DOP-C02 · topic practice

Incident and Event Response practice questions

Practise AWS Certified DevOps Engineer Professional DOP-C02 Incident and Event Response practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Incident and Event Response

What the exam tests

What to know about Incident and Event Response

Incident and Event Response questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Incident and Event Response exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Incident and Event Response questions

20 questions · select your answer, then reveal the explanation

A company uses an Auto Scaling group with a dynamic scaling policy based on a custom CloudWatch metric. After a recent deployment, the metric spikes unexpectedly, causing the Auto Scaling group to launch several EC2 instances. The operations team wants to quickly determine whether the spike was caused by a real load increase or a deployment issue. What is the MOST efficient way to investigate this?

A company runs a critical application on Amazon ECS with Fargate launch type. The application uses an Application Load Balancer (ALB) in front. During a load test, the team notices a sudden increase in 5xx errors from the ALB, and some tasks become unhealthy. The task logs show occasional 'OutOfMemoryError' exceptions. The task definition currently has 512 CPU units and 1024 MiB memory. What should the team do to mitigate the issue while maintaining a cost-effective approach?

A DevOps engineer is investigating an incident where an EC2 instance became unreachable. The engineer checks the AWS Management Console and finds the instance is running, but the status check shows '2/2 checks passed' and the system log shows no errors. What should the engineer do NEXT to diagnose the connectivity issue?

A company has an AWS Lambda function that processes S3 events. The function is invoked multiple times for the same S3 object, causing duplicate processing. The engineer suspects the issue is related to retries from the S3 event notification or Lambda's built-in retry behavior. What is the MOST effective way to ensure idempotent processing?

An organization uses AWS CloudFormation to manage infrastructure. During an incident, a stack update fails with 'UPDATE_ROLLBACK_FAILED' status. The engineer needs to bring the stack to a consistent state without losing data. What is the BEST approach?

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The database instance fails and AWS automatically fails over to the standby. After the failover, the application cannot connect to the database. The engineer checks the RDS console and sees that the instance status is Available. What is the MOST likely cause of the connectivity issue?

A DevOps team observes that an Amazon CloudFront distribution is returning HTTP 504 errors for a small percentage of requests. The origin is an Application Load Balancer (ALB) that distributes traffic to EC2 instances. The team has already checked the ALB's access logs and found that the ALB returns 200 OK for all requests. What should the team investigate NEXT?

A company uses AWS Organizations with multiple accounts. The security team notices that an IAM user in the production account has been making changes to security group rules that are not compliant with the company's policy. The team wants to automatically revoke any non-compliant security group rules and notify the security team. What is the MOST efficient way to achieve this?

A company is experiencing a DDoS attack on their web application hosted on Amazon EC2 behind an Application Load Balancer (ALB). The attack is causing high CPU utilization on the instances. The security team needs to mitigate the attack with minimal disruption to legitimate users. Which TWO actions should the team take? (Choose two.)

An e-commerce platform uses Amazon DynamoDB as its primary database. During a flash sale, the application experiences throttling errors. The operations team needs to implement a solution to handle sudden traffic spikes while keeping costs under control. Which TWO actions should the team take? (Choose two.)

A DevOps engineer is troubleshooting an Amazon RDS for PostgreSQL instance that is running out of storage. The engineer wants to resolve the issue without downtime. Which TWO actions can achieve this? (Choose two.)

Question 12mediummultiple choice
Read the full NAT/PAT explanation →

An application log excerpt shows repeated HTTP 500 errors for the /api/orders endpoint, with occasional successful health checks. The application runs on EC2 instances behind an ALB. What is the MOST likely cause of this pattern?

Exhibit

Refer to the exhibit.
```
2024-03-15T10:00:00Z ERROR 500 GET /api/orders
2024-03-15T10:00:01Z ERROR 500 GET /api/orders
2024-03-15T10:00:02Z ERROR 500 GET /api/orders
... (repeated many times)
2024-03-15T10:05:00Z INFO 200 GET /api/health
2024-03-15T10:05:01Z ERROR 500 GET /api/orders
```

An IAM policy is attached to a role used by an operations team. The team reports that they are unable to start or stop EC2 instances tagged with Environment=Production. Other instances can be described. What is the MOST likely reason for this failure?

Exhibit

Refer to the exhibit.
```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Environment": "Production"
        }
      }
    }
  ]
}
```

A company runs a microservices application on Amazon ECS with Fargate. The application includes a service that processes messages from an Amazon SQS queue. Recently, the processing time has increased, and the SQS queue depth is growing. The CloudWatch metrics show that the ECS service's CPU utilization is consistently around 70%, memory utilization is 80%, and the number of running tasks is at the maximum allowed (10). The service is configured with a target tracking scaling policy based on CPU utilization with a target value of 50%. However, the auto scaling does not seem to be adding tasks. The engineer checks the ECS service events and finds no scaling activity. What is the MOST likely reason the auto scaling is not working, and what action should be taken to resolve the issue?

Question 15hardmultiple choice
Read the full NAT/PAT explanation →

A company uses AWS Organizations with multiple accounts. The security team needs to automatically isolate a compromised EC2 instance by removing it from its security group and attaching a quarantine security group that only allows traffic to a forensic instance. Which combination of actions should be implemented?

Question 16hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer notices that an EC2 instance in an Auto Scaling group is repeatedly failing health checks and being terminated. The engineer needs to capture the root cause by collecting memory dumps and system logs before termination. What should the engineer do?

A company is using AWS CloudFormation to deploy infrastructure. An engineer needs to ensure that any changes to the production stack are reviewed and approved before they are applied. The engineer also wants to prevent unauthorized changes. Which solution should the engineer implement?

A company has a legacy application running on an EC2 instance that is not part of an Auto Scaling group. The instance is experiencing a memory leak. The DevOps engineer needs to collect memory metrics to analyze the issue without modifying the application. What should the engineer do?

A company uses AWS Lambda functions to process incoming events from Amazon S3. The operations team notices that some events are not being processed, and there is no error in the Lambda function logs. What is the most likely cause?

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The database experiences a failover due to an availability zone outage. After the failover, the application team reports that the database endpoint is not resolving to the new primary. What is the most likely reason?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Incident and Event Response sessions

Start a Incident and Event Response only practice session

Every question in these sessions is drawn from the Incident and Event Response domain — nothing else.

Related practice questions

Related DOP-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the DOP-C02 exam test about Incident and Event Response?
Incident and Event Response questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Incident and Event Response questions in a focused session?
Yes — the session launcher on this page draws every question from the Incident and Event Response domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other DOP-C02 topics?
Use the topic links above to move to related areas, or go back to the DOP-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the DOP-C02 exam covers. They are not copied from any real exam or dump site.