Developer Associate · 18% of the exam

Troubleshooting and Optimization: free practice questions

5 sample questions from our 45-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real AWS exam.

1. A developer is optimizing a high-traffic REST API. The API calls a Lambda function that queries DynamoDB. CloudWatch metrics show that DynamoDB read capacity is under-utilized, but Lambda Duration averages 900 ms. X-Ray traces show 850 ms is spent waiting for Lambda to initialize a new SDK client and establish a TLS connection to DynamoDB on each invocation. The function is receiving consistent traffic with no cold starts. What is the MOST likely cause and fix?

  • A. The Lambda function is running out of memory, causing garbage collection pauses. Increase the memory allocation to 1,024 MB.
  • B. The DynamoDB client is being instantiated inside the Lambda handler function on every invocation. Move the client initialization to the module/global scope outside the handler.✓ Correct
  • C. The Lambda function's execution role lacks the dynamodb:GetItem permission, causing silent retries that add latency. Add the correct IAM permission.
  • D. API Gateway response caching is disabled. Enable API Gateway caching to reduce the number of Lambda invocations.
Explanation

Correct: When an SDK client is instantiated inside the handler, it is recreated on every invocation, including DNS resolution and TLS handshake setup, adding hundreds of milliseconds of overhead. Moving the DynamoDB client initialization to the global scope (outside the handler) means it is created once per execution environment and reused across all warm invocations, eliminating the per-invocation initialization cost. Wrong — Option A: Memory pressure and GC pauses would typically manifest as spiky duration increases correlated with memory usage metrics. The trace explicitly shows the time is spent on SDK client initialization and TLS, not computation. Wrong — Option C: Insufficient IAM permissions would cause AccessDeniedException errors, not silent latency. CloudWatch would show Lambda errors, not merely high duration. Wrong — Option D: API Gateway caching would reduce the total number of Lambda invocations, but when Lambda is invoked, the 850 ms initialization overhead inside the function would remain unchanged. Caching doesn't fix per-invocation inefficiency.

2. A developer is implementing a caching strategy for a read-heavy API that serves product catalog data. The data changes infrequently (updated once every 4 hours). The developer wants to reduce DynamoDB read costs and improve API response times. They are considering enabling API Gateway caching on the stage. Which THREE statements about API Gateway caching are accurate and relevant to this decision? (Select THREE)

  • A. API Gateway cache entries are invalidated automatically when the underlying DynamoDB item is updated.
  • B. API Gateway caching stores responses at the stage level and can significantly reduce the number of requests forwarded to the backend Lambda or DynamoDB.✓ Correct
  • C. The cache TTL can be configured between 0 and 3,600 seconds (1 hour), allowing the developer to set a 3,600-second TTL to closely approximate the 4-hour update cycle.
  • D. Clients can be granted permission to invalidate a specific cache entry by sending a request with the `Cache-Control: max-age=0` header, provided the `Require authorization` setting is configured.✓ Correct
  • E. API Gateway caching incurs an additional hourly charge based on the cache size selected, regardless of the number of cache hits.✓ Correct
  • F. Enabling API Gateway caching automatically disables AWS WAF rules on the stage to avoid double-inspection of cached responses.
Explanation

Correct — Option B: API Gateway stage-level caching stores backend responses keyed by request parameters. Cache hits are served directly by API Gateway without invoking Lambda or querying DynamoDB, directly reducing read costs and improving latency. Correct — Option D: API Gateway supports client-driven cache invalidation via the `Cache-Control: max-age=0` header. However, to prevent unauthorized cache invalidation (which could force expensive cache misses), AWS recommends enabling the 'Require authorization' setting on the cache invalidation policy so only authorized callers can flush entries. Correct — Option E: API Gateway caching is a dedicated cache infrastructure that charges an hourly rate based on the chosen cache capacity (0.5 GB to 237 GB), billed regardless of utilization. This is an important cost consideration. Wrong — Option A: API Gateway cache does NOT integrate with DynamoDB change events. The cache is time-based (TTL); it has no mechanism to detect when a DynamoDB item changes. Cache entries expire after the configured TTL. Wrong — Option C: The maximum TTL for API Gateway caching is 3,600 seconds (1 hour), not 4 hours. A 3,600-second TTL approximates the update cycle only partially — the catalog could be stale for up to 1 hour after an update, not 4 hours. The statement is misleading because the developer cannot set a 4-hour TTL. Wrong — Option F: API Gateway caching and AWS WAF operate independently. WAF evaluates requests before caching serves them; WAF rules are not disabled when caching is enabled.

3. A developer is configuring an Amazon SQS queue to serve as a Dead-Letter Queue (DLQ) for another SQS queue. After setting up the redrive policy, messages that fail processing are not appearing in the DLQ. Which condition is MOST likely causing this?

