DVA-C02 Exam Prep Free practice test →

Free DVA-C02 Practice Questions

10 free, exam-style AWS Certified Developer - Associate (DVA-C02) practice questions with answers and explanations. No signup required. Work through them below, then take the full free DVA-C02 practice test to study every exam domain.

The DVA-C02 exam has 65 questions and runs 2 hours 10 minutes.

These 10 free DVA-C02 questions are organized by exam domain, so you can see how each part of the AWS Certified Developer - Associate blueprint is tested. Reveal the answer and explanation under each question.

Domain 1: Development with AWS Services 32% of exam

Question 1

A payment-processing Lambda function must always have execution capacity available during traffic spikes, even when other functions in the account consume most of the concurrency limit. The team does NOT need to eliminate cold starts. Which configuration should the developer apply to this function?

  1. Set reserved concurrency to guarantee a dedicated portion of the account limit
  2. Set provisioned concurrency so pre-initialized environments are always warm and ready to serve
  3. Increase the function's allocated memory so that its per-invocation throughput rises accordingly
  4. Request a service quota increase to the account's total concurrent execution limit
Show answer & explanation

Correct answer: A - Set reserved concurrency to guarantee a dedicated portion of the account limit

Question 2

A single Query operation returns 10 items with a combined size of 40.8 KB, using strongly consistent reads. How many read capacity units (RCUs) does this Query consume?

  1. 10 RCUs, because a Query rounds every returned item up to 4 KB individually before summing
  2. 6 RCUs, because the 40.8 KB total is divided by an 8 KB-per-RCU strongly consistent block
  3. 11 RCUs, because the combined size rounds up to 44 KB and is divided by the 4 KB read unit
  4. 5 RCUs, because Query results are always billed using the eventually consistent read formula
Show answer & explanation

Correct answer: C - 11 RCUs, because the combined size rounds up to 44 KB and is divided by the 4 KB read unit

Question 3

An application must query a DynamoDB table using an alternate partition key that was NOT anticipated when the table was created, and the table is already in production. Which approach lets the team add this new access pattern?

  1. Create a global secondary index on the existing table
  2. Create a local secondary index on the existing production table
  3. Recreate the table using a composite primary key that includes the new attribute
  4. Enable DynamoDB Streams so the new key is projected into a searchable index
Show answer & explanation

Correct answer: A - Create a global secondary index on the existing table

Question 4

Two users load the same DynamoDB item, then both submit updates a few seconds apart. The business requires that the second write must FAIL if the item changed after it was read, rather than silently overwriting the first user's change. Which technique implements this?

  1. Enable strongly consistent reads on the table so both users always see current data
  2. Use optimistic locking with a version-number attribute checked by a condition expression
  3. Wrap each individual update in its own DynamoDB transaction to serialize the writes
  4. Use an atomic counter attribute that DynamoDB increments on each incoming write
Show answer & explanation

Correct answer: B - Use optimistic locking with a version-number attribute checked by a condition expression

Question 5

A Lambda function is invoked asynchronously by Amazon S3. Occasionally the function fails on every attempt, and the team is losing these events. They want failed events preserved for later inspection with the least custom code. What is the default behavior, and what should they add?

  1. S3 keeps retrying delivery to the function indefinitely; they should enable S3 event replay to recover them
  2. Lambda retries for six hours and then returns the event to S3; they should turn on S3 versioning to recover it
  3. S3 sends failures straight to CloudWatch Logs; they should build a log-scanning job to reprocess the entries
  4. Lambda retries twice and then discards the event; they should configure a dead-letter queue or on-failure destination
Show answer & explanation

Correct answer: D - Lambda retries twice and then discards the event; they should configure a dead-letter queue or on-failure destination

Question 6

A Lambda function processes messages from an Amazon SQS queue through an event source mapping. Some messages repeatedly fail processing, and the team wants those messages moved to a dead-letter queue. Where is this redrive behavior configured?

  1. On the Lambda function, by enabling its asynchronous dead-letter queue setting
  2. On the Lambda function, by adding an on-failure invocation destination
  3. On the source SQS queue, using its redrive policy and maxReceiveCount with a designated DLQ
  4. On the event source mapping, by lowering the maximum retry attempts to force a redrive
Show answer & explanation

Correct answer: C - On the source SQS queue, using its redrive policy and maxReceiveCount with a designated DLQ

Question 7

An order service must publish each new order once and have three independent downstream systems (inventory, billing, and analytics) each receive their own copy and process it at their own pace. Which design is MOST appropriate?

  1. Write every order to one shared SQS queue that all three downstream systems poll for messages
  2. Publish each order to an SNS topic that fans out to a separate SQS queue owned by each system
  3. Publish each order to an SNS topic that all three downstream systems subscribe to over raw HTTP
  4. Stream every order through a single Kinesis shard that all three systems read concurrently
Show answer & explanation

Correct answer: B - Publish each order to an SNS topic that fans out to a separate SQS queue owned by each system

Domain 2: Security 26% of exam

Question 8

An IAM principal is evaluated for an action. One attached policy explicitly ALLOWS s3:DeleteObject on a bucket, and a separate attached policy explicitly DENIES s3:DeleteObject on the same bucket. What is the result of the request?

  1. Allowed, because the presence of any explicit allow statement grants the action
  2. Allowed, because identity-based allow statements take priority over resource-based denies
  3. Denied, because an explicit deny always overrides any allow in policy evaluation
  4. Blocked pending review, because the two conflicting statements must be reconciled by an admin
Show answer & explanation

Correct answer: C - Denied, because an explicit deny always overrides any allow in policy evaluation

Question 9

A mobile app authenticates users, and after sign-in each user must upload files directly to their own prefix in Amazon S3 using temporary AWS credentials scoped by an IAM role. Which Amazon Cognito capability provides those temporary AWS credentials?

  1. A Cognito user pool, which manages the user directory and issues signed JWT tokens to the app
  2. A Cognito user pool app client configured with a client secret for confidential clients
  3. A Cognito user pool attached to API Gateway as the authorizer for the upload endpoint
  4. A Cognito identity pool, which exchanges the sign-in token for temporary, role-scoped AWS credentials
Show answer & explanation

Correct answer: D - A Cognito identity pool, which exchanges the sign-in token for temporary, role-scoped AWS credentials

Question 10

A developer must encrypt large objects on the client before uploading them, and wants AWS KMS to manage keys efficiently WITHOUT sending the large payloads to KMS. Which description correctly explains envelope encryption?

  1. KMS receives and encrypts each object directly using the customer managed key, then returns the ciphertext
  2. KMS generates a data key; the data key encrypts the object locally, and the KMS key encrypts the data key
  3. The object is encrypted with a data key that is then stored in plaintext next to the object for fast reads
  4. KMS stores the encrypted object internally and returns a short reference token used to retrieve it later
Show answer & explanation

Correct answer: B - KMS generates a data key; the data key encrypts the object locally, and the KMS key encrypts the data key

The rest of the DVA-C02 blueprint

The DVA-C02 exam also covers these domains. Drill them in the full free practice test:

Ready for the real thing?

Practice hundreds more DVA-C02 questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing