Amazon AWS Certified Developer — Associate DVA-C02 Exam Dumps and Practice Test Questions Set4 Q46-60

Visit here for our full Amazon AWS Certified Developer — Associate DVA-C02 exam dumps and practice test questions.

Question 46: 

What is the purpose of Lambda function versions?

A) Delete old code

B) Create immutable snapshots

C) Increase memory

D) Enable VPC access

Correct Answer: B

Explanation:

Lambda function versions create immutable snapshots of function code, configuration, environment variables, runtime settings, and execution role at a specific point in time. Once published, versions cannot be modified, ensuring consistent behavior and enabling safe deployment practices. Each version receives a unique version number, providing clear tracking of function evolution over time.

Publishing versions supports deployment strategies like blue-green deployments, canary releases, and rollbacks. When issues arise with new versions, reverting to previous versions is immediate by updating aliases or API Gateway integrations to reference stable versions. This safety net enables confident deployments knowing quick recovery is possible without code changes or redeployments.

The $LATEST version represents the current editable state of a function, always referencing the most recent unpublished changes. Development typically occurs against $LATEST, testing new features or fixes before publishing immutable versions for production use. This pattern separates development from production, preventing accidental deployment of untested code while maintaining flexibility during active development.

Versions don’t delete old code, increase memory, or enable VPC access. Deletion requires explicitly deleting version resources. Memory allocation is configured per version during publishing. VPC configuration is part of function settings included in version snapshots. Versions specifically provide immutability and change tracking, fundamental for professional software deployment practices.

Combining versions with aliases and weighted routing enables sophisticated deployment strategies. Traffic shifting gradually moves production traffic from old to new versions, monitoring error rates and performance before full deployment. Automated deployment pipelines use versions to track releases, correlating code changes with application behavior. CloudWatch metrics and X-Ray traces include version information, facilitating troubleshooting by isolating issues to specific code versions. Proper version management transforms Lambda from dynamic, potentially unstable deployments to controlled, professional operations meeting enterprise requirements.

Question 47: 

Which feature protects API Gateway from traffic spikes?

A) Caching

B) Throttling

C) Compression

D) Encryption

Correct Answer: B

Explanation:

API Gateway throttling protects backend services from being overwhelmed by excessive requests, implementing rate limiting at multiple levels including account, stage, and method. Throttling enforces maximum request rates and burst capacity, rejecting requests exceeding limits with 429 Too Many Requests responses. This protection prevents backend overload, manages costs by controlling request volumes, and ensures fair resource distribution among API consumers.

Throttling operates using token bucket algorithms where tokens represent request capacity. Steady-state rate defines tokens added per second, representing sustained throughput. Burst capacity allows temporary spikes exceeding steady-state rates by accumulating unused tokens. When requests arrive, API Gateway consumes tokens; requests without available tokens are throttled. This mechanism permits short bursts while preventing sustained overload.

Default account-level limits are 10,000 requests per second with 5,000 burst capacity, configurable through AWS Support quotas. Stage-level and method-level throttles allow finer-grained control, implementing different limits for specific APIs or operations. Usage plans provide per-customer throttling when API keys identify consumers, enabling tiered service offerings with different rate limits for free versus paid customers.

Caching improves performance by storing responses but doesn’t protect against traffic spikes to uncached endpoints. Compression reduces response sizes. Encryption secures data transmission. Only throttling specifically limits request rates to protect backends. Throttling is essential for production APIs where unexpected traffic, malicious attacks, or misconfigured clients could overwhelm systems without protection.

Monitoring throttled requests through CloudWatch helps identify legitimate traffic exceeding limits versus malicious activity. High throttle rates might indicate insufficient capacity requiring limit increases, denial-of-service attacks needing additional protection through AWS WAF, or client bugs causing excessive requests. Implementing exponential backoff with jitter in client applications gracefully handles throttled requests, automatically retrying after appropriate delays. Proper throttling configuration balances protecting backends with accommodating legitimate traffic growth.

