AWS Certified Developer – Associate Exam Learning Path

Udemy Braincert-AWS-Certified-SA-Professional-Practice-Exam

AWS Certified Developer – Associate Exam Learning Path

AWS Developer – Associate exam basically validates the following

  • Design, develop and deploy cloud based solutions using AWS
  • Understand the core AWS services, uses, and basic architecture best practices
  • Develop and maintain applications written for Amazon Simple Storage Services (S3), Amazon DynamoDB, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Simple Workflow Service (SWF), AWS Elastic Beanstalk, and AWS CloudFormation

Refer to the AWS Certified Developer – Associate Exam Blue Print

AWS Certified Developer - Associate Exam Break Up

AWS Developer – Associate Exam Contents

Domain 1.0: AWS Fundamentals

Domain 2.0: Designing and Developing

Domain 3.0: Deployment and Security

Domain 4.0: Debugging

  • General troubleshooting information and questions
  • Best Practices in debugging

NOTE: I have just marked the topics inline with the AWS Exam Blue Print. So be sure to check the same, as it is updated regularly and go through Whitepapers, FAQs and Re-Invent videos.

AWS Developer – Associate Exam Resources


Udemy AWS Certified Developer - Associate Practice Tests

  • Purchased the acloud guru AWS Certified Developer – Associate course from udemy (should get it for $10-$15 on discount) helps to get a clear picture of the the format, topics and relevant sections
  • Opinion : acloud guru course are good by itself but is not sufficient to pass the exam but might help to counter about 50-60% of exam questions
  • Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
  • Also, used the QwikLabs for all the introductory courses which are free and allow you to try out the services multiple times (I think its max 5, as I got the warnings couple of times)
  • Update: Qwiklabs seems to have reduced the free courses quite a lot and now provide targeted labs for AWS Certification exams which are charged
  • Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
  • Did not purchase the AWS Practice exams, as the questions are available all around. But if you want to check the format, it might be useful.
  • You can also check practice tests

16 thoughts on “AWS Certified Developer – Associate Exam Learning Path

  1. Hi Jayendra,

    I am planning to write AWS Certified Developer – Associate Exam .

    Would you please share questions and answer , if you have ?


  2. Hi Jayendra,

    Which are the white papers I need to refer for AWS-Certified Developer Associate exam? (Please mention white papers needed for AWS-CDA only, not solution architect ones)

    Thank you for your time in advance.

    1. Hi Chitra, there are no specific Whitepapers for Developer. Also, none is listed in the AWS blue print.

      1. Thanks for quick response Jayendra, then which white papers I should refer to crack CDA exam? or I need not go through them? or any main specific ones?

  3. A Cloud Guru AWS Certified Developer – Associate (Practice Tests)

    you didn’t put a note whether the questions from this are similar to actual exam. was that intentional?

    1. Its intentional, I have not taken the A Cloud Guru tests and do not have users feedback as well, hence nothing is quoted for it.

  4. Hi Everyone,

    Hope the whole world is doing great. Thanks to Jayendrapatil for all his hard work!

    “Let’s support the one that support others” ~Q.A

    Here’s something I would like to share!!

    AWS Developer Study Guide

    Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table?

    Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose two.)

    A. Create an IAM User that allows write access to the DynamoDB table.
    B. Add an IAM Role to a running EC2 instance.
    C. Add an IAM User to a running EC2 Instance.
    D. Launch an EC2 Instance with the IAM Role included in the launch configuration.
    E. Create an IAM Role that allows write access to the DynamoDB table.
    F. Launch an EC2 Instance with the IAM User included in the launch configuration.

    What is the maximum number of S3 Buckets available per AWS account?

    A. 100 per region
    B. there is no limit
    C. 100 per account
    D. 500 per account
    E. 100 per IAM user

    You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist.

    What could explain this behavior?

    A. US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket
    B. Objects in Amazon S3 do not become visible until they are replicated to a second region.
    C. US-STANDARD imposes a 1 second delay before new objects are readable.
    D. You exceeded the bucket object limit, and once this limit is raised the object will be visible.

    After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.

    Which of the following steps could resolve the issue?

