AWS Certified Solutions Architect Associate (SAA02) - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

/25

10 votes, 4.5 avg

333

1 / 25

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below is incorrect in relation to ACLs?

Operates at the subnet level (second layer of defense).

Supports allow rules and deny rules.

Is stateful: Return traffic is automatically allowed, regardless of any rules.

Processes rules in number order when deciding whether to allow traffic.

Explanation

Amazon VPC provides two features that you can use to increase security for your VPC: Security groups–Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network access control lists (ACLs)–Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed by rules)

Explanation

2 / 25

You are designing a cloud implementation for a client. They have requested a database that will serve data to a website as well as perform some complex reporting in a Data Warehouse. They are also looking for a durable location to store session state. Which design choices would meet the client’s requirements? (Choose 3 answers)

Amazon Glacier for Data Warehousing/Reporting

MySQL database to serve data to the website

Amazon Redshift for Data Warehousing/Reporting

DynamoDB for session state

Explanation

An RDS database such as MySQL is a good choice as the back end for a web server. Amazon Redshift is often paired with RDS to offload Data Warehousing/Reporting traffic. DynamoDB is a good choice for managing session state, shopping cart data, or time-series data.

Explanation

3 / 25

You have been charged with investigating cloud security options for your company in light of recent suspected threats. You are aware that certain AWS services can help mitigate DDoS attacks, and you are specifically looking for a service that provides protection from counterfeit requests (Layer 7) or SYN floods (Layer 4). Which services provide this protection? (Choose 2 answers)

Amazon API Gateway

Route 53

CloudFront with AWS Shield

VPC Security Groups

Explanation

Amazon API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3). Additional reading is available here (https://aws.amazon.com/api-gateway/faqs/).

AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for the network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

NACLs do not provide DDoS mitigation. They are used to control ingress and egress into a subnet based on port and source IP range. Route 53 can protect against DNS based DDoS attacks but does not protect entire layers. Elastic Load Balancing can protect EC2 instances specifically, but not other AWS resources.

Explanation

4 / 25

You are an AWS Solutions Architect helping a client plan a migration to the AWS cloud. The client is very cost-conscious and needs to understand the budget implications of any design decisions prior to signing off. Now that you’ve identified the resources that must be created in the AWS environment to support the migration, what tool could you use to help project future costs given this information?

TCO Calculator

Cost Explorer

Detailed Billing Reports

Simple Monthly Calculator

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

5 / 25

You are migrating on-premise legal files to the AWS Cloud in Amazon S3 buckets. The corporate audit team will review all legal files within the next year, but until that review is completed, you need to ensure that the legal files are neither updated or deleted in the next 18 months. What steps will ensure the files can be uploaded efficiently but have the required protection for the specific time period of 18 months? (Choose 2 answers)

Enable object locks on all relevant S3 buckets with a retention mode of compliance mode.

Set a default retention period of 18 months on all related S3 buckets.

Set a retention period of 18 months on all relevant object versions via a batch operation

Set a default legal hold on all related S3 buckets

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

6 / 25

Which of the following strategies can be used to control access to your Amazon EC2 instances?

EC2 security groups

IAM Policies

DB security groups

None of the above

Explanation

IAM policies allow you to specify what actions your IAM users are allowed to perform against your EC2 Instances. However, when it comes to access control, security groups are what you need in order to define and control the way you want your instances to be accessed, and whether or not certain kind of communications are allowed or not.

Explanation

7 / 25

You are placed in charge of a client’s existing AWS cloud environment. They have several web servers in a public subnet and three database servers in a private subnet. The database is an RDS solution using SQL Server. AWS limits the types of changes the customer can make to the underlying infrastructure. What change will you be responsible for when administering this RDS database?

Performing daily database backups

Setting up database accounts and privileges for non-admin

Patching the database instance operating system

Deploying virtual infrastructure

Explanation

Amazon RDS manages the work involved in setting up a relational database: from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover.

Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you’re still responsible for managing the database settings that are specific to your application. You’ll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application’s workflow.

Explanation

8 / 25

What does Amazon DynamoDB provide?

A fast, highly scalable managed NoSQL database service

A standalone Cassandra database, managed by Amazon Web Services

A fast and reliable PL/SQL database cluster

A predictable and scalable MySQL database

Explanation

Amazon DynamoDB is a managed NoSQL database service offered by Amazon. It automatically manages tasks like scalability for you while it provides high availability and durability for your data, allowing you to concentrate in other aspects of your application

Explanation

9 / 25

When launching an instance using the Launch Wizard, what happens when a user does not provide the security group?

The launch wizard gives an error and a security group is not created.

The launch wizard creates one security group for that instance

The launch wizard is created and the instance with the default security group of EC2 is launched

There is no security group attached to the instance.

Explanation

If a user does not select the security group while creating the instance launch configuration, the Launch wizard automatically defines the “launch-wizard-x” security group to allow the user to connect to the instance, which enables all IP addresses (0.0.0.0/0) to access the instance over the specified ports.

Explanation

10 / 25

You are running an Amazon EC2 EBS-backed instance with a Windows operating system. The hourly instance charge for your instance is $14. You’ve asked your team to stop the instance when they aren’t using it in an effort to save money. However, when the bill comes, you’re surprised to realize that there was an hour where you were charged $42 for the instance. How could this be?

No one ever stopped the instance like they were supposed to when they weren’t using it.

That instance was stopped and never started again, resulting in a premature termination fee.

Too many people attempted to access that instance in that particular hour, resulting in a higher bill.

That instance was stopped and restarted twice within that hour.

