πŸ“ Practice Test 1 β€” Domain 1 & 2 Focus#

Time: 130 minutes | Questions: 65 | Domain: Secure & Resilient Architectures

Instructions#

  • Choose the BEST answer for each question
  • Some questions have two correct answers (marked as “Select TWO”)
  • Mark answers, then check the answer key at the bottom
  • Aim for 52/65 (80%) to be exam-ready
  • The actual SAA-C03 exam has 65 questions in 130 minutes

Question 1#

A company is designing a web application that must be highly available across multiple Availability Zones. The application runs on Amazon EC2 instances and uses an Application Load Balancer (ALB). The data is stored in an Amazon RDS for MySQL database. Which solution provides the highest availability?

A) Deploy the EC2 instances in two AZs behind the ALB. Use a single-AZ RDS instance with a read replica in another AZ.

B) Deploy the EC2 instances in two AZs behind the ALB. Use a Multi-AZ RDS instance.

C) Deploy the EC2 instances in one AZ behind the ALB with an EC2 Auto Scaling group. Use a Multi-AZ RDS instance.

D) Deploy the EC2 instances in three AZs behind the ALB with Auto Scaling. Use a single-AZ RDS instance with hourly snapshots.

Question 2#

A company needs to store sensitive financial documents in Amazon S3. The documents must be encrypted at rest, and the company must control the encryption keys with automatic rotation every year. Which S3 encryption solution should be used?

A) SSE-S3 B) SSE-KMS with a customer managed key C) SSE-C D) Client-side encryption

Question 3#

An application running on EC2 instances needs to access an S3 bucket to read configuration files. What is the MOST secure way to grant this access?

A) Store AWS access keys in the application’s configuration file B) Create an IAM role with S3 read permissions and attach it to the EC2 instance profile C) Make the S3 bucket public D) Store the access keys in environment variables

Question 4#

A company wants to migrate its on-premises Oracle database to Amazon Aurora PostgreSQL with minimal downtime. Which combination of services should be used? (Select TWO)

A) AWS Database Migration Service (DMS) B) AWS Schema Conversion Tool (SCT) C) AWS DataSync D) AWS Server Migration Service (SMS) E) AWS Storage Gateway

Question 5#

A solutions architect needs to design a VPC with public and private subnets for a web application. The web servers in the private subnets need to download security patches from the internet. What should be configured?

A) A NAT gateway in a public subnet B) An internet gateway attached to the private subnet C) A VPC peering connection to a public VPC D) A VPN connection to the on-premises network

Question 6#

An application processes messages from an SQS queue. The processing time varies from 30 seconds to 5 minutes. What should the visibility timeout be set to?

A) 30 seconds B) 1 minute C) 6 minutes D) 30 minutes

Question 7#

A company runs a stateless web application on EC2 instances behind an ALB. The application experiences unpredictable traffic spikes. What is the MOST cost-effective and scalable solution?

A) Use reserved instances for baseline capacity and on-demand for spikes B) Use an Auto Scaling group with a target tracking scaling policy based on CPU utilization C) Over-provision EC2 instances to handle peak load D) Use a larger instance type to handle the spikes

Question 8#

A company needs to share large files (up to 10 GB) with external partners securely. The files should expire after 24 hours. What is the MOST secure and scalable solution?

A) Store files in S3 and generate pre-signed URLs with 24-hour expiration B) Email the files as attachments C) Store files in EBS volumes and share the volume IDs D) Use FTP server on EC2

Question 9#

Which of the following are valid Route53 routing policies? (Select TWO)

A) Latency-based B) Speed-based C) Failover D) Bandwidth-based E) Capacity-based

Question 10#

A company has a multi-tier application with web servers, application servers, and a database. All tiers must be highly available. Which architecture meets these requirements?

A) All tiers in the same subnet across two AZs B) Web and app servers in public subnets, database in private subnet across two AZs C) ALB in public subnets, web servers in private subnets, app servers in private subnets, RDS Multi-AZ in database subnets, all across two AZs D) All servers in a single AZ with backup to S3

Question 11#

A company needs to audit all API calls made in their AWS account, including who made the call, when, and from which IP address. Which service provides this information?

A) Amazon CloudWatch B) AWS CloudTrail C) AWS Config D) VPC Flow Logs

Question 12#

An application stores session data on the local file system of each EC2 instance. Users are experiencing errors during high traffic because they’re directed to different instances. What is the BEST solution?

