DOP-C02 · topic practice

Scenario practice questions

Practise AWS Certified DevOps Engineer Professional DOP-C02 Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
6 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

6 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Review the full subnetting walkthrough →

A company uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a 'pre_build' phase that runs SonarQube for static code analysis. The analysis requires access to a private SonarQube server hosted on an EC2 instance in the same VPC. The CodeBuild project is configured with a VPC ID, subnet IDs, and security group IDs. However, the build fails with a timeout when trying to connect to the SonarQube server. The security group for the SonarQube server allows inbound traffic on port 9000 from the CodeBuild security group. What is the MOST likely reason for the failure?

Question 2hardmultiple choice
Read the full Scenario explanation →

An incident response team is analyzing an IAM policy attached to a role used by a forensic tool. The tool needs to create snapshots of EBS volumes during an incident. However, when the tool runs from an IP address in the 203.0.113.0/24 range, the CreateSnapshot API call fails with an access denied error. What is the MOST likely cause?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "ec2:CreateSnapshot",
        "ec2:CreateTags"
      ],
      "Resource": "*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "203.0.113.0/24",
            "198.51.100.0/24"
          ]
        },
        "Bool": {
          "aws:ViaAWSService": "false"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "ec2:DeleteSnapshot",
      "Resource": "arn:aws:ec2:*:*:snapshot/*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceIdentity": "admin"
        }
      }
    }
  ]
}
```
Question 3easymultiple choice
Read the full NAT/PAT explanation →

A company uses AWS Systems Manager to manage a fleet of EC2 instances. The operations team needs to run a script on all instances that are missing a specific security patch. Which Systems Manager capability should be used to accomplish this?

Question 4hardmultiple choice
Read the full Scenario explanation →

A team uses AWS CloudFormation to deploy a stack that includes an Amazon RDS DB instance. During a stack update, they need to modify the DB instance class but want to avoid downtime. Which update policy should they use?

Question 5mediummultiple choice
Read the full Scenario explanation →

A DevOps engineer is troubleshooting a failed AWS CloudFormation stack update. The stack contains an AWS::Lambda::Function resource. The update failed with the error 'Resource creation cancelled' after a timeout. The engineer wants to view the logs from the Lambda function during the stack update to diagnose the issue. What should the engineer do?

Question 6mediummulti select
Read the full Scenario explanation →

A DevOps engineer is managing infrastructure as code using AWS CloudFormation. The engineer wants to automatically update a stack when changes are pushed to a Git repository. Which THREE services can be used together to achieve this?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related DOP-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the DOP-C02 exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other DOP-C02 topics?
Use the topic links above to move to related areas, or go back to the DOP-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the DOP-C02 exam covers. They are not copied from any real exam or dump site.