Explanation

When an Amazon EBS-backed instance is stopped, you’re not charged for instance usage; however, you’re still charged for volume storage. Amazon charges a full instance hour for every transition from a stopped state to a running state, even if you transition the instance multiple times within a single hour. In this scenario, the charge was $42, which is three times more than $14. This suggests that you stopped and restarted that instance twice during that hour (the initial $14, plus 2 x $14 for each restart).

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

Explanation

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

11 / 25

You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses?

VPC security groups, and EC2 security groups.

EC2 security groups only

DB Security groups only

DB security groups, VPC security groups, and EC2 security groups.

Explanation

A security group controls the access to a DB instance. It does so by allowing access to IP address ranges or Amazon EC2 instances that you specify. Amazon RDS uses DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance inside a VPC, and an Amazon EC2 security group controls access to an EC2 instance and can be used with a DB instance.

Explanation

12 / 25

You are leading a design meeting in your company to create an autoscaling group of EC2 instances behind an Application Load Balancer in your VPC. There are very specific requirements coming about based on traffic and cost. Your management wants to scale out when necessary and scale in when instances are no longer needed to save on cost and maintain optimum system performance based on CPU utilization.

What step can most effectively meet these requirements?

Create a simple scaling policy with Amazon Application Auto Scaling that scales at different rates based on CPU utilization.

Create a scheduled scaling policy with Amazon EC2 Auto Scaling that scales out and in predefined patterns during normal business hours.

Create a target tracking scaling policy with Amazon EC2 Auto Scaling based on CPU utilization

Create a scaling policy based on the Elastic Load Balancer latency metric

Explanation

You can associate more than one scaling policy with an autoscaling group. Having one policy to scale out and one policy to scale in is a viable option. Scaling out during business hours and scaling in during off hours could be fairly effective for performance and cost. But scaling out and in using CloudWatch metrics for CPU utilization would be much more precise for both performance and cost considerations.

Explanation

13 / 25

You are designing a VPC for a small legal firm. The firm only has 6 users who will need instances, and the firm does not expect any growth. When creating the VPC, you will need to specify an IPv4 address range by choosing a CIDR block. What is the smallest size CIDR block that could be used for this network?

/16

/24

/28

Explanation

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. AWS reserves the first four addresses and the last address in a CIDR block, so be sure to subtract five to give the number of addresses in a CIDR block available for use

Explanation

14 / 25

A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

AWS Glacier

AWS Elastic Transcoder

AWS Simple Queue Service

AWS Simple Notification Service

Explanation

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.

Explanation

15 / 25

A user manages a running MySQL RDS instance that will not be used for the next three months. What is the most effective way to avoid costs for the database, and allow it to be used in three months time? (Choose 2 answers)

Delete the DB instance

Save the most recent snapshot from RDS automated backup

Stop the RDS instance

Create a manual snapshot of the DB instance

Explanation

Because the user needs to stop the instance for 3 months, the most cost-effective option is to create a manual snapshot of the RDS instance to launch later, and terminate the current RDS instance. Stopping the instance is not ideal in this case because the instance will be restarted automatically by Amazon after seven days. Amazon will also charge for provisioned and backup storage.

The best option is to create a manual snapshot of the instance, which can be stored for any length of time, and will not be deleted if the original instance is deleted. Note an automatic snapshot has a limited retention period, and will be deleted if the original instance is deleted. The user will only be charged for storage in this case if the user exceeds his/her default storage space

Explanation

16 / 25

You’ve taken over management of your company’s AWS cloud environment. You know very little about the environment and have been provided very little documentation. You have been given access to the environment and begin a discovery and documentation process. You begin by looking at the route table. Without seeing the specific route table, what information do you know it contains about the subnets in the VPC? (Choose 2 answers)

Subnets that do not direct traffic to an Internet Gateway are private

Subnets that direct traffic to an Internet Gateway are public

The default mask of the subnet can be identified.

The subnets region is indicated

Explanation

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. When you add an Internet gateway, an egress-only Internet gateway, a virtual private gateway, a NAT device, a peering connection, or a VPC endpoint in your VPC, you must update the route table for any subnet that uses these gateways or connections.

Explanation

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

17 / 25

Select the correct statement: Within Amazon EC2, when using Linux instances, the device name /dev/sda1 is .

reserved for the root device

recommended for EBS volumes

reserved for EBS volumes

recommended for instance store volumes

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

18 / 25

You are an AWS Solutions Architect helping a client plan a migration to the AWS Cloud. The client has provided you with a detailed inventory of their current on-premises compute infrastructure, including metrics related to storage and bandwidth. What tool would you use to estimate the amount of money they will save by migrating to the AWS Cloud?

TCO Calculator

Detailed Billing Reports

Trusted Advisor

Cost Explorer

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

19 / 25

A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1-week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?

The user can zoom a particular period by specifying the period in the Time Range

The user can zoom a particular period by specifying the aggregation data for that period

The user can zoom a particular period by double clicking on that period with the mouse

The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse

Explanation

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The AWS CloudWatch console provides the option to change the granularity of a graph and zoom in to see data over a shorter time period. To zoom, the user has to click in the graph details pane, drag on the graph area for selection, and then release the mouse button.

Explanation

20 / 25

You have been put in charge of your company’s AWS RDS environment. You have begun designing a highly available RDS database using MySQL. You’ve designed the failover solution using multi-AZ. Additionally, you would like to design a proactive environment that self corrects before a failover occurs. You are reviewing ways to increase the I/O capacity of a DB instance. Which method is not an appropriate way to increase I/O for a database?

If you are already using Provisioned IOPS storage, provision additional throughput capacity.

Convert the database from MySQL to MariaDB

Migrate to a DB instance class with High I/O capacity.

