AWS Interactive Knowledge Tool
Get ready for AWS Certified Developer – Associate
You’re on a journey toward AWS Certification. Validating your experience with an industry-recognized credential is a great way to gain new skills, solidify knowledge, highlight your value, and accelerate your career trajectory. These sample questions will help you prepare for the structure and topics covered on the official AWS Certified Developer – Associate exam.
In addition to the questions, you’ll see answers, explanations, and other resources designed to enhance your understanding of the principles needed to pass the exam. After you’re comfortable with these principles and sample questions, you’ll be ready to evaluate your knowledge with the official practice exam.
Ready to go beyond cloud skilled?
Let's get started.
AWS Certified Developer – Associate
Your knowledge in review
You’ll find a summary of your learning experience below. Take a deeper look at all the questions, review your answers, and find links to learning resources specific to that topic. Or, if you’re ready, sign up to take the official practice exam.
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
Details
AWS Secrets Manager helps to protect the credentials needed to access databases, applications, services, and other IT resources. The service enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their life cycle. Users and applications retrieve secrets with a call to the AWS Secrets Manager APIs, eliminating the need to hard-code sensitive information in plaintext. AWS Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.
Details
AWS AppSync simplifies application development by letting users create a flexible API to securely access, manipulate, and combine data from one or more data sources. AWS AppSync is a managed service that uses GraphQL to make it easy for applications to get the exact data they need. AWS AppSync allows users to build scalable applications, including those requiring real-time updates, on a range of data sources, including Amazon DynamoDB. In Amazon API Gateway, users can create a WebSocket API as a stateful front end for an AWS service (such as AWS Lambda or DynamoDB) or for an HTTP end point. The WebSocket API invokes the back end based on the content of the messages it receives from client applications. Unlike a REST API, which receives and responds to requests, a WebSocket API supports two-way communication between client applications and the back end.
Details
Amazon Cognito adds user sign-up, sign-in, and access control to web and mobile applications quickly and easily. Users can also create an AWS Lambda function to make an API call to a custom analytics solution and then trigger that function with an Amazon Cognito post-authentication trigger.
Details
A resource policy can be used to grant API access to one AWS account to users in a different AWS account using Signature Version 4 (SigV4) protocols.
Details
An AWS Lambda function's execution role grants it permission to access AWS services and resources. Users provide this role when a function is created, and AWS Lambda assumes the role when a function is invoked.
Details
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because AWS KMS keys are Region-specific. Instead, users must specify a AWS KMS key that is valid in the destination Region.
Details
Lazy loading is a concept where the loading of a record is delayed until it is needed. Lazy loading first checks the cache. If a record is not present, lazy loading retrieves the record from the database and then stores the record in the cache.
Details
The AWS CloudWatch Agent can be configured to stream logs and metrics to AWS CloudWatch. Metric filters can be created from logs stored in AWS CloudWatch Logs.
Details
Users can configure an AWS Lambda function to pull in additional code and content in the form of layers. A layer is a .zip archive that contains libraries, a custom runtime, or other dependencies. With layers, users can use libraries in a function without needing to include the libraries in a deployment package.
Details
With deployment stages in Amazon API Gateway, users can manage multiple release stages for each API, such as alpha, beta, and production. Using stage variables that can be configured, an API deployment stage can interact with different back-end end points. Users can use API Gateway stage variables to reference a single AWS Lambda function with multiple versions and aliases.
Question 1
A company is migrating a legacy application to Amazon EC2. The application uses a user name and password stored in the source code to connect to a MySQL database. The database will be migrated to an Amazon RDS for MySQL DB instance. As part of the migration, the company wants to implement a secure way to store and automatically rotate the database credentials.
Which approach meets these requirements?
Answer
D) Store the database credentials in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials.
AWS Secrets Manager helps to protect the credentials needed to access databases, applications, services, and other IT resources. The service enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to the Secrets Manager APIs, eliminating the need to hard code sensitive information in plaintext. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.
Question 2
A developer is designing a web application that allows the users to post comments and receive near-real-time feedback.
Which architectures meet these requirements? (Select TWO)
Answer
A) Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store.
B) Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store.
AWS AppSync simplifies application development by letting users create a flexible API to securely access, manipulate, and combine data from one or more data sources. AWS AppSync is a managed service that uses GraphQL to make it easy for applications to get the exact data they need. AWS AppSync allows users to build scalable applications, including those requiring real-time updates, on a range of data sources, including Amazon DynamoDB. In Amazon API Gateway, users can create a WebSocket API as a stateful frontend for an AWS service (such as AWS Lambda or DynamoDB) or for an HTTP endpoint. The WebSocket API invokes the backend based on the content of the messages it receives from client applications. Unlike a REST API, which receives and responds to requests, a WebSocket API supports two-way communication between client applications and the backend.
Question 3
A developer is adding sign-up and sign-in functionality to an application. The application is required to make an API call to a custom analytics solution to log user sign-in events.
