Amazon Web Services AWS Certified Associate DVA-C02 New Questions

Why Option D is Correct:When using a container-based AWS Lambda function, you are responsible for updating the base image for runtime patches. Rebuilding the container with the latest Node.js patch version ensures the function is updated with the required security patches. Publishing a new version of the Lambda function makes the updated image available for use.

Why Other Options are Incorrect:

Option A: The runtime update mode applies to functions using AWS-managed runtimes, not container-based runtimes.

Option B: Redeploying the same version of the Lambda function does not apply the security patch.

Option C: Rebuilding with the AWS OS base image does not guarantee that the latest Node.js patch version is included.

AWS Documentation References:

Lambda Function Container Images

Node.js Updates in AWS Lambda

Comprehensive and Detailed Step-by-Step Explanation:

Option D: Use Lambda with Container Images

AWS Lambda supports container images up to 10 GB in size, making it suitable for applications with large dependencies, such as a video codec library larger than 250 MB.

By creating separate container images for video compression and decompression, the application can efficiently isolate functionality while ensuring that each function includes the required dependencies.

The container images are stored in Amazon ECR and used to create the Lambda functions.

Why Other Options Are Incorrect:

Option A: A single Lambda function with all functionalities and dependencies in one zip file is not feasible due to the 250 MB deployment package size limit for zip files.

Option B: Including the library in two separate zip files still exceeds the size limit for Lambda zip deployment packages.

Option C: While using a Lambda layer can reduce redundancy, the combined size of the layer and the zip files would exceed the limit of 250 MB.

Comprehensive and Detailed 250 to 300 words of Explanation (AWS-doc-aligned):

To minimize widget latency for ranking and sorting, the best fit is Amazon ElastiCache for Redis OSS because Redis provides built-in in-memory data structures specifically suited for ranking use cases, such as Sorted Sets (ZSETs) . Sorted sets maintain members in order by score, which enables fast retrieval of “top N” items and efficient re-ranking without repeatedly querying the primary database and sorting at the application tier. Memcached, by contrast, is a simpler key-value cache and does not provide comparable native ranking/sorting data structures.

To ensure data remains up to date , a write-through caching strategy is preferred. With write-through, updates are written to the cache at the same time as the system of record, so the cache reflects the latest values immediately after writes. This avoids stale rankings that can occur with lazy-loading (cache-aside), where the cache is only populated or refreshed on reads and can serve older data until expiration or explicit invalidation.

Combining Redis’s native sorted/ranking structures with write-through updates yields the least latency because the page widgets can fetch pre-ranked/pre-sorted results directly from Redis memory with minimal computation, while still maintaining freshness as new plays, likes, or album changes occur. Operationally, this pattern reduces database load, avoids repeated sorting work in the application, and provides consistently fast reads for a high-traffic page.

Secrets Management: AWS Secrets Manager is designed specifically for storing and managing sensitive credentials.

Built-in Rotation: Secrets Manager provides automatic secret rotation functionality, enhancing security posture significantly.

IAM Integration: IAM policies and roles grant fine-grained access to ECS Fargate, ensuring the principle of least privilege.

Reduced Overhead: This solution centralizes secrets management and automates rotation, reducing operational overhead compared to the other options.