4.5.4. Practice Questions

Test yourself with these scenario-based questions that mirror DVA-C02 format. Answers follow each question immediately.

Question 1: A developer is building a serverless API. The Lambda function processes images uploaded by users, which takes 45-90 seconds per image. Users report that API calls frequently return 504 errors. What is the MOST LIKELY cause?

Answer: API Gateway has a hard 29-second timeout limit that cannot be increased. The Lambda function's processing time exceeds this limit. The fix is to use an asynchronous pattern: API Gateway invokes Lambda asynchronously (or sends the job to SQS), returns a 202 Accepted immediately, and the client polls for completion or receives a callback.

⚠️ Exam Trap: The question tempts you to increase the Lambda timeout — but Lambda's 15-minute max isn't the bottleneck. API Gateway's 29-second hard limit is.

Question 2: A company stores user session data in DynamoDB with UserID as the partition key and SessionTimestamp as the sort key. They need to query all sessions for a specific application (stored in an AppName attribute) across all users. Which approach is MOST efficient?

Answer: Create a Global Secondary Index (GSI) with AppName as the partition key and SessionTimestamp as the sort key. GSIs support alternate access patterns without scanning the entire table. A Scan with filter would read every item (expensive and slow). An LSI wouldn't work because it shares the same partition key (UserID).

⚠️ Exam Trap: LSIs can only be created at table creation time and share the base table's partition key. If you need a different partition key, you need a GSI.

Question 3: A developer's Lambda function needs to read secrets from AWS Secrets Manager and connect to an RDS database. The function works locally with environment variables but fails in production with an "Access Denied" error. What should the developer check FIRST?

Answer: The Lambda function's execution role (IAM role) must have secretsmanager:GetSecretValue permission for the specific secret ARN. Lambda functions don't use developer credentials — they use the attached execution role. Additionally, if the RDS database is in a VPC, the Lambda function needs VPC configuration with appropriate security group rules.

⚠️ Exam Trap: "Works locally, fails in Lambda" almost always points to IAM execution role permissions. Developers' local credentials are irrelevant in Lambda.

Question 4: An application uses SQS Standard queues to process orders. Occasionally, duplicate orders are created. The business requires exactly-once processing. What changes should the developer make? (Choose 2)

Answer: (1) Switch from SQS Standard to SQS FIFO queue to get exactly-once processing via deduplication. (2) Set a MessageDeduplicationId on each message (or enable content-based deduplication). FIFO queues prevent duplicates within the 5-minute deduplication window. Note: FIFO queues have lower throughput (300 msg/s vs. unlimited for Standard).

⚠️ Exam Trap: SQS Standard guarantees at-least-once delivery — duplicates are expected by design. Only FIFO provides exactly-once.

Question 5: A developer deploys a new Lambda function version. They want to gradually shift traffic — sending 10% to the new version initially, then increasing to 100% over 30 minutes. If error rates exceed 5%, the deployment should automatically roll back. Which approach achieves this?

Answer: Use CodeDeploy with a Lambda deployment preference of Canary10Percent30Minutes or Linear10PercentEvery1Minute. Create a Lambda alias pointing to the current version, then configure CodeDeploy to shift traffic from the old version to the new version. Configure a CloudWatch alarm on the function's error metric as the rollback trigger. CodeDeploy monitors the alarm and automatically rolls back if it enters ALARM state.

⚠️ Exam Trap: You cannot do gradual traffic shifting with $LATEST — you must use a Lambda alias that points to specific published versions.

Question 6: A developer's application uses API Gateway with a Lambda proxy integration. They need to implement request validation before the request reaches Lambda to reduce costs. How should they configure this?

Answer: Enable API Gateway request validation using a Request Validator and a Model (JSON Schema). This validates the request body, query parameters, and headers at the API Gateway layer before invoking Lambda. Invalid requests receive a 400 response without incurring Lambda invocation costs. With proxy integration, the entire request passes through — validation must be explicitly configured.

⚠️ Exam Trap: Lambda proxy integration passes everything through unchanged. Request validation and mapping templates are API Gateway features that run before Lambda is invoked.

Question 7: A development team wants their CodePipeline to automatically run unit tests, integration tests, and deploy to a staging environment when code is pushed. If integration tests fail, the pipeline should stop. Which pipeline structure achieves this?

Answer: Configure a CodePipeline with these stages: (1) Source — CodeCommit triggers on push, (2) Build — CodeBuild runs unit tests via buildspec.yml (test commands in build phase), (3) Test — A separate CodeBuild project runs integration tests against deployed resources, (4) Deploy — CodeDeploy deploys to staging. Each stage acts as a gate — if CodeBuild returns a non-zero exit code in the test stage, the pipeline stops automatically.

Question 8: A developer needs to troubleshoot a production issue where an API Gateway → Lambda → DynamoDB request chain intermittently returns 500 errors. CloudWatch Logs show the Lambda function succeeding, but users still see errors. Which AWS service provides the BEST visibility into where the failure occurs?

Answer: AWS X-Ray. Enable X-Ray tracing on both API Gateway and Lambda, and instrument the DynamoDB SDK calls with the X-Ray SDK. X-Ray creates a service map showing the full request path and identifies which segment has errors or latency. In this case, X-Ray would reveal whether the 500 is generated by API Gateway (e.g., integration timeout), Lambda (unhandled exception), or DynamoDB (throttling/capacity issues).

⚠️ Exam Trap: CloudWatch Logs show what happened in Lambda, but X-Ray shows where in the distributed chain the failure occurred. When the question says "intermittent 500 errors across multiple services," think X-Ray.