    A. Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet
    B. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet
    C. Disabling the Source/Destination Check attribute on the NAT instance
    D. Attaching an Elastic IP address to the instance in the private subnet

    What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

    A. GetItem
    B. BatchGetItem
    C. GetMultipleItems
    D. GetItemRange

    When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to
    encrypt object data when saved on the server side?

    A. x-amz-storage-class
    B. Content-MD5
    C. x-amz-security-token
    D. x-amz-server-side-encryption

    Which of the following services are key/value stores? (Choose three.)

    A. Amazon ElastiCache
    B. Simple Notification Service
    C. DynamoDB
    D. Simple Workflow Service
    E. Simple Storage Service

    If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?

    A. 0 seconds
    B. 1 hour
    C. 1 day
    D. forever
    E. 30 seconds

    You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet.
    What should you do to enable internet access?

    A. Deploy a NAT instance into the public subnet.
    B. Modify the routing table for the public subnet
    C. Configure a publically routable IP Address In the host OS of the fourth instance.
    D. Assign an Elastic IP address to the fourth instance.

    Which of the following are correct statements with policy evaluation logic in AWS Identity and Access
    Management? (Choose two.)

    A. By default, all requests are denied
    B. An explicit allow overrides an explicit deny
    C. An explicit allow overrides default deny.
    D. An explicit deny does not override an explicit allow
    E. By default, all request are allowed

    What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

    A. Previously-created resources are kept but the stack creation terminates.
    B. Previously-created resources are deleted and the stack creation terminates.
    C. The stack creation continues, and the final results indicate which steps failed.
    D. CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed.

    Which features can be used to restrict access to data in S3? (Choose two.)
    A. Use S3 Virtual Hosting
    B. Set an S3 Bucket policy.
    C. Enable IAM Identity Federation.
    D. Set an S3 ACL on the bucket or the object.
    E. Create a CloudFront distribution for the bucket
    Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name “ElasticLoad Balancer”?
    A. “Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”DNSName”]}]]
    B. “Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”Url”]}]]
    C. “Fn::Join” : [“”. [ “http://”, {“Ref” : “ElasticLoadBalancerUrl”}]]
    D. “Fn::Join” : [“.”, [ “http://”, {“Ref” : “ElasticLoadBalancerDNSName”}]]

    Which of the following platforms are supported by Elastic Beanstalk? (Choose two.)
    A. Apache Tomcat
    B. .NET
    C. IBM WebsphereD. Oracle JBoss
    E. Jetty

    Company D is running their corporate website on Amazon S3 accessed from http// Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.

    What should Company D do to prevent the web fonts from being blocked by the browser?
    A. Enable versioning on the cdfonts bucket for each web font
    B. Create a policy on the cdfonts bucket to enable access to everyone
    C. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website
    D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration

    When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table’s provisioned throughput?

    A. Set a smaller page size for the scan
    B. Use parallel scans
    C. Define a range index on the table
    D. Prewarm the table by updating all items

    In AWS, which security aspects are the customer’s responsibility? (Choose four.)

    A. Life-cycle management of IAM credentials
    B. Decommissioning storage devices
    C. Security Group and ACL (Access Control List) settings
    D. Encryption of EBS (Elastic Block Storage) volumes
    E. Controlling physical access to compute resources
    F. Patch management on the EC2 instance’s operating system

    Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

    A. DescnbeInstances
    B. DescribeAMls
    C. DescribeImages
    D. GetAMls
    E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs

    EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:
    A. be used to launch EC2 Instances in any AWS region.
    B. only be used to launch EC2 instances in the same country as the AMI is stored.
    C. only be used to launch EC2 instances in the same AWS region as the AMI is stored.
    D. only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored

    How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

    A. Query the appropriate Amazon CloudWatch metric.
    B. Use ipconfig or ifconfig command.
    C. Query the local instance userdata.
    D. Query the local instance metadata.

    Which of the following are valid arguments for an SNS Publish request? (Choose three.)

    A. TopicArn
    B. Subject
    C. Destination
    D. Format
    E. Message
    F. Language

    How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?

    A. Strongly consistent reads use the same amount of throughput as eventually consistent reads
    B. Strongly consistent reads use more throughput than eventually consistent reads
    C. Strongly consistent reads use less throughput than eventually consistent reads
    D. Strongly consistent reads use variable throughput depending on read activity

    Which of the following are valid SNS delivery transports? (Choose two.)

