SaveMyCert
Log in
5 of 5 free questions left today·for unlimited practice
DVA-C02 practice

Free DVA-C02 practice questions

Drill exam-realistic AWS Certified Developer – Associate questions by domain, with an explanation on every option — not just the right one. 5 fully worked examples are further down this page, answers included.

Question bank
260
across 4 domains
Free, no account
5/day
sign up free to remove the cap
Real exam
65 Qs
130 min · pass 720
Explanations
Every option
right and wrong

Build a practice session

Domains

How many?

Mode

Ready when you are

10 fresh questions drawn across all domains, in Learn mode.

Focused review

Every question you answer incorrectly, and every question you flag while practising, is saved here automatically. Finish a session and you can come back to re-drill just those.

5 sample DVA-C02 questions, fully explained

Real questions from the DVA-C02 bank, with the answer key and the reasoning behind every option. Read them, then go back up the page and try the rest.

Question 1Development with AWS Services

A development team is building an order-fulfillment process that runs a fixed sequence of steps: reserve inventory, charge the customer, and schedule shipping. The business team needs visibility into where each order is in the process, per-step retries with error handling, and compensation logic that runs when a step fails partway through. Which approach should the team use?

Choose one.

  • a
    Publish an order event to an Amazon SNS topic and let each service subscribe and react independently.

    This is choreography: no component holds the workflow state, so there is no central visibility into where an order is, and coordinating compensation across independent subscribers must be hand-built.

  • b
    Chain the three services together with an Amazon SQS queue between each step.

    Queues buffer and retry individual hops, but nothing owns the end-to-end state, so there is no single view of progress and no built-in way to run compensation when a later step fails.

  • c
    Model the process as an AWS Step Functions state machine that coordinates each step. Correct

    Step Functions is the orchestration service: the state machine holds workflow state (visibility), applies per-step retry and error handling, and supports compensation logic when a step fails.

  • d
    Have the first service invoke each downstream service synchronously in order.

    Synchronous chaining tightly couples the services — a slow or failed downstream call degrades the caller — and retries, state tracking, and compensation all become custom code in the first service.

The concept

Choosing between orchestration and choreography for multi-step workflows: a central coordinator (AWS Step Functions) versus services reacting to events.

Why that’s the answer

The scenario lists the classic orchestration cues: a defined sequence, visibility into where each order is, per-step error handling, and compensation on failure. Step Functions holds the workflow state centrally and provides built-in retries, catch handling, and compensation paths, which is exactly what the requirements describe. SNS choreography maximizes service independence but deliberately has no central controller, so end-to-end visibility and coordinated compensation would have to be built by hand. SQS chaining buffers each hop but still leaves no owner of the overall state. Direct synchronous invocation is the tightly coupled anti-pattern — the caller shares fate with every downstream service and must implement all coordination logic itself.

How to reason it out
  1. Identify that the process is a multi-step business workflow with a fixed sequence.
  2. Spot the orchestration cues: visibility into progress, per-step retries, and compensation on failure.
  3. Recall that on AWS, orchestration means Step Functions, which holds workflow state centrally.
  4. Eliminate choreography (SNS) and queue chaining because neither owns end-to-end state, and synchronous chaining because it tightly couples the services.

Exam tip: When a scenario needs visibility, per-step error handling, or compensation across a multi-step process, choose orchestration with Step Functions; choreography is for independent services reacting to events.

Application Development Patterns on AWS: Architecture, APIs and Messaging — the lesson that teaches this.

Question 2Security

A mobile application must let both signed-in users and anonymous guests upload images directly to Amazon S3 by using temporary AWS credentials. Which Amazon Cognito capability should the developer use?

Choose one.

  • a
    A user pool with the hosted sign-in UI

    A user pool authenticates users and issues JWTs; it does not vend AWS credentials and has no concept of anonymous guests.

  • b
    User pool groups with an admin group for guests

    Groups add authorization claims to tokens for signed-in users; they do not produce AWS credentials or support unauthenticated access.

  • c
    An identity pool with unauthenticated identities enabled Correct

    Identity pools exchange tokens for temporary AWS credentials via STS and are the only Cognito component that supports unauthenticated guest identities.

  • d
    A user pool app client configured with a custom OAuth scope

    OAuth scopes authorize API access for authenticated users; they do not provide AWS credentials or guest access.

The concept

Cognito identity pools authorize access to AWS services by exchanging an identity token for temporary AWS credentials from STS — and they are the only Cognito feature that supports unauthenticated (guest) identities.

