📝 Practice Test 5 — All Domains Mixed#

Time: 130 minutes | Questions: 65 | Domain: All Domains

Question 1#

A company needs to provide individual users with temporary access to download specific files from S3. The access should expire after 1 hour. What is the BEST approach?

A) Make the S3 bucket public B) Generate pre-signed URLs with 1-hour expiration C) Create IAM users for each person D) Create a CloudFront signed URL with 24-hour expiration

Question 2#

An e-commerce application has a sudden traffic spike during a flash sale. The application uses EC2 instances behind an ALB with Auto Scaling. What should be configured to prepare for this event?

A) Scheduled scaling policy B) Target tracking scaling policy C) Simple scaling policy D) Manual scaling

Question 3#

A company must meet regulatory requirements for data sovereignty. All data must remain in the EU region. What is the BEST approach?

A) Store data only in eu-west-1 and eu-central-1 B) Use AWS Artifact to ensure compliance C) Enable S3 cross-region replication to us-east-1 for backup D) Use CloudFront Global Edge Network

Question 4#

A global application serves users from North America, Europe, and Asia. Which Route53 routing policy provides the best performance?

A) Weighted B) Latency C) Geolocation D) Failover

Question 5#

A company wants to run a containerized application on AWS without managing EC2 instances or the container orchestration control plane. Which service should be used?

A) ECS with EC2 launch type B) EKS with managed node groups C) ECS with Fargate launch type D) Self-managed Kubernetes on EC2

Question 6#

Which AWS service provides a managed Apache Kafka service?

A) Kinesis Data Streams B) Amazon MSK (Managed Streaming for Kafka) C) MQ D) EventBridge

Question 7#

A company needs to restrict access to their S3 bucket so that only requests from their corporate network IP range (203.0.113.0/24) can access it. How should this be implemented?

A) S3 bucket policy with a condition on aws:SourceIp B) IAM policy with IP condition C) S3 Block Public Access settings D) VPC endpoint with security group

Question 8#

A company needs to share an Amazon Machine Image (AMI) with another AWS account. How can this be done?

A) Copy the AMI to a public S3 bucket and share the URL B) Use the AMI’s “Modify Image Permissions” to add the target account ID C) Export the AMI to a VMDK file and send via email D) Create a new EC2 instance and share the instance ID

Question 9#

A web application uses RDS for MySQL and experiences slow read performance. The application reads much more than it writes. What is the MOST effective solution?

A) Enable Multi-AZ B) Create one or more read replicas C) Upgrade to a larger instance class D) Enable automated backups

Question 10#

Which service can be used to schedule a Lambda function to run every hour?

A) CloudWatch Logs B) CloudWatch Events / EventBridge C) CloudTrail D) SQS

Question 11#

A company needs to create a new RDS instance from the most recent restorable time to recover from a logical corruption error. What should they do?

A) Restore from the latest manual snapshot B) Restore to a point in time within the backup retention period C) Create a read replica and promote it D) Enable Multi-AZ failover

Question 12#

What is the minimum number of EC2 instances required to achieve high availability across Availability Zones?

A) 1 B) 2 C) 3 D) As many as needed to handle peak traffic

Question 13#

A company needs to store a small amount of configuration data (under 4 KB per item) for their application. The data needs to be encrypted and is accessed frequently. Which service should be used?

A) DynamoDB B) S3 C) Systems Manager Parameter Store D) Secrets Manager

Question 14#

A company needs to authenticate users for their web application using social identity providers (Google, Facebook). Which AWS service should be used?

A) IAM B) Cognito C) Directory Service D) STS

Question 15#

A company needs to connect their on-premises network to AWS with a dedicated, private, and consistent network connection. Which service provides this?

A) Site-to-Site VPN B) Direct Connect C) VPC Peering D) Transit Gateway

Question 16#

A company runs a web application on EC2 instances behind an ALB. The application currently uses sticky sessions. The operations team wants to reduce the dependency on sticky sessions for better availability. What should be implemented?

A) Store session data in ElastiCache B) Increase the stickiness duration C) Use an NLB instead of ALB D) Use CloudFront for session persistence

Question 17#

A company needs to monitor API calls made to their AWS account and detect unusual patterns using machine learning. Which service should be used?

A) GuardDuty B) CloudTrail Insights C) AWS Config D) Security Hub

Question 18#

A company runs an application that processes sensitive financial data. The application must encrypt all data at rest and in transit. Which combination of services provides this? (Select TWO)

A) AWS KMS for encryption key management B) CloudFront for in-transit encryption C) S3 with SSE-S3 for at-rest encryption D) ACM for TLS certificates E) Direct Connect for encrypted connectivity

Question 19#

A company runs a serverless application using Lambda, DynamoDB, and API Gateway. The application experiences high latency during cold starts. Which solution reduces cold starts?

