A W S C E R T I F I C A T I O N
DVA C02 Certified Developer Associate Practice Exam
Exam Number: 1206 | Last updated April 24, 2026 | 700+ questions across 4 vendor-aligned objectives
The AWSDVA C02 Certified Developer Associate targets software developers who design, build, deploy, and debug cloud-native applications on AWS. Candidates typically have one or more years of experience writing in a programming language and one or more years of working with AWS services through the AWS SDK, AWS CLI, AWS Cloud Development Kit, or AWS Serverless Application Model. The exam emphasizes serverless patterns, secure API design, and the day-to-day mechanics of deploying code to AWS.
Development with AWS Services and Deployment carry the highest weights. Development with AWS Services (32%) is the largest domain and covers AWS Lambda, Amazon API Gateway, Amazon DynamoDB single-table design, Amazon S3, Amazon SQS, Amazon SNS, Amazon EventBridge, AWS Step Functions, and AWS SDK error-handling patterns. Deployment (24%) covers AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS Cloud Development Kit, AWS Serverless Application Model, and Amazon ECS deployment strategies.
The remaining domains test cross-cutting developer concerns. Security (26%) covers AWS Identity and Access Management policy authoring, Amazon Cognito user and identity pools, AWS Key Management Service envelope encryption, AWS Secrets Manager, AWS Systems Manager Parameter Store, and request signing with the AWS Signature Version 4 algorithm. Troubleshooting and Optimization (18%) covers Amazon CloudWatch Logs Insights, AWS X-Ray traces, AWS Lambda concurrency tuning, and Amazon DynamoDB performance optimization techniques.
Every answer links to the source. Each explanation below includes a hyperlink to the exact AWS documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
423
practice exam users
97.4%
satisfied users
94.1%
passed the exam
4.5/5
quality rating
Test your DVA C02 Certified Developer Associate knowledge
10 of 700+ questions
Question #1 - Development with AWS Services
A developer is writing a Lambda function that calls DynamoDB and wants the function to use temporary credentials with only the permissions it needs.
Which is the recommended approach?
A) Hardcode an IAM user’s access key in environment variables
B) Use the root account access keys
C) Attach an IAM execution role to the Lambda function with a least-privilege policy
D) Store keys in a config file in the deployment package
Show solution
Correct answers: C – Explanation:
Lambda assumes its execution role and exposes temporary credentials via the SDK automatically; least-privilege policies should be attached to the role. Hardcoded keys, root keys, and packaged keys are all anti-patterns. Source: [Lambda execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html)
Question #2 - Refactoring
An application stores user-uploaded images in S3. The dev wants the URL returned to the user to expire after 15 minutes.
What should the developer generate?
A) A public bucket policy with an expiration
B) A long-lived CloudFront signed cookie
C) An IAM user per upload
D) A pre-signed URL with a 15-minute expiration
Show solution
Correct answers: D – Explanation:
Pre-signed URLs grant time-limited access using the requester’s credentials. Public policies don’t expire; per-user IAM users are unscalable; signed cookies require CloudFront and are typically broader-scoped than a single object URL. Source: [S3 pre-signed URLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html)
Question #3 - Deployment
A team wants blue/green deployments for a Lambda-based API using weighted traffic shifting and automatic rollback on errors.
Which tool is built for this?
A) S3 versioning
B) Manual alias updates
C) AWS CodeDeploy with Lambda traffic shifting and CloudWatch alarms
D) Step Functions
Show solution
Correct answers: C – Explanation:
CodeDeploy supports canary/linear traffic shifting on Lambda aliases with CloudWatch alarm-based rollback. Manual alias updates lose automation; S3 versioning is unrelated; Step Functions doesn’t shift Lambda traffic by itself. Source: [CodeDeploy for Lambda](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html)
Question #4 - Security
An API needs to verify a JWT issued by a corporate IdP before allowing access.
Which feature in API Gateway HTTP APIs handles this natively?
A) JWT authorizer integrated with the IdP
B) Lambda authorizer only
C) IAM authorization for human users
D) API key alone
Show solution
Correct answers: A – Explanation:
HTTP APIs include built-in JWT authorizers that validate tokens against an OIDC issuer with no Lambda code. Lambda authorizers work but are extra code/cost; IAM auth requires SigV4 (not friendly for browsers); API keys aren’t auth. Source: [JWT authorizers in HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html)
Question #5 - Development with AWS Services
A developer is choosing between SQS standard and FIFO queues for an order-processing pipeline that must process each order exactly once and in submission order per customer.
Which queue type is appropriate?
A) FIFO queue with MessageGroupId per customer
B) Standard queue
C) SNS topic
D) Kinesis Data Firehose
Show solution
Correct answers: A – Explanation:
FIFO guarantees ordering and exactly-once processing; using customer ID as MessageGroupId preserves per-customer ordering while parallelizing across customers. Standard is at-least-once and unordered; SNS is pub/sub; Firehose is for streaming load to data stores. Source: [SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html)
Question #6 - Troubleshooting and Optimization
A Lambda function intermittently times out at 3 seconds while calling a downstream HTTP API.
Which troubleshooting steps are appropriate? (Choose two.)
