AWS Certified Solutions Architect -
Associate Practice Questions
Amazon Glacier is designed for: (Choose 2 answers)
A. active database storage.
B. infrequently accessed data.
C. data archives.
D. frequently accessed data.
E. cached session data. Correct Answer: B. infrequently accessed data.
C. data archives.
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?
A. The instance is replaced automatically by the ELB.
B. The instance gets terminated automatically by the ELB.
C. The ELB stops sending traffic to the instance that failed its health check.
D. The instance gets quarantined by the ELB for root cause analysis. Correct Answer: C. The ELB stops
sending traffic to the instance that failed its health check.
You are building a system to distribute confidential training videos to employees. Using CloudFront,
what
method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket
to that OAI.
B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket
policy.
C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the
objects in your S3 bucket to that IAM User.
D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target
bucket as the Amazon Resource Name (ARN). Correct Answer: A. Create an Origin Access Identity (OAI)
for CloudFront and grant access to the objects in your S3 bucket to that OAI.
Which of the following will occur when an EC2 instance in a VPC with an
associated Elastic IP is stopped and started? (Choose 2 answers)
A. The Elastic IP will be dissociated from the instance
B. All data on instance-store devices will be lost
C. All data on EBS (Elastic Block Store) devices will be lost
D. The ENI (Elastic Network Interface) is detached
,E. The underlying host for the instance is changed Correct Answer: B. All data on instance-store devices
will be lost
E. The underlying host for the instance is changed
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:
A. web server visible metrics such as number failed transaction requests
B. operating system visible metrics such as memory utilization
C. database visible metrics such as number of connections
D. hypervisor visible metrics such as CPU utilization Correct Answer: D. hypervisor visible metrics such
as CPU utilization, disk I/O, network I/O
Which is an operational process performed by AWS for data security?
A. AES-256 encryption of data stored on any shared storage device
B. Decommissioning of storage devices using industry-standard practices
C. Background virus scans of EBS volumes and EBS snapshots
D. Replication of data across multiple AWS Regions
E. Secure wiping of EBS data when an EBS volume is unmounted Correct Answer: B. Decommissioning of
storage devices using industry-standard practices
You have been tasked with creating a VPC network topology for your company. The VPC network must
support both Internet-facing applications and internally-facing applications accessed only over VPN.
Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for
high availability. At a minimum, how many subnets must you create within your VPC to accommodate
these requirements?
A. 2
B. 3
C. 4
D. 6 Correct Answer: D. 6
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr
and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your
Spot Instance?
A. $0.00
B. $0.02
C. $0.03
D. $0.05
E. $0.06 Correct Answer: A. $0.00
You are developing a highly available web application using stateless web servers. Which services are
suitable for storing session state data?
Choose 3 answers
A. Amazon CloudWatch
B. Amazon Relational Database Service (RDS)
,C. Elastic Load Balancing
D. Amazon ElastiCache
E. AWS Storage Gateway
F. Amazon DynamoDB Correct Answer: B. Amazon Relational Database Service (RDS)
D. Amazon ElastiCache
F. Amazon DynamoDB
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using
Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency
connectivity) at the database layer. The application needs to remain fully available even if one
application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability
Zones. How can the current architecture be enhanced to ensure this?
A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50
percent peak load per Region.
B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100
percent peak load per region.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per
zone.
D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per
zone. Correct Answer: C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50
percent peak load per zone.
You are deploying an application on EC2 that must call AWS APIs. What method of securely passing
credentials to the application should you use?
A. Use AWS Identity and Access Management roles for EC2 instances.
B. Pass API credentials to the instance using instance userdata.
C. Embed the API credentials into your JAR files.
D. Store API credentials as an object in Amazon Simple Storage Service. Correct Answer: A. Use AWS
Identity and Access Management roles for EC2 instances.
Which route must be added to your routing table in order to allow connections to the Internet from
your subnet?