Convert from standard storage to either General Purpose or Provisioned IOPS storage

Explanation

If your database workload requires more I/O than you have provisioned, recovery after a failover or database failure will be slow. To increase the I/O capacity of a DB instance, do any or all of the following:

Migrate to a DB instance class with High I/O capacity.
Convert from standard storage to either General Purpose or Provisioned IOPS storage, depending on how much of an increase you need.
If you convert to Provisioned IOPS storage, make sure you also use a DB instance class that is optimized for Provisioned IOPS.
If you are already using Provisioned IOPS storage, provision additional throughput capacity.

Explanation

Migrate to a DB instance class with High I/O capacity.
Convert from standard storage to either General Purpose or Provisioned IOPS storage, depending on how much of an increase you need.
If you convert to Provisioned IOPS storage, make sure you also use a DB instance class that is optimized for Provisioned IOPS.
If you are already using Provisioned IOPS storage, provision additional throughput capacity.

21 / 25

What is one security benefit of utilizing the Elastic Load Balancer?

Performing network address translation

Blocking network traffic based on heuristic analysis

Providing encrypted data storage for use in application development

Providing TLS/SSL termination as well as centralized certificate management

Explanation

The Elastic Load Balancer can integrate with the AWS Certificate Manager to provide a central method of managing your TLS/SSL certificates. It allows you to renew, deploy and configure your TLS/SSL certificates for your application or website from a single location.

Explanation

22 / 25

Which statement regarding Elastic Load Balancing is incorrect?

ELB can associate the load balancer with your domain name

ELB supports the use of both the Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).

ELB can distribute the requests to Amazon EC2 instances (servers) in multiple Availability Zones.

ELB is free as you only pay for EC2 instances.

Explanation

As with all Amazon Web Services, you pay only for what you use. For Elastic Load Balancing, you pay for each hour or portion of an hour that the service is running, and you pay for each gigabyte of data that is transferred through your load balancer.

Explanation

23 / 25

A customer has a website which shows all the sales available in leading online and brick-and-mortar stores.

Currently, the website’s web, application, and database tiers are hosted on five large, on-demand EC2 instances to manage day-to-day traffic. However, from late November through the end of December, the website traffic quadruples the normal rate for various periods, sometimes a few minutes, and sometimes a few hours. During the peaks in activity, the website requires up to 20 large instances.

The level of activity is not predictable. It is also prone to large, sudden spikes at random times based on when various temporary sales are available. The site’s traffic can quadruple in a matter of minutes.

Which option is the most cost-effective and achieves better performance to handle these peaks in traffic reliably?

Launch ten on-demand instances running continuously, and manually launch ten instances every day during office hours based on workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add ten on-demand instances to run continuously from late November through the end of December. Create an auto scaling group to scale out an additional five instances based on the workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add five on-demand instances during the from late November through the end of December, and create an auto scaling group to scale out an additional ten instances based on the workload metrics as needed.

Purchase 5 Scheduled reserved instances immediately. Add 15 on-demand instances to run continuously from late November through the end of December.

Explanation

AWS provides an on-demand, scalable infrastructure. Amazon EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.

If the organization keeps all ten additional instances as a part of the AutoScaling policy sometimes during a sudden higher load, it may take time to launch instances and may not give optimal performance. This is the reason it is recommended that the organization keeps an additional five instances running and the next five instances scheduled as per the AutoScaling policy for cost-effectiveness.

Additionally, the website has established a baseline of normal workload outside of the peak season, so they can invest in Standard reserved instances to manage this workload and save dramatically on compute resource costs.

Explanation

24 / 25

You are performing some testing of an application in development and wish to delete the parts of a multipart upload after a mistake is made with part numbering. Which command would you run to stop the upload and delete all the parts?

Abort multipart upload

Remove multipart upload

Cancel multipart upload

Delete multipart upload

Explanation

To delete the parts of a failed multipart upload so that you do not get charged for storage of those parts, you must use the command “Abort Multipart Upload” and provide the upload ID of upload you wish to abort. After aborting a multipart upload, you cannot upload any part using that upload ID again. All storage that any parts from the aborted multipart upload consumed is then freed.

Explanation

25 / 25

You have set up an Elastic Load Balancer (ELB) with the usual default settings, which route each request independently to the application instance with the smallest load. However, someone has asked you to bind a user’s session to a specific application instance so as to ensure that all requests coming from the user during the session will be sent to the same application instance. AWS has a feature to do this. What is it called?

Connection draining

Proxy protocol

Tagging

Sticky session

Explanation

An Elastic Load Balancer(ELB) by default, routes each request independently to the application instance with the smallest load. However, you can use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user’s session to a specific application instance. This ensures that all requests coming from the user during the session will be sent to the same application instance. The key to managing the sticky session is determining how long your load balancer should consistently route the user’s request to the same application instance. If your application has its own session cookie, then you can set Elastic Load Balancing to create the session cookie to follow the duration specified by the application’s session cookie. If your application does not have its own session cookie, then you can set Elastic Load Balancing to create a session cookie by specifying your own stickiness duration. You can associate stickiness duration for only HTTP/HTTPS load balancer listeners. An application instance must always receive and send two cookies: A cookie that defines the stickiness duration and a special Elastic Load Balancing cookie named AWSELB, that has the mapping to the application instance.

Explanation

Your score is

The average score is 54%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Ready to take AWS Certified Solutions Architect Associate (SAA) – Exam mode ?

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

/65

5 votes, 4.8 avg

149

Click Start button to start exam !

Time Out !

1 / 65

AWS can be used as a disaster recovery solution for on-premises infrastructure, and AWS offerings can be deployed to meet a variety of disaster recovery requirements. When deploying disaster recovery in AWS, which strategy incorporates traditional off-site backups to AWS, but has the longest recovery time?

