Free Amazon DVA-C02 Exam Actual Questions & Explanations

Last updated on: Jul 18, 2026
Author: Matthew Edwards (AWS Certification Curriculum Specialist)

The AWS Certified Developer - Associate (DVA-C02) exam validates your ability to develop, deploy, and debug cloud applications on the Amazon Web Services platform. This certification is ideal for developers with hands-on experience building AWS-based solutions who want to demonstrate their technical competency. This guide maps the exam syllabus, explains question formats, and outlines a focused preparation strategy to help you pass with confidence.

DVA-C02 Exam Syllabus & Core Topics

Use this topic map to guide your study for Amazon DVA-C02 (AWS Certified Developer - Associate) within the Amazon Associate, AWS Certified Developer Associate path.

  • Development with AWS Services: Write, deploy, and manage code that integrates with AWS services such as Lambda, API Gateway, DynamoDB, and S3. You must understand how to select the right service for a use case and configure it for your application's requirements.
  • Security: Implement authentication, authorization, encryption, and secure credential management across your applications. This includes working with IAM policies, KMS, Secrets Manager, and applying the principle of least privilege in your code and infrastructure.
  • Deployment: Automate application releases using AWS services like CodePipeline, CodeBuild, CodeDeploy, and CloudFormation. You must understand deployment strategies, environment configuration, and how to troubleshoot deployment failures.
  • Troubleshooting and Optimization: Diagnose performance bottlenecks, interpret CloudWatch logs and metrics, and optimize application cost and latency. This includes analyzing error patterns, adjusting resource allocation, and implementing caching and monitoring solutions.

Question Formats & What They Test

The DVA-C02 exam uses multiple-choice and scenario-based questions to assess both theoretical knowledge and practical decision-making in real-world development contexts.

  • Multiple-choice items: Test core AWS service features, API behavior, configuration options, and key terminology relevant to application development.
  • Scenario-based items: Present realistic project situations where you must evaluate trade-offs, select the best service or approach, and justify your reasoning based on requirements like cost, security, and performance.
  • Configuration and troubleshooting tasks: Require you to identify misconfigurations, interpret error messages, and recommend fixes based on application logs and metrics.

Questions progress in difficulty and emphasize practical application over memorization, reflecting challenges you will encounter in production environments.

Preparation Guidance

An effective study plan breaks the four core domains into weekly milestones, combines hands-on labs with practice questions, and includes mock exams to build confidence and pacing. Allocate more time to domains where you have less professional experience.

  • Map Development with AWS Services, Security, Deployment, and Troubleshooting and Optimization to weekly study goals and track your progress against each domain.
  • Work through practice question sets; review explanations for both correct and incorrect answers to identify knowledge gaps and reinforce concepts.
  • Build practical labs in your AWS account: deploy a Lambda function with API Gateway, configure IAM policies, set up a CI/CD pipeline, and analyze CloudWatch logs to understand how concepts connect in workflows.
  • Complete a timed, full-length practice test under exam conditions to assess readiness, identify weak areas, and refine your pacing strategy.

Explore other Amazon certifications: view all Amazon exams.

Get the PDF & Practice Test

Strengthen your preparation with up-to-date resources from validexamdumps.com. These materials align to DVA-C02 and cover practical scenarios with clear explanations.

  • Q&A PDF with explanations: Topic-mapped questions that clarify why correct options are right and others aren't.
  • Practice Test: Realistic items, timed and untimed modes, progress tracking, and detailed review of your answers.
  • Focused coverage: Aligned to Development with AWS Services, Security, Deployment, and Troubleshooting and Optimization so you study what matters most.
  • Regular updates: Content refreshes that reflect syllabus and AWS service changes.

Visit the exam page to download the PDF, Online Practice Test, or get a Bundle Discount offer for both formats: AWS Certified Developer - Associate.

Frequently Asked Questions

Which topics carry the most weight on the DVA-C02 exam?

Development with AWS Services and Security typically account for a larger portion of the exam. However, all four domains are tested, and weak performance in any area can impact your score. Focus on understanding how services integrate and how to implement secure, production-ready code.

How do the four domains connect in a real development workflow?

In practice, you write code (Development with AWS Services) that follows security best practices (Security), automate its release (Deployment), and monitor it in production (Troubleshooting and Optimization). For example, a Lambda function must authenticate requests securely, be deployed via a pipeline, and have CloudWatch alarms configured to detect failures. Understanding these connections helps you answer scenario questions correctly.

How much hands-on AWS experience do I need before taking DVA-C02?