Question 48: 

What is the purpose of DynamoDB Global Secondary Index sparse indexes?

A) Save storage costs

B) Improve query performance

C) Enable filtering

D) All of the above

Correct Answer: D

Explanation:

Sparse indexes in DynamoDB Global Secondary Indexes occur when only items containing the index’s partition key and optionally sort key appear in the index, rather than all table items. Since indexes only include items with defined key attributes, sparse indexes automatically filter results to items having specific attributes, providing performance and cost benefits simultaneously through reduced index size and focused queries.

Storage cost savings result from indexes containing fewer items than base tables. When optional attributes serve as index keys, only items with those attributes consume index storage. For example, an index using an «expirationDate» attribute only includes items with expiration dates, potentially a small fraction of total items. This targeted indexing significantly reduces storage costs compared to indexing all items.

Query performance improves because smaller indexes require less capacity and return results faster. Queries against sparse indexes inherently filter to relevant items without additional filter expressions. This built-in filtering reduces scanned data, consumed read capacity, and result processing overhead. Applications query sparse indexes knowing results contain only items matching their criteria.

Sparse indexes enable efficient filtering by attribute existence, effectively creating yes/no queries without explicit filter expressions. An index on «premiumMember» attribute naturally separates premium members from regular members. Queries against this index return only premium members without filter expressions, simplifying application code and improving performance compared to scanning tables with filters.

All three benefits apply simultaneously, making sparse indexes powerful optimization techniques. Strategic sparse index design identifies optional attributes representing important query dimensions, creating indexes that reduce costs, improve performance, and simplify queries. Common use cases include time-bound items (active versus expired), categorization (items belonging to specific categories), status flags (completed versus pending), and demographic filtering (items matching specific criteria). Understanding sparse index patterns enables sophisticated DynamoDB schema designs supporting diverse access patterns efficiently while controlling costs.

Question 49: 

Which command packages Lambda functions for deployment?

A) aws lambda package

B) aws cloudformation package

C) sam package

D) Both B and C

Correct Answer: D

Explanation:

Both CloudFormation package and SAM package commands prepare local artifacts for deployment by uploading them to S3 and transforming template references to S3 locations. These commands scan CloudFormation or SAM templates, identify local file references in resource definitions, upload files to designated S3 buckets, and update templates with S3 URLs replacing local paths. This process enables deployment from templates referencing previously local resources.

The AWS CLI cloudformation package command works with standard CloudFormation templates containing local references in properties like Lambda function Code, API Gateway DefinitionBody, or other artifact-based resources. The command uploads artifacts to S3, then outputs a new template with updated references. This packaged template can be deployed using cloudformation deploy or create-stack commands.

SAM CLI sam package performs identical operations but is specifically designed for SAM templates and serverless applications. SAM templates use simplified syntax for Lambda functions and other serverless resources. The sam package command handles SAM-specific resources alongside standard CloudFormation resources, making it the preferred tool for serverless applications using SAM framework.

There is no aws lambda package command; packaging happens through CloudFormation or SAM tools. Both cloudformation package and sam package serve the same purpose with slight variations in syntax and target template types. Modern best practice often uses sam package even for standard CloudFormation since SAM CLI provides enhanced serverless tooling while maintaining full CloudFormation compatibility.

Packaging integrates into CI/CD pipelines, automating artifact uploads and template transformation. Pipelines execute package commands, store packaged templates as artifacts, and deploy packaged templates through subsequent pipeline stages. This automation ensures consistent deployments and prevents manual artifact management errors. Understanding packaging workflows enables building professional deployment pipelines for serverless applications with proper artifact management and version control.

Question 50: 

What is the purpose of Lambda execution roles?

A) Invoke the function

B) Grant function permissions to AWS services

C) Authenticate users

D) Configure VPC access

Correct Answer: B

Explanation:

Lambda execution roles are IAM roles that functions assume during execution, granting permissions to access AWS services and resources. When functions need to read from S3, write to DynamoDB, publish to SNS, or invoke other AWS APIs, the execution role must include policies allowing those actions. Understanding execution roles is fundamental for Lambda security and functionality.