Active/active

Multi-region

Pilot light

Backup and restore

Explanation

Backup and restore, as defined in the “Using Amazon Web Services for Disaster Recovery” white paper, is most like traditional off-site backup replication. You can leverage services such as Amazon S3 or Amazon Storage Gateway to provide a backup replication target and Amazon EC2 can be used to restore access to your applications. This strategy for disaster recovery is the slowest of all AWS DR strategies.

Explanation

2 / 65

You are building a system to distribute confidential documents to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.

Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

Explanation

You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users’ behalf. If your users try to access objects using Amazon S3 URLs, they’re denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don’t.

Explanation

3 / 65

Detailed Billing Reports

Cost Explorer

TCO Calculator

Trusted Advisor

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

4 / 65

You are leading the design of an AWS RDS database for a client’s cloud environment. You have detailed the benefits of a multi-AZ configuration for high availability. You begin discussing scalability options. You again stress the importance of multi-AZ for a highly available, scalable environment. How does a multi-AZ configuration indirectly benefit scaling operations?

Total IOPS is the sum of IOPS for the primary and standby servers

Read traffic can be offloaded to the multi-AZ standby instance.

The standby instance can quickly be converted to a read replica.

There is minimal downtime when scaling up multi-AZ databases.

Explanation

To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance. For Amazon Aurora, you have 5 memory-optimized instance sizes to choose from. There is minimal downtime when you are scaling up on a Multi-AZ environment because the standby database gets upgraded first, then failover will occur to the newly sized database. A Single-AZ instance will be unavailable during the scale operation

Explanation

5 / 65

What step can most effectively meet these requirements?

Create a target tracking scaling policy with Amazon EC2 Auto Scaling based on CPU utilization

Create a scaling policy based on the Elastic Load Balancer latency metric

Create a scheduled scaling policy with Amazon EC2 Auto Scaling that scales out and in predefined patterns during normal business hours.

Create a simple scaling policy with Amazon Application Auto Scaling that scales at different rates based on CPU utilization.

Explanation

6 / 65

You are designing a cloud solution for a new client. They have a multi-tier application and would like high availability at both the Web and Database tiers. The database will be MySQL and will be a highly available, multi-AZ configuration. You describe the failover process to the client including how the failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance. What additional step must you discuss with the clients technical team?

asynchronously replicating the primary database to the standby database

transferring MySQL license to the standby server

re-establishing connections to the DB instance

converting read replicas to multi-AZ standbys

Explanation

In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. Failover times are typically 60-120 seconds. The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance. As a result, you will need to re-establish any existing connections to your DB instance.

Explanation

7 / 65

You are the lead architect for an online educational content streaming service. You currently have hundreds of Apple HLS video files formated and packaged using AWS Elemental MediaConvert, and hosted in Amazon S3 buckets. You are streaming content via HTTPS. After an extended loss of availability due to a regional Amazon S3 outage, you need to optimize your CloudFront distributions using origin groups. Which types of origin servers could you configure as your secondary origins, in case another Amazon S3 outage occurs? (Choose 3 answers)

Amazon EC2 instances

On-premise HTTP servers

RTMP distributions

An Amazon S3 bucket in a different region

Explanation

When you configure an origin group, you can pair two AWS origins or custom origins. This means all three of the choices would be possible, but RTMP distributions are not compatible because they do not transfer over HTTPS. You also want to select an Amazon S3 bucket in a different region from your primary origin, so that failover is possible

Explanation

8 / 65

Which choice correctly describes the differences between security groups and Network Access Control Lists (NACLs)? (Choose 2 answers)

Security Groups operate at the instance level and support allow rules only.

NACLs operate at the subnet level and support deny rules only.

NACLs operate at the subnet level and support allow and deny rules

Security Groups operate at the subnet level, and they support allow rules only

Explanation

You can secure your VPC instances using only security groups; however, you can add NACLs as a second layer of defense. Security groups — Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level . Network access control lists (NACLs) — Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level . Security Groups supports allow rules only while Network Access Control Lists support allow and deny rules.

Explanation

9 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How choices below could assist in accomplishing this? (Choose 3 answers)

Consolidate AWS accounts for billing.

Reduce or eliminate over-provisioned or unused instances.

Look for opportunities to use reserved or spot instances.

Look for opportunities to use dedicated instances.

Explanation

You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account’s use of consolidated billing can benefit from volume pricing discounts gained thru aggregate account usage.

Explanation

10 / 65

You are designing an AWS RDS environment for a new client. You have designed in high availability for this environment and now you are reviewing scalability options and will meet with the client to review. You need to make them aware of vertical scaling options and considerations when choosing larger instance sizes. They are using a commercial database (SQL Server). What commercial consideration is required when vertically scaling the database?

Make sure automatic backups have run before scaling vertically.

Make sure you understand multi-AZ for SQL Server.

Make sure you have the correct database vendor licensing in place before scaling vertically.

Make sure end users are signed out before scaling vertically.

Explanation

To handle a higher load in your database, you can vertically scale up your master database. Before you scale, make sure you have the correct licensing in place for commercial engines (SQL Server, Oracle) especially if you Bring Your Own License (BYOL). One important thing to call out is that for commercial engines, you are restricted by the license, which is usually tied to the CPU sockets or cores.

Explanation

11 / 65

As the Senior Architect assigned to your team, you must decide how to best maintain your application’s availability and ensure optimum service as the level of customer activity changes. As your business has grown an increasing international presence, the previous methods for tracking activity are no longer working. However, reviewing performance logs for the past several days, you’ve noticed that users experience connectivity issues once the CPU utilization rate increases beyond 70 percent. You would like to maintain optimum performance, you need to ensure CPU utilization remains at 50 percent.