    A. HTTP
    B. UDP
    C. SMS
    D. DynamoDB
    E. Named Pipes

    A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
    The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2 After 60 minutes of load-testing, the webserver logs show:

    Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? (Choose two.)

    A. Launch and run the load-tester EC2 instance from us-east-1 instead.
    B. Re-configure the load-testing software to re-resolve DNS for each web request.
    C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
    D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
    E. Configure ELB session stickiness to use the app-specific session cookie.
    Which of the following statements about SWF are true? (Choose three.)

    A. SWF tasks are assigned once and never duplicated
    B. SWF requires an S3 bucket for workflow storage
    C. SWF workflow executions can last up to a year
    D. SWF triggers SNS notifications on task assignment
    E. SWF uses deciders and workers to complete tasks
    F. SWF requires at least 1 EC2 instance per domain

    Which of the following is chosen as the default region when making an API call with an AWS SDK?

    A. ap-northeast-1
    B. us-west-2
    C. us-east-1
    D. eu-west-1
    E. us-central-1

    How can you secure data at rest on an EBS volume?

    A. Attach the volume to an instance using EC2’s SSL interface.
    B. Write the data randomly instead of sequentially.
    C. Use an encrypted file system on top of the EBS volume.
    D. Encrypt the volume using the S3 server-side encryption service.
    E. Create an IAM policy that restricts read and write access to the volume.

    What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

    A. Virtual Private Cloud requires EBS backed instances
    B. Amazon EBS-backed instances can be stopped and restarted
    C. Auto scaling requires using Amazon EBS-backed instances.
    D. Instance-store backed instances can be stopped and restarted.

    An application stores payroll information nightly in DynamoDB for a large number of employees across
    hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours.
    Managers run reports for ranges of names working in their office. One query is. “Return all Items in this office for names starting with A through E”.

    Which table configuration will result in the lowest impact on provisioned throughput for this query?

    A. Configure the table to have a hash index on the name attribute, and a range index on the office identifier
    B. Configure the table to have a range index on the name attribute, and a hash index on the office identifier
    C. Configure a hash index on the name attribute and no range index
    D. Configure a hash index on the office Identifier attribute and no range index

    Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?

    A. User ID, where the application has many different users.
    B. Status Code where most status codes are the same
    C. Device ID, where one is by far more popular than all the others.
    D. Game Type, where there are three possible game types

    Company A has an S3 bucket containing premier content that they intend to make available to only paid
    subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

    How can Company A provide only paid subscribers the ability to download a premier content file in the S3
    A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket
    B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download
    C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects
    D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors

    When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

    A. Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue
    B. Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message
    C. Retrieve the message with increased DelaySeconds, process the message, delete the message from the queue
    D. Retrieve the message with increased DelaySeconds, delete the message from the queue, process the message

    Which DynamoDB limits can be raised by contacting AWS support? (Choose two.)

    A. The number of hash keys per account
    B. The maximum storage used per account
    C. The number of tables per account
    D. The number of local secondary indexes per account
    E. The number of provisioned throughput units per account

    Company C has recently launched an online commerce site for bicycles on AWS. They have a “Product”
    DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details. Which approach below provides the least impact to provisioned throughput on the “Product” table?

    A. Serialize the image and store it in multiple DynamoDB tables
    B. Create an “Images” DynamoDB table to store the Image with a foreign key constraint to the “Product” table
    C. Add an image data type to the “Product” table to store the images in binary format
    D. Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item for each image

    In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

    A. A 5xx HTTP response code
    B. 200 HTTP response code
    C. 306 HTTP response code
    D. 4xx HTTP response code

    A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.

    How much write throughput is required for the target table?

    A. 1 write capacity unit
    B. 10 write capacity units
    C. 60 write capacity units
    D. 600 write capacity units
    E. 3600 write capacity units

    Which of the following programming languages have an officially supported AWS SDK? (Choose two.)

    A. Perl
    B. PHP
    C. Pascal
    D. Java
    E. SQL

    Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?

    A. Create an IAM user with access credentials that are distributed with the mobile app to sign the requests
    B. Distribute the AWS root account access credentials with the mobile app to sign the requests
    F. Request temporary security credentials using web identity federation to sign the requests
    C. Establish cross account access between the mobile app and the DynamoDB table to sign the requests

    What AWS products and features can be deployed by Elastic Beanstalk? (Choose three.)

