AWS Certified Solutions Architect Associate Practice Questions

This is a list of AWS Certified Solutions Architect Associate questions and their answers ✨

I have also added a lot of good practice tests at the following Udemy course AWS Certified Solutions Architect Associate Practice Tests.

From basic to advanced, test how well you know AWS, refresh your knowledge a bit, or prepare for your AWS Certified Solutions Architect Associate exam!

Feel free to reach out to me! 👨‍💻
Twitter || LinkedIn || Blog

---

1. What are the DHCP option attributes used to assign private DNS servers to your VPC?

• 1. dns resolution and domain name
• 2. hostnames and internet domain
• 3. domain servers and domain name
• 4. domain-name-servers and domain-name

Answer

Answer (D)

Knowledge Area: Virtual Private Cloud (VPC)

---

2. What are two features of CloudWatch operation?

• 1. CloudWatch does not support custom metrics
• 2. CloudWatch permissions are granted per feature and not AWS resource
• 3. collect and monitor operating system and application generated log files
• 4. AWS services automatically create logs for CloudWatch
• 5. CloudTrail generates logs automatically when AWS account is activated

Answer

Answer (B,C)

Knowledge Area: Monitoring Services

---

3. You have an application that collects monitoring data from 10,000 sensors (IoT) deployed in the USA. The datapoints are comprised of video events for home security and environment status alerts. The application will be deployed to AWS with EC2 instances as data collectors. What AWS storage service is preferred for storing video files from sensors?

• 1. RedShift
• 2. RDS
• 3. S3
• 4. DynamoDB

Answer

Answer (C)

Knowledge Area: Storage Services

---

4. What storage type enable permanent attachment of volumes to EC2 instances?

• 1. S3
• 2. RDS
• 3. TDS
• 4. EBS
• 5. instance store

Answer

Answer (D)

Knowledge Area: EC2 Compute

---

5. What are two advantages of selecting default tenancy option for your VPC when creating it?

• 1. performance and reliability
• 2. some AWS services do not work with a dedicated tenancy VPC
• 3. tenant can launch instances within VPC as default or dedicated instances
• 4. instance launch is faster

Answer

Answer (B,C)

Knowledge Area: Virtual Private Cloud (VPC)

---

6. What two statements correctly describe Amazon virtual private gateway?

• 1. assign to private subnets only
• 2. assign to public subnets only
• 3. single virtual private gateway per VPC
• 4. multiple virtual private gateways per VPC
• 5. single virtual private gateway per region

Answer

Answer (A,C)

Knowledge Area: Virtual Private Cloud (VPC)

---

7. What are two features that correctly describe Availability Zone (AZ) architecture?

• 1. multiple regions per AZ
• 2. interconnected with private WAN links
• 3. multiple AZ per region
• 4. interconnected with public WAN links
• 5. data auto-replicated between zones in different regions
• 6. Direct Connect supports Layer 2 connectivity to region

Answer

Answer (B,C)

Knowledge Area: Fault Tolerant Systems

---

8. What AWS services encrypts data at rest by default? (Select two)

• 1. S3
• 2. AWS Storage Gateway
• 3. EBS
• 4. Glacier
• 5. RDS

Answer

Answer (B,D)

Knowledge Area: Storage Services

---

9. What two attributes are only associated with CloudFront private content?

• 1. Amazon S3 URL
• 2. signed cookies
• 3. web distribution
• 4. signed URL
• 5. object

Answer

Answer (B,D)

Knowledge Area: Deployment

---

10. What two statements correctly describe how to add or modify IAM roles to a running EC2 instance?

• 1. attach an IAM role to an existing EC2 instance from the EC2 console
• 2. replace an IAM role attached to an existing EC2 instance from the EC2 console
• 3. attach an IAM role to the user account and relaunch the EC2 instance
• 4. add the EC2 instance to a group where the role is a member

Answer

Answer (A,B)

Knowledge Area: EC2 Compute

---

11. What are the minimum components required to enable a web-based application with public web servers and a private database tier? (select three)

• 1. Internet gateway
• 2. Assign EIP addressing to database instances on private subnet
• 3. Virtual private gateway
• 4. Assign database instances to private subnet and private IP addressing
• 5. Assign EIP and private IP addressing to web servers on public subnet

Answer

Answer (A,D,E)

Knowledge Area: Virtual Private Cloud (VPC)

