Practice CloudFormation Questions Now

Start a timed practice session focusing on AWS CloudFormation topics from the DOP-C02 question bank.

DOP-C02 CloudFormation Question Bank (43 Questions)

Browse all 43 practice questions covering AWS CloudFormation for the DOP-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

Question 1Configuration Management and IaC
A DevOps engineer is deploying a CloudFormation stack with an RDS database. The RDS master password should not appear in the CloudFormation template. What is the CORRECT approach?
AHardcode the password in the template
BUse a CloudFormation dynamic reference to Secrets Manager: {{resolve:secretsmanager:MySecret:SecretString:password}}
CPass the password as a NoEcho parameter
DStore the password in an SSM Parameter Store string
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 2Configuration Management and IaC
A team wants to ensure that CloudFormation nested stacks' outputs can be referenced by parent stacks. What is the CloudFormation construct for this?
AUse global CloudFormation parameters
BUse the Fn::GetAtt function on the nested stack resource to retrieve its outputs: !GetAtt NestedStackResource.Outputs.OutputName
CUse cross-stack references with Fn::ImportValue
DNested stacks cannot share outputs with parent stacks
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 3Configuration Management and IaC
A company has a large CloudFormation template with 500+ resources. Template updates are slow (20+ minutes). What techniques reduce CloudFormation stack update time?
AUse Terraform instead of CloudFormation
BDecompose the monolithic stack into nested stacks or separate stacks connected via exports/imports; smaller stacks update faster as only changed resources are processed; use nested stacks for related resource groups
CUse CloudFormation drift detection to speed updates
DEnable CloudFormation parallel resource creation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 4Configuration Management and IaC
A company's CloudFormation stack includes a custom resource (Lambda-backed) that calls an external API during deployment. The external API is rate-limited to 1 request per second. CloudFormation calls the custom resource for many resources simultaneously, causing throttling. What resolves this?
AReduce the number of custom resources
BImplement exponential backoff with jitter in the Lambda custom resource function; use CloudFormation DependsOn to serialize custom resource deployments if they call the same API endpoint
CUse CloudFormation Macros instead
DIncrease the external API rate limit
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 5Configuration Management and IaC
A company wants to manage application configuration (database URLs, feature flags) separately from their CloudFormation infrastructure templates. Changes to application config should not require CloudFormation stack updates. What service is BEST for this?
ACloudFormation template parameters
BAWS AppConfig or SSM Parameter Store — store and version application configuration independently; application reads configuration at runtime; changes are deployed via AppConfig deployment strategies without redeploying infrastructure
CEnvironment variables in the CloudFormation template
DS3 object for configuration storage
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 6Configuration Management and IaC
A company uses CloudFormation with 20 stacks. Stack creation takes a long time because of complex custom resources. They want to identify which custom resources are slow. What debugging approach helps?
AAdd print statements to Lambda custom resources
BReview CloudFormation stack events sorted by timestamp — each resource creation/update shows start and completion time; slow custom resources show a long gap between START and CREATE_COMPLETE; CloudWatch Logs for the Lambda custom resource show execution details
CUse CloudTrail to measure custom resource duration
DCloudFormation has built-in performance profiling
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 7Configuration Management and IaC
A company uses CloudFormation StackSets to deploy to 100 accounts. A change to the StackSet template should only deploy to 10 accounts at a time to limit blast radius. What StackSet setting controls deployment rate?
ADeploy to all accounts simultaneously
BConfigure StackSet operation preferences: MaxConcurrentCount = 10 (deploy to 10 accounts simultaneously); FailureToleranceCount = 2 (stop if more than 2 accounts fail); this controls both speed and failure impact
CCloudFormation StackSets always deploy sequentially
DUse separate StackSets for different account groups
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 8Security and Compliance
A DevOps team wants to scan CloudFormation templates in their CodeBuild pipeline to reject templates that create overly permissive IAM roles. Which AWS-native tool provides rule-based CloudFormation template validation?
AAWS Config
BAWS CloudFormation Guard (cfn-guard)
CAmazon Inspector
DAWS Trusted Advisor
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 9Configuration Management and IaC
A company wants to enforce that all CloudFormation templates are validated against security policies before deployment. Policies include: 'no security groups allow 0.0.0.0/0 on port 22'. What tool enables policy-as-code for CloudFormation?
