Knowledge Gap Diagnosis -﻿ AWS Solutions Architect Associate Exam

Total time elapsed:

Time spent on question.

Question 1 of 100

A bank has switched from on-premise to AWS cloud. It has its application servers in a public subnet, and database servers in the private subnet of a default VPC. The database servers need regular maintenance, and for that, patch fixes must be downloaded from the internet. Considering the high security regulations that the bank must maintain even for outbound IPv4 traffic, the bank IT team is looking for a service that can be used as a bastion server and be associated with security groups to control outbound IPv4 traffic.

Which of the following is the correct solution here?

Configure the NAT Gateway in the public subnet of the VPC and add a route to the NAT Gateway from the private subnet route table.
Add a route to the Internet Gateway of the VPC from the private subnet route table.
Configure an NAT Instance in the public subnet of the VPC and add a route to an NAT Instance from a private subnet route table.
Add a route to an Egress only Internet Gateway of the VPC from the private subnet route table.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 2 of 100

A business analyst joins your team, and they need access to the AWS RDS MySQL to generate the report.

How will you give them access to the database without impacting database performance?

Create a read replica and ask them to use it.
Setup AWS RDS Multi-AZ deployment and give them access to the database in the second availability zone.
Setup a replica in a different region.
Migrate your database to EC2 and give them access to an EC2 instance.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 3 of 100

A car rental company has a scheduled job that gets triggered using CloudWatch every midnight. This creates a report on the total number of vehicles and rentals for each day. It is a lightweight job that runs for around 2-3 minutes and requires a low amount of computing.

Which AWS compute resource is the most cost-effective for the given scenario?

AWS Glue
EC2 Instance
AWS Lambda
AWS EMR

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 4 of 100

A car rental company has its own AWS account under which there are various applications like Rental, Reservation, Fleet etc. Each application stores its data sets on Amazon’s S3 bucket. A single bucket policy controls access of this shared bucket for various applications.

With time, the company has grown, and so have the applications. Since management of the bucket policy has become quite complex and time consuming due to hundreds of different permission rules for various applications, the IT team has hired you as a Solution Architect to devise a solution to have application-specific access control policies on the S3 bucket.

Which of the following options would you suggest as the most optimized?

Use Amazon S3 Storage Lens.
Use Amazon S3 on Outposts.
Use Amazon S3 Access Points.
Use Amazon S3 Object Ownership.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 5 of 100

A car rental company has moved its IT infrastructure to AWS cloud. It was using an SQL Server as its on-premise database and has also kept the underlying DB infrastructure unchanged on the cloud. The business runs reports on this database, to get forecasts of the vehicles for the next day, but this is causing the application to slow down during the time the reports are run.

As the Solution Architect, can you suggest the most cost-effective way to resolve the application’s performance issues?

Create a read replica in the same AZ as the master RDS DB and run the reports on it.
Create a read replica in a different AZ as the master RDS DB and run the reports on it.
Enable Multi-Az for the RDS DB and run the reports on the standby instance.
Migrate the data to Redshift clusters and run the reports on Amazon Redshift.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 6 of 100

A car rental company has switched from an on-premise database from PostgreSQL to AWS RDS. Recently, they have started getting performance issues, despite using Read Replicas. This is happening globally across all rental stations in the world, and they are looking for a solution urgently that does not change the underlying RDS architecture.

You are hired by the company as a Solution Architect. So, what will be the most cost-effective solution that will resolve the global performance issue?

Use DynamoDB Global Tables
Use Amazon Aurora Global Database
Use AWS Database Migration Service to migrate the data to Amazon DocumentDB and setup DocumentDB instances globally.
Migrate RDS for PostgreSQL data to S3 and then use Cross Region Replication.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 7 of 100

A company has stored all its sensitive data in Amazon DynamoDB. Currently, applications consume data via EC2 instances over the public internet. This is a major red flag raised by the security team.

How will you design a solution to resolve this?

Create a NAT gateway to access the DynamoDB data.
Create an Internet Gateway to access the DynamoDB data.
Create a VPC endpoint to access the data.
Create a VPC Peering to access the data.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 8 of 100

A company is migrating its on-premise database to AWS Relational Database Service (RDS). The database needs to be readily available and should not be vulnerable to availability zone failures. Also, their workload is read-heavy and the userbase operates in a single region.

Which of the following solutions will meet their requirements? (Select TWO.)

Enable Multi-Availability Zone support for their RDS database.
Enable Multi-region support for their RDS database.
Create a read replica and point their read-heavy workload to it.
Create a read replica and perform an automatic failover in case of AZ failure.
Setup a read replica in different Availability Zone.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 9 of 100

A company is trying to integrate its on-premise storage solution with AWS. Their first requirement is integrating their file interface into S3.

Which AWS solution will solve this?

Volume Gateway
Tape Gateway
FSx File Gateway
S3 File Gateway

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 10 of 100

A company is using a multi-AZ PostgreSQL database for its application. You have been hired as a database consultant. Your first task is to develop a cost-effective disaster recovery solution that restores data in other AWS regions with a Recovery Time Objective (RTO) of 2 hours, and a Recovery Point Objective (RPO) of 8 hours.

How will you design the most cost-effective solution, keeping all the requirements in mind?

Create a read replica in another region and promote it as a standalone instance in case of disaster.
Create a Lambda function that will take a snapshot on an hourly basis and another lambda to copy this snapshot to another region. Use this snapshot to deploy DB in case of disaster.
Create a similar copy with multi-AZ in another region and perform constant replication.
Create a read replica in another region with a lower instance family. In the case of disaster, bump up the instance size.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 11 of 100

A company runs various distributed applications that are built using a microservices architecture. These applications are running across multiple AWS accounts and contain underlying AWS services. Recently, users have reported issues while using the applications, and the CTO wants to check which of the underlying AWS services are not performing well. You have been appointed as Solution Architect, and your first job is to find the underlying service that is not performing well.

Which of the following can trace user requests across applications spanning through multiple accounts, and provide an end-to-end view of how the application is performing?

AWS Trusted Advisor
AWS CloudTrail
AWS X-Ray
AWS CloudWatch Metrics

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 12 of 100

A digital marketing company has switched to serverless architecture and uses DynamoDB to store social media influencer statistics such as profile details, active platforms, number of followers, engagement rate etc. The engineering team at the company is looking for an in-memory caching mechanism that is highly available and has low latency (high performance). It needs to support a live leaderboard that ranks influencers by their number of followers on each platform.

As a Solution Architect, which of the options below is the most optimal and cost-effective?

DocumentDB
AWS Aurora Serverless
DynamoDB Accelerator (DAX)
Amazon Redshift

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 13 of 100

A finance company has moved its infrastructure to AWS Cloud. As part of the backup process, a batch job runs daily at midnight for a couple of hours to make a backup of the crucial business transactions for the previous day. The company is looking for a long-term solution (more than a year) using EC2 instances, to run the job on the scheduled time window.

As the Solution Architect of the company, which of the EC2 options below would you suggest as the most Cost-Effective?

