Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

To rotate database credentials without downtime, Secrets Manager recommends the alternating users (dual user) rotation strategy. With a single-user strategy, Secrets Manager changes the password for the same database user that the application is actively using. If the application continues using cached/old credentials during rotation, authentication failures and downtime can occur.

With the alternating users strategy, two database users exist (often named something like appuser and appuser_clone). Secrets Manager alternates which user is “active” in the secret. During rotation, Secrets Manager updates the inactive user’s password, verifies it, updates the secret to point to the newly updated user, and then (optionally) retires the old credentials. This approach minimizes disruption because there is always one known-good credential set while the other is being updated.

The question specifically requires regular rotation using Secrets Manager. That is achieved by enabling automatic rotation on the secret with a schedule (for example, every 30/60/90 days). Automatic rotation invokes the rotation Lambda (AWS-provided or configured) and performs the workflow without manual intervention.

Option D combines both requirements: automatic rotation plus the alternating users strategy for high availability and no downtime.

Option B mentions alternating users but “managed rotation” is not the standard term used in these choices as the primary differentiator—automatic rotation is the necessary capability to rotate regularly without manual effort.

Options A and C (single user) are more likely to cause downtime during rotation.

Therefore, configure automatic rotation with the alternating users rotation strategy.

Requirement Summary:

Trigger an AWS Step Functions state machine (test execution)

Only when a specific AWS CloudFormation stack is deployed

Option A: Create a Lambda function to invoke the state machine

Valid approach: Lambda can be used as an intermediary trigger for Step Functions using the SDK (e.g., StartExecution API).

Offers flexibility (custom filtering, additional logic).

Option B: Create EventBridge rule filtering on UPDATE_IN_PROGRESS

Incorrect: UPDATE_IN_PROGRESS triggers before the stack is fully deployed.

You need to trigger after deployment, such as UPDATE_COMPLETE or CREATE_COMPLETE.

Option C: EventBridge Pipes with Lambda target filtering on UPDATE_IN_PROGRESS

Incorrect for same reason as B (wrong timing).

Also, EventBridge Pipes are not necessary here if you ' re using rules directly.

Option D: Pipe with EventBridge Rule as source and Step Functions as target

Invalid setup: EventBridge Pipes use event sources, not rules, as input.

This configuration is unsupported.

Option E: Add the state machine as a target of the EventBridge rule

Direct and low-overhead approach.

EventBridge natively supports Step Functions as a target.

You can trigger the state machine without a Lambda if the filter matches (e.g., ResourceStatus = CREATE_COMPLETE, with the correct StackId).

Step Functions as EventBridge target:

EventBridge CloudFormation events:

StartExecution API:

This solution meets the requirements most cost-effectively because it optimizes the photos on demand and caches them for future requests. Lambda@Edge allows the developer to run Lambda functions at AWS locations closer to viewers, which can reduce latency and improve photo quality. The developer can create a Lambda@Edge function that uses the GET parameters from each request to optimize the photos with the required dimensions and resolutions and returns them as a response. The function can also store a copy of the processed photos on Amazon S3 for subsequent requests, which can reduce processing time and costs. Using S3 Batch Operations to create new variants of the photos will incur additional storage costs and may not cover all possible dimensions and resolutions. Creating a dynamic CloudFront origin or a Lambda@Edge function to route requests to corresponding photo variants will require maintaining a mapping of device types and photo variants, which can be complex and error-prone.