Practice CDK Questions Now

Start a timed practice session focusing on AWS Cloud Development Kit topics from the DOP-C02 question bank.

DOP-C02 CDK Question Bank (13 Questions)

Browse all 13 practice questions covering AWS Cloud Development Kit for the DOP-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

Question 1SDLC Automation
A company wants to implement infrastructure testing using CDK. They want to validate that a VPC construct always creates public and private subnets in all 3 AZs. What CDK testing approach validates this before deployment?
ADeploy the CDK stack and check manually
BUse CDK fine-grained assertions: assert.hasResourceProperties('AWS::EC2::Subnet', {...}) checking subnet type and AZ properties; test count matches 6 subnets (3 public + 3 private)
CUse CloudFormation Change Sets to verify
DUse CDK snapshot tests only
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 2Security and Compliance
A company wants to run static application security testing (SAST) on every code push to CodeCommit. Security vulnerabilities should be reported as pull request comments. What is the RECOMMENDED tool?
AAWS Config for code security
BAmazon CodeGuru Security — integrates with CodeCommit to scan for security vulnerabilities on pull requests and report findings as inline comments
CAmazon Inspector for code scanning
DAWS WAF for application security
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 3Resilient Cloud Solutions
A company wants to implement automated DR testing where the DR environment is activated, verified, and then destroyed quarterly. What approach automates the DR drill?
AManually activate DR environment quarterly
BUse EventBridge Scheduler for quarterly trigger → Step Functions workflow: (1) deploy DR CloudFormation stack, (2) run health checks, (3) run smoke tests, (4) report results, (5) destroy stack — automated end-to-end
CUse AWS Resilience Hub to simulate DR
DDR testing cannot be automated
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 4Configuration Management and IaC
A DevOps team uses CDK with TypeScript. They want to share CDK constructs (e.g., a standard ECS service construct) across 10 teams. What is the recommended distribution mechanism?
ACopy and paste the construct code into each team's repository
BPublish the CDK constructs as an npm package to AWS CodeArtifact; teams install the package as a dependency and import the shared constructs; versioning follows semantic versioning
CUse CloudFormation modules instead of CDK constructs
DShare via a Git submodule
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 5Security and Compliance
A company wants to implement automated security testing of their web application APIs as part of the CI/CD pipeline. What approach provides DAST (Dynamic Application Security Testing)?
ASAST code scanning in CodeBuild
BDeploy the application to a test environment; run OWASP ZAP, Burp Suite, or AWS WAF testing tools in a CodeBuild action against the test endpoint; the scanner tests for OWASP Top 10 vulnerabilities; fail on HIGH findings
CAmazon Inspector for DAST scanning
DUse AWS WAF to block attacks instead of scanning
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 6SDLC Automation
A company wants to implement contract testing between microservices. Consumer-driven contract tests should run in CI to ensure service changes don't break consumers. What approach integrates contract testing into CodePipeline?
AManual API testing after each deployment
BUse Pact or Spring Cloud Contract; publish contracts to a contract broker; provider pipeline runs contract verification tests in CodeBuild; tests fail if service changes break the consumer contract
CUse API Gateway for contract validation
DIntegration tests cover contract testing needs
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 7Configuration Management and IaC
A company uses CDK Pipelines for their infrastructure deployment. They want the pipeline itself to be automatically updated when the CDK code changes. What CDK Pipelines feature enables this?
ACDK Pipelines require manual updates
BCDK Pipelines self-mutation: the pipeline's first stage (UpdatePipeline) runs cdk deploy to update the pipeline itself from the latest CDK code; subsequent stages run with the updated pipeline configuration
CUse CloudFormation StackSets to update the pipeline
DCodePipeline automatically updates from CDK source
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 8Configuration Management and IaC
A team is migrating from CloudFormation to AWS CDK. They have 200 existing CloudFormation stacks. What is the RECOMMENDED approach to adopt CDK without disrupting existing infrastructure?
ADelete all stacks and rewrite in CDK from scratch
BUse CDK's CloudFormation import feature to import existing stack resources into CDK-managed stacks gradually; or use CDK to generate new stacks while keeping existing ones until migration is complete
CCDK cannot manage existing CloudFormation stacks
DConvert all CloudFormation templates to CDK using the CDK migrate command
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 9Configuration Management and IaC
A team wants to test CDK application changes in a development account before promoting to production. What CDK workflow supports multi-environment deployments?
ACreate separate CDK apps for dev and prod
BUse CDK environments (account/region) in the Stack instantiation; use CDK Pipelines (cdk-pipelines) to automate promotion from dev to prod with stage gates
CUse CloudFormation parameters to switch environments
DManually run cdk deploy in each environment
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 10Configuration Management and IaC
A DevOps team uses CDK. They want to enforce that all S3 buckets created in the CDK app have versioning enabled and access logging configured. What CDK feature enforces these requirements?
AManually audit all S3 buckets after deployment
BUse CDK Aspects — implement an IAspect that visits all S3 bucket nodes in the CDK construct tree; enforce versioning and logging configuration; throw an error at synth time if non-compliant
CUse CloudFormation Guard post-synthesis
DAWS CDK does not support policy enforcement
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 11Security and Compliance
A company wants to verify that their AWS CDK-generated CloudFormation templates comply with their internal security policy before any deployment. What is the MOST scalable approach?
AManually review all CDK-generated templates
BIntegrate cfn_nag, checkov, or CloudFormation Guard into the CDK pipeline: after cdk synth, run the scanner against the synthesized template(s); fail the pipeline if violations are found
CUse AWS Config to evaluate CloudFormation templates
DUse AWS Trusted Advisor for template evaluation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 12Configuration Management and IaC
A DevOps team's CDK app has a stack that creates an RDS instance. The team wants to ensure the RDS password is rotated automatically and the password is never stored in plaintext in any configuration. How should this be implemented in CDK?
AGenerate a random password and store in Parameter Store
BUse CDK DatabaseInstance construct with generateSecret: true; CDK creates a Secrets Manager secret for the master password; enable rotation via the addRotationSingleUser() method — all managed without manual password handling
CHard-code a secure password in the CDK app
DUse IAM database authentication instead
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 13Configuration Management and IaC
A company uses AWS CDK with multiple stacks sharing a common VPC. They want to ensure the VPC stack is always deployed before application stacks. What CDK mechanism enforces this dependency?
ACDK automatically determines deployment order
BUse addDependency() method in CDK: applicationStack.addDependency(vpcStack); CDK includes CloudFormation stack dependency metadata; CDK deploy deploys stacks in dependency order
CImport VPC values using Fn::ImportValue
DList VPC stack first in the CDK app
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz

