📝 Practice Test 7 — Final Readiness Check#

Time: 130 minutes | Questions: 65 | Domain: All Domains (Full Simulation)

Question 1#

A company runs a global web application on EC2 instances behind an ALB in a single region. Users in other regions report high latency. What should be done to improve performance?

A) Deploy the application in additional regions with Route53 latency-based routing B) Increase the EC2 instance sizes C) Use a larger ALB D) Add more EC2 instances in the same region

Question 2#

A company needs to store data for 7 years for compliance. The data is accessed once per year and retrieval within 48 hours is acceptable. Which storage solution is MOST cost-effective?

A) S3 Standard B) S3 Standard-IA C) S3 Glacier D) S3 Glacier Deep Archive

Question 3#

An application uses Lambda functions that need to access a VPC resource (e.g., an RDS database). What must be configured?

A) Configure the Lambda function to run in the VPC with appropriate security group B) Make the RDS database publicly accessible C) Use a NAT Gateway D) Configure VPC Peering

Question 4#

Which AWS service provides a central place to track and analyze security findings from multiple AWS services?

A) GuardDuty B) Security Hub C) Config D) CloudTrail

Question 5#

A company needs to run a MySQL database that automatically scales storage without downtime. Which service should be used?

A) RDS MySQL with gp2 volumes B) RDS MySQL with io1 volumes C) Aurora MySQL D) DynamoDB

Question 6#

An application requires a queuing service that guarantees exactly-once processing and preserves message order. Which service meets these requirements?

A) SQS Standard Queue B) SQS FIFO Queue C) SNS Topic D) Kinesis Data Streams

Question 7#

A company wants to automate infrastructure deployment using code. They need to manage related AWS resources as a single unit called a “stack”. Which service should be used?

A) Elastic Beanstalk B) OpsWorks C) CloudFormation D) CodeDeploy

Question 8#

Which S3 feature provides protection against accidental deletion of objects?

A) Versioning B) Lifecycle rules C) Transfer Acceleration D) Cross-Region Replication

Question 9#

A company needs to test a new application version by routing 5% of traffic to it while sending 95% to the stable version. Which Route53 routing policy should be used?

A) Latency B) Weighted C) Failover D) Simple

Question 10#

A company needs to retain CloudWatch Logs for compliance for 5 years. What should be configured?

A) Export logs to S3 and set lifecycle policy B) Set CloudWatch Logs retention policy to 5 years C) Enable CloudTrail for log retention D) Store logs in CloudWatch indefinitely

Question 11#

A company uses CloudFront to serve content from an S3 bucket. They want to ensure that users can only access the content through CloudFront, not directly from S3. How can this be achieved?

A) Use an S3 bucket policy that denies direct access B) Use Origin Access Control (OAC) and restrict S3 bucket policy to CloudFront only C) Make the S3 bucket private and use pre-signed URLs D) Use WAF to block direct access

Question 12#

A company needs to process large files (up to 10 GB) uploaded to S3. The processing can take up to 30 minutes per file. Which compute option is MOST suitable?

A) Lambda (15-minute timeout limit) B) ECS with Fargate C) API Gateway D) DynamoDB Streams

Question 13#

A company needs to provide a simple way for developers to deploy web applications without managing infrastructure. Which service provides a fully managed platform for running web applications?

A) EC2 B) Elastic Beanstalk C) CloudFormation D) CodeBuild

Question 14#

An organization needs to monitor and record all changes to their AWS resource configurations (e.g., when a security group rule changes). Which service provides this?

A) CloudTrail B) CloudWatch C) AWS Config D) GuardDuty

Question 15#

A company runs a batch processing workload that takes 6 hours to complete. The workload runs every night and is fault-tolerant. What is the MOST cost-effective compute option?

A) Reserved Instances running continuously B) On-Demand EC2 instances C) Spot Instances D) Dedicated Hosts

Question 16#

A company runs a web application on EC2 instances. The application is deployed in multiple AZs behind an ALB. They want to improve disaster recovery by replicating data to a secondary region. Which RDS feature supports cross-region disaster recovery?