Use Spot Instances.
Use On-Demand Instances.
Use Dedicated Instances.
Use Scheduled Reserved Instances.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 14 of 100

A finance portal collects important stock details across multiple indices all over the world and sends this data to AWS Cloud in the form of key-value pairs. The tech team supporting this portal is looking for a serverless, highly available NoSQL database which can process the data without impacting performance.

Which of the following AWS Services is the most optimal choice?

DynamoDB
ElastiCache
RDS
Amazon Neptune

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 15 of 100

A gaming company has built a new game based on the stock market, that lets users invest virtual money and play in accordance with real time stock prices. The new gaming application has been launched on EC2 instances managed by an Auto Scaling group across multiple Availability zones.

As solution architect, which scaling strategy would you suggest as being most optimal, considering traffic to the gaming application increases during market hours, and decreases significantly after that.

Manual Scaling
Dynamic Scaling
Predictive Scaling
Scheduled Scaling

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 16 of 100

A gaming startup has launched a new game that has become popular. But recently, gamers have reported in-game lags while fetching profile and leaderboard details from the gaming portal. This is affecting the performance of the game. As the gaming portal is a relational database, the technical team has decided to add a caching layer before the database layer. The caching layer should also have replication capability.

Which of the following AWS services fulfill the above requirements and help to improve performance?

DynamoDB Accelerator (DAX)
ElastiCache for Memcached
CloudFront
ElastiCache for Redis

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 17 of 100

A global bank that uses AWS cloud to maintain its IT infrastructure across multiple VPCs, has acquired a local bank that has applications both on AWS cloud, and in an on-premise data center. The local bank must maintain a few applications on-premise, because of compliance and regulatory requirements. Because of this recent acquisition, the IT team of the global bank is looking for a scalable solution to connect the VPCs across both banks, and also the on-premise applications.

As a solutions architect, which of the following is the most optimal and cost-effective solution?

Use Internet Gateway to connect the VPCs and on-premise applications.
Use Transit Gateway to connect the VPCs and on-premise applications.
Use VPC Peering to connect the VPCs and on-premise applications.
Use Transit VPC to connect the VPCs and on-premise applications.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 18 of 100

A global bank was using MySQL database for its flagship application on its on-premise infrastructure.
It has migrated its infrastructure to AWS cloud and has kept the underlying database schema unchanged. Recently, its flagship application has been facing performance issues, and the company has hired you as the solution architect to help with these issues without moving away from the underlying database schema.

Which of the following options would you suggest as the most cost-effective, that can help resolve the performance issue?

Use Amazon DynamoDB Global Tables.
Use Amazon Aurora Global Database.
Amazon DocumentDB Global Clusters
Use Amazon Redshift Clusters.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 19 of 100

A global healthcare company is using IBM DB2 relational database to store confidential patient information on its on-premise infrastructure. It is now planning to move its infrastructure to AWS cloud, and the IT team is thinking of using Amazon RDS PostgreSQL to store the data.

Which of the following is true regarding data security on Amazon RDS?

Amazon RDS supports only encryption at rest using AWS KMS but does not support in-transit encryption.
Amazon RDS supports both in-transit encryption and encryption at rest using AWS KMS.
Amazon RDS supports only in-transit encryption but does not support encryption at rest.
Amazon RDS doesn’t support any encryption

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 20 of 100

A global IT company has recently deployed its infrastructure on AWS cloud. The critical applications are deployed on EC2 instances within a single VPC. These applications create reports which need to be sent to the Executive team of the company via email. The company’s engineering team wants to use Amazon’s SNS service for the same, but as the reports are critical, they are concerned about accessing SNS over public internet.

As solution architect, which of the following options would you recommend?

Use Internet Gateway to access Amazon SNS.
Use NAT Gateway set as public to access Amazon SNS.
Use VPC Interface Endpoint to access Amazon SNS.
Use VPC Peering to access Amazon SNS.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 21 of 100

A global leader in computer-based testing is using AWS API Gateway to create its APIs. As these APIs have valuable data related to upcoming highly valued professional exams, it is looking for various access control (authentication/authorization) methods that can authorize an API call within the API Gateway. It is also looking for an in-built user management solution for better security and control.

The company has hired you to find a solution. Which of the following will you suggest?

Use Amazon Cognito User Pools.
Use Amazon Cognito Identity Pools.
Use API Gateway Lambda authorizer.
Use AWS IAM authorization.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 22 of 100

A global leader in stock photography and music moved its IT infrastructure to the cloud last year. The content is currently stored on an EBS volume and is distributed by EC2 instances behind an application load balancer. It is downloaded from all over the world. Every time a photo or music is popular, the website experiences very high network costs and performance issues.

As a solution architect, which option would you recommend to improve performance and reduce the network costs, without changing the application code?

Store the content on Amazon S3.
Increase capacity of the EC2 instances by scaling vertically.
Use AWS Lambda.
Use a CloudFront Distribution.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 23 of 100

A global pharma company uses AWS Lambda to process sensitive patient information.
As there are multiple environments in the IT infrastructure of the company, the lambda functions use environment variables. As per the compliance and security policy of the company, the environment variables should be encrypted by default and the key should be managed by the user.

Which of the following options correctly explains the encryption happening here?

Lambda encrypts environment variables using AWS KMS with AWS defined KMS Key.
Lambda encrypts environment variables using AWS KMS with user specified CMK.
Default encryption of environment variables happens through AWS CloudHSM.
Lambda has its in-built encryption mechanism.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 24 of 100

A global retail conglomerate (Company A) has acquired a local retail chain (Company B). Both the companies have their own AWS accounts. As part of the merger, Company A wants some of its users to have access to the AWS resources of Company B.

You have been hired as the Solution Architect for this job, so which of the options below would you recommend?

Share the Root user credentials for Company B’s AWS Account with the users of Company A.
Create a new IAM user under Company B’s AWS account and share the credentials with the users of Company A.
It is not possible to have cross-account access.
Create a new IAM role with the necessary access to the resources in Company B’s AWS account, which the users of Company A will assume.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 25 of 100

A large gaming company has moved its IT infrastructure to cloud and is using Amazon S3 buckets for its storage needs. After the first year of migration, the finance department has reported high costs associated with S3 storage. As the Solution Architect of the IT Team, you have been asked to take the necessary action.

As the access patterns are often unpredictable, which of the S3 Storage classes below would you recommend, to reduce storage costs without affecting the performance of the games?

Amazon S3 Standard
Amazon S3 Intelligent-Tiering
Amazon S3 Glacier Deep Archive
Amazon S3 on Outposts

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 26 of 100

A library has launched its own mobile application where users can add, renew, and delete books from their accounts. This information is stored in a local database. The library is planning to move its entire IT infrastructure to AWS cloud and is looking for a fully managed and serverless solution. You have been hired as a solution architect to assist with this migration.

Which option would you suggest as the most optimal solution?