  • A. The DLQ is in a different AWS account than the source queue.
  • B. The `maxReceiveCount` in the redrive policy is set to 1, which means messages are moved to the DLQ after the first failed delivery attempt.
  • C. The DLQ has server-side encryption (SSE) enabled with a customer-managed KMS key, and the source queue's execution role lacks `kms:GenerateDataKey` permission.✓ Correct
  • D. The DLQ's message retention period is shorter than the source queue's message retention period, causing messages to expire before they can be inspected.
Explanation

Correct: When a DLQ uses SSE with a customer-managed KMS key, SQS must encrypt messages before writing them to the DLQ. If the source queue (or the SQS service principal acting on its behalf) does not have the `kms:GenerateDataKey` and `kms:Decrypt` permissions on the KMS key, SQS will fail to write messages to the DLQ silently, and messages may be deleted instead of forwarded. This is a common, subtle misconfiguration. Wrong — Option A: SQS does support cross-account DLQs when the DLQ resource policy grants the source account access. This alone does not prevent DLQ routing; it would just require additional resource policy setup, and the question implies the redrive policy itself is configured. Wrong — Option B: A `maxReceiveCount` of 1 means messages ARE moved to the DLQ after the very first failure — this would actually cause messages to flow to the DLQ faster, not prevent them from appearing there. This is a misconception about how `maxReceiveCount` works. Wrong — Option D: If the DLQ's retention period is shorter than the source queue's, messages that arrive in the DLQ may expire and be deleted — but they would briefly appear in the DLQ first. The question says messages are not appearing at all, which points to a write-time failure, not an expiration issue.

4. A REST API hosted on API Gateway is receiving approximately 5,000 requests per second during peak hours. Some enterprise customers report 429 Too Many Requests errors, while other customers are not affected. The API uses usage plans with API keys assigned per customer. A developer confirmed that the account-level throttle limit (10,000 RPS) has not been reached. What is the MOST likely cause of the 429 errors for specific customers?

  • A. The stage-level default throttling limit for the API is set below 5,000 RPS, throttling all customers proportionally.
  • B. The usage plan associated with the affected customers has a rate limit or burst limit that is lower than their actual request rate, causing per-customer throttling.✓ Correct
  • C. API Gateway is applying per-IP throttling to the enterprise customers' static IP addresses.
  • D. The Lambda integration behind API Gateway has hit its reserved concurrency limit, causing API Gateway to return 429 errors.
Explanation

API Gateway usage plans allow you to define rate limits (steady-state RPS) and burst limits per API key. If a customer's usage plan has a lower rate or burst limit than their actual traffic, API Gateway throttles only that customer with a 429 response while other customers on higher-limit plans are unaffected. This matches the scenario exactly — some customers are throttled, others are not. — Option A (stage-level throttle) would affect all customers uniformly, not selectively, and the scenario says only some customers are impacted. Option C (per-IP throttling) is not a native API Gateway feature; API Gateway throttling is based on API keys and stage settings, not IP addresses. Option D (Lambda reserved concurrency) would cause 502 or 429 errors from Lambda, but this would affect all customers proportionally based on traffic share, not specific enterprise customers.

5. A development team deploys a microservices application where Service A synchronously calls Service B, which calls Service C. Users report intermittent high latency. The X-Ray service map shows Service B has a high response time distribution, but the fault rate is 0%. Service C shows normal latency. What does this X-Ray data MOST likely indicate?

  • A. Service C is experiencing throttling errors that are being swallowed and not propagated as faults to Service B.
  • B. Service B itself is the source of the latency — the processing time within Service B's own code or resources (CPU, memory, database queries internal to B) is high, not the downstream call to Service C.✓ Correct
  • C. The X-Ray sampling rate is too low, causing the service map to undercount faults on Service C and overcount latency on Service B.
  • D. Service A is retrying failed requests to Service B multiple times, and X-Ray is aggregating the retry durations into Service B's response time.
Explanation

Correct: The X-Ray service map shows Service B with high latency but Service C with normal latency and 0% faults on Service B. This means Service B is not experiencing errors and is not being slowed by its downstream dependency (Service C). The bottleneck must therefore be within Service B itself — its own processing logic, memory contention, database queries internal to Service B, or CPU throttling. The developer should examine Service B's subsegments to pinpoint the internal bottleneck. Wrong — Option A: If Service C were throttling and Service B were swallowing those errors, Service C would likely show high latency or the traces would show retries adding to Service B's total time. Service C showing normal latency makes this explanation unlikely. Wrong — Option C: X-Ray sampling affects whether traces are recorded, not whether recorded traces correctly reflect latency vs. faults. Low sampling wouldn't cause latency to appear on B while faults disappear from C in the traces that are captured. Wrong — Option D: If Service A were retrying calls to Service B, X-Ray would typically show multiple trace segments or increased request counts to Service B. Also, retries on Service A's side would appear as multiple calls in Service A's trace, not inflate a single Service B segment's latency.

40 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free