AWS Certified Developer Associate Practice Test (DVA-C02)

A unit test should be isolated, meaning it must test a single component (a 'unit') of the software without dependencies on external resources or the state of other units. Isolation allows for more predictable and faster tests which can pinpoint errors directly within the tested unit. Tests that rely on external state or resources might be integration tests or functional tests but are not considered 'unit' tests.

A partition key scheme that combines a unique identifier with the time of occurrence provides high cardinality ensuring that data entries are distributed uniformly across the database's partitions. This strategy reduces the risk of overloaded partitions, also known as 'hot partitions', which can occur when a single partition key value is accessed more frequently than others, such as would be the case with keys that are subject to frequent access like a standalone user identifier or the time field alone.

Using the batch operations API of AWS SDKs, such as BatchGetItem in the case of Amazon DynamoDB, allows the application to retrieve up to 100 items from one or more DynamoDB tables in a single operation. This reduces the number of network calls compared to individual GetItem requests for each item and results in less network latency. The use of Query or Scan would not be as efficient because they are designed for different purposes. Query is used to retrieve items using a key condition expression, and Scan reads every item in a table, which can be less efficient for frequently accessed individual items. While PutItem is used for data insertion, not retrieval, hence it is not suitable for the scenario given.

The developer should transition the objects to S3 Standard-Infrequent Access after 30 days because it is designed for data that is accessed less frequently but requires rapid access when needed. After 90 days, the objects should be moved to Amazon S3 Glacier or S3 Glacier Deep Archive, which are suitable for archiving data that is rarely accessed. The other answers are incorrect because they do not appropriately align with the change in access patterns described, or they incur higher costs without providing the necessary access speed.

This statement is false because AWS CI/CD, specifically AWS CodePipeline, can include a build stage where various types of automated tests, such as unit tests and integration tests, can be executed. AWS services such as AWS CodeBuild can be used within a pipeline to run tests, ensuring that every code change is validated before it is deployed.

AWS Lambda allows you to execute code in response to triggers from AWS services like Amazon DynamoDB. A DynamoDB Stream triggers a Lambda function when there are changes in data within a DynamoDB table, enabling real-time processing of updates. Amazon S3 is used for storage and can trigger Lambda with object-level operations, but not with changes within a database table. Amazon SQS is a messaging queue service that can also trigger Lambda functions, but it does not monitor changes within a database table. Amazon CloudWatch monitors and manages AWS resources and applications but does not directly trigger Lambda functions based on changes within a database table like DynamoDB Streams.

Amazon DynamoDB is suitable for applications requiring schema flexibility, immediate consistency, and high-throughput performance. DynamoDB's ability to auto-scale and handle unpredictable workloads matches the application requirements specified in the scenario. Amazon Keyspaces offers Apache Cassandra-compatible features, but it does not inherently guarantee immediate consistency. Amazon Aurora is a relational database and might struggle with schema flexibility and the unpredictable workloads implied in the scenario. Amazon Timestream is built for time-series data and might not be the best fit when immediate consistency for write operations is a primary requirement.

The framework for building serverless applications provides a local environment that mimics the cloud execution environment. This feature allows developers to iterate quickly by executing and debugging their code on local machines, saving time and resources by not requiring code to be deployed to the cloud service for initial testing phases. This is particularly useful for developing, testing, and debugging Lambda functions.

Amazon ElastiCache is a managed service that provides in-memory caching capabilities that are compatible with Redis or Memcached. Understanding the purpose and capabilities of Amazon ElastiCache is key for developers who need to implement caching strategies in order to reduce database load, increase throughput, and improve latency in their cloud-based applications.

The correct service for securely managing and injecting credentials at runtime is a dedicated secrets management service. It allows for the encryption, storage, and on-demand retrieval of sensitive configuration details such as database credentials. Specifically, a secrets management service provided by a major cloud provider would enable these credentials to be fetched dynamically by the application without being stored insecurely in the environment or within the application’s source code. Services intended for key management or permissions management are not suited for the dynamic provision of secret material to applications.

Pull request approvals are a feature in AWS CodeCommit that teams can use to enforce code review policies. By requiring a certain number of approvals before changes can be merged into a particular branch, like the master branch, teams can ensure that multiple team members have reviewed the changes. Branch protections in other services, such as GitHub, may offer similar functionality but are not the correct answer here because the scenario specifically involves AWS CodeCommit. The pre-signed commit policy is not applicable here, as it is not a feature of AWS CodeCommit. Lastly, the concept of 'stage locking' does not directly apply to Git-based version control systems and thus is incorrect in this context.

Utilizing a managed service for secrets management to store credentials and securely retrieving them during application execution is the optimal solution. This approach avoids hardcoding sensitive information and leverages automatic rotation of secrets, as well as fine-grained permissions for access control. Encrypting environment variables within the application code provides some level of security but lacks the management features and automated rotations offered by a dedicated secrets management service. Storing encrypted credentials in the deployment configuration introduces the additional burden of managing encryption keys and does not offer the same level of access control or rotation capabilities. While parameter stores provide secure storage for configuration data, a service specifically designed for secrets management will include enhanced features suitable for managing sensitive credentials, such as automated secret rotation, which is particularly important for database credentials.

Resource-based policies are attached directly to the resources and specify who has what permissions for that resource. Service and principal policies do not attach directly to resources. Instead, service policies dictate the permissions that the service has, while principal policies are attached to IAM users, groups, and roles to specify their permissions.

Since developers are not authorized to create or manage permission policies, the best action is to request the security team to craft a custom policy with the necessary permissions and subsequently associate this policy with the appropriate team members. Leveraging existing managed policies or embedding permissions directly would bypass the internal control processes and undermine the organizational rules.

A Manual Approval action is specifically designed for scenarios where human intervention is required in the pipeline. This gatekeeping step necessitates a designated reviewer's explicit approval, ensuring an additional layer of scrutiny is applied before the application reaches the live environment. Conditions and stage timeouts do not fulfill the requirement for a reviewer's conscious decision, as they do not specifically call for a review. While Lambda can introduce automation and logic into pipelines, it does not cater to the need for manual review and should be used for other automated tasks within the pipeline.