📝 Practice Test 6 — Full Length Preparation#

Time: 130 minutes | Questions: 68 | Domain: All Domains

Question 1#

A company has a web application that experiences variable traffic. The application runs on EC2 instances and uses an RDS database. To reduce costs, the company wants to ensure compute resources match demand. Which solution should be used?

A) Reserved Instances for all EC2 instances B) Auto Scaling group with target tracking policy C) Spot Instances for all workloads D) Manual scaling based on historical data

Question 2#

A company needs to enforce that EC2 instances cannot be launched without specific tags (e.g., CostCenter, Environment). Which service can enforce this?

A) IAM policy B) AWS Config rule C) Service Control Policy D) Resource Groups

Question 3#

An application needs to send email notifications to customers when an order is shipped. Which service should be used?

A) SQS B) SNS C) EventBridge D) SES

Question 4#

A company needs to analyze 10 TB of data stored in S3 using Apache Spark. They want the most cost-effective solution with minimal operational overhead.

A) Launch an EMR cluster with Spot Instances B) Use Athena with standard queries C) Run Spark on a single EC2 instance D) Use Redshift Spectrum

Question 5#

A company is using AWS Organizations with multiple accounts. They want to centrally manage and automate account creation. Which service should be used?

A) AWS Control Tower B) CloudFormation StackSets C) Service Catalog D) Landing Zone

Question 6#

An application needs to process events from multiple sources and route them to various targets based on rules. Which service is BEST for this use case?

A) SQS B) EventBridge C) SNS D) Kinesis

Question 7#

A company wants to migrate a SQL Server database to Amazon RDS with minimal downtime. Which AWS service should be used?

A) DataSync B) DMS C) Storage Gateway D) Snowball

Question 8#

Which service provides a fully managed Docker registry for storing and managing container images?

A) ECS B) ECR C) EKS D) Fargate

Question 9#

A company needs to allow their developers to assume specific IAM roles in a production account based on their IAM group membership in the development account. This is an example of:

A) Federated access B) Cross-account access C) Resource-based policy D) Identity federation

Question 10#

An application requires a VPC with public and private subnets across three AZs. The private subnets need to access the internet for software updates. What is the MINIMUM number of NAT Gateways required?

A) 1 B) 2 C) 3 D) 0

Question 11#

A company needs to analyze real-time streaming data and generate alerts when specific patterns are detected. Which AWS services can be used together? (Select TWO)

A) Kinesis Data Analytics B) S3 C) Kinesis Data Streams D) Glacier E) Snowball

Question 12#

A company wants to ensure that an S3 bucket is not publicly accessible. What is the MOST effective control?

A) S3 bucket policy B) S3 Block Public Access setting at account level C) IAM policy D) VPC endpoint

Question 13#

A company needs to encrypt an EBS volume that is currently unencrypted. The volume is in use by a running EC2 instance. What should be done?

A) Enable encryption directly on the volume while the instance is running B) Stop the instance, create an encrypted snapshot, create an encrypted volume from the snapshot, and reattach C) Use SSE-S3 encryption on the volume D) Use KMS to encrypt the volume in-place

Question 14#

A company needs to provide their employees with access to the AWS Management Console using their corporate Active Directory credentials. Which service should be used?

A) IAM Identity Center (SSO) B) Cognito C) Direct Connect D) WorkDocs

Question 15#

A company runs a critical database on RDS in a single AZ. What is the SIMPLEST way to improve availability?

A) Create a read replica in another AZ B) Enable Multi-AZ on the RDS instance C) Take hourly snapshots D) Increase the backup retention period

Question 16#

A company runs a serverless application with Lambda functions that need to access an RDS database. What must be configured to enable this access?

A) Configure Lambda to run in the same VPC as RDS B) Make the RDS database publicly accessible C) Use a NAT Gateway in the Lambda VPC D) Configure VPC Peering between Lambda and RDS

Question 17#

A company needs to store and retrieve objects that are accessed once per month after the first 90 days. After 1 year, the data must be retained for compliance but accessed rarely. Which S3 lifecycle policy is MOST cost-effective?