A) Multi-AZ B) Cross-region read replicas C) Automated backups D) Performance Insights

Question 17#

A company needs to implement a shared file system that can be accessed from both Linux and Windows EC2 instances simultaneously. Which service should be used?

A) EFS B) FSx for Windows File Server C) EBS with multi-attach D) S3

Question 18#

A company runs a serverless application that uses Lambda, DynamoDB, and S3. The application experiences increased latency during initial requests after periods of inactivity. This is caused by:

A) Cold starts B) DynamoDB throttling C) S3 latency D) Network congestion

Question 19#

A company runs a highly available web application on EC2 instances across multiple AZs. They want to use a single NAT Gateway to reduce costs. What is the risk of this approach?

A) The NAT Gateway is a single point of failure B) The NAT Gateway cannot route traffic to the internet C) The NAT Gateway is more expensive than a NAT instance D) The NAT Gateway requires an EIP that cannot be reassigned

Question 20#

A company needs to monitor the number of messages in an SQS queue and trigger an Auto Scaling action when the queue depth exceeds a threshold. Which scaling policy type should be used?

A) Target tracking scaling policy on SQS queue depth B) Simple scaling policy C) Scheduled scaling D) Manual scaling

Question 21#

A company runs a production database on RDS for MySQL. They need to test a schema change without affecting the production database. What is the BEST approach?

A) Create a read replica and apply the change to the replica B) Take a snapshot and restore to a new instance, then test on the new instance C) Apply the change directly to the production database D) Use DMS to replicate data to a test instance

Question 22#

A company needs to establish a private, dedicated connection between their on-premises data center and AWS. The connection must support multiple VPCs and provide consistent network performance. Which solution should be used?

A) VPN connection to a Transit Gateway B) Direct Connect to a Direct Connect Gateway connected to Transit Gateway C) VPC Peering between on-premises and AWS D) NAT Gateway for each VPC

Question 23#

A company runs a web application that uses CloudFront for content delivery. They want to block traffic from countries where they do not have licensing rights. Which feature should be used?

A) CloudFront geo-restriction B) WAF geo-match conditions C) Route53 geolocation routing D) CloudFront signed URLs

Question 24#

A company uses S3 to store monthly financial reports. The reports are accessed frequently for the first month, then periodically for audits. After 7 years, they must be deleted. Which S3 lifecycle configuration is MOST cost-effective?

A) Standard (30d) → Standard-IA (90d) → Glacier Deep Archive (7yr) → Expire B) Standard → Glacier Deep Archive → Expire C) Standard (30d) → Glacier (90d) → S3 Intelligent-Tiering (7yr) → Expire D) Standard (30d) → Expire after 7 years

Question 25#

A company runs a containerized application on ECS with Fargate. They want to use Spot Instances for their non-production workloads to reduce costs. What should be configured?

A) Fargate Spot capacity provider B) ECS EC2 launch type with Spot Instances C) EKS managed node groups with Spot D) EC2 Auto Scaling group with Spot

Question 26#

A company uses API Gateway to expose a REST API. They want to throttle requests to prevent abuse and protect the backend. Which API Gateway feature should be configured?

A) Usage plans and API keys B) WAF ACL C) Request validation D) API Gateway caching

Question 27#

A company runs a critical application on EC2 instances. They want to ensure that the application is automatically restarted if the EC2 instance crashes. Which feature provides this?

A) Auto Scaling group with a minimum size of 1 B) EC2 Auto Recovery C) ALB health checks D) Route53 failover

Question 28#

A company needs to analyze VPC Flow Logs to identify which IP addresses are generating the most traffic. Which service is BEST suited for this analysis?

A) Athena B) CloudWatch Logs Insights C) QuickSight D) Redshift

Question 29#

A company runs a DynamoDB table with on-demand capacity. They notice that monthly costs are increasing due to unexpected traffic patterns. What is the MOST cost-effective way to control costs while maintaining availability?

A) Switch to provisioned capacity with auto scaling and set a maximum B) Continue using on-demand capacity C) Add a Global Secondary Index D) Enable DynamoDB Streams

Question 30#

A company runs a web application on EC2 instances behind an ALB. They need to implement a Web Application Firewall to protect against common web exploits. Where should the WAF be attached?

