├── LICENSE └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Anuj Bansal 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 | 3 |

AWS Certified Solutions Architect Associate Practice Questions

4 | 5 | This is a list of AWS Certified Solutions Architect Associate questions and their answers ✨ 6 | 7 | 8 | I have also added a lot of good practice tests at the following Udemy course [AWS Certified Solutions Architect Associate Practice Tests](https://www.udemy.com/course/aws-certified-solutions-architect-associate-practice-tests-s/?referralCode=A7EE53FF637EB9125780). 9 | 10 | From basic to advanced, test how well you know AWS, refresh your knowledge a bit, or prepare for your AWS Certified Solutions Architect Associate exam! 11 | 12 | Feel free to reach out to me! 👨‍💻
13 | Twitter || LinkedIn || Blog 14 |
15 | 16 | --- 17 | 18 | ###### 1. What are the DHCP option attributes used to assign private DNS servers to your VPC? 19 | 20 | - 1. dns resolution and domain name 21 | - 2. hostnames and internet domain 22 | - 3. domain servers and domain name 23 | - 4. domain-name-servers and domain-name 24 | 25 |
Answer 26 |

27 | 28 | #### Answer (D) 29 | 30 | Knowledge Area: Virtual Private Cloud (VPC) 31 | 32 |

33 |
34 | 35 | --- 36 | 37 | 38 | ###### 2. What are two features of CloudWatch operation? 39 | 40 | - 1. CloudWatch does not support custom metrics 41 | - 2. CloudWatch permissions are granted per feature and not AWS resource 42 | - 3. collect and monitor operating system and application generated log files 43 | - 4. AWS services automatically create logs for CloudWatch 44 | - 5. CloudTrail generates logs automatically when AWS account is activated 45 | 46 |
Answer 47 |

48 | 49 | #### Answer (B,C) 50 | 51 | Knowledge Area: Monitoring Services 52 | 53 |

54 |
55 | 56 | --- 57 | 58 | 59 | ###### 3. You have an application that collects monitoring data from 10,000 sensors (IoT) deployed in the USA. The datapoints are comprised of video events for home security and environment status alerts. The application will be deployed to AWS with EC2 instances as data collectors. What AWS storage service is preferred for storing video files from sensors? 60 | 61 | - 1. RedShift 62 | - 2. RDS 63 | - 3. S3 64 | - 4. DynamoDB 65 | 66 |
Answer 67 |

68 | 69 | #### Answer (C) 70 | 71 | Knowledge Area: Storage Services 72 | 73 |

74 |
75 | 76 | --- 77 | 78 | 79 | ###### 4. What storage type enable permanent attachment of volumes to EC2 instances? 80 | 81 | - 1. S3 82 | - 2. RDS 83 | - 3. TDS 84 | - 4. EBS 85 | - 5. instance store 86 | 87 |
Answer 88 |

89 | 90 | #### Answer (D) 91 | 92 | Knowledge Area: EC2 Compute 93 | 94 |

95 |
96 | 97 | --- 98 | 99 | 100 | ###### 5. What are two advantages of selecting default tenancy option for your VPC when creating it? 101 | 102 | - 1. performance and reliability 103 | - 2. some AWS services do not work with a dedicated tenancy VPC 104 | - 3. tenant can launch instances within VPC as default or dedicated instances 105 | - 4. instance launch is faster 106 | 107 |
Answer 108 |

109 | 110 | #### Answer (B,C) 111 | 112 | Knowledge Area: Virtual Private Cloud (VPC) 113 | 114 |

115 |
116 | 117 | --- 118 | 119 | 120 | ###### 6. What two statements correctly describe Amazon virtual private gateway? 121 | 122 | - 1. assign to private subnets only 123 | - 2. assign to public subnets only 124 | - 3. single virtual private gateway per VPC 125 | - 4. multiple virtual private gateways per VPC 126 | - 5. single virtual private gateway per region 127 | 128 |
Answer 129 |

130 | 131 | #### Answer (A,C) 132 | 133 | Knowledge Area: Virtual Private Cloud (VPC) 134 | 135 |

136 |
137 | 138 | --- 139 | 140 | 141 | ###### 7. What are two features that correctly describe Availability Zone (AZ) architecture? 142 | 143 | - 1. multiple regions per AZ 144 | - 2. interconnected with private WAN links 145 | - 3. multiple AZ per region 146 | - 4. interconnected with public WAN links 147 | - 5. data auto-replicated between zones in different regions 148 | - 6. Direct Connect supports Layer 2 connectivity to region 149 | 150 |
Answer 151 |

