Question 1
A company hosts a web app on EC2 instances behind an Application Load Balancer in two AZs. The app connects to an RDS MySQL Multi-AZ database. The company wants to improve security by restricting database access only to the app instances. What should the Solutions Architect do?
A. Place the RDS instance in a public subnet and restrict access with a security group.
B. Configure the RDS security group to allow inbound traffic only from the EC2 instances’ security group.
C. Assign Elastic IPs to the EC2 instances and whitelist those IPs in the RDS security group.
D. Use a VPN connection between the EC2 instances and RDS.
Answer: B
Explanation: Security groups can reference other security groups to allow traffic only from specific instances, making this the best approach.
Question 2
Your company’s web app has sudden traffic spikes during business hours, and you want to ensure the infrastructure automatically adjusts capacity to maintain performance while minimizing costs. Which AWS service or feature do you use?
A. AWS CloudFormation
B. Auto Scaling Groups
C. AWS Lambda
D. AWS Trusted Advisor
Answer: B
Explanation: Auto Scaling Groups dynamically adjust the number of EC2 instances based on traffic/load.
Question 3
A Solutions Architect must design a storage solution for an application that stores large volumes of data, accessed infrequently but must be retrieved within hours if needed. What storage class is best?
A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 One Zone-Infrequent Access
D. Amazon S3 Glacier
Answer: D
Explanation: S3 Glacier provides low-cost storage for infrequently accessed data with retrieval times in minutes to hours, suitable here.
Question 4
You want to protect your web application against DDoS attacks. Which AWS service provides automatic protection without requiring additional configuration?
A. AWS Shield Advanced
B. AWS Shield Standard
C. AWS WAF
D. AWS Firewall Manager
Answer: B
Explanation: AWS Shield Standard provides automatic DDoS protection at no extra cost for all AWS customers.
Question 5
A company runs a web app that needs to authenticate users via third-party identity providers and wants to minimize management overhead. What is the best AWS service to use?
A. AWS IAM
B. Amazon Cognito
C. AWS Directory Service
D. AWS Single Sign-On
Answer: B
Explanation: Amazon Cognito enables user authentication, authorization, and federation with social and enterprise identity providers.
Question 6
A database requires high availability and must be resilient to AZ failure. Which is the best AWS architecture option?
A. Single RDS instance in one AZ
B. RDS Multi-AZ deployment
C. RDS with read replicas
D. EC2-hosted database with EBS volumes
Answer: B
Explanation: RDS Multi-AZ deployments provide automated failover to a standby instance in a different AZ.
Question 7
Which AWS service helps automate the enforcement of security policies across multiple AWS accounts?
A. AWS Control Tower
B. AWS Config
C. AWS Organizations
D. AWS Firewall Manager
Answer: D
Explanation: Firewall Manager allows centralized management and enforcement of firewall rules across accounts.
Question 8
An application needs to process 10,000 messages per second reliably. Which messaging service is best?
A. Amazon SQS Standard Queue
B. Amazon SQS FIFO Queue
C. Amazon SNS
D. AWS Lambda
Answer: A
Explanation: SQS Standard supports high throughput with at-least-once delivery; FIFO queues have lower throughput limits.
Question 9
A company wants to run a stateless web application with zero server management and automatic scaling. Which AWS service should they choose?
A. Amazon EC2 with Auto Scaling
B. AWS Lambda
C. Amazon ECS with Fargate
D. AWS Elastic Beanstalk
Answer: B
Explanation: Lambda allows running code without managing servers and automatically scales.
Question 10
Your company wants to move a legacy application to AWS. The app requires persistent storage that can be mounted by multiple EC2 instances. What service should you recommend?
A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. Amazon FSx for Windows File Server
Answer: B
Explanation: Amazon EFS is a scalable, fully managed NFS file system that can be mounted by multiple instances concurrently.
Question 11
You have a workload with unpredictable spikes in traffic. You want to minimize costs but ensure capacity is available quickly when needed. Which purchasing option should you use?
A. Reserved Instances
B. Spot Instances with On-Demand fallback
C. Dedicated Hosts
D. On-Demand Instances only
Answer: B
Explanation: Spot Instances are low cost but can be interrupted, so combining with On-Demand fallback balances cost and availability.
Question 12
A company needs to distribute content globally with low latency and high transfer speeds. What AWS service should they use?
A. Amazon CloudFront
B. Amazon Route 53
C. AWS Global Accelerator
D. AWS Direct Connect
Answer: A
Explanation: CloudFront is a global CDN that caches content close to users to reduce latency.
Question 13
Which service can help monitor changes to AWS resources and detect compliance violations?
A. AWS CloudTrail
B. AWS Config
C. Amazon CloudWatch
D. AWS Trusted Advisor
Answer: B
Explanation: AWS Config records resource configurations and detects compliance with rules.
Question 14
You need a relational database service with built-in serverless scaling and support for PostgreSQL-compatible databases. What do you choose?
A. Amazon RDS for PostgreSQL
B. Amazon Aurora Serverless (PostgreSQL)
C. Amazon DynamoDB
D. Amazon Redshift
Answer: B
Explanation: Aurora Serverless offers on-demand, auto-scaling for relational databases compatible with PostgreSQL.
Question 15
A company requires a durable, highly available, and cost-effective block storage for their EC2 instances. Which service should they use?
A. Amazon EBS
B. Amazon S3
C. Amazon EFS
D. Amazon FSx
Answer: A
Explanation: EBS provides durable block storage that can be attached to EC2 instances.
Question 16
Which service allows you to centrally manage encryption keys used to protect your AWS resources?
A. AWS Secrets Manager
B. AWS Certificate Manager
C. AWS Key Management Service (KMS)
D. AWS CloudHSM
Answer: C
Explanation: KMS allows creation, management, and use of encryption keys.
Question 17
A company wants to run a data analytics workload with petabytes of data. Which service is optimized for this?
A. Amazon Redshift
B. Amazon Athena
C. Amazon RDS
D. Amazon DynamoDB
Answer: A
Explanation: Redshift is a fully managed data warehouse optimized for large-scale analytics.
Question 18
An application requires asynchronous communication between microservices with guaranteed message order. Which service should be used?
A. Amazon SNS
B. Amazon SQS FIFO queue
C. Amazon MQ
D. AWS Step Functions
Answer: B
Explanation: SQS FIFO queues ensure message order and exactly-once processing.
Question 19
Which AWS service allows you to implement Infrastructure as Code for your resources?
A. AWS CloudTrail
B. AWS CloudFormation
C. AWS Config
D. AWS Systems Manager
Answer: B
Explanation: CloudFormation lets you define and provision AWS infrastructure via templates.
Question 20
A company wants to create a multi-region, active-active architecture for a web app with a global user base. Which DNS routing policy supports this?
A. Simple routing
B. Failover routing
C. Latency-based routing
D. Weighted routing
Answer: C
Explanation: Latency-based routing directs users to the region with the lowest latency, enabling active-active architectures.