Amazon Web Services Updated DVA-C02 Exam Questions and Answers by arnie

This is a feature flag / dynamic configuration requirement: enable a new feature for a subset of users (premium customers), toggle it on/off quickly based on feedback/performance, and deploy configuration changes safely with validation and without disruption. AWS AppConfig (part of AWS Systems Manager) is designed for exactly this use case.

AWS AppConfig helps create, manage, and deploy application configurations, including feature flags, in a controlled way. It supports configuration validators (such as JSON schema or Lambda validators) to catch errors before deployment. It also supports controlled rollouts with deployment strategies to reduce blast radius (for example, gradual deployments). This allows rapid changes without redeploying code and minimizes disruption.

Option A aligns perfectly: use AppConfig feature flags to target premium users and toggle the feature quickly.

Option B is incorrect because Secrets Manager is for sensitive secrets (passwords, API keys), not feature flag management and progressive configuration deployments.

Option C is incorrect because AWS Config evaluates resource compliance and records configuration changes of AWS resources; it does not serve runtime feature flag delivery.

Option D (Parameter Store) can store configuration values, but it does not provide the same feature-flag-focused capabilities, validation/deployment strategies, and safe rollout controls that AppConfig provides. Also, “lifecycle rules” is not how Parameter Store toggles features.

This solution will meet the requirements by using DynamoDB Accelerator (DAX), which is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10 times performance improvement - from milliseconds to microseconds - even at millions of requests per second. The developer can use DAX to cache the trading data that is used to process each trading request, which will reduce the data retrieval time with the least possible effort. Option A is not optimal because it will add local secondary indexes (LSIs) for the trading data, which may not improve the performance or reduce the latency of data retrieval, as LSIs are stored on the same partition as the base table and share the same provisioned throughput. Option B is not optimal because it will store the trading data in Amazon S3 and use S3 Transfer Acceleration, which is a feature that enables fast, easy, and secure transfers of files over long distances between S3 buckets and clients, not between DynamoDB and clients. Option C is not optimal because it will add retries with exponential backoff for DynamoDB queries, which is a strategy to handle transient errors by retrying failed requests with increasing delays, not by reducing data retrieval time.

This workload is overwhelmingly read-heavy and repeatedly queries the same relatively static reference data (postal codes mapped to coordinates). The best way to reduce latency and offload Amazon RDS is to introduce an application-side cache using a lazy loading (cache-aside) pattern and choose a TTL that reflects how often the underlying data changes.

With lazy loading , the application first checks the cache for the postal code. If the value is present (a cache hit), the application returns the coordinates immediately with low latency and without querying the database. If the value is absent (a cache miss), the application reads from RDS, returns the result, and then populates the cache for subsequent requests. This pattern is operationally simple and widely used because the application controls what is cached and when.

A large TTL is appropriate here because postal-code-to-coordinate mappings typically do not change frequently. A longer TTL maximizes cache hit ratio, which is critical because each postal code is requested thousands of times per day. High cache hit rates reduce database read load, decrease query contention, and substantially improve response times. In contrast, a small TTL would cause frequent expirations and repeated database lookups, reducing the performance benefit and increasing database load.

Write-through and write-behind caching (options C and B) are designed to coordinate caching with writes . They are useful when write consistency and write performance are central concerns. Here, writes are rare; the performance issue is repeated reads. Write-behind can also introduce consistency delays, which is unnecessary for this scenario.

Therefore, the best change is D : implement a lazy loading (cache-aside) caching strategy with a large TTL to keep hot, rarely changing postal code lookups in cache and dramatically reduce read latency and database load.

Amazon SQS provides server-side encryption (SSE) to protect messages at rest by using AWS Key Management Service (AWS KMS). When SSE is enabled on an SQS queue, all messages are encrypted automatically before they are stored and decrypted only when they are retrieved by authorized consumers.

AWS documentation states that SSE for SQS transparently encrypts the entire message payload , including the message body and message attributes. This ensures that sensitive data is protected without requiring changes to application code or custom encryption logic.

Option A enforces encryption in transit , not at rest. Option B is invalid because SSE is configured at the queue level, not inside message payloads. Option D does not improve security because message attributes are also stored as part of the message and require SSE to be protected.

Enabling SSE on the queue is the simplest, most secure, and AWS-recommended solution. It ensures compliance with encryption requirements while minimizing operational overhead.