Free DVA-C02 Cheat Sheet 2026: Azure Fundamentals Quick Reference

Development with AWS Services

32%of exam

Lambda Runtime DynamoDB Access App Integration Event Picker DynamoDB Picker

Security

26%of exam

IAM EvaluationCognitoEncryptionSecretsAuth Picker

Deployment

24%of exam

IaC Tools Code Services Deploy Strategies Pipeline Picker SAM vs CDK

Troubleshooting + Optimization

18%of exam

ObservabilityLambda SignalsPerformance Debug PickerX-Ray vs Logs

Quick Facts

Exam: DVA-C02
Credential: Developer Associate
Questions: 65 total
Scored: 50 questions
Unscored: 15 questions
Time: 130 min
Pass: 720/1000
Cost: $150 USD
Level: Associate
Experience: 1 year recommended
Validity: 3 years

Lambda Events

API waits, S3 queues, SQS pulls.

SyncAsyncPoll

GSI vs LSI

GSI

Different partition key
Eventual reads only
Add after table

LSI

Same partition key
Strong reads possible
Create with table

GSI changes access pattern

Event Picker

One consumer buffer→SQS(Queue)
Every subscriber reacts→SNS(Fanout)
Rule-based routing→EventBridge(Bus)
Ordered workflow steps→Step Functions(Orchestrate)
Point-to-point enrich→EventBridge Pipes(Pipe)
API calls Lambda→API Gateway(Sync)
Database change event→DynamoDB Streams(CDC)
File upload event→S3 notification(Async)

Lambda Runtime

Handler: Entry point
Context: Invocation metadata
Layers: Shared dependencies
Environment vars: Runtime configuration
/tmp: Ephemeral storage
Versions: Immutable function snapshots
Aliases: Version traffic pointers
Container image: Large package option
Timeout max: 15 minutes

Dynamo Access

Key first, index second, scan last.

GetItemQueryGSIScan

SQS vs SNS

SQS

Pull queue
One consumer copy
Visibility timeout

SNS

Push topic
All subscribers receive
Message filtering

Queue buffers; topic broadcasts

DynamoDB Picker

Know primary key→GetItem(Direct)
Need key range→Query(Efficient)
Alternate partition→GSI(Eventual)
Same partition alternate sort→LSI(Create-time)
Need microsecond reads→DAX(Cache)
Expire records→TTL(Eventual)
React to writes→Streams(Ordered)
Multiple writes atomic→Transactions(All-or-none)

Lambda Invocation

Sync invoke: Caller waits
Async invoke: Lambda queues event
Poll source: Lambda pulls batches
SQS trigger: Visibility timeout matters
Streams trigger: Ordered shard batches
Destination: Async success/failure target
DLQ: Failed event sink
Partial batch: Return failed records

DynamoDB Access

Partition key: Data distribution
Sort key: Range ordering
Query: Key condition required
Scan: Reads everything
Filter: After-read discard
GSI: Alternate partition key
LSI: Alternate sort key
Projection: Copied index attributes
DAX: Microsecond read cache
TTL: Eventual item expiry

App Integration

SQS: Queue one consumer
SNS: Fanout pub/sub
EventBridge: Event bus routing
Pipes: Point-to-point integration
Step Functions: Workflow orchestration
Standard workflow: Long durable flow
Express workflow: High-volume short flow
Map state: Parallel item processing
API Gateway: Managed API front

API + S3

REST API: Full API features
HTTP API: Lower-latency API
WebSocket API: Bidirectional clients
Usage plan: Quota and throttling
Mapping template: Payload transformation
Lambda proxy: Backend controls response
Presigned URL: Temporary S3 access
Multipart upload: Large object transfer
S3 events: Object-change triggers

IAM Order

Default deny, explicit allow, explicit deny wins.

Implicit denyExplicit allowExplicit deny

User Pool vs Identity Pool

User pool

Authenticates app users
Issues JWTs
Handles sign-up

Identity pool

Authorizes AWS access
Issues STS credentials
Uses IdP tokens

User pool login; identity pool creds

Auth Picker

Lambda calls AWS→Execution role(Temporary)
Human workforce login→Identity Center(SSO)
App user sign-in→User pool(JWT)
App needs AWS creds→Identity pool(STS)
Third-party account→AssumeRole(External ID)
API custom auth→Lambda authorizer(Policy)
API user auth→Cognito authorizer(JWT)
Force transport security→Deny condition(TLS)

IAM Evaluation

Implicit deny: Default baseline
Explicit allow: Permission grant
Explicit deny: Always wins
Identity policy: Principal permissions
Resource policy: Resource-side permissions
Trust policy: AssumeRole permission
Permission boundary: Maximum identity permissions
Session policy: Temporary session limit
External ID: Confused-deputy guard

Secrets vs Parameter

Secrets Manager

Automatic rotation
Secret versions
Database integrations

Parameter Store

Config hierarchy
SecureString option
Lower-cost standard

Rotate secrets; store config

Cognito + STS

User pool: App authentication
Identity pool: AWS credentials
JWT: Signed user claims
Hosted UI: Managed sign-in
MFA: Additional factor
STS: Temporary credentials
AssumeRole: Role session
Web identity: OIDC federation

Encryption + Secrets

KMS: Key management
Key policy: KMS access root
Data key: Envelope encryption key
SSE-S3: S3-managed keys
SSE-KMS: KMS audit/control
Client-side: Encrypt before sending
Secrets Manager: Rotating secrets
Parameter Store: Config and secrets
AWSCURRENT: Current secret version

Deploy Shapes

All at once, small canary, steady linear.