152 | 153 | #### Answer (B,C) 154 | 155 | Knowledge Area: Fault Tolerant Systems 156 | 157 |

158 |
159 | 160 | --- 161 | 162 | 163 | ###### 8. What AWS services encrypts data at rest by default? (Select two) 164 | 165 | - 1. S3 166 | - 2. AWS Storage Gateway 167 | - 3. EBS 168 | - 4. Glacier 169 | - 5. RDS 170 | 171 |
Answer 172 |

173 | 174 | #### Answer (B,D) 175 | 176 | Knowledge Area: Storage Services 177 | 178 |

179 |
180 | 181 | --- 182 | 183 | 184 | ###### 9. What two attributes are only associated with CloudFront private content? 185 | 186 | - 1. Amazon S3 URL 187 | - 2. signed cookies 188 | - 3. web distribution 189 | - 4. signed URL 190 | - 5. object 191 | 192 |
Answer 193 |

194 | 195 | #### Answer (B,D) 196 | 197 | Knowledge Area: Deployment 198 | 199 |

200 |
201 | 202 | --- 203 | 204 | 205 | ###### 10. What two statements correctly describe how to add or modify IAM roles to a running EC2 instance? 206 | 207 | - 1. attach an IAM role to an existing EC2 instance from the EC2 console 208 | - 2. replace an IAM role attached to an existing EC2 instance from the EC2 console 209 | - 3. attach an IAM role to the user account and relaunch the EC2 instance 210 | - 4. add the EC2 instance to a group where the role is a member 211 | 212 |
Answer 213 |

214 | 215 | #### Answer (A,B) 216 | 217 | Knowledge Area: EC2 Compute 218 | 219 |

220 |
221 | 222 | --- 223 | 224 | 225 | ###### 11. What are the minimum components required to enable a web-based application with public web servers and a private database tier? (select three) 226 | 227 | - 1. Internet gateway 228 | - 2. Assign EIP addressing to database instances on private subnet 229 | - 3. Virtual private gateway 230 | - 4. Assign database instances to private subnet and private IP addressing 231 | - 5. Assign EIP and private IP addressing to web servers on public subnet 232 | 233 |
Answer 234 |

235 | 236 | #### Answer (A,D,E) 237 | 238 | Knowledge Area: Virtual Private Cloud (VPC) 239 | 240 |

241 |
242 | 243 | --- 244 | 245 | 246 | ###### 12. What two statements accurately describe Amazon VPC architecture? 247 | 248 | - 1. Elastic Load Balancer (ELB) cannot span multiple availability zones 249 | - 2. VPC does not support DMVPN connection 250 | - 3. VPC subnet cannot span multiple availability zones 251 | - 4. VPC cannot span multiple regions 252 | - 5. Flow logs are not supported within a VPC 253 | 254 |
Answer 255 |

256 | 257 | #### Answer (C,D) 258 | 259 | Knowledge Area: Virtual Private Cloud (VPC) 260 | 261 |

262 |
263 | 264 | --- 265 | 266 | 267 | ###### 13. What feature enables CloudWatch to manage capacity dynamically for EC2 instances? 268 | 269 | - 1. replication lag 270 | - 2. Auto-Scaling 271 | - 3. Elastic Load Balancer 272 | - 4. vertical scaling 273 | 274 |
Answer 275 |

276 | 277 | #### Answer (B) 278 | 279 | Knowledge Area: Monitoring Services 280 | 281 |

282 |
283 | 284 | --- 285 | 286 | 287 | ###### 14. What authentication method provides Federated Single Sign-On (SSO) for cloud applications? 288 | 289 | - 1. ADS 290 | - 2. ISE 291 | - 3. RADIUS 292 | - 4. TACACS 293 | - 5. SAML 294 | 295 |
Answer 296 |

297 | 298 | #### Answer (E) 299 | 300 | Knowledge Area: Security Architecture 301 | 302 |

303 |
304 | 305 | --- 306 | 307 | 308 | ###### 15. What method detects when to replace an EC2 instance that is assigned to an Auto-Scaling group? 309 | 310 | - 1. health check 311 | - 2. load balancing algorithm 312 | - 3. EC2 health check 313 | - 4. not currently supported 314 | - 5. dynamic path detection 315 | - 6. Auto-Scaling 316 | 317 |
Answer 318 |

