Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

Amazon CloudFront is a global content delivery network (CDN) designed to deliver static and streaming content with low latency and high throughput . AWS documentation explicitly recommends CloudFront for media streaming and high-request-rate workloads.

By placing CloudFront in front of Amazon S3, video content is cached at edge locations close to end users. This dramatically reduces latency, minimizes buffering, and offloads request volume from the S3 bucket. CloudFront is built to handle sudden traffic spikes and supports tens of thousands of requests per second per edge location.

Route 53 routing policies (Option A) control DNS resolution but do not cache content. Cross-Region Replication (Option B) improves regional availability but does not provide edge caching or streaming optimization. S3 Intelligent-Tiering (Option C) optimizes storage cost, not performance.

Therefore, using CloudFront with S3 as the origin provides the largest and most immediate performance improvement.

Sensitive environment variables in Lambda should be protected using encryption helpers integrated with AWS KMS. Lambda environment variables are encrypted at rest, and when using a customer managed KMS key, teams can control the key policy, access, and rotation for their own microservices—matching the policy requirement that each team has “full control” over key rotation. AWS managed keys do not provide the same level of customer control over lifecycle and rotation decisions.

Therefore, the correct approach is to create customer managed KMS keys (one per team/service boundary or per microservice, depending on governance) and configure each Lambda function to use the relevant CMK for encrypting its environment variables. The Lambda execution role must have permission to use the key for decryption at runtime, typically requiring kms:Decrypt (and sometimes kms:DescribeKey depending on tooling). This is captured by Option B.

Option A and D use AWS managed keys, which do not satisfy the requirement for each team to control rotation. Rotation control (and policy ownership) is a key differentiator of customer managed keys.

Option C is not correct because the Lambda execution role does not need kms:CreateGrant and kms:Encrypt for decrypting environment variables at runtime. Over-permissioning increases risk. The Lambda service handles encryption of environment variables; the function runtime principally needs the ability to decrypt.

Comprehensive and Detailed Step-by-Step Explanation:

The requirement is to query records by CustomerID, which is not the current partition key (OrderID). To achieve this efficiently:

Option A: Create a GSI with CustomerID as the Partition Key:

A Global Secondary Index (GSI) allows developers to create a different partition key and optional sort key for querying the data.

By creating a GSI with CustomerID as the partition key, the developer can query the table efficiently using CustomerID as the primary lookup key.

This avoids scanning the entire table and matches the requirement.

Why Other Options Are Incorrect:

Option B: Using CustomerID as a sort key for the GSI and performing a scan operation is inefficient. Queries are optimized, but scans are not.

Option C and D: Local Secondary Indexes (LSI) are only valid when the partition key remains the same as the base table. Since OrderID is the base table’s partition key, using CustomerID as the partition key or sort key in an LSI is not valid.