Certification : AWS Certified Solutions Architect Associate Practice Exams Set 8

A startup company wants to launch a fleet of EC2 instances on AWS. Your manager wants to ensure that the Java programming language is installed automatically when the instance is launched. In which of the below configurations can you achieve this requirement?


Options are :

  • User data (Correct)
  • EC2Config service
  • IAM roles
  • AWS Config

Answer : User data

You are working as a Solutions Architect for a major accounting firm, and they have a legacy general ledger accounting application that needs to be moved to AWS. However, the legacy application has a dependency on multicast networking. On this scenario, which of the following options should you consider to ensure the legacy application works in AWS?


Options are :

  • Provision Elastic Network Interfaces between the subnets.
  • Create all the subnets on another VPC and enable VPC peering.
  • Create a virtual overlay network running on the OS level of the instance. (Correct)
  • All of the above.

Answer : Create a virtual overlay network running on the OS level of the instance.

A multinational manufacturing company has multiple accounts in AWS to separate their various departments such as finance, human resources, engineering and many others. There is a requirement to ensure that certain access to services and actions are properly controlled to comply with the security policy of the company.

As the Solutions Architect, which is the most suitable way to set up the multi-account AWS environment of the company?


Options are :

  • Set up a common IAM policy that can be applied across all AWS accounts.
  • Connect all departments by setting up a cross-account access to each of the AWS accounts of the company. Create and attach IAM policies to your resources based on their respective departments to control access.
  • Provide access to externally authenticated users via Identity Federation. Set up an IAM role to specify permissions for users from each department whose identity is federated from your organization or a third-party identity provider.
  • Use AWS Organizations and Service Control Policies to control services on each account. (Correct)

Answer : Use AWS Organizations and Service Control Policies to control services on each account.

You are working for a global news network where you have set up a CloudFront distribution for your web application. However, you noticed that your application's origin server is being hit for each request instead of the AWS Edge locations, which serve the cached objects. The issue occurs even for the commonly requested objects.

What could be a possible cause of this issue?


Options are :

  • An object is only cached by Cloudfront once a successful request has been made hence, the objects were not requested before, which is why the request is still directed to the origin server.
  • The file sizes of the cached objects are too large for CloudFront to handle.
  • The Cache-Control max-age directive is set to zero. (Correct)
  • You did not add an SSL certificate.

Answer : The Cache-Control max-age directive is set to zero.

AWS hosts a variety of public datasets such as satellite imagery, geospatial, or genomic data that you want to use for your web application hosted in Amazon EC2.   

If you use these datasets, how much will it cost you?


Options are :

  • A one-time charge of $10.
  • $10 per month for each dataset.
  • $10 per month for all datasets.
  • No charge. (Correct)

Answer : No charge.

A game development company operates several virtual reality (VR) and augmented reality (AR) games which use various RESTful web APIs hosted on their on-premises data center. Due to the unprecedented growth of their company, they decided to migrate their system to AWS Cloud to scale out their resources as well to minimize costs. 

Which of the following should you recommend as the most cost-effective and scalable solution to meet the above requirement?


Options are :

  • Use AWS Lambda and Amazon API Gateway. (Correct)
  • Set up a micro-service architecture with ECS, ECR, and Fargate.
  • Host the APIs in a static S3 web hosting bucket behind a CloudFront web distribution.
  • Use Spot Amazon EC2 instances behind an Application Load Balancer.

Answer : Use AWS Lambda and Amazon API Gateway.

You are working as a Cloud Engineer in a leading technology consulting firm which is using a fleet of Windows-based EC2 instances with IPv4 addresses launched in a private subnet. Several software installed in the EC2 instances are required to be updated via the Internet.   

Which of the following services can provide you with a highly available solution to safely allow the instances to fetch the software patches from the Internet but prevent outside network from initiating a connection? 