319 | 320 | #### Answer (A) 321 | 322 | Knowledge Area: EC2 Compute 323 | 324 |

325 |
326 | 327 | --- 328 | 329 | 330 | ###### 16. What two resource tags are supported for an EC2 instance? 331 | 332 | - 1. VPC endpoint 333 | - 2. EIP 334 | - 3. network interface 335 | - 4. security group 336 | - 5. Flow Log 337 | 338 |
Answer 339 |

340 | 341 | #### Answer (A,E) 342 | 343 | Knowledge Area: EC2 Compute 344 | 345 |

346 |
347 | 348 | --- 349 | 350 | 351 | ###### 17. How is a volume selected (identified) when making an EBS Snapshot? 352 | 353 | - 1. account id 354 | - 2. volume id 355 | - 3. tag 356 | - 4. ARN 357 | 358 |
Answer 359 |

360 | 361 | #### Answer (D) 362 | 363 | Knowledge Area: Deployment 364 | 365 |

366 |
367 | 368 | --- 369 | 370 | 371 | ###### 18. What two features provide an encrypted (VPN) connection from VPC to an enterprise data center? 372 | 373 | - 1. Internet gateway 374 | - 2. Amazon RDS 375 | - 3. Virtual private gateway 376 | - 4. CSR 1000V router 377 | - 5. NAT gateway 378 | 379 |
Answer 380 |

381 | 382 | #### Answer (C,D) 383 | 384 | Knowledge Area: Virtual Private Cloud (VPC) 385 | 386 |

387 |
388 | 389 | --- 390 | 391 | 392 | ###### 19. What are two advantages of cross-region replication of an S3 bucket? 393 | 394 | - 1. cost 395 | - 2. security compliance 396 | - 3. scalability 397 | - 4. Beanstalk support 398 | - 5. minimize latency 399 | 400 |
Answer 401 |

402 | 403 | #### Answer (B,E) 404 | 405 | Knowledge Area: Storage Services 406 | 407 |

408 |
409 | 410 | --- 411 | 412 | 413 | ###### 20. What consistency model is the default used by DynamoDB? 414 | 415 | - 1. strongly consistent 416 | - 2. eventually consistent 417 | - 3. no default model 418 | - 4. casual consistency 419 | - 5. sequential consistency 420 | 421 |
Answer 422 |

423 | 424 | #### Answer (B) 425 | 426 | Knowledge Area: Database Services 427 | 428 |

429 |
430 | 431 | --- 432 | 433 | 434 | ###### 21. What features are required to prevent users from bypassing AWS CloudFront security? (Select three) 435 | 436 | - 1. Bastion host 437 | - 2. signed URL 438 | - 3. IP whitelist 439 | - 4. signed cookies 440 | - 5. origin access identity (OAI) 441 | 442 |
Answer 443 |

444 | 445 | #### Answer (B,D,E) 446 | 447 | Knowledge Area: Security Architecture 448 | 449 |

450 |
451 | 452 | --- 453 | 454 | 455 | ###### 22. What are the advantages of NAT gateway over NAT instance? (Select two) 456 | 457 | - 1. NAT gateway requires a single EC2 instance 458 | - 2. NAT gateway is scalable 459 | - 3. NAT gateway translates faster 460 | - 4. NAT gateways is a managed service 461 | - 5. NAT gateway is Linux-based 462 | 463 |
Answer 464 |

465 | 466 | #### Answer (B,D) 467 | 468 | Knowledge Area: Virtual Private Cloud (VPC) 469 | 470 |

471 |
472 | 473 | --- 474 | 475 | 476 | ###### 23. What two fault tolerant features does Amazon RDS support? 477 | 478 | - 1. copy snapshot to a different region 479 | - 2. create read replica to a different region 480 | - 3. copy unencrypted read-replica only 481 | - 4. copy read/write replica and snapshot 482 | 483 |
Answer 484 |

485 | 486 | #### Answer (A,B) 487 | 488 | Knowledge Area: Database Services 489 | 490 |

491 |
492 | 493 | --- 494 | 495 | 496 | ###### 24. What two features describe an Application Load Balancer (ALB)? 497 | 498 | - 1. dynamic port mapping 499 | - 2. SSL listener 500 | - 3. layer 7 load balancer 501 | - 4. backend server authentication 502 | - 5. multi-region forwarding 503 | 504 |
Answer 505 |

