Developer Associate · 24% of the exam

Deployment: free practice questions

5 sample questions from our 60-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real AWS exam.

1. A developer is working with AWS CloudFormation and needs to update a stack. Before applying the update, they create a change set to preview the changes. The change set shows that an RDS DB instance will be replaced (Action: Replace, Replacement: True). The developer is concerned about data loss. What does 'Replacement: True' indicate in a CloudFormation change set, and what should the developer do to prevent data loss?

  • A. It means CloudFormation will modify the DB instance in place; no data loss will occur. The developer should proceed.
  • B. It means CloudFormation will delete the existing DB instance and create a new one. The developer should take a manual snapshot before applying the change set.✓ Correct
  • C. It means CloudFormation detected a drift and will reconcile the resource. Data is preserved during reconciliation.
  • D. It means CloudFormation will create a new DB instance first and then delete the old one, similar to a blue/green deployment, preserving data.
  • E. It means the RDS DB instance has a pending modification that requires a maintenance window. The developer should schedule the change set execution during a maintenance window.
Explanation

In a CloudFormation change set, 'Replacement: True' means that the resource will be deleted and a new resource will be created in its place. For a stateful resource like an RDS DB instance, this means the existing database instance will be deleted (along with all its data unless a final snapshot is taken or deletion protection is enabled). The developer must take a manual DB snapshot before executing the change set to preserve data. They should also consider setting `DeletionPolicy: Snapshot` on the DB instance resource in the template to ensure CloudFormation takes a snapshot before deletion. — Option A is incorrect because 'Replacement: True' explicitly means the resource will be replaced (deleted and recreated), not modified in place. Option C is incorrect because replacement is triggered by a template change that requires a new physical resource, not by drift detection; drift reconciliation is a separate concept. Option D is incorrect because CloudFormation does not perform a zero-downtime blue/green-style replacement for RDS instances; the old instance is deleted, resulting in data loss if not backed up. Option E is incorrect because 'Replacement: True' in a change set indicates resource replacement, not a pending modification requiring a maintenance window.

2. A developer is creating an AWS CloudFormation template to provision a DynamoDB table. The table name must be unique per environment (dev, staging, prod) and the developer wants to avoid hardcoding names. The developer also wants CloudFormation to prevent accidental deletion of the production stack. Which TWO features should the developer use to achieve both goals?

  • A. CloudFormation Parameters to accept the environment name and construct the table name dynamically using the `!Sub` intrinsic function.✓ Correct
  • B. CloudFormation Mappings with a hardcoded lookup table that maps environment codes to table names.
  • C. A CloudFormation Stack Policy that explicitly denies the `Update:Delete` action on the DynamoDB table resource for production.
  • D. The `DeletionPolicy: Retain` attribute on the DynamoDB table resource combined with a stack termination protection setting on the production stack.✓ Correct
  • E. CloudFormation Outputs that export the table name so other stacks cannot delete it while the export is in use.
Explanation

Option A (Parameters + !Sub) is correct: using a Parameter for the environment name and `!Sub '${EnvironmentName}-orders-table'` dynamically generates unique, environment-specific names without hardcoding. Option D is correct: `DeletionPolicy: Retain` ensures the DynamoDB table is not deleted even if the stack is deleted, and enabling termination protection on the stack prevents accidental `delete-stack` calls on production. Option B (Mappings) could generate unique names but requires hardcoding all environment names in the template, which is less flexible and still requires template edits for new environments. Option C (Stack Policy) can restrict updates but does not prevent stack deletion as a whole — an administrator can still override a stack policy. Option E (Outputs/exports) creates a soft dependency between stacks (cross-stack references prevent export deletion) but does not directly protect against stack deletion in all scenarios and is not a deletion protection mechanism.

3. A developer is deploying an AWS SAM application that includes an Amazon SQS queue triggering a Lambda function. The developer wants to test the SQS-to-Lambda integration locally before deploying to AWS. Which command and approach is MOST appropriate for this local testing scenario?