A) Enable sticky sessions on the ALB B) Store session data in Amazon ElastiCache C) Increase the number of EC2 instances D) Use a larger EC2 instance type

Question 13#

A company uses Direct Connect for its hybrid cloud connectivity. They want a backup connection in case the Direct Connect fails. What should they use?

A) VPC peering B) Site-to-Site VPN C) Transit Gateway D) NAT Gateway

Question 14#

Which components are required for a highly available architecture? (Select TWO)

A) Resources in a single Availability Zone B) Resources in at least two Availability Zones C) Manual failover procedures D) Automated failover mechanisms E) Single point of failure

Question 15#

A company stores 50 TB of data in Amazon S3 Standard that is accessed once per quarter. How can they reduce storage costs?

A) Enable S3 Transfer Acceleration B) Create a lifecycle policy to transition data to S3 Glacier Deep Archive after 30 days C) Enable S3 Versioning D) Use S3 server access logs

Question 16#

A company has an S3 bucket that contains sensitive data. They need to ensure that all objects uploaded to the bucket are encrypted at rest. What is the MOST efficient way to enforce this?

A) Enable S3 Block Public Access B) Add a bucket policy that denies PutObject requests without the x-amz-server-side-encryption header C) Enable versioning on the bucket D) Use S3 server access logs to audit encryption

Question 17#

An application running on EC2 needs to access AWS Secrets Manager to retrieve database credentials. Which is the MOST secure way to grant this access?

A) Hardcode the credentials in the application code B) Store the credentials in a configuration file on the EC2 instance C) Create an IAM role with Secrets Manager read permissions and attach to the EC2 instance profile D) Store the credentials in an environment variable

Question 18#

A company needs to restrict access to their S3 bucket so that only requests from the corporate network IP range (203.0.113.0/24) can read objects. How should this be configured?

A) Use an S3 bucket policy with a condition key of aws:SourceIp B) Configure the bucket ACL to allow only the corporate IP range C) Use IAM policies on all user accounts D) Enable S3 Block Public Access

Question 19#

Which statement about IAM policy evaluation is correct?

A) An explicit allow always overrides an explicit deny B) An explicit deny always overrides an allow C) Implicit deny only applies to the root user D) SCPs cannot override permissions granted by IAM policies

Question 20#

A company needs to securely transfer files from an on-premises SFTP server to Amazon S3. Which service should be used?

A) AWS DataSync B) AWS Transfer Family C) AWS Storage Gateway D) Amazon S3 Transfer Acceleration

Question 21#

An organization has multiple AWS accounts managed through AWS Organizations. They want to prevent all accounts from launching EC2 instances in non-approved regions. What should be used?

A) IAM policies in each account B) Service Control Policies (SCPs) applied at the organization root C) AWS Config rules in each account D) A CloudTrail trail in the management account

Question 22#

A company needs to allow users to sign in to their web application using their existing social media accounts (Google, Facebook). Which AWS service should be used?

A) IAM B) Cognito C) STS D) Directory Service

Question 23#

An EC2 instance uses an encrypted EBS volume. The instance fails and needs to be replaced. How can the data be recovered?

A) Detach the encrypted volume from the failed instance and attach it to a new instance B) Copy the encrypted volume to a public S3 bucket C) Take a snapshot of the encrypted volume and share it publicly D) The data cannot be recovered without the original instance

Question 24#

A solutions architect needs to block SQL injection attacks on a web application behind an ALB. Which service should be used?

A) Network ACLs B) Security Groups C) AWS WAF D) AWS Shield

Question 25#

Which of the following are valid IAM security best practices? (Select TWO)

A) Use the root user for daily administrative tasks B) Grant least privilege permissions C) Use IAM roles for EC2 instances instead of access keys D) Share IAM user credentials across team members E) Use one IAM user for multiple developers

Question 26#

A company needs to audit changes to security group rules in their VPC. Which service records this information?

A) VPC Flow Logs B) AWS CloudTrail C) AWS Config D) CloudWatch Logs

Question 27#

An application needs to store encryption keys with automatic annual rotation. The keys must be stored in a service designed specifically for key management. Which service should be used?

