AWS DVA-C02 Sample Questions & Practice Test

DVA-C02 is AWS’s Developer Associate certification for candidates who need strong application-building judgment across AWS services, security, deployment, and troubleshooting.

Full app-backed IT Mastery practice for DVA-C02 is still being prioritized. You can review the exam snapshot, topic coverage, and related live AWS practice options.

Who DVA-C02 is for

• developers building on AWS with Lambda, API Gateway, containers, storage, queues, events, and CI/CD
• candidates who already know core AWS services but need sharper implementation and application-security judgment
• teams choosing between developer, architecture, and operations paths and needing a page centered on build-and-deploy scenarios

DVA-C02 exam snapshot

• Vendor: AWS
• Official exam name: AWS Certified Developer - Associate (DVA-C02)
• Exam code: DVA-C02
• Items: 65 total
• Exam time: 130 minutes
• Question types: multiple-choice and multiple-response
• Passing score: 720 scaled

DVA-C02 questions usually reward the option that is secure by default, operationally sensible, and aligned to AWS-native developer patterns instead of a generic code-centric shortcut.

Topic coverage for DVA-C02 practice

What DVA-C02 questions usually test

• choosing the best runtime or integration path for an event-driven or API-backed workload
• applying IAM roles, temporary credentials, encryption, and secrets handling without over-permissioning
• selecting the AWS-native deployment and rollback pattern that keeps delivery safer and simpler
• troubleshooting from the first useful signal: logs, metrics, tracing, retries, permissions, or service limits

Sample Exam Questions

Try these 12 original sample questions for AWS DVA-C02. They are designed for self-assessment and are not official exam questions.

Question 1

What this tests: Lambda event handling and retry behavior

A developer is building an image-processing workflow. Objects uploaded to an S3 bucket should trigger processing, but occasional downstream failures should not lose events. Which design is the best fit?

• A. Configure the application to poll S3 every minute and write failures to local disk
• B. Use S3 event notifications directly to Lambda and disable retries to prevent duplicate processing
• C. Send S3 events to Amazon SQS and configure Lambda to poll the queue with a dead-letter queue
• D. Use an Amazon EC2 cron job to list new objects and process them synchronously

Best answer: C

Explanation: SQS between S3 and Lambda gives the workflow buffering, retry control, visibility timeout handling, and a dead-letter path for failed messages. Direct S3-to-Lambda can work for simpler flows, but SQS is stronger when durability and failure isolation matter. Polling S3 or using local disk creates avoidable operational risk.

Question 2

What this tests: IAM role design for application credentials

An application running on Amazon ECS needs to read one DynamoDB table and write logs to CloudWatch Logs. What is the most secure credential approach?

• A. Attach a task role with only the required DynamoDB and CloudWatch Logs permissions
• B. Store an IAM user’s access key in an encrypted environment variable
• C. Add AdministratorAccess to the container instance profile
• D. Put temporary credentials in the container image during the build

Best answer: A

Explanation: DVA-C02 expects role-based, least-privilege credential handling. An ECS task role provides temporary credentials scoped to the application task. Long-lived IAM user keys, broad instance-profile permissions, or baked credentials all increase exposure and are harder to rotate safely.

Question 3

What this tests: API Gateway authorization choice

A public mobile app calls an Amazon API Gateway REST API backed by Lambda. Users sign in through Amazon Cognito user pools, and each API request must verify the user’s identity. Which option is most appropriate?

• A. Use an API key as the only control for each user request
• B. Use a Lambda function URL without authorization because Cognito already handled sign-in
• C. Place the API behind a private VPC endpoint only
• D. Configure a Cognito authorizer on API Gateway

Best answer: D

Explanation: A Cognito authorizer lets API Gateway validate user pool tokens before invoking the backend. API keys are for usage identification and throttling, not user authentication. Private endpoints are not appropriate for a public mobile API, and relying only on client-side sign-in leaves the API without request-level authorization enforcement.