Execution roles follow the principle of least privilege, granting only necessary permissions for function operation. For example, a function processing S3 events might need s3:GetObject on specific buckets and logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents for CloudWatch Logging. Overly permissive roles violate security best practices and increase risk from compromised functions.

Lambda automatically assumes the execution role when invoking functions, obtaining temporary credentials through AWS Security Token Service (STS). Functions access AWS services using these credentials without managing API keys or passwords. The credentials are automatically rotated and scoped to single function executions, preventing credential leakage or misuse across invocations.

Resource-based policies grant services permission to invoke functions, the opposite direction from execution roles. User authentication uses Cognito, IAM, or custom authorizers at the API Gateway level. VPC configuration specifies networking but doesn’t grant AWS API permissions. Execution roles specifically handle function-to-service authorization during function execution.

Managed policies like AWSLambdaBasicExecutionRole provide common permissions including CloudWatch Logs access. Custom policies enable fine-grained control for specific application requirements. Trust policies on execution roles must allow lambda.amazonaws.com as the principal, enabling Lambda service to assume the role. IAM Access Analyzer and CloudTrail logs help audit role usage, identifying unused permissions for removal. Proper execution role management ensures functions operate securely with appropriate access to required resources while minimizing security exposure.

Question 51: 

Which DynamoDB API operation retrieves a single item by primary key?

A) Query

B) Scan

C) GetItem

D) BatchGetItem

Correct Answer: C

Explanation:

The GetItem operation retrieves a single item from DynamoDB by specifying the complete primary key, which includes the partition key and sort key if the table uses a composite primary key. GetItem is the most efficient way to retrieve individual items when you know the exact key values, providing consistent low-latency access regardless of table size. Understanding GetItem is fundamental for building performant DynamoDB applications.

GetItem requires specifying the table name and key attributes matching the table’s key schema. For tables with only partition keys, provide the partition key value. For tables with composite keys, provide both partition and sort key values. GetItem supports both eventually consistent and strongly consistent reads through the ConsistentRead parameter, allowing applications to choose appropriate consistency for each request.

Projection expressions limit returned attributes, reducing response size and consumed read capacity when applications need only specific attributes. GetItem returns the entire item by default, but projections enable retrieving only necessary data. This optimization improves performance and reduces costs, particularly for items with many attributes or large attribute values.

Query retrieves multiple items sharing the same partition key, not single items. Scan reads all table items, extremely inefficient for single-item retrieval. BatchGetItem retrieves multiple items by their keys in a single request but requires knowing all keys upfront. GetItem specifically addresses single-item retrieval by primary key, the most common and efficient access pattern.

GetItem consumes one read capacity unit for items up to 4 KB with eventually consistent reads, or two read capacity units for strongly consistent reads. Items exceeding 4 KB consume additional capacity units proportionally. Monitoring consumed capacity helps optimize costs and identify items requiring size optimization. Applications should use GetItem whenever primary keys are known, avoiding Query or Scan for single-item access. Caching frequently accessed items with ElastiCache or application-level caches reduces DynamoDB requests, improving performance and lowering costs for read-heavy workloads.

Question 52: 

What is the default concurrency limit for Lambda functions per region?

A) 100

B) 500

C) 1000

D) 10000

Correct Answer: C

Explanation:

AWS Lambda provides a default account-level concurrency limit of 1000 concurrent executions per region. This limit applies across all functions in a region, representing the maximum number of function instances executing simultaneously. Understanding concurrency limits is crucial for capacity planning and preventing throttling in production applications. The limit is a soft limit, meaning AWS Support can increase it upon request.

Concurrency represents the number of requests functions are serving at any moment. When a request arrives and all available concurrency is consumed by other executions, Lambda throttles the request. For synchronous invocations like API Gateway requests, throttling returns errors to callers. For asynchronous invocations from services like S3 or SNS, Lambda automatically retries throttled requests with exponential backoff.

