🗝️ AWS Secrets Manager - DVA-C02 Practice Questions

Store, rotate, and retrieve secrets. Understand automatic rotation with Lambda, cross-account sharing, integration with RDS, and comparison with Systems Manager Parameter Store.

7Questions Available
1Exam Domains

Practice Secrets Manager Questions Now

Start a timed practice session focusing on AWS Secrets Manager topics from the DVA-C02 question bank.

Start DVA-C02 Practice Quiz →

DVA-C02 Secrets Manager Question Bank (7 Questions)

Browse all 7 practice questions covering AWS Secrets Manager for the DVA-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Security

    A developer stores secrets in AWS Secrets Manager and wants automatic rotation with a Lambda function. Which IAM permission does the rotation Lambda function need on Secrets Manager?

    Asecretsmanager:GetSecretValue only
    Bsecretsmanager:DescribeSecret, GetSecretValue, PutSecretValue, UpdateSecretVersionStage
    Csecretsmanager:RotateSecret only
    DFull secretsmanager:* permissions

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  2. Question 2Security

    A developer needs the application to access Parameter Store values at runtime without hardcoding secrets. Which approach follows least privilege?

    AUse admin IAM credentials with full access
    BAssign the EC2 instance role with ssm:GetParameter on specific parameter ARNs
    CStore credentials in Lambda environment variables unencrypted
    DUse public Parameter Store parameters

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  3. Question 3Select All That ApplySecurity

    An API key stored in AWS Secrets Manager needs to be accessed by an application. Which action must the IAM role have?

    Asecretsmanager:PutSecretValue
    Bsecretsmanager:GetSecretValue
    Csecretsmanager:ListSecrets
    Dkms:Decrypt on the Secrets Manager key

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  4. Question 4Security

    A developer uses Secrets Manager and wants to avoid secrets retrieval latency on every Lambda invocation. Which strategy balances security and performance?

    ACache the secret in a DynamoDB table
    BCache the secret value in the Lambda execution context (module-level) with a TTL-based refresh
    CStore the secret in Lambda environment variables after retrieval
    DHardcode the secret in the Lambda deployment package

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  5. Question 5Security

    A developer stores database credentials in AWS Secrets Manager. The application retrieves them at startup. What happens if Secrets Manager is temporarily unavailable?

    AThe application gets the latest cached value
    BThe application fails to start if it cannot retrieve the secret
    CSecrets Manager has 99.9% SLA and is always available
    DThe SDK returns a fallback empty string

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  6. Question 6Security

    A developer uses Parameter Store with the AWS SDK. The parameter type is SecureString. Which additional permission might be needed beyond ssm:GetParameter?

    As3:GetObject
    Bkms:Decrypt on the KMS key used to encrypt the parameter
    Cssm:PutParameter
    Diam:PassRole

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz
  7. Question 7Security

    An EC2 instance accesses the AWS SSM Parameter Store. The instance profile role has ssm:GetParameter. The parameter is encrypted with a custom KMS key. The call fails. Why?

    ASSM Parameter Store does not work with EC2
    BThe instance profile role lacks kms:Decrypt on the custom KMS key
    CThe parameter is in the wrong region
    DEC2 cannot use SecureString parameters

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start DVA-C02 Quiz

Key Secrets Manager Concepts for DVA-C02

secrets managersecretrotationrdsparameter storessm

DVA-C02 Secrets Manager Exam Tips

AWS Secrets Manager questions in DVA-C02 are typically scenario-based. Focus on application development patterns, event-driven integration, and secure coding on AWS. Priority concepts: secrets manager, secret, rotation, rds, parameter store, ssm.

What DVA-C02 Expects

  • Anchor your answer in select developer-friendly managed services and patterns that minimize custom undifferentiated code.
  • Secrets Manager scenarios for DVA-C02 are frequently mapped to Domain 2 (26%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Secrets Manager interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value Secrets Manager Concepts

  • Know the core Secrets Manager building blocks cold: secrets manager, secret, rotation, rds.
  • Review the edge-case features and limits for parameter store, ssm; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Secrets Manager pairs with KMS, RDS, Lambda in real deployment patterns.
  • For DVA-C02, explain why the chosen Secrets Manager design meets reliability, security, and cost expectations better than the alternatives.

Common DVA-C02 Traps

  • Watch for using infrastructure-centric answers instead of application-centric ones.
  • Questions in Security often include distractors that look correct for Secrets Manager but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Secrets Manager implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Security (26%) outcomes for DVA-C02?
  • Can you explain security and access boundaries for Secrets Manager without relying on default-open assumptions?
  • Can you describe how Secrets Manager integrates with KMS and RDS during failure, scaling, and monitoring events?

Exam Domains Covering Secrets Manager

Domain 2Security26%

Related Resources

🎯 Free DVA-C02 Mock Exam KMS Questions RDS Questions Lambda Questions

More DVA-C02 Study Resources

← DVA-C02 Study Hub30-Day Study PlanFull Practice Exam