506 | 507 | #### Answer (A,C) 508 | 509 | Knowledge Area: Fault Tolerant Systems 510 | 511 |

512 |
513 | 514 | --- 515 | 516 | 517 | ###### 25. You have configured a security group to allow ICMP, SSH and RDP inbound and assigned the security group to all instances in a subnet. There is no access to any Linux-based or Windows-based instances and you cannot Ping any instances. The network ACL for the subnet is configured to allow all inbound traffic to the subnet. What is the most probable cause? 518 | 519 | - 1. on-premises firewall rules 520 | - 2. security group and network ACL outbound rules 521 | - 3. network ACL outbound rules 522 | - 4. security group outbound rules 523 | - 5. Bastion host required 524 | 525 |
Answer 526 |

527 | 528 | #### Answer (C) 529 | 530 | Knowledge Area: Security Architecture 531 | 532 |

533 |
534 | 535 | --- 536 | 537 | 538 | ###### 26. You have been asked to setup a VPC endpoint connection between VPC and S3 buckets for storing backups and snapshots. What AWS components are currently required when configuring a VPC endpoint? 539 | 540 | - 1. Internet gateway 541 | - 2. NAT instance 542 | - 3. Elastic IP 543 | - 4. private IP address 544 | 545 |
Answer 546 |

547 | 548 | #### Answer (D) 549 | 550 | Knowledge Area: Virtual Private Cloud (VPC) 551 | 552 |

553 |
554 | 555 | --- 556 | 557 | 558 | ###### 27. What three attributes are used to define a launch configuration template for an Auto-Scaling group? 559 | 560 | - 1. instance type 561 | - 2. private IP address 562 | - 3. Elastic IP 563 | - 4. security group 564 | - 5. AMI 565 | 566 |
Answer 567 |

568 | 569 | #### Answer (A,D,E) 570 | 571 | Knowledge Area: EC2 Compute 572 | 573 |

574 |
575 | 576 | --- 577 | 578 | 579 | ###### 28. You have enabled Amazon RDS database services in VPC1 for an application that has public web servers in VPC2. How do you connect the web servers to the RDS database instance so they can communicate considering the VPC's are in the same region? 580 | 581 | - 1. VPC endpoints 582 | - 2. VPN gateway 583 | - 3. path-based routing 584 | - 4. VPC peering 585 | - 5. AWS Network Load Balancer 586 | 587 |
Answer 588 |

589 | 590 | #### Answer (D) 591 | 592 | Knowledge Area: Virtual Private Cloud (VPC) 593 | 594 |

595 |
596 | 597 | --- 598 | 599 | 600 | ###### 29. What two methods are recommended by AWS for protecting EBS data at rest? 601 | 602 | - 1. replication 603 | - 2. snapshots 604 | - 3. encryption 605 | - 4. VPN 606 | 607 |
Answer 608 |

609 | 610 | #### Answer (B,C) 611 | 612 | Knowledge Area: Fault Tolerant Systems 613 | 614 |

615 |
616 | 617 | --- 618 | 619 | 620 | ###### 30. What security problem is solved by using Cross-Origin Resource Sharing (CORS)? 621 | 622 | - 1. enable HTTP requests from within scripts to a different domain 623 | - 2. enable sharing of web-based files between different buckets 624 | - 3. provide security for third party objects within AWS 625 | - 4. permits sharing objects between AWS services 626 | 627 |
Answer 628 |

629 | 630 | #### Answer (A) 631 | 632 | Knowledge Area: Storage Services 633 | 634 |

635 |
636 | 637 | --- 638 | 639 | 640 | ###### 31. What two features are enabled with S3 services? 641 | 642 | - 1. store objects of any size 643 | - 2. dynamic web content 644 | - 3. supports Provisioned IOPS 645 | - 4. store virtually unlimited amounts of data 646 | - 5. bucket names are globally unique 647 | 648 |
Answer 649 |

650 | 651 | #### Answer (D,E) 652 | 653 | Knowledge Area: Storage Services 654 | 655 |

656 |
657 | 658 | --- 659 | 660 | 661 | ###### 32. What is the purpose of a local route within a VPC route table? 662 | 663 | - 1. local route is derived from the default VPC CIDR block 10.0.0.0/16 664 | - 2. communicate between instances within the same subnet or different subnets 665 | - 3. used to communicate between instances within the same subnet 666 | - 4. default route for communicating between private and public subnets 667 | - 5. only installed in the main route table 668 | 669 |
Answer 670 |