ACloudFormation drift detection
BAWS CloudFormation Guard (cfn-guard) — define rules in a domain-specific language; run in CI/CD pipelines to validate templates before deployment
CAWS Config rules for CloudFormation stacks
DManual template review
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 10Configuration Management and IaC
A CloudFormation template creates an EC2 instance and a database. The database must be created BEFORE the instance. How should this dependency be specified?
AList the database resource before the instance in the template
BUse the DependsOn attribute on the EC2 instance resource referencing the database resource
CCloudFormation automatically detects dependencies
DUse CloudFormation conditions to control creation order
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 11Configuration Management and IaC
A DevOps engineer needs to detect when EC2 instances' software configurations diverge from their CloudFormation template definitions. What CloudFormation feature provides this?
ACloudFormation Change Sets
BCloudFormation Drift Detection — compares actual resource configurations against the template-expected configurations and reports any differences
CAWS Config CloudFormation compliance rules
DCloudFormation Stack Policies
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 12SDLC Automation
A company needs to create a CodePipeline that automatically deploys infrastructure changes when a CloudFormation template is modified in CodeCommit. What is the pipeline structure?
ASource: CodeCommit → Build: CodeBuild (validate template) → Deploy: CloudFormation CreateOrUpdateStack action
BSource: CodeCommit → Deploy: CloudFormation directly
CSource: CodeCommit → Build: CodeBuild → Manual Approval → Deploy: CloudFormation with change set
DBoth A and C are valid, with C adding human oversight via change set review
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 13Configuration Management and IaC
A team uses CDK for infrastructure. They run 'cdk synth' and the resulting CloudFormation template is 6MB — too large for direct CloudFormation deployment (limit is 1MB for API calls). What is the solution?
AReduce the number of CDK constructs
BCDK automatically stores large templates in S3 (cdk bootstrap creates a staging bucket); 'cdk deploy' uploads the template to S3 and references it via a URL — CloudFormation accepts templates from S3
CSplit the CDK app into multiple smaller apps
DUse compressed CloudFormation templates
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 14Security and Compliance
A company wants to verify that their AWS CDK-generated CloudFormation templates comply with their internal security policy before any deployment. What is the MOST scalable approach?
AManually review all CDK-generated templates
BIntegrate cfn_nag, checkov, or CloudFormation Guard into the CDK pipeline: after cdk synth, run the scanner against the synthesized template(s); fail the pipeline if violations are found
CUse AWS Config to evaluate CloudFormation templates
DUse AWS Trusted Advisor for template evaluation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 15SDLC Automation
A company wants to implement testing for their CloudFormation templates using TaskCat. TaskCat deploys the template in multiple regions with different parameter configurations. How should this integrate with CodePipeline?
ATaskCat only runs locally
BAdd a CodeBuild action after the Source stage that runs taskcat run --no-cleanup-on-failure; TaskCat deploys to configured test regions, validates, and destroys test stacks; build fails if any test fails
CUse CodeDeploy to run TaskCat
DTaskCat requires a separate AWS account
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 16Configuration Management and IaC
A company uses CloudFormation and wants to validate all templates against NIST 800-53 security controls automatically. What tool provides NIST-aligned CloudFormation template scanning?
AAWS Config NIST standard
BAWS CloudFormation Guard (cfn-guard) with AWS Security Hub NIST control set rules; or Checkov with NIST-mapped checks; integrated in CodeBuild to fail pipelines on NIST violations
CAWS Trusted Advisor security checks
DAWS Well-Architected Tool
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 17Configuration Management and IaC
A company's CloudFormation templates contain hundreds of duplicate resource configurations (the same S3 bucket policy across 50 templates). They want to eliminate duplication. What CloudFormation feature reduces this?
ACopy and paste the policy into each template
BUse CloudFormation modules or macros: modules encapsulate repeatable patterns; macros transform template sections at deployment time; both reduce duplication and enable consistent, reusable configurations
CUse CloudFormation nested stacks with the S3 bucket
DUse CloudFormation conditions to share policies
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 18SDLC Automation
A company's pipeline produces multiple artifacts (Docker image, Lambda zip, CloudFormation template). They need to store all artifacts and share them between pipeline stages. What is the correct CodePipeline configuration?
AUse separate S3 buckets for each artifact type
