Amazon Web Services Updated DVA-C02 Exam Questions and Answers by tudor

AWS CodeCommit is a service that provides fully managed source control for hosting secure and scalable private Git repositories. The development team can use CodeCommit to store the program code and prepare for the CI/CD pipeline. CodeCommit integrates with other AWS services such as CodePipeline, CodeBuild, and CodeDeploy to automate the code build and deployment process.

Amazon S3 automatically scales to handle high request rates, but request parallelism is optimized when objects are distributed across multiple prefixes. AWS documentation explains that S3 internally partitions data by key name, and distributing objects across multiple prefixes allows requests to be spread across multiple partitions.

When many GET requests target objects within the same prefix, they may contend for the same internal partition, limiting throughput. By designing object keys with multiple prefixes—such as including hashed or randomized components—applications can significantly increase parallel request handling.

Options A and D do not address S3 request partitioning. Global Accelerator improves network latency for supported endpoints but does not increase S3 request parallelism. Direct Connect improves network consistency but does not change how S3 scales requests internally. Option B worsens the problem by concentrating traffic into a single prefix.

Therefore, partitioning objects by prefixes is the correct and AWS-recommended solution.

The error message " Task timed out after 3.01 seconds " indicates that the Lambda invocation exceeded the function’s configured timeout setting, which appears to be set to approximately 3 seconds . Larger images ( > 2 MB) take longer to transfer between services (due to network latency, throughput, and downstream service response time), so the runtime crosses the timeout threshold and Lambda forcibly terminates the execution. This is a configuration problem, not necessarily a code defect.

To resolve the issue without modifying the function code , the developer should increase the Lambda function’s timeout value . Lambda allows configuring the maximum runtime per invocation (up to the service limit). By increasing the timeout to a value that comfortably covers the expected transfer and processing initiation time for larger payloads, the function can complete its work successfully. This directly addresses the failure mode while keeping the existing implementation unchanged.

Option D (provisioned concurrency) reduces cold start latency by keeping execution environments initialized, but it does not extend the allowed runtime for a single invocation. If the function consistently needs more than 3 seconds for larger images, provisioned concurrency will not prevent timeouts. Option C (concurrency quota increase) increases the number of concurrent executions allowed, which can help throughput under load, but again does not affect per- invocation runtime limits. Option B avoids the problem by skipping large images, but it violates the functional need to process them and is not a general solution.

Therefore, the correct solution is A : increase the Lambda timeout so the function has sufficient time to move larger images between AWS services.

Requirement Summary:

Multi-tier app on EC2 + Aurora PostgreSQL

Must comply with least privilege and security policies

Need to manage credentials and API keys securely

Must support key rotation on demand

Evaluate Options:

A. Secrets Manager + AWS managed KMS keys

Best practice for secure secret storage

Supports auto rotation

Uses AWS SDK to fetch at runtime (secure, avoids hardcoding)

AWS managed keys are rotated automatically and easier to manage

B. Secrets Manager + customer managed keys

Also valid, but adds complexity

Since the question asks for LEAST development effort, AWS-managed keys are preferred

C. Store secrets in code

Violates all security best practices

D. Use SSM Parameter Store + AWS managed keys

Possible, but Secrets Manager is preferred when rotation is needed

Parameter Store does not natively rotate secrets

Secrets Manager: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

Automatic key rotation: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

Best practices for secret management: https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html