Regional limits mean functions across all applications share the 1000 concurrent executions within a region. High-volume functions can exhaust account concurrency, throttling other functions. Reserved concurrency addresses this by allocating specific concurrency to critical functions, guaranteeing capacity while preventing them from consuming all account concurrency. Provisioned concurrency keeps function instances initialized, reducing cold starts for latency-sensitive applications.

Burst concurrency enables Lambda to rapidly scale up to the account limit initially, then continue scaling at 500 concurrent executions per minute. This burst capacity handles sudden traffic spikes while the scaling continues for sustained load increases. Monitoring ConcurrentExecutions and Throttles metrics in CloudWatch identifies functions approaching limits or experiencing throttling.

Applications expecting high concurrency should request limit increases before launching. AWS Support evaluates requests based on use cases and account history. Architectural patterns like queuing with SQS, rate limiting at API Gateway, and distributing workloads across regions help manage concurrency. Understanding these limits and management strategies ensures reliable serverless application performance without unexpected throttling during production operations.

Question 53: 

Which API Gateway resource policy controls who can invoke APIs?

A) IAM policy

B) Resource policy

C) Lambda execution role

D) VPC endpoint policy

Correct Answer: B

Explanation:

API Gateway resource policies are JSON policy documents attached to APIs that control which principals can invoke the API. Resource policies enable fine-grained access control based on AWS accounts, IAM users and roles, source IP addresses, VPC endpoints, and other conditions. These policies complement IAM policies, providing comprehensive access management for APIs.

Resource policies are particularly useful for cross-account access, allowing specific AWS accounts to invoke your APIs without requiring IAM role assumption. They also restrict API access to specific VPC endpoints, enabling private API access from VPCs without exposing APIs to the public internet. Source IP whitelisting limits API access to known IP ranges, providing additional security for sensitive APIs.

Resource policy evaluation combines with IAM policies for authorization decisions. When IAM users or roles invoke APIs, both IAM user policies and API resource policies must allow the action. This dual evaluation provides defense in depth, requiring explicit permission grants from both perspectives. For public APIs without AWS authentication, resource policies alone control access.

IAM policies control what IAM principals can do but don’t directly control API invocation from external clients. Lambda execution roles grant functions permissions to AWS services, not API invocation rights. VPC endpoint policies control access through specific VPC endpoints but are separate from API Gateway resource policies. Resource policies specifically define who can invoke APIs at the API Gateway level.

Common use cases include restricting API access to organizational AWS accounts, limiting APIs to specific VPCs for internal services, implementing IP-based access control, and preventing unauthorized cross-account access. Resource policies support condition keys enabling context-based access control like time-based restrictions, user agent filtering, or custom conditions. Proper resource policy configuration ensures APIs are accessible to authorized clients while preventing unauthorized access, complementing other security measures like API keys, OAuth, or custom authorizers.

Question 54: 

What is the purpose of Lambda environment variables encryption?

A) Compress data

B) Protect sensitive data at rest

C) Improve performance

D) Enable caching

Correct Answer: B

Explanation:

Lambda environment variable encryption protects sensitive data at rest using AWS Key Management Service (KMS), preventing unauthorized access to secrets stored as environment variables. By default, Lambda encrypts environment variables using an AWS-managed key, but you can specify customer-managed KMS keys for enhanced control over encryption and access auditing. Understanding encryption helps secure sensitive configuration data.

Environment variables are encrypted in transit and at rest automatically, but using customer-managed KMS keys provides additional benefits. You can audit key usage through CloudTrail, rotate keys on schedules, disable keys to prevent access, and implement fine-grained access control through key policies. These capabilities enhance security posture and support compliance requirements for sensitive data handling.

Lambda decrypts environment variables automatically when creating execution environments, making decrypted values available to function code. Functions don’t need decryption logic for standard environment variables. However, for maximum security, you can enable encryption helpers that provide encrypted versions of environment variables, requiring explicit decryption in function code. This pattern ensures secrets remain encrypted until actually needed during execution.