BConfigure CodePipeline with an artifact store (single S3 bucket with KMS encryption); each action can declare output artifacts with unique names; subsequent stages reference these artifacts by name as input artifacts
CUse ECR for all artifacts in CodePipeline
DArtifacts must be rebuilt in each stage
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 19SDLC Automation
A company wants to automate deployment of AWS Service Catalog products via pipeline. New versions of portfolio products should be deployed automatically when the underlying CloudFormation template changes. What is the CORRECT implementation?
AManually update Service Catalog products when templates change
BCodePipeline: Source (CodeCommit template repo) → CodeBuild (creates/updates Service Catalog product version via aws servicecatalog create-provisioning-artifact) → validates the new version is available
CService Catalog automatically detects template changes
DUse CloudFormation StackSets instead of Service Catalog
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 20Configuration Management and IaC
A company wants to prevent CloudFormation from ever deleting their production DynamoDB table, even if the template is updated to remove the resource. What is the CORRECT configuration?
AUse CloudFormation deletion protection
BSet DeletionPolicy: Retain on the DynamoDB table resource in the CloudFormation template; additionally enable CloudFormation stack termination protection and use UpdateReplacePolicy: Retain
CUse DynamoDB deletion protection feature
DBoth B and C — DynamoDB table deletion protection plus CloudFormation DeletionPolicy provides defense in depth
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 21Configuration Management and IaC
A company's CloudFormation custom resource Lambda function needs to return values (e.g., generated password) back to CloudFormation for use in other resources. How should the Lambda return data?
ACloudFormation custom resources cannot return values
BThe Lambda function sends a HTTPS response to the CloudFormation-provided ResponseURL (S3 pre-signed URL) with a JSON body including Data object containing key-value pairs; other resources reference them via !GetAtt CustomResource.Key
CReturn values via Lambda environment variables
DStore values in SSM Parameter Store and reference via dynamic reference
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 22Security and Compliance
A company wants to implement security controls in their CDK pipeline that automatically scan CloudFormation templates for hardcoded secrets before deployment. What tool provides this?
ACloudFormation validates for secrets automatically
BAfter 'cdk synth', run checkov or cfn-nag in CodeBuild — these tools detect hardcoded strings matching secret patterns (API keys, passwords) in CloudFormation templates; fail the pipeline if found
CUse Secrets Manager to store all CDK secrets
DCDK type checking prevents hardcoded secrets
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 23Configuration Management and IaC
A team uses AWS CloudFormation to deploy infrastructure. During an update, the stack fails. The team wants to prevent automatic rollback to investigate the failure state. How should they configure this?
AUse CloudFormation deletion policies
BEnable CloudFormation rollback triggers
CDisable rollback on stack update failure
DUse CloudFormation change sets
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 24Configuration Management and IaC
A CloudFormation stack update fails and the stack rolls back, but the rollback also fails. The stack enters UPDATE_ROLLBACK_FAILED state. What is the recommended course of action?
ADelete the stack and redeploy from scratch
BUse the ContinueUpdateRollback API with SkipResources to skip the problematic resource, allowing the rollback to complete; then fix the underlying issue
CManually fix the resource in the AWS console and retry the update
DContact AWS Support to fix the stack
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 25Configuration Management and IaC
A company has 50 AWS accounts and needs to deploy a standard CloudFormation stack (VPC, security groups, baseline IAM roles) to all accounts. What service manages this at scale?
AManually deploy to each account
BAWS CloudFormation StackSets with Organizations integration — deploy to all accounts in the organization or specific OUs from a management account
CUse AWS Service Catalog
DUse Terraform with multiple account providers
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 26Configuration Management and IaC
A team is migrating from CloudFormation to AWS CDK. They have 200 existing CloudFormation stacks. What is the RECOMMENDED approach to adopt CDK without disrupting existing infrastructure?
ADelete all stacks and rewrite in CDK from scratch
BUse CDK's CloudFormation import feature to import existing stack resources into CDK-managed stacks gradually; or use CDK to generate new stacks while keeping existing ones until migration is complete
CCDK cannot manage existing CloudFormation stacks
DConvert all CloudFormation templates to CDK using the CDK migrate command
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 27Configuration Management and IaC
