Development with AWS Services
Domain 1 — 32% of Exam
Question 01
A developer needs to build a REST API that triggers a Lambda function for each request. Which AWS service should be used as the front-end for the API?
AApplication Load Balancer
BAmazon API Gateway ✅
CAmazon CloudFront
DAmazon SQS
💡 Explanation: Amazon API Gateway is a fully managed service for creating, publishing, and managing REST, HTTP, and WebSocket APIs. It integrates natively with Lambda for serverless backends. API Gateway handles authentication, throttling, caching, request/response transformation, and API versioning. The ALB can also trigger Lambda but lacks API management features. CloudFront is a CDN, and SQS is a message queue.
Question 02
A developer wants to add caching to their DynamoDB table to reduce read latency from milliseconds to microseconds. Which service should they use?
AAmazon ElastiCache
BDynamoDB Accelerator (DAX) ✅
CAmazon CloudFront
DAmazon RDS Read Replica
💡 Explanation: DynamoDB Accelerator (DAX) is an in-memory cache specifically designed for DynamoDB. It reduces read latency from single-digit milliseconds to microseconds without code changes — your application points to the DAX cluster endpoint instead of DynamoDB. ElastiCache (Redis/Memcached) is a general-purpose cache. CloudFront caches web content at edge locations. RDS Read Replicas are for relational databases.
Question 03
A Lambda function needs to process records from a DynamoDB Streams event. How does Lambda receive these records?
ALambda polls an SQS queue connected to DynamoDB
BLambda uses an Event Source Mapping to poll the DynamoDB stream ✅
CDynamoDB pushes events directly to Lambda via SNS
DAPI Gateway routes DynamoDB changes to Lambda
💡 Explanation: Lambda uses Event Source Mappings (ESM) to poll stream-based sources like DynamoDB Streams, Kinesis Data Streams, and SQS queues. The ESM reads records in batches and invokes the Lambda function synchronously. Key config: batch size, starting position (TRIM_HORIZON or LATEST), and error handling (bisect batch on error, destination for failures). This is a core developer exam concept.
Question 04
A developer is using DynamoDB and needs to retrieve items using an attribute that is NOT the primary key. What should they create?
AA DynamoDB Read Replica
BA Global Secondary Index (GSI) ✅
CA DynamoDB trigger
DA scan operation with a filter expression
💡 Explanation: A Global Secondary Index (GSI) allows you to query DynamoDB using an alternate partition key and optional sort key — different from the table’s primary key. GSIs have their own provisioned throughput and can be created at any time. Local Secondary Indexes (LSI) use the same partition key but a different sort key — and must be created at table creation time. A scan reads every item (expensive and slow) — always prefer queries with indexes.
2
Security
Domain 2 — 26% of Exam
Question 05
A Lambda function needs to read objects from an S3 bucket and write items to a DynamoDB table. How should the developer grant these permissions?
AEmbed AWS access keys in the Lambda code
BCreate an IAM execution role with S3 read and DynamoDB write permissions, and attach it to the Lambda function ✅
CMake the S3 bucket and DynamoDB table public
DStore credentials in Lambda environment variables
💡 Explanation: Lambda functions use an IAM execution role that defines what AWS services the function can access. Create a role with the minimum required permissions (S3:GetObject, DynamoDB:PutItem) and assign it to the function. Never hardcode credentials — Lambda automatically provides temporary credentials via STS when the role is assumed. This follows the principle of least privilege.
Question 06
A developer needs to securely store database credentials that are automatically rotated and retrieved by an application at runtime. Which AWS service should be used?
AAWS Systems Manager Parameter Store
BAWS Secrets Manager ✅
CAWS KMS
DLambda environment variables
💡 Explanation: AWS Secrets Manager is purpose-built for storing, retrieving, and automatically rotating secrets like database credentials, API keys, and tokens. It integrates natively with RDS, Redshift, and DocumentDB for automatic rotation. Parameter Store (SSM) can also store secrets but doesn’t support native automatic rotation. KMS manages encryption keys (not credentials), and environment variables are not rotatable or centralized.
Question 07
Which AWS service provides user sign-up, sign-in, and access control for web and mobile applications with built-in support for social identity providers like Google and Facebook?
AAWS IAM
BAmazon Cognito ✅
CAWS STS
DAWS Directory Service
💡 Explanation: Amazon Cognito provides two main components: User Pools (authentication — sign-up/sign-in, MFA, social identity providers) and Identity Pools (authorization — federated identities that grant temporary AWS credentials). Cognito is the go-to service for adding auth to apps. IAM is for AWS account users, STS provides temporary credentials, and Directory Service integrates with Active Directory. Cognito is heavily tested on DVA-C02.
3
Deployment
Domain 3 — 24% of Exam
Question 08
A developer wants to deploy a new version of their application using AWS CodeDeploy. They want to gradually shift traffic from the old version to the new version to minimize risk. Which deployment strategy should they use?
AAll-at-once
BRolling
CCanary (Linear/Canary traffic shifting) ✅
DBlue/Green
💡 Explanation: Canary deployments gradually shift a small percentage of traffic to the new version (e.g., 10% → 50% → 100%) over time. If errors are detected, traffic automatically rolls back. CodeDeploy supports: AllAtOnce (fastest, riskiest), Rolling (batch by batch), Blue/Green (two environments, instant switch), and Canary/Linear (gradual traffic shifting). For Lambda, CodeDeploy uses weighted aliases for canary deployments.
