Browse papers
LevelAWS Developer — Associate
SubjectAWS Developer — Associate
Year2025 BS
Exam sessionModel questions
Full marks65
Time allowed130 minutes
Questions10, all with step-by-step solutions
A

AWS Developer Associate Core

Select the best answer.

10 questions·1 mark each
1Multiple choice1 mark

An AWS Lambda function needs to read items from an Amazon DynamoDB table. The function is timing out after the default 3-second limit. Which of the following is the BEST solution?

  • a

    Increase the Lambda function timeout and memory allocation

  • b

    Deploy the Lambda function in a VPC

  • c

    Switch from DynamoDB to Amazon RDS

  • d

    Use Amazon SNS instead of direct DynamoDB reads

Correct answer: a

Increase the Lambda function timeout and memory allocation

When a Lambda function times out, the first step is to increase the timeout setting (up to 15 minutes) and memory allocation (which also increases CPU). DynamoDB reads from Lambda do not require VPC placement and are typically fast, so timeout/memory adjustments resolve most issues.

serverless
2Multiple choice1 mark

A developer wants to deploy a new version of an AWS Lambda function and gradually shift traffic from the old version to the new version. Which deployment configuration should be used?

  • a

    AllAtOnce

  • b

    Canary10Percent5Minutes

  • c

    Immutable

  • d

    Rolling

Correct answer: b

Canary10Percent5Minutes

AWS Lambda supports traffic shifting using aliases with CodeDeploy. Canary10Percent5Minutes shifts 10% of traffic to the new version initially, then shifts the remaining 90% after 5 minutes if no alarms trigger. This allows gradual rollout with automatic rollback.

deployment
3Multiple choice1 mark

A developer is using the AWS SDK for Python (Boto3) and receives a ThrottlingException when calling the Amazon DynamoDB API. Which of the following strategies should be implemented?

  • a

    Retry the request immediately without any delay

  • b

    Implement exponential backoff with jitter

  • c

    Switch to the AWS CLI instead of the SDK

  • d

    Increase the DynamoDB item size limit

Correct answer: b

Implement exponential backoff with jitter

When receiving throttling errors from AWS services, the recommended retry strategy is exponential backoff with jitter. This progressively increases the wait time between retries while adding randomness to avoid synchronized retry storms from multiple clients.

development
4Multiple choice1 mark

A Lambda function needs to access an Amazon S3 bucket and an Amazon SQS queue. How should the developer configure permissions following the principle of least privilege?

  • a

    Attach the AdministratorAccess managed policy to the Lambda execution role

  • b

    Create a custom IAM policy granting only the required S3 and SQS actions and attach it to the Lambda execution role

  • c

    Embed AWS access keys in the Lambda function code

  • d

    Make the S3 bucket and SQS queue publicly accessible

Correct answer: b

Create a custom IAM policy granting only the required S3 and SQS actions and attach it to the Lambda execution role

Following least privilege, create a custom IAM policy that grants only the specific S3 and SQS actions needed (e.g., s3:GetObject, sqs:SendMessage) and attach it to the Lambda execution role. Never embed credentials in code or use overly permissive policies.

security
5Multiple choice1 mark

A developer needs to trace requests as they flow through multiple AWS services including API Gateway, Lambda, and DynamoDB. Which AWS service provides distributed tracing?

  • a

    Amazon CloudWatch Logs

  • b

    AWS X-Ray

  • c

    AWS CloudTrail

  • d

    Amazon EventBridge

Correct answer: b

AWS X-Ray

AWS X-Ray provides distributed tracing capabilities, allowing developers to analyze and debug requests as they traverse multiple AWS services. It creates a service map and identifies performance bottlenecks across API Gateway, Lambda, DynamoDB, and more.

monitoring
6Multiple choice1 mark

A developer is deploying a containerized application on Amazon ECS with AWS Fargate. The application needs to store sensitive configuration values such as database passwords. Which is the MOST secure approach?

