Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsDOP-C02TopicsConfiguration Management and IaC
Free · No Signup RequiredAmazon Web Services · DOP-C02

DOP-C02 Configuration Management and IaC Practice Questions

20+ practice questions focused on Configuration Management and IaC — one of the most tested topics on the AWS Certified DevOps Engineer Professional DOP-C02 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Configuration Management and IaC Practice

Exam Domains

Configuration Management and IaCResilient Cloud SolutionsMonitoring and LoggingIncident and Event ResponseSecurity and ComplianceSDLC AutomationAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Configuration Management and IaC Questions

Practice all 20+ →
1.

A company uses AWS CloudFormation to deploy a multi-tier web application. The template includes a nested stack for the database layer. When updating the stack, the database stack fails with a 'CREATE_FAILED' status, but the parent stack continues updating other resources. What is the most likely cause and best practice to prevent this?

A.The parent stack's update policy is set to 'CONTINUE' by default. To prevent this, set 'OnFailure' to 'ROLLBACK' in the stack update options.
B.The parent stack was created without the '--capabilities' parameter, so it cannot roll back.
C.The nested stack failure automatically triggers a rollback of the parent stack, but the rollback also failed.
D.The parent stack is configured with 'OnFailure' set to 'DO_NOTHING'. Change it to 'DELETE'.

Explanation: Option A is correct because, by default, when a CloudFormation stack update encounters a failure in a nested stack, the parent stack's update policy is set to 'CONTINUE', meaning it will proceed with updating other resources despite the failure. To prevent this, you should set the 'OnFailure' parameter to 'ROLLBACK' in the stack update options, which instructs CloudFormation to roll back the entire parent stack if any resource (including nested stacks) fails to update, ensuring consistency across the deployment.

2.

A DevOps engineer manages infrastructure using Terraform. The team needs to store secrets such as database passwords in a secure manner and reference them in Terraform configurations. They have configured AWS Secrets Manager. What is the recommended approach to reference secrets in Terraform without exposing them in state files?

A.Store the secret ARN in a Terraform variable and use 'var.secret_arn' in the resource.
B.Store the secret in AWS Systems Manager Parameter Store and reference it using 'data.aws_ssm_parameter'.
C.Pass the secret as an environment variable to Terraform and reference it with 'var.secret_value'.
D.Use the 'data.aws_secretsmanager_secret_version' data source and mark the attribute as 'sensitive = true' in the output.

Explanation: Option D is correct because using the `data.aws_secretsmanager_secret_version` data source retrieves the secret value at plan time without storing it in the Terraform state file. Marking the attribute as `sensitive = true` in the output prevents the value from being displayed in the CLI output, but the key protection is that the secret value itself is never written to the state file when using this data source — Terraform only stores the data source's ID and metadata, not the actual secret payload.

3.

A company uses AWS OpsWorks to manage a set of EC2 instances. They need to ensure that a custom recipe runs on all instances during the 'Configure' lifecycle event. What is the correct way to achieve this?

A.Modify the stack's CloudFormation template to include the recipe.
B.Upload the recipe to a custom cookbook repository and assign it to the 'Configure' lifecycle event in the stack settings.
C.Add the recipe commands to the instance's user data script.
D.Use AWS CodeDeploy to trigger the recipe during the Configure event.

Explanation: In AWS OpsWorks, lifecycle events (such as Configure) are tied to layers, not individual instances. To run a custom recipe on all instances during the Configure event, you must upload the recipe to a custom cookbook repository (e.g., S3 or Git) and then assign that recipe to the Configure lifecycle event in the stack's layer settings. This ensures OpsWorks Chef runs the recipe on every instance in that layer whenever the Configure event fires (e.g., after scaling or instance state changes).

4.

A DevOps team uses AWS CodePipeline to automate deployments. The pipeline has a Deploy stage that uses AWS CloudFormation to create or update a stack. Recently, a stack update failed because the template referenced an AMI that was deprecated. The team wants to automatically roll back the stack to the last known good state if a deployment fails. What should they do?

A.Configure the CloudFormation deployment action in CodePipeline with 'ActionMode' set to 'CREATE_UPDATE' and check the 'Rollback on failure' option.
B.Use the CodePipeline console to enable 'Automatic rollback' for the Deploy stage.
C.Set the stack's 'DisableRollback' parameter to 'true' in the template.
D.Add a stack policy to the CloudFormation stack that denies updates to the AMI parameter.

Explanation: Option A is correct because the CloudFormation deployment action in CodePipeline supports a 'Rollback on failure' option when 'ActionMode' is set to 'CREATE_UPDATE'. When enabled, if the stack update fails, CloudFormation automatically rolls back the stack to the last known good state (the previously deployed stack). This directly addresses the team's requirement to revert to a stable state after a failed deployment due to a deprecated AMI.

5.

An organization uses AWS Elastic Beanstalk for application deployments. They want to implement immutable updates to minimize downtime and ensure that if the new environment fails health checks, the old environment remains intact. Which deployment policy should they choose?

A.Traffic splitting.
B.Immutable update.
C.All at once.
D.Rolling update based on health.

Explanation: Immutable updates in AWS Elastic Beanstalk launch a completely new environment with the new application version. If the new environment fails health checks, Elastic Beanstalk automatically terminates it, leaving the original environment untouched. This ensures zero downtime and a safe rollback, which matches the requirement to keep the old environment intact if health checks fail.

+15 more Configuration Management and IaC questions available

Practice all Configuration Management and IaC questions

How to master Configuration Management and IaC for DOP-C02

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Configuration Management and IaC. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Configuration Management and IaC questions on the DOP-C02 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many DOP-C02 Configuration Management and IaC questions are on the real exam?

The exact number varies per candidate. Configuration Management and IaC is tested as part of the AWS Certified DevOps Engineer Professional DOP-C02 blueprint. Practicing with targeted Configuration Management and IaC questions ensures you can handle any format or difficulty that appears.

Are these DOP-C02 Configuration Management and IaC practice questions free?

Yes. Courseiva provides free DOP-C02 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Configuration Management and IaC one of the harder DOP-C02 topics?

Difficulty is subjective, but Configuration Management and IaC is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Configuration Management and IaC practice session with instant scoring and detailed explanations.

Start Configuration Management and IaC Practice →

Topic Info

Topic

Configuration Management and IaC

Exam

DOP-C02

Questions available

20+