A) Increase Lambda memory B) Enable Lambda provisioned concurrency C) Use Lambda reserved concurrency D) Reduce the Lambda timeout

Question 20#

A company needs to orchestrate a multi-step workflow that involves several AWS services, including Lambda, SQS, and DynamoDB. The workflow has conditional logic and must handle errors gracefully. Which service should be used?

A) EventBridge B) Step Functions C) SNS D) EC2 Auto Scaling

Question 21#

A company runs a database on RDS for MySQL in a single AZ. They need to achieve high availability with automatic failover. What should be configured?

A) Create a read replica in another AZ B) Enable Multi-AZ on the RDS instance C) Take snapshots every hour D) Use a larger instance type

Question 22#

A company needs to store configuration files that are shared across multiple EC2 instances. The files should be accessible as a local file system. Which storage solution should be used?

A) S3 B) EFS C) EBS D) Instance Store

Question 23#

A company uses S3 to store sensitive customer data. They need to ensure that all data is encrypted at rest. Which S3 encryption option provides encryption with AWS-managed keys and is automatically enabled for new buckets?

A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-side encryption

Question 24#

A company runs a critical application on EC2 instances behind an ALB. They want to ensure that only traffic from the ALB reaches the EC2 instances. What should be configured?

A) Security group on EC2 instances that allows traffic only from the ALB security group B) Network ACL that blocks traffic from all IPs except the ALB C) WAF ACL that allows only ALB traffic D) VPC endpoint for the ALB

Question 25#

A company runs a web application that stores data in DynamoDB. A new feature requires running complex queries across multiple partitions. Which DynamoDB feature should be used?

A) Scan operation B) Query with Global Secondary Index C) DynamoDB Streams D) Transactions

Question 26#

A company needs to grant a data scientist access to run Athena queries on their S3 data lake. The data scientist should not have access to any other AWS services. What is the BEST approach?

A) Create an IAM user with the AmazonAthenaFullAccess managed policy B) Create an IAM policy that only allows Athena and specific S3 buckets C) Share the root user credentials D) Use Cognito to grant access

Question 27#

A company runs a containerized application on ECS with EC2 launch type. They want to use Spot Instances for the ECS cluster to reduce costs. Which configuration supports this?

A) ECS cluster with mixed instances policy using Spot and On-Demand B) Fargate Spot launch type C) EKS managed node groups with Spot D) ECS with capacity providers using Spot Instances

Question 28#

A company needs to continuously assess their EC2 instances for vulnerabilities and unintended network exposure. Which service provides this assessment?

A) GuardDuty B) Amazon Inspector C) AWS Config D) Security Hub

Question 29#

A company runs a web application on EC2 instances. They want to distribute traffic evenly across instances in multiple AZs and automatically reroute traffic if an instance fails. Which service should be used?

A) Route53 with simple routing B) ALB with health checks C) NAT Gateway D) Internet Gateway

Question 30#

A company needs to automate the creation of AWS resources for new projects. Each project requires a standard set of resources: VPC, subnets, security groups, and EC2 instances. Which service should be used?

A) AWS CloudFormation B) Elastic Beanstalk C) OpsWorks D) CodePipeline

Question 31#

A company runs a MySQL database on-premises and wants to migrate to Aurora MySQL with minimal downtime. Which services should be used together? (Select TWO)

A) AWS Database Migration Service (DMS) B) AWS Schema Conversion Tool (SCT) C) AWS DataSync D) AWS Migration Hub E) AWS Snowball Edge

Question 32#

A company needs to store data that is accessed very infrequently (once or twice per year) with retrieval time of up to 48 hours. Which storage class is MOST cost-effective?

A) S3 Standard B) S3 Standard-IA C) S3 Glacier Flexible Retrieval D) S3 Glacier Deep Archive

Question 33#

A company runs a serverless application with Lambda, DynamoDB, and API Gateway. They want to authenticate users using JSON Web Tokens (JWTs). Which service should be used?

A) Cognito User Pools B) Cognito Identity Pools C) IAM D) API Gateway Lambda authorizer

Question 34#

A company needs to analyze network traffic to identify potential security threats and anomalies. Which service provides this analysis?