A) Standard (90d) → Standard-IA (1yr) → Glacier Deep Archive B) Standard (30d) → Glacier (90d) → Glacier Deep Archive C) Standard (90d) → One Zone-IA (1yr) → Glacier Deep Archive D) Standard (90d) → Glacier Deep Archive

Question 18#

A company runs a high-traffic web application on EC2 instances behind an ALB. The application needs to handle sudden traffic spikes. The current architecture uses a fixed number of instances. What should be configured to automatically handle spikes?

A) Auto Scaling group with target tracking policy B) Reserved Instances for all instances C) Manual scaling D) Larger instance types

Question 19#

A company needs to query data in S3 using standard SQL. The data is in Parquet format and is partitioned by year/month/day. Which service provides the FASTEST query performance for this use case?

A) Athena with partitioned tables B) Redshift Spectrum C) EMR with Spark SQL D) S3 Select

Question 20#

A company runs a critical application on EC2 instances. They want to ensure that if an instance fails, a new instance is automatically launched. Which service should be used?

A) Auto Scaling group with a minimum size of 1 B) ALB with health checks C) Route53 with failover routing D) CloudWatch alarm to trigger instance recovery

Question 21#

A company uses S3 to store sensitive documents. They need to ensure that objects are encrypted using server-side encryption with customer-provided keys (SSE-C). What is required?

A) The customer must manage the encryption keys and provide them in each request B) AWS manages the keys and rotates them automatically C) The customer uploads keys to KMS once and AWS manages them D) The customer stores keys in Secrets Manager

Question 22#

A company needs to migrate a legacy .NET application to AWS with minimal changes. The application uses SQL Server and Windows authentication. Which service is MOST suitable?

A) AWS Lambda B) EC2 with Windows Server and RDS SQL Server C) Elastic Beanstalk for .NET D) ECS with Fargate

Question 23#

A company needs to ensure that an S3 bucket policy does not grant public access. Which AWS service can provide continuous monitoring and automatic remediation?

A) AWS Config with automatic remediation B) GuardDuty C) CloudTrail D) Trusted Advisor

Question 24#

A company runs a web application on EC2 instances behind an ALB. They want to protect against SQL injection and cross-site scripting (XSS) attacks. Which AWS service provides this protection?

A) AWS WAF B) AWS Shield C) Security Groups D) Network ACLs

Question 25#

A company runs a data processing workload that reads from S3, processes data using EMR, and writes results back to S3. They want to reduce data transfer costs. What is the MOST effective approach?

A) Use Spot Instances for the EMR cluster B) Launch the EMR cluster in the same region as the S3 bucket C) Use S3 Transfer Acceleration D) Use CloudFront to cache S3 data

Question 26#

A company runs a critical database on RDS for PostgreSQL. The database has a 2 TB storage volume and needs to scale to 4 TB without downtime. Which approach meets this requirement?

A) Take a snapshot and restore to a larger volume B) Enable storage autoscaling on the RDS instance C) Create a read replica with larger storage D) Migrate to Aurora PostgreSQL

Question 27#

A company uses Lambda functions to process image uploads. The processing time averages 30 seconds. The function currently has 512 MB of memory. They want to reduce execution time. What should be adjusted?

A) Increase the Lambda memory (also increases CPU) B) Increase the Lambda timeout C) Use Lambda provisioned concurrency D) Use Lambda reserved concurrency

Question 28#

A company needs to monitor the health of their custom application running on EC2 instances. The health check should verify that the application can connect to the database and return a valid response. What should be configured?

A) ALB health check with a custom path (e.g., /health) B) EC2 status checks C) CloudWatch Synthetics canary D) Route53 health check

Question 29#

A company runs a containerized application on ECS with Fargate. The application needs to retrieve secrets (database passwords, API keys) at startup. Which is the MOST secure way to provide these secrets?

A) Include secrets in the container image B) Store secrets in Secrets Manager and reference them in the task definition C) Pass secrets as environment variables in the task definition D) Store secrets in S3 and download at startup

Question 30#

A company needs to analyze VPC Flow Logs to identify traffic patterns and potential security threats. Which service can analyze flow logs and alert on suspicious activity?

A) GuardDuty B) CloudTrail C) AWS Config D) Athena

Question 31#

A company runs a production DynamoDB table with auto scaling enabled. The table has a Global Secondary Index (GSI). Write traffic exceeds the GSI’s write capacity during peak hours. What happens?

