Saved searches
Use saved searches to filter your results more quickly
Cancel Create saved search
Sign up Reseting focus
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
A list of AWS Certified Solutions Architect Associate questions and their answers ✨
License
Notifications You must be signed in to change notification settings
ahhda/aws-questions
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go to file
Folders and files
Last commit message
Last commit date
Latest commit
History
View all files
Repository files navigation
AWS Certified Solutions Architect Associate Practice Questions
This is a list of AWS Certified Solutions Architect Associate questions and their answers ✨ I have also added a lot of good practice tests at the following Udemy course AWS Certified Solutions Architect Associate Practice Tests. From basic to advanced, test how well you know AWS, refresh your knowledge a bit, or prepare for your AWS Certified Solutions Architect Associate exam! Feel free to reach out to me! 👨💻
Twitter || LinkedIn || Blog
1. What are the DHCP option attributes used to assign private DNS servers to your VPC?
- dns resolution and domain name
- hostnames and internet domain
- domain servers and domain name
- domain-name-servers and domain-name
Answer (D)
Knowledge Area: Virtual Private Cloud (VPC)
2. What are two features of CloudWatch operation?
- CloudWatch does not support custom metrics
- CloudWatch permissions are granted per feature and not AWS resource
- collect and monitor operating system and application generated log files
- AWS services automatically create logs for CloudWatch
- CloudTrail generates logs automatically when AWS account is activated
Answer (B,C)
Knowledge Area: Monitoring Services
3. You have an application that collects monitoring data from 10,000 sensors (IoT) deployed in the USA. The datapoints are comprised of video events for home security and environment status alerts. The application will be deployed to AWS with EC2 instances as data collectors. What AWS storage service is preferred for storing video files from sensors?
Answer (C)
Knowledge Area: Storage Services
4. What storage type enable permanent attachment of volumes to EC2 instances?
Answer (D)
Knowledge Area: EC2 Compute
5. What are two advantages of selecting default tenancy option for your VPC when creating it?
- performance and reliability
- some AWS services do not work with a dedicated tenancy VPC
- tenant can launch instances within VPC as default or dedicated instances
- instance launch is faster
Answer (B,C)
Knowledge Area: Virtual Private Cloud (VPC)
6. What two statements correctly describe Amazon virtual private gateway?
- assign to private subnets only
- assign to public subnets only
- single virtual private gateway per VPC
- multiple virtual private gateways per VPC
- single virtual private gateway per region
Answer (A,C)
Knowledge Area: Virtual Private Cloud (VPC)
7. What are two features that correctly describe Availability Zone (AZ) architecture?
- multiple regions per AZ
- interconnected with private WAN links
- multiple AZ per region
- interconnected with public WAN links
- data auto-replicated between zones in different regions
- Direct Connect supports Layer 2 connectivity to region
Answer (B,C)
Knowledge Area: Fault Tolerant Systems
8. What AWS services encrypts data at rest by default? (Select two)
Answer (B,D)
Knowledge Area: Storage Services
9. What two attributes are only associated with CloudFront private content?
Answer (B,D)
Knowledge Area: Deployment
10. What two statements correctly describe how to add or modify IAM roles to a running EC2 instance?
- attach an IAM role to an existing EC2 instance from the EC2 console
- replace an IAM role attached to an existing EC2 instance from the EC2 console
- attach an IAM role to the user account and relaunch the EC2 instance
- add the EC2 instance to a group where the role is a member
Answer (A,B)
Knowledge Area: EC2 Compute
11. What are the minimum components required to enable a web-based application with public web servers and a private database tier? (select three)
- Internet gateway
- Assign EIP addressing to database instances on private subnet
- Virtual private gateway
- Assign database instances to private subnet and private IP addressing
- Assign EIP and private IP addressing to web servers on public subnet
Answer (A,D,E)
Knowledge Area: Virtual Private Cloud (VPC)
12. What two statements accurately describe Amazon VPC architecture?
- Elastic Load Balancer (ELB) cannot span multiple availability zones
- VPC does not support DMVPN connection
- VPC subnet cannot span multiple availability zones
- VPC cannot span multiple regions
- Flow logs are not supported within a VPC
Answer (C,D)
Knowledge Area: Virtual Private Cloud (VPC)
13. What feature enables CloudWatch to manage capacity dynamically for EC2 instances?
- replication lag
- Auto-Scaling
- Elastic Load Balancer
- vertical scaling
Answer (B)
Knowledge Area: Monitoring Services
14. What authentication method provides Federated Single Sign-On (SSO) for cloud applications?
Answer (E)
Knowledge Area: Security Architecture
15. What method detects when to replace an EC2 instance that is assigned to an Auto-Scaling group?
- health check
- load balancing algorithm
- EC2 health check
- not currently supported
- dynamic path detection
- Auto-Scaling
Answer (A)
Knowledge Area: EC2 Compute
16. What two resource tags are supported for an EC2 instance?
Answer (A,E)
Knowledge Area: EC2 Compute
17. How is a volume selected (identified) when making an EBS Snapshot?
Answer (D)
Knowledge Area: Deployment
18. What two features provide an encrypted (VPN) connection from VPC to an enterprise data center?
Answer (C,D)
Knowledge Area: Virtual Private Cloud (VPC)