A) Secrets Manager B) Systems Manager Parameter Store C) AWS KMS D) S3 with SSE-S3

Question 28#

A company wants to ensure that an IAM user can only launch EC2 instances of a specific instance type (t3.micro). Which IAM policy element should be used?

A) Resource B) Condition C) Principal D) Effect

Question 29#

Which AWS service provides distributed denial-of-service (DDoS) protection at no additional cost for all AWS customers?

A) AWS WAF B) AWS Shield Standard C) AWS Shield Advanced D) Network ACLs

Question 30#

A company needs to encrypt data at rest for an RDS for Oracle database. The company wants to use their own encryption key with automatic rotation. Which solution should be used?

A) Enable RDS encryption with AWS managed KMS key B) Enable RDS encryption with a customer managed KMS key C) Use Oracle Transparent Data Encryption (TDE) D) Encrypt data at the application layer before sending to RDS

Question 31#

A lambda function needs to access an RDS database in a private subnet. What must be configured to allow this access?

A) Configure the Lambda function to run in the VPC with a security group that allows access to RDS B) Make the RDS database publicly accessible C) Place the Lambda function outside the VPC and use a NAT Gateway D) Use VPC Peering between the Lambda service and the RDS subnet

Question 32#

A company wants to grant temporary access to their AWS account for a third-party auditor. The access should be limited to read-only and expire after 30 days. What is the BEST approach?

A) Create an IAM user with read-only access and share the password B) Create an IAM role with read-only policy and allow the auditor’s AWS account to assume the role C) Share the root user credentials D) Create a new AWS account for the auditor

Question 33#

An organization needs to separate resources for development, testing, and production environments. Each environment must have its own set of AWS accounts with consolidated billing. Which AWS service should be used?

A) AWS Organizations B) IAM C) Resource Groups D) Tag Editor

Question 34#

Which AWS service can automatically detect and alert on suspicious activity, such as a user launching an EC2 instance in an unusual geographic location?

A) AWS Config B) Amazon GuardDuty C) AWS CloudTrail Insights D) Amazon Inspector

Question 35#

A company runs a mission-critical application on EC2 behind an ALB in three Availability Zones. To improve resilience, they want to ensure traffic is automatically redirected if an entire AZ fails. What should be configured?

A) Cross-zone load balancing on the ALB B) Auto Scaling group spanning three AZs C) ALB in each AZ with Route53 weighted routing D) A Network Load Balancer with a static IP

Question 36#

An application uses SQS to decouple microservices. Messages that fail processing after multiple attempts must be preserved for analysis. What should be configured?

A) Increase the visibility timeout B) Configure a dead-letter queue (DLQ) C) Use a FIFO queue instead of standard D) Increase the retention period

Question 37#

A company runs a stateless web application on EC2 instances across multiple AZs. They need to distribute incoming traffic evenly across all instances. Which service should be used?

A) Amazon Route53 B) Application Load Balancer C) NAT Gateway D) Internet Gateway

Question 38#

A company has an RDS for PostgreSQL database with 2 TB of storage. The database experiences high write throughput, and the storage is running low. What is the MOST cost-effective way to increase storage without downtime?

A) Take a snapshot and restore to a larger instance B) Enable storage autoscaling on the RDS instance C) Migrate to a larger instance class D) Create a read replica with larger storage

Question 39#

A company needs to design a disaster recovery strategy with an RTO of 15 minutes and an RPO of 1 minute. Which strategy meets these requirements?

A) Backup and restore with daily snapshots B) Pilot Light C) Warm Standby D) Multi-Site active-active

Question 40#

Which AWS service provides automated backups for EC2 instances by creating crash-consistent snapshots?

A) AWS Backup B) AWS Storage Gateway C) S3 Lifecycle Policies D) EBS Snapshots

Question 41#

An application runs on EC2 instances behind an ALB with Auto Scaling. The application initialization takes 5 minutes before it can serve traffic. How should this be handled?

A) Increase the ALB health check interval B) Configure an EC2 Auto Scaling lifecycle hook and use a custom action C) Decrease the health check threshold D) Use an NLB instead of an ALB

Question 42#

A company uses DynamoDB as a session store. The application experiences throttling during peak hours due to uneven access patterns. What is the MOST effective solution?

A) Switch to on-demand capacity mode B) Create a Global Secondary Index C) Use DynamoDB Streams D) Enable DynamoDB Transactions

Question 43#

A solutions architect is designing a VPC with public and private subnets across two AZs. The application in private subnets must access the internet for software updates. What is the MINIMUM number of NAT Gateways needed for high availability?