What choice below will best address the issue and help maintain optimum performance? (Choose 2 answers)

Enable CloudWatch monitoring for your EC2 auto scaling group with detailed monitoring

Create a CloudWatch Event to trigger a scaling activity once CPU utilization passes 50 percent

Enable CloudWatch monitoring for your EC2 auto scaling group with basic monitoring

Create a Target Tracking policy using AWS EC2 Auto Scaling

Explanation

With target tracking scaling policies, you select a scaling metric and set a target value. Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. In addition to keeping the metric close to the target value, a target tracking scaling policy also adjusts to the changes in the metric due to a changing load pattern.

Explanation

12 / 65

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon EC2 instance in one or more regions, you can useto route traffic to the correct region and then use to route traffic to instances within the region, based on probabilities that you specify

Latency-based routing, weighted resource record sets

latency-based routing, alias resource record sets

weighted-based routing, weighted resource record sets

weighted-based routing, alias resource record sets

Explanation

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify

Explanation

13 / 65

If your AWS data must meet specific regulations such as the EU Data protection laws, what must you do?

Move your data somewhere else so you don’t have to worry about extra security

Architect your environment to meet these security requirements

Be aware that they exist and comply with them when and if you have time to do so

Keep that data on-premise and do not move it to the cloud under any circumstance

Explanation

Some laws require specific security controls, retention requirements, etc, dependent on the data being stored. Other legislations exist where certain data may have to remain within a specific region and can not be transferred out of those boundaries. You need to architect your environment to meet these security requirement and mitigate the risk of data being stored in a geographic location that’s restricted. Breaches to this legislation could have a legal impact and lead to additional risks against your organization, so it’s fundamental that you are aware of your data privacy and storage location laws and regulations.

Explanation

14 / 65

A user has enabled static website hosting on an S3 bucket, and configured and uploaded an index document.

An S3 bucket configured for static website hosting provides what additional capabilities?

None. The website hosting feature only enables the user to point to the specific index file

It reduces costs related to I/O charges.

The user can directly access the website using the region-specific endpoint

None. The user can always access index.html without enabling static website hosting

Explanation

To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The website is then available at the region-specific website endpoint of the bucket.

If the user has an index.html object as part of the bucket, the user can always host it without the website hosting feature. However, it will require an absolute URL of the object. In this case the user can access the whole bucket as a website and need not refer individual objects separately.

Explanation

15 / 65

Your company is migrating their environment to AWS. The legacy environment relied on Chef for automation, and your engineers are comfortable with that solution. In addition, your compliance officer has indicated that the new environment needs centralized, auditable configuration management for regulatory reasons. Which of the following AWS automation tools is most appropriate for this scenario?

OpsWorks for Chef Automate

Elastic Beanstalk

OpsWorks stacks

CloudFormation

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

16 / 65

You are asked to add an application to an EC2 instance within your company’s VPC. Because it is a Windows 2012 instance, you will RDP into it. When you attempt to connect via RDP, you receive the following message: Error connecting to your instance: Connection timed out.

How could you fix this issue? (Choose 3 answers)

Add a route to your Internet gateway for the VPC

Make sure network ACLs allow inbound/outbound traffic from your local IP address on port 3389.

Disable the source/destination check on your Internet gateway.

Add a security group rule to allow inbound traffic from your public IPv4 address on port 3389.

Explanation

Check the network access control list (ACL) for the subnet. The network ACLs must allow inbound and outbound traffic from your local IP address on the proper port. The default network ACL allows all inbound and outbound traffic. To enable Internet access for the EC2 instances in a VPC, you must create an Internet Gateway as well as a route to it in the router table.

Explanation

17 / 65

Your company has recently discovered a massive security leak in which several users’ access credentials were compromised. As a response, the Senior IT Security Manager has requested you to prevent all high-risk data from being modified or deleted by any users, including the root user.

What if the most efficient way to implement this security measure?

Migrate the high-risk data to new S3 buckets and enable object versioning. Enable MFA Delete for all buckets.

Enable object locks for all existing buckets with high-risk data. Configure a retention mode of governance mode.

Migrate the high-risk data to new S3 buckets and enable object locks. Configure a retention mode of compliance mode.

Enable object versioning for all existing buckets with high-risk data. Enable a default legal hold for the bucket

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not – it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes – governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not – it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes – governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

18 / 65

A client has contacted you about designing their AWS cloud environment. They want to fully migrate their compute environment to the cloud. Their biggest requirement is that they need high availability at both the web and database tiers. Their current database is MySQL. How might you best design high availability for their environment with cost being a consideration as well?

Multi-AZ Deployment

Auto scaling

Cross-region replication

Read Replicas

Explanation

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon’s failover technology. SQL Server DB instances use SQL Server Mirroring. Amazon Aurora instances stores copies of the data in a DB cluster across multiple Availability Zones in a single region, regardless of whether the instances in the DB cluster span multiple Availability Zones.

Explanation

19 / 65

You have successfully created your first WordPress blog that is hosted on an Amazon EC2 instance. You’ve noticed that when the public DNS address for your instance changes, it breaks your installation. What could you do to prevent this? (Choose 3 answers)

Allocate an Elastic IP address for your Amazon instance

Allocate an EC2 instance

If you have a domain name, update the DNS record for the domain name to point to your Elastic IP address

If you don’t have a domain name, create one using Amazon Route 53 and associate your instance’s Elastic IP address with the new domain name.