AWS recommends at least one year of hands-on experience developing applications on AWS. If you have less, prioritize building a simple project that covers all four domains: deploy a Lambda function, secure it with IAM and encryption, set up a CodePipeline for deployment, and configure CloudWatch monitoring. This practical work fills gaps that study materials alone cannot.

What are common mistakes that cost candidates points?

Misunderstanding IAM policy evaluation, confusing similar services (e.g., CodeDeploy vs. CodePipeline), overlooking encryption requirements, and misinterpreting CloudWatch metrics are frequent errors. Review AWS documentation on these topics, and pay close attention to scenario details like compliance requirements or cost constraints that hint at the correct answer.

What should my final week of preparation look like?

In your last week, take two full-length timed practice tests and review all incorrect answers thoroughly. Do not attempt to learn new topics; instead, reinforce weak areas and build confidence with familiar content. Get adequate sleep before the exam, and on exam day, read questions carefully and manage your time to avoid rushing through scenario-based items.

Question No. 1

A developer must securely access a secret during a build process in an AWS CodeBuild project that has an IAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file without appearing in the build logs. Which solution will meet these requirements with the LEAST operational overhead?

Show Answer Hide Answer
Correct Answer: A

The correct answer is A because AWS CodeBuild natively integrates with AWS Secrets Manager for securely injecting secrets into build environments. In the env section of buildspec.yml, CodeBuild supports a secrets-manager mapping that references a secret directly. This approach keeps the secret encrypted at rest in Secrets Manager, makes it available to the build only when needed, and minimizes custom retrieval logic and operational complexity.

This solution also aligns with the requirement that the secret must not appear in the build logs. AWS CodeBuild is designed to handle environment variables sourced from supported secret stores in a way that avoids exposing plaintext secret values during normal build output. By granting the minimum necessary IAM permissions to the CodeBuild service role, access to the secret is tightly controlled according to least-privilege principles.

Option B is not the best answer because storing secrets in S3 and downloading them during the build adds unnecessary operational overhead and increases the chance of accidental exposure. NoEcho is associated with CloudFormation parameters, not with securely masking S3-downloaded secrets in CodeBuild logs. Option C can also work because Parameter Store integrates with CodeBuild, but for secrets specifically, Secrets Manager is the more direct AWS-managed secret storage service and is generally preferred for this use case. Option D is less efficient because custom CLI retrieval in pre-build steps adds more code and more operational work than native integration.

Therefore, the solution with the least operational overhead and strong security is to use Secrets Manager with the buildspec.yml secrets-manager mapping, making A the correct answer.


Question No. 2

An ecommerce company uses a set of AWS Lambda functions to process orders. The Lambda functions send logs to an Amazon CloudWatch Logs log group. The company observes timeout issues for one recently deployed processing function. The company needs to debug and identify the root cause of the timeout issue. The Lambda function is already in production. The company wants to have a live feed of filtered logs that start with the word "ERROR" to identify the root cause of the issue. The company wants to review only relevant log lines in near real time. Which solution will meet these requirements?

Show Answer Hide Answer
Correct Answer: C

The correct answer is C because the requirement is for a live feed of log events in near real time, filtered to show only lines that begin with ''ERROR.'' The live tail feature for AWS Lambda and CloudWatch Logs is specifically intended for this kind of operational debugging. It allows developers to watch logs as they are generated and apply filtering so they can focus only on relevant messages during active troubleshooting.

This is particularly suitable because the function is already in production, and the company wants immediate visibility into timeout-related issues without waiting for a full batch of logs to accumulate. With live tail and a filter expression for ERROR, the developer can observe only the important log lines as new invocations happen, which speeds up root-cause analysis.

Option A is not the best answer because CloudWatch Logs Insights is powerful for querying logs, but it is primarily used for searching and analyzing logs after they have been collected, not as a continuous near-real-time live stream. Option B is incorrect because a subscription filter is used to forward logs to another destination such as Lambda, Kinesis, or Firehose; it is not the simplest way to give an operator a live interactive filtered view. A metric filter also creates metrics from log patterns but does not present the actual live log lines for review. Option D is incorrect because Amazon Athena is not used directly for querying CloudWatch Logs in real-time operational troubleshooting.

Therefore, the best solution is to use live tail with an ERROR filter to inspect relevant Lambda log events as they occur.