Host the application on EC2 instances with Amazon RDS Oracle database to store the data.
Deploy the application on AWS API Gateway, which triggers the AWS Lambda function for a customer action, which in turn updates the data on Amazon DynamoDB tables.
Host the application on EC2 instances behind Application load balancer, with Amazon DynamoDB tables to store the data.
Deploy the application on AWS API Gateway, which triggers the AWS Lambda function for a customer action, which in turn updates the data on Amazon RDS MySQL database.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 27 of 100

A local education institution is planning to go global and wants to move its IT infrastructure to AWS Cloud. It is looking for a serverless solution for its static content website.

As solution architect, which option would you suggest as the most optimal?

Host the website on Amazon S3. Create a CloudFront Distribution with Amazon S3 as the origin.
Host the website on an EC2 instance. Create a CloudFront Distribution with the EC2 instance as the origin.
Host the website on AWS Lambda. Create a CloudFront Distribution with AWS Lambda as the origin.
Host the website on an EC2 instance behind Application Load Balancer. Create a CloudFront Distribution with Application Load Balancer as the origin.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 28 of 100

A new member joins your team, and you create an IAM account for the user. After the account creation, you provide the user with the access key and secret key. You also add the user to the system admin IAM group. But, when the user tries to login via AWS console, it fails.

What might the issue be?

The user must be part of the admin group to log in to the console.
Users need to use the corporate network to log in to the AWS console.
To log in to the AWS console, you need to generate the password for the user. Users need to use this password to log in to the AWS console.
You need to enable multi-factor authentication for a user to log in to the AWS console.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 29 of 100

A pharmaceutical company is conducting Covid testing on a large scale. It has deployed its IT infrastructure on the AWS cloud. There are multiple EC2 instances operating in the private subnet which is part of a custom VPC. These instances are running Covid testing applications that need access to Amazon S3 for fetching lab results for the test takers. Once samples are processed, the test results need to be updated on a DynamoDB table. The company’s IT team have concerns over accessing S3 and DynamoDB over the public internet, as they are not part of the custom VPC.

As the Solution Architect of the team, which of the following options would you recommend as optimal and cost effective?

Create an interface endpoint for S3 and then connect using a private IP address. Create a gateway endpoint for DynamoDB, and then add it as a target in the route table of a custom VPC.
Create an interface endpoint for S3 and DynamoDB and then connect using a private IP address.
Create an interface endpoint for DynamoDB and then connect using a private IP address. Create a gateway endpoint for S3 and then add it as a target in the route table of a custom VPC.
Create a gateway endpoint for both S3 and DynamoDB,and then add them as targets in the route table of a custom VPC.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 30 of 100

A photo printing company hosts its application on EC2 instances and uses Amazon S3 for its storage needs. Once a customer places a print order, EC2 instances process the order, then communicate to Amazon S3 to store the photos uploaded by the customer. Both the EC2 instances and Amazon S3 are present in the same region.

Which of the below is the most cost-effective way to connect with Amazon S3?

Use Gateway VPC Endpoint for S3.
Use Interface VPC Endpoint for S3.
Use NAT Gateway to connect to Internet Gateway and then perform the required configuration to connect to S3 through Internet Gateway.
Use S3 Transfer Acceleration

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 31 of 100

A podcast company hosts its website on Amazon S3 and has a slowly but steadily growing user database. Recently, it has started a podcast series that has gone viral and gained a lot of attention from users all over the world. Daily traffic to the site has quadrupled, which has also sky-rocketed the AWS S3 costs.
The company has hired you as a solution architect to suggest an optimal solution to reduce costs, without impacting performance.

Which solution would you recommend?

Move data to Amazon RDS and then configure AWS Lambda to deliver the data.
Move data from S3 to an EBS volumes and then host the website on EC2 instances.
Setup CloudFront Distribution to deliver data from Amazon S3.
Move data to DynamoDB and then setup CloudFront Distribution to deliver the data.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 32 of 100

A recently launched game by a popular gaming company has become an instant hit.
The gaming application is hosted on EC2 instances behind an Application Load Balancer.
The security team at the company has noticed a spike in the Cross-site scripting and SQL injection attacks on the gaming application.

As solution architect, which of the following would you recommend as the most effective in providing additional protection against these attacks?

Use AWS Shield with Application Load Balancer.
Use AWS Web Application Firewall (WAF) with Application Load Balancer.
Use AWS GuardDuty with Application Load Balancer.
Use Amazon Inspector with Application Load Balancer.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 33 of 100

A startup has grown into a global company, comprising various departments that each have their own AWS accounts. All the company’s critical files are stored on AWS S3 bucket whose access was initially given to only a few users. As the company has grown horizontally as well as vertically, there is now a need to provide user level, as well as cross account level access permissions to the files i.e., objects stored in S3 bucket.

As a Solution Architect, which of the following options will you suggest as the most optimal and cost-effective for the given scenario?

Use Access Analyzer for S3.
Use Access Control Lists (ACLs).
Use interface endpoint for S3.
Use S3 bucket policies.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 34 of 100

A tax filing company is planning to move its infrastructure to AWS cloud. For storing years of customer data, it is thinking of using highly available and durable Amazon S3 storage options. As per the compliance policy, the company is required to provide immediate access to the latest 5 years of client data, which is accessed frequently by customers. Data older than 5 years should be accessible within a timeframe of up to 24 hours.

Which of the following is the most cost-effective solution for the given scenario?

Use Amazon S3 Standard – General Purpose storage for the latest 5 years data and transition the data older than 5 years to Amazon S3 Glacier Deep Archive storage using S3 Lifecycle policy.
Use Amazon S3 Standard – General Purpose storage for the latest 5 years data and transition the data older than 5 years to Amazon S3 Glacier Instant Retrieval storage using S3 Lifecycle policy.
Use Amazon S3 Standard-Infrequent Access storage for the latest 5 years data and transition the data older than 5 years to Amazon S3 Glacier Deep Archive storage using S3 Lifecycle policy.
Use Amazon S3 Standard-Infrequent Access storage for the latest 5 years data and transition the data older than 5 years to Amazon S3 Glacier Instant Retrieval storage using S3 Lifecycle policy.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 35 of 100

A web application is hosted on multiple EC2 instances in a subnet of a VPC. These instances were created using all default options in the AWS management console. The Application IT team provisions two new EC2 instances for the application in the same subnet. Instance A is launched using all default options. For Instance B, the IT team creates a new security group and associates it with the instance while keeping other options as default. The team can ping instance A from the existing instances in the subnet, but not instance B.

As a Solution Architect for the team, can you help them identify the reason for this behavior?

It is because the default Network ACL associated to the subnet of the VPC allows traffic from existing instances to flow to instance A, while for instance B, it does not.
Instance A is associated with default security group. The default rules of a default security group allow inbound traffic from the instances assigned to the same security group. Instance B is associated to a new security group. The default rules of a custom security group created by the team allow no inbound traffic.
It is because the default Network ACL associated to the subnet of the VPC blocks any traffic to flow to a new security group associated to any instance in that subnet.
Instance A is linked to the default security group. The default rules of a default security group allow inbound traffic from all the sources. Instance B is linked to a new security group. The default rules of a custom security group created by the team allow no inbound traffic.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 36 of 100

A well-known bank has moved its IT infrastructure to the AWS cloud. As it is a global bank, it has setup Amazon CloudFront distributions with Application load balancers as the origin, to reduce the latency and increase speed. Recently, the bank was targeted by a series of distributed denial of service (DDoS) attacks, which had significant impacts on its revenue and reputation. The IT team has hired you as a solution architect to help protect against future DDoS attacks.