A) VPC Flow Logs B) GuardDuty C) CloudTrail D) AWS Config

Question 35#

A company runs a production EKS cluster. They want to manage worker nodes without manual intervention. Which option provides the LEAST operational overhead?

A) Self-managed worker nodes B) Managed node groups C) Fargate for EKS D) Spot Instances for worker nodes

Question 36#

A company runs a database on an EC2 instance with an EBS volume. They need to take frequent backups with minimal impact on performance. What should be used?

A) EBS snapshots (crash-consistent) B) Database-native backup tools C) AWS Backup with application-consistent snapshots D) S3 lifecycle policies

Question 37#

A company needs to provide internet access to EC2 instances in a private subnet. The instances need to download software updates. What is the MOST cost-effective solution?

A) NAT Gateway in a public subnet B) NAT instance in a public subnet C) Internet Gateway attached to the private subnet D) VPC Gateway Endpoint

Question 38#

A company runs a global web application that serves content to users worldwide. They want to improve performance by caching content at edge locations. Which service should be used?

A) CloudFront B) Global Accelerator C) ElastiCache D) S3 Transfer Acceleration

Question 39#

A company runs a Lambda function that reads from an SQS queue. The function fails to process some messages. What should be configured to capture and analyze failed messages?

A) Lambda dead-letter queue B) SQS dead-letter queue C) CloudWatch Logs D) SNS notification for failures

Question 40#

A company needs to ensure that EC2 instances in an Auto Scaling group are terminated from oldest to newest during scale-in events. What should be configured?

A) A termination policy of “OldestInstance” B) Lifecycle hooks C) A launch template with specific instance types D) Target tracking scaling policy

Question 41#

Which AWS service provides a fully managed, in-memory data store for real-time analytics and caching?

A) ElastiCache for Redis B) DynamoDB C) RDS D) Redshift

Question 42#

A company runs a critical database on RDS for MySQL. They need to ensure that automated backups are retained for 1 year. What should be configured?

A) Increase the backup retention period to 365 days B) Export automated backups to S3 and set lifecycle policy C) Use AWS Backup to manage RDS backups D) Take manual snapshots and delete after 1 year

Question 43#

A company needs to deploy a new application quickly without managing infrastructure. The application is a standard web application with a database backend. Which service provides the FASTEST path to deployment?

A) EC2 with user data scripts B) Elastic Beanstalk C) CloudFormation D) OpsWorks

Question 44#

A company runs a serverless application with multiple Lambda functions. They need to share code and dependencies across functions without duplication. What should be used?

A) Lambda layers B) Lambda extensions C) Lambda environment variables D) Lambda versions and aliases

Question 45#

A company uses DynamoDB as a session store for a high-traffic web application. The application is experiencing throttling on frequently accessed items. What is the MOST effective solution?

A) Switch to on-demand capacity mode B) Use DynamoDB Accelerator (DAX) C) Create Global Secondary Indexes D) Use DynamoDB Streams

Question 46#

A company runs a production database on RDS for PostgreSQL. They need to run a one-time data transformation that processes all existing data. The transformation should not impact production performance. What should be used?

A) Run the transformation on the primary instance B) Create a read replica, promote it, run the transformation C) Use DMS to migrate to a new instance and transform inline D) Run the transformation on a standby (Multi-AZ)

Question 47#

A company needs to ensure that their EC2 instances are patched with the latest security updates. Which service provides automated patch management?

A) Systems Manager Patch Manager B) Amazon Inspector C) AWS Config D) GuardDuty

Question 48#

A company runs a web application on EC2 instances. They want to protect against common DDoS attacks at the network and transport layer. Which service provides this protection automatically?

A) AWS Shield Standard B) AWS WAF C) Network ACLs D) Security Groups

Question 49#

A company needs to store and query time-series data for IoT device metrics. Which database is purpose-built for this workload?

A) DynamoDB B) Timestream C) RDS D) Redshift

Question 50#

A company runs a batch processing workload on EC2 instances. The workload takes 6 hours to complete and must finish within 8 hours. The workload is fault-tolerant and can be interrupted. Which instance type provides the BEST cost savings?

A) On-Demand B) Spot C) Reserved D) Dedicated

Question 51#

A company runs a web application on EC2 instances with an RDS database. The application experiences slow performance during peak hours due to database load. Which service can help offload read traffic from the database?

A) ElastiCache B) CloudFront C) S3 D) DynamoDB DAX

Question 52#

A company needs to allow developers to deploy infrastructure changes with a review and approval process. Which service supports this workflow?

