20+ practice questions focused on Configuration Management and IaC — one of the most tested topics on the AWS Certified DevOps Engineer Professional DOP-C02 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Configuration Management and IaC PracticeA company uses AWS CloudFormation to deploy a multi-tier web application. The template includes a nested stack for the database layer. When updating the stack, the database stack fails with a 'CREATE_FAILED' status, but the parent stack continues updating other resources. What is the most likely cause and best practice to prevent this?
Explanation: Option A is correct because, by default, when a CloudFormation stack update encounters a failure in a nested stack, the parent stack's update policy is set to 'CONTINUE', meaning it will proceed with updating other resources despite the failure. To prevent this, you should set the 'OnFailure' parameter to 'ROLLBACK' in the stack update options, which instructs CloudFormation to roll back the entire parent stack if any resource (including nested stacks) fails to update, ensuring consistency across the deployment.
A DevOps engineer manages infrastructure using Terraform. The team needs to store secrets such as database passwords in a secure manner and reference them in Terraform configurations. They have configured AWS Secrets Manager. What is the recommended approach to reference secrets in Terraform without exposing them in state files?
Explanation: Option D is correct because using the `data.aws_secretsmanager_secret_version` data source retrieves the secret value at plan time without storing it in the Terraform state file. Marking the attribute as `sensitive = true` in the output prevents the value from being displayed in the CLI output, but the key protection is that the secret value itself is never written to the state file when using this data source — Terraform only stores the data source's ID and metadata, not the actual secret payload.
A company uses AWS OpsWorks to manage a set of EC2 instances. They need to ensure that a custom recipe runs on all instances during the 'Configure' lifecycle event. What is the correct way to achieve this?
Explanation: In AWS OpsWorks, lifecycle events (such as Configure) are tied to layers, not individual instances. To run a custom recipe on all instances during the Configure event, you must upload the recipe to a custom cookbook repository (e.g., S3 or Git) and then assign that recipe to the Configure lifecycle event in the stack's layer settings. This ensures OpsWorks Chef runs the recipe on every instance in that layer whenever the Configure event fires (e.g., after scaling or instance state changes).
A DevOps team uses AWS CodePipeline to automate deployments. The pipeline has a Deploy stage that uses AWS CloudFormation to create or update a stack. Recently, a stack update failed because the template referenced an AMI that was deprecated. The team wants to automatically roll back the stack to the last known good state if a deployment fails. What should they do?
Explanation: Option A is correct because the CloudFormation deployment action in CodePipeline supports a 'Rollback on failure' option when 'ActionMode' is set to 'CREATE_UPDATE'. When enabled, if the stack update fails, CloudFormation automatically rolls back the stack to the last known good state (the previously deployed stack). This directly addresses the team's requirement to revert to a stable state after a failed deployment due to a deprecated AMI.
An organization uses AWS Elastic Beanstalk for application deployments. They want to implement immutable updates to minimize downtime and ensure that if the new environment fails health checks, the old environment remains intact. Which deployment policy should they choose?
Explanation: Immutable updates in AWS Elastic Beanstalk launch a completely new environment with the new application version. If the new environment fails health checks, Elastic Beanstalk automatically terminates it, leaving the original environment untouched. This ensures zero downtime and a safe rollback, which matches the requirement to keep the old environment intact if health checks fail.
+15 more Configuration Management and IaC questions available
Practice all Configuration Management and IaC questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Configuration Management and IaC. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Configuration Management and IaC questions on the DOP-C02 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Configuration Management and IaC is tested as part of the AWS Certified DevOps Engineer Professional DOP-C02 blueprint. Practicing with targeted Configuration Management and IaC questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free DOP-C02 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Configuration Management and IaC is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Configuration Management and IaC practice session with instant scoring and detailed explanations.
Start Configuration Management and IaC Practice →