Which AWS service would you recommend as the most optimal cost-effective solution?

Use AWS Shield with CloudFront Distributions.
Use AWS WAF (Web Application firewall) with CloudFront Distributions.
Set rules on the security group attached to Application Load Balancer to deny IPs associated to DDoS attacks.
Use Security hub with CloudFront Distributions.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 37 of 100

An AI (Artificial Intelligence) based company carries out very high performant machine learning workloads.
It is planning to move its IT infrastructure to AWS cloud and is looking for the most optimal EC2 instance type that can support this high performant workload. The company does not mind if the EC2 instances use hardware accelerators or co-processors to complete the task.

As a Solution Architect, which option would you suggest?

General Purpose
Compute Optimized
Memory Optimized
Accelerated Computing

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 38 of 100

An e-commerce company has moved its IT infrastructure to AWS cloud. Its flagship application is launched on a fleet of EC2 instances which are deployed behind an application load balancer and managed by an Auto Scaling group across 4 Availability zones (AZ). The company has a lot of flash sale events and wants the instances to scale up during these events. Once the event is over, the instances can be scaled down to meet usual business needs. The company wants the instances to be highly available, but at the same time, it also wants to keep costs as low as possible.

As a solution architect of the company, which of the options below would you recommend to meet the requirement?

Set the minimum capacity to 1.
Set the minimum capacity to 2.
Set the minimum capacity to 3.
Set the minimum capacity to 4.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 39 of 100

An engineer is running a number of intensive tasks in an environment and wants to store the log files for these tasks for an extended time. They need to access the new log files, but once the files are older than 30 days, they will seldom be accessed by anyone. They are looking to implement cost effective log storage solution in AWS.

Upload the file in S3 Standard storage class and create a lifecycle rule to move it to Standard IA storage class after 30 days
Upload the file in S3 Intelligent tiering storage class
Upload the file in S3 Standard IA storage class and create a lifecycle rule to move it to Glacier storage class after 30 days
Upload the file in S3 Standard storage class and create a lifecycle rule to delete the object after 30 days

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 40 of 100

An insurance company has moved its IT infrastructure to AWS cloud. It uses Amazon S3 to store all critical reports and confidential customer data. As the data is sensitive, the IT team wants to enforce an encryption mechanism on S3, whereby the encryption keys are managed by the user and the encryption is managed by S3.

As solution architect, which of the following would you suggest?

Use Server-Side Encryption with Customer-Provided Keys (SSE-C).
Use Server-Side Encryption with AWS KMS keys (SSE-KMS).
Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Encrypt the data before sending to S3.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 41 of 100

An IT company has migrated its on-premise infrastructure to AWS Cloud. After one year, the finance team has raised concerns over the increasing data transfer costs with AWS.

As a solution architect, which of the below options is least appropriate for reducing data transfer costs?

Use AWS Cost Explorer along with cost allocation tags.
Keep your resources in multi-AZ.
Keep data transfers within a single region.
Use VPC Endpoints to connect to public AWS services instead of NAT Gateway.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 42 of 100

An IT company has moved its infrastructure to AWS Cloud and is looking to use EC2 instances to host its Flagship application. To address corporate compliance and regulatory requirements, the company must use its existing server bound software licenses. Also, it is looking for additional visibility of the number of sockets and physical cores associated with the instances.

Which of the following is the most cost effective solution for the given scenario?

Use Dedicated Instances
Use On-Demand Instances
Use Dedicated Hosts
Use Spot Fleet

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 43 of 100

An IT company has moved some of its on-premise applications to the AWS cloud. Now, the company wants to set up connectivity between its remaining on-premise applications, and the applications on AWS. Because of the audit and compliance requirements, the connection needs to be set up within a week.

Which solution is the most optimal and cost-effective for the given scenario?

Use AWS DataSync.
Use AWS Direct Connect.
Use AWS Site-to-Site VPN.
Use AWS Storage Gateway.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 44 of 100

An IT company’s infrastructure is divided into various environments. It uses AWS S3 to store the sensitive customer data present in the production environment. The Devops Team wants encryption of data at rest in S3, control over key rotation, and logging of key usage.

As solution architect, which of the following would you suggest as the optimal solution?

Use Server-Side Encryption with Customer-Provided Keys (SSE-C).
Use Client-Side Encryption.
Use Server-Side Encryption with AWS KMS keys (SSE-KMS), with customer managed keys.
Use Server-Side Encryption with AWS KMS keys (SSE-KMS), with AWS managed keys.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 45 of 100

An IT firm has a two-tier architecture within a custom VPC, consisting of a private, as well as a public subnet. EC2 instances are launched in both subnets. Recently, the firm launched a new project, under which the EC2 instances in both the public and private subnets will need only outbound access to the internet.

They have appointed you as the Solution Architect to setup the required configuration.
Which of the options below represents the correct configuration?

Create an Internet Gateway and attach it to the VPC. Create a route table in the public and private subnets, and add a route to the Internet Gateway. This will allow EC2 instances in both subnets to have internet access.
Create an Internet Gateway and attach it to the VPC. Create a route table in the public subnet and add the route to an Internet Gateway, this will allow EC2 instances in the public subnet to have internet access. Create an NAT Gateway in the public subnet and route traffic to an Internet Gateway. Create a route table in the private subnet and add the route to the NAT Gateway. This will allow EC2 instances in the private subnet to have internet access.
Create an NAT Gateway and attach it to the VPC. Create a route table in the public and private subnets and add the route to the NAT Gateway. This will allow EC2 instances in both the subnets to have internet access.
Create an Internet Gateway and attach it to the VPC. Create a route table in the public subnet and add the route to the Internet Gateway. This will allow EC2 instances in the public subnet to have internet access. Create an NAT Gateway in the private subnet and route traffic to the Internet Gateway. Create a route table in the private subnet and add the route to the NAT Gateway. This will allow EC2 instances in the private subnet to have internet access.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 46 of 100

An IT team is looking for a serverless architecture for their Web Application. They are planning to use an API Gateway to create the REST API which further invokes a Lambda function. To secure the API, they are also looking to establish an access control method for the API Gateway.

Which of the following CANNOT be used as an access control method with an API Gateway?

AWS IAM roles and policies
Amazon GuardDuty
Lambda Authorizer
Cognito User Pools

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 47 of 100

An MNC has been divided into multiple departments like Finance, Tech, Admin, HR etc.
Each of these departments has their own IAM User group in AWS Cloud. A group in the tech department has completed their MBAs and has been shifted to the Finance department.

As the Solution Architect of the MNC, how can you provide these newly transferred staff members with permissions pertinent to the Finance group? You will also need to remove their permissions from the Tech group as quickly as possible, and with minimal changes.