A) To the ALB B) To each EC2 instance C) To the Route53 hosted zone D) To the security group

Question 31#

A company needs to provide a group of developers with access to launch EC2 instances, but they should only be allowed to launch t3.micro instances. Which IAM policy element should be used?

A) Condition with ec2:InstanceType B) Resource with specific instance type C) Principal with instance type restriction D) Effect with Deny for all other instance types

Question 32#

A company uses AWS Organizations with multiple accounts. They want to delegate administrative tasks for specific services to individual accounts while maintaining centralized governance. Which service enables this?

A) CloudFormation StackSets B) AWS Control Tower C) Service Catalog D) Delegated administrator for specific AWS services

Question 33#

A company runs a high-traffic web application on EC2 instances. The application serves a global user base. They want to reduce latency and offload SSL/TLS termination. Which architecture BEST meets these requirements?

A) CloudFront with SSL/TLS termination at edge locations B) ALB with SSL/TLS termination C) NLB with SSL/TLS termination D) EC2 instances handling SSL/TLS

Question 34#

A company needs to store 50 TB of data on AWS for a big data analytics project. The data will be processed using EMR and results stored in S3. Which storage service provides the LEAST expensive long-term storage?

A) S3 Standard B) S3 Glacier Deep Archive C) EBS gp3 D) EFS

Question 35#

A company runs a database on RDS for PostgreSQL. They need to minimize downtime during a maintenance window. Which configuration minimizes downtime?

A) Multi-AZ deployment (automatic failover during maintenance) B) Single-AZ with automated backups C) Read replicas for failover D) Manual failover to a standby

Question 36#

A company runs a Lambda function that processes S3 events. The function sometimes fails due to network timeout when connecting to an external API. What should be configured to automatically retry failed invocations?

A) Lambda dead-letter queue B) S3 event notification retry mechanism C) SQS queue between S3 and Lambda D) Lambda reserved concurrency

Question 37#

A company runs a production ECS service with Fargate. They need to deploy a new version of the application with zero downtime. Which deployment strategy should be used?

A) Rolling update with minimum healthy percent of 100 B) Blue/green deployment with CodeDeploy C) Canary deployment with Route53 D) All-at-once replacement

Question 38#

A company needs to migrate a legacy .NET Framework application to AWS. The application uses Windows authentication and requires access to shared file storage. Which combination of services meets these requirements?

A) EC2 with Windows Server and FSx for Windows File Server B) Elastic Beanstalk for .NET with EFS C) Lambda with S3 D) ECS with Fargate and EFS

Question 39#

A company runs a serverless application using API Gateway, Lambda, and DynamoDB. They want to add user authentication with support for social identity providers. Which service should be used?

A) Cognito User Pools B) IAM C) API Gateway Lambda authorizer D) Cognito Identity Pools

Question 40#

A company needs to deploy a new microservice that reads from a Kinesis Data Stream, processes records, and writes to DynamoDB. Which compute option provides the LEAST operational overhead?

A) Lambda function triggered by Kinesis B) ECS Fargate task reading from Kinesis C) EC2 instance running a consumer application D) EMR cluster processing the stream

Question 41#

An organization has multiple AWS accounts. They want to centrally manage backups across all accounts and services. Which service provides this capability?

A) AWS Backup B) AWS Storage Gateway C) AWS DataSync D) Amazon S3 Lifecycle

Question 42#

A company runs a web application on EC2 instances. The application stores session data in a DynamoDB table. Which DynamoDB capacity mode is MOST cost-effective for a workload with predictable traffic?

A) Provisioned capacity with auto scaling B) On-demand capacity C) Provisioned capacity without auto scaling D) Reserved capacity

Question 43#

A company needs to ensure that EC2 instances are distributed across distinct physical hardware racks to reduce the risk of correlated failures. Which placement group strategy should be used?

A) Partition placement group B) Spread placement group C) Cluster placement group D) No placement group needed

Question 44#

A company runs an application that processes credit card transactions. They need to encrypt sensitive data at rest in DynamoDB. Which feature should be enabled?