Why that’s the answer

Two phrases decide this: "temporary AWS credentials" and "anonymous guests" both point exclusively at an identity pool. Signed-in users' tokens and guest identities are each mapped to an IAM role, and the app receives short-lived credentials to call S3 directly. The user pool options fail because user pools authenticate people and issue JWTs — they never vend AWS credentials and cannot represent guests; groups and OAuth scopes only shape authorization for users who have signed in.

How to reason it out
  1. Spot the requirement for temporary AWS credentials — that is the identity pool's job.
  2. Spot the guest requirement — only identity pools support unauthenticated identities.
  3. Map authenticated and unauthenticated identities to separate IAM roles with least-privilege S3 permissions.
  4. Have the app obtain credentials from the identity pool and upload to S3 directly.

Exam tip: "Access AWS services" or "guest access" in a Cognito scenario means an identity pool — user pools cannot vend AWS credentials.

Authentication and Authorization on AWS: Cognito, IAM, and STS — the lesson that teaches this.

Question 3Deployment

A developer is packaging a Python AWS Lambda function whose code and bundled dependencies total 45 MB zipped and 180 MB unzipped. The team wants the simplest deployment path and prefers AWS managed runtimes. Which artifact format should the developer use?

Choose one.

  • a
    A .zip deployment package containing the code and its bundled dependencies Correct

    The package fits comfortably within the zip limits of 50 MB zipped for direct upload and 250 MB unzipped, and zip packaging is the fastest path when using AWS managed runtimes.

  • b
    A container image pushed to Amazon ECR

    A container image works but adds Docker build and registry overhead the scenario does not need; images are the right choice when dependencies exceed 250 MB unzipped or a custom runtime is required.

  • c
    An Elastic Beanstalk source bundle uploaded as a zip archive

    Source bundles are the artifact format for AWS Elastic Beanstalk environments, not for Lambda functions.

  • d
    A Lambda layer containing the entire application and its dependencies

    A layer supplements a function's deployment package with shared dependencies; it is not itself a deployable function artifact and a function still needs its own package.

The concept

Each AWS compute target defines its own artifact format, and Lambda offers two: a .zip archive (50 MB zipped for direct upload, 250 MB unzipped including layers) or a container image in Amazon ECR of up to 10 GB.

Why that’s the answer

At 45 MB zipped and 180 MB unzipped, the package is within both zip limits, and the zip format is the simplest option that keeps the function on AWS managed runtimes. A container image is only worth its extra tooling when the package exceeds 250 MB unzipped, needs OS-level packages, or requires a custom runtime. An Elastic Beanstalk source bundle targets a different service entirely, and a layer cannot replace the function's own deployment package.

How to reason it out
  1. Measure the built package size: 45 MB zipped, 180 MB unzipped.
  2. Compare against the Lambda zip limits: 50 MB zipped for direct upload, 250 MB unzipped including all layers.
  3. Confirm the function uses an AWS managed runtime with no OS-level package requirements.
  4. Choose the .zip deployment package as the simplest artifact that satisfies all constraints.

Exam tip: Use a Lambda zip package when code plus dependencies fit within 50 MB zipped / 250 MB unzipped; reach for a container image only when you exceed those limits or need a custom runtime.

Preparing Application Artifacts for AWS Deployment — the lesson that teaches this.

Question 4Troubleshooting and Optimization

A CloudWatch alarm on an API's 5XXError metric has fired, telling an on-call developer that server errors began 10 minutes ago. The developer now needs to find out why the requests are failing. Which telemetry should the developer consult next?

Choose one.

  • a
    Additional CloudWatch metrics for the API stage, such as latency percentiles

    Metrics are numeric time series that confirm something is wrong and when it started, but they carry no detail about why individual requests fail.

  • b
    The backend's log events over the alarm window, queried with CloudWatch Logs Insights Correct

    Logs answer "why is it wrong" — they carry stack traces, error messages, and the code path each failing request took, and Logs Insights can be scoped to exactly the window the alarm identified.

  • c
    The X-Ray sampling rules configured for the application

    Sampling rules control how many requests get traced; reviewing them tells you nothing about the cause of the current errors.

  • d
    AWS CloudTrail management event history for the account

    CloudTrail records control-plane API calls such as configuration changes; it does not contain application request errors.

The concept

The three observability signals each answer a different diagnostic question: metrics answer "is something wrong?", logs answer "why is it wrong?", and traces answer "where is it wrong?". An incident triage moves through them in that order.

Why that’s the answer

The metric alarm has already answered the "is something wrong and when" question, so the next step is to query the logs for the same time window to learn what the code actually reported. More metrics only restate that a problem exists, sampling rules are configuration rather than evidence, and CloudTrail records account-level API activity, not application request failures.

