DVA-C02 Exam Dumps - AWS Certified Developer - Associate

Why Option C is Correct:Implementing a connection pool in the Redis client reduces connection overhead and avoids frequent connection establishment, which helps to reduce latency and connection failures.

Why Other Options are Incorrect:

Option A: Exponential backoff retry strategies help with transient failures but do not resolve latency caused by frequent connection establishment.

Option B: Storing scores in application memory adds complexity and risks inconsistency.

Option D: Adding more nodes is unnecessary unless the cluster is under heavy load. Latency due to connection failures is better addressed at the application level.

AWS Documentation References:

Amazon ElastiCache Best Practices

This solution allows the developer to test the changes without affecting the production environment. Cloning an API creates a copy of the API definition that can be modified independently. The developer can then add request validation to the new API and test it using a testing tool. After verifying that the changes work as expected, the developer can apply the same changes to the existing API and deploy it to production.

To determine who deleted an Amazon RDS DB instance, the correct source of truth is AWS CloudTrail, which records API activity and includes the identity (IAM user, role, assumed role session) that made the call. Deleting an RDS instance is performed through the RDS API action DeleteDBInstance, and CloudTrail logs an event for this action that contains key fields such as userIdentity, eventTime, eventName, sourceIPAddress, and request parameters identifying the DB instance (for example, dBInstanceIdentifier).

Because the DB instance was deleted within the past 90 days, CloudTrail Event History is commonly sufficient (Event History typically retains 90 days of management events). If the company has a CloudTrail trail configured to deliver logs to S3/CloudWatch Logs, those logs can also be queried for the same event.

Option A directly matches this: retrieve CloudTrail events for DeleteDBInstance related to mysql-db and inspect the userIdentity section to identify the IAM principal that performed the deletion.

Option B is not reliable because RDS log groups (when enabled) capture database engine logs (slow query log, error log, general log) and do not record control-plane actions like who deleted the instance.

Option C is incorrect because X-Ray traces application-level request flows; it does not audit administrative actions like RDS deletion.

Option D is not applicable: Systems Manager inventory does not provide authoritative records of RDS deletions or the IAM principal responsible.

Therefore, CloudTrail lookup for DeleteDBInstance events is the correct solution.

EventBridge (formerly CloudWatch Events) is the ideal service for real-time event monitoring.

CloudTrail logs IAM role creation.

EventBridge rules can filter CloudTrail events and trigger SNS notifications instantly.

AWS best practice is to store sensitive values like database passwords, OAuth tokens, and API keys in a dedicated secrets service rather than in source code or configuration files. AWS Secrets Manager is specifically designed for this use case: secure storage, retrieval through APIs/SDKs, fine-grained IAM access control, encryption at rest, auditing through CloudTrail, and—critically—built-in secret rotation.

AWS documentation describes Secrets Manager rotation as an automated process that uses a rotation schedule and typically invokes a Lambda function to update the secret in both Secrets Manager and the target system (for example, a database). The rotation schedule can be configured to a custom interval, including every 6 months, satisfying the requirement.

Option A is incorrect because AWS KMS manages encryption keys, not application secrets. KMS key rotation rotates KMS keys, not database credentials or API tokens.

Option B is incorrect because ACM manages TLS certificates, not arbitrary secrets like API keys and OAuth tokens.

Option C is incorrect because EventBridge can schedule events, but it is not a secrets storage service and does not provide secure secret lifecycle management and integrated rotation workflows by itself.

Therefore, storing secrets in AWS Secrets Manager and enabling automatic rotation with a 6-month schedule is the correct solution.

Step 1: Problem Understanding

Asymmetric Encryption Requirement: Users encrypt data with a public key, and only the company can decrypt it using a private key.

Data Encryption at Rest and In Transit: The data must be encrypted during upload (in transit) and when stored in Amazon S3 (at rest).

Step 2: Solution Analysis

Option A: Server-side encryption with Amazon S3 managed keys (SSE-S3).

Amazon S3 manages the encryption and decryption keys.

This does not meet the requirement for asymmetric encryption, where the company uses a private key.

Not suitable.

Option B: Server-side encryption with customer-provided keys (SSE-C).

Requires the user to supply encryption keys during the upload process.

Does not align with the asymmetric encryption requirement.

Not suitable.

Option C: Client-side encryption with a data key.

Data key encryption is symmetric, not asymmetric.

Does not satisfy the requirement for a public-private key pair.

Not suitable.

Option D: Client-side encryption with a customer-managed encryption key.

Data is encrypted on the client side using the public key.

Only the company can decrypt the data using the corresponding private key.

Data remains encrypted during upload (in transit) and in S3 (at rest).

Correct option.

Step 3: Implementation Steps for Option D

Generate Key Pair:

The company generates an RSA key pair (public/private) for encryption and decryption.

Encrypt Data on Client Side:

Use the public key to encrypt the data before uploading to S3.

S3 Upload:

Upload the encrypted data to S3 over an HTTPS connection.

Decrypt Data on the Server:

Use the private key to decrypt data when needed.

AWS Developer References:

Amazon S3 Encryption Options

Asymmetric Key Cryptography in AWS