SOA-C02 · topic practice

Troubleshooting practice questions

Practise AWS Certified SysOps Administrator Associate SOA-C02 Troubleshooting practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Troubleshooting

What the exam tests

What to know about Troubleshooting

Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Troubleshooting exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Troubleshooting questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A company runs an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB terminates SSL/TLS and forwards traffic to the instances over HTTP. The SysOps administrator needs to capture the original client IP address in the instance logs. How should the administrator configure this?

A SysOps administrator is troubleshooting an Amazon RDS for MySQL instance that is experiencing high CPU utilization. The administrator wants to identify the specific queries consuming the most CPU. What is the MOST efficient way to achieve this?

Question 3mediummultiple choice
Read the full DNS explanation →

A SysOps administrator is troubleshooting connectivity issues between two VPCs that are peered using a VPC Peering connection. The instances in VPC A can ping the private IP of instances in VPC B, but not the DNS names. What is the most likely cause?

Question 4mediummultiple choice
Read the full Troubleshooting explanation →

A SysOps administrator is troubleshooting an issue where an Application Load Balancer (ALB) is returning HTTP 503 errors to clients. The target group is healthy, and the instances are passing health checks. What is the most likely cause of the 503 errors?

A SysOps administrator is troubleshooting a Lambda function that does not write logs to CloudWatch Logs. The IAM role attached to the function includes the policy shown. What is the most likely reason the logs are not being created?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-function:*"
    }
  ]
}

A SysOps administrator is troubleshooting an issue where an EC2 instance cannot pull secrets from AWS Secrets Manager. The instance has an IAM role with a policy that allows secretsmanager:GetSecretValue. The secret is in the same account and region. What are possible reasons for the failure? (Choose THREE.)

Question 7hardmultiple choice
Review the full routing breakdown →

A SysOps administrator is troubleshooting connectivity issues between two VPCs in different AWS Regions. Both VPCs are connected via a VPC Peering connection. The route tables in both VPCs have routes pointing to the peering connection. Security groups allow all traffic. However, an EC2 instance in VPC A cannot ping an EC2 instance in VPC B. What is the most likely cause?

A SysOps administrator is troubleshooting an issue where an IAM user cannot assume a role in another AWS account. The trust policy of the role allows the user's account to assume the role, and the user has a permissions policy that allows sts:AssumeRole. However, the user still gets an access denied error. What is the MOST likely cause?

A SysOps Administrator is troubleshooting an issue where an Application Load Balancer (ALB) returns 502 Bad Gateway errors. Which THREE are possible causes? (Choose THREE.)

A SysOps administrator is troubleshooting a high error rate on an Application Load Balancer (ALB). The ALB is configured with two target groups: one for EC2 instances and one for Lambda functions. The administrator notices that the EC2 target group is unhealthy. Which THREE steps should the administrator take to resolve the issue?

Question 11mediummultiple choice
Read the full Troubleshooting explanation →

A SysOps administrator is troubleshooting an issue where an Auto Scaling group is not launching EC2 instances despite having a scaling policy that should trigger when CPU utilization exceeds 80%. The CloudWatch alarm shows that the metric is breaching the threshold, but no instances are launched. What is the most likely cause?

A SysOps administrator is troubleshooting an issue where an Application Load Balancer (ALB) is returning 503 errors to clients. The target group has healthy EC2 instances. Which THREE possible causes should the administrator investigate? (Choose three.)

Question 13hardmultiple choice
Review the full subnetting walkthrough →

A company runs a web application on EC2 instances in a private subnet. The application needs to connect to an RDS database in a different VPC. The VPCs are peered. The SysOps Administrator is troubleshooting connectivity issues. The RDS security group allows inbound traffic from the EC2 security group, but connections still fail. What could be the issue?

A SysOps administrator is troubleshooting a connectivity issue from an EC2 instance to an RDS database in the same VPC. The security groups are configured correctly. Which TWO steps should the administrator take to diagnose the issue?

A SysOps administrator is troubleshooting a slow deployment with AWS CloudFormation. The stack update is taking a long time because it is waiting for a resource to be created. Which TWO CloudFormation features can help speed up the deployment?

Question 16mediummultiple choice
Read the full Troubleshooting explanation →

A SysOps administrator is troubleshooting a failed AWS CloudFormation stack creation. The error message indicates that an IAM role creation failed because the role already exists. The administrator wants to ensure the stack creation can proceed without manual intervention. What should the administrator do?

Question 17hardmultiple choice
Read the full Troubleshooting explanation →

A SysOps administrator is troubleshooting a CodeDeploy deployment that uploads artifacts to an S3 bucket. The deployment fails with an 'AccessDenied' error. The IAM policy for the CodeDeploy service role includes the statement shown in the exhibit. What is the most likely cause of the failure?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}
Question 18hardmultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator is troubleshooting a failed AWS CodeBuild build. The build project uses an Amazon S3 source. The buildspec.yml file includes commands that require internet access to download dependencies. The build is failing with a timeout error when trying to download from an external repository. The VPC configuration for the build project uses a private subnet with no NAT gateway. What change should be made to resolve the issue?

Question 19mediummultiple choice
Read the full Troubleshooting explanation →

A SysOps administrator is troubleshooting a failed AWS CloudFormation stack update. The error message indicates that a resource failed to create due to insufficient IAM permissions. The administrator used a service role for CloudFormation. What should the administrator do to resolve the issue?

Question 20hardmultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator is troubleshooting a failed Auto Scaling group launch. The group uses a launch template that specifies an Amazon Linux 2 AMI. The instances fail to pass the EC2 health check and are terminated. The administrator checks the system log and finds that the instance boots but the cloud-init script fails due to a missing package repository. What is the most likely cause?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Troubleshooting sessions

Start a Troubleshooting only practice session

Every question in these sessions is drawn from the Troubleshooting domain — nothing else.

Related practice questions

Related SOA-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SOA-C02 exam test about Troubleshooting?
Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Troubleshooting questions in a focused session?
Yes — the session launcher on this page draws every question from the Troubleshooting domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SOA-C02 topics?
Use the topic links above to move to related areas, or go back to the SOA-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SOA-C02 exam covers. They are not copied from any real exam or dump site.