must also be accessible from other AWS accounts.
Which solution will meet these requirements with the LEAST management overhead?

A. Use an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key
Management Service (AWS KMS) AWS managed key to store the access token. Add a resource-based
policy to the parameter to allow access from other accounts. Update the IAM role of the EC2
instances with permissions to access Parameter Store. Retrieve the token from Parameter Store with
the decrypt flag enabled. Use the decrypted access token to send the message to the chat.

B. Encrypt the access token by using an AWS Key Management Service (AWS KMS) customer
managed key. Store the access token in an Amazon DynamoDB table. Update the IAM role of the EC2
instances with permissions to access DynamoDB and AWS KMS. Retrieve the token from DynamoDB.
Decrypt the token by using AWS KMS on the EC2 instances. Use the decrypted access token to send
the message to the chat.

C. Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed
key to store the access token. Add a resource-based policy to the secret to allow access from other
accounts. Update the IAM role of the EC2 instances with permissions to access Secrets Manager.
Retrieve the token from Secrets Manager. Use the decrypted access token to send the message to the chat.

D. Encrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed
key. Store the access token in an Amazon S3 bucket. Add a bucket policy to the S3 bucket to allow
access from other accounts. Update the IAM role of the EC2 instances with permissions to access
Amazon S3 and AWS KMS. Retrieve the token from the S3 bucket. Decrypt the token by using AWS
KMS on the EC2 instances. Use the decrypted access token to send the massage to the chat.

Answer: B

QUESTION 2
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to
implement an application that collects all the lifecycle events of the EC2 instances. The application
needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in
the company's main AWS account for further processing.
Which solution will meet these requirements?

A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon
EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main
account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

B. Use the resource policies of the SQS queue in the main account to give each account permissions
to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an
EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main
account as a target of the rule.

C. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to
detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message
to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an
Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

D. Configure the permissions on the main account event bus to receive events from all accounts.
Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to
the main account event bus. Add an EventBridge rule to the main account event bus that matches all
EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

Answer: D

QUESTION 3
An application is using Amazon Cognito user pools and identity pools for secure access. A developer
wants to integrate the user-specific file upload and download features in the application with
Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and
that users can access only their own files. The file sizes range from 3 KB to 300 MB.
Which option will meet these requirements with the HIGHEST level of security?

A. Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).

B. Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in
the table.

C. Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate
each request in the Lambda function before performing the requested operation.

D. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Answer: D

QUESTION 4
A company is building a scalable data management solution by using AWS services to improve the
speed and agility of development. The solution will ingest large volumes of data from various sources
and will process this data through multiple business rules and transformations.
The solution requires business rules to run in sequence and to handle reprocessing of data if errors
occur when the business rules run. The company needs the solution to be scalable and to require the
least possible maintenance.
Which AWS service should the company use to manage and automate the orchestration of the data
flows to meet these requirements?

A. AWS Batch
B. AWS Step Functions
C. AWS Glue
D. AWS Lambda

Answer: D

QUESTION 5
A developer has created an AWS Lambda function that is written in Python. The Lambda function
reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is
successfully invoked from an S3 event notification when an object is created. However, the function
fails when it attempts to write to the DynamoDB table.
What is the MOST likely cause of this issue?

A. The Lambda function's concurrency limit has been exceeded.
B. DynamoDB table requires a global secondary index (GSI) to support writes.
C. The Lambda function does not have IAM permissions to write to DynamoDB.
D. The DynamoDB table is not running in the same Availability Zone as the Lambda function.

Answer: D

QUESTION 6
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across
multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.

How can the developer incorporate the list of approved instance types in the CloudFormation template?

A. Create a separate CloudFormation template for each EC2 instance type in the list.
B. In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.
C. In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.
D. In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

Answer: D