AWS Certified Associate DVA-C02 Full Course Free

Amazon DynamoDB is a fully managed NoSQL database service that can store and retrieve any amount of data with high availability and performance. DynamoDB can handle concurrent requests from multiple IoT devices without throttling or data loss. To prevent duplicate requests from causing inconsistencies or data loss, the Lambda function can use DynamoDB conditional writes to check if the unique identifier for each request already exists in the table before processing the request. If the identifier exists, the function can skip or abort the request; otherwise, it can process the request and store the identifier in the table. Reference: Using conditional writes

This solution meets the requirements because it encrypts data at rest using AWS KMS keys and provides an audit trail of when and by whom they were used. Server-side encryption with AWS KMS managed keys (SSE-KMS) is a feature of Amazon S3 that encrypts data using keys that are managed by AWS KMS. When SSE-KMS is enabled for an S3 bucket or object, S3 requests AWS KMS to generate data keys and encrypts data using these keys. AWS KMS logs every use of its keys in AWS CloudTrail, which records all API calls to AWS KMS as events. These events include information such as who made the request, when it was made, and which key was used. The company policy can use CloudTrail logs to audit critical events related to their data encryption and access. Server-side encryption with Amazon S3 managed keys (SSE-S3) also encrypts data at rest using keys that are managed by S3, but does not provide an audit trail of key usage. Server-side encryption with customer-provided keys (SSE-C) and server-side encryption with self-managed keys also encrypt data at rest using keys that are provided or managed by customers, but do not provide an audit trail of key usage and require additional overhead for key management.

By default, an Auto Scaling group uses EC2 status checks to determine instance health. EC2 status checks confirm that an instance is running and reachable at the infrastructure level, but they do not validate that the application is healthy behind the load balancer. In this scenario, the ALB is returning HTTP 502 errors and the target group shows instances as unhealthy, meaning the application is failing health checks (or not responding correctly). However, because the Auto Scaling group is using the default EC2 health check type, it does not consider these instances unhealthy for replacement.

AWS recommends configuring the Auto Scaling group to use ELB health checks when instances serve traffic behind an ALB or NLB. With ELB health checks enabled, Auto Scaling evaluates target health as reported by the load balancer target group. If the ALB marks an instance unhealthy, the Auto Scaling group will treat that instance as unhealthy and terminate and replace it automatically, restoring capacity with healthy targets.

Why the other options are insufficient:

Cooldown period (A) affects scaling timing, not health replacement logic.

Lifecycle hook changes (B) can help with initialization timing, but they do not cause Auto Scaling to replace instances based on ALB target health unless ELB health checks are enabled.

Health check grace period (D) delays health evaluation after launch, which can reduce premature replacement, but it still won’t replace instances based on ALB target group status unless the health check type is ELB.

Therefore, switching the Auto Scaling group health check type to Elastic Load Balancing (ELB) is the correct fix.

The correct answer is C because the requirement is for a live feed of log events in near real time , filtered to show only lines that begin with “ERROR.” The live tail feature for AWS Lambda and CloudWatch Logs is specifically intended for this kind of operational debugging. It allows developers to watch logs as they are generated and apply filtering so they can focus only on relevant messages during active troubleshooting.

This is particularly suitable because the function is already in production , and the company wants immediate visibility into timeout-related issues without waiting for a full batch of logs to accumulate. With live tail and a filter expression for ERROR , the developer can observe only the important log lines as new invocations happen, which speeds up root-cause analysis.

Option A is not the best answer because CloudWatch Logs Insights is powerful for querying logs, but it is primarily used for searching and analyzing logs after they have been collected, not as a continuous near-real-time live stream. Option B is incorrect because a subscription filter is used to forward logs to another destination such as Lambda, Kinesis, or Firehose; it is not the simplest way to give an operator a live interactive filtered view. A metric filter also creates metrics from log patterns but does not present the actual live log lines for review. Option D is incorrect because Amazon Athena is not used directly for querying CloudWatch Logs in real-time operational troubleshooting.

Therefore, the best solution is to use live tail with an ERROR filter to inspect relevant Lambda log events as they occur.