A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
B. Destination: 192.168.1.257/0 --> Target: your Internet gateway
C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24
E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway Correct Answer: A. Destination:
0.0.0.0/0 --> Target: your Internet gateway
A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service
(S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the
following may help reduce the EMR job completion time?
Choose 2 answers
A. Use three Spot Instances rather than three On-Demand instances for the task nodes.
, B. Change the input split size in the MapReduce job configuration.
C. Use a bootstrap action to present the S3 bucket as a local filesystem.
D. Launch the core nodes and task nodes within an Amazon Virtual Cloud.
E. Adjust the number of simultaneous mapper tasks.
F. Enable termination protection for the job flow. Correct Answer: B. Change the input split size in the
MapReduce job configuration.
E. Adjust the number of simultaneous mapper tasks.
You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can
successfully communicate with other hosts on the internet. You launch a fourth instance in the same
subnet, using the same AMI and security group configuration you used for the others, but find that this
instance cannot be accessed from the Internet. What should you do to enable Internet access?
A. Deploy a NAT instance into the public subnet.
B. Modify the routing table for the public subnet.
C. Assign an elastic IP address to the fourth instance.
D. Configure a publicly routable IP address in the host OS of the fourth instance. Correct Answer: C.
Assign an elastic IP address to the fourth instance.
Which of the following requires a custom CloudWatch metric to monitor?
A. Memory use
B. CPU use
C. Disk read operations
D. Network in
E. Estimated charges Correct Answer: A. Memory use
Which of the following is a durable key-value store?
A. Amazon Simple Storage Service
B. Amazon Simple Workflow Service
C. Amazon Simple Queue Service
D. Amazon Simple Notification Service Correct Answer: A. Amazon Simple Storage Service
After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single
AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and
how would you resolve it?
A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the
failed requests once approved.
B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different
Availability Zone and retry the failed request.
C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a
single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a
VPC.
D. You encountered an API throttling situation and should try the failed requests using an exponential
decay retry algorithm. Correct Answer: A. You encountered a soft limit of 20 instances per region.
Submit the limit increase form and retry the failed requests once approved.
Associate Practice Questions
Amazon Glacier is designed for: (Choose 2 answers)
A. active database storage.
B. infrequently accessed data.
C. data archives.
D. frequently accessed data.
E. cached session data. Correct Answer: B. infrequently accessed data.
C. data archives.
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?
A. The instance is replaced automatically by the ELB.
B. The instance gets terminated automatically by the ELB.
C. The ELB stops sending traffic to the instance that failed its health check.
D. The instance gets quarantined by the ELB for root cause analysis. Correct Answer: C. The ELB stops
sending traffic to the instance that failed its health check.
You are building a system to distribute confidential training videos to employees. Using CloudFront,
what
method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket
to that OAI.
B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket
policy.
C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the
objects in your S3 bucket to that IAM User.
D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target
bucket as the Amazon Resource Name (ARN). Correct Answer: A. Create an Origin Access Identity (OAI)
for CloudFront and grant access to the objects in your S3 bucket to that OAI.
Which of the following will occur when an EC2 instance in a VPC with an
associated Elastic IP is stopped and started? (Choose 2 answers)
A. The Elastic IP will be dissociated from the instance
B. All data on instance-store devices will be lost
C. All data on EBS (Elastic Block Store) devices will be lost
D. The ENI (Elastic Network Interface) is detached
,E. The underlying host for the instance is changed Correct Answer: B. All data on instance-store devices
will be lost
E. The underlying host for the instance is changed
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:
A. web server visible metrics such as number failed transaction requests
B. operating system visible metrics such as memory utilization
C. database visible metrics such as number of connections
D. hypervisor visible metrics such as CPU utilization Correct Answer: D. hypervisor visible metrics such
as CPU utilization, disk I/O, network I/O
Which is an operational process performed by AWS for data security?
