Free Amazon DVA-C02 Exam Questions

Become Amazon Certified with updated DVA-C02 exam questions and correct answers

Page: 1 / 194

Total 968 Questions | Updated On: Jan 28, 2026

Add To Cart

Question 1

A developer is using an AWS account to build an application that stores files in an Amazon S3 bucket. Files must be encrypted at rest by AWS KMS keys. A second AWS account must have access to read files from the bucket. The developer wants to minimize operational overhead for the application. Which combination of solutions will meet these requirements? (Select TWO.)

A : Use a customer managed key to encrypt the files. Create a key policy that grants kms: Decrypt permissions to the second AWS account.

B : Use an AWS managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.

C : Create a service control policy (SCP) that grants s3:GetObject permissions to the second AWS account.

D : Create a bucket policy for the S3 bucket that grants s3:GetObject permissions to the second AWS account.

E : Create a gateway endpoint for the S3 bucket. Modify the endpoint policy to grant s3:GetObject permissions to the second AWS account.

Answer: A,D

Question 2

A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWS Lambda function. What can a developer do to ensure that only trusted code is deployed to Lambda?

A : Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to the Lambda package before deploying the package to Lambda.

B : Define the code signing configuration in the Lambda console. Use AWS Signer to digitally sign the Lambda package before deploying the package to Lambda.

C : Link Lambda to AWS KMS in the Lambda console. Use AWS KMS to digitally sign the Lambda package before deploying the package to Lambda.

D : Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of a trusted key before deploying the package to Lambda.

Answer: B

Question 3

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket.

Which solution will meet this requirement with the LEAST application disruption?

A : Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.

B : Add the permission to the role so that the change will take effect automatically.

C : Add the permission to the role. Hibernate and restart the existing EC2 instance.

D : Add the permission to the S3 bucket. Restart the EC2 instance.

Answer: B

Question 4

A company is migrating an on-premises web application to AWS. The web application runs on a single server and stores session data in memory. On AWS the company plan to implement multiple Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company want to refactor the application so that data is resilient if an instance fails and user downtime is minimized.

Where should the company move session data to MOST effectively reduce downtime and make users’ session data more fault tolerant?

A : web server’s primary disk

B : econd Amazon EBS volume

C : Amazon ElastiCache for Redis cluster

D : Amazon EC2 instance dedicated to session data

Answer: C

Question 5

A website is running on a single Amazon EC2 instance. A Developer wants to publish the website on the Internet and is creating an A record on Amazon Route 53 for the website’s public DNS name.

What type of IP address MUST be assigned to the EC2 instance and used in the A record to ensure ongoing connectivity?

A : astic IP address

B : namic IP address

C : blic IP address

D : ivate IP address

Answer: A

Page: 1 / 194

Total 968 Questions | Updated On: Jan 28, 2026

Add To Cart