Pass the Amazon Web Services AWS Certified Associate DVA-C02 Questions and answers with CertsForce

Amazon CloudWatch is a service that monitors AWS resources and applications. The developer can use CloudWatch to monitor and troubleshoot all applications from one place. To do so, the developer needs to download the CloudWatch agent to the on-premises server and configure the agent to use IAM user credentials with permissions for CloudWatch. The agent will collect logs and metrics from the on-premises server and send them to CloudWatch.

Store the credentials in AWS Secrets Manager and enable rotation. Configure the API to have Secrets Manager access. This is correct. This solution will meet the requirements most securely,because it uses a service that is designed to store and manage secrets such as API credentials. AWS Secrets Manager helps you protect access to your applications, services, and IT resources by enabling you to rotate, manage, and retrieve secrets throughout their lifecycle1. Youcan store secrets such as passwords, database strings, API keys, and license codes as encrypted values2. You can also configure automatic rotation of your secrets on a schedule that youspecify3. You can use the AWS SDK or CLI to retrieve secrets from Secrets Manager when you need them4. This way, you can avoid storing credentials in plaintext files or hardcoding them in your code.

The combination of steps that will resolve the latency issue is to create an Amazon CloudFront distribution to cache the static content and store the application’s static content in Amazon S3. This way, the company can use CloudFront to deliver the static content from edge locations that are closer to the website users, reducing latency and improving performance. The company can also use S3 to store the static content reliably and cost-effectively, and integrate it with CloudFront easily. The other options either do not address the latency issue, or are not necessary or feasible for the given scenario.

Requirement Summary:

Simple REST endpointforweather data

Light backend usage (POC, testing)

Wantscachingsupport to reduce backend calls

Must becost-effective

Evaluate Options:

✅B: Lambda + API Gateway + SAM

✅Serverless = No idle costs

✅API Gateway canenable caching(response caching at endpoint level)

✅SAM makes deployment simple and repeatable

✅Perfect for low-traffic testing

A: EKS + API Gateway

❌High overhead

Not cost-effective for POC/testing

C: ECS + API Gateway

❌Similar to A: Container orchestration not needed for light REST endpoint

D: Elastic Beanstalk + ALB + Lambda

❌Overly complex and does not directly expose Lambda

Beanstalk better suited for full apps, not small REST functions

AWS SAM:https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html

API Gateway caching:https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

Serverless Best Practices:https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html

The correct answer is C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.

C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event. This is correct. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers.Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of thecompute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging1.Amazon EventBridge is a serverlessevent bus service that enables you to connect your applications with data from a variety of sources2.EventBridge can create rules that run on a schedule, either at regular intervals or at specific times and dates, and invoke targets such as Lambdafunctions3. This solution meets the requirements of creating a small application that makes the same API call once each day at a designated time, without requiring any infrastructure in the AWS Cloud or any operational overhead.

A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS). This is incorrect.Amazon EKS is a fully managed Kubernetes service that allows you to run containerized applications on AWS4.Kubernetes cron jobs are tasks that run periodically on a given schedule5. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EKS cluster, which would incur additional costs and complexity.

B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. This is incorrect.Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud6.Crontab is a Linux utility that allows you to schedule commands orscripts to run automatically at a specified time or date7. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EC2 instance, which would incur additional costs and complexity.

D. Use an AWS Batch job that is submitted to an AWS Batch job queue. This is incorrect.AWS Batch enables you to run batch computing workloads on the AWS Cloud8.Batch jobs are units of work that can be submitted to job queues, where they are executed in parallel or sequentially on compute environments9. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to configure and manage an AWS Batch environment, which would incur additional costs and complexity.

Comprehensive Detailed Step by Step Explanation with All AWS Developer References:

To redact PII from S3 objects before they are accessed by the analytics service, the most efficient solution is to useS3 Object Lambda. S3 Object Lambda allows you to add your own code (Lambda function) to process and transform data when it is retrieved from Amazon S3. You can attach a Lambda function to an S3 Object Lambda Access Point, which in this case would run a redaction API to remove PII from the reports.

Operational Efficiency: S3 Object Lambda handles data processing on the fly, without requiring the data to be permanently transformed or moved to another service (like Amazon Redshift).

Alternatives:

Option A: Loading the data into Amazon Redshift would require refactoring the analytics service and maintaining an additional data pipeline, increasing complexity.

Option C: Using AWS KMS for encryption protects data at rest and in transit, but it does not address PII redaction.

Option D: SNS is a messaging service and does not support direct data transformation.