A. AES-256 encryption of data stored on any shared storage device
B. Decommissioning of storage devices using industry-standard practices
C. Background virus scans of EBS volumes and EBS snapshots
D. Replication of data across multiple AWS Regions
E. Secure wiping of EBS data when an EBS volume is unmounted Correct Answer: B. Decommissioning of
storage devices using industry-standard practices
You have been tasked with creating a VPC network topology for your company. The VPC network must
support both Internet-facing applications and internally-facing applications accessed only over VPN.
Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for
high availability. At a minimum, how many subnets must you create within your VPC to accommodate
these requirements?
A. 2
B. 3
C. 4
D. 6 Correct Answer: D. 6
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr
and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your
Spot Instance?
A. $0.00
B. $0.02
C. $0.03
D. $0.05
E. $0.06 Correct Answer: A. $0.00
You are developing a highly available web application using stateless web servers. Which services are
suitable for storing session state data?
Choose 3 answers
A. Amazon CloudWatch
B. Amazon Relational Database Service (RDS)
,C. Elastic Load Balancing
D. Amazon ElastiCache
E. AWS Storage Gateway
F. Amazon DynamoDB Correct Answer: B. Amazon Relational Database Service (RDS)
D. Amazon ElastiCache
F. Amazon DynamoDB
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using
Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency
connectivity) at the database layer. The application needs to remain fully available even if one
application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability
Zones. How can the current architecture be enhanced to ensure this?
A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50
percent peak load per Region.
B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100
percent peak load per region.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per
zone.
D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per
zone. Correct Answer: C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50
percent peak load per zone.
You are deploying an application on EC2 that must call AWS APIs. What method of securely passing
credentials to the application should you use?
A. Use AWS Identity and Access Management roles for EC2 instances.
B. Pass API credentials to the instance using instance userdata.
C. Embed the API credentials into your JAR files.
D. Store API credentials as an object in Amazon Simple Storage Service. Correct Answer: A. Use AWS
Identity and Access Management roles for EC2 instances.
Which route must be added to your routing table in order to allow connections to the Internet from
your subnet?
A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
B. Destination: 192.168.1.257/0 --> Target: your Internet gateway
C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24
E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway Correct Answer: A. Destination:
0.0.0.0/0 --> Target: your Internet gateway
A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service
(S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the
following may help reduce the EMR job completion time?
Choose 2 answers
A. Use three Spot Instances rather than three On-Demand instances for the task nodes.
, B. Change the input split size in the MapReduce job configuration.
C. Use a bootstrap action to present the S3 bucket as a local filesystem.
D. Launch the core nodes and task nodes within an Amazon Virtual Cloud.
E. Adjust the number of simultaneous mapper tasks.
F. Enable termination protection for the job flow. Correct Answer: B. Change the input split size in the
MapReduce job configuration.
E. Adjust the number of simultaneous mapper tasks.
You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can
successfully communicate with other hosts on the internet. You launch a fourth instance in the same
subnet, using the same AMI and security group configuration you used for the others, but find that this
instance cannot be accessed from the Internet. What should you do to enable Internet access?
A. Deploy a NAT instance into the public subnet.
B. Modify the routing table for the public subnet.
C. Assign an elastic IP address to the fourth instance.
D. Configure a publicly routable IP address in the host OS of the fourth instance. Correct Answer: C.
Assign an elastic IP address to the fourth instance.
Which of the following requires a custom CloudWatch metric to monitor?
A. Memory use
B. CPU use
C. Disk read operations
D. Network in
E. Estimated charges Correct Answer: A. Memory use
Which of the following is a durable key-value store?
A. Amazon Simple Storage Service
B. Amazon Simple Workflow Service
C. Amazon Simple Queue Service
D. Amazon Simple Notification Service Correct Answer: A. Amazon Simple Storage Service
After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single
AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and
how would you resolve it?
A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the
failed requests once approved.
B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different
Availability Zone and retry the failed request.
C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a
single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a
VPC.
D. You encountered an API throttling situation and should try the failed requests using an exponential
decay retry algorithm. Correct Answer: A. You encountered a soft limit of 20 instances per region.
Submit the limit increase form and retry the failed requests once approved.