Remove the people from your AWS account and add them back under Finance group.
Remove the people from Tech group and edit their IAM user permissions so that they have the required permissions assigned to Finance Group.
Remove the people from Tech group and add them to Finance Group.
Provide Root User access to them so they can get all the permissions they want.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 48 of 100

As a solution architect, you need to choose a cost-efficient EBS storage solution. Cost is the primary driving factor, and data is not frequently accessed.

Choose the EBS solution which best fits your needs.

General Purpose SSD
Throughput Optimized
Cold HDD
Provisioned IOPS

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 49 of 100

As part of a high-availability setup, you find out that whenever an instance stops/starts, the public IP assigned to it changes.

Which of the following is true about when you stop/start an instance? (Select TWO.)

The instance may boot up to a different host computer.
All data stored in EBS Volume will be lost.
If the instance uses Elastic IP(EIP), that will be disassociated.
Public IP will remain the same.
If the instance uses instance store volume, all the data will be lost.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 50 of 100

As per security and compliance guidelines, your company follows the policy of storing the secret strings used in critical applications in a Systems Manager (SSM) Parameter Store. Your company is undergoing an audit and the audit team wants to get a report on the users who have made API calls to the SSM Parameter store service.

As solution architect, which AWS service would you use that can provide tracking of the API calls made to SSM Parameter Store?

AWS Inspector
AWS Config
AWS X-Ray
AWS CloudTrail

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 51 of 100

In an audit, the security team finds that the data stored in the EBS volume is not encrypted. On top of that, the auditor says that whichever encryption solution you choose, your company should own the key, rather than AWS.

Which solution meets these requirements?

AWS Key Management System (KMS)
AWS Cloud Hardware Security Module (HSM)
AWS Identity and Key Management (IAM)
AWS Web Application Firewall (WAF)

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 52 of 100

Scientists at a global pharma company are performing tests for creating booster shots for a new Covid variant. The tests are running on EC2 instances, and they want to use a temporary storage space which can deliver high I/O performance.

As a Solution Architect, which of the following would you suggest as the most cost effective and optimal?

Use EBS General Purpose SSD volume as the storage option.
Use EBS Provisioned IOPS SSD volume as the storage option.
Use Instance Store as the storage option.
Use EBS Throughput Optimized HDD volume as the storage option.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 53 of 100

To enhance the security of your AWS account and secure IAM user credentials, you have been asked by your CTO to remove the credentials of all users who have not used their password/access keys in the last 6 months.

What should you do to find the unused credentials?

Use AWS IAM Access Analyzer.
Use AWS IAM Access Advisor.
Use IAM Credential Report.
Use AWS Audit Manager.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 54 of 100

What are the various types of multi-factor authentication (MFA) available to provide an additional layer of authentication and security for AWS account root users? (Select TWO.)

Root user is provided with an Amazon USB device to use for MFA.
Signing in with a Virtual MFA device.
Signing in with an A2B Security Key.
Root user is provided with an additional 10-digit password from Amazon for MFA.
Signing in with a Hardware Key Fob MFA Device.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 55 of 100

What does this IAM policy do?

Show Code Block

It allows users to describe EC2 Instances Attributes only when they make a call from within the 123.50.31.0/24 CIDR block, but can start, stop or terminate EC2 instances only when the call is made from specific IP address - 123.50.31.200
If users make a call from within the 123.50.31.0/24 CIDR block, they can’t access the EC2 instances, but can only access the EC2 instance when the call is made from specific IP address - 123.50.31.200
It allows users to start, stop or terminate EC2 instances when they make a call from within the 123.50.31.0/24 CIDR block, but can only describe EC2 Instances Attributes when the call is made from specific IP address - 123.50.31.200
Users can perform all actions on EC2 instances when they make a call from within the 123.50.31.0/24 CIDR block.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 56 of 100

What does this IAM policy do?

Show Code Block

This policy allows all users to access the S3 bucket - my-example-bucket.
This policy allows access to the S3 bucket - my-example-bucket for only those users whose request originates from vpc-111aaa22.
This policy allows all the users to access the S3 bucket - my-example-bucket, except for the ones whose request originates from vpc-111aaa22.
This policy allows all users to access all S3 buckets in the account, except S3 bucket -my-example-bucket.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 57 of 100

What is not good practice when securing your IAM user Access Keys?

Use temporary security credentials (IAM roles) instead of access keys.
Rotate your access keys on a regular basis.
Save the access key ID and secret access key in a secure location if you need to use them.
Embed access keys in your code so that only you can fetch it when needed.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 58 of 100

Which of the following statements is true about Pilot Light? (Select TWO.)

It's a cost-effective Disaster Recovery (DR) strategy.
It's a hot standby in case of disaster recovery.
It only copies a minimal amount of data.
It can scale up to handle all the critical load.
Pilot infrastructure should be present in the same region.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 59 of 100

Which one of the following shouldn’t be followed as a security recommendation while creating your AWS account root user?

Never share your AWS account root user password or access keys with anyone.
Encrypt the access keys and save them on S3 bucket.
Don’t use the root user for your everyday tasks.
Enable AWS multi-factor authentication (MFA) on your AWS account root user account.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 60 of 100

Which statement is true when it comes to connection states of Security Groups and Network ACLs in a VPC?

Security groups are stateful and Network ACLs are stateless.
Both Security groups and Network ACLs are stateless.
Security groups are stateless, and Network ACLs are stateful.
Both Security groups and Network ACLs are stateful.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 61 of 100

You are building a confidential website using S3. The security requirement is that data in S3 should only be accessed via CloudFront.

How will you achieve this?

Create an IAM role only to grant access to the object via CloudFront.
Create an IAM policy only to grant access to the object via CloudFront.
Create an S3 bucket policy to grant access to CloudFront.
Create an Origin Access Identifier (OAI) and grant access to S3 objects via Origin Access Identifier (OAI).

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 62 of 100

You are building an inventory of the number of EC2 instances running in your AWS account, and your task is to get a private IP of all your EC2 instances. What are the different ways you can get the private IP of your EC2 instances? (Select TWO.)

Log in to the instance and run ifconfig (Linux) and ipconfig (Windows).
Using instance metadata service and retrieve IP using http://169.254.169.254/latest/meta-data/local-ipv4.
Using user metadata service http://169.254.169.254/latest/user-data/local-ipv4.
Using AWS command line via aws ec2 private-ip command.
Using AWS Private IP service.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 63 of 100

You are currently running your servers in hybrid mode with some of the applications running in AWS and some in an on-premise datacenter. You are using Ansible in your on-premise environment to push your configuration changes.

Which equivalent solution will you choose in the AWS environment?

AWS OpsWorks
AWS Config
CloudFormation
There is no equivalent solution available in AWS. You need to configure your own Ansible Server.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 64 of 100

You are designing a NoSQL solution for a company that stores data in tables and has strong, consistent reads. Which solution should you choose?

MySQL
DynamoDB
Aurora
RedShift

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 65 of 100

You are designing a stateless application running in an auto-scaling group. In the case of a scale-out event or scale-in event, you need a service to store the user-session information.

Which of the following services can you use to store the user session information?