Options are :

  • Egress-Only Internet Gateway
  • VPC Endpoint
  • NAT Gateway (Correct)
  • NAT Instance

Answer : NAT Gateway

Your company has developed a financial analytics web application hosted in a Docker container using MEAN (MongoDB, Express.js, AngularJS, and Node.js) stack. You want to easily port that web application to AWS Cloud which can automatically handle all the tasks such as balancing load, auto-scaling, monitoring, and placing your containers across your cluster.   

Which of the following services can be used to fulfill this requirement?


Options are :

  • ECS
  • OpsWorks
  • AWS CodeDeploy
  • AWS Elastic Beanstalk (Correct)

Answer : AWS Elastic Beanstalk

You are working for a computer animation film studio that has a web application running on an Amazon EC2 instance. It uploads 5 GB video objects to an Amazon S3 bucket. Video uploads are taking longer than expected, which impacts the performance of your application.

Which method will help improve the performance of your application?


Options are :

  • Enable Enhanced Networking to your EC2 Instances.
  • Use Amazon S3 Multipart Upload API. (Correct)
  • Leverage on Amazon CloudFront and use HTTP POST method to reduce latency.
  • Use Amazon Elastic Block Store Provisioned IOPS and an Amazon EBS-optimized instance.

Answer : Use Amazon S3 Multipart Upload API.

A mobile application stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider.

Which AWS Security Token Service approach to temporary access should you use for this scenario?


Options are :

  • SAML-based Identity Federation
  • Cross-Account Access
  • AWS Identity and Access Management roles
  • Web Identity Federation (Correct)

Answer : Web Identity Federation

As the Solutions Architect, you have built a photo-sharing site for an entertainment company. The site was hosted using 3 EC2 instances in a single availability zone with a Classic Load Balancer in front to evenly distribute the incoming load.   

What should you do to enable your Classic Load Balancer to bind a user's session to a specific instance? 


Options are :

  • Sticky Sessions (Correct)
  • Availability Zone
  • Placement Group
  • Security Group

Answer : Sticky Sessions

A multinational company has been building its new generation big data and analytics platform in AWS in which they need a scalable storage service. The data need to be stored redundantly across multiple AZ's and allows concurrent connections from multiple EC2 instances hosted on multiple Availability Zones.

Which of the following AWS storage service is the best one to use in this scenario?


Options are :

  • EBS Volumes
  • Elastic File System (Correct)
  • Amazon S3
  • ElastiCache

Answer : Elastic File System

You are a Solutions Architect of a tech company. You are having an issue whenever you try to connect to your newly created EC2 instance using a Remote Desktop connection from your computer. Upon checking, you have verified that the instance has a public IP and the Internet gateway and route tables are in place.

What else should you do for you to resolve this issue?


Options are :

  • You should adjust the security group to allow traffic from port 22
  • You should adjust the security group to allow traffic from port 3389 (Correct)
  • You should restart the EC2 instance since there might be some issue with the instance
  • You should create a new instance since there might be some issue with the instance

Answer : You should adjust the security group to allow traffic from port 3389

You were hired as an IT Consultant in a startup cryptocurrency company that wants to go global with their international money transfer app. Your project is to make sure that the database of the app is highly available on multiple regions.   

What are the benefits of adding Multi-AZ deployments in Amazon RDS? (Choose 2) 


Options are :

  • It makes the database fault-tolerant to an Availability Zone failure. (Correct)
  • Significantly increases the database performance.
  • Creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ) in a different region.
  • Increased database availability in the case of system upgrades like OS patching or DB Instance scaling. (Correct)
  • Provides SQL optimization.

Answer : It makes the database fault-tolerant to an Availability Zone failure. Increased database availability in the case of system upgrades like OS patching or DB Instance scaling.

You are building a microservices architecture in which a software is composed of small independent services that communicate over well-defined APIs. In building large-scale systems, fine-grained decoupling of microservices is a recommended practice to implement. The decoupled services should scale horizontally from each other to improve scalability.

What is the difference between Horizontal scaling and Vertical scaling?