A) Writes to the table are throttled even if table capacity is sufficient B) The GSI automatically scales its capacity C) Writes to the table succeed but the GSI is eventually consistent D) Writes to the GSI are queued and applied later

Question 32#

A company needs to transfer 20 TB of data from their on-premises data center to S3 weekly. The transfer must be automated and encrypted. Which service should be used?

A) AWS DataSync B) AWS Snowball Edge C) S3 Transfer Acceleration D) Direct Connect

Question 33#

A company runs a web application on EC2 instances. The application needs to maintain user session state across multiple requests. The sessions should persist even if an instance fails. Which solution is MOST resilient?

A) Store sessions in ElastiCache B) Enable ALB sticky sessions C) Store sessions in an S3 bucket D) Store sessions on the EC2 instance’s local storage

Question 34#

A company runs a multi-tier web application with web servers, application servers, and a database. All tiers must be deployed across multiple AZs for high availability. What is the MINIMUM number of subnets required?

A) 2 B) 3 C) 4 D) 6

Question 35#

A company needs to analyze customer transaction data to detect fraudulent patterns in real-time. Which AWS services should be used together? (Select TWO)

A) Kinesis Data Streams B) Kinesis Data Analytics C) S3 D) Glacier E) Snowball

Question 36#

A company uses CloudFront to serve content from an S3 bucket. They want to restrict access to premium content to paid subscribers only. Which CloudFront feature should be used?

A) Signed URLs or signed cookies B) Geo-restriction C) Origin Access Control (OAC) D) WAF ACL

Question 37#

A company needs to deploy a new version of their application with zero downtime. The application runs on EC2 instances behind an ALB. Which deployment strategy meets this requirement?

A) Rolling update with a minimum of 1 instance B) Blue/green deployment using CodeDeploy C) Stop all instances, deploy new version, start instances D) In-place update

Question 38#

A company runs a serverless application using Lambda, DynamoDB, and API Gateway. The application is invoked thousands of times per second. Some requests fail with a 503 error during traffic spikes. What is the MOST likely cause?

A) Lambda concurrency limit exceeded B) API Gateway throttling C) DynamoDB throttling D) Network connectivity issues

Question 39#

A company needs to ensure that their EC2 instances are launched with specific security groups attached. How can this be enforced?

A) IAM policy with a condition on ec2:SecurityGroup B) AWS Config rule to detect non-compliant instances C) Service Control Policy (SCP) D) VPC default security group

Question 40#

A company runs a critical application on EC2 instances in an Auto Scaling group. They want to be notified when instances are launched or terminated. Which service provides this notification?

A) CloudWatch Events / EventBridge for Auto Scaling events B) CloudTrail for EC2 events C) SNS topic for ASG lifecycle hooks D) AWS Config for resource changes

Question 41#

A company needs to process large files (up to 5 GB) that are uploaded to S3. The processing can take up to 45 minutes per file. Which compute option is MOST suitable?

A) Lambda function triggered by S3 event B) ECS task with Fargate triggered by S3 event C) EC2 instance running continuously D) Batch job on AWS Batch

Question 42#

A company runs a web application that uses S3 for static content and EC2 for dynamic content. They want to reduce latency for global users. Which architecture is MOST effective?

A) CloudFront with S3 and ALB as origins B) Global Accelerator with ALB as endpoint C) S3 Transfer Acceleration for static content D) Route53 latency-based routing to multiple regions

Question 43#

A company needs to retain RDS automated backups for 3 years to meet compliance requirements. The maximum backup retention period for RDS is 35 days. How can this requirement be met?

A) Use AWS Backup with a 3-year retention policy B) Export RDS snapshots to S3 and set lifecycle policy C) Use DMS to continuously replicate to another RDS instance D) Take manual snapshots and copy to another region

Question 44#

A company runs a DynamoDB table with on-demand capacity. The table has a sudden spike in traffic that is 10x the normal level. What happens to the requests?

A) DynamoDB automatically handles the spike without throttling B) Requests are throttled with ProvisionedThroughputExceededException C) The table switches to provisioned capacity D) Requests are queued and processed when capacity becomes available

Question 45#

A company uses S3 to store video files. The files are frequently accessed for the first 30 days after upload, then rarely after that. Compliance requires 7-year retention. Which lifecycle policy is MOST cost-effective?

