Practice questions are the most effective way to prepare for the AWS Certified Developer Associate exam. This guide includes sample questions, explains common exam traps, and teaches strategies for answering questions correctly under exam conditions.
Why Practice Questions Matter
Practice questions serve multiple purposes:
- Knowledge Testing: Identify gaps in your understanding
- Exam Familiarization: Get comfortable with question formats
- Time Management: Develop speed and efficiency
- Confidence Building: See patterns in how AWS tests concepts
- Mistake Prevention: Learn from wrong answers to avoid repeating them
Most successful candidates take 3-5 full-length practice exams and spend significant time analyzing every incorrect answer.
Sample Practice Questions
Question 1: Lambda and Environment Configuration
Scenario: A developer creates a Lambda function that processes payment transactions. The function needs to connect to a database using credentials. The credentials change monthly. What is the MOST SECURE way to pass credentials to the Lambda function?
A) Store credentials in Lambda environment variables B) Store credentials in the Lambda function code comments C) Retrieve credentials from AWS Secrets Manager during function execution D) Store credentials in a text file in the Lambda deployment package
Correct Answer: C
Explanation: AWS Secrets Manager is designed specifically for storing and rotating sensitive credentials. The function retrieves secrets at runtime, supports automatic rotation, and logs accesses. Environment variables in option A are readable as plaintext in the Lambda console. Options B and D expose credentials in source code, which is extremely insecure.
Exam Trap: Many developers initially choose option A because it seems convenient. However, the question specifically asks for the MOST SECURE approach, and Secrets Manager is always the correct answer for credential management.
Question 2: DynamoDB Query Operations
Scenario: A DynamoDB table has the following structure:
- Partition Key: UserID
- Sort Key: Timestamp
- Attributes: Name, Email, ActivityType
A developer needs to retrieve all activities for user “user123” that occurred in March 2026. The table contains millions of records. Which approach is MOST EFFICIENT?
A) Use Scan with a FilterExpression for UserID and Timestamp B) Use Query with UserID as partition key and Timestamp as sort key condition C) Use GetItem for each activity D) Load all items into memory and filter locally
Correct Answer: B
Explanation: Query operations are more efficient than Scan for accessing data by partition and sort keys. Query directly accesses items matching the specified keys without scanning the entire table. Scan (option A) reads every item in the table, wasting read capacity. GetItem (option C) retrieves only one item at a time. Option D is completely impractical.
Exam Focus: Query vs. Scan decisions appear frequently. Query is always more efficient when you can use partition and sort keys.
Question 3: IAM Policy Design
Scenario: A Lambda function needs to:
- Read objects from S3 bucket “app-data”
- Write logs to CloudWatch
- Invoke another Lambda function
Which IAM policy BEST follows the principle of least privilege?
A) Attach an AdministratorAccess policy to the Lambda execution role
B) Attach inline policies granting:
- s3:GetObject on app-data bucket objects
- logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents
- lambda:InvokeFunction on the target Lambda function
C) Attach a policy allowing all S3 actions on all buckets and all Lambda actions
D) Attach an AWSLambdaFullAccess managed policy
Correct Answer: B
Explanation: Least privilege means granting exactly the permissions needed, nothing more. Option A grants unnecessary admin access. Option C overgrants S3 and Lambda permissions. Option D includes unnecessary Lambda permissions. Option B grants only required actions on specific resources.
Exam Trap: Policy questions test understanding of least privilege. If all options work technically, choose the most restrictive option that still allows required operations.
Question 4: API Gateway Integration
Scenario: A developer creates a REST API in API Gateway that needs to accept JSON requests, validate the request format, and return consistent responses. Which feature of API Gateway BEST addresses validation?
A) Enable CORS for all origins B) Create an API model using JSON Schema C) Use a Lambda authorizer for validation D) Enable CloudWatch logging
Correct Answer: B
Explanation: API Gateway models use JSON Schema to validate request and response formats. Models are the built-in validation mechanism. CORS (option A) handles cross-origin requests, not validation. Lambda authorizers (option C) handle authorization, not format validation. CloudWatch logging (option D) helps troubleshoot but doesn’t validate.