A) CloudFormation with Change Sets B) CodePipeline with manual approval stages C) Elastic Beanstalk D) OpsWorks

Question 53#

A company runs a web application that currently uses an ALB in a single region. Users in other regions report high latency. Which solution provides the LOWEST latency with the LEAST operational overhead?

A) Deploy ALBs in multiple regions with Route53 latency routing B) Use CloudFront with the ALB as origin C) Use Global Accelerator with the ALB as endpoint D) Migrate to a larger ALB

Question 54#

A company needs to enforce that RDS instances are not publicly accessible. Which service can detect and alert on publicly accessible RDS instances?

A) GuardDuty B) AWS Config C) CloudTrail D) Trusted Advisor

Question 55#

A company runs a containerized application on ECS with Fargate. They want to automatically scale the number of tasks based on SQS queue depth. What should be configured?

A) Application Auto Scaling with a target tracking policy on SQS queue depth B) EC2 Auto Scaling group C) ECS Service Auto Scaling with scheduled scaling D) Step scaling based on CloudWatch CPU metrics

Question 56#

A company needs to join EC2 instances to a corporate Active Directory domain. Which service should be used?

A) AWS Managed Microsoft AD B) Cognito C) IAM Identity Center D) Directory Service (Simple AD)

Question 57#

A company runs a web application that uses CloudFront for content delivery. They want to block traffic from specific IP addresses that are attacking the application. Which service should be used?

A) CloudFront geo-restriction B) AWS WAF with IP set rule C) Network ACLs D) Security Groups

Question 58#

A company needs to analyze customer behavior data stored in S3 using Apache Spark. They want a fully managed solution with auto-scaling. Which service should be used?

A) Amazon EMR B) Athena C) Redshift Spectrum D) Glue ETL

Question 59#

A company runs a critical database on EC2 with an EBS volume. They want to ensure data durability and recoverability in case of an AZ failure. What should be configured?

A) Take regular EBS snapshots and copy them to another region B) Enable EBS Multi-Attach C) Use an EBS st1 volume for durability D) Use instance store instead of EBS

Question 60#

A company uses CloudFront to distribute content from an S3 bucket. They want to serve content over HTTPS with a custom domain name. What is required?

A) Custom SSL/TLS certificate in ACM (us-east-1) B) S3 bucket policy for HTTPS only C) CloudFront origin access identity D) WAF ACL for HTTPS

Question 61#

A company needs to process credit card transactions and must comply with PCI DSS. They want to reduce their compliance scope by using AWS managed services. Which service helps reduce PCI DSS scope?

A) S3 with SSE-KMS B) ElastiCache C) DynamoDB D) All AWS managed services reduce scope compared to EC2-based solutions

Question 62#

A company runs a serverless application with Lambda functions that process S3 events. The processing time averages 10 minutes. Which Lambda configuration change is needed?

A) Increase the Lambda timeout to at least 10 minutes B) Use a different AWS service (Lambda max timeout is 15 minutes, so 10 is fine by default) C) Increase the Lambda memory D) Enable Lambda reserved concurrency

Question 63#

A company uses Route53 for DNS. They want to route traffic to multiple resources and evaluate the health of each resource. If all resources are unhealthy, traffic should be routed to a static fallback page. Which routing policy should be used?

A) Failover routing with primary and secondary B) Weighted routing with health checks C) Latency routing with health checks D) Multi-value answer routing with health checks

Question 64#

A company needs to implement a multi-region disaster recovery strategy for their DynamoDB table. The table must be readable and writable in both regions. Which DynamoDB feature supports this?

A) DynamoDB global tables B) Cross-region read replicas C) DynamoDB Streams with Lambda D) DynamoDB backup and restore

Question 65#

A company runs a web application on EC2 instances behind an ALB. They want to block requests from specific geographic regions. Which service provides this capability?

A) CloudFront geo-restriction B) Route53 geolocation routing C) ALB security group D) WAF geo-match condition