S3
ElasticCache
EBS
RDS

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 66 of 100

You are designing a storage solution for a company. The storage needs to be able to, scale infinitely, retrieve data quickly, and store almost unlimited data.

Which solution should you choose?

EBS
S3
EFS
Glacier

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 67 of 100

You are designing a website hosted in an EC2 instance. In the case of a failure, a simple static page is hosted in S3.

Which Route53 routing policy will you use to handle failover?

A simple routing policy
A failover routing policy
A latency routing policy
A weighted routing policy

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 68 of 100

You are designing the solution for a company using S3 to store customer data. For the first 48 hours, the data is frequently accessed by the customer, and after that, it can be moved to long-term storage. You need to store the first 48 hours of data and provide a high level of data availability.

Which is the most effective S3 storage class you would recommend?

S3 Standard storage class
S3 One Zone-Infrequent Access storage class
S3 Intelligent-Tiering storage class
S3 Standard-Infrequent Access storage class

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 69 of 100

You are hired as a solution architect for a company, and your first task is to run a command on a large set of servers and store all credentials in a secret store using AWS native solution. Currently, you are doing this via a shell script, and the custom secret solution is in the on-premise environment.

How will you design a solution? (Select TWO.)

Use the same custom shell script to login to all the servers.
Store all the secrets in the Vault.
Use AWS System Manager Run Command to automate running a command on a set of servers.
Use AWS System Manager Parameter Store to store secrets.
Use AWS Inspector to automate running a command and storing the secret.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 70 of 100

You are looking for an automated solution to move data between the different S3 storage classes to save costs with minimal effort.

How will you achieve this?

Write a cron script.
Use system manager.
Use AWS Config.
Use S3 Intelligent tiering.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 71 of 100

You are planning to build all your future applications using AWS Lambda. Which of the following are the characteristics of Lambda that will help you choose Lambda over other AWS services? (Select TWO.)

Provides native code.
Auto Scaling
The trigger is configured automatically.
Automatic Patching
You can’t bring your own language.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 72 of 100

You are planning to implement a caching solution for your application. Before you plan to implement ElastiCache, you want to evaluate the engine supported by it.

What are the two engines supported by ElastiCache?

Redis and DocumentDB
Redis and MyISAM
Redis and Memcached
Memcached and InnoDB

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 73 of 100

You are planning to use proprietary software, and one of its license requirements is that it can run only on a dedicated server.

Which instance type can you choose to fulfill this requirement?

A reserved instance
An on-demand Instance
A spot instance
A dedicated instance

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 74 of 100

You are releasing a new version of your application and want to open it to only a few customers. You set up a weighted routing policy with 95% traffic going to the deployed application, and only 5% to the newly deployed application. You find a bug in the newly deployed application and want to stop sending traffic to it.

How will you do this?

You can set the weight to 100.
You can set the weight to 0.
Delete the resource completely.
You can set the weight to -1.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 75 of 100

You are using a two-tier application with an AWS RDS database in the backend. Your user is complaining about the slowness of the application. While debugging, you find there are several read-only requests.

What solutions can you implement to improve the performance of your application? (Select TWO.)

Instance Store
ElastiCache
Provisioned IOPS
Create a read-only replica.
Setup Multi-AZ Cluster.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 76 of 100

You are using SQS in your environment to provide decoupling. From the queue, one of the consumer's systems has been down for two days.

What will happen once their system comes back online?

The message will be lost as it's available only for that particular time period.
The consumer will receive the message as an SQS store message for four days.
The consumer will not receive the message as an SQS store message lasts for only one day.
The consumer will receive the message as an SQS store message forever.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 77 of 100

You are working for a company whose website receives major customer traffic between 9 a.m. and 10 a.m. The company uses EC2 instances, and these instances use an auto-scaling group. Between their peak period of 9 a.m. and 10 a.m., the website becomes slow, resulting in growing customer dissatisfaction.

What steps will you take to resolve this issue?

Configure step auto scaling.
Configure an application load balancer in front of the server to reduce the load.
Configure a caching mechanism to cache frequent access data.
Configure scheduled scaling, which kicks off before 9 am. This will scale-out servers in their auto-scaling group before 9 am.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 78 of 100

You have a website hosted using S3 that is accessed by people worldwide. Which AWS solution can you use to make it so that your customers have a similar user experience, irrespective of which part of the world they are accessing it from?

Setup EC2 in the different geographical location.
Use Lambda edge service.
Use CloudFront using S3 bucket as its origin.
Use Route53 geolocation feature.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 79 of 100

You have an instance setup in us-west-2a with an EBS volume attached to it. Unfortunately, us-west-2a goes down, but you have an AMI, and when you try to create an instance in us-west-2b and attach the EBS volume, it doesn't work.

What could be the issue?

Maybe the EBS Volume is corrupted.
EBS Volume is zone-specific. You need EBS volume in the same availability zone to make it work.
You might not have an ACL to connect to EBS volume.
You might need an IAM role to connect to EBS volume.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 80 of 100

You have been asked to set up connectivity between your developer network and AWS Infrastructure. The connection doesn't need to be dedicated, but it should be easy to set up, and be able to traverse the internet.

Which cost-effective solution will you choose?

AWS Virtual Private Network (VPN)
AWS Direct Connect
Virtual Private Cloud (VPC) Peering
AWS Transit Gateway

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 81 of 100

You have been given a task to run a Window File Server in your environment using AWS Managed Services. Which AWS Service will you choose?

Elastic Block Store (EBS)
Amazon FSx for Windows File Server
Elastic File System (EFS)
S3

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 82 of 100

You have been hired as a solution architect for an enterprise company and your first task is to reduce their AWS billing costs. While going through their AWS bill, you realize that S3 accounts for most of their costs. Upon investigating further, both the dev and the ops teams inform you that there is a lot of S3 idle data; however, they can’t delete it as they will need it for audit purposes.

What steps can you take to reduce the cost?

Change the S3 storage class from S3 standard to S3 Intelligent-Tiering.
Change the S3 storage class from S3 standard to S3 Standard-Infrequent Access.
Move the data from S3 to Elastic Block Storage (EBS).
Configure the S3 Lifecycle rule to move the data to Glacier as per company policy.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 83 of 100

You have been tasked with taking a snapshot of an instance daily for backup. How will you achieve this by using an AWS native solution? (Select TWO.)

Using AWS command line via 'aws ec2 create-snapshot' command.
Using AWS command line via 'aws ec2 make-snapshot' command.
Go to the EC2 Snapshot console and create snapshots based on instance id or volume id.
Go to the Elastic Block Store (EBS) Snapshot console and create snapshots based on instance id or volume id.
Using third-party solutions.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 84 of 100

You have created an IAM user, and by using his credentials (access/secret keys), you are attempting to access AWS services (EC2, S3), but it's not working.

What could be the reason?

When you first create a user, it starts with an administrator access policy, so you need to check the security group.
When you first create a user, it starts with power user access, so you need to check the security group.
When you first create a user, it starts with no permission, and that's why it's failing.
When you first create a user, it starts with minimal permission, so you need to check the security group.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 85 of 100

You have deployed an application using an IPv4 address in the private VPC that needs to connect to the internet to get security updates. It's a confidential application, so the security requirement is that no one on the internet should be able to connect to the application.

