This is a list of AWS Certified Solutions Architect Associate questions and their answers ✨
I have also added a lot of good practice tests at the following Udemy course AWS Certified Solutions Architect Associate Practice Tests.
From basic to advanced, test how well you know AWS, refresh your knowledge a bit, or prepare for your AWS Certified Solutions Architect Associate exam!
Feel free to reach out to me! 👨💻
Twitter || LinkedIn || Blog
-
- dns resolution and domain name
-
- hostnames and internet domain
-
- domain servers and domain name
-
- domain-name-servers and domain-name
-
- CloudWatch does not support custom metrics
-
- CloudWatch permissions are granted per feature and not AWS resource
-
- collect and monitor operating system and application generated log files
-
- AWS services automatically create logs for CloudWatch
-
- CloudTrail generates logs automatically when AWS account is activated
3. You have an application that collects monitoring data from 10,000 sensors (IoT) deployed in the USA. The datapoints are comprised of video events for home security and environment status alerts. The application will be deployed to AWS with EC2 instances as data collectors. What AWS storage service is preferred for storing video files from sensors?
-
- RedShift
-
- RDS
-
- S3
-
- DynamoDB
-
- S3
-
- RDS
-
- TDS
-
- EBS
-
- instance store
-
- performance and reliability
-
- some AWS services do not work with a dedicated tenancy VPC
-
- tenant can launch instances within VPC as default or dedicated instances
-
- instance launch is faster
-
- assign to private subnets only
-
- assign to public subnets only
-
- single virtual private gateway per VPC
-
- multiple virtual private gateways per VPC
-
- single virtual private gateway per region
-
- multiple regions per AZ
-
- interconnected with private WAN links
-
- multiple AZ per region
-
- interconnected with public WAN links
-
- data auto-replicated between zones in different regions
-
- Direct Connect supports Layer 2 connectivity to region
-
- S3
-
- AWS Storage Gateway
-
- EBS
-
- Glacier
-
- RDS
-
- Amazon S3 URL
-
- signed cookies
-
- web distribution
-
- signed URL
-
- object
10. What two statements correctly describe how to add or modify IAM roles to a running EC2 instance?
-
- attach an IAM role to an existing EC2 instance from the EC2 console
-
- replace an IAM role attached to an existing EC2 instance from the EC2 console
-
- attach an IAM role to the user account and relaunch the EC2 instance
-
- add the EC2 instance to a group where the role is a member
11. What are the minimum components required to enable a web-based application with public web servers and a private database tier? (select three)
-
- Internet gateway
-
- Assign EIP addressing to database instances on private subnet
-
- Virtual private gateway
-
- Assign database instances to private subnet and private IP addressing
-
- Assign EIP and private IP addressing to web servers on public subnet
-
- Elastic Load Balancer (ELB) cannot span multiple availability zones
-
- VPC does not support DMVPN connection
-
- VPC subnet cannot span multiple availability zones
-
- VPC cannot span multiple regions
-
- Flow logs are not supported within a VPC
-
- replication lag
-
- Auto-Scaling
-
- Elastic Load Balancer
-
- vertical scaling
-
- ADS
-
- ISE
-
- RADIUS
-
- TACACS
-
- SAML
-
- health check
-
- load balancing algorithm
-
- EC2 health check
-
- not currently supported
-
- dynamic path detection
-
- Auto-Scaling
-
- VPC endpoint
-
- EIP
-
- network interface
-
- security group
-
- Flow Log
-
- account id
-
- volume id
-
- tag
-
- ARN
-
- Internet gateway
-
- Amazon RDS
-
- Virtual private gateway
-
- CSR 1000V router
-
- NAT gateway
-
- cost
-
- security compliance
-
- scalability
-
- Beanstalk support
-
- minimize latency
-
- strongly consistent
-
- eventually consistent
-
- no default model
-
- casual consistency
-
- sequential consistency
21. What features are required to prevent users from bypassing AWS CloudFront security? (Select three)
-
- Bastion host
-
- signed URL
-
- IP whitelist
-
- signed cookies
-
- origin access identity (OAI)
-
- NAT gateway requires a single EC2 instance
-
- NAT gateway is scalable
-
- NAT gateway translates faster
-
- NAT gateways is a managed service
-
- NAT gateway is Linux-based
-
- copy snapshot to a different region
-
- create read replica to a different region
-
- copy unencrypted read-replica only
-
- copy read/write replica and snapshot
-
- dynamic port mapping
-
- SSL listener
-
- layer 7 load balancer
-
- backend server authentication
-
- multi-region forwarding
25. You have configured a security group to allow ICMP, SSH and RDP inbound and assigned the security group to all instances in a subnet. There is no access to any Linux-based or Windows-based instances and you cannot Ping any instances. The network ACL for the subnet is configured to allow all inbound traffic to the subnet. What is the most probable cause?