---

12. What two statements accurately describe Amazon VPC architecture?

• 1. Elastic Load Balancer (ELB) cannot span multiple availability zones
• 2. VPC does not support DMVPN connection
• 3. VPC subnet cannot span multiple availability zones
• 4. VPC cannot span multiple regions
• 5. Flow logs are not supported within a VPC

Answer

Answer (C,D)

Knowledge Area: Virtual Private Cloud (VPC)

---

13. What feature enables CloudWatch to manage capacity dynamically for EC2 instances?

• 1. replication lag
• 2. Auto-Scaling
• 3. Elastic Load Balancer
• 4. vertical scaling

Answer

Answer (B)

Knowledge Area: Monitoring Services

---

14. What authentication method provides Federated Single Sign-On (SSO) for cloud applications?

• 1. ADS
• 2. ISE
• 3. RADIUS
• 4. TACACS
• 5. SAML

Answer

Answer (E)

Knowledge Area: Security Architecture

---

15. What method detects when to replace an EC2 instance that is assigned to an Auto-Scaling group?

• 1. health check
• 2. load balancing algorithm
• 3. EC2 health check
• 4. not currently supported
• 5. dynamic path detection
• 6. Auto-Scaling

Answer

Answer (A)

Knowledge Area: EC2 Compute

---

16. What two resource tags are supported for an EC2 instance?

• 1. VPC endpoint
• 2. EIP
• 3. network interface
• 4. security group
• 5. Flow Log

Answer

Answer (A,E)

Knowledge Area: EC2 Compute

---

17. How is a volume selected (identified) when making an EBS Snapshot?

• 1. account id
• 2. volume id
• 3. tag
• 4. ARN

Answer

Answer (D)

Knowledge Area: Deployment

---

18. What two features provide an encrypted (VPN) connection from VPC to an enterprise data center?

• 1. Internet gateway
• 2. Amazon RDS
• 3. Virtual private gateway
• 4. CSR 1000V router
• 5. NAT gateway

Answer

Answer (C,D)

Knowledge Area: Virtual Private Cloud (VPC)

---

19. What are two advantages of cross-region replication of an S3 bucket?

• 1. cost
• 2. security compliance
• 3. scalability
• 4. Beanstalk support
• 5. minimize latency

Answer

Answer (B,E)

Knowledge Area: Storage Services

---

20. What consistency model is the default used by DynamoDB?

• 1. strongly consistent
• 2. eventually consistent
• 3. no default model
• 4. casual consistency
• 5. sequential consistency

Answer

Answer (B)

Knowledge Area: Database Services

---

21. What features are required to prevent users from bypassing AWS CloudFront security? (Select three)

• 1. Bastion host
• 2. signed URL
• 3. IP whitelist
• 4. signed cookies
• 5. origin access identity (OAI)

Answer

Answer (B,D,E)

Knowledge Area: Security Architecture

---

22. What are the advantages of NAT gateway over NAT instance? (Select two)

• 1. NAT gateway requires a single EC2 instance
• 2. NAT gateway is scalable
• 3. NAT gateway translates faster
• 4. NAT gateways is a managed service
• 5. NAT gateway is Linux-based

Answer

Answer (B,D)

Knowledge Area: Virtual Private Cloud (VPC)

---

23. What two fault tolerant features does Amazon RDS support?

• 1. copy snapshot to a different region
• 2. create read replica to a different region
• 3. copy unencrypted read-replica only
• 4. copy read/write replica and snapshot

Answer

Answer (A,B)

Knowledge Area: Database Services

---

24. What two features describe an Application Load Balancer (ALB)?

• 1. dynamic port mapping
• 2. SSL listener
• 3. layer 7 load balancer
• 4. backend server authentication
• 5. multi-region forwarding

Answer

Answer (A,C)

Knowledge Area: Fault Tolerant Systems

---

25. You have configured a security group to allow ICMP, SSH and RDP inbound and assigned the security group to all instances in a subnet. There is no access to any Linux-based or Windows-based instances and you cannot Ping any instances. The network ACL for the subnet is configured to allow all inbound traffic to the subnet. What is the most probable cause?

• 1. on-premises firewall rules
• 2. security group and network ACL outbound rules
• 3. network ACL outbound rules
• 4. security group outbound rules
• 5. Bastion host required

Answer

Answer (C)

Knowledge Area: Security Architecture

---

26. You have been asked to setup a VPC endpoint connection between VPC and S3 buckets for storing backups and snapshots. What AWS components are currently required when configuring a VPC endpoint?