Options are :

  • Vertical scaling means running the same software on a fully serverless architecture using Lambda. Horizontal scaling means adding more servers to the existing pool and it doesn’t run into limitations of individual servers.
  • Horizontal scaling means running the same software on bigger machines which is limited by the capacity of individual servers. Vertical scaling is adding more servers to the existing pool and doesn’t run into limitations of individual servers.
  • Vertical scaling means running the same software on bigger machines which is limited by the capacity of the individual server. Horizontal scaling is adding more servers to the existing pool and doesn’t run into limitations of individual servers. (Correct)
  • Horizontal scaling means running the same software on smaller containers such as Docker and Kubernetes using ECS or EKS. Vertical scaling is adding more servers to the existing pool and doesn’t run into limitations of individual servers.

Answer : Vertical scaling means running the same software on bigger machines which is limited by the capacity of the individual server. Horizontal scaling is adding more servers to the existing pool and doesn’t run into limitations of individual servers.

You have created a VPC with a single subnet then you launched an On-Demand EC2 instance in that subnet. You have attached Internet gateway (IGW) to the VPC and verified that the EC2 instance has a public IP. The main route table of the VPC is as shown below:



However, the instance still cannot be reached from the Internet when you tried to connect to it from your computer. Which of the following should be made to the route table to fix this issue?


Options are :

  • Add this new entry to the route table: 0.0.0.0/27 -> Your Internet Gateway
  • Modify the above route table: 10.0.0.0/27 -> Your Internet Gateway
  • Add the following entry to the route table: 10.0.0.0/27 -> Your Internet Gateway
  • Add a new entry to the route table - 0.0.0.0/27 -> Internet Gateway
  • Add this new entry to the route table: 0.0.0.0/0 -> Your Internet Gateway (Correct)

Answer : Add this new entry to the route table: 0.0.0.0/0 -> Your Internet Gateway

The company that you are working for has instructed you to create a cost-effective cloud solution for their online movie ticketing service. Your team has designed a solution of using a fleet of Spot EC2 instances to host the new ticketing web application. You requested a spot instance at a maximum price of $0.06/hr which has been fulfilled immediately. After 45 minutes, the spot price increased to $0.08/hr and then your instance was terminated by AWS.   

What was the total EC2 compute cost of running your spot instances?


Options are :

  • $0.00 (Correct)
  • $0.06
  • $0.08
  • $0.07

Answer : $0.00

A global medical research company has a molecular imaging system which provides each client with frequently updated images of what is happening inside the human body at the molecular and cellular level. The system is hosted in AWS and the images are hosted in an S3 bucket behind a CloudFront web distribution. There was a new batch of updated images that were uploaded in S3, however, the users were reporting that they were still seeing the old content. You need to control which image will be returned by the system even when the user has another version cached either locally or behind a corporate caching proxy. 

Which of the following is the most suitable solution to solve this issue?


Options are :

  • Use versioned objects (Correct)
  • Invalidate the files in your CloudFront web distribution
  • Add a separate cache behavior path for the content and configure a custom object caching with a Minimum TTL of 0
  • Add Cache-Control no-cache, no-store, or private directives to the objects that you don't want CloudFront to cache.

Answer : Use versioned objects

Your company would like to store their old yet confidential corporate files that are infrequently accessed. What cost-efficient solution in AWS should you recommend?


Options are :

  • Amazon Storage Gateway
  • Amazon Glacier (Correct)
  • Amazon EBS
  • Amazon S3

Answer : Amazon Glacier

You are planning to launch an application that tracks the GPS coordinates of delivery trucks in your country. The coordinates are transmitted from each delivery truck every five seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. The aggregated data will be analyzed in a separate reporting application.

Which AWS service should you use for this scenario?


Options are :

  • Amazon Kinesis (Correct)
  • AWS Data Pipeline
  • Amazon AppStream
  • Amazon Simple Queue Service

Answer : Amazon Kinesis

You are working as an AWS Engineer in a major telecommunications company in which you are tasked to make a network monitoring system. You launched an EC2 instance to host the monitoring system and used CloudWatch to monitor, store, and access the log files of your instance.   