A) Standard (30d) → Standard-IA (90d) → Glacier Deep Archive (7yr) B) Standard (30d) → Glacier Deep Archive C) Standard (30d) → One Zone-IA (90d) → Glacier Deep Archive D) Intelligent-Tiering for 7 years

Question 46#

A company needs to monitor EC2 instance metrics such as CPU, memory, and disk I/O. Which combination of metrics requires the CloudWatch agent?

A) CPU, memory, disk I/O B) Memory and disk I/O C) CPU only D) CPU and disk I/O

Question 47#

A company runs a Lambda function that processes data from an SQS queue. The function encounters errors and the messages are returned to the queue. What happens after the visibility timeout expires?

A) The message becomes visible in the queue again for reprocessing B) The message is permanently deleted from the queue C) The message is sent to the dead-letter queue D) The message is moved to a different queue

Question 48#

A company runs a containerized application on EKS. They want to reduce costs for non-production workloads that run only during business hours. Which approach is MOST cost-effective?

A) Use Fargate for EKS with scheduled scaling to stop tasks outside business hours B) Use managed node groups with Spot Instances and cluster autoscaler C) Use On-Demand instances with manual stop/start D) Use Reserved Instances for the entire cluster

Question 49#

A company needs to provide developers with access to create and manage EC2 instances, but they should not be able to delete resources. Which IAM feature provides this control?

A) IAM policy with explicit deny on ec2:TerminateInstances B) Permission boundaries C) Service Control Policy D) Resource-based policy

Question 50#

A company runs a web application on EC2 instances. They want to improve the application’s performance by caching frequently accessed data in memory. The cache must be highly available and survive node failures. Which caching service should be used?

A) ElastiCache for Redis with Multi-AZ B) ElastiCache for Memcached with multiple nodes C) DynamoDB Accelerator (DAX) D) CloudFront

Question 51#

A company needs to migrate a 10 TB Oracle database to Amazon Aurora PostgreSQL with minimal downtime. Which services should be used together? (Select TWO)

A) AWS Database Migration Service (DMS) B) AWS Schema Conversion Tool (SCT) C) AWS DataSync D) AWS Snowball Edge E) AWS Storage Gateway

Question 52#

A company runs a critical application on EC2 instances. They want to ensure that instances are automatically recovered if the underlying physical hardware fails. Which feature provides this?

A) EC2 Auto Recovery B) Auto Scaling group C) ALB health checks D) Route53 health checks

Question 53#

A company uses CloudFront to distribute content. They need to serve private content that requires the user to be authenticated. Which CloudFront feature should be used?

A) Signed URLs or signed cookies B) Origin Access Control (OAC) C) WAF IP set D) Geo-restriction

Question 54#

A company runs a web application on EC2 instances. The application processes file uploads and stores them in S3. The uploads can be up to 100 MB. Which architecture is MOST scalable and cost-effective?

A) Upload directly to EC2, then EC2 copies to S3 B) Upload directly to S3 using pre-signed URLs C) Upload to Lambda, then Lambda stores in S3 D) Upload to API Gateway, then Lambda stores in S3

Question 55#

A company runs a batch processing job on EC2 instances that takes 8 hours to run. The job runs once per month and is fault-tolerant. Which purchasing option is MOST cost-effective?

A) On-Demand Instances B) Spot Instances C) Standard Reserved Instances (1-year) D) Convertible Reserved Instances (1-year)

Question 56#

A company needs to monitor the CPU utilization of their EC2 instances with 1-minute granularity. What should be configured?

A) EC2 detailed monitoring B) CloudWatch agent C) CloudWatch basic monitoring D) VPC Flow Logs

Question 57#

A company runs a serverless application with API Gateway, Lambda, and DynamoDB. They need to add caching to reduce latency and costs. Which API Gateway feature should be enabled?

A) API Gateway caching B) CloudFront caching C) Lambda caching D) DynamoDB DAX

Question 58#

A company uses S3 to store sensitive compliance documents. They need to ensure that documents cannot be deleted or overwritten for 5 years. Which S3 feature provides this protection?

A) S3 Object Lock in compliance mode B) S3 Versioning C) S3 MFA Delete D) S3 bucket policy denying delete

Question 59#

A company runs a global web application that uses ALBs in multiple regions. They need to provide a single endpoint for users and route traffic to the nearest healthy ALB. Which service should be used?