📝 Answer Key
  1. B — Pre-signed URLs provide time-limited, per-file access without IAM users.
  2. B — Target tracking scaling policy automatically adjusts capacity based on metrics.
  3. A — Store data only in EU regions (eu-west-1, eu-central-1) for data sovereignty.
  4. B — Latency-based routing directs users to the region with lowest latency.
  5. C — ECS with Fargate is serverless — no instances or control plane to manage.
  6. B — Amazon MSK provides managed Apache Kafka.
  7. A — S3 bucket policy with aws:SourceIp condition restricts by IP range.
  8. B — AMI permissions can be modified to share with specific AWS accounts.
  9. B — Read replicas offload read queries from the primary database.
  10. B — EventBridge (successor to CloudWatch Events) schedules Lambda invocations.
  11. B — Point-in-time recovery restores to any time within the backup retention period.
  12. B — Minimum 2 instances (in 2 AZs) for high availability.
  13. C — SSM Parameter Store is designed for configuration data (free for standard params).
  14. B — Cognito supports social identity providers (Google, Facebook, Amazon).
  15. B — Direct Connect provides a dedicated, private, consistent network connection.
  16. A — ElastiCache provides a shared session store, enabling stateless architecture.
  17. B — CloudTrail Insights uses ML to detect unusual API activity patterns.
  18. A, D — KMS manages encryption keys; ACM provides TLS certificates.
  19. B — Provisioned concurrency keeps functions initialized and ready to handle requests.
  20. B — Step Functions orchestrates multi-step workflows with conditional logic.
  21. B — Multi-AZ provides automatic failover to a standby in another AZ.
  22. B — EFS is a shared NFS file system mountable by multiple EC2 instances.
  23. A — SSE-S3 uses AES-256 with AWS-managed keys and is enabled by default.
  24. A — Security group referencing the ALB’s security group restricts traffic to ALB only.
  25. B — GSI allows querying across partitions with different partition keys.
  26. B — A custom IAM policy with least privilege grants access only to Athena and specific S3 buckets.
  27. D — ECS capacity providers manage On-Demand and Spot instances for ECS clusters.
  28. B — Amazon Inspector assesses instances for vulnerabilities and network exposure.
  29. B — ALB distributes traffic and performs health checks across instances in multiple AZs.
  30. A — CloudFormation automates infrastructure deployment with reusable templates.
  31. A, B — DMS migrates data; SCT converts schema from MySQL to Aurora.
  32. D — Glacier Deep Archive provides lowest cost for 1-2x/year access with 48-hr retrieval.
  33. D — Lambda authorizer validates JWTs for API Gateway requests.
  34. B — GuardDuty uses ML to detect threats from VPC Flow Logs, DNS, and CloudTrail data.
  35. C — Fargate for EKS eliminates worker node management entirely.
  36. A — EBS snapshots provide crash-consistent backups with minimal performance impact.
  37. B — NAT instance is cheaper than NAT Gateway for low-bandwidth workloads.
  38. A — CloudFront caches content at edge locations for low-latency global delivery.
  39. B — SQS dead-letter queue captures messages that fail processing.
  40. A — OldestInstance termination policy terminates the oldest instances first.
  41. A — ElastiCache for Redis provides an in-memory data store for caching and real-time analytics.
  42. C — AWS Backup provides centralized backup management with long-term retention.
  43. B — Elastic Beanstalk provides a managed platform for deploying web applications quickly.
  44. A — Lambda layers share code and dependencies across functions.
  45. B — DAX caches frequently accessed items, reducing throttling on hot keys.
  46. B — Promoting a read replica creates an independent instance for transformations.
  47. A — Systems Manager Patch Manager automates OS patching across instances.
  48. A — AWS Shield Standard automatically protects all customers from common DDoS attacks.
  49. B — Amazon Timestream is a purpose-built time-series database for IoT and metrics.
  50. B — Spot Instances provide up to 90% discount for interruption-tolerant batch workloads.
  51. A — ElastiCache caches database queries, reducing read load on RDS.
  52. B — CodePipeline with manual approval stages enforces review before deployment.
  53. C — Global Accelerator optimizes the network path for global traffic with minimal overhead.
  54. B — AWS Config rule checks if RDS instances are publicly accessible.
  55. A — Application Auto Scaling with SQS-based target tracking scales ECS tasks to match queue depth.
  56. A — AWS Managed Microsoft AD integrates EC2 instances with corporate AD domains.
  57. B — AWS WAF with IP set rules blocks traffic from specific IP addresses.
  58. A — Amazon EMR provides managed Spark clusters with auto-scaling.
  59. A — Cross-region EBS snapshot copy provides DR protection against AZ failure.
  60. A — Custom SSL certificate in ACM (us-east-1) is required for CloudFront HTTPS.
  61. D — Managed services reduce PCI DSS scope compared to EC2-based solutions.
  62. B — Lambda supports up to 15-minute timeout (900s), so 10 minutes is within limits.
  63. D — Multi-value answer routing returns multiple healthy records.
  64. A — DynamoDB global tables provide multi-region, multi-master replication.
  65. D — WAF geo-match blocks requests from specific countries or regions.

Score: ________ / 65

Backward 📝 Practice Test 4 📝 Practice Test 6 Forward