Question 4

What this tests: Secrets Manager versus hard-coded configuration

A Lambda function needs database credentials that rotate regularly. Which implementation best follows AWS developer security guidance?

• A. Put the password in the Lambda deployment package and redeploy after rotation
• B. Store the credential in AWS Secrets Manager and retrieve it at runtime with a least-privilege execution role
• C. Store the credential in plain text in an environment variable because Lambda encrypts the function code
• D. Give the function full access to all secrets so future databases do not require IAM changes

Best answer: B

Explanation: Secrets Manager is designed for managed secret storage and rotation. The Lambda execution role should have permission only to the required secret. Hard-coding or broadly granting secret access undermines rotation and least privilege.

Question 5

What this tests: DynamoDB conditional writes

An order service must prevent two concurrent requests from reserving the same limited inventory item. Which DynamoDB feature should the developer use?

• A. Eventually consistent reads before every write
• B. A global secondary index on the inventory status attribute
• C. A conditional write that checks the current available quantity
• D. A scan operation followed by an update

Best answer: C

Explanation: Conditional writes let DynamoDB update an item only when a required condition is true, such as available quantity being greater than zero. This avoids race conditions in concurrent requests. Indexes help query patterns, not concurrency control, and read-then-write patterns can still race without a condition.

Question 6

What this tests: Deployment rollback strategy

A team deploys a new Lambda version behind an alias and wants to shift traffic gradually while monitoring errors. Which service feature best supports this?

• A. AWS CloudFormation drift detection
• B. Amazon EventBridge scheduler
• C. Lambda reserved concurrency only
• D. AWS CodeDeploy traffic shifting for Lambda aliases

Best answer: D

Explanation: CodeDeploy can shift traffic between Lambda versions through aliases using linear or canary deployments and can roll back when alarms fail. Reserved concurrency controls capacity, not release progression. Drift detection and scheduled events do not provide progressive deployment control.

Question 7

What this tests: Observability and distributed tracing

A serverless API has intermittent latency. CloudWatch metrics show increased duration, but the team needs to see which downstream calls are slow across request paths. What should the developer enable?

• A. AWS X-Ray tracing for the API and Lambda functions
• B. S3 server access logging on the deployment bucket
• C. IAM Access Analyzer for the Lambda role
• D. SQS long polling on all queues

Best answer: A

Explanation: X-Ray helps trace requests across supported services and identify slow downstream segments. CloudWatch metrics are useful but may not show where latency occurs inside a distributed path. Access logs, IAM analysis, and SQS polling do not answer this tracing question.

Question 8

What this tests: SQS visibility timeout and duplicate processing

A Lambda function processes messages from SQS. Some messages are processed twice when work takes longer than expected. What is the most likely fix?

• A. Reduce the queue retention period to delete messages sooner
• B. Set the SQS visibility timeout longer than the maximum expected processing time
• C. Disable Lambda error handling for the event source mapping
• D. Increase the message size limit

Best answer: B

Explanation: If processing exceeds the visibility timeout, the message can become visible again and be picked up a second time. The visibility timeout should cover expected processing time, with idempotent logic still used as a defensive design. Retention, message size, and disabled error handling do not solve the core timing issue.

Question 9

What this tests: S3 presigned URL use case

A web application lets authenticated users upload large files directly to S3 without sending the file through the application server. Which approach is most appropriate?

• A. Make the bucket public and rely on obscure object names
• B. Embed permanent IAM access keys in the browser app
• C. Route every upload through the backend API to preserve security
• D. Generate short-lived presigned upload URLs from the backend

Best answer: D

Explanation: Presigned URLs let the backend authorize a specific, time-limited S3 operation while keeping AWS credentials off the client. Public buckets and embedded keys are insecure. Proxying every large upload through the backend may work but is less efficient and not necessary for this pattern.

Question 10

What this tests: EventBridge routing

Several microservices publish business events, and only selected consumers should receive events matching specific attributes. Which AWS service is the best fit for routing these events?