A) DynamoDB encryption at rest (default or KMS) B) DynamoDB TTL C) DynamoDB Streams D) DynamoDB Transactions

Question 45#

A company runs a web application that needs to send notifications to users via email, SMS, and push notifications. Which service supports multiple notification channels?

A) SNS B) SQS C) SES D) EventBridge

Question 46#

A company needs to implement a VPC with public and private subnets across two AZs. The private subnets need access to S3 for backups. What is the MOST cost-effective and scalable solution for S3 access?

A) VPC Gateway Endpoint for S3 in each AZ B) NAT Gateway in each AZ C) NAT instance in one AZ D) Internet Gateway in each AZ

Question 47#

A company runs a web application on EC2 instances. The application requires a fixed IP address that can be used for external service whitelisting. The IP should not change even if the instance is stopped and started. What should be used?

A) Elastic IP address B) Public IP address (auto-assigned) C) ALB DNS name D) Route53 alias record

Question 48#

A company needs to migrate 1 PB of data from on-premises HDFS to Amazon S3. The migration must complete within 60 days. The internet bandwidth is 100 Mbps. Which approach is MOST practical?

A) AWS DataSync over the internet B) Multiple Snowball Edge devices C) Direct Connect with a 10 Gbps connection D) S3 Transfer Acceleration

Question 49#

A company runs a database on RDS for MySQL. They need to monitor the database for performance issues and receive recommendations for improvements. Which feature provides this?

A) RDS Performance Insights B) RDS Enhanced Monitoring C) CloudWatch Metrics D) AWS Config

Question 50#

A company needs to create a VPC with public and private subnets. The public subnets will host an ALB, and the private subnets will host EC2 instances. How many subnets are needed for high availability across two AZs?

A) 2 subnets (1 public, 1 private) B) 4 subnets (2 public, 2 private) C) 6 subnets (3 public, 3 private) D) 8 subnets (4 public, 4 private)

Question 51#

A company runs a production Lambda function that needs to access a VPC resource. The function currently experiences cold starts that impact performance. What should be configured to reduce latency?

A) Lambda provisioned concurrency B) Lambda reserved concurrency C) Lambda function URL D) Increase Lambda timeout

Question 52#

A company runs a web application on EC2 instances behind an ALB. They need to store application logs for 3 years. Which storage solution is MOST cost-effective for this retention period?

A) CloudWatch Logs with 3-year retention B) Export logs to S3 via CloudWatch Logs subscription and use lifecycle policies C) Store logs on EBS volumes attached to each instance D) Use Amazon ES (OpenSearch) for log storage

Question 53#

A company needs to run a stateful workflow application that requires persistent storage for each task. The application runs on ECS with Fargate. Which storage option should be used?

A) EFS with ECS task-level mount B) EBS volume attached per task C) S3 mounted via FUSE D) Instance Store

Question 54#

A company runs a serverless application with Lambda functions. One function frequently fails with a timeout error. The function calls an external API that can take up to 5 minutes to respond. What is the MINIMUM Lambda timeout that should be configured?

A) 1 minute B) 5 minutes C) 6 minutes D) 15 minutes

Question 55#

A company uses Route53 for DNS. They want to route traffic to a CloudFront distribution for a custom domain (www.example.com). Which DNS record type should be used?

A) A record with an alias to the CloudFront distribution B) CNAME record to the CloudFront distribution C) A record with the CloudFront IP address D) MX record to the CloudFront distribution

Question 56#

A company needs to securely transfer files between on-premises file servers and AWS. The transfer must be automated, encrypted, and support incremental transfers. Which service should be used?

A) AWS DataSync B) AWS Storage Gateway File Gateway C) AWS Transfer Family D) Amazon S3 Transfer Acceleration

Question 57#

A company runs a multi-region application that uses DynamoDB. They need to provide low-latency reads and writes in multiple regions. Which DynamoDB feature should be used?

A) Global tables B) Cross-region read replicas C) DynamoDB Streams D) DynamoDB Accelerator (DAX)

Question 58#

A company runs a critical database on EC2 with an EBS volume. They need to back up the database every 6 hours and retain backups for 90 days. Which solution provides the LOWEST RPO?

