Domain 2 · 26% of Exam

Security

Domain 2 covers implementing authentication, authorization, encryption, and compliance controls for applications running on AWS.

What You'll Be Tested On

  • Authentication and authorization with Cognito, IAM, and STS
  • Encryption at rest and in transit using KMS, ACM, and S3 SSE
  • Secrets management with Secrets Manager and Parameter Store
  • Signing and verifying API requests with Signature Version 4
  • Applying least-privilege IAM policies and permission boundaries
  • Implementing data integrity and compliance controls

Key AWS Services in This Domain

🔐Cognito🔑IAM🔒KMS🗝️Secrets Manager⚙️Parameter Store📦S3🗃️RDS🌐API Gateway

Exam Tips for Domain 2

💡

Cognito User Pools handle authentication (sign-up/sign-in); Identity Pools handle authorization (temporary AWS credentials).

💡

Know how KMS envelope encryption works — data key encrypts data, KMS key encrypts the data key.

💡

Secrets Manager supports automatic rotation; Parameter Store SecureString does not rotate automatically.

💡

Use IAM roles (not access keys) for EC2, Lambda, and ECS tasks to follow security best practices.

Practice Domain 2 Questions

Test your knowledge of Security with practice questions from our DVA-C02 question bank.

Start Practice Quiz →

Other DVA-C02 Domains

Domain 1Development with AWS Services32%Domain 3Deployment24%Domain 4Troubleshooting and Optimization18%
← DVA-C02 Study HubFree Mock Exam30-Day Study Plan