Back to AWS Certified DevOps Engineer Professional DOP-C02 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise AWS Certified DevOps Engineer Professional DOP-C02 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
DOP-C02
exam code
Amazon Web Services
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related DOP-C02 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

A DevOps engineer is troubleshooting an application running on an EC2 instance. The application needs to access an Amazon RDS database using IAM database authentication. The EC2 instance is associated with an IAM role 'EC2-AppRole', and the RDS instance has a resource-based policy that allows 'DatabaseAccessRole' to connect. The engineer sees the error in the exhibit. What is the most likely cause?

Exhibit

Refer to the exhibit.

Error log from an application instance:

2023-10-01T12:34:56Z ERROR Failed to assume role: AccessDenied
User: arn:aws:sts::123456789012:assumed-role/EC2-AppRole/i-0a1b2c3d4e5f
is not authorized to perform: sts:AssumeRole on resource:
arn:aws:iam::123456789012:role/DatabaseAccessRole
Question 2mediummultiple choice
Full question →

A DevOps team is troubleshooting a slow application. They enabled AWS X-Ray tracing and see that one of the downstream services has a high average response time. However, the traces show that the service itself is fast; the delay is in the network call from the upstream service. Which X-Ray feature should the team use to identify the root cause?

Question 3mediummultiple choice
Full question →

A DevOps engineer is troubleshooting a production AWS Lambda function that occasionally times out. The function has a timeout of 30 seconds and uses a synchronous invocation. The engineer wants to capture invocation logs to identify the cause. Which approach will provide the MOST detailed diagnostic information?

Question 4mediummultiple choice
Full question →

A DevOps team has set up centralized logging for multiple AWS accounts using Amazon OpenSearch Service. The team uses CloudWatch cross-account observability to collect logs from various accounts into a monitoring account. Recently, logs from one source account stopped appearing in the monitoring account's OpenSearch dashboard. Other source accounts continue to send logs successfully. Which step should the team take to troubleshoot this issue?

Question 5easymultiple choice
Full question →

A company uses AWS CloudFormation to deploy infrastructure. The DevOps team wants to receive notifications when a stack fails to create or update. What is the MOST efficient way to achieve this?

Question 6easymultiple choice
Full question →

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The database instance fails and AWS automatically fails over to the standby. After the failover, the application cannot connect to the database. The engineer checks the RDS console and sees that the instance status is Available. What is the MOST likely cause of the connectivity issue?

Question 7easymultiple choice
Full question →

A DevOps engineer is troubleshooting an Auto Scaling group (ASG) that is not launching instances as expected. The ASG is configured with a launch template that uses an Amazon Linux 2 AMI. The engineer checks the EC2 Auto Scaling console and sees that the group's desired capacity is set to 2, but only 1 instance is running. The last scaling activity shows 'Failed to launch instance. Error: Your quota allows for 0 more running instance(s).' What is the most likely cause?

Question 8mediummultiple choice
Full question →

A company uses an Auto Scaling group with a dynamic scaling policy based on a custom CloudWatch metric. After a recent deployment, the metric spikes unexpectedly, causing the Auto Scaling group to launch several EC2 instances. The operations team wants to quickly determine whether the spike was caused by a real load increase or a deployment issue. What is the MOST efficient way to investigate this?

Question 9easymulti select
Full question →

A DevOps engineer is troubleshooting an Amazon RDS for PostgreSQL instance that is running out of storage. The engineer wants to resolve the issue without downtime. Which TWO actions can achieve this? (Choose two.)

Question 10mediummultiple choice
Full question →

A DevOps team observes that an Amazon CloudFront distribution is returning HTTP 504 errors for a small percentage of requests. The origin is an Application Load Balancer (ALB) that distributes traffic to EC2 instances. The team has already checked the ALB's access logs and found that the ALB returns 200 OK for all requests. What should the team investigate NEXT?

Question 11mediummulti select
Full question →

A company uses AWS CodeDeploy for deploying applications to an Auto Scaling group of Amazon EC2 instances. The deployment is failing with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' Which two actions should the DevOps engineer take to troubleshoot and resolve the issue? (Choose two.)

Question 12easymultiple choice
Full question →

A DevOps engineer is investigating an incident where an EC2 instance became unreachable. The engineer checks the AWS Management Console and finds the instance is running, but the status check shows '2/2 checks passed' and the system log shows no errors. What should the engineer do NEXT to diagnose the connectivity issue?

Question 13hardmultiple choice
Full question →

An IAM policy is attached to a role used by an operations team. The team reports that they are unable to start or stop EC2 instances tagged with Environment=Production. Other instances can be described. What is the MOST likely reason for this failure?

Exhibit

Refer to the exhibit.
```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Environment": "Production"
        }
      }
    }
  ]
}
```
Question 14mediummultiple choice
Full question →

A company is running a microservices application on Amazon ECS with AWS Fargate. The operations team needs to monitor application performance and troubleshoot slow API responses. They currently use Amazon CloudWatch Logs for container logs and have enabled Container Insights. However, they are unable to see detailed latency breakdowns per API endpoint. Which solution would provide the most granular visibility into API performance?

Question 15mediummulti select
Full question →

A DevOps team is investigating a production incident where an Amazon RDS for MySQL database experienced a sudden spike in connections and CPU utilization. The team suspects a SQL injection attack. Which TWO actions should the team take to investigate and mitigate the incident?

These DOP-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style DOP-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.