Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

Requirement Summary:

Prevent unauthorized code changes in AWS Lambda

Ensure only trusted code is deployed

AWS Lambda supports Code Signing:

You can configure code signing in Lambda using AWS Signer

Packages must be digitally signed and verified against the signing profile

Rejects unauthorized/modified packages automatically

Evaluate Options:

A. Trusted code option in CodeDeploy

No such feature exists for Lambda

CodeDeploy is more for EC2/On-Prem/Containers, not Lambda code signing

B. Define code signing config + use AWS Signer

This is exactly how AWS enforces trusted code deployment

Attach a code signing configuration to the Lambda function

Use AWS Signer to digitally sign deployment packages

C. Link to KMS to sign code

KMS is not used to sign Lambda packages

KMS is for data encryption, not application code integrity

D. Set KmsKeyArn

This configures data encryption, not code signing

Lambda code signing:

AWS Signer overview:

The correct answer is C. The developer did not update the Docker image tag to a new version.

C. The developer did not update the Docker image tag to a new version. This is correct. When deploying an application to Amazon EKS, the developer needs to specify the Docker image tag that contains the application code and configuration. If the developer does not update the Docker image tag to a new version after making changes to the application, the EKS cluster will continue to use the old Docker image tag that references the original backend resources. To fix this issue, the developer should update the Docker image tag to a new version and redeploy the application to the EKS cluster.

A. The developer did not successfully create the new AWS account. This is incorrect. The creation of a new AWS account is not related to the application’s connection to the backend resources. The developer can use any AWS account to host the EKS cluster and the backend resources, as long as they have the proper permissions and configurations.

B. The developer added a new tag to the Docker image. This is incorrect. Adding a new tag to the Docker image is not enough to deploy the changes to the application. The developer also needs to update the Docker image tag in the EKS cluster configuration, so that the EKS cluster can pull and run the new Docker image.

D. The developer pushed the changes to a new Docker image tag. This is incorrect. Pushing the changes to a new Docker image tag is not enough to deploy the changes to the application. The developer also needs to update the Docker image tag in the EKS cluster configuration, so that the EKS cluster can pull and run the new Docker image.

The requirement is to automatically delete objects for basic users after 90 days with the least development effort. Amazon S3 provides a built-in, fully managed feature for this: S3 Lifecycle configuration rules . Lifecycle rules can filter objects by prefix (and/or tags) and then perform actions such as expiring (deleting) objects after a specified number of days since creation. Because the bucket does not have versioning enabled, the relevant action is to expire the current object after the retention period.

Option C matches this exactly: create an S3 Lifecycle rule that applies only to objects under the basic/ prefix and configure the rule to expire current versions after 90 days . S3 then automatically and continuously enforces the policy without any code, scheduling, or operational maintenance. This is typically the lowest-effort and most reliable approach because it is handled by S3 itself.

Option A requires writing and operating a Lambda function plus a scheduler, handling pagination, permissions, error handling, retries, and potential costs and throttling when scanning large buckets. That is more development and operational effort than a lifecycle rule. Option B is incorrect because it targets the premium/ prefix, but premium objects must be retained indefinitely. Option D refers to delete markers and unfinished multipart uploads; delete markers are relevant primarily for versioned buckets , and cleaning up multipart uploads does not implement the required “delete basic objects after 90 days” behavior.

Therefore, the correct solution is C : use an S3 Lifecycle rule scoped to the basic/ prefix to expire objects after 90 days, achieving automated retention with minimal development effort.