AWS Developer Associate DVA-C02 2025 — 55 Q&A Practice
Exam Verified Answers
Series:
CrashCourses Professional Study Series
Author:
Dr Z. Moomba, MBChB, MRCPsych | BethelWellness Ltd
Exam Target:
AWS Developer Associate DVA-C02
Year:
2025/2026
Format:
55 Questions with Verified Answers and Rationales
>
Author's Note:
This document is an original work produced for the CrashCourses Professional Study Series.
Clinical questions and professional scenarios were composed by Dr Z. Moomba based on current
exam objectives, published guidelines, and evidence-based sources (2024–2025). All patient
names, ages, and case details are fictional. Any resemblance to existing published Q&A banks is
coincidental. For personal study use only — not for reproduction or redistribution.
SECTION A — FOUNDATIONS
Question 1
A health-tech startup has deployed a patient triage microservice using AWS Lambda and Amazon
API Gateway. During peak morning hours, users report delayed responses when submitting their
symptom forms. The developer investigates and identifies that the delays are due to Lambda cold
starts. The microservice is written in Java 21. Which solution will resolve the cold start issue with
the LEAST amount of developer effort and cost?
A. Allocate Provisioned Concurrency to the Lambda function.
B. Enable Lambda SnapStart for the Java function.
C. Rewrite the function in Node.js or Python to reduce initialization time.
,D. Set up an Amazon EventBridge rule to ping the Lambda function every 5 minutes.
Answer: B
Rationale:
a) Lambda SnapStart is a performance optimization specifically designed to significantly reduce
cold start times for Java functions by initializing the execution environment ahead of time and
creating a cached snapshot.
b) The key discriminator is "LEAST amount of developer effort and cost" for a "Java 21" function.
SnapStart is free and requires only a configuration change, unlike Provisioned Concurrency.
c) While Provisioned Concurrency (A) would solve the issue, it incurs continuous charges and
requires careful scaling configuration, making it more expensive and effort-intensive.
d) [AWS Docs 2025] SnapStart improves startup performance for latency-sensitive Java
applications by up to 10x at no extra cost.
Question 2
A clinical messaging application uses Amazon API Gateway with a REST API to route requests to
backend AWS Lambda functions. The developers want to implement a mechanism to throttle
requests from third-party pharmacy integrations to prevent backend overload. The default
throttling limit is 10,000 requests per second (RPS). How should the developer enforce custom
throttling limits for different pharmacy partners?
A. Configure an API Gateway usage plan, associate API keys for each pharmacy partner, and
define custom rate and burst limits.
B. Implement rate limiting directly within the AWS Lambda function code using a token bucket
algorithm.
C. Set up AWS WAF rules on the API Gateway to block requests exceeding the desired threshold
per IP address.
D. Modify the default Account-level throttling limits in the API Gateway console to match the
lowest required partner limit.
Answer: A
Rationale:
a) API Gateway Usage Plans combined with API Keys allow developers to throttle requests and set
quotas for individual clients or partners effectively.
b) The specific requirement to enforce "custom throttling limits for different pharmacy partners"
necessitates a client-specific configuration, which Usage Plans perfectly provide.
c) Modifying Account-level limits (D) applies globally to all APIs in the account and region, failing
to provide the granular, partner-specific throttling required.
,d) [AWS Docs 2025] Usage plans are the AWS-native method for monetizing APIs and enforcing
tiered throttling/quotas for third-party consumers.
Question 3
A developer is configuring an AWS SAM template (`template.yaml`) for a serverless application
that processes electronic health records (EHR). The application consists of a Lambda function and
a DynamoDB table. The developer needs to grant the Lambda function read and write permissions
to the DynamoDB table securely. What is the MOST efficient way to achieve this using AWS SAM?
A. Define an `AWS::IAM::Role` resource with inline policies and attach it to the Lambda function.
B. Use the `Policies` property within the `AWS::Serverless::Function` resource and specify the
`DynamoDBCrudPolicy` policy template.
C. Create an `AWS::IAM::ManagedPolicy` resource and reference it in the `Role` property of the
Lambda function.
D. Hardcode AWS STS credentials as environment variables within the Lambda function
configuration.
Answer: B
Rationale:
a) AWS SAM provides pre-defined policy templates, such as `DynamoDBCrudPolicy`, which
automatically grant scoped permissions to specific resources, drastically reducing IAM
configuration boilerplate.
b) The requirement for the "MOST efficient way" points to SAM-specific features. SAM policy
templates abstract complex IAM JSON creation.
c) While defining raw IAM roles (A) or managed policies (C) works, it requires significantly more
lines of code in the SAM template, defeating the purpose of SAM's abstraction capabilities.
d) [AWS Docs 2025] SAM Policy Templates scope permissions down to the specific resources
defined in the template, enforcing least privilege by default.