A company uses CloudFormation to deploy infrastructure. They want to prevent any update to a production stack that would modify or delete the production RDS database. What CloudFormation feature achieves this?
AEnable CloudFormation termination protection
BApply a Stack Policy denying Update:Modify and Update:Delete actions on the RDS database resource in the production stack
CUse DeletionPolicy: Retain on the database
DUse CloudFormation conditions to skip database updates
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 28Configuration Management and IaC
A company wants to create self-destruct development environments — CloudFormation stacks that automatically delete after 8 hours. What is the most appropriate implementation?
ATrain developers to manually delete their stacks
BAfter stack creation, create an EventBridge scheduled rule (one-time, 8 hours later) that triggers a Lambda function to delete the stack via the CloudFormation DeleteStack API
CUse CloudFormation stack termination protection with a timer
DUse AWS Config to delete stacks after 8 hours
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 29Configuration Management and IaC
A company uses CloudFormation and wants to reuse common patterns (like a standard VPC or ECS cluster) across many stacks. What CloudFormation feature provides reusable, versioned building blocks?
ACloudFormation nested stacks with hardcoded values
BAWS CloudFormation modules — encapsulate common resource patterns as versioned modules; published to the CloudFormation registry; used in templates just like native resource types
CCloudFormation macros
DCloudFormation parameters
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 30Configuration Management and IaC
A DevOps team uses CloudFormation. A new team member accidentally deleted a CloudFormation stack parameter that was used by a running production stack. The stack is in a healthy state currently. What happened to the resources?
AAll resources in the stack were deleted
BNothing happened immediately — CloudFormation templates in S3 can be deleted without affecting deployed stacks; the running stack only changes when an update is executed
CCloudFormation automatically restored the template
DThe stack entered DRIFT_DETECTED state
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 31Configuration Management and IaC
A CloudFormation stack has a resource with DependsOn attribute pointing to another resource. During stack creation, the pointed-to resource creates successfully but takes 15 minutes. The dependent resource creation times out at 10 minutes. What causes this?
ADependsOn is incorrectly configured
BThe dependent resource has a resource-type-specific timeout that's shorter than the prerequisite resource's creation time; or a custom resource Lambda has a 10-minute timeout; increase the Lambda or CloudFormation timeout
CCloudFormation has a 10-minute global timeout
DDependsOn causes both resources to run sequentially with a combined timeout
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 32Configuration Management and IaC
A DevOps engineer discovers that a production EC2 instance security group has been modified outside of CloudFormation (drift). They want to automatically remediate drift and restore the expected configuration. What is the approach?
AManually update the security group to match the template
BRun CloudFormation drift detection to identify drifted resources; use the CloudFormation UpdateStack with the original template to reapply the expected security group configuration, restoring the expected state
CAWS Config auto-remediates CloudFormation drift
DTerminate and redeploy the instance
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 33Configuration Management and IaC
A DevOps engineer needs to export CloudFormation outputs from a VPC stack and import them in an application stack. What is the CORRECT CloudFormation pattern?
AHardcode VPC IDs in the application stack
BIn the VPC stack: Outputs section with Export.Name for each output value; in the application stack: use Fn::ImportValue referencing the export name
CUse SSM Parameter Store to pass values between stacks
DUse nested stacks instead of cross-stack references
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 34SDLC Automation
A company wants to create isolated test environments on demand using CodePipeline. Each test run should create its own CloudFormation stack, run tests, then destroy the stack. What CodePipeline action type supports creating and deleting CloudFormation stacks?
ACodeBuild with CloudFormation CLI
BCloudFormation Deploy action (CREATE_OR_REPLACE or CHANGE_SET_EXECUTE) for creation; CloudFormation DELETE action for destruction — both are native CodePipeline action types
CLambda actions for CloudFormation management
DOnly external tools can create/delete CloudFormation stacks in pipelines
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 35Configuration Management and IaC
A company uses CloudFormation StackSets to deploy security controls across 100 AWS accounts. A new SCP policy changes which regions are allowed. CloudFormation StackSet deployments to the newly blocked regions fail. What should be done?
ARemove the SCP to allow CloudFormation to deploy
BUpdate the StackSet to exclude the blocked regions; modify the StackSet's deployment regions to only include allowed regions; CloudFormation StackSets respect the deployment region configuration
