DVA-C02 Exam Dumps - AWS Certified Developer - Associate

The workload is a classic “hot key / hot dataset” pattern: many reads repeatedly target a small subset of items. The best way to improve performance and reduce latency is to add a caching layer so the application does not hit DynamoDB for every read.

Option B is purpose-built for DynamoDB read acceleration: DynamoDB Accelerator (DAX) is an in-memory cache that sits in front of DynamoDB and is API-compatible for many DynamoDB operations. DAX can dramatically reduce read latency (often to microseconds) for frequently accessed items and offload read traffic from the table.

Option A can also help: ElastiCache (Redis/Memcached) can be used as an application-managed cache. This is useful when the application wants more control over caching strategy, TTLs, and non-DynamoDB data caching. For ECS applications, ElastiCache is a common high-performance caching choice.

Why not the others:

C (strongly consistent reads) typically increases latency and capacity consumption; it does not improve performance for repeated reads.

D (increase read capacity) can reduce throttling, but it does not reduce latency as effectively as caching and can be more expensive for hot-read patterns.

E (adaptive capacity) helps DynamoDB handle uneven workloads, but it is not a direct performance boost like caching for repeated reads of a small dataset.

Therefore, adding caching via ElastiCache and/or DAX best improves performance. With “select two,” A and B are correct.

Amazon API Gateway has a hard integration timeout that determines how long it waits for a backend response. If the backend (Lambda) does not respond within this time, API Gateway returns an HTTP 504 error to the client.

In this scenario, the Lambda function timeout is longer (20 seconds) than the API Gateway integration timeout (15 seconds). AWS documentation states that API Gateway will terminate the request once its timeout is exceeded, even if Lambda continues executing successfully. This explains why there are no Lambda errors despite 504 responses.

Increasing the Lambda timeout (Option B) does not help because API Gateway times out first. Reserved concurrency (Option A) and throttling limits (Option D) are unrelated to request duration.

The correct solution is to increase the API Gateway integration timeout so that it exceeds the maximum expected Lambda execution time. This ensures API Gateway waits long enough for the Lambda response.

Therefore, increasing the API Gateway timeout prevents HTTP 504 errors.

Requirement Summary:

Orders are being processed more than once

Need to prevent duplicate processing

Looking for least implementation effort

Key Concept:

Lambda + Event-driven patterns can occasionally result in duplicate invocations (at-least-once delivery model)

You need idempotency (i.e., prevent repeated processing of same event)

Evaluate Options:

A. Use DynamoDB for de-duplication

Simple and widely used approach

Store a unique orderId as the primary key

Before processing, check if order exists

If yes → skip

If no → process and store the ID

Minimal code changes required

B. ECS + Step Functions

Overkill for basic de-duplication

Adds significant complexity

C. Retry logic with fixed delay

Doesn ' t prevent duplication — makes it worse

Retrying might trigger the same message again

D. Athena to identify duplicates

Reactive solution, not preventative

Not suitable for real-time event de-duplication

Lambda idempotency: https://docs.aws.amazon.com/lambda/latest/dg/invocation-retries.html

Using DynamoDB for idempotent design: https://aws.amazon.com/blogs/compute/how-to-design-idempotent-APIs-on-aws/

To add a caching layer for frequently requested data (such as “most viewed products”), the AWS-native choice is Amazon ElastiCache, commonly using Redis for low-latency key/value caching, counters, sorted sets, and leaderboard-like patterns. Redis is particularly well-suited for ecommerce “top N” or popularity queries because it supports atomic increments and sorted sets, enabling efficient ranking updates.

Option B correctly introduces an ElastiCache (Redis OSS) cluster and updates the application to read from Redis first (cache-aside or write-through patterns) instead of hitting the RDS MySQL cluster for every request. This offloads read pressure from the database, reduces latency, and improves overall throughput.

Option A is not a valid RDS feature: you do not add a “cache node” to an RDS MySQL cluster as part of RDS itself.

Option C is incorrect because DAX is a caching layer specifically for DynamoDB, not for RDS MySQL.

Option D improves availability via Multi-AZ standby, but the standby is not for read scaling in standard RDS Multi-AZ (it’s primarily for failover). It does not provide a cache and does not solve the performance needs for hot reads.

DynamoDB already supports encryption at rest by default (with AWS owned keys or AWS managed/customer managed KMS keys). However, the requirement here is stronger and explicit: patient data must be encrypted before it is stored in DynamoDB, meaning the encryption must occur client-side / application-side so that the data remains encrypted as it traverses the stack and is still encrypted when written to the table. This is often required for highly sensitive PII/PHI where administrators or downstream systems should not see plaintext.

Option A meets this requirement by encrypting the payload inside the Lambda function before making the PutItem call to DynamoDB, using KMS-backed envelope encryption via the AWS Encryption SDK (the option names it “Database Encryption SDK,” but the intent is client-side encryption). The encrypted fields remain ciphertext in transit to DynamoDB and at rest inside DynamoDB, satisfying both “in transit” and “at rest” with encryption happening prior to storage.

Option B only ensures DynamoDB encryption at rest at the service level, but the data would still be plaintext in the item attributes as seen by the application and anyone with DynamoDB read permissions (even though stored encrypted on disk). It does not guarantee “encrypted before stored.”

Option C encrypting after the write via streams is too late: plaintext would already be stored (and potentially accessed) before post-processing.

Option D adds unnecessary workflow complexity. Encrypting in a queue still requires encryption before DynamoDB, but it does not inherently simplify compared to encrypting directly in the Lambda that writes to DynamoDB.

Therefore, client-side encryption in Lambda using KMS-backed encryption is the correct solution.

The correct answer is C because AWS AppConfig feature flags support variants and targeting rules , which allow developers to enable different feature behavior for different audiences with minimal custom code. In this scenario, the requirement is to enable a premium feature only for a specific group of users identified by their user IDs . AppConfig can handle this directly by defining multiple flag variants and applying rules that target the intended users.

This is the solution with the least development effort because the targeting logic is managed in AppConfig instead of being implemented and maintained in the application code. AWS documentation for AppConfig feature flags emphasizes dynamic control of feature rollout, audience targeting, and safe configuration management. By configuring the targeting rules centrally, the developer can change which users receive the premium feature without redeploying the application.

Option A is less desirable because it pushes the user ID evaluation logic into the application, increasing development and maintenance effort. Option B is more cumbersome because creating separate feature flags for every user group does not scale well and adds administrative overhead. Option D is not the intended AppConfig pattern and introduces unnecessary complexity by requiring an external database lookup during flag evaluation.

Using one feature flag with multiple variants and targeting rules is the cleanest and most AWS-native design for selective rollout to a defined user segment. It keeps the configuration centralized, reduces code changes, and supports flexible future updates.

Therefore, the best solution is C .

Amazon S3 Lifecycle rules are specifically designed to manage object versions over time. When versioning is enabled, lifecycle rules can be configured to expire noncurrent versions , retaining only a defined number of recent versions.

AWS documentation states that lifecycle rules can be used to “retain a specific number of newer noncurrent versions.” By configuring a lifecycle rule to keep one noncurrent version , Amazon S3 automatically deletes older versions while retaining the current and immediately previous versions.

Bucket policies (Option A) control access, not retention. S3 Object Lock (Option C) is designed for regulatory compliance and write-once-read-many (WORM) use cases and is not suitable for routine version cleanup. Suspending versioning (Option D) does not remove existing versions and increases application complexity.

Therefore, an S3 Lifecycle rule is the correct and AWS-recommended solution.