A) EBS snapshots every 6 hours via DLM B) AWS Backup with 6-hour schedule C) Database-native replication D) Continuous backup to S3 via rsync

Question 59#

A company runs a web application that uses CloudFront with an ALB origin. They want to restrict access to their application to specific corporate IP addresses. Which approach is MOST effective?

A) WAF IP set attached to CloudFront B) ALB security group with IP restrictions C) CloudFront geo-restriction D) ALB subnet network ACL

Question 60#

A company needs to implement a blue/green deployment strategy for their ECS Fargate service. Which service should be used to manage the deployment?

A) CodeDeploy B) CodePipeline C) CloudFormation D) Elastic Beanstalk

Question 61#

A company runs a serverless application that processes user uploads. The application uses S3, Lambda, and DynamoDB. A user uploads a file, but the Lambda function fails to process it. What happens to the S3 event notification?

A) S3 retries the event notification (up to 2 retries) B) The event is permanently lost C) The event is automatically sent to an SQS DLQ D) The event is logged in CloudTrail for manual retry

Question 62#

A company needs to run a relational database engine compatible with Oracle and PostgreSQL. They want automated scaling, high availability, and up to 128 TB of storage. Which service meets these requirements?

A) RDS for Oracle B) RDS for PostgreSQL C) Amazon Aurora D) DynamoDB

Question 63#

A company runs a web application on EC2 instances. They want to automatically replace unhealthy instances without manual intervention. Which service provides this capability?

A) Auto Scaling group with health checks B) ALB with health checks C) EC2 Auto Recovery D) Route53 health checks

Question 64#

A company needs to analyze customer behavior data stored in S3 using SQL. The data volume is 10 TB and queries are ad-hoc. They want the MOST cost-effective solution. Which service should be used?

A) Amazon Athena B) Amazon Redshift C) Amazon EMR D) Amazon RDS

Question 65#

A company runs a containerized application on ECS with Fargate. The application needs to process messages from an SQS queue and scale based on queue depth. Which scaling approach is MOST appropriate?

A) Application Auto Scaling with a target tracking policy on SQS queue depth B) ECS Service Auto Scaling with step scaling on CPU C) Scheduled scaling during known peak hours D) Manual scaling based on queue monitoring