A) 0 B) 1 C) 2 D) 4

Question 44#

An application processes messages from an SQS queue and writes results to DynamoDB. If the DynamoDB write fails, the message should be retried up to 3 times, then sent to a separate queue for analysis. What should be configured?

A) SQS redrive policy with a dead-letter queue B) SQS delay queue C) SQS FIFO queue with content-based deduplication D) SQS short polling

Question 45#

A company runs a web application on EC2 instances across multiple AZs. The application processes user uploads and stores them in S3. The uploads must be checked for malware before being made available. Which architecture achieves this?

A) S3 event notification triggers Lambda for scanning, stores result in DynamoDB B) EC2 instance continuously polls S3 for new uploads C) S3 transfers files to a separate on-premises scanning server D) S3 lifecycle policy moves files to Glacier for archival

Question 46#

A company needs to run a containerized web application on AWS with the least operational overhead. The application must be highly available and scale automatically. Which solution meets these requirements?

A) ECS with EC2 launch type managed by Auto Scaling group B) ECS with Fargate launch type and Service Auto Scaling C) EKS with self-managed worker nodes D) Run Docker directly on EC2 instances

Question 47#

A company wants to use Infrastructure as Code to manage their AWS resources. They need to preview changes before applying them. Which service supports this?

A) AWS CloudFormation with Change Sets B) AWS Elastic Beanstalk C) AWS OpsWorks D) AWS CodePipeline

Question 48#

A company stores critical data in an S3 bucket. They need to protect against accidental deletion of objects and ensure recoverability. Which features should be enabled? (Select TWO)

A) S3 Versioning B) S3 Transfer Acceleration C) MFA Delete D) S3 Cross-Origin Resource Sharing (CORS) E) S3 Event Notifications

Question 49#

An application uses RDS for MySQL and experiences high read traffic. The application is read-heavy with occasional writes. What is the MOST effective way to reduce load on the primary database?

A) Enable Multi-AZ B) Create one or more read replicas C) Upgrade to a larger DB instance class D) Enable automated backups

Question 50#

A company needs to transfer 200 GB of data daily from their on-premises data center to AWS over a stable internet connection. The transfer must be automated and encrypted. Which service should be used?

A) AWS Snowball Edge B) AWS DataSync C) AWS Direct Connect D) Amazon S3 Transfer Acceleration

Question 51#

A web application uses CloudFront to distribute content globally. The application needs to restrict access to premium users only. Which CloudFront feature should be used?

A) Origin Access Control (OAC) B) Signed URLs or Signed Cookies C) WAF ACL D) Geo-restriction

Question 52#

A company is designing a new application with microservices. They need a service that allows services to communicate asynchronously through messages. Which service should be used?

A) API Gateway B) SQS C) ELB D) Direct Connect

Question 53#

An architecture includes an ALB that distributes traffic to EC2 instances in multiple AZs. The application stores data in a shared file system accessible by all instances. Which storage solution supports concurrent read/write access from multiple EC2 instances?

A) EBS io2 Block Express B) EBS gp3 with multi-attach C) Amazon EFS D) Instance Store

Question 54#

A company needs to run a relational database that automatically scales compute and storage capacity without downtime. Which database solution meets these requirements?

A) RDS MySQL B) Aurora MySQL C) DynamoDB D) Redshift

Question 55#

Which design principle is part of the AWS Well-Architected Framework’s Reliability Pillar?

A) Use monolithic architecture B) Test recovery procedures C) Minimize all costs D) Use a single large instance type

Question 56#

A company needs to provide a globally distributed DNS service with health checking and failover capabilities. Which service provides these features?

A) Amazon CloudFront B) Amazon Route53 C) AWS Global Accelerator D) Elastic Load Balancing

Question 57#

An application processes real-time streaming data from thousands of devices. The data must be ingested, processed, and stored with minimal latency. Which combination of services should be used?

A) S3 β†’ Lambda β†’ DynamoDB B) Kinesis Data Streams β†’ Lambda β†’ S3 C) SQS β†’ EC2 β†’ RDS D) SNS β†’ SQS β†’ Redshift

Question 58#

A company has a multi-account AWS environment. They need to centrally manage logging and audit trails across all accounts. Which solution should be used?