A) Route53 with latency-based routing and health checks B) Global Accelerator C) CloudFront with ALB origins D) Route53 with geolocation routing

Question 60#

A company needs to deploy a microservices application with service discovery, health monitoring, and automatic scaling. Which AWS service provides all these capabilities?

A) Amazon ECS with Service Auto Scaling and Cloud Map B) Elastic Beanstalk C) CloudFormation D) OpsWorks

Question 61#

A company runs a database on an RDS instance with 500 GB of gp2 storage. The database is experiencing I/O bottlenecks because gp2 IOPS are tied to volume size. Which change would MOST cost-effectively improve I/O performance?

A) Modify the volume to gp3 with provisioned IOPS B) Increase the volume size to get more baseline IOPS C) Migrate to Aurora D) Add a read replica

Question 62#

A company needs to implement a cost-effective backup strategy for their EBS volumes. Backups must be retained for 30 days with daily snapshots and 1 year with weekly snapshots. Which service automates this?

A) Amazon Data Lifecycle Manager (DLM) B) AWS Backup C) CloudWatch Events D) Lambda scheduled functions

Question 63#

A company runs an application on EC2 instances that need to access an S3 bucket frequently. The EC2 instances are in a private subnet. The company wants to minimize data transfer costs. What should be configured?

A) VPC Gateway Endpoint for S3 B) NAT Gateway C) S3 Transfer Acceleration D) Internet Gateway

Question 64#

A company needs to run a relational database that automatically scales compute capacity based on demand. They want to minimize manual intervention. Which service should be used?

A) RDS MySQL with Auto Scaling B) Aurora Serverless v2 C) DynamoDB with auto scaling D) Redshift with concurrency scaling

Question 65#

A company runs a production Lambda function that processes critical data. They want to ensure that at least 100 concurrent executions are always available to handle traffic spikes. What should be configured?

A) Lambda reserved concurrency B) Lambda provisioned concurrency C) Lambda function URL D) Lambda dead-letter queue

Question 66#

Which disaster recovery strategies provide the LOWEST RTO and RPO? (Choose TWO)

A) Backup & Restore B) Pilot Light C) Warm Standby D) Multi-Site Active-Active E) Snapshots only

Question 67#

Which monitoring services provide detailed CPU utilization metrics for EC2 instances? (Choose TWO)

A) AWS CloudTrail B) Amazon CloudWatch C) AWS Config D) CloudWatch Agent with custom metrics E) VPC Flow Logs

Question 68#

Which of the following are managed container orchestration services? (Choose TWO)