CCloudFormation StackSets automatically skip blocked regions
DDeploy using a different account that's not subject to the SCP
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 36Configuration Management and IaC
A company wants to enforce that all CloudFormation stack parameters are validated before deployment (e.g., VPC CIDR must be within allowed ranges). What CloudFormation feature provides parameter validation?
ACloudFormation Guard post-deployment validation
BCloudFormation parameter AllowedValues (discrete values) and AllowedPattern (regex) constraints; invalid parameter values are rejected before the deployment begins
CCustom Lambda resource to validate parameters
DCloudFormation Macros for parameter validation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 37Configuration Management and IaC
A company uses Terraform but wants to incorporate AWS CloudFormation StackSet deployments for baseline security controls. How can Terraform and CloudFormation coexist in the same environment?
ACloudFormation and Terraform cannot coexist
BUse the Terraform aws_cloudformation_stack or aws_cloudformation_stack_set resource to manage CloudFormation stacks from Terraform; Terraform tracks the stack state; CloudFormation handles the actual resource provisioning
CConvert all CloudFormation to Terraform
DUse CloudFormation to manage Terraform state
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 38Resilient Cloud Solutions
A company's CloudFormation stack deploys an Auto Scaling group with a lifecycle hook. During a scale-out event, the lifecycle hook holds the instance in Pending:Wait state. The bootstrap process completes but the instance remains stuck in Pending:Wait for 3 hours. What is the MOST LIKELY cause?
AThe instance is too slow to bootstrap
BThe bootstrap script is not calling CompleteLifecycleAction (or SendHeartbeat); the lifecycle hook has a HeartbeatTimeout of 3 hours; the instance is waiting indefinitely for the signal
CThe ASG is misconfigured
DThe lifecycle hook action is ABANDON
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 39Incident and Event Response
A company's incident response requires rolling back a CloudFormation stack to a previous known-good state. The stack has 30 resources. What is the CORRECT CloudFormation rollback approach?
ADelete the stack and redeploy the previous template
BUse CloudFormation Continue Update Rollback or re-deploy the previous template version via a new UpdateStack call; CloudFormation tracks previous template versions in the change set history; or use a versioned template from S3
CCloudFormation does not support rollback to previous versions
DUse AWS Backup to restore CloudFormation resources
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 40Configuration Management and IaC
A company wants to automatically apply hotfixes to their CloudFormation-managed production stacks across multiple regions simultaneously when a critical vulnerability is patched. What is the fastest approach?
AUpdate each regional stack manually
BUpdate the CloudFormation template in CodeCommit; trigger CodePipeline across all regions simultaneously using parallel cross-region deploy actions; each region deploys the fix in parallel, minimizing total time
CUse CloudFormation StackSets with sequential deployment
DWait for the regular deployment cycle
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 41Configuration Management and IaC
A CloudFormation stack update fails due to a resource property change that CloudFormation cannot update in-place (requires replacement). The stack is in UPDATE_COMPLETE state, but the resource still shows the old value. What happened?
ACloudFormation silently ignored the update
BCloudFormation used UpdateReplace behavior: it created a new resource with the new property, updated references to point to the new resource, then deleted the old resource — the resource was replaced, not updated in-place
CCloudFormation reverted the property change
DAn update cannot change immutable properties
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 42Configuration Management and IaC
A company wants to track which version of their infrastructure (CDK/CloudFormation) is deployed in each environment. What metadata should be embedded in CloudFormation stacks for traceability?
ACloudFormation automatically tracks deployment version
BAdd stack tags with git commit SHA, pipeline execution ID, timestamp, and environment name; these appear in the CloudFormation console, cost explorer, and Config history — providing full deployment traceability
CUse CloudFormation stack descriptions for versioning
DQuery CloudTrail for stack creation history
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz
Question 43Configuration Management and IaC
A company's OpsWorks Chef-managed stack has configuration drift — some instances have manually modified configuration files. What OpsWorks feature detects and corrects this?
AOpsWorks Drift Detection feature
BManually running the Configure lifecycle event re-applies the correct Chef recipes to all instances, correcting drift
COpsWorks automatically corrects drift in real time
DOpsWorks does not support drift correction
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start DOP-C02 Quiz

