Domain 2 · 26% of Exam

Security

Domain 2 covers implementing authentication, authorization, encryption, and compliance controls for applications running on AWS.

About This Domain

Domain 2 — Security — accounts for 26% of the DVA-C02 certification exam. This domain evaluates your understanding of authentication and authorization with cognito, iam, and sts, encryption at rest and in transit using kms, acm, and s3 sse, secrets management with secrets manager and parameter store, and related concepts. Domain 2 covers implementing authentication, authorization, encryption, and compliance controls for applications running on AWS. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • Authentication and authorization with Cognito, IAM, and STS
  • Encryption at rest and in transit using KMS, ACM, and S3 SSE
  • Secrets management with Secrets Manager and Parameter Store
  • Signing and verifying API requests with Signature Version 4
  • Applying least-privilege IAM policies and permission boundaries
  • Implementing data integrity and compliance controls

Key AWS Services in This Domain

🔐Cognito🔑IAM🔒KMS🗝️Secrets Manager⚙️Parameter Store📦S3🗃️RDS🌐API Gateway

Study Strategy for Domain 2

This domain represents 26% of the total exam, making it a significant scoring area. Balance theoretical study with hands-on practice. Use practice quizzes to identify weak spots and review the topics where you score below 75%.

Exam Tips for Domain 2

💡

Cognito User Pools handle authentication (sign-up/sign-in); Identity Pools handle authorization (temporary AWS credentials).

💡

Know how KMS envelope encryption works — data key encrypts data, KMS key encrypts the data key.

💡

Secrets Manager supports automatic rotation; Parameter Store SecureString does not rotate automatically.

💡

Use IAM roles (not access keys) for EC2, Lambda, and ECS tasks to follow security best practices.

Frequently Asked Questions

How many questions on the DVA-C02 exam come from Domain 2?

Domain 2 (Security) makes up 26% of the DVA-C02 exam. The exam has 65 scored questions, so approximately 17 questions will come from this domain.

What services should I focus on for Domain 2?

The key services for this domain include Cognito, IAM, KMS, Secrets Manager, Parameter Store, S3, RDS, API Gateway. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Security questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.

What's the best order to study the DVA-C02 domains?

Many candidates start with the highest-weighted domains first. For the DVA-C02 exam, the domains in order of weight are: Development with AWS Services (32%), Security (26%), Deployment (24%), Troubleshooting and Optimization (18%). However, start with whichever domain aligns best with your existing experience.

Practice Domain 2 Questions

Test your knowledge of Security with practice questions from our DVA-C02 question bank.

Start Practice Quiz →

Other DVA-C02 Domains

Domain 1Development with AWS Services32%Domain 3Deployment24%Domain 4Troubleshooting and Optimization18%
← DVA-C02 Study HubFree Mock Exam30-Day Study Plan