Encryption doesn’t compress data, improve performance, or enable caching. It specifically protects confidentiality by making data unreadable without proper decryption keys. While environment variables support storing secrets, AWS Secrets Manager or Systems Manager Parameter Store provide superior secret management for production workloads with features like automatic rotation, versioning, and cross-service integration.

Best practices include using environment variables for non-sensitive configuration like feature flags, endpoints, or timeouts, while storing sensitive data like passwords, API keys, or tokens in Secrets Manager or Parameter Store. Functions retrieve secrets during initialization using AWS SDKs, caching them in execution context for reuse. This approach separates configuration from secrets, providing appropriate security levels for different data types while maintaining operational flexibility and security.

Question 55: 

Which command creates a new Lambda function using AWS CLI?

A) aws lambda create

B) aws lambda create-function

C) aws lambda deploy

D) aws lambda new-function

Correct Answer: B

Explanation:

The AWS CLI command aws lambda create-function creates new Lambda functions, requiring parameters including function name, runtime, handler, execution role ARN, and code location. This command initializes functions with specified configurations, enabling programmatic function creation for automation, infrastructure as code, or CI/CD pipelines. Understanding CLI commands enables efficient Lambda management outside the console.

Creating functions requires specifying the runtime environment (Python, Node.js, Java, etc.), the handler indicating which function code to execute, and an execution role with necessary permissions. Code can be provided inline for small functions, uploaded from local zip files, or referenced from S3 for larger packages. Additional optional parameters include memory allocation, timeout, environment variables, VPC configuration, and tags.

Example command structure includes all required parameters and commonly used optional parameters. Automation scripts often use create-function in deployment pipelines, creating or replacing functions based on infrastructure definitions. Error handling in scripts checks for existing functions before creating to avoid conflicts, or uses update-function-code and update-function-configuration for modifications.

There is no aws lambda create, deploy, or new-function command. The correct command is specifically create-function following AWS CLI naming conventions. Other related commands include update-function-code for updating function code, update-function-configuration for modifying settings, delete-function for removal, and get-function for retrieving function information.

Infrastructure as code tools like CloudFormation, SAM, and Terraform typically wrap CLI commands or use APIs directly, providing declarative function definitions. However, understanding underlying CLI commands helps troubleshoot deployments, build custom tooling, or perform manual operations when necessary. CLI mastery enables efficient AWS resource management, automation, and integration with external systems. CloudFormation or SAM templates remain the recommended approach for production deployments, providing consistency, version control, and comprehensive infrastructure management.

Question 56: 

What is the maximum timeout for API Gateway integrations?

A) 10 seconds

B) 15 seconds

C) 29 seconds

D) 60 seconds

Correct Answer: C

Explanation:

API Gateway enforces a maximum integration timeout of 29 seconds for all integration types including Lambda, HTTP, AWS services, and mock integrations. This hard limit means backend services must respond within 29 seconds or API Gateway returns 504 Gateway Timeout errors to clients. Understanding this constraint influences architectural decisions and integration design for APIs.

The 29-second limit applies to the complete integration request-response cycle, including network latency, backend processing, and response transmission. For Lambda integrations, the function must complete execution and return results within this window even though Lambda supports up to 15-minute execution times. Synchronous Lambda invocations through API Gateway are constrained by the gateway timeout.

When operations require longer processing, implementing asynchronous patterns becomes necessary. One approach accepts requests returning 202 Accepted with job identifiers, processes work asynchronously, and provides separate endpoints for status checking. Clients poll status endpoints or receive notifications through webhooks, SNS, or WebSockets when processing completes. This pattern decouples long-running operations from synchronous API constraints.

Alternative timeouts like 10, 15, or 60 seconds aren’t the correct API Gateway limit. The specific 29-second timeout is a documented service characteristic affecting all integrations equally. Applications must design around this constraint, optimizing backend performance or implementing asynchronous patterns for longer operations.