Explanation

To prevent the public DNS address for your instance from changing and breaking your installation, you can associate an Elastic IP address (EIP) to the instance you are using. You need to allocate an Elastic IP address for that instance (the first association is free). If you own a domain name and you want to use it for your blog, you can update the DNS record for the domain name to point to your EIP address. If you don’t already have a domain name for your blog, you can register a domain name with Amazon Route 53 and associate your instance’s EIP address with your domain name.

Explanation

20 / 65

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

Communication between the load balancer and back-end instances is always through IPV4

The client can connect over IPV4 or IPV6 using Dualstack

ELB DNS supports both IPV4 and IPV6

The ELB supports either IPV4 or IPV6 but not both

Explanation

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4). Clients can connect to the user’s load balancer using either IPv4 or IPv6 (in EC2-Classic) DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 supportfor communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

Explanation

21 / 65

You are designing the compute resources for a cloud-native application that you will host on AWS. You want to configure auto scaling groups, to increase the compute layer’s resilience and responsiveness. However, your IT management team has one concern. They want the ability to optimize the Amazon EC2 instances within an auto scaling group as easily and with as little downtime as possible after it has been launched. What is the best way to meet this requirement?

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, delete the existing template and create and attach a new launch template

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, stop the instances, modify them, and restart them

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, create a new version of the launch template and assign it to the autoscaling group

Associate the Auto Scaling Group with a launch configuration. When you need to update the instances within the autoscaling group, create and attach a new launch configuration to the Auto Scaling Group

Explanation

A launch configuration is a template that the Auto Scaling group uses to launch Amazon EC2 instances. You create the launch configuration by including information such as the Amazon Machine Image ID to use for launching the EC2 instance, the instance type, key pairs, security groups, and block device mappings, among other configuration settings. When you create your Auto Scaling group, you must associate it with a launch configuration. You can attach only one launch configuration to an Auto Scaling group at a time.

Launch configurations cannot be modified. They are immutable.

If you want to change the launch configuration of your Auto Scaling group, you have to first create a new launch configuration and then update your Auto Scaling group by attaching the new launch configuration.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

Launch templates work very differently. You can have multiple versions of a launch template saved, and disassociate one version from an auto scaling group and replace it with another without deleting any existing templates or stop and restarting your auto scaling group

Explanation

Launch configurations cannot be modified. They are immutable.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

22 / 65

A user has launched a large EBS-backed instance with AWS. The only other storage associated with it is ephemeral storage on instance store. What will happen if the user stops the instance?

No data will be lost.

All the data on ephemeral storage will be snapshotted.

All the data on ephemeral storage will be lost.

All the data on ephemeral storage will be automatically backed up in S3.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

23 / 65

To optimize the cost associated with your application’s compute layer, your development team decided to integrate spot instances to support spikes in your workload. However, your auto scaling group should always contain eight (8) on-demand or reserved instances to process the normal amount of requests, and deploy a combination of spot and on-demand instances to manage spikes of activity requiring more than eight (8) instances.

How can you ensure there are always eight (8) on-demand instances to support your compute layers’ typical workload?

Within your launch template, set the auto scaling group’s optional on-demand base to eight (8) instances.

Within your launch template, set the auto scaling group’s desired capacity to eight (8) instances.

Within your launch template, set the instance weighting for on-demand instances to eight (8) instances.

Within your launch template, set the auto scaling group’s minimum capacity to eight (8) instances.

Explanation

When you want to include instances with multiple purchase types in the same auto scaling group, you have the ability to maintain a set number of on-demand instances will be deployed at all times, and then split the remaining instances between multiple purchase types as you see fit. To configure this, set a number of instances as your “optional on-demand base” within your launch template. This is not possible using a launch configuration.

Explanation

24 / 65

In which of the following scenarios will data be deleted from an EC2 instance store? (Choose 2 answers)

Disk drive failure

The instance stops

Network failure

The instance reboots

Explanation

An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

Data in the instance store is lost under the following circumstances:

The underlying disk drive fails
The instance stops
The instance terminates

If the instance reboots (either intentionally or unintentionally) the data persists.

Explanation

Data in the instance store is lost under the following circumstances:

The underlying disk drive fails
The instance stops
The instance terminates

If the instance reboots (either intentionally or unintentionally) the data persists.

25 / 65

You have taken over an implementation and deployment project that is in the early requirements phase. You review the requirements and have some concerns, specifically the use of a t2.micro instance to host a MySQL database because you have concerns about performance. What recommendations should you make to change these requirements and ensure optimal performance? (Choose 2 answers)

Offload seldom-used data to Amazon Glacier

Create a RAID 0 configuration

Use a larger instance type to host the database.

Use SQL Server instead of MySQL

Explanation

By upgrading to a larger t2 instance, you not only improve baseline compute power, you also improve the ability to handle bursts. Each T2 instance receives CPU Credits continuously at a set rate depending on the instance size. These credits provide the ability to handle bursts. You can also create a RAID 0 to maximize utilization of instance resources.

Explanation

26 / 65

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Create a new record set and custom domain name for the new instance in Route 53

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet’s route table

Edit security group to allow traffic to and from the internet on required ports

Make sure the instance has a public IP address

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

27 / 65

_____ is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend.

AWS Budgets

AWS Cost Explorer

Cost Allocation Tags

Consolidated Billing

Explanation

Cost Explorer, this is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend. A valuable tool that can help to identify where you should be focusing your cost optimization efforts. It also can forecast your estimated spend up to two months ahead using existing data as a reference. If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

Explanation

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

28 / 65

A user is making a scalable web application with compartmentalization. The user wants the log module to be accessible by all the application functionalities in an asynchronous way. Each module of the application sends data to the log module, and based on the resource availability it will process the logs. Which AWS service helps achieving this functionality?

AWS Simple Queue Service.