How to reason it out
  1. Note the exact window in which the alarm's metric breached its threshold.
  2. Open the backend's log group in CloudWatch Logs Insights scoped to that window.
  3. Filter for error-level events and read the messages and stack traces behind the failures.
  4. If the failure spans services, pivot to a trace to see which hop is responsible.

Exam tip: Metrics say something is wrong, logs say why, traces say where — triage in that order.

Root Cause Analysis on AWS: Reading Logs, Metrics, and Error Codes — the lesson that teaches this.

Question 5Development with AWS Services

A company runs microservices owned by different teams. When a customer profile changes, several downstream services must react, and the company expects to add more consuming services over time. The team that owns the profile service must never have to change its code when a new consumer is added. Which pattern should the developers implement?

Choose one.

  • a
    Have the profile service call each downstream service's REST API after every change.

    Direct calls tightly couple the producer to every consumer — adding a consumer means changing and redeploying the profile service, which the requirement forbids.

  • b
    Publish a profile-updated event to an Amazon EventBridge event bus and let each consuming service attach its own rule. Correct

    This is choreography: the producer emits a fact and never knows who is listening, so new consumers add their own rules without any change to the profile service.

  • c
    Build an AWS Step Functions state machine that invokes every downstream service after each profile change.

    An orchestrator centralizes the flow, so every new consumer requires editing the state machine definition — coordination the scenario explicitly wants to avoid.

  • d
    Have downstream services poll a shared database table that the profile service writes to.

    Sharing a database couples every service to one schema and adds polling latency and load; it is a form of tight coupling through the data store.

The concept

Choreography in event-driven architecture: producers emit events describing what happened, and consumers subscribe and react without the producer knowing about them.

Why that’s the answer

The deciding requirement is that consumers can be added without touching the producer. Publishing profile-updated events to an EventBridge bus achieves exactly that: each consuming team attaches its own rule and target, and the producer's code never changes. Step Functions is the opposite trade-off — orchestration gives central visibility but means the coordinator must be updated for every new consumer. Direct REST calls hard-code every consumer into the producer, and a shared polled database couples all services to one schema while adding latency. When services should evolve independently and merely react to facts, choreography over an event bus is the answer.

How to reason it out
  1. Note the constraint: new consumers must be added with zero producer changes.
  2. Recognize this as the defining property of choreography — producers emit events without knowing the consumers.
  3. Map choreography onto AWS: publish to an EventBridge event bus (or SNS) and let consumers subscribe with rules.
  4. Eliminate orchestration and direct calls, both of which require updating existing code for each new consumer.

Exam tip: If consumers must be added or removed without changing the producer, publish events to a bus (choreography); a central coordinator would need editing for every new consumer.

Application Development Patterns on AWS: Architecture, APIs and Messaging — the lesson that teaches this.

The DVA-C02 question bank, by domain

The bank is built to the exam's own weighting, so the practice you get reflects the marks that are actually on offer — not whichever domain was easiest to write questions for.

Published DVA-C02 practice questions per exam domain
DomainExam weightTopicsQuestions
Development with AWS Services32%360
Security26%360
Deployment24%480
Troubleshooting and Optimization18%360
Total100%13260

How DVA-C02 questions are worded

Most DVA-C02 questions are not asking whether you can recall a definition. They describe a situation and ask which option satisfies it — so the skill being tested is reading the requirement precisely and eliminating options that fail it.

Single-response vs multiple-response

A single-response question has exactly one right answer. A multiple-response question tells you how many to pick ("Choose TWO") and there is no partial credit — getting one of the two right scores nothing. Read that instruction before you read the options.

Read the last line first

The final sentence is the actual question; everything before it is scenario. Read it first, then read the scenario knowing what you are looking for. It stops you from building an answer in your head that the question never asked for.

Hunt for the qualifier

Most scenarios turn on one word — MOST cost-effective, LEAST operational overhead, with the LEAST latency, without changing application code. Two options are frequently both technically correct, and the qualifier is the only thing separating them.

Eliminate, then choose

Distractors are almost always real AWS services doing a real job — just not this job. Rule out the ones that break a stated constraint before you compare what's left. On a question you truly don't know, eliminating two options turns a guess into a coin flip.

Beyond DVA-C02 practice

DVA-C02 practice questions: your questions

Yes. You can answer 5 questions a day with no account at all, and creating a free account removes the daily limit entirely — the full 260-question DVA-C02 bank, with an explanation on every option.