Which AWS native solution do you implement to achieve this goal?

Configure a NAT gateway.
Configure a NAT Instance in VPC.
Configure an internet gateway.
Configure an egress gateway.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 86 of 100

You have set up AWS RDS MySQL in Multi-AZ. There is an issue in primary AZ, and you need to failover to a replica.

Is the data in the replica in sync with the primary?

No, as AWS RDS MySQL uses asynchronous replication.
Yes, as AWS RDS MySQL uses synchronous replication.
No, as AWS RDS MySQL uses schedule replication.
Yes, as AWS RDS MySQL uses continuous replication.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 87 of 100

You have set up your RDS in a multi-availability zone. What will happen if there is a failure in one availability zone? (Select TWO.)

AWS will try to re-create the primary.
Your instance will failover to the replica, and AWS will promote it as a primary.
The master user record will be updated.
You need to perform the failover manually.
There is an automatic update in CNAME. CNAME will automatically be updated with the replica record which is the new primary now.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 88 of 100

You have setup two EC2 instances in the same VPC. Trying to ssh login from one instance to another is not working. You verified that all traffic is allowed in the network access control list (nacl).

What other configuration can you check to identify the problem?

Check in the security group port 22 (ssh) is open.
Check in the security group if there is a deny rule for port 22 (ssh).
Check if all the inbound TCP traffic is allowed in the security group.
Check if all the inbound UDP traffic is allowed in the security group.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 89 of 100

You have three VPCs in your AWS environment, VPC A, VPC B, and VPC C. You want all the instances in these three VPCs to communicate with each other. You set up a VPC peering between VPC A and VPC B and then from VPC B to VPC C. But still, instances in VPC A will not be able to communicate with an instance in VPC C. How can you fix this issue?

Make sure all the VPCs are using the same CIDR blocks.
Add the route table in VPC A for VPC C to fix this issue.
Setup peering between VPC A and VPC C.
VPC Peering cannot achieve this, and you need another AWS networking solution like Transit Gateway.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 90 of 100

You plan to deploy a write-intensive application that requires low I/O latency and high throughput. It also must store all its data in AWS Relational Database Service (RDS). Fast response time is critical, and budget is not a constraint.

Which storage solution should you use?

General Purpose SSD
Magnetic Disk
Provisioned Input Output System (IOPS)
Local Disk

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 91 of 100

You plan to implement an AWS RDS MySQL read-only replica in your environment to reduce the read-only workload.

Which of the following are the characteristics of a read replica? (Select TWO.)

Read replica should be in the same region as Primary.
You can create new read replicas out of the read replicas.
In case of primary failure, the read replica will automatically be promoted to primary.
The replication of read-only replicas is synchronous.
Read replica doesn't need to be in the same region where primary DB is deployed.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 92 of 100

You want to reduce Elastic Compute Cloud (EC2) usage in your dev environment. To achieve this, you need to design the solution to automatically shut down all EC2 instances at 6 p.m., and bring it back at 9 a.m.

How will you achieve this using AWS native technology and minimum effort?

Using AWS Lambda in combination with Python script.
AWS Instance Scheduler
AWS Step Function
Write a cron job.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 93 of 100

Your application is producing a terabyte of structured data. A developer in your team needs to run an analytic query on this data, and the query needs to be executed in parallel.

Which database solution will meet your requirements?

Elastic Cache
RDS
Redshift
DynamoDB

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 94 of 100

Your company has a critical application whose primary requirement is that the data in the root partition must persist irrespective of the instance lifecycle.

Choose the AWS storage solution and the attribute that meets this requirement. (Select TWO.)

Store data in S3.
Store data in EFS.
Store data in Instance store.
Use EBS storage.
Set DeleteonTermination flag to False for the root device.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 95 of 100

Your company is looking for a storage solution that can mount on multiple instances. Which solution should you choose?

Elastic Block Store (EBS)
Elastic File System (EFS)
S3
Glacier

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 96 of 100

Your company is moving infrastructure to AWS cloud and setting up Disaster Recovery (DR) in AWS cloud. Recovery Point Objective (RPO)/Recovery Time Objective (RPO) should be close to zero in case of failover.

Which DR strategy will you choose to meet this objective?

Pilot light
Multi-region (multi-site) active-active
Backup and restore
Warm standby

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 97 of 100

Your company is set up in Oregon, but recently, your application has been receiving traffic from Europe, and in response, you decided to set up your infrastructure there too.

After setting up the infrastructure, what will you do to ensure your company has the best performance?

Setup Route53 geolocation policy.
Setup network load balancer to route traffic evenly between two regions.
Setup Route53 weighted policy to route traffic evenly between two regions.
Setup application load balancer to route traffic evenly between two regions.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 98 of 100

Your company needs to install security software that can only be installed from the vendor server in real-time, and thus can't be part of the Amazon Machine Image (AMI). This software must be installed on servers running in an auto-scaling group during the scale-out event.

How will you achieve this?

Create a custom script and make it a part of user data.
Create a custom script and make it a part of the instance metadata.
Create a custom script and use it as a part of Auto-Scaling lifecycle hooks.
Create a custom script and use it as a part of the Auto-Scaling scheduled scaling.

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 99 of 100

Your customer is storing terabytes of data using the on-premise backup solution. As the backup data increases, so does the cost. To avoid this, the customer wants to save the data in AWS, with the requirement that frequently accessed data should be readily available under low latency.

Which AWS Storage Gateway Solution should you recommend?

Gateway Stored
Virtual Tape
Gateway Cached
S3 Standard

Previous Next Don't Know

Report issue

Suggest Improvement

Time spent on question.

Question 100 of 100

Your servers in on-premise data centers are running low on storage. As these servers are running the critical application, it needs to migrate to the cloud ASAP, to overcome the storage issue. You have terabytes of application data and have limited bandwidth in your data center.

Which AWS solution should you choose to move this data to the S3 bucket?

AWS Snowball
AWS Direct Connect
AWS VPN
AWS Storage Gateway

Previous Submit Don't Know

Report issue

Suggest Improvement

Knowledge Gap Diagnosis

AWS Certified Solutions Architect Associate SAA-C02

Login

Forgot Password

Prepare Smarter. Prepare Better.

Streamline and structure your preparation for the AWS SAA-C02 exam by uncovering your knowledge gaps. Work through 100 quality questions that are closely aligned with the format of the exam. Once you're done, you'll get a detailed diagnostic report showing your level of preparation across each domain, topic, and subtopic.

Four Domains. Just like the actual exam

Much like the exam, you'll get to solve MCQs that test your knowledge across all four domains.

How long does it take?

There are 100 questions (so that we can test all concepts thoroughly), so you should leave at least 2-3 hours. It's longer than the actual exam because we want to cover all concepts equally.

Who is this tool for?

Do you already understand some of the AWS SAA-CO2 topics, but want to know your strengths and weaknesses? Then this tool is for you.