AWS Simple Workflow Service.

AWS Simple Email Service.

AWS Simple Notification Service.

Explanation

Amazon Simple Queue Service (SQS) is a highly reliable distributed messaging system for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components. It is used to achieve compartmentalization or loose coupling. In this case all the modules will send a message to the logger queue and the data will be processed by queue as per the resource availability.

Explanation

29 / 65

You are contracted to manage cloud storage for a multi-national media company. During your informational analysis, you note a few crucial requirements: the need to upload very large files (greater than 5 GB), concerns about latency across continents, and a compliance requirement about storing backup data 1000 miles from the source.

Which Amazon S3 features will handle these requirements? (Choose 2 answers)

Multi-part upload

Pre-signed URLs

Cross-region replication

Read replicas

Explanation

Multipart uploads must be used for files greater than 5 GB. Cross-region replication is used to reduce latency by placing objects closer to users. This would address the issue of having users in different continents. Another use case for cross-region replication is to meet compliance requirements of storing backup data a certain distance from their origin.

Explanation

30 / 65

In which circumstance would a bucket owner pay for the data transfers instead of the Requester Pays bucket?

When the request is anonymous

When the request is 202 Accepted

When the request is a known request

When the request is a HTTP request

Explanation

The charge for successful Requester Pays requests is straightforward: the requester pays for the data transfer and the request; the bucket owner pays for the data storage. However, the bucket owner is charged for the anonymous request.

Explanation

31 / 65

General Purpose SSD volumes smaller than 1 TB provide the ability to burst to __________ IOPS per volume, independent of volume size, to meet the performance needs of most applications.

5000

3000

10000

2500

Explanation

Amazon EBS provides three volume types: General Purpose SSD, Provisioned IOPS SSD, and Magnetic.

General Purpose SSD volumes are the default EBS volume type for Amazon EC2 instances.

GP2 volumes smaller than 1 TB can burst up to 3,000 IOPS. I/O is included in the price of gp2, so you pay only for each GB of storage you provision. GP2 is designed to deliver the provisioned performance 99% of the time. If you need a greater number of IOPS than gp2 can provide, or if you have a workload where low latency is critical or you need better performance consistency, we recommend that you use io1.

Explanation

Amazon EBS provides three volume types: General Purpose SSD, Provisioned IOPS SSD, and Magnetic.

General Purpose SSD volumes are the default EBS volume type for Amazon EC2 instances.

32 / 65

You are configuring a new VPC for one of your clients for a cloud migration project, and only a public VPN will be in place. After you created your VPC, you created a new subnet, a new Internet gateway, and attached your internet gateway to your VPC. When you launched your first instance into your VPC, you realized that you aren’t able to connect to the instance, even if it is configured with an elastic IP. What should be done to access the instance?

A NAT instance should be created and all traffic should be forwarded to NAT instance

Attach another ENI to the instance and connect via new ENI.

A NACL should be created that allows all outbound traffic

A route should be created as 0.0.0.0/0 and your internet gateway as target.

Explanation

All traffic should be routed via Internet Gateway. So, a route should be created with 0.0.0.0/0 as a source, and your Internet Gateway as your target.

Explanation

All traffic should be routed via Internet Gateway. So, a route should be created with 0.0.0.0/0 as a source, and your Internet Gateway as your target.

33 / 65

Which statements below correctly describe how a security group functions in the AWS cloud? (Choose 2 answers)

If there are multiple security groups, the most restrictive one is used

Security groups control traffic at the instance level

Security groups are stateless

Every instance must have at least one assigned security group.

Explanation

Security Groups are essentially stateful firewalls at the instance level. Security Groups are associated with instances at launch time, and restrict or allow traffic based on port, protocol, and source/destination.

Explanation

34 / 65

A gaming company comes to you and asks you to build infrastructure for their site. They are not sure how big they will be because, as with all startups, they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability and persistent storage. Which of the following databases do you think would best fit their needs?

Amazon Elasticache

Amazon DynamoDB

Amazon Redshift

Amazon Aurora

Explanation

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS, so they don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.

Today’s web-based applications generate and consume massive amounts of data. For example, an online game might start out with only a few thousand users and a light database workload consisting of 10 writes per second and 50 reads per second. However, if the game becomes successful, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. It may also create terabytes or more of data per day. Developing your applications against Amazon DynamoDB enables you to start small and simply dial-up your request capacity for a table as your requirements scale, without incurring downtime. You pay highly cost-efficient rates for the request capacity you provision, and let Amazon DynamoDB do the work over partitioning your data and traffic over sufficient server capacity to meet your needs. Amazon DynamoDB does the database management and administration, and you simply store and request your data. Automatic replication and failover provides built-in fault tolerance, high availability, and data durability. Amazon DynamoDB gives you the peace of mind that your database is fully managed and can grow with your application requirements.

Explanation

35 / 65

What is the default maximum number of Access Keys per user?

The default maximum number of Access Keys per user is 2

36 / 65

A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?

Instance size.

Provisioned IOPS.

Availability Zone.

Region.

Explanation

In AWS, the instance size decides the I/O characteristics. The provisioned IOPS ensures higher throughput, and lower latency. The region does affect the latency, latency will always be less when the instance is near to the end user. Within a region the user uses any AZ and this does not affect the latency. The AZ is mainly for fault toleration or HA

Explanation

37 / 65

Which of the following strategies can be used to control access to your Amazon EC2 instances?

DB security groups

IAM Policies

EC2 security groups

None of the above

Explanation

38 / 65

You have taken on a client that has been configured for AWS cloud and is fully operational. Your investigation of the environment reveals that your predecessor was a highly skilled AWS Architect. You view one instance that handles Internet traffic but also handles back end database traffic in a private subnet. This one instance is configured as a full management network attached to both a public subnet and a private subnet. What AWS device will enable such a configuration for a single instance?