Key CloudFormation Concepts for DOP-C02

cloudformationcfnstacktemplatestack setdriftchange setnested stackcustom resourceiac

DOP-C02 CloudFormation Exam Tips

AWS CloudFormation questions in DOP-C02 are typically scenario-based. Focus on CI/CD automation, reliability engineering, and feedback-driven operations. Priority concepts: cloudformation, cfn, stack, template, stack set, drift.

What DOP-C02 Expects

Anchor your answer in choose auditable, automated release and operations patterns with strong rollback readiness.
CloudFormation scenarios for DOP-C02 are frequently mapped to Domain 2 (17%), Domain 3 (15%), so read the objective carefully before picking controls or architecture.
Expect multi-topic scenarios where CloudFormation interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and vendor best practices.

High-Value CloudFormation Concepts

Know the core CloudFormation building blocks cold: cloudformation, cfn, stack, template.
Review the edge-case features and limits for stack set, drift; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how CloudFormation pairs with CDK, SAM, CI/CD Pipelines in real deployment patterns.
For DOP-C02, explain why the chosen CloudFormation design meets reliability, security, and cost expectations better than the alternatives.

Common DOP-C02 Traps

Watch for manual promotion and approval logic where pipeline automation is expected.
Questions in Configuration Management & IaC often include distractors that look correct for CloudFormation but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two CloudFormation implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Configuration Management & IaC (17%) outcomes for DOP-C02?
Can you explain security and access boundaries for CloudFormation without relying on default-open assumptions?
Can you describe how CloudFormation integrates with CDK and SAM during failure, scaling, and monitoring events?

Exam Domains Covering CloudFormation

Domain 2Configuration Management & IaC17%Domain 3Resilient Cloud Solutions15%

Related Resources

🎯 Free DOP-C02 Mock Exam CDK Questions SAM Questions CI/CD Pipelines Questions

More DOP-C02 Study Resources

← DOP-C02 Study Hub 30-Day Study Plan Full Practice Exam

🏗️ AWS CloudFormation - DOP-C02 Practice Questions