📝 Answer Key
  1. A — Multi-region deployment + latency-based routing improves global performance.
  2. D — Glacier Deep Archive is the cheapest for 7-year retention with 48-hr retrieval.
  3. A — Lambda must be configured to run in the VPC with access to the RDS security group.
  4. B — Security Hub aggregates findings from GuardDuty, Inspector, Macie, and others.
  5. C — Aurora automatically scales storage (10 GB to 128 TB) without downtime.
  6. B — SQS FIFO provides exactly-once processing with guaranteed ordering.
  7. C — CloudFormation manages resources as stacks using infrastructure as code.
  8. A — Versioning protects against accidental deletion by preserving previous versions.
  9. B — Weighted routing distributes traffic percentages (5% to new, 95% to stable).
  10. A — Export logs to S3 and use lifecycle policies for long-term retention beyond CloudWatch limits.
  11. B — OAC (Origin Access Control) restricts S3 access to CloudFront only via bucket policy.
  12. B — ECS with Fargate supports long-running tasks beyond Lambda’s 15-minute limit.
  13. B — Elastic Beanstalk provides a managed platform for deploying web applications.
  14. C — AWS Config tracks resource configuration changes over time.
  15. C — Spot Instances (up to 90% off) are ideal for night-time batch workloads.
  16. B — Cross-region read replicas provide DR in a secondary region.
  17. B — FSx for Windows File Server supports both SMB (Windows) and NFS (Linux) access.
  18. A — Cold starts occur when Lambda functions are invoked after periods of inactivity.
  19. A — A single NAT Gateway in one AZ is a single point of failure.
  20. A — Target tracking on SQS queue depth scales the ASG based on message backlog.
  21. B — Snapshot and restore creates an independent copy for safe testing.
  22. B — Direct Connect Gateway + Transit Gateway connects on-prem to multiple VPCs.
  23. A — CloudFront geo-restriction blocks traffic from specific countries.
  24. A — Standard (30d) → Standard-IA (90d) → Glacier Deep Archive (7yr) → Expire matches access and retention.
  25. A — Fargate Spot provides up to 70% discount for fault-tolerant workloads.
  26. A — Usage plans and API keys throttle requests from specific clients.
  27. A — Auto Scaling group replaces failed instances automatically.
  28. B — CloudWatch Logs Insights analyzes VPC Flow Logs with SQL-like queries.
  29. A — Provisioned capacity with auto scaling and a max limit controls costs.
  30. A — WAF is attached to the ALB (or CloudFront) for web traffic inspection.
  31. A — IAM condition with ec2:InstanceType restricts which instance types can be launched.
  32. D — Delegated administrator allows specific services to be managed by member accounts.
  33. A — CloudFront edge locations terminate SSL/TLS close to users, reducing latency.
  34. B — Glacier Deep Archive provides the lowest-cost long-term storage for archived data.
  35. A — Multi-AZ performs automatic failover during maintenance, minimizing downtime.
  36. C — SQS between S3 and Lambda provides durable retry with DLQ support.
  37. B — Blue/green deployment with CodeDeploy provides zero-downtime deployments.
  38. A — EC2 Windows + FSx supports .NET apps, Windows auth, and shared file storage.
  39. A — Cognito User Pools authenticate users with social identity providers.
  40. A — Lambda with Kinesis trigger provides serverless stream processing.
  41. A — AWS Backup provides centralized backup management across accounts and services.
  42. A — Provisioned capacity with auto scaling is cost-effective for predictable workloads.
  43. B — Spread placement group distributes instances across distinct hardware racks.
  44. A — DynamoDB encryption at rest (using AWS KMS or default) encrypts table data.
  45. A — SNS supports email, SMS, and push notification delivery.
  46. A — VPC Gateway Endpoint for S3 is free and available in each AZ.
  47. A — Elastic IP address persists across instance stop/start cycles.
  48. B — Multiple Snowball Edge devices transfer 1 PB faster than 100 Mbps (≈3 years over internet).
  49. A — RDS Performance Insights provides database performance analysis and recommendations.
  50. B — 4 subnets (1 public + 1 private per AZ) for HA across 2 AZs.
  51. A — Provisioned concurrency reduces cold starts by keeping functions initialized.
  52. B — S3 export with lifecycle policies provides cost-effective long-term log retention.
  53. A — EFS provides persistent shared storage for ECS Fargate tasks.
  54. C — Lambda timeout should exceed the max API response time (6 min > 5 min).
  55. A — Route53 alias record to CloudFront is the correct approach (CNAME can’t be used at zone apex).
  56. A — DataSync automates encrypted, incremental transfers from on-prem file servers.
  57. A — DynamoDB global tables provide multi-region, multi-master replication.
  58. A — 6-hour snapshot schedule via DLM provides 6-hour RPO.
  59. A — WAF IP set on CloudFront blocks/allows at the edge, closest to the user.
  60. A — CodeDeploy manages blue/green deployments for ECS Fargate.
  61. A — S3 retries failed event notifications (2 retries with backoff).
  62. C — Aurora supports both MySQL and PostgreSQL compatibility with 128 TB auto-scaling storage.
  63. A — Auto Scaling group replaces unhealthy instances based on health checks.
  64. A — Athena queries S3 data with SQL, pay per query, no infrastructure to manage.
  65. A — Target tracking on SQS queue depth scales ECS tasks based on backlog.

Score: ________ / 65

🏆 Final Review#

Congratulations on completing all 7 practice tests!

Test Domain Focus Score
Test 1 Secure & Resilient Architectures __/65
Test 2 Performance & Cost Optimization __/65
Test 3 All Domains Mixed __/65
Test 4 All Domains Mixed __/65
Test 5 All Domains Mixed __/65
Test 6 All Domains Mixed __/68
Test 7 All Domains Mixed __/65

Target: 80%+ on each test before taking the actual exam.

Weak areas to review: Revisit chapters where you scored below 80%.

Good luck on your SAA-C03 exam! 🚀

Backward 📝 Practice Test 6