Question 4
A hospital's patient portal utilizes Amazon Cognito for user authentication. The portal needs to
allow authenticated patients to directly upload large imaging files securely to an Amazon S3
bucket. Which architecture provides the MOST secure and efficient solution for this requirement?
A. Use Amazon Cognito User Pools to authenticate the user, pass the JWT to API Gateway, and
use a Lambda function to download the file and upload it to S3.
B. Use Amazon Cognito Identity Pools to exchange the User Pool authentication token for
temporary AWS STS credentials, allowing the client to upload directly to S3.
, C. Store long-term IAM user credentials securely in the frontend application code to authorize S3
uploads.
D. Configure the S3 bucket for public write access but obfuscate the bucket name to prevent
unauthorized uploads.
Answer: B
Rationale:
a) Amazon Cognito Identity Pools (Federated Identities) allow applications to exchange
authentication tokens (from User Pools or social IdPs) for temporary, limited-privilege AWS
credentials to access AWS services directly.
b) The key is allowing clients to "directly upload" large files securely. Using STS temporary
credentials prevents routing large payloads through API Gateway and Lambda.
c) Option A routes large files through Lambda, which has payload limits (6MB for synchronous
payloads) and incurs unnecessary execution time costs for file streaming.
d) [AWS Docs 2025] AssumeRoleWithWebIdentity is the underlying API used by Cognito Identity
Pools to securely vend temporary credentials to authenticated users.
Question 5
A developer is writing an AWS Lambda function in Node.js to parse incoming HL7 clinical
messages. The function needs to use a common external parsing library that is also required by
five other Lambda functions in the application. How should the developer deploy this shared
library to minimize deployment package size and simplify dependency management?
A. Bundle the external library within the deployment package (`.zip`) of every single Lambda
function.
B. Upload the library to an Amazon S3 bucket and have the Lambda function download it to `/tmp`
upon execution.
C. Create an AWS Lambda Layer containing the external library and configure all six Lambda
functions to reference the layer.
D. Provision an Amazon EFS file system, install the library there, and mount the EFS to the Lambda
functions.
Answer: C
Rationale:
a) AWS Lambda Layers provide a centralized way to package libraries, custom runtimes, or other
dependencies separately from the function code, enabling sharing across multiple functions.
b) The requirement to "minimize deployment package size and simplify dependency
management" for a shared library is the exact use case for Lambda Layers.
Exam Verified Answers
Series:
CrashCourses Professional Study Series
Author:
Dr Z. Moomba, MBChB, MRCPsych | BethelWellness Ltd
Exam Target:
AWS Developer Associate DVA-C02
Year:
2025/2026
Format:
55 Questions with Verified Answers and Rationales
>
Author's Note:
This document is an original work produced for the CrashCourses Professional Study Series.
Clinical questions and professional scenarios were composed by Dr Z. Moomba based on current
exam objectives, published guidelines, and evidence-based sources (2024–2025). All patient
names, ages, and case details are fictional. Any resemblance to existing published Q&A banks is
coincidental. For personal study use only — not for reproduction or redistribution.
SECTION A — FOUNDATIONS
Question 1
A health-tech startup has deployed a patient triage microservice using AWS Lambda and Amazon
API Gateway. During peak morning hours, users report delayed responses when submitting their
symptom forms. The developer investigates and identifies that the delays are due to Lambda cold
starts. The microservice is written in Java 21. Which solution will resolve the cold start issue with
the LEAST amount of developer effort and cost?
A. Allocate Provisioned Concurrency to the Lambda function.
B. Enable Lambda SnapStart for the Java function.
C. Rewrite the function in Node.js or Python to reduce initialization time.
,D. Set up an Amazon EventBridge rule to ping the Lambda function every 5 minutes.
Answer: B
Rationale:
a) Lambda SnapStart is a performance optimization specifically designed to significantly reduce
cold start times for Java functions by initializing the execution environment ahead of time and
creating a cached snapshot.
b) The key discriminator is "LEAST amount of developer effort and cost" for a "Java 21" function.
SnapStart is free and requires only a configuration change, unlike Provisioned Concurrency.
c) While Provisioned Concurrency (A) would solve the issue, it incurs continuous charges and
requires careful scaling configuration, making it more expensive and effort-intensive.
d) [AWS Docs 2025] SnapStart improves startup performance for latency-sensitive Java
applications by up to 10x at no extra cost.
Question 2
A clinical messaging application uses Amazon API Gateway with a REST API to route requests to
backend AWS Lambda functions. The developers want to implement a mechanism to throttle
requests from third-party pharmacy integrations to prevent backend overload. The default
throttling limit is 10,000 requests per second (RPS). How should the developer enforce custom
throttling limits for different pharmacy partners?