A) CloudTrail trail in each individual account B) CloudTrail Organization trail in the management account C) S3 access logs in each account D) CloudWatch Logs in each account

Question 59#

A company’s application experiences intermittent failures when connecting to a database. The architect needs to implement a circuit breaker pattern. Which AWS service supports this pattern?

A) SQS B) CloudFront C) Route53 D) AWS Lambda

Question 60#

An organization uses AWS Organizations and needs to centrally define the maximum permissions for accounts. Which mechanism should be used?

A) IAM Permission Boundaries B) Service Control Policies (SCPs) C) IAM Roles D) Resource-based policies

Question 61#

A company runs a critical database on an EC2 instance with an EBS volume. They need to take frequent backups without impacting performance. What should be used?

A) EBS snapshots with no downtime B) EBS snapshots from a RAID 0 configuration C) EBS Multi-attach D) EBS Fast Snapshot Restore (FSR)

Question 62#

A solutions architect needs to design a scalable storage solution for a data lake on AWS. The data includes structured, semi-structured, and unstructured data. Which storage service is MOST suitable?

A) Amazon RDS B) Amazon DynamoDB C) Amazon S3 D) Amazon Redshift

Question 63#

A company runs a production database on Aurora MySQL. They need to run complex analytical queries without impacting the primary workload. What is the BEST solution?

A) Create an Aurora Replica and offload analytics queries to it B) Enable Multi-AZ for the primary cluster C) Increase the instance size of the primary instance D) Use RDS MySQL instead of Aurora

Question 64#

A company’s development team needs permissions to deploy resources, but they should not be able to delete production databases. Which IAM feature should be used?

A) IAM Roles B) Resource-based policies C) Permission boundaries D) Service Control Policies (SCPs)

Question 65#

A company wants to ensure that EC2 instances in a private subnet can access S3 without traversing the internet. What is the MOST secure and cost-effective solution?

A) NAT Gateway in a public subnet B) VPC Gateway Endpoint for S3 C) Internet Gateway with route table entries D) VPC Peering to an S3 VPC