Question No. 3

A developer at a company needs to send email notifications to the company's application security team each time an object is deleted from an Amazon S3 bucket named amzn-s3-demo-bucket. The developer uses Amazon EventBridge and Amazon SNS to send the notifications. The developer creates the following EventBridge rule:

{ "source": ["aws.s3"], "detail-type": [{"suffix": "Deleted"}] }

The security team reports that it receives email notifications about objects being deleted from S3 buckets other than amzn-s3-demo-bucket. The security team also receives notifications when other S3 events happen across all buckets in the company's AWS account.

The developer needs to modify the EventBridge rule to ensure that the security team receives email notifications only when an object is deleted from the amzn-s3-demo-bucket S3 bucket.

Which solution will meet this requirement?

Show Answer Hide Answer
Correct Answer: C

The EventBridge rule is too broad because source: aws.s3 matches S3 events generally, and the current detail-type pattern is malformed. To receive only deletion events from the specific bucket, the rule should match the correct S3 EventBridge detail type, Object Deleted, and should scope the event to the bucket by using the bucket ARN in the resources field. The source remains aws.s3; it should not be changed to the bucket name or bucket-specific pseudo-source. Specifying SNS in the event pattern is also wrong because SNS is the target, not the event source. AWS S3 EventBridge documentation describes S3 object deletion events and using EventBridge rules for specific bucket notifications. (AWS Documentation)

===============


Question No. 4

A developer is building an event-driven application that uses AWS Lambda functions and an Amazon SQS queue to handle Amazon S3 events and to perform additional processing. A parsing Lambda function implements business logic to parse each S3 event. The parsing function sends events on to an SQS queue. A processing Lambda function retrieves messages from the SQS queue and processes them.

During an isolated test, the developer observes that both Lambda functions work as expected for mock test events. However, when the test presents production S3 events to the functions, the developer observes that the number of messages in the SQS queue increases. The developer does not find any Amazon CloudWatch logs for the processing Lambda function when the processing function is presented with production S3 events. The developer does find logs for test events.

The developer must resolve these issues and ensure that the Lambda functions process production S3 events correctly.

Which solution will meet these requirements?

Show Answer Hide Answer
Correct Answer: A

The symptoms point to a missing event source mapping between Amazon SQS and the processing Lambda function. The parsing function successfully sends messages to SQS (the queue depth increases), but the processing function is not running for production events---evidenced by no CloudWatch logs during those runs. If Lambda is not being invoked, it will not generate any logs. In an SQS-based architecture, Lambda does not ''pull'' messages from a queue unless the queue is configured as a Lambda trigger (an event source mapping). The event source mapping tells Lambda to poll the queue, batch messages, and invoke the function with those messages.

In isolated tests, the developer likely invoked the processing function manually with mock events (for example, via the Lambda console or sam local invoke), which would create logs. But in production, because the function is supposed to be driven by SQS, it must have an SQS trigger configured; otherwise, messages will accumulate indefinitely and the function will never execute.

Option C (grant permissions) is necessary in many cases, but it does not explain the absence of logs and growing queue depth by itself if the trigger is missing. With the standard SQSLambda integration, Lambda's service polls the queue using the function's execution role permissions (sqs:ReceiveMessage, sqs:DeleteMessage, sqs:GetQueueAttributes, etc.), but the polling does not occur without the event source mapping. Option D is not the root cause because the function isn't being invoked; and if it were invoked, AWS-managed logging typically works unless the execution role lacks logging permissions. Option B is incorrect because the parsing function is not supposed to be triggered by SQS; it produces messages to SQS.

Therefore, configuring the SQS queue as a trigger for the processing Lambda function (A) resolves the issue and ensures production S3 events flow through parsing to SQS and then into processing automatically.


Question No. 5

A banking company is building an application for users to create accounts, view balances, and review recent transactions. The company integrated an Amazon API Gateway REST API with AWS Lambda functions. The company wants to deploy a new version of a Lambda function that gives customers the ability to view their balances. The new version of the function displays customer transaction insights. The company wants to test the new version with a small group of users before deciding whether to make the feature available for all users. Which solution will meet these requirements with the LEAST disruption to users?

Show Answer Hide Answer
Correct Answer: A

API Gateway's canary deployments allow gradual traffic shifting to a new version of a function, minimizing disruption while testing.

Why Option A is Correct:

Gradual Rollout: Reduces risk by incrementally increasing traffic.

Rollback Support: Canary deployments make it easy to revert to the previous version.

Why Not Other Options:

Option B: Redeploying the stage disrupts all users.

Option C & D: Managing new stages and weighted routing introduces unnecessary complexity.

Canary Deployments in API Gateway