A. Configure an API Gateway usage plan, associate API keys for each pharmacy partner, and
define custom rate and burst limits.
B. Implement rate limiting directly within the AWS Lambda function code using a token bucket
algorithm.
C. Set up AWS WAF rules on the API Gateway to block requests exceeding the desired threshold
per IP address.
D. Modify the default Account-level throttling limits in the API Gateway console to match the
lowest required partner limit.
Answer: A
Rationale:
a) API Gateway Usage Plans combined with API Keys allow developers to throttle requests and set
quotas for individual clients or partners effectively.
b) The specific requirement to enforce "custom throttling limits for different pharmacy partners"
necessitates a client-specific configuration, which Usage Plans perfectly provide.
c) Modifying Account-level limits (D) applies globally to all APIs in the account and region, failing
to provide the granular, partner-specific throttling required.
,d) [AWS Docs 2025] Usage plans are the AWS-native method for monetizing APIs and enforcing
tiered throttling/quotas for third-party consumers.
Question 3
A developer is configuring an AWS SAM template (`template.yaml`) for a serverless application
that processes electronic health records (EHR). The application consists of a Lambda function and
a DynamoDB table. The developer needs to grant the Lambda function read and write permissions
to the DynamoDB table securely. What is the MOST efficient way to achieve this using AWS SAM?
A. Define an `AWS::IAM::Role` resource with inline policies and attach it to the Lambda function.
B. Use the `Policies` property within the `AWS::Serverless::Function` resource and specify the
`DynamoDBCrudPolicy` policy template.
C. Create an `AWS::IAM::ManagedPolicy` resource and reference it in the `Role` property of the
Lambda function.
D. Hardcode AWS STS credentials as environment variables within the Lambda function
configuration.
Answer: B
Rationale:
a) AWS SAM provides pre-defined policy templates, such as `DynamoDBCrudPolicy`, which
automatically grant scoped permissions to specific resources, drastically reducing IAM
configuration boilerplate.
b) The requirement for the "MOST efficient way" points to SAM-specific features. SAM policy
templates abstract complex IAM JSON creation.
c) While defining raw IAM roles (A) or managed policies (C) works, it requires significantly more
lines of code in the SAM template, defeating the purpose of SAM's abstraction capabilities.
d) [AWS Docs 2025] SAM Policy Templates scope permissions down to the specific resources
defined in the template, enforcing least privilege by default.
Question 4
A hospital's patient portal utilizes Amazon Cognito for user authentication. The portal needs to
allow authenticated patients to directly upload large imaging files securely to an Amazon S3
bucket. Which architecture provides the MOST secure and efficient solution for this requirement?
A. Use Amazon Cognito User Pools to authenticate the user, pass the JWT to API Gateway, and
use a Lambda function to download the file and upload it to S3.
B. Use Amazon Cognito Identity Pools to exchange the User Pool authentication token for
temporary AWS STS credentials, allowing the client to upload directly to S3.
, C. Store long-term IAM user credentials securely in the frontend application code to authorize S3
uploads.
D. Configure the S3 bucket for public write access but obfuscate the bucket name to prevent
unauthorized uploads.
Answer: B
Rationale:
a) Amazon Cognito Identity Pools (Federated Identities) allow applications to exchange
authentication tokens (from User Pools or social IdPs) for temporary, limited-privilege AWS
credentials to access AWS services directly.
b) The key is allowing clients to "directly upload" large files securely. Using STS temporary
credentials prevents routing large payloads through API Gateway and Lambda.
c) Option A routes large files through Lambda, which has payload limits (6MB for synchronous
payloads) and incurs unnecessary execution time costs for file streaming.
d) [AWS Docs 2025] AssumeRoleWithWebIdentity is the underlying API used by Cognito Identity
Pools to securely vend temporary credentials to authenticated users.
Question 5
A developer is writing an AWS Lambda function in Node.js to parse incoming HL7 clinical
messages. The function needs to use a common external parsing library that is also required by
five other Lambda functions in the application. How should the developer deploy this shared
library to minimize deployment package size and simplify dependency management?
A. Bundle the external library within the deployment package (`.zip`) of every single Lambda
function.
B. Upload the library to an Amazon S3 bucket and have the Lambda function download it to `/tmp`
upon execution.
C. Create an AWS Lambda Layer containing the external library and configure all six Lambda
functions to reference the layer.
D. Provision an Amazon EFS file system, install the library there, and mount the EFS to the Lambda
functions.
Answer: C
Rationale:
a) AWS Lambda Layers provide a centralized way to package libraries, custom runtimes, or other
dependencies separately from the function code, enabling sharing across multiple functions.
b) The requirement to "minimize deployment package size and simplify dependency
management" for a shared library is the exact use case for Lambda Layers.