My three cents:
-Install DVWA on a VM (or in docker) before your exam begins and start practicing. This will help to understand what vanilla vulns are already built into DVWA, as the hiring party will probably throw their own custom stuff in there. Knowing whats vanilla will help you find what isnt, and hopefully impress them with your l33t skilz.
-They are probably more concerned about your writing skills, in regards to the executive summary and vuln report, than you actually finding all their tricks and vulns. Make a valiant effort in finding as many vulns and issues as you can, but spend a lot of time on polishing your report. Make sure there are zero spelling, grammatical, or syntactic errors. “Barney style” how you implemented your exploits. The report is usually the most important part of any kind of op, as its how everyone gets paid and continues to get paid. Plus, the final report is how you get the C Suite mouth breathers to shell out $$$ to fix the broken stuff you find. 
-They will most likely be more impressed with you if you steer clear of MSF. MSF is a great and handy tool, but a lot of folks lean on it exclusively. Use it for enums and basic stuff, but show your mettle and implement the actual exploits by hand if possible. This will hopefully impress them more than pressing buttons to make MSF do-the-thing.
Grain of salt and all that though. Good luck and I wish you the best!