Key CDK Concepts for DOP-C02

cdkcloud development kitconstructsynthesiscdk pipelinesaspecttestingapp

DOP-C02 CDK Exam Tips

AWS Cloud Development Kit questions in DOP-C02 are typically scenario-based. Focus on CI/CD automation, reliability engineering, and feedback-driven operations. Priority concepts: cdk, cloud development kit, construct, synthesis, cdk pipelines, aspect.

What DOP-C02 Expects

Anchor your answer in choose auditable, automated release and operations patterns with strong rollback readiness.
CDK scenarios for DOP-C02 are frequently mapped to Domain 2 (17%), Domain 3 (15%), so read the objective carefully before picking controls or architecture.
Expect multi-topic scenarios where CDK interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and vendor best practices.

High-Value CDK Concepts

Know the core CDK building blocks cold: cdk, cloud development kit, construct, synthesis.
Review the edge-case features and limits for cdk pipelines, aspect; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how CDK pairs with CloudFormation, CI/CD Pipelines, SAM in real deployment patterns.
For DOP-C02, explain why the chosen CDK design meets reliability, security, and cost expectations better than the alternatives.

Common DOP-C02 Traps

Watch for manual promotion and approval logic where pipeline automation is expected.
Questions in Configuration Management & IaC often include distractors that look correct for CDK but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two CDK implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Configuration Management & IaC (17%) outcomes for DOP-C02?
Can you explain security and access boundaries for CDK without relying on default-open assumptions?
Can you describe how CDK integrates with CloudFormation and CI/CD Pipelines during failure, scaling, and monitoring events?

Exam Domains Covering CDK

Domain 2Configuration Management & IaC17%Domain 3Resilient Cloud Solutions15%

Related Resources

🎯 Free DOP-C02 Mock Exam CloudFormation Questions CI/CD Pipelines Questions SAM Questions

More DOP-C02 Study Resources

← DOP-C02 Study Hub 30-Day Study Plan Full Practice Exam

⚙️ AWS Cloud Development Kit - DOP-C02 Practice Questions