• A. Amazon EFS
• B. AWS Systems Manager Parameter Store
• C. Amazon EventBridge with event rules
• D. Amazon CloudFront signed cookies

Best answer: C

Explanation: EventBridge is designed for event bus routing based on event patterns. Consumers can subscribe to the events they need without tight coupling to producers. EFS, Parameter Store, and CloudFront cookies serve unrelated purposes.

Question 11

What this tests: Parameter Store and configuration management

A developer needs to store non-secret configuration values that vary by environment, such as feature flags and endpoint names. The values should be read by Lambda at runtime. Which option is usually the cleanest fit?

• A. AWS Systems Manager Parameter Store
• B. Hard-coded constants in the source repository
• C. A manually updated spreadsheet attached to the deployment ticket
• D. A public S3 object with no access controls

Best answer: A

Explanation: Parameter Store is a good fit for centrally managed application configuration, especially when values differ by environment. Hard-coded values make deployments brittle, while spreadsheets and public objects are not controlled runtime configuration mechanisms.

Question 12

What this tests: Idempotency in event-driven applications

A payment-processing Lambda function may receive the same event more than once because of retry behavior. What should the developer do?

• A. Disable all retries so duplicate events cannot occur
• B. Design the function to be idempotent using a transaction or processed-event record
• C. Assume Lambda guarantees exactly-once processing for all integrations
• D. Move the function into a public subnet

Best answer: B

Explanation: Event-driven AWS services commonly provide at-least-once delivery, so applications should tolerate duplicate events. Idempotency can be implemented with a unique request key, conditional writes, or a processed-event record. Disabling retries can lose work, and networking changes do not address duplicate processing.

DVA-C02 application build map

    flowchart LR
	    A["Application requirement"] --> B["Service integration"]
	    B --> C["Identity and permissions"]
	    C --> D["Error handling and scaling"]
	    D --> E["Observability"]
	    E --> F["Deployment and release"]

Use this map when a Developer Associate question describes an application workflow. Strong answers choose the service integration pattern, permission model, retry behavior, and observability path that fit the application requirement.

Quick Cheat Sheet

Mini Glossary

• Idempotency: Ability to safely process the same request more than once without duplicate side effects.
• Dead-letter queue: Queue used to capture messages that cannot be processed successfully.
• Execution role: IAM role assumed by a service such as Lambda to access AWS resources.
• Alias: A stable pointer to a Lambda function version, often used for staged traffic shifting.
• Correlation ID: Identifier passed through a workflow to connect logs and traces across services.

Open AWS DVA-C02 in IT Mastery

Use this page to review sample questions, request an update for this route, and compare related IT Mastery pages.

How to prepare while the full app-backed route is being prioritized

1. Start with development and security domains first, because most DVA-C02 mistakes come from choosing the wrong service boundary or applying permissions too broadly.
2. Build short notes around common developer trade-offs: Lambda vs containers, queue vs stream, sync vs async, and direct credentials vs role-based access.
3. Use the live AWS pages below to reinforce service behavior and troubleshooting judgment while full DVA-C02 practice is being prioritized.
4. Use the update form near the top of this page if DVA-C02 is your actual target so we know this route matters to you.

Practice status

• Current status: Sample preview
• Full IT Mastery practice for this assessment: still being prioritized
• Best use right now: use this page to confirm the AWS developer route, then practise with the live AWS pages below while the full app-backed route is being prioritized
• Update path: use the update form near the top of this page if DVA-C02 is your actual target exam

Use these live AWS pages now

• CLF-C02 for current cloud-fundamentals and question-style practice
• SAA-C03 for architecture and service-selection scenarios
• SOA-C03 for monitoring, remediation, and operations workflows
• DEA-C01 for event, pipeline, and managed-service decision practice

Official sources

• AWS DVA-C02 exam guide

Need deeper concept review first?

If you want concept-first reading before heavier simulator work, use the companion guide at TechExamLexicon.com .