Which of the following provides an automated way to send log data to CloudWatch Logs from your Amazon EC2 instance? 


Options are :

  • CloudWatch Logs agent (Correct)
  • CloudTrail
  • VPC Flow Logs
  • CloudTrail Logs agent

Answer : CloudWatch Logs agent

A web application is hosted on a fleet of EC2 instances inside an Auto Scaling Group with a couple of Lambda functions for ad hoc processing. Whenever you release updates to your application every week, there are inconsistencies where some resources are not updated properly. You need a way to group the resources together and deploy the new version of your code consistently among the groups with minimal downtime. 

Which among these options should you do to satisfy the given requirement with the least effort?


Options are :

  • Create CloudFormation templates that have the latest configurations and code in them.
  • Use CodeCommit to publish your code quickly in a private repository and push them to your resources for fast updates.
  • Use deployment groups in CodeDeploy to automate code deployments in a consistent manner. (Correct)
  • Create OpsWorks recipes that will automatically launch resources containing the latest version of the code.

Answer : Use deployment groups in CodeDeploy to automate code deployments in a consistent manner.

An online shopping platform has been deployed to AWS using Elastic Beanstalk. They simply uploaded their Node.js application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. Since the entire deployment process is automated, the DevOps team is not sure where to get the application log files of their shopping platform. 

In Elastic Beanstalk, where does it store the application files and server log files?


Options are :

  • Application files are stored in S3. The server log files can only be stored in the attached EBS volumes of the EC2 instances, which were launched by AWS Elastic Beanstalk.
  • Application files are stored in S3. The server log files can be stored directly in Glacier or in CloudWatch Logs.
  • Application files are stored in S3. The server log files can be optionally stored in CloudTrail or in CloudWatch Logs.
  • Application files are stored in S3. The server log files can also optionally be stored in S3 or in CloudWatch Logs. (Correct)

Answer : Application files are stored in S3. The server log files can also optionally be stored in S3 or in CloudWatch Logs.

You are working as a Solutions Architect in a global investment bank which requires corporate IT governance and cost oversight of all of their AWS resources across their divisions around the world. Their corporate divisions want to maintain administrative control of the discrete AWS resources they consume and ensure that those resources are separate from other divisions.   

Which of the following options will support the autonomy of each corporate division while enabling the corporate IT to maintain governance and cost oversight? (Choose 2)


Options are :

  • Use AWS Trusted Advisor
  • Enable IAM cross-account access for all corporate IT administrators in each child account. (Correct)
  • Create separate VPCs for each division within the corporate IT AWS account.
  • Use AWS Consolidated Billing by creating AWS Organizations to link the divisions’ accounts to a parent corporate account. (Correct)
  • Create separate Availability Zones for each division within the corporate IT AWS account.

Answer : Enable IAM cross-account access for all corporate IT administrators in each child account. Use AWS Consolidated Billing by creating AWS Organizations to link the divisions’ accounts to a parent corporate account.

A Solutions Architect designed a real-time data analytics system based on Kinesis Data Stream and Lambda. A week after the system has been deployed, the users noticed that it performed slowly as the data rate increases. The Architect identified that the performance of the Kinesis Data Streams is causing this problem.

Which of the following should the Architect do to improve performance?


Options are :

  • Increase the number of shards of the Kinesis stream by using the UpdateShardCount command. (Correct)
  • Replace the data stream with Amazon Kinesis Data Firehose instead.
  • Improve the performance of the stream by decreasing the number of its shards using the MergeShard command.
  • Implement Step Scaling to the Kinesis Data Stream.

Answer : Increase the number of shards of the Kinesis stream by using the UpdateShardCount command.

You are working as a Senior Solutions Architect for a data analytics company which has a VPC for their human resource department, and another VPC for their finance department. You need to configure your architecture to allow the finance department to access all resources that are in the human resource department and vice versa.

Which type of networking connection in AWS should you set up to satisfy the above requirement?