• 1. Internet gateway
• 2. NAT instance
• 3. Elastic IP
• 4. private IP address

Answer

Answer (D)

Knowledge Area: Virtual Private Cloud (VPC)

---

27. What three attributes are used to define a launch configuration template for an Auto-Scaling group?

• 1. instance type
• 2. private IP address
• 3. Elastic IP
• 4. security group
• 5. AMI

Answer

Answer (A,D,E)

Knowledge Area: EC2 Compute

---

28. You have enabled Amazon RDS database services in VPC1 for an application that has public web servers in VPC2. How do you connect the web servers to the RDS database instance so they can communicate considering the VPC's are in the same region?

• 1. VPC endpoints
• 2. VPN gateway
• 3. path-based routing
• 4. VPC peering
• 5. AWS Network Load Balancer

Answer

Answer (D)

Knowledge Area: Virtual Private Cloud (VPC)

---

29. What two methods are recommended by AWS for protecting EBS data at rest?

• 1. replication
• 2. snapshots
• 3. encryption
• 4. VPN

Answer

Answer (B,C)

Knowledge Area: Fault Tolerant Systems

---

30. What security problem is solved by using Cross-Origin Resource Sharing (CORS)?

• 1. enable HTTP requests from within scripts to a different domain
• 2. enable sharing of web-based files between different buckets
• 3. provide security for third party objects within AWS
• 4. permits sharing objects between AWS services

Answer

Answer (A)

Knowledge Area: Storage Services

---

31. What two features are enabled with S3 services?

• 1. store objects of any size
• 2. dynamic web content
• 3. supports Provisioned IOPS
• 4. store virtually unlimited amounts of data
• 5. bucket names are globally unique

Answer

Answer (D,E)

Knowledge Area: Storage Services

---

32. What is the purpose of a local route within a VPC route table?

• 1. local route is derived from the default VPC CIDR block 10.0.0.0/16
• 2. communicate between instances within the same subnet or different subnets
• 3. used to communicate between instances within the same subnet
• 4. default route for communicating between private and public subnets
• 5. only installed in the main route table

Answer

Answer (C)

Knowledge Area: Virtual Private Cloud (VPC)

---

33. What feature is supported when attaching or detaching an EBS volume from an EC2 instance?

• 1. EBS volume can be attached and detached to an EC2 instance in the same region
• 2. EBS volume can be attached and detached to an EC2 instance that is cross-region
• 3. EBS volume can only be copied and attached to an EC2 instance that is cross-region
• 4. EBS volume can only be attached and detached to an EC2 instance in the same Availability Zone

Answer

Answer (D)

Knowledge Area: EC2 Compute

---

34. What Amazon AWS service supports real-time processing of data stream from multiple consumers and replay of records?

• 1. DynamoDB
• 2. EMR
• 3. Kinesis data streams
• 4. SQS
• 5. RedShift

Answer

Answer (C)

Knowledge Area: Deployment

---

35. What is the fastest and easiest method for migrating an on-premises VMware virtual machine to the AWS cloud?

• 1. Amazon Marketplace
• 2. AWS Server Migration Service
• 3. AWS Storage Gateway
• 4. EC2 Import/Export

Answer

Answer (B)

Knowledge Area: Deployment

---

36. What class of EC2 instance type is recommended for database servers?

• 1. memory optimized
• 2. compute optimized
• 3. storage optimized
• 4. general purpose optimized

Answer

Answer (A)

Knowledge Area: EC2 Compute

---

37. What encryption support is available for tenants that are deploying AWS DynamoDB?

• 1. server-side encryption
• 2. client-side encryption
• 3. client-side and server-side encryption
• 4. encryption not supported
• 5. block level encryption

Answer

Answer (B)

Knowledge Area: Database Services

---

38. What are two characteristics of an Amazon security group?

• 1. instance level packet filtering
• 2. deny rules only
• 3. permit rules only
• 4. subnet level packet filtering
• 5. inbound only

Answer

Answer (A,C)

Knowledge Area: Virtual Private Cloud (VPC)

---

39. How is Route 53 configured for Warm Standby fault tolerance? (Select two)

• 1. automated health checks
• 2. path-based routing
• 3. failover records
• 4. Alias records

Answer

Answer (A,C)

Knowledge Area: Fault Tolerant Systems

---

40. What is the difference between Stream-based and AWS Services when enabling Lambda?

• 1. streams maintains event source mapping in Lambda
• 2. streams maintains event source mapping in event source
• 3. streams maintains event source mapping in EC2 instance
• 4. streams maintains event source mapping in notification
• 5. streams maintains event source mapping in API

Answer

Answer (A)

Knowledge Area: Deployment

---