Free AWS DVA-C01 Actual Exam Questions
Dumps Box (DumpsBox) offers up-to-date practice exam questions for DVA-C01 certification exam which are developed and validated by Amazon – AWS subject domain experts certified in AWS DVA-C01 . These practice questions are update regularly as we keep an eye on any recent changes in DVA-C01 syllabus, and when there is update our team quickly adjusts the questions. This commitment to providing the best quality exam prep material to certification aspirants is what makes DumpsBox.com the best certification exam prep website. On top of that, our strong, yet strictly moderated, community based feedback keeps the content clean and current. Each question has helpful community discussion that provides it extra perspective and introduces helpful resources for better exam preparation. This also saves students from other outdated practice questions or illicit exam dumps that can have adverse affects on career. Browse through our AWS DVA-C01 exam questions and pass your exam on first try.
data center via IPSec VPN. The application must authenticate against the on-premise LDAP server.
Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? Choose 2 answers
B/D? B fits because the app authenticates via LDAP, then assumes an IAM role with STS, which clearly aligns with AWS best practices for temporary creds. D works since building an identity broker to authenticate LDAP users and then get federated IAM credentials is a common pattern for integrating on-prem identity with AWS. A and C seem off because IAM doesn’t support direct LDAP auth. E looks overcomplicated and redundant since the identity broker should handle the LDAP part first before calling STS, not the other way around. So B and D feel like the practical, secure choices here.
B/D? The app authenticates with LDAP and then assumes an IAM role via STS, which fits B. D also makes sense since building an identity broker to federate LDAP users and get temporary AWS creds is a common pattern. A sounds off because IAM doesn’t really accept LDAP creds directly, so the app can’t just “log in” to IAM that way. C and E seem less likely since C incorrectly says you authenticate STS directly with LDAP creds, and E flips the flow by authenticating STS first, which doesn’t align with typical federation setups.
B. Besides the popularity of AES, Amazon specifically documents their use of AES-256 for encrypting S3 objects, which adds extra security with longer key length. The other options are either legacy ciphers or less secure, so they wouldn’t fit Amazon’s commitment to strong encryption standards.
It’s B, AES is basically the industry standard now, others are outdated.
processing solution. The fraud detection solution takes between ten and thirty minutes to verify an
order. At peak, the web site can receive one hundred orders per minute.
What is the most scalable method to add the fraud detection solution to the order processing
pipeline?
Totally agree on avoiding Lambda due to that long processing time. B stands out because auto-scaling with queue depth keeps it efficient and handles spikes smoothly. Definitely B.
Makes sense to avoid Lambda here since the fraud check takes so long and Lambda has timeout limits. B is solid because it scales with queue depth, handling the burst well.
What is the BEST approach?
Maybe C, since you need the plaintext key to actually encrypt large files locally.
C/D? D only gives the encrypted data key, so you can’t actually encrypt the data without the plaintext key. C is better because it provides the plaintext key needed to encrypt large objects like this.
enables automatic rollbacks while deploying a new version of a popular web application from in
place to Amazon EC2.
What occurs it the deployment of the new version fails due to code regression?
This one feels like C for me too. Since it’s an in-place deployment, CodeDeploy can't just switch traffic like in blue/green; it needs to redeploy the last good version, creating a new deployment ID. A talks about snapshots in S3, which doesn’t match how CodeDeploy usually handles rollbacks. B is more about blue/green deployments where Route 53 gets updated, so that doesn’t fit here. D mentions CodePipeline, but this question focuses on CodeDeploy behavior specifically.
C imo. Since it’s an in-place deployment, CodeDeploy can’t just switch traffic like in blue/green, so it has to do a fresh deployment of the stable version, which would mean a new deployment ID. A and B don’t fit the rollback behavior here—no snapshots in S3 or route switching for in-place. D sounds more like something CodePipeline does, but this question focuses on CodeDeploy’s rollback itself. So option C makes the most sense as the automated recovery step after a failed deployment.
are made to items in an Amazon DynamoDB table. The function has been created, and appropriate
permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been
enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?
It’s B, because without event source mapping, Lambda won’t listen to the stream events.
A. Changing StreamViewType to NEW_AND_OLD_IMAGES won’t trigger Lambda by itself; it just changes the data in the stream. The key missing step is connecting Lambda to the stream, which is what event source mapping does.
requires all customer data to be encrypted at rest with a ke the company generates.
What should the developer do to meet these requirements?
It’s B because it explicitly requires a customer managed key from AWS KMS for encryption.