πŸ“ Answer Key
  1. B β€” Multi-AZ RDS provides HA with automatic failover. EC2 in two AZs + ALB covers compute HA.
  2. B β€” SSE-KMS with customer managed key provides control + automatic yearly rotation.
  3. B β€” IAM role attached to instance profile is the most secure (no static credentials).
  4. A, B β€” DMS for data migration, SCT for schema conversion (Oracle β†’ Aurora PostgreSQL).
  5. A β€” NAT Gateway in public subnet allows private subnets to access internet for patches.
  6. C β€” Visibility timeout should be slightly longer than max processing time (6 min > 5 min).
  7. B β€” Auto Scaling with target tracking is most cost-effective for unpredictable spikes.
  8. A β€” Pre-signed URLs provide time-limited secure access without making bucket public.
  9. A, C β€” Latency-based and Failover are valid Route53 routing policies.
  10. C β€” Properly tiered across multiple AZs with ALB, separate subnets, RDS Multi-AZ.
  11. B β€” CloudTrail records all API calls for auditing.
  12. B β€” ElastiCache makes the app stateless (better than sticky sessions for HA).
  13. B β€” Site-to-Site VPN provides backup connectivity when Direct Connect fails.
  14. B, D β€” Multi-AZ + automated failover are required for HA.
  15. B β€” Lifecycle policy to Glacier Deep Archive reduces costs for infrequent access.
  16. B β€” Bucket policy with a deny on unencrypted PutObject requests enforces encryption.
  17. C β€” IAM role with Secrets Manager access is the most secure approach (no static credentials).
  18. A β€” S3 bucket policy with aws:SourceIp condition restricts access by IP range.
  19. B β€” An explicit deny always overrides any allow (explicit or implicit).
  20. B β€” AWS Transfer Family provides managed SFTP transfer to S3.
  21. B β€” SCPs at the organization root apply to all accounts, even the root user.
  22. B β€” Cognito User Pools support social identity providers (Google, Facebook, Amazon).
  23. A β€” Encrypted EBS volumes can be detached and reattached to replacement instances.
  24. C β€” AWS WAF protects web applications from SQL injection and cross-site scripting.
  25. B, C β€” Least privilege and IAM roles for EC2 are core IAM security best practices.
  26. C β€” AWS Config tracks resource configuration changes, including security group rules.
  27. C β€” AWS KMS is the dedicated service for managing encryption keys with rotation.
  28. B β€” Condition element restricts based on the ec2:InstanceType condition key.
  29. B β€” AWS Shield Standard is included at no cost for all AWS customers.
  30. B β€” RDS encryption with customer managed KMS key provides custom key control + rotation.
  31. A β€” Lambda must be VPC-enabled with a security group permitting RDS access.
  32. B β€” Cross-account IAM role provides temporary, auditable access without managing users.
  33. A β€” AWS Organizations provides multi-account management with consolidated billing.
  34. C β€” CloudTrail Insights uses ML to detect unusual API activity patterns.
  35. B β€” Auto Scaling group spanning three AZs replaces instances if an entire AZ fails.
  36. B β€” A dead-letter queue captures failed messages for later analysis.
  37. B β€” ALB distributes traffic evenly across instances in multiple AZs.
  38. B β€” RDS storage autoscaling automatically increases storage without downtime.
  39. D β€” Multi-Site active-active provides the lowest RTO/RPO (minutes/seconds).
  40. A β€” AWS Backup provides centralized, automated backup management with crash-consistent snapshots.
  41. B β€” Lifecycle hooks pause the instance during warm-up to complete initialization before serving traffic.
  42. A β€” On-demand capacity mode handles uneven traffic patterns without throttling.
  43. C β€” Two NAT Gateways (one per AZ) are needed for high availability.
  44. A β€” SQS redrive policy sends messages to a DLQ after maxReceiveCount is exceeded.
  45. A β€” S3 event β†’ Lambda scanning is serverless and event-driven for malware detection.
  46. B β€” ECS Fargate with Service Auto Scaling provides serverless containers with automatic scaling.
  47. A β€” CloudFormation Change Sets allow you to preview resource changes before execution.
  48. A, C β€” Versioning preserves object versions; MFA Delete prevents accidental/unauthorized deletions.
  49. B β€” Read replicas offload read traffic from the primary database instance.
  50. B β€” DataSync automates and encrypts recurring data transfers over the internet.
  51. B β€” Signed URLs/cookies restrict access to specific users for premium content.
  52. B β€” SQS provides asynchronous message-based communication between microservices.
  53. C β€” EFS is a shared NFS file system mountable by multiple EC2 instances concurrently.
  54. B β€” Aurora automatically scales storage (10 GB to 128 TB) and compute (via Auto Scaling).
  55. B β€” Testing recovery procedures is a key Reliability Pillar best practice.
  56. B β€” Route53 provides DNS with health checking, failover routing, and global distribution.
  57. B β€” Kinesis Data Streams ingests streaming data, Lambda processes it, S3 stores it.
  58. B β€” CloudTrail Organization trail centrally logs API activity across all accounts.
  59. A β€” SQS with visibility timeout and DLQ can implement circuit breaker patterns.
  60. B β€” SCPs set the maximum permission boundary for all accounts in an organization.
  61. A β€” EBS snapshots are point-in-time backups that can be taken while the volume is in use.
  62. C β€” S3 supports all data types (structured, semi-structured, unstructured) for data lakes.
  63. A β€” Aurora Replicas offload read traffic without impacting the primary instance.
  64. C β€” IAM permission boundaries set the maximum permissions an IAM entity can receive.
  65. B β€” VPC Gateway Endpoint for S3 is free, secure, and keeps traffic within AWS network.

Score: ________ / 65

πŸ“š Review#

Domain Questions Focus Areas
Domain 1: Secure Architectures 2, 3, 8, 11, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34 Encryption, IAM, S3 security, CloudTrail, Network security, WAF, KMS, Cognito, Organizations
Domain 2: Resilient Architectures 1, 5, 6, 7, 10, 12, 13, 14, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47 HA, VPC, SQS, ASG, Multi-AZ, DR, backups, ECS, IaC
Domain 3: High-Performing 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59 S3 versioning, read replicas, DataSync, CloudFront, SQS, EFS, Aurora, DNS, Kinesis
Domain 4: Cost-Optimized 60, 61, 62, 63, 64, 65 SCPs, EBS snapshots, S3 data lake, Aurora Replicas, permission boundaries, VPC endpoints
Backward πŸ—οΈ Real-World Scenarios πŸ“ Practice Test 2 Forward