Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

To give the frontend team immediate access to stable endpoints without waiting for a real backend implementation, the simplest approach is to use API Gateway MOCK integration. A MOCK integration lets API Gateway generate a response directly, without invoking Lambda or any other backend. This is ideal for early UI development because you can return consistent, predefined payloads and status codes for each method.

With MOCK integration, you configure an integration request (often using a static mapping template) to produce a dummy request payload that triggers a response, and then you configure integration responses to return specific HTTP status codes (such as 200, 400, 500) along with predefined JSON bodies. You can also set response headers (for example, Content-Type: application/json) and use mapping templates to shape the returned JSON. This satisfies the requirement to “return predefined HTTP status codes and JSON responses” while minimizing development effort and avoiding the need to deploy placeholder Lambda functions.

Option A (AWS_PROXY with Lambda) can work, but it requires creating and deploying Lambda functions and IAM permissions just to return static data—more effort than necessary. Option C (HTTP PROXY) depends on an external placeholder service, which adds another system to build and maintain. Option D is incorrect because HTTP status codes are not defined in the method request; they are defined through method responses and realized through integration responses in API Gateway’s integration configuration.

Therefore, B is the best solution: MOCK integration with integration request/response mappings provides quick, code-free stubs that unblock frontend development.

The requirements are: (1) store an API key that a Lambda function will use, (2) ensure the secret is encrypted at rest using AWS KMS, and (3) the company must control key rotation, which implies using a customer managed KMS key (CMK) rather than an AWS managed key.

Option C meets the requirements by storing the API key in AWS Systems Manager Parameter Store as a SecureString parameter encrypted with a customer managed KMS key. SecureString is designed for sensitive configuration data and integrates with KMS so the organization can choose the CMK, manage its lifecycle, and control rotation policies. The Lambda function can retrieve the parameter at runtime using the AWS SDK, and IAM policies can tightly control access to the parameter and to the KMS key.

Option E also meets the requirements by storing the API key in a Lambda environment variable encrypted with a customer managed KMS key. Lambda encrypts environment variables at rest and allows you to specify a customer managed KMS key for encryption. This gives the company control over key rotation and key policy, satisfying the “must control key rotation” requirement. The function reads the value from the environment at runtime without additional network calls.

Why the other options fail:

A uses an AWS managed KMS key, which does not satisfy the requirement for the company to control rotation (you cannot manage rotation of AWS managed keys in the same way).

B is a plain String parameter, which is not encrypted as a secret and does not meet the at-rest encryption requirement.

D uses an AWS managed KMS key, again failing the company-controlled rotation requirement.

Therefore, the two valid solutions are C (Parameter Store SecureString with a customer managed CMK) and E (Lambda environment variable encrypted with a customer managed CMK).

For asynchronous Lambda invocations, AWS provides built-in failure handling options that require minimal code and minimal operational work. When an async invocation fails (after Lambda’s internal retry behavior), the event can be sent to a dead-letter queue (DLQ) so it is not lost. A DLQ is the standard mechanism for capturing events that could not be processed successfully, preserving the original payload for later inspection and reprocessing.

Using a DLQ (typically Amazon SQS or Amazon SNS) gives durable storage of failed events and decouples failure recovery from the main execution path. The developer can later re-drive the messages by building a simple replay process, such as moving messages from the DLQ back to the original event source or invoking the function again with the stored payloads. This aligns with the requirement: “store messages that resulted in failed invocations so the application can retry later.”

Among the options, C is the only one that uses Lambda’s native async failure capture mechanism. Options A and B introduce unnecessary complexity and do not reliably store the original failed invocation payloads as a first-class workflow (CloudWatch Logs is not a message queue, and EventBridge→SNS doesn’t automatically capture only failed events from Lambda async invocations). Option D changes the architecture to an SQS pull model for the Lambda function; while valid, it is more than needed and adds design/operational considerations (polling, batching, visibility timeouts, DLQ configuration on the queue, etc.) compared with simply enabling DLQ support for async invokes.

Therefore, the least operational overhead solution is C: configure a dead-letter queue for the Lambda function’s asynchronous invocations so failed events are stored for later retry.