C imo, because default encryption with DynamoDB uses AWS owned keys unless you specify a customer managed key. Option C mentions using the kms:Encrypt parameter with the ARN, which suggests explicitly telling DynamoDB to use that customer managed key for encryption operations. That feels like a more hands-on, secure approach compared to B, which is just about choosing a key during table creation but doesn’t mention the encryption parameter during SDK operations. So, C covers both storage and usage of the key properly.
amazon api gateway and aws lambda. The site is showing an error that reads.
''No 'access control-allow-origin'header' header is present on the requested resource. Origin 'null is
therefore not allowed access ''
What should the developer do to resolve this issue?
B (API Gateway handles CORS, so enabling it there fixes the header issue).
B. The error is about response headers; API Gateway needs CORS enabled on the method.
states that all items that are older than 48 hours must be removed
Which solution will meet this requirement?
Option C looks best to me since TTL in DynamoDB requires a Number attribute that stores the expiration time as a Unix timestamp. You set this attribute to the current time plus 48 hours, and DynamoDB automatically deletes items after that. The part about using an LSI in A and B doesn’t make sense because TTL doesn’t depend on indexes, and D is out because TTL can’t use a String attribute. So C is the only one that fits the requirements correctly.
Maybe C makes the most sense since TTL only works with a Number attribute representing the expiry time in epoch seconds, and you have to set it to current time plus 48 hours. LSIs aren’t needed here.
updated and needs to be redeployed.
What file does the Developer need to update to push that change through CodeDeploy?
Option C, because appspec.yml controls deployment steps directly in CodeDeploy.
C. The appspec.yml is the main file CodeDeploy uses to understand what to deploy and how. Even if the app code changes, this file needs to reflect any new deployment instructions or hooks. The other files are more about build steps or specific platforms, but CodeDeploy relies on appspec.yml for its process.
performance issues when it has to download a 50MB file from the Internet in every execution. This
function is called multiple times a second.
What solution would give the BEST performance increase?
D, because fetching from S3 is faster and consistent across all Lambda instances.
/tmp is ephemeral, so caching there only helps within one instance’s lifetime.
will use AWS Cloud Formation to deploy the application. The application will write logs to Amazon
3loudWatch Logs. The developer has created a log group in a Cloud Format ion template for the
application to use. The developer needs to modify the CloudFormation template to make the name
of the log [jroup available to the application at runtime.
Which solution will meet this requirement?
B tbh can be ruled out since Lambda doesn't use user data like EC2 instances do, so that won't help pass the log group name. A and C are more about structuring templates or static mappings, not for runtime values. D is the only one that makes sense because environment variables are specifically designed to provide config info like log group names to Lambda functions while they run. Passing the ARN isn't necessary if the function just needs the name, so setting an env var with the log group name directly fits perfectly here.
B tbh doesn’t fit since user data is for EC2 instances, not Lambda functions. A is off because AWS::Include is for including template snippets, not passing runtime values. C with Mappings is static, not dynamic at runtime. D makes the most sense since environment variables are designed for passing config data like log group names to Lambda functions during execution.
time. Analysis indicates that a user profile is being loaded from a database in all the web pages being
visited by each user and this is increasing the database load and the page load latency. To address
this issue the Developer decides to cache the user profile data.
Which caching strategy will address this situation MOST efficiently?
B/D? Both use ElastiCache which is smart for fast access, but cache-aside (B) lets the app fetch from cache first and update only if needed, avoiding unnecessary writes unlike write-through (D).
B. Cache-aside lets the app load from cache first and update only when needed, which is simple and efficient here. ElastiCache fits well for fast access without adding DB overhead.
application must be fault tolerant, natively highly scalable, and any service interruption should not
affect the user experience.
What is the best option to store the session state?
A/D? While stickiness (D) keeps things simple by tying users to one server, it’s risky if that server goes down, causing session loss. ElastiCache (A) offers distributed, in-memory storage that’s fast and scales well with zero downtime impact, which is vital for a smooth user experience. CloudFront (B) isn’t meant for session storage, and S3 (C) is too slow for real-time session needs. So between A and D, A fits better for fault tolerance and scalability without interrupting users.
A/C? S3 is super durable but too slow for session data. ElastiCache is fast and supports fault tolerance, which fits the need for no user impact during interruptions better.
A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
It’s A because assuming roles means no long-term credentials are stored, cutting down risk compared to D. Also cleaner than C since you don’t need separate apps running everywhere, which adds complexity.
Guessing C since isolating apps per account limits exposure better than shared roles.