Backend performance optimization includes database query tuning, caching frequently accessed data, connection pooling, and reducing external API calls. CloudWatch metrics track integration latency, identifying slow endpoints requiring optimization. Setting appropriate timeouts in backend systems prevents operations from exceeding gateway limits. For genuinely long-running processes, consider Step Functions for orchestration, SQS for asynchronous processing, or direct Lambda invocation bypassing API Gateway. Understanding timeout constraints ensures reliable API design meeting user expectations while respecting platform limitations.

Question 57: 

Which DynamoDB feature provides point-in-time recovery?

A) Snapshots

B) Continuous backups

C) Streams

D) Global Tables

Correct Answer: B

Explanation:

DynamoDB continuous backups with point-in-time recovery (PITR) enable restoring tables to any point within the last 35 days, protecting against accidental deletions, application errors, or data corruption. When enabled, DynamoDB continuously backs up table data, allowing restoration to any second within the retention window. This feature provides essential data protection for production applications.

Point-in-time recovery operates independently of on-demand backups, which create manual snapshots at specific times. Continuous backups run automatically in the background without performance impact, incrementally capturing changes. Restoration creates new tables from backup data at specified timestamps, preserving original tables for verification before deletion. This non-destructive restoration enables confident recovery from mistakes.

Enabling PITR involves single-click activation through the console, CLI, or API without downtime or performance degradation. Once enabled, the 35-day backup window gradually builds, eventually providing full retention coverage. Restoring tables requires specifying the target timestamp and new table name. Restored tables inherit original table configuration including indexes, encryption settings, and provisioned capacity settings.

DynamoDB doesn’t use traditional snapshots terminology, though on-demand backups serve similar purposes for manual point-in-time captures. Streams capture item-level changes for event processing, not backup. Global Tables provide multi-region replication for availability and latency, not backup or recovery. Continuous backups specifically address data recovery scenarios.

PITR incurs additional costs based on table size, but the protection value typically outweighs costs for production data. Combining PITR with on-demand backups provides comprehensive data protection: continuous backups for recent recovery needs and on-demand backups for long-term retention beyond 35 days. Testing restoration procedures periodically verifies backup functionality and familiarizes teams with recovery processes. Understanding backup and recovery options ensures appropriate data protection strategies meeting business requirements for data durability and availability.

Question 58: 

What is the purpose of Lambda layers versioning?

A) Delete old versions

B) Maintain immutable layer versions

C) Increase storage

D) Enable debugging

Correct Answer: B

Explanation:

Lambda layer versioning creates immutable versions of layers similar to function versioning, ensuring functions referencing specific layer versions always receive identical dependencies. Each layer version receives a unique ARN that functions reference in their configuration. Once created, layer versions cannot be modified, providing stability and preventing unexpected behavior from layer changes affecting deployed functions.

Versioning enables safe layer updates without disrupting existing functions. When updating shared libraries or dependencies, create new layer versions rather than modifying existing ones. Functions explicitly update layer version references when ready, allowing gradual rollouts and testing before production deployment. This controlled update process prevents breaking changes from propagating unintentionally across multiple functions.

Layer version immutability supports compliance and audit requirements, ensuring deployed functions use verified, approved dependencies. Version numbers increment sequentially (1, 2, 3, etc.), providing clear tracking of layer evolution. Maintaining multiple layer versions simultaneously allows different functions to use different versions, supporting gradual migrations or maintaining compatibility with legacy functions.

Versioning doesn’t delete old versions automatically; layer versions persist until explicitly deleted. It doesn’t increase storage limits or enable debugging directly. Versioning specifically provides immutability and change control for layer deployments, paralleling function version benefits for comprehensive deployment management.

Best practices include semantic versioning conventions in layer naming or descriptions, documenting changes between versions, testing new versions thoroughly before production use, and cleaning up unused old versions periodically to manage costs. Monitoring which functions use which layer versions helps coordinate updates and identify dependencies. CloudFormation or SAM templates manage layer versions declaratively, ensuring consistent deployments across environments. Proper layer versioning combined with function versioning creates robust, manageable serverless applications with clear dependency tracking and safe update mechanisms.