19. What are two advantages of cross-region replication of an S3 bucket?
Answer (B,E)
Knowledge Area: Storage Services
20. What consistency model is the default used by DynamoDB?
- strongly consistent
- eventually consistent
- no default model
- casual consistency
- sequential consistency
Answer (B)
Knowledge Area: Database Services
21. What features are required to prevent users from bypassing AWS CloudFront security? (Select three)
Answer (B,D,E)
Knowledge Area: Security Architecture
22. What are the advantages of NAT gateway over NAT instance? (Select two)
- NAT gateway requires a single EC2 instance
- NAT gateway is scalable
- NAT gateway translates faster
- NAT gateways is a managed service
- NAT gateway is Linux-based
Answer (B,D)
Knowledge Area: Virtual Private Cloud (VPC)
23. What two fault tolerant features does Amazon RDS support?
- copy snapshot to a different region
- create read replica to a different region
- copy unencrypted read-replica only
- copy read/write replica and snapshot
Answer (A,B)
Knowledge Area: Database Services
24. What two features describe an Application Load Balancer (ALB)?
- dynamic port mapping
- SSL listener
- layer 7 load balancer
- backend server authentication
- multi-region forwarding
Answer (A,C)
Knowledge Area: Fault Tolerant Systems
25. You have configured a security group to allow ICMP, SSH and RDP inbound and assigned the security group to all instances in a subnet. There is no access to any Linux-based or Windows-based instances and you cannot Ping any instances. The network ACL for the subnet is configured to allow all inbound traffic to the subnet. What is the most probable cause?
- on-premises firewall rules
- security group and network ACL outbound rules
- network ACL outbound rules
- security group outbound rules
- Bastion host required
Answer (C)
Knowledge Area: Security Architecture
26. You have been asked to setup a VPC endpoint connection between VPC and S3 buckets for storing backups and snapshots. What AWS components are currently required when configuring a VPC endpoint?
Answer (D)
Knowledge Area: Virtual Private Cloud (VPC)
27. What three attributes are used to define a launch configuration template for an Auto-Scaling group?
Answer (A,D,E)
Knowledge Area: EC2 Compute
28. You have enabled Amazon RDS database services in VPC1 for an application that has public web servers in VPC2. How do you connect the web servers to the RDS database instance so they can communicate considering the VPC's are in the same region?
Answer (D)
Knowledge Area: Virtual Private Cloud (VPC)
29. What two methods are recommended by AWS for protecting EBS data at rest?
Answer (B,C)
Knowledge Area: Fault Tolerant Systems
30. What security problem is solved by using Cross-Origin Resource Sharing (CORS)?
- enable HTTP requests from within scripts to a different domain
- enable sharing of web-based files between different buckets
- provide security for third party objects within AWS
- permits sharing objects between AWS services
Answer (A)
Knowledge Area: Storage Services
31. What two features are enabled with S3 services?
- store objects of any size
- dynamic web content
- supports Provisioned IOPS
- store virtually unlimited amounts of data
- bucket names are globally unique
Answer (D,E)
Knowledge Area: Storage Services
32. What is the purpose of a local route within a VPC route table?
- local route is derived from the default VPC CIDR block 10.0.0.0/16
- communicate between instances within the same subnet or different subnets
- used to communicate between instances within the same subnet
- default route for communicating between private and public subnets
- only installed in the main route table
Answer (C)
Knowledge Area: Virtual Private Cloud (VPC)
33. What feature is supported when attaching or detaching an EBS volume from an EC2 instance?
- EBS volume can be attached and detached to an EC2 instance in the same region
- EBS volume can be attached and detached to an EC2 instance that is cross-region
- EBS volume can only be copied and attached to an EC2 instance that is cross-region
- EBS volume can only be attached and detached to an EC2 instance in the same Availability Zone
Answer (D)
Knowledge Area: EC2 Compute
34. What Amazon AWS service supports real-time processing of data stream from multiple consumers and replay of records?
Answer (C)
Knowledge Area: Deployment
35. What is the fastest and easiest method for migrating an on-premises VMware virtual machine to the AWS cloud?
- Amazon Marketplace
- AWS Server Migration Service
- AWS Storage Gateway
- EC2 Import/Export
Answer (B)
Knowledge Area: Deployment
36. What class of EC2 instance type is recommended for database servers?
- memory optimized
- compute optimized
- storage optimized
- general purpose optimized
Answer (A)
Knowledge Area: EC2 Compute
37. What encryption support is available for tenants that are deploying AWS DynamoDB?
- server-side encryption
- client-side encryption
- client-side and server-side encryption
- encryption not supported
- block level encryption
Answer (B)
Knowledge Area: Database Services
38. What are two characteristics of an Amazon security group?
- instance level packet filtering
- deny rules only
- permit rules only
- subnet level packet filtering
- inbound only
Answer (A,C)
Knowledge Area: Virtual Private Cloud (VPC)
39. How is Route 53 configured for Warm Standby fault tolerance? (Select two)
- automated health checks
- path-based routing
- failover records
- Alias records
Answer (A,C)
Knowledge Area: Fault Tolerant Systems
40. What is the difference between Stream-based and AWS Services when enabling Lambda?
- streams maintains event source mapping in Lambda
- streams maintains event source mapping in event source
- streams maintains event source mapping in EC2 instance
- streams maintains event source mapping in notification
- streams maintains event source mapping in API
Answer (A)
Knowledge Area: Deployment