A) Increase function timeout to a value greater than the downstream P99 latency
B) Enable AWS X-Ray to identify which downstream segment is slow
C) Disable retries entirely
D) Switch the runtime to a different language without changing logic
Show solution
Correct answers: AB – Explanation:
Raising the timeout above downstream P99 prevents premature aborts; X-Ray pinpoints the slow segment. Disabling retries hides intermittent issues rather than fixing them; switching runtimes doesn’t address downstream latency. Source: [Lambda configuration](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html)
Question #7 - Development with AWS Services
A developer needs DynamoDB to support a query pattern that filters by a non-key attribute returning recent items first.
Which feature should they add?
A) Local Secondary Index with the attribute as sort key
B) Global Secondary Index with the attribute as partition key and a timestamp as sort key
C) Stream the table to S3 and query with Athena
D) Increase RCUs
Show solution
Correct answers: B – Explanation:
A GSI lets you query by the new attribute (partition key) and order by the timestamp sort key. LSIs require the same partition key as the base table; Athena adds latency; more RCUs don’t enable a new query pattern. Source: [DynamoDB Global Secondary Indexes](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html)
Question #8 - Security
A developer needs to store and retrieve a database password from code without managing rotation manually.
Which service is best?
A) An IAM policy
B) Plain S3 bucket
C) EC2 user data
D) AWS Secrets Manager
Show solution
Correct answers: D – Explanation:
Secrets Manager stores secrets, integrates rotation with RDS/Lambda, and exposes them via SDK with IAM auth. S3 is not purpose-built; user data is plaintext at launch; IAM policies aren’t secret stores. Source: [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)
Question #9 - Refactoring
An application reads a 50 MB configuration file from S3 on every Lambda invocation, causing latency.
Which optimization is most effective?
A) Increase Lambda memory only, leaving the same code
B) Move the file to /tmp and rely on container reuse, or use Lambda layers/extensions for shared static config
C) Switch the bucket to Glacier
D) Disable VPC settings
Show solution
Correct answers: B – Explanation:
Lambda execution environments are reused across invocations; loading once outside the handler (or using layers/extensions) caches the file in /tmp or memory. More memory speeds CPU/IO marginally but doesn’t avoid the fetch; Glacier is slower; VPC settings don’t change S3 performance. Source: [Lambda execution environment lifecycle](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtime-environment.html)
Question #10 - Deployment
A SAM template defines a Lambda API Gateway. After `sam deploy`, the dev needs to test the API locally with the same routing.
Which command provides this?
A) sam local start-api
B) aws lambda invoke
C) aws apigateway test-invoke-method (only for already-deployed APIs)
D) cdk synth
Show solution
Correct answers: A – Explanation:
`sam local start-api` runs an emulated API Gateway locally with Lambda containers, mirroring the SAM template’s routes. lambda invoke skips API Gateway; test-invoke-method runs against deployed APIs; cdk synth is for CDK, not SAM. Source: [sam local start-api](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-start-api.html)
Get 700+ more questions with source-linked explanations
Every answer traces to the exact AWS documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated April 24, 2026
Learn more...
What the aws-developer-associate exam measures
- Development with AWS Services (32%) — Build serverless applications with AWS Lambda, Amazon API Gateway, and Amazon DynamoDB; integrate Amazon SQS, Amazon SNS, Amazon EventBridge, and AWS Step Functions.
- Security (26%) — Author AWS Identity and Access Management policies, integrate Amazon Cognito for user authentication, encrypt data with AWS Key Management Service, and manage credentials with AWS Secrets Manager.
- Deployment (24%) — Configure AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy; package serverless applications with AWS SAM and AWS CDK; deploy containerized apps to Amazon ECS.
- Troubleshooting and Optimization (18%) — Debug with Amazon CloudWatch Logs Insights and AWS X-Ray; tune AWS Lambda memory and concurrency; optimize Amazon DynamoDB read and write capacity.
How to prepare for this exam
- Review the official AWS exam guide and confirm the latest domain weights and content scope before scheduling.
- Complete the matching learning plan on AWS Skill Builder, including the digital courses and exam prep modules.
- Build hands-on muscle memory in an AWS Free Tier account by deploying the services that appear in the Development with AWS Services domain.
- Apply your skills to a real-world project — workplace assignments, volunteer work, or open-source contributions where AWS services solve a concrete problem.
- Master one objective at a time, beginning with the highest-weighted domain so the score impact of each study session is maximized.
- Run PowerKram in Learn mode to read the explanations and follow every sourced documentation link until you can predict the right answer before reading the choices.
- Switch to PowerKram Exam mode across all objectives once your accuracy in Learn mode passes 85%, simulating the timed exam experience.
Career paths and salary outlook
The Developer Associate credential is widely recognized for cloud-native software roles:
- Cloud Software Engineer — $130,000 to $200,000. Levels.fyi: Software Engineer Compensation
- Backend Developer (AWS-focused) — $115,000 to $180,000. Glassdoor: AWS Developer Salaries
- Serverless Application Developer — $125,000 to $190,000. BLS: Software Developers Outlook
Official resources
Lean on hands-on labs and the AWS SDK reference material more than any single book: