Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

The requirement is for a single secret value to be available in multiple AWS Regions while remaining consistent across those Regions, with the least operational overhead . AWS Secrets Manager provides a managed capability for this use case: secret replication (also referred to as multi-Region secrets). When replication is enabled from a primary Region, Secrets Manager automatically creates and maintains synchronized replicas of the secret in the selected secondary Regions. Updates to the primary secret are propagated to the replicas so the secret value remains consistent across Regions.

This approach (option C) minimizes operational effort because AWS manages the replication workflow, consistency, and the lifecycle of replicas. The application in each Region can retrieve the secret from the local Region endpoint of Secrets Manager by referencing the Region-appropriate secret ARN, improving latency and reducing cross-Region dependency. It also improves resilience: if a Region has issues, workloads in another Region can still read the replicated secret locally.

Option A recreates managed replication with custom glue (Lambda + EventBridge), which adds code, scheduling, error handling, permissions, retries, and monitoring—higher operational overhead and more failure modes. Option B introduces a cross-Region runtime dependency on the primary Region and increases latency; local caching also risks stale secret values during rotations/updates unless carefully managed, and it reduces resilience if the primary Region is impaired. Option D (independent secrets per Region) increases operational overhead and directly risks inconsistency, because keeping values synchronized becomes a manual or custom automated process.

Therefore, C is the best solution: enable Secrets Manager replication in the primary Region and have applications in each Region read from their local replicated secret ARN to achieve consistent, multi-Region availability with minimal operational work.

This solution will meet the requirements by using Amazon CloudWatch Logs to capture and analyze the logs from API Gateway. Amazon CloudWatch Logs is a service that monitors, stores, and accesses log files from AWS resources. The developer can turn on execution logging and access logging in Amazon CloudWatch Logs for the API stage, which enables logging information about API execution and client access to the API. The developer can create a CloudWatch Logs log group, which is a collection of log streams that share the same retention, monitoring, and access control settings. The developer can specify the Amazon Resource Name (ARN) of the log group for the API stage, which instructs API Gateway to send the logs to the specified log group. The developer can then examine the logs to determine the cause of the HTTP 400 response errors. Option A is not optimal because it will create an Amazon Kinesis Data Firehose delivery stream to receive API call logs from API Gateway, which may introduce additional costs and complexity for delivering and processing streaming data. Option B is not optimal because it will turn on AWS CloudTrail Insights and create a trail, which is a feature that helps identify and troubleshoot unusual API activity or operational issues, not HTTP response errors. Option C is not optimal because it will turn on AWS X-Ray for the API stage, which is a service that helps analyze and debug distributed applications, not HTTP response errors.