AllAtOnceCanaryLinear

SAM vs CDK

SAM

Serverless shorthand
CloudFormation transform
Local invoke

CDK

Programming languages
Construct libraries
Synthesizes templates

SAM concise; CDK programmable

Pipeline Picker

Build and test→CodeBuild(buildspec)
Orchestrate stages→CodePipeline(Workflow)
Shift Lambda traffic→CodeDeploy(Alias)
Model serverless→SAM(Transform)
Code defines infra→CDK(Synth)
Preview stack update→Change set(Review)
Detect console edits→Drift detection(Compare)
Gate production→Manual approval(Control)

IaC Tools

CloudFormation: Declarative stacks
Change set: Preview stack changes
Drift detection: Find manual changes
Stack policy: Protect updates
Nested stack: Reusable template module
SAM: Serverless transform
CDK: Code synthesizes templates
AppConfig: Safe configuration rollout
Lambda layer: Reusable package piece

Canary vs Linear

Canary

Small first slice
Then remaining traffic
Fast validation window

Linear

Repeated equal slices
Gradual full shift
Longer exposure control

Canary two-step; linear repeated

Code Services

CodePipeline: Release workflow
CodeBuild: Managed builds/tests
buildspec.yml: Build commands
CodeDeploy: Traffic shifting
appspec.yml: Deployment hooks
CodeArtifact: Package repository
ECR: Container registry
Manual approval: Human gate
Artifact bucket: Pipeline object store

Deploy Strategies

AllAtOnce: Immediate full shift
Canary: Small then rest
Linear: Equal timed increments
Blue/green: Parallel environment swap
Rolling: Batch instance updates
Immutable: Replace entire fleet
Hooks: Lifecycle validation steps
Rollback: Return previous version

Trace Data

Annotate to search; metadata to explain.

AnnotationsMetadataFilter

Reserved vs Provisioned

Reserved

Guarantees capacity
Caps maximum concurrency
No prewarming

Provisioned

Preinitializes environments
Reduces cold starts
Billed while ready

Reserved caps; provisioned warms

Debug Picker

AccessDeniedException→IAM policy(Permissions)
Lambda timeouts→Duration logs(Runtime)
Lambda throttles→Concurrency metrics(Capacity)
DynamoDB throttles→Backoff+jitter(Retry)
API 5xx→Integration logs(Backend)
Trace one request→X-Ray(Path)
Search many logs→Logs Insights(Query)
Catch threshold breach→CloudWatch Alarm(Notify)

Observability

CloudWatch Logs: Application log streams
Logs Insights: Queryable logs
Metric filter: Logs to metrics
Alarm: Metric threshold action
EMF: Structured custom metrics
X-Ray trace: End-to-end request
Segment: Service work unit
Annotation: Indexed trace field
Metadata: Unindexed trace field

Annotations vs Metadata

Annotations

Indexed key-values
Filterable traces
Search dimensions

Metadata

Unindexed details
Any object values
Context only

Search needs annotations

Performance

Reserved concurrency: Guarantee and cap
Provisioned concurrency: Preinitialized environments
SnapStart: Snapshot cold-start help
RDS Proxy: Database connection pooling
ElastiCache: Managed in-memory cache
DAX: DynamoDB read cache
Backoff: Retry spacing
Jitter: Randomized retry delay
Idempotency: Safe duplicate retries

Common Traps

API Keys Are Not Auth

Usage plan throttling ≠ IAM/Cognito/Lambda auth

Filter Does Not Save Reads

Filter after read ≠ Query key first

Visibility Timeout Matters

Short timeout duplicates ≠ Long timeout protects processing

Deny Overrides Allow

Any explicit deny ≠ No policy rescue

Secrets Need Rotation

Secrets Manager rotates ≠ Parameter Store stores

GSI Is Eventual

GSI eventual only ≠ LSI strong optional

Canary Is Not Linear

Canary then rest ≠ Linear equal increments

Metadata Is Not Searchable

Annotations filter traces ≠ Metadata stores context

Last Minute

1.Development 32%; Security 26%
2.Deployment 24%; Troubleshooting 18%
3.Deny beats every Allow
4.User pool authenticates users
5.Identity pool grants AWS creds
6.SQS visibility exceeds Lambda timeout
7.Query beats Scan
8.GSI eventual; LSI can strengthen
9.Canary small then rest
10.Linear shifts equal increments
11.Annotations are searchable
12.Provisioned reduces cold starts
13.Secrets Manager rotates secrets
14.Change sets preview updates

AWS Developer

Practice Questions200 questions Cheat Sheet

2 blogs

AWS Certified Developer Study Guide: Associate (DVA-C02) Exam (Sybex Study Guide)

$45.24 · Buy on Amazon

Take courses on Udemy

Learning path on Pluralsight

Same family resources

Explore More AWS Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

More From This Family

Videos and articles for deeper review.

VideoPass AWS Cloud Practitioner CLF-C02 First Try (2026)ArticleAWS Certified AI Practitioner (AIF-C01) Exam Guide 2026: FREE Study Plan, Bedrock Deep Dive, Pass Rate32 min read ArticleAWS Security Specialty SCS-C03 Exam Guide 2026: What Changed and How to Study18 min read ArticleAzure vs AWS Certification 2026: Which Cloud Cert Should You Get First?19 min read ArticleFREE AWS Data Engineer DEA-C01 Exam Guide 2026: Pass First Try30 min read

AWS Developer Associate Cheat Sheet