DOP-C02 · topic practice

Configuration Management and IaC practice questions

Practise AWS Certified DevOps Engineer Professional DOP-C02 Configuration Management and IaC practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Configuration Management and IaC

What the exam tests

What to know about Configuration Management and IaC

Configuration Management and IaC questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Configuration Management and IaC exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Configuration Management and IaC questions

20 questions · select your answer, then reveal the explanation

A company uses AWS CloudFormation to deploy a multi-tier web application. The template includes a nested stack for the database layer. When updating the stack, the database stack fails with a 'CREATE_FAILED' status, but the parent stack continues updating other resources. What is the most likely cause and best practice to prevent this?

A DevOps engineer manages infrastructure using Terraform. The team needs to store secrets such as database passwords in a secure manner and reference them in Terraform configurations. They have configured AWS Secrets Manager. What is the recommended approach to reference secrets in Terraform without exposing them in state files?

A company uses AWS OpsWorks to manage a set of EC2 instances. They need to ensure that a custom recipe runs on all instances during the 'Configure' lifecycle event. What is the correct way to achieve this?

A DevOps team uses AWS CodePipeline to automate deployments. The pipeline has a Deploy stage that uses AWS CloudFormation to create or update a stack. Recently, a stack update failed because the template referenced an AMI that was deprecated. The team wants to automatically roll back the stack to the last known good state if a deployment fails. What should they do?

An organization uses AWS Elastic Beanstalk for application deployments. They want to implement immutable updates to minimize downtime and ensure that if the new environment fails health checks, the old environment remains intact. Which deployment policy should they choose?

A developer wants to use AWS CloudFormation to create an Amazon RDS DB instance. The template includes a DB instance resource. Which property is required for the DB instance to be created successfully?

A DevOps team is designing a CI/CD pipeline using AWS CodeBuild and CodePipeline. They want to use infrastructure as code to define the build environment. Which TWO options are valid approaches to define the build environment in CodeBuild?

A company manages its infrastructure using AWS CloudFormation. They have a production stack that includes an Amazon RDS Multi-AZ DB instance. The stack was created using the 'aws cloudformation create-stack' command with default settings. The DB instance uses a custom DB parameter group. A DevOps engineer needs to modify a parameter in the DB parameter group and update the stack. The engineer updates the template to change the parameter value and runs 'aws cloudformation update-stack'. The update fails with a 'ROLLBACK_IN_PROGRESS' status. The engineer checks the CloudFormation console and sees that the DB instance was successfully modified, but the stack is rolling back. The rollback fails because the DB instance cannot be reverted to the original parameter value. The stack is now in 'UPDATE_ROLLBACK_FAILED' state. What should the engineer do to resolve this situation and apply the desired parameter change?

A company uses AWS CloudFormation to manage its infrastructure. The operations team needs to update a stack that includes an RDS database. The update requires changing the DB instance class, which will cause a replacement of the database. The team wants to minimize downtime and ensure that data is not lost. Which CloudFormation stack update policy should they use?

A DevOps engineer is designing an AWS CloudFormation template to deploy a three-tier web application. The application must be highly available across multiple Availability Zones. The engineer needs to ensure that the database layer uses a Multi-AZ deployment. Which TWO options should the engineer implement to meet these requirements? (Choose TWO.)

Question 11hardmultiple choice
Review the full subnetting walkthrough →

A DevOps engineer receives the error shown in the exhibit when attempting to update an existing CloudFormation stack that deploys a VPC with subnets. The stack was created successfully earlier using the same template. What is the most likely cause of this error?

Exhibit

Refer to the exhibit.

Error log from AWS CloudFormation stack update:

"Resource handler returned message: 'User: arn:aws:sts::123456789012:assumed-role/AdminRole/UpdateUser is not authorized to perform: ec2:DescribeSubnets on resource: arn:aws:ec2:us-east-1:123456789012:subnet/subnet-0bb1c79de3EXAMPLE' (Service: Ec2, Status Code: 403, Request ID: ...)"

Drag and drop the steps to set up an AWS CodePipeline with a source stage from CodeCommit and a deploy stage to Elastic Beanstalk.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to set up an AWS Lambda function triggered by an S3 event.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each AWS service to its primary function in a DevOps pipeline.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Continuous delivery service for release pipelines

Fully managed continuous integration build service

Automates code deployments to any instance

Unified user interface for managing software development activities

Fully managed source control service hosting Git repositories

Match each AWS Config rule to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Checks that resources have specified tags

Ensures EBS volumes are encrypted

Prevents public read access on S3 buckets

Verifies CloudTrail is enabled

Checks for IAM policies granting full admin access

A company uses AWS CodePipeline with a multi-branch strategy. The pipeline deploys a Lambda function using CloudFormation. The DevOps engineer notices that when a new branch is created, the pipeline executes but the CloudFormation stack fails because the stack name already exists. What is the MOST efficient way to resolve this issue?

An organization uses AWS OpsWorks for configuration management. They want to migrate to AWS Systems Manager to reduce costs and improve flexibility. Their current stack includes custom Chef recipes that manage package installations and service configurations. What is the MOST effective migration strategy?

A DevOps team is using AWS CloudFormation to manage a multi-tier application. They want to ensure that when an update to the stack causes a resource replacement, the replacement occurs only after the new resource is fully created and tested. Which CloudFormation feature should they use?

A company uses Terraform with an S3 backend to manage infrastructure. The DevOps engineer notices that after a colleague runs 'terraform apply' locally, the state file in S3 becomes corrupted and subsequent runs fail. What is the BEST way to prevent this issue?

A large enterprise uses AWS CloudFormation StackSets to deploy resources across multiple accounts and regions. They need to update a stack set that contains a custom resource backed by a Lambda function. The update changes the Lambda function code. What is the CORRECT approach to ensure the Lambda function is updated without manual intervention?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Configuration Management and IaC sessions

Start a Configuration Management and IaC only practice session

Every question in these sessions is drawn from the Configuration Management and IaC domain — nothing else.

Related practice questions

Related DOP-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the DOP-C02 exam test about Configuration Management and IaC?
Configuration Management and IaC questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Configuration Management and IaC questions in a focused session?
Yes — the session launcher on this page draws every question from the Configuration Management and IaC domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other DOP-C02 topics?
Use the topic links above to move to related areas, or go back to the DOP-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the DOP-C02 exam covers. They are not copied from any real exam or dump site.