Exam Focus: Understand the specific purpose of each API Gateway feature. Models validate format; authorizers handle permissions; CORS allows cross-origin calls.
Question 5: S3 Presigned URLs
Scenario: A web application needs to allow users to upload files directly to S3 without exposing AWS credentials. Users should only have access to upload files for exactly 15 minutes. What is the BEST solution?
A) Create IAM users for each end-user with long-term access keys B) Generate S3 presigned URLs from your backend application with 15-minute expiration C) Allow public write access to the S3 bucket D) Use S3 bucket policies to grant permanent upload access to all users
Correct Answer: B
Explanation: Presigned URLs provide temporary access (up to 7 days, configurable down to minutes) without exposing credentials. The URL itself grants access for the specified duration. Option A unnecessarily creates IAM users. Option C opens the bucket to abuse. Option D grants permanent access, which violates the time-limited requirement.
Exam Focus: Presigned URLs are the answer to temporary S3 access questions. They don’t require IAM users and include automatic expiration.
Question 6: CloudFormation Stack Updates
Scenario: A development team uses CloudFormation to manage infrastructure. They want to add a new DynamoDB table to the existing stack while keeping all current resources unchanged. What should they do?
A) Create a new stack with just the DynamoDB table B) Update the existing template to include the new table and use stack update C) Delete the current stack and redeploy with the new table included D) Manually create the DynamoDB table outside CloudFormation
Correct Answer: B
Explanation: CloudFormation stack updates modify existing stacks while preserving unchanged resources. This is the standard approach for evolving infrastructure. Creating a new stack (option A) duplicates resources. Deleting and redeploying (option C) risks data loss. Manual creation (option D) breaks IaC principles.
Exam Trap: Stack updates vs. stack replacement questions are common. Understanding which resources require replacement (re-creation) vs. simple updates is important.
Common Exam Question Traps
Trap 1: “Best” vs. “Correct”
Many questions ask for the “BEST” or “MOST appropriate” solution. Multiple options might technically work, but one is superior.
Strategy: When multiple answers seem right:
- Look for least privilege (security questions)
- Choose most efficient (performance questions)
- Select most cost-effective (optimization questions)
- Pick native AWS service over workarounds
Trap 2: Absolute Language
Questions using absolute terms (ALWAYS, NEVER, MUST) are often traps.
Example: “CloudFormation ALWAYS creates resources in this order” Better Answer: Look for “typically,” “usually,” or “generally” in answer choices
Trap 3: Partially Correct Answers
Answers might be partially correct but missing a key requirement.
Example:
- Q: Store credentials securely and rotate automatically
- A1: “Use Secrets Manager” (correct, plus rotation support)
- A2: “Use environment variables encrypted with KMS” (secure, but no automatic rotation)
Choose A1 because it meets all requirements.
Trap 4: Distractor Services
AWS has many services; questions often include similar services as distractors.
Example: SQS vs. SNS, DynamoDB vs. RDS, Lambda vs. EC2
Strategy: Understand the distinction between similar services and when each is appropriate.
Trap 5: Missing Required Permissions
Security questions often require multiple permissions, and incomplete answers are wrong.
Example:
- Q: Lambda function needs to read S3 and write CloudWatch Logs
- A1: Lists only S3 permissions (incomplete)
- A2: Lists S3 and CloudWatch Logs permissions (complete)
Trap 6: Implicit Assumptions
Don’t assume details not explicitly stated. Read questions carefully.
Example:
- Q: A function needs to access a VPC database
- Don’t assume: Function is already configured for VPC access
- Do verify: Answer mentions VPC configuration
Effective Question-Answering Strategies
1. Read the Entire Question First
Don’t skim. Questions often contain crucial details in later sentences.
Bad Approach: Read question title, immediately select answer Good Approach: Read full question, all answer choices, then decide
2. Identify Question Type
Different question types have different answering strategies.
Service Selection: Which service handles X? (Know service purposes) Troubleshooting: What’s the problem and solution? (Read errors carefully) Best Practice: Which approach is better? (Consider trade-offs) Code/Config: Will this work? (Trace through logic)
3. Eliminate Wrong Answers First
Sometimes eliminating obviously wrong answers is faster than identifying the right one.