671 | 672 | #### Answer (C) 673 | 674 | Knowledge Area: Virtual Private Cloud (VPC) 675 | 676 |

677 |
678 | 679 | --- 680 | 681 | 682 | ###### 33. What feature is supported when attaching or detaching an EBS volume from an EC2 instance? 683 | 684 | - 1. EBS volume can be attached and detached to an EC2 instance in the same region 685 | - 2. EBS volume can be attached and detached to an EC2 instance that is cross-region 686 | - 3. EBS volume can only be copied and attached to an EC2 instance that is cross-region 687 | - 4. EBS volume can only be attached and detached to an EC2 instance in the same Availability Zone 688 | 689 |
Answer 690 |

691 | 692 | #### Answer (D) 693 | 694 | Knowledge Area: EC2 Compute 695 | 696 |

697 |
698 | 699 | --- 700 | 701 | 702 | ###### 34. What Amazon AWS service supports real-time processing of data stream from multiple consumers and replay of records? 703 | 704 | - 1. DynamoDB 705 | - 2. EMR 706 | - 3. Kinesis data streams 707 | - 4. SQS 708 | - 5. RedShift 709 | 710 |
Answer 711 |

712 | 713 | #### Answer (C) 714 | 715 | Knowledge Area: Deployment 716 | 717 |

718 |
719 | 720 | --- 721 | 722 | 723 | ###### 35. What is the fastest and easiest method for migrating an on-premises VMware virtual machine to the AWS cloud? 724 | 725 | - 1. Amazon Marketplace 726 | - 2. AWS Server Migration Service 727 | - 3. AWS Storage Gateway 728 | - 4. EC2 Import/Export 729 | 730 |
Answer 731 |

732 | 733 | #### Answer (B) 734 | 735 | Knowledge Area: Deployment 736 | 737 |

738 |
739 | 740 | --- 741 | 742 | 743 | ###### 36. What class of EC2 instance type is recommended for database servers? 744 | 745 | - 1. memory optimized 746 | - 2. compute optimized 747 | - 3. storage optimized 748 | - 4. general purpose optimized 749 | 750 |
Answer 751 |

752 | 753 | #### Answer (A) 754 | 755 | Knowledge Area: EC2 Compute 756 | 757 |

758 |
759 | 760 | --- 761 | 762 | 763 | ###### 37. What encryption support is available for tenants that are deploying AWS DynamoDB? 764 | 765 | - 1. server-side encryption 766 | - 2. client-side encryption 767 | - 3. client-side and server-side encryption 768 | - 4. encryption not supported 769 | - 5. block level encryption 770 | 771 |
Answer 772 |

773 | 774 | #### Answer (B) 775 | 776 | Knowledge Area: Database Services 777 | 778 |

779 |
780 | 781 | --- 782 | 783 | 784 | ###### 38. What are two characteristics of an Amazon security group? 785 | 786 | - 1. instance level packet filtering 787 | - 2. deny rules only 788 | - 3. permit rules only 789 | - 4. subnet level packet filtering 790 | - 5. inbound only 791 | 792 |
Answer 793 |

794 | 795 | #### Answer (A,C) 796 | 797 | Knowledge Area: Virtual Private Cloud (VPC) 798 | 799 |

800 |
801 | 802 | --- 803 | 804 | 805 | ###### 39. How is Route 53 configured for Warm Standby fault tolerance? (Select two) 806 | 807 | - 1. automated health checks 808 | - 2. path-based routing 809 | - 3. failover records 810 | - 4. Alias records 811 | 812 |
Answer 813 |

814 | 815 | #### Answer (A,C) 816 | 817 | Knowledge Area: Fault Tolerant Systems 818 | 819 |

820 |
821 | 822 | --- 823 | 824 | 825 | ###### 40. What is the difference between Stream-based and AWS Services when enabling Lambda? 826 | 827 | - 1. streams maintains event source mapping in Lambda 828 | - 2. streams maintains event source mapping in event source 829 | - 3. streams maintains event source mapping in EC2 instance 830 | - 4. streams maintains event source mapping in notification 831 | - 5. streams maintains event source mapping in API 832 | 833 |
Answer 834 |

835 | 836 | #### Answer (A) 837 | 838 | Knowledge Area: Deployment 839 | 840 |

841 |
842 | 843 | --- 844 | --------------------------------------------------------------------------------