Question 59: 

Which service provides managed Kubernetes on AWS?

A) Amazon ECS

B) Amazon EKS

C) AWS Fargate

D) AWS Batch

Correct Answer: B

Explanation:

Amazon Elastic Kubernetes Service (EKS) is AWS’s managed Kubernetes service, running certified Kubernetes clusters without needing to install, operate, or maintain your own Kubernetes control plane. EKS automatically manages control plane availability and scalability across multiple availability zones, handles version upgrades, patches security vulnerabilities, and integrates deeply with AWS services.

EKS eliminates operational overhead of running Kubernetes, allowing teams to focus on deploying applications rather than managing cluster infrastructure. The service provides highly available control planes with automatic version upgrades and patching. EKS supports standard Kubernetes APIs and tools, ensuring compatibility with existing Kubernetes workloads and enabling portability between EKS and other Kubernetes environments.

Worker nodes can run on EC2 instances for full control over instance types and configurations, or on Fargate for serverless compute eliminating node management entirely. This flexibility enables choosing appropriate compute for different workload requirements. EKS integrates with AWS services including IAM for authentication, VPC for networking, ELB for load balancing, and CloudWatch for monitoring.

Amazon ECS is AWS’s native container orchestration service but doesn’t run Kubernetes. AWS Fargate provides serverless compute for containers, working with both ECS and EKS but isn’t a managed Kubernetes service itself. AWS Batch runs batch computing jobs but isn’t Kubernetes-based. EKS specifically provides managed Kubernetes clusters.

EKS supports Kubernetes add-ons, custom configurations, and standard Kubernetes features including namespaces, pod security, service meshes, and operators. The service enables hybrid deployments through EKS Anywhere and EKS Distro, running Kubernetes on-premises with similar management experiences. Understanding EKS capabilities helps teams adopt containerized applications on AWS while leveraging Kubernetes ecosystem tools and practices. EKS pricing includes control plane costs plus EC2 or Fargate compute costs for worker nodes.

Question 60: 

What is the purpose of SQS visibility timeout?

A) Delete messages

B) Prevent duplicate processing

C) Encrypt messages

D) Order messages

Correct Answer: B

Explanation:

SQS visibility timeout prevents multiple consumers from processing the same message simultaneously by temporarily hiding messages after a consumer receives them. When a consumer retrieves messages from a queue, SQS makes those messages invisible to other consumers for the visibility timeout duration. During this window, the consumer processes the message and deletes it from the queue, or the timeout expires and the message becomes visible again for reprocessing.

The visibility timeout mechanism enables reliable message processing in distributed systems where multiple consumers read from the same queue. Without visibility timeout, multiple consumers might retrieve and process identical messages concurrently, causing duplicate processing. The timeout ensures each message is processed by one consumer at a time, though the same message may be processed multiple times if timeout expires before successful completion.

Default visibility timeout is 30 seconds, configurable from 0 seconds to 12 hours at queue level or per-message when receiving. Setting appropriate timeouts requires estimating processing time: too short causes premature message re-visibility and duplicate processing, too long delays reprocessing after consumer failures. Applications can extend visibility timeout during processing using ChangeMessageVisibility API for long-running operations.

Visibility timeout doesn’t delete messages automatically; consumers must explicitly delete messages after successful processing. It doesn’t encrypt messages; SQS encryption uses separate KMS integration. It doesn’t order messages; FIFO queues provide ordering. Visibility timeout specifically addresses preventing concurrent duplicate processing.

Monitoring VisibilityTimeout metrics and adjusting based on actual processing times optimizes queue behavior. Applications should delete messages promptly after successful processing to prevent reprocessing. Handling duplicate messages gracefully through idempotent operations ensures reliability since SQS provides at-least-once delivery. Dead-letter queues capture repeatedly failed messages, preventing infinite reprocessing loops. Understanding visibility timeout mechanics enables building reliable, distributed message processing systems leveraging SQS effectively.