  • a

    Store passwords in environment variables defined in the ECS task definition

  • b

    Store passwords in AWS Systems Manager Parameter Store (SecureString) or AWS Secrets Manager and reference them in the task definition

  • c

    Hard-code passwords in the Docker image

  • d

    Store passwords in an S3 bucket with public read access

Correct answer: b

Store passwords in AWS Systems Manager Parameter Store (SecureString) or AWS Secrets Manager and reference them in the task definition

Secrets should be stored in AWS Secrets Manager or SSM Parameter Store (SecureString type) and referenced from the ECS task definition using the secrets block. This ensures encryption at rest via KMS and avoids exposing sensitive values in plain-text environment variables or source code.

containers
7Multiple choice1 mark

A developer is building a REST API using Amazon API Gateway and AWS Lambda. The API needs to support Cross-Origin Resource Sharing (CORS) for a web application. Where should CORS be configured?

  • a

    In the Lambda function IAM execution role

  • b

    In the API Gateway resource settings and in the Lambda function response headers

  • c

    In the Amazon Route 53 hosted zone

  • d

    In the AWS WAF rules

Correct answer: b

In the API Gateway resource settings and in the Lambda function response headers

CORS must be configured in two places: (1) Enable CORS on the API Gateway resource/method to handle preflight OPTIONS requests, and (2) include the appropriate CORS headers (Access-Control-Allow-Origin, etc.) in the Lambda function response.

development
8Multiple choice1 mark

A development team uses AWS CodePipeline for CI/CD. They want the pipeline to automatically run unit tests before deploying to production. Which AWS service should be used for the test stage?

  • a

    AWS CodeCommit

  • b

    AWS CodeBuild

  • c

    AWS CodeDeploy

  • d

    Amazon CodeGuru

Correct answer: b

AWS CodeBuild

AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces deployment artifacts. In a CodePipeline, CodeBuild is used for the build and test stages, while CodeDeploy handles deployment and CodeCommit hosts the source repository.

deployment
9Multiple choice1 mark

A developer discovers that a monolithic application has a component that experiences variable high traffic while the rest remains lightly used. Which refactoring approach is MOST appropriate?

  • a

    Vertically scale the entire monolith by using a larger EC2 instance

  • b

    Extract the high-traffic component into a separate microservice using Lambda or ECS and communicate via Amazon SQS or API Gateway

  • c

    Add a second copy of the entire monolith behind a load balancer

  • d

    Move the entire application to a single larger RDS instance

Correct answer: b

Extract the high-traffic component into a separate microservice using Lambda or ECS and communicate via Amazon SQS or API Gateway

Extracting the high-traffic component into a separate microservice allows it to scale independently. Using serverless (Lambda) or containers (ECS) with asynchronous communication (SQS) or synchronous APIs (API Gateway) provides efficient, scalable decoupling.

refactoring
10Multiple choice1 mark

A developer Lambda function invoked by Amazon API Gateway is returning a 502 Bad Gateway error. The function code executes successfully in local testing. What is the MOST likely cause?

  • a

    The Lambda function does not have internet access

  • b

    The Lambda function is not returning a response in the format expected by API Gateway (statusCode, headers, body)

  • c

    The API Gateway stage is not deployed

  • d

    The Lambda function memory is too low

Correct answer: b

The Lambda function is not returning a response in the format expected by API Gateway (statusCode, headers, body)

A 502 Bad Gateway from API Gateway with Lambda proxy integration typically means the Lambda function response is malformed. API Gateway expects a specific JSON structure with statusCode (integer), headers (object), and body (string). Incorrect formatting triggers a 502.

troubleshooting

Frequently asked questions

Where can I find the AWS Developer — Associate AWS Developer — Associate question paper 2025?
The full AWS Developer — Associate AWS Developer — Associate 2025 (Model questions) question paper is available free on Kekkei. You can read every question online and attempt the paper under timed exam conditions.
Does the AWS Developer — Associate 2025 paper come with solutions?
Yes. Every question on this AWS Developer — Associate past paper includes a step-by-step solution, plus instant AI feedback when you attempt it on Kekkei.
How many marks is the AWS Developer — Associate AWS Developer — Associate 2025 paper?
The AWS Developer — Associate AWS Developer — Associate 2025 paper carries 65 full marks and is meant to be completed in 130 minutes, across 10 questions.
Is practising this AWS Developer — Associate past paper free?
Yes — reading and attempting this AWS Developer — Associate past paper on Kekkei is completely free.