Back to AWS Certified SysOps Administrator Associate SOA-C02 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise AWS Certified SysOps Administrator Associate SOA-C02 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
SOA-C02
exam code
Amazon Web Services
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SOA-C02 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediumdrag order
Full question →

Drag and drop the steps to troubleshoot high CPU usage on an Amazon EC2 instance into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 2easymultiple choice
Full question →

A SysOps administrator is troubleshooting an Amazon RDS for MySQL instance that is experiencing high CPU utilization. The administrator wants to identify the specific queries consuming the most CPU. What is the MOST efficient way to achieve this?

Question 3hardmultiple choice
Full question →

An organization has a CloudWatch dashboard that displays metrics for multiple AWS services. The dashboard is shared with the operations team. Recently, some team members reported that the dashboard is not loading for them. Which action should the SysOps administrator take to troubleshoot the issue?

Question 4mediummultiple choice
Read the full DNS explanation →

A SysOps administrator is troubleshooting connectivity issues between two VPCs that are peered using a VPC Peering connection. The instances in VPC A can ping the private IP of instances in VPC B, but not the DNS names. What is the most likely cause?

Question 5mediummultiple choice
Full question →

A company has a production environment that includes an Amazon RDS for MySQL database. The SysOps administrator receives an alert that the database's CPU utilization has been above 90% for the past hour. The administrator checks the CloudWatch metrics and sees that the DatabaseConnections metric is also high. The application team reports that users are experiencing slow response times. The administrator wants to investigate which queries are causing the high CPU. The database is already configured to send logs to CloudWatch Logs. Which course of action should the administrator take to identify the problematic queries?

Question 6mediummultiple choice
Full question →

A SysOps administrator is troubleshooting an issue where an Application Load Balancer (ALB) is returning HTTP 503 errors to clients. The target group is healthy, and the instances are passing health checks. What is the most likely cause of the 503 errors?

Question 7easymultiple choice
Full question →

A SysOps administrator is troubleshooting a Lambda function that does not write logs to CloudWatch Logs. The IAM role attached to the function includes the policy shown. What is the most likely reason the logs are not being created?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-function:*"
    }
  ]
}
Question 8mediummulti select
Full question →

A company is using an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. The SysOps administrator notices that the scaling is not triggering as expected. Which THREE steps should the administrator take to troubleshoot the issue?

Question 9hardmultiple choice
Read the full NAT/PAT explanation →

An organization has a VPC with public and private subnets. The private subnets need to access the internet for software updates. A NAT gateway is deployed in a public subnet and the private subnet route table has a route for 0.0.0.0/0 pointing to the NAT gateway. However, instances in the private subnet cannot reach the internet. What could be the issue?

Question 10hardmulti select
Full question →

A SysOps administrator is troubleshooting an issue where an EC2 instance cannot pull secrets from AWS Secrets Manager. The instance has an IAM role with a policy that allows secretsmanager:GetSecretValue. The secret is in the same account and region. What are possible reasons for the failure? (Choose THREE.)

Question 11hardmultiple choice
Review the full routing breakdown →

A SysOps administrator is troubleshooting connectivity issues between two VPCs in different AWS Regions. Both VPCs are connected via a VPC Peering connection. The route tables in both VPCs have routes pointing to the peering connection. Security groups allow all traffic. However, an EC2 instance in VPC A cannot ping an EC2 instance in VPC B. What is the most likely cause?

Question 12easymultiple choice
Full question →

A company hosts a web application on EC2 instances behind an Application Load Balancer. Users report intermittent 503 errors. Which step should the SysOps administrator take to troubleshoot the issue?

Question 13hardmultiple choice
Full question →

A SysOps administrator is troubleshooting an issue where an IAM user cannot assume a role in another AWS account. The trust policy of the role allows the user's account to assume the role, and the user has a permissions policy that allows sts:AssumeRole. However, the user still gets an access denied error. What is the MOST likely cause?

Question 14mediummultiple choice
Full question →

A sysadmin receives an alert that a Network Load Balancer (NLB) is not passing traffic to targets. The target group health checks are passing. What is the MOST likely cause?

Question 15hardmulti select
Full question →

A SysOps Administrator is troubleshooting an issue where an Application Load Balancer (ALB) returns 502 Bad Gateway errors. Which THREE are possible causes? (Choose THREE.)

These SOA-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style SOA-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.