No Time Limit

Work at your own pace. Use the timer to discover the types of questions that slow you down.

Domain 1

Design Resilient Architectures

Locked

Domain 2

Design High-Performing Architectures

Locked

Domain 3

Design Secure Applications and Architectures

Locked

Domain 4

Design Cost-Optimized Architectures

Locked

Question 1 of 100

Question 2 of 100

A business analyst joins your team, and they need access to the AWS RDS MySQL to generate the report. How will you give them access to the database without impacting database performance?

Question 3 of 100

Question 4 of 100

Question 5 of 100

Question 6 of 100

Question 7 of 100

A company has stored all its sensitive data in Amazon DynamoDB. Currently, applications consume data via EC2 instances over the public internet. This is a major red flag raised by the security team. How will you design a solution to resolve this?

Question 8 of 100

Question 9 of 100

A company is trying to integrate its on-premise storage solution with AWS. Their first requirement is integrating their file interface into S3. Which AWS solution will solve this?

Question 10 of 100

Question 11 of 100

Question 12 of 100

Question 13 of 100

Question 14 of 100

Question 15 of 100

Question 16 of 100

Question 17 of 100

Question 18 of 100

Question 19 of 100

Question 20 of 100

Question 21 of 100

Question 22 of 100

Question 23 of 100

Question 24 of 100

Question 25 of 100

Question 26 of 100

Question 27 of 100

A local education institution is planning to go global and wants to move its IT infrastructure to AWS Cloud. It is looking for a serverless solution for its static content website. As solution architect, which option would you suggest as the most optimal?

Question 28 of 100

A new member joins your team, and you create an IAM account for the user. After the account creation, you provide the user with the access key and secret key. You also add the user to the system admin IAM group. But, when the user tries to login via AWS console, it fails. What might the issue be?

Question 29 of 100

Question 30 of 100

Question 31 of 100

Question 32 of 100

Question 33 of 100

Question 34 of 100

Question 35 of 100

Question 36 of 100

Question 37 of 100

Question 38 of 100

Question 39 of 100

Question 40 of 100

Question 41 of 100

An IT company has migrated its on-premise infrastructure to AWS Cloud. After one year, the finance team has raised concerns over the increasing data transfer costs with AWS. As a solution architect, which of the below options is least appropriate for reducing data transfer costs?

Question 42 of 100

Question 43 of 100

Question 44 of 100

Question 45 of 100

Question 46 of 100

Question 47 of 100

Question 48 of 100

As a solution architect, you need to choose a cost-efficient EBS storage solution. Cost is the primary driving factor, and data is not frequently accessed. Choose the EBS solution which best fits your needs.

Question 49 of 100

As part of a high-availability setup, you find out that whenever an instance stops/starts, the public IP assigned to it changes. Which of the following is true about when you stop/start an instance? (Select TWO.)

Question 50 of 100

Question 51 of 100

In an audit, the security team finds that the data stored in the EBS volume is not encrypted. On top of that, the auditor says that whichever encryption solution you choose, your company should own the key, rather than AWS. Which solution meets these requirements?

Question 52 of 100

Question 53 of 100

To enhance the security of your AWS account and secure IAM user credentials, you have been asked by your CTO to remove the credentials of all users who have not used their password/access keys in the last 6 months. What should you do to find the unused credentials?

Question 54 of 100

What are the various types of multi-factor authentication (MFA) available to provide an additional layer of authentication and security for AWS account root users? (Select TWO.)

Question 55 of 100

What does this IAM policy do?

Question 56 of 100

What does this IAM policy do?

Question 57 of 100

What is not good practice when securing your IAM user Access Keys?

Question 58 of 100

Which of the following statements is true about Pilot Light? (Select TWO.)

Question 59 of 100

Which one of the following shouldn’t be followed as a security recommendation while creating your AWS account root user?

Question 60 of 100

Which statement is true when it comes to connection states of Security Groups and Network ACLs in a VPC?

Question 61 of 100

You are building a confidential website using S3. The security requirement is that data in S3 should only be accessed via CloudFront. How will you achieve this?

Question 62 of 100

A business analyst joins your team, and they need access to the AWS RDS MySQL to generate the report.

How will you give them access to the database without impacting database performance?

A company has stored all its sensitive data in Amazon DynamoDB. Currently, applications consume data via EC2 instances over the public internet. This is a major red flag raised by the security team.

How will you design a solution to resolve this?

A company is trying to integrate its on-premise storage solution with AWS. Their first requirement is integrating their file interface into S3.

Which AWS solution will solve this?

A local education institution is planning to go global and wants to move its IT infrastructure to AWS Cloud. It is looking for a serverless solution for its static content website.

As solution architect, which option would you suggest as the most optimal?

A new member joins your team, and you create an IAM account for the user. After the account creation, you provide the user with the access key and secret key. You also add the user to the system admin IAM group. But, when the user tries to login via AWS console, it fails.

What might the issue be?

An IT company has migrated its on-premise infrastructure to AWS Cloud. After one year, the finance team has raised concerns over the increasing data transfer costs with AWS.

As a solution architect, which of the below options is least appropriate for reducing data transfer costs?

As a solution architect, you need to choose a cost-efficient EBS storage solution. Cost is the primary driving factor, and data is not frequently accessed.

Choose the EBS solution which best fits your needs.

As part of a high-availability setup, you find out that whenever an instance stops/starts, the public IP assigned to it changes.

Which of the following is true about when you stop/start an instance? (Select TWO.)

In an audit, the security team finds that the data stored in the EBS volume is not encrypted. On top of that, the auditor says that whichever encryption solution you choose, your company should own the key, rather than AWS.

Which solution meets these requirements?

To enhance the security of your AWS account and secure IAM user credentials, you have been asked by your CTO to remove the credentials of all users who have not used their password/access keys in the last 6 months.

What should you do to find the unused credentials?

You are building a confidential website using S3. The security requirement is that data in S3 should only be accessed via CloudFront.

How will you achieve this?

You are currently running your servers in hybrid mode with some of the applications running in AWS and some in an on-premise datacenter. You are using Ansible in your on-premise environment to push your configuration changes.

Which equivalent solution will you choose in the AWS environment?

You are designing a stateless application running in an auto-scaling group. In the case of a scale-out event or scale-in event, you need a service to store the user-session information.

Which of the following services can you use to store the user session information?

You are designing a storage solution for a company. The storage needs to be able to, scale infinitely, retrieve data quickly, and store almost unlimited data.

Which solution should you choose?

You are designing a website hosted in an EC2 instance. In the case of a failure, a simple static page is hosted in S3.

Which Route53 routing policy will you use to handle failover?

You are looking for an automated solution to move data between the different S3 storage classes to save costs with minimal effort.

How will you achieve this?

You are planning to implement a caching solution for your application. Before you plan to implement ElastiCache, you want to evaluate the engine supported by it.

What are the two engines supported by ElastiCache?

You are planning to use proprietary software, and one of its license requirements is that it can run only on a dedicated server.

Which instance type can you choose to fulfill this requirement?