A) Amazon ECS B) Amazon EKS C) Amazon ECR D) AWS Fargate E) Amazon EBS

📝 Answer Key
  1. B — Auto Scaling with target tracking matches compute resources to demand.
  2. B — AWS Config rule can enforce required tags on EC2 instances.
  3. D — SES (Simple Email Service) is designed for sending email notifications.
  4. A — EMR with Spot Instances provides cost-effective Spark processing.
  5. A — AWS Control Tower automates account creation and governance.
  6. B — EventBridge routes events from multiple sources based on rules.
  7. B — DMS (Database Migration Service) supports migration with minimal downtime.
  8. B — ECR (Elastic Container Registry) is a managed Docker registry.
  9. B — Cross-account role access between development and production accounts.
  10. A — 1 NAT Gateway can serve all private subnets (minimum for HA is 2 but question asks minimum).
  11. A, C — Kinesis Data Streams for ingestion, Kinesis Data Analytics for real-time analysis.
  12. B — S3 Block Public Access at the account level prevents all public access.
  13. B — Create encrypted snapshot → encrypted volume → attach (only way for unencrypted volumes).
  14. A — IAM Identity Center (formerly AWS SSO) integrates with corporate AD.
  15. B — Multi-AZ provides automatic failover to a standby in another AZ.
  16. A — Lambda must be VPC-enabled with a security group permitting RDS access.
  17. A — Standard (90d) → Standard-IA (1yr) → Glacier Deep Archive matches access patterns.
  18. A — Auto Scaling with target tracking automatically handles traffic spikes.
  19. A — Athena with partitioned Parquet data provides fast query performance (partition pruning).
  20. A — Auto Scaling group with minimum size launches replacement instances on failure.
  21. A — SSE-C requires the customer to provide encryption keys with each request.
  22. B — EC2 Windows + RDS SQL Server supports .NET apps and Windows auth.
  23. A — AWS Config with auto-remediation can detect and fix public S3 bucket policies.
  24. A — AWS WAF protects against SQL injection and cross-site scripting (XSS).
  25. B — Same-region data transfer between S3 and EMR is free.
  26. B — RDS storage autoscaling increases storage automatically without downtime.
  27. A — Increasing Lambda memory also increases CPU, reducing execution time.
  28. C — CloudWatch Synthetics canary tests application endpoints with custom scripts.
  29. B — Secrets Manager integration with ECS task definitions injects secrets securely.
  30. A — GuardDuty analyzes VPC Flow Logs for suspicious network activity.
  31. A — Writes to the table are throttled if the GSI write capacity is exceeded.
  32. A — DataSync automates recurring data transfers with encryption.
  33. A — ElastiCache provides resilient, shared session storage outside EC2 instances.
  34. D — 6 subnets (web/app/db × 2 AZs) for multi-tier across 2 AZs.
  35. A, B — Kinesis Data Streams + Kinesis Data Analytics enables real-time fraud detection.
  36. A — Signed URLs or cookies restrict access to paid subscribers.
  37. B — Blue/green deployment provides zero-downtime with instant traffic switching.
  38. A — Lambda concurrency limits cause 503 errors during traffic spikes.
  39. A — IAM policy with ec2:SecurityGroup condition enforces specific security groups.
  40. A — EventBridge captures Auto Scaling lifecycle events.
  41. B — ECS Fargate tasks support longer processing times (beyond Lambda’s 15 min limit).
  42. A — CloudFront with multiple origins optimizes delivery for both static and dynamic content.
  43. B — Export RDS snapshots to S3 and use lifecycle policies for long-term retention.
  44. A — DynamoDB on-demand mode automatically handles traffic spikes without throttling.
  45. A — Standard (30d) → Standard-IA (90d) → Glacier Deep Archive (7yr) matches access patterns.
  46. B — CloudWatch agent collects memory and disk metrics; CPU is available without agent.
  47. A — Messages return to the queue after visibility timeout for reprocessing.
  48. B — Spot Instances with cluster autoscaler minimize costs for non-production EKS workloads.
  49. A — Explicit deny on TerminateInstances prevents instance deletion.
  50. A — ElastiCache for Redis with Multi-AZ provides highly available caching.
  51. A, B — DMS migrates data; SCT converts Oracle schema to Aurora PostgreSQL.
  52. A — EC2 Auto Recovery automatically recovers instances from hardware failure.
  53. A — Signed URLs or cookies authenticate users for private content.
  54. B — Direct-to-S3 upload via pre-signed URLs avoids intermediary compute costs.
  55. B — Spot Instances provide highest savings for fault-tolerant, infrequent batch jobs.
  56. A — EC2 detailed monitoring provides 1-minute metric granularity.
  57. A — API Gateway caching reduces backend invocations and improves response times.
  58. A — S3 Object Lock in compliance mode prevents deletion/modification for a fixed period.
  59. B — Global Accelerator provides a single anycast endpoint with optimal routing.
  60. A — ECS with Service Auto Scaling and Cloud Map provides full microservices support.
  61. A — gp3 provides higher baseline IOPS and allows independent IOPS provisioning at lower cost.
  62. A — DLM automates EBS snapshot creation/deletion with custom retention policies.
  63. A — VPC Gateway Endpoint for S3 is free and eliminates NAT data processing costs.
  64. B — Aurora Serverless v2 automatically scales compute capacity based on demand.
  65. B — Provisioned concurrency keeps functions warm; reserved concurrency limits max only.
  66. C, D — Warm Standby and Multi-Site Active-Active provide the lowest RTO (minutes/near zero) and RPO (seconds/near zero).
  67. B, D — CloudWatch provides CPU metrics by default; CloudWatch Agent can report custom CPU metrics at high resolution.
  68. A, B — ECS and EKS are managed container orchestration services; ECR is a registry, Fargate is a compute engine.

Score: ________ / 68

Backward 📝 Practice Test 5 📝 Practice Test 7 Forward