Eliminate:
- Services completely unrelated to the problem
- Approaches violating best practices
- Options that don’t meet explicit requirements
- Answers with incorrect terminology
4. Look for Superlatives in Answers
When a question asks for “best” or “most,” answers often use similar language.
Pattern:
- Question: “What is the BEST way…”
- Right Answer Often: “Use X because it provides Y benefit”
- Wrong Answers: “Use X, which requires Y additional steps”
5. Read Answer Choices Carefully
Small words matter in AWS questions.
Examples:
- “Allows” vs. “Requires”
- “Can” vs. “Must”
- “Supports” vs. “Automatically”
- “S3” vs. “S3 Batch Operations”
- “CloudWatch Logs” vs. “CloudWatch Metrics”
6. Watch for Question Cues
Questions contain clues about the expected answer.
Cues:
- “MOST secure” → Choose Secrets Manager over environment variables
- “MOST efficient” → Choose Query over Scan
- “LEAST privilege” → Choose most restrictive option
- “WITHOUT additional code” → Choose feature that handles it natively
- “Minimize costs” → Choose cost-effective approach
7. Time Management in Exams
You have approximately 2 minutes per question (130 minutes / 65 questions).
Strategy:
- First pass (90 minutes): Answer questions you’re confident about
- Flag uncertain questions for review
- Second pass (40 minutes): Tackle flagged questions
- If still uncertain, educated guess beats blank answer
How to Use Practice Exams Effectively
Before Taking the Exam
-
Create exam-like conditions
- Quiet environment
- No distractions
- Full 130 minutes
- Single sitting
-
Don’t reference materials
- Practice exams test retention, not ability to look things up
- Real exam has no reference materials
After Taking the Exam
-
Review all wrong answers immediately
- Don’t wait; knowledge is fresh
- Understand why correct answer is better
-
Categorize your mistakes
- Knowledge gap: You didn’t understand the topic
- Careless error: You knew the answer but misread
- Strategy mistake: You didn’t understand question structure
-
Study based on mistake categories
- Knowledge gaps: Review documentation and videos
- Careless errors: Practice slower, more careful reading
- Strategy mistakes: Review effective answering strategies
Progressive Mock Exam Approach
First Mock Exam: Identify knowledge gaps (expect 65-75%) Study Gap Areas: 1-2 weeks focused learning Second Mock Exam: Demonstrate improvement (expect 75-80%) Final Polish: Light review of remaining weak areas Third Mock Exam: Confidence check (expect 80%+)
FAQ
Q: How many practice questions should I do? A: At least 300-400 questions across multiple sources. This ensures you see diverse question types.
Q: Are free practice questions as good as paid ones? A: Quality varies significantly. Paid practice exams from reputable sources are more likely to match real exam difficulty and format.
Q: Should I memorize practice questions? A: No. The real exam will have different questions. Focus on understanding concepts, not memorizing specific questions.
Q: What if I get a practice question wrong? A: This is valuable! Spend time understanding why you missed it. Most learning happens from reviewing wrong answers.
Q: How do I know if I’m ready for the real exam? A: You should score 80%+ on multiple full-length mock exams, especially the final exams closest to your test date.
Q: Do I need to answer every practice question? A: Target at least 200-300 practice questions total. Quality understanding of those is better than rushing through 1000 questions.
Recommended Practice Exam Approach
We recommend taking comprehensive mock exams that mirror real exam conditions. Our DVA-C02 mock exam bundle provides:
- Multiple full-length exams matching official domain weightings
- Detailed explanations for every question
- Timed exam mode simulating real conditions
- Performance tracking across domains
- Mobile-friendly review interface
Taking mock exams from a reputable source is one of the most effective preparation strategies.
Conclusion
Practice questions are essential for DVA-C02 preparation. By understanding common question traps, applying effective answering strategies, and thoroughly reviewing incorrect answers, you’ll develop the skills needed to pass the exam confidently.
The key is not just answering questions, but learning from every single one. Each incorrect answer is an opportunity to strengthen your AWS knowledge.
Start with diagnostic practice today and track your progress toward that 80%+ score that indicates real exam readiness.