Question 09
Which AWS service provides a fully managed CI/CD pipeline that automates the build, test, and deploy phases of your application release process?
AAWS CodeCommit
BAWS CodeBuild
CAWS CodePipeline ✅
DAWS CodeDeploy
💡 Explanation: AWS CodePipeline orchestrates the entire CI/CD pipeline — connecting Source (CodeCommit/GitHub), Build (CodeBuild), Test, and Deploy (CodeDeploy/ECS/Lambda) stages. Know the AWS Developer Tools suite: CodeCommit = Git repository, CodeBuild = compile & test, CodeDeploy = deploy to EC2/Lambda/ECS, CodePipeline = orchestrator that ties them all together. The pipeline can also integrate with third-party tools like Jenkins.
Question 10
Which file defines the build commands and settings for AWS CodeBuild?
Abuildspec.yml ✅
Bappspec.yml
Ctemplate.yml
DDockerfile
💡 Explanation: buildspec.yml defines the build phases (install, pre_build, build, post_build), commands, environment variables, and artifacts for CodeBuild. appspec.yml is used by CodeDeploy to define deployment actions and lifecycle hooks. template.yml is for SAM/CloudFormation. Dockerfile defines container images. Know which spec file belongs to which service — this is frequently tested.
4
Troubleshooting & Optimization
Domain 4 — 18% of Exam
Question 11
A developer wants to add custom metrics, traces, and logs to their application for observability. Which AWS service enables distributed tracing to analyze and debug microservices architectures?
AAmazon CloudWatch
BAWS X-Ray ✅
CAWS CloudTrail
DAmazon EventBridge
💡 Explanation: AWS X-Ray provides distributed tracing for applications — visualizing the flow of requests through microservices, identifying bottlenecks, and debugging errors. It creates a service map showing latency between components. Integrate using the X-Ray SDK or X-Ray daemon. CloudWatch handles logs and metrics, CloudTrail records API calls (audit), and EventBridge routes events between services. X-Ray is a core developer exam topic.
Question 12
A Lambda function is failing with an “execution timeout” error. What is the maximum configurable timeout for a Lambda function?
A5 minutes
B15 minutes ✅
C30 minutes
D60 minutes
💡 Explanation: AWS Lambda’s maximum timeout is 15 minutes (900 seconds). The default is 3 seconds. If your function consistently times out, consider: increasing the timeout, optimizing code, increasing memory (which also increases CPU), or breaking the work into smaller functions. Know Lambda limits: 15 min timeout, 10 GB memory, 250 MB deployment package (unzipped), 1000 concurrent executions (default soft limit).
Question 13
A DynamoDB table is experiencing ProvisionedThroughputExceededException errors. What is the MOST likely cause and solution?
AThe table has too many items — delete old items
BThe application exceeds the provisioned RCU/WCU — enable on-demand capacity mode or increase provisioned throughput ✅
CThe table’s encryption key has expired
DThe IAM role doesn’t have permission to write
💡 Explanation: This error means your application is sending more read/write requests than the provisioned capacity allows. Solutions: (1) Switch to on-demand capacity mode (auto-scales, no throttling), (2) Increase provisioned RCU/WCU, (3) Enable Auto Scaling, (4) Use DAX for read-heavy workloads, (5) Implement exponential backoff retry logic in your SDK. Also check for hot partitions — uneven distribution of requests across partition keys.
Question 14
What is the AWS Serverless Application Model (SAM)?
AAn open-source framework for building serverless applications using a simplified CloudFormation syntax ✅
BA monitoring tool for Lambda functions
CA managed container orchestration service
DA database migration tool
💡 Explanation: AWS SAM extends CloudFormation with serverless-specific resource types (AWS::Serverless::Function, AWS::Serverless::Api, AWS::Serverless::SimpleTable) that simplify defining Lambda functions, APIs, and DynamoDB tables. The SAM CLI enables local testing and debugging. SAM templates are transformed into full CloudFormation templates during deployment. Commands: sam init, sam build, sam deploy.
How hard is the AWS Developer Associate exam? The DVA-C02 is considered moderately difficult — harder than Cloud Practitioner, roughly on par with Solutions Architect Associate. It has 65 questions with a 130-minute time limit and a passing score of 720/1000. The exam focuses on developer-specific services like Lambda, DynamoDB, SQS, API Gateway, and the CodeSuite. Most candidates need 2-3 months of preparation with hands-on practice.
SAA vs DVA — which should I take first? If you’re an architect or IT professional → take SAA first. If you’re a software developer → DVA first. There is ~30% content overlap. SAA focuses on designing resilient, high-performing architectures. DVA focuses on developing, deploying, and debugging applications. Many people take both — the second exam is significantly easier after passing the first.
Is AWS Developer Associate worth it in 2026? Absolutely — cloud developer skills are in massive demand. The DVA validates serverless, CI/CD, and cloud-native development expertise that employers actively seek. Certified AWS developers earn $120,000-$155,000 on average in the US. It also provides a 50% discount voucher for your next AWS exam and is a stepping stone to the DevOps Engineer Professional certification.
Does the AWS Developer Associate expire? Yes — AWS certifications are valid for 3 years. To recertify, retake the current exam or pass a higher-level certification (like DevOps Engineer Professional). AWS provides a 50% discount voucher for recertification. You’ll receive reminders starting 6 months before expiration.
Leave a Comment