Back to AWS Certified Solutions Architect Professional SAP-C02 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise AWS Certified Solutions Architect Professional SAP-C02 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

6
scenario questions
SAP-C02
exam code
Amazon Web Services
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SAP-C02 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

A solutions architect is designing a new serverless application using AWS Lambda to process orders from an API Gateway endpoint and store them in DynamoDB. The architect creates the IAM role shown in the exhibit. When testing, the Lambda function fails to write to DynamoDB with an AccessDeniedException. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:GetItem",
        "dynamodb:PutItem"
      ],
      "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders"
    }
  ]
}
Question 2mediumdrag order
Full question →

Drag and drop the steps to troubleshoot an EC2 instance that is unreachable via SSH in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 3hardmultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A solutions architect is troubleshooting why EC2 instances launched in subnet-11111111 cannot access the internet. The subnet is in a VPC with an internet gateway attached. The route table for the subnet has a default route (0.0.0.0/0) pointing to the internet gateway. What is the MOST likely cause?

Network Topology
$ aws ec2 describe-vpcsregion us-east-1query 'Vpcs[0].VpcId'$ aws ec2 describe-subnetsfilters Name=vpc-idRefer to the exhibit."vpc-0abcd1234""Subnets": ["SubnetId": "subnet-11111111","CidrBlock": "10.0.1.0/24","MapPublicIpOnLaunch": false},"SubnetId": "subnet-22222222","CidrBlock": "10.0.2.0/24",
Question 4mediummultiple choice
Full question →

An IAM policy is attached to an IAM role that is assumed by an EC2 instance. The EC2 instance has an IP address of 10.0.1.15. The instance is unable to download objects from the S3 bucket 'example-bucket'. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    }
  ]
}
```
Question 5mediummultiple choice
Full question →

A solutions architect is troubleshooting an EC2 instance that is not sending metrics to CloudWatch. The instance is running and has internet connectivity. Based on the exhibit, what is the MOST likely reason?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0Refer to the exhibit.```# AWS CLI command output"Reservations": ["Groups": [],"Instances": ["InstanceId": "i-1234567890abcdef0","InstanceType": "t2.micro","State": {"Name": "running"},"Monitoring": {"State": "disabled""NetworkInterfaces": ["Association": {"IpOwnerId": "amazon","PublicIp": "54.123.45.67""Attachment": {"DeviceIndex": 0,"Status": "attached"],"Tags": ["Key": "Name","Value": "WebServer"
Question 6mediummultiple choice
Review the full subnetting walkthrough →

A solutions architect is troubleshooting an issue where an EC2 instance cannot connect to the internet. The output of the describe-instances CLI command is shown in the exhibit. The instance is in a VPC with a public subnet that has a route table with a default route pointing to an internet gateway. The security group allows outbound traffic to 0.0.0.0/0. What is the MOST likely cause of the problem?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].[InstanceIdoutput table+Refer to the exhibit.| DescribeInstances || 10.0.1.15 | 54.123.45.67 |

These SAP-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style SAP-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.