    A. Auto scaling groups
    B. Route 53 hosted zones
    C. Elastic Load Balancers
    D. RDS Instances
    E. Elastic IP addresses SQS Queues

    Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size.” error message. What is a possible solution for this?

    A. None, Simple Storage Service objects are limited to 5 GB
    B. Use the multi-part upload API for this object
    C. Use the large object upload API for this object
    D. Contact support to increase your object size limit
    E. Upload to a different region

    Which of the following services are included at no additional cost with the use of the AWS platform? (Choose two.)

    A. Simple Storage Service
    B. Elastic Compute Cloud
    C. Auto Scaling
    D. Elastic Load Balancing
    E. CloudFormation
    F. Simple Workflow Service

    You are writing to a DynamoDB table and receive the following exception:”
    ProvisionedThroughputExceededException”. Though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.What could be an explanation for this?

    A. You haven’t provisioned enough DynamoDB storage instances
    B. You’re exceeding your capacity on a particular Range Key
    C. You’re exceeding your capacity on a particular Hash Key
    D. You’re exceeding your capacity on a particular Sort Key
    E. You haven’t configured DynamoDB Auto Scaling triggers

    You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
    You advise them to:

    A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
    B. Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
    C. Implement a token vending service to handle the registration.
    D. Call the CreatePlatformEndPoint API function to register multiple device tokens.

    Which statements about DynamoDB are true? (Choose two.)

    A. DynamoDB uses a pessimistic locking model
    B. DynamoDB uses optimistic concurrency control
    C. DynamoDB uses conditional writes for consistency
    D. DynamoDB restricts item access during reads
    E. DynamoDB restricts item access during writes

    You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business.

    What is an effective method to mitigate this?

    A. Store photos on an EBS volume of the web server
    B. Remove public read access and use signed URLs with expiry dates.
    C. Use CloudFront distributions for static content.
    D. Block the IPs of the offending websites in Security Groups.

    You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed. What is a possible solution to prevent this happening?

    A. Use instance memory to save session state.
    B. Use instance storage to save session state.
    C. Use EBS to save session state
    D. Use ElastiCache to save session state.
    E. Use Glacier to save session slate.

    You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis?

    A. Retain the items in a single table
    B. Delete items individually over a 24 hour period
    F. Delete the table and create a new table per hour
    C. Create a new table per hour

    An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region, what is the regionspecific website endpoint?

    B. myawsbucket.s3-website-ap-northeast-1.amazonawscom

    Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?

    A. Set the imaging queue visibility Timeout attribute to 20 seconds
    B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
    C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
    D. Set the DelaySeconds parameter of a message to 20 seconds

    A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? (Choose two.)

    A. The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the
    appropriate S3 bucket.
    B. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket.
    C. The application authenticates against IAM Security Token Service using the LDAP credentials. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
    D. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
    E. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.

    Which of the following statements about SQS is true?

    A. Messages will be delivered exactly once and messages will be delivered in First in, First out order
    B. Messages will be delivered exactly once and message delivery order is indeterminate
    C. Messages will be delivered one or more times and messages will be delivered in First in, First out order
    D. Messages will be delivered one or more times and message delivery order is indeterminate

    If an application is storing hourly log files from thousands of instances from a high traffic web site, which
    naming scheme would give optimal performance on S3?

    A. Sequential
    B. instanceID_log-HH-DD-MM-YYYY
    C. instanceID_log-YYYY-MM-DD-HH
    D. HH-DD-MM-YYYY-log_instanceID
    E. YYYY-MM-DD-HH-log_instanceID

    What type of block cipher does Amazon S3 offer for server side encryption?

    A. Triple DES
    B. Advanced Encryption Standard
    C. Blowfish
    D. RC5

    Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting
    enabled. Currently, when visitors go to the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters in the browser. Which of the following steps will allow Company C to meet this requirement? (Choose two.)

    A. Upload an html page named welcome.html to their S3 bucket
    B. Create a welcome subfolder in their S3 bucket
    C. Set the Index Document property to welcome.html
    D. Move the index.html page to a welcome subfolder
    E. Set the Error Document property to welcome.html

Leave a Reply

Your email address will not be published. Required fields are marked *