Question 21
A company needs to migrate an on-premises Oracle database to AWS with minimal downtime. Which AWS service should the Solutions Architect recommend?
A. AWS Database Migration Service (DMS)
B. AWS Snowball
C. AWS Glue
D. Amazon RDS for Oracle
Answer: A
Explanation: AWS DMS allows seamless migration with minimal downtime by replicating data in near real-time.
Question 22
An application requires real-time processing of streaming data from millions of IoT devices. Which AWS service is most suitable?
A. Amazon Kinesis Data Streams
B. AWS Data Pipeline
C. Amazon SQS
D. Amazon SNS
Answer: A
Explanation: Kinesis Data Streams handles large-scale streaming data with low latency.
Question 23
You want to improve the performance of a web application hosted on EC2 instances with an Elastic Load Balancer. The application serves both static and dynamic content. Which service helps cache static content to reduce load?
A. Amazon CloudFront
B. AWS WAF
C. AWS Shield
D. Amazon Route 53
Answer: A
Explanation: CloudFront caches static content at edge locations to reduce latency and offload origin servers.
Question 24
A company wants to secure access to its S3 buckets so that only specific EC2 instances can read/write objects. What should be done?
A. Use S3 bucket policies to allow access only from the EC2 instances’ public IPs.
B. Use IAM roles attached to the EC2 instances with appropriate S3 permissions.
C. Use Security Groups to control access to S3.
D. Enable MFA delete on the S3 bucket.
Answer: B
Explanation: Assigning IAM roles with least privilege to EC2 instances is the best practice for granting S3 access.
Question 25
Which AWS service can be used to automate the patching of managed EC2 instances?
A. AWS Systems Manager Patch Manager
B. AWS Config
C. AWS CloudFormation
D. AWS CloudTrail
Answer: A
Explanation: Patch Manager automates the process of patching managed instances.
Question 26
Your web application needs to integrate with a third-party payment service securely without exposing sensitive API keys. Which AWS service helps manage these secrets?
A. AWS Systems Manager Parameter Store
B. AWS Secrets Manager
C. AWS KMS
D. AWS CloudHSM
Answer: B
Explanation: AWS Secrets Manager is designed to securely store, rotate, and manage secrets such as API keys.
Question 27
An application uses Amazon DynamoDB and requires global low-latency access with data replication across multiple AWS Regions. What is the best approach?
A. Use DynamoDB Global Tables
B. Use DynamoDB Streams with Lambda to replicate data
C. Use S3 cross-region replication
D. Use AWS DataSync to copy data between regions
Answer: A
Explanation: DynamoDB Global Tables provide fully managed, multi-region replication.
Question 28
A company wants to implement a highly available and fault-tolerant architecture for its web application deployed across two regions. Which DNS routing policy should be used to ensure traffic is routed only to healthy endpoints?
A. Simple routing
B. Latency-based routing
C. Failover routing
D. Weighted routing
Answer: C
Explanation: Failover routing routes traffic to a primary endpoint unless it is unhealthy, then routes to secondary.
Question 29
Which AWS service should a Solutions Architect recommend to analyze logs collected from multiple AWS accounts centrally?
A. Amazon CloudWatch Logs with cross-account subscription filters
B. AWS CloudTrail
C. AWS Config
D. AWS Trusted Advisor
Answer: A
Explanation: CloudWatch Logs with cross-account subscriptions allows central aggregation and analysis of logs.
Question 30
Your company needs to ensure data stored in S3 is encrypted and access is logged. What is the recommended approach?
A. Use client-side encryption and enable CloudTrail
B. Use server-side encryption with AWS KMS and enable S3 access logging
C. Enable SSL for S3 and use IAM roles
D. Use AWS Shield Advanced
Answer: B
Explanation: Server-side encryption with KMS protects data at rest; S3 access logging records requests.
Question 31
A company wants to implement continuous delivery for their infrastructure and application code. Which AWS service allows modeling infrastructure as code?
A. AWS CloudFormation
B. AWS CodePipeline
C. AWS CodeBuild
D. AWS CodeDeploy
Answer: A
Explanation: CloudFormation allows declarative infrastructure as code, which can be deployed continuously.
Question 32
A company runs an application on EC2 instances behind an ALB. They want to track and troubleshoot user requests end-to-end. What AWS service provides distributed tracing?
A. AWS X-Ray
B. AWS CloudTrail
C. Amazon CloudWatch
D. AWS Config
Answer: A
Explanation: AWS X-Ray provides distributed tracing of requests across AWS services.
Question 33
A Solutions Architect is designing a hybrid environment where on-premises data centers connect securely with AWS. Which AWS service provides private connectivity with low latency?
A. AWS VPN
B. AWS Direct Connect
C. AWS Transit Gateway
D. AWS CloudFront
Answer: B
Explanation: AWS Direct Connect provides dedicated private network connections between on-premises and AWS.
Question 34
You want to ensure your EC2 instances automatically receive updates for security patches. Which AWS service should you configure?
A. AWS Inspector
B. AWS Systems Manager Patch Manager
C. AWS Config
D. AWS CloudTrail
Answer: B
Explanation: Patch Manager automates patching of EC2 instances.
Question 35
A company wants to secure a REST API and enable authentication using social identity providers like Google and Facebook. Which AWS service is best?
A. Amazon API Gateway with IAM authentication
B. Amazon Cognito User Pools
C. AWS Directory Service
D. AWS Shield
Answer: B
Explanation: Cognito User Pools provide user authentication and federation with social identity providers.
Question 36
An application stores millions of small files that need to be accessed concurrently by multiple EC2 instances. Which storage option is most appropriate?
A. Amazon S3
B. Amazon EFS
C. Amazon EBS
D. Amazon Glacier
Answer: B
Explanation: Amazon EFS is a scalable, shared file system that supports concurrent access.
Question 37
Your company wants to reduce costs for an application running continuously with predictable usage patterns over 3 years. What is the most cost-effective EC2 purchasing option?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Hosts
Answer: B
Explanation: Reserved Instances provide significant cost savings for predictable workloads.
Question 38
A company needs to automate infrastructure provisioning and configuration management across multiple environments. Which combination of services is best?
A. AWS CloudFormation and AWS Systems Manager
B. AWS CodeDeploy and AWS CloudTrail
C. AWS Config and AWS Lambda
D. AWS Elastic Beanstalk and AWS CloudFront
Answer: A
Explanation: CloudFormation provisions infrastructure; Systems Manager manages configuration.
Question 39
Which AWS service provides a managed message broker supporting protocols such as MQTT, AMQP, and STOMP for migrating legacy messaging applications?
A. Amazon SNS
B. Amazon MQ
C. Amazon SQS
D. AWS Lambda
Answer: B
Explanation: Amazon MQ is a managed message broker compatible with popular messaging protocols.
Question 40
Your application is deployed across multiple regions with Amazon Route 53 latency-based routing enabled. How does Route 53 decide which region to route a user request to?
A. Based on the region with the most healthy instances
B. Based on the lowest latency between the user and the region
C. Based on a weighted distribution configured by the admin
D. Based on the user’s geographic location
Answer: B
Explanation: Latency-based routing directs requests to the region with the lowest network latency to the user.