-
- on-premises firewall rules
-
- security group and network ACL outbound rules
-
- network ACL outbound rules
-
- security group outbound rules
-
- Bastion host required
26. You have been asked to setup a VPC endpoint connection between VPC and S3 buckets for storing backups and snapshots. What AWS components are currently required when configuring a VPC endpoint?
-
- Internet gateway
-
- NAT instance
-
- Elastic IP
-
- private IP address
27. What three attributes are used to define a launch configuration template for an Auto-Scaling group?
-
- instance type
-
- private IP address
-
- Elastic IP
-
- security group
-
- AMI
28. You have enabled Amazon RDS database services in VPC1 for an application that has public web servers in VPC2. How do you connect the web servers to the RDS database instance so they can communicate considering the VPC's are in the same region?
-
- VPC endpoints
-
- VPN gateway
-
- path-based routing
-
- VPC peering
-
- AWS Network Load Balancer
-
- replication
-
- snapshots
-
- encryption
-
- VPN
-
- enable HTTP requests from within scripts to a different domain
-
- enable sharing of web-based files between different buckets
-
- provide security for third party objects within AWS
-
- permits sharing objects between AWS services
-
- store objects of any size
-
- dynamic web content
-
- supports Provisioned IOPS
-
- store virtually unlimited amounts of data
-
- bucket names are globally unique
-
- local route is derived from the default VPC CIDR block 10.0.0.0/16
-
- communicate between instances within the same subnet or different subnets
-
- used to communicate between instances within the same subnet
-
- default route for communicating between private and public subnets
-
- only installed in the main route table
-
- EBS volume can be attached and detached to an EC2 instance in the same region
-
- EBS volume can be attached and detached to an EC2 instance that is cross-region
-
- EBS volume can only be copied and attached to an EC2 instance that is cross-region
-
- EBS volume can only be attached and detached to an EC2 instance in the same Availability Zone
34. What Amazon AWS service supports real-time processing of data stream from multiple consumers and replay of records?
-
- DynamoDB
-
- EMR
-
- Kinesis data streams
-
- SQS
-
- RedShift
35. What is the fastest and easiest method for migrating an on-premises VMware virtual machine to the AWS cloud?
-
- Amazon Marketplace
-
- AWS Server Migration Service
-
- AWS Storage Gateway
-
- EC2 Import/Export
-
- memory optimized
-
- compute optimized
-
- storage optimized
-
- general purpose optimized
-
- server-side encryption
-
- client-side encryption
-
- client-side and server-side encryption
-
- encryption not supported
-
- block level encryption
-
- instance level packet filtering
-
- deny rules only
-
- permit rules only
-
- subnet level packet filtering
-
- inbound only
-
- automated health checks
-
- path-based routing
-
- failover records
-
- Alias records
-
- streams maintains event source mapping in Lambda
-
- streams maintains event source mapping in event source
-
- streams maintains event source mapping in EC2 instance
-
- streams maintains event source mapping in notification
-
- streams maintains event source mapping in API