Which combination of actions should the developer take to satisfy these requirements? (Select TWO)
Answer
A) Use Amazon Cognito to provide the sign-up and sign-in functionality.
E) Execute an AWS Lambda function to make the API call triggered by the post-authentication event.
Amazon Cognito adds user sign-up, sign-in, and access control to web and mobile applications quickly and easily. Users can also create an AWS Lambda function to make an API call to a custom analytics solution and then trigger that function with an Amazon Cognito post authentication trigger.
Question 4
A company is using Amazon API Gateway for its REST APIs in an AWS account. The security team wants to allow only IAM users from another AWS account to access the APIs.
Which combination of actions should the security team take to satisfy these requirements? (Select TWO)
Answer
A) Create an IAM permission policy and attach it to each IAM user. Set the APIs method authorization type to AWS_IAM. Use Signature Version 4 to sign the API requests.
D) Create a resource policy for the APIs that allows access for each IAM user only.
A resource policy can be used to grant API access to one AWS account to users in a different AWS account using Signature Version 4 (SigV4) protocols.
Question 5
A developer is building an application that transforms text files to .pdf files. The text files are written to a source Amazon S3 bucket by a separate application. The developer wants to read the files as they arrive in Amazon S3 and convert them to .pdf files using AWS Lambda. The developer has written an IAM policy to allow access to Amazon S3 and AWS CloudWatch Logs.
Which actions should the developer take to ensure that the AWS Lambda function has the correct permissions?
Answer
A) Create a Lambda execution role using AWS IAM. Attach the IAM policy to the role. Assign the Lambda execution role to the Lambda function.
An AWS Lambda function's execution role grants it permission to access AWS services and resources. Users provide this role when a function is created, and AWS Lambda assumes the role when a function is invoked.
Helpful Links
Question 6
A company has AWS workloads in multiple geographical locations. A developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the developer wants to create the same encrypted database in the us-east-1 Region.
Which approach should the developer take to accomplish this task?
Answer
A) Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region and specify a KMS key in the us-east-1 Region. Restore the database from the copied snapshot.
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region-specific. Instead, users must specify a AWS KMS key that is valid in the destination Region.
Question 7
A developer is adding Amazon ElastiCache for Memcached to a company's existing record storage application to reduce the load on the database and increase performance. The developer has decided to use lazy loading based on an analysis of common record handling patterns.
Which pseudocode example would correctly implement lazy loading?
Answer
B) record_value = cache.get(record_key)
if (record_value == NULL)
record_value = db.query("SELECT Details FROM Records WHERE ID == {0}",
record_key)
cache.set (record_key, record_value)
Lazy loading is a concept where the loading of a record is delayed until it is needed. Lazy loading first checks the cache. If a record is not present, lazy loading retrieves the record from the database, and then stores the record in the cache.
Helpful Links
Question 8
A developer wants to track the performance of an application that runs on a fleet of Amazon EC2 instances. The developer wants to view and track statistics across the fleet, such as the average and maximum request latency. The developer would like to be notified immediately if the average response time exceeds a threshold.
Which solution meets these requirements?
Answer
C) Configure the application to write the response times to a log file. Install and configure the Amazon CloudWatch agent on the instances to stream the application log to CloudWatch Logs. Create a metric filter of the response time from the log. View the metrics graphs in the CloudWatch console. Create a CloudWatch alarm to send an Amazon SNS notification when the average of the response time metric exceeds the threshold.
The Amazon CloudWatch Agent can be configured to stream logs and metrics to AWS CloudWatch. Metric filters can be created from logs stored in AWS CloudWatch Logs.
Question 9
A developer is testing an application locally and has deployed it to AWS Lambda. To remain under the package size limit, the dependencies were not included in the deployment file. When testing the application remotely, the function does not execute because of missing dependencies.
Which approach would resolve the issue?
Answer
D) Attach a layer to the Lambda function that contains the missing dependencies.
Users can configure an AWS Lambda function to pull in additional code and content in the form of layers. A layer is a .zip archive that contains libraries, a custom runtime, or other dependencies. With layers, users can use libraries in a function without needing to include the libraries in a deployment package.
Helpful Links
Question 10
A developer is building a web application that uses Amazon API Gateway. The developer wants to maintain different environments for development and production (dev and prod) workloads. The API will be backed by an AWS Lambda function with two aliases: one for dev and one for prod.
How can this be achieved with the LEAST amount of configuration?
Answer
B) Create one REST API and integrate it with the Lambda function using a stage variable in place of an alias. Then deploy the API to two different stages – dev and prod – and create a stage variable in each stage with different aliases as the values. Access the API using the different stage URLs.
With deployment stages in Amazon API Gateway, users can manage multiple release stages for each API, such as alpha, beta, and production. Using stage variables that can be configured, an API deployment stage can interact with different backend endpoints. Users can use API Gateway stage variables to reference a single AWS Lambda function with multiple versions and aliases.