- A
Enable VPC Flow Logs for the subnets and analyze the logs to identify dropped connections during the error spikes.
Correct: VPC Flow Logs capture network traffic metadata and can show blocked or rejected connections.
- B
Increase the EC2 instance size to handle higher traffic and reduce timeouts.
Why wrong: Incorrect: The issue is not resource-related; CPU and memory are normal.
- C
Configure a step scaling policy for the Auto Scaling group based on ALB 5XX count.
Why wrong: Incorrect: Scaling does not address the root cause; it only adds more instances.
- D
Enable ALB access logs and analyze the 5xx response patterns.
Why wrong: Incorrect: Access logs show request/response details but not network connectivity drops.
Quick Answer
The answer is to enable VPC Flow Logs for the subnets and analyze the logs to identify dropped connections during the error spikes. This is correct because VPC Flow Logs capture metadata about all IP traffic to and from network interfaces, including whether each connection was accepted or rejected. Since the application logs show 'Connection timed out' errors while EC2 CPU and memory metrics remain normal, the bottleneck is clearly in the network path—likely a security group, NACL, or routing issue—rather than the application or compute layer. On the AWS Certified DevOps Engineer Professional DOP-C02 exam, this scenario tests your ability to differentiate between application-layer and network-layer troubleshooting; a common trap is to focus on EC2 or ALB metrics when the real culprit is a dropped packet. Remember the mnemonic: "Timeouts? Trace the Flow"—if instance health is fine but connections time out, VPC Flow Logs will reveal where the traffic is being silently rejected.
DOP-C02 Monitoring and Logging Practice Question
This DOP-C02 practice question tests your understanding of monitoring and logging. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A company runs a production web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application is deployed across three Availability Zones. The DevOps team recently noticed that the application's error rate is spiking periodically, but they cannot correlate the spikes with any known deployments or changes. The team has enabled detailed CloudWatch metrics for the ALB and EC2, and they are using CloudWatch Logs for application logs. They also have AWS X-Ray enabled for tracing.
The team observes that during error spikes, the ALB's 5XX count increases, but the EC2 instance-level CPU and memory metrics remain normal. The application logs show 'Connection timed out' errors. The team suspects the issue is related to network connectivity but is not sure.
Which course of action should the DevOps team take to identify the root cause of the periodic error spikes?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Enable VPC Flow Logs for the subnets and analyze the logs to identify dropped connections during the error spikes.
VPC Flow Logs capture metadata about IP traffic going to and from network interfaces in a VPC, including whether the traffic was accepted or rejected. Since the application logs show 'Connection timed out' errors and instance-level metrics are normal, the issue likely lies in the network path (e.g., security groups, NACLs, or subnet routing) rather than the application or compute layer. Analyzing VPC Flow Logs during the error spikes will reveal if connections are being dropped or rejected, pinpointing the root cause of the timeouts.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Enable VPC Flow Logs for the subnets and analyze the logs to identify dropped connections during the error spikes.
Why this is correct
Correct: VPC Flow Logs capture network traffic metadata and can show blocked or rejected connections.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Increase the EC2 instance size to handle higher traffic and reduce timeouts.
Why it's wrong here
Incorrect: The issue is not resource-related; CPU and memory are normal.
- ✗
Configure a step scaling policy for the Auto Scaling group based on ALB 5XX count.
Why it's wrong here
Incorrect: Scaling does not address the root cause; it only adds more instances.
- ✗
Enable ALB access logs and analyze the 5xx response patterns.
Why it's wrong here
Incorrect: Access logs show request/response details but not network connectivity drops.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often jump to scaling or access logs (options C or D) because they focus on the 5XX error symptom, but the question specifically points to network-level timeouts, making VPC Flow Logs the only diagnostic tool that can reveal dropped or rejected packets at the network layer.
Trap categories for this question
Command / output trap
Incorrect: Access logs show request/response details but not network connectivity drops.
Detailed technical explanation
How to think about this question
VPC Flow Logs use the 'accept' or 'reject' field to indicate whether traffic was allowed by security groups or NACLs; a 'reject' entry during error spikes would confirm a network ACL or security group rule is blocking traffic. The 'Connection timed out' error typically occurs when a TCP SYN packet is sent but no SYN-ACK is received within the timeout window, which can happen if a NACL is stateless and blocks return traffic or if a security group rule is missing. In real-world scenarios, periodic spikes can be caused by ephemeral port exhaustion on the ALB or a misconfigured NACL that only drops traffic during certain traffic patterns.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Monitoring and Logging — study guide chapter
Learn the concepts, then practise the questions
- →
Monitoring and Logging practice questions
Targeted practice on this topic area only
- →
All DOP-C02 questions
1,740 questions across all exam domains
- →
AWS Certified DevOps Engineer Professional DOP-C02 study guide
Full concept coverage aligned to exam objectives
- →
DOP-C02 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related DOP-C02 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Configuration Management and IaC practice questions
Practise DOP-C02 questions linked to Configuration Management and IaC.
Resilient Cloud Solutions practice questions
Practise DOP-C02 questions linked to Resilient Cloud Solutions.
Monitoring and Logging practice questions
Practise DOP-C02 questions linked to Monitoring and Logging.
Incident and Event Response practice questions
Practise DOP-C02 questions linked to Incident and Event Response.
Security and Compliance practice questions
Practise DOP-C02 questions linked to Security and Compliance.
SDLC Automation practice questions
Practise DOP-C02 questions linked to SDLC Automation.
DOP-C02 fundamentals practice questions
Practise DOP-C02 questions linked to DOP-C02 fundamentals.
DOP-C02 scenario practice questions
Practise DOP-C02 questions linked to DOP-C02 scenario.
DOP-C02 troubleshooting practice questions
Practise DOP-C02 questions linked to DOP-C02 troubleshooting.
Practice this exam
Start a free DOP-C02 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this DOP-C02 question test?
Monitoring and Logging — This question tests Monitoring and Logging — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Enable VPC Flow Logs for the subnets and analyze the logs to identify dropped connections during the error spikes. — VPC Flow Logs capture metadata about IP traffic going to and from network interfaces in a VPC, including whether the traffic was accepted or rejected. Since the application logs show 'Connection timed out' errors and instance-level metrics are normal, the issue likely lies in the network path (e.g., security groups, NACLs, or subnet routing) rather than the application or compute layer. Analyzing VPC Flow Logs during the error spikes will reveal if connections are being dropped or rejected, pinpointing the root cause of the timeouts.
What should I do if I get this DOP-C02 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More DOP-C02 practice questions
- A company uses AWS CodePipeline with a multi-branch strategy. A new feature branch triggers a pipeline that runs unit te…
- A development team uses AWS CodeBuild to compile a Java application and run unit tests. The build takes 30 minutes, but…
- A company uses AWS CodePipeline with multiple stages: Source (Amazon S3), Build (AWS CodeBuild), and Deploy (AWS CodeDep…
- A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled JARs) to…
- An organization uses AWS CodePipeline to orchestrate deployments to multiple environments (dev, test, prod). Each enviro…
- A company uses AWS Key Management Service (KMS) to encrypt data at rest in Amazon S3. The security team wants to ensure…
Last reviewed: Jun 11, 2026
This DOP-C02 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the DOP-C02 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.