Elastic ip address

Auto scaling group

Elastic Network Interface

Elastic Load Balancer

Explanation

You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public-facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within the VPC or a virtual private gateway.

Explanation

39 / 65

You are looking for a simple way to configure high availability for your EC2 instances. You need to create a plan for replacing unhealthy or failed instances. It is acceptable to have a short amount of downtime to keep costs down. Which process is appropriate for achieving this?

Create a custom AMI and use it to create an Auto Scaling Launch Configuration; then create a “Steady State” auto scaling policy using a minimum of 2 instances and a maximum of 2 instances.

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Recover this instance.”

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Reboot this instance.”

Create a custom AMI of your EC2 instances. Use the custom AMI to create a new EC2 instance if there are issues with a current EC2 instance, and move the EIP to the new instance.

Explanation

Creating a custom AMI of the instance for which you are trying to provide HA allows you to bring the instance online quickly with no build time. Moving the EIP from the instance, you are replacing to the new instance will send all traffic to the new instance without any change to DNS, which would take time to propagate. Using the AutoRecover option will not replace the unhealthy or failing instance. It will only try to restart it on another host. Creating a “Steady State” Auto Scaling Group would also be a good solution, although using two as a minimum would have a higher cost.

Explanation

40 / 65

What is one security benefit of utilizing the Elastic Load Balancer?

Blocking network traffic based on heuristic analysis

Providing TLS/SSL termination as well as centralized certificate management

Providing encrypted data storage for use in application development

Performing network address translation

Explanation

41 / 65

You have implemented multipart uploading in your company’s AWS cloud storage environment. The overall performance has been good but there is some concern about network utilization. Your CFO has also raised concerns about greater than expected storage costs. What steps can you take to address each of these issues with cost as a primary concern? (Choose 2 answers)

Abort incomplete uploads after a specified time with an object lifecycle policy

Compress data for faster upload times.

Use Direct Connect for greater throughput

Pause uploads during high traffic periods.

Explanation

The ability to pause multipart uploads offers great flexibility in its usage. A pause could be initiated for a number of reasons but pausing to relieve network traffic is a prime use case. If a multipart upload aborts, it is good practice to have a lifecycle policy, which will delete incomplete uploads after a predetermined number of days. This will reduce storage costs.

Explanation

42 / 65

A client has called you about an auto scaling group behind an Application Load Balancer your company had configured for them over a year ago. Their company is being featured on national news and they are expecting a very large spike to their website within several hours. What immediate steps can you take to prepare for this spike? (Choose 2 answers)

Increase the maximum setting of your autoscaling group.

Add read replicas to your RDS.

Create a VPN for higher network throughput.

Enable slow start mode for your ALB.

Explanation

By default, a target starts to receive its full share of requests as soon as it is registered with a target group and passes an initial health check. Using slow start mode gives targets time to warm up before the load balancer sends them a full share of requests.

Increasing the maximum threshold for your auto scaling group will allow you to process more requests.

Explanation

Increasing the maximum threshold for your auto scaling group will allow you to process more requests.

43 / 65

Which one of the below is not an AWS Storage Service?

Amazon Glacier

Amazon CloudFront

Amazon S3

Amazon EBS

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

44 / 65

You wish to perform detailed monitoring on servers that are marked as unhealthy before they are terminated. After researching the issue, you find that lifecycle hooks can be deployed as necessary. Which strategies could you use to perform detailed monitoring? (Choose 2 answers)

Create a longer cooldown period in the launch configuration

Query 160.254.169.254 when instances are first marked as unhealthy

Use a CloudWatch event to invoke a Lambda function

Define a notification target for the lifecycle hook

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

45 / 65

You are leading the design of your company’s AWS cloud environment. The majority of the traffic on the cloud network will be between virtual servers hosted on EC2 instances within each department. The key priorities are low network latency and high network throughput. What choices below are best-suited to the traffic patterns, and address the organizational requirements? (Choose 3 answers)

Using cluster placement groups

Only use instance types offering at least 10 GBPS network connectivity

Use instances with enhanced networking capability

Use spread placement groups

Explanation

A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking

Explanation

46 / 65

A scope has been handed to you to set up a super-fast gaming server and you decide that you will use Amazon DynamoDB as your database. For efficient access to data in a table, Amazon DynamoDB creates and maintains indexes for the primary key attributes. A secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. How many types of secondary indexes does DynamoDB support?

As many as you need

Explanation

DynamoDB supports two types of secondary indexes: Local secondary index –an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key. Global secondary index –an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions

Explanation

47 / 65

In Amazon Route 53, which of the following failover configurations should be used when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable?

Active-passive failover

Active-active-passive failover

Passive-passive failover

Active-active failover

Explanation

In Amazon Route 53, you can use the active-passive failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries.

Explanation

48 / 65

You are asked by your manager to design a VPC and then deploy web servers in the VPC with high availability. The web servers must have Internet accessibility. Due to previous issues with downtime and disaster recovery considerations, it is of utmost importance to have an architecture with high availability. Which options will provide high availability? (Choose 2 answers)

Create an Elastic Load Balancer and place your web servers behind the ELB. Then configure a Route 53 CNAME and point it to the DNS name of the ELB

Create a Bastion host to provide connectivity to your private subnet and to act as a proxy for web requests.

Use DNS failover and health checks, and then assign Elastic IP addresses to the web servers, Configure a Route 53 record set with all EIPs.

Use dual NAT instances for high availability and create a route to a Virtual Private Gateway for