  • A. Run `sam local invoke` with a synthetic SQS event JSON file using the `--event` flag to simulate the SQS trigger locally.✓ Correct
  • B. Run `sam local start-lambda` to expose a local Lambda endpoint, then configure the actual AWS SQS queue to invoke the local endpoint.
  • C. Run `sam local start-api` which automatically simulates all event sources defined in the SAM template, including SQS triggers.
  • D. Deploy the stack to a dev environment first using `sam deploy --guided`, then use `sam logs --tail` to test the integration live.
Explanation

`sam local invoke` with a synthetically crafted SQS event JSON file is the correct and standard way to test SQS-triggered Lambda functions locally. You model the SQS Records payload structure and pass it with `--event events/sqs-event.json`. AWS SAM CLI documentation explicitly provides example SQS event payloads for this purpose. Option B is incorrect because actual AWS SQS cannot route messages to a local machine endpoint — SQS pulls Lambda on the AWS side and cannot reach `localhost`. Option C is incorrect; `sam local start-api` only simulates API Gateway HTTP triggers. It does not start or simulate SQS, SNS, DynamoDB Streams, or other event sources. Option D is not local testing — it deploys to AWS and uses CloudWatch Logs, which defeats the purpose of local testing.

4. A developer is writing a `buildspec.yml` for an AWS CodeBuild project. The project must run unit tests, generate a test report, and then produce a deployment artifact. The developer wants CodeBuild to publish a JUnit-format test report so results are visible in the CodeBuild console. Which `buildspec.yml` section and configuration is required to enable test reporting?

  • A. Add a `reports` section at the top level of the buildspec, specifying a report group name, the `file-format` as `JUNITXML`, and the path to the test result XML files.✓ Correct
  • B. Add the path to the test result XML files under the `artifacts` section with `type: JUNITXML` so CodeBuild automatically parses and displays them.
  • C. Configure a `post_build` phase command that calls `aws codebuild put-report-data` with the path to the XML report file.
  • D. Upload the test result XML to an S3 bucket and configure a CodeBuild notification rule to parse test reports from S3.
Explanation

CodeBuild natively supports test reporting through a dedicated top-level `reports` section in the buildspec. You define a report group, set `file-format` to `JUNITXML` (or `CUCUMBERJSON`, etc.), and provide the file glob path. CodeBuild then parses results and displays them in the console. Option B is incorrect — the `artifacts` section packages files for downstream stages; it has no `type: JUNITXML` attribute and does not trigger test report parsing. Option C is incorrect because there is no `aws codebuild put-report-data` CLI command; reports are generated automatically by the `reports` section, not by a CLI call. Option D is incorrect; CodeBuild test reporting does not work by polling S3, and notification rules are for event-driven alerts, not report parsing.

5. A developer is building a CloudFormation template that provisions a VPC, several subnets, and an ECS cluster, each defined as separate CloudFormation stacks managed by different teams. The developer needs the ECS cluster stack to reference the VPC ID output from the VPC stack without merging them into a single monolithic template. Which CloudFormation feature enables this cross-stack referencing?

  • A. CloudFormation nested stacks using the `AWS::CloudFormation::Stack` resource type to embed the VPC stack inside the ECS stack.
  • B. CloudFormation Exports: declare an `Export` in the VPC stack's Outputs section and use `Fn::ImportValue` in the ECS cluster stack.✓ Correct
  • C. Use the `Fn::Sub` intrinsic function with the stack name to dynamically construct the VPC ARN in the ECS stack.
  • D. Configure CloudFormation StackSets to deploy both stacks simultaneously and share outputs automatically.
Explanation

Option B is correct. CloudFormation stack outputs can be exported with a unique name using the `Export` property. Any other stack in the same account and region can then reference that value using `Fn::ImportValue`. This is the canonical mechanism for cross-stack referencing between independently managed stacks. Option A describes nested stacks, which are a valid pattern for code reuse, but they require the parent stack to manage the child stack's lifecycle — they don't support truly independent teams managing separate stacks. Option C is incorrect; `Fn::Sub` performs string substitution and cannot query another stack's outputs at all. Option D is incorrect; StackSets are designed for multi-account/multi-region deployments and do not provide automatic output sharing between stacks.

55 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free