Options are :

  • VPC Connection
  • VPN Connection
  • VPC Endpoint
  • VPC Peering (Correct)

Answer : VPC Peering

A top university has recently launched its online learning portal where the students can take e-learning courses from the comforts of their homes. The portal is on a large On-Demand EC2 instance with a single Amazon Aurora database.   

How can you improve the availability of your Aurora database to prevent any unnecessary downtime of the online portal?


Options are :

  • Create Amazon Aurora Replicas. (Correct)
  • Deploy Aurora to two Auto-Scaling groups of EC2 instances across two Availability Zones with an elastic load balancer which handles load balancing.
  • Enable Hash Joins to improve the database query performance.
  • Use an Asynchronous Key Prefetch in Amazon Aurora to improve the performance of queries that join tables across indexes.

Answer : Create Amazon Aurora Replicas.

A commercial bank has designed their next generation online banking platform to use a distributed system architecture. As their Software Architect, you have to ensure that their architecture is highly scalable, yet still cost-effective. Which of the following will provide the most suitable solution for this scenario?


Options are :

  • Launch multiple EC2 instances behind an Application Load Balancer to host your application services and SNS which will act as a highly-scalable buffer that stores messages as they travel between distributed applications.
  • Launch an Auto-Scaling group of EC2 instances to host your application services and an SQS queue. Include an Auto Scaling trigger to watch the SQS queue size which will either scale in or scale out the number of EC2 instances based on the queue. (Correct)
  • Launch multiple EC2 instances behind an Application Load Balancer to host your application services, and SWF which will act as a highly-scalable buffer that stores messages as they travel between distributed applications.
  • Launch multiple On-Demand EC2 instances to host your application services and an SQS queue which will act as a highly-scalable buffer that stores messages as they travel between distributed applications.

Answer : Launch an Auto-Scaling group of EC2 instances to host your application services and an SQS queue. Include an Auto Scaling trigger to watch the SQS queue size which will either scale in or scale out the number of EC2 instances based on the queue.

You deployed a web application to an EC2 instance that adds a variety of photo effects to a picture uploaded by the users. The application will put the generated photos to an S3 bucket by sending PUT requests to the S3 API.   

What is the best option for this scenario considering that you need to have API credentials to be able to send a request to the S3 API?


Options are :

  • Encrypt the API credentials and store in any directory of the EC2 instance.
  • Create a role in IAM. Afterwards, assign this role to a new EC2 instance. (Correct)
  • Store your API credentials in Amazon Glacier.
  • Store the API credentials in the root web application directory of the EC2 instance.

Answer : Create a role in IAM. Afterwards, assign this role to a new EC2 instance.

You are working as an IT Consultant for a top investment firm. Your task is to ensure smooth upgrade of their accounting system in AWS to a new version without any system outages. The Technical Manager gave an advice to implement an in-place upgrade strategy while a DevOps Engineer suggested to use Blue/Green Deployment strategy instead.

Which of the following options are not the advantages of using Blue/Green Deployment over in-place upgrade strategy? (Choose 2)


Options are :

  • Blue/green deployments provide a level of isolation between your blue and green application environments, which reduce the deployment risk. The blue environment represents the current application version serving production traffic while the green one is staged running a different or upgrade version of your application.
  • It has the ability to simply roll the incoming traffic back to the currently working environment, in case of system failures, any time during the deployment process.
  • You can use Blue/Green Deployment with CodeCommit and CodeBuild to automatically deploy the new version of your application. (Correct)
  • Impaired operation or downtime is minimized because impact is limited to the window of time between green environment issue detection and shift of traffic back to the blue environment.
  • Blue/green deployment is more cost-effective than in-place upgrade. You don't need to launch a new environment with additional AWS resources. (Correct)

Answer : You can use Blue/Green Deployment with CodeCommit and CodeBuild to automatically deploy the new version of your application. Blue/green deployment is more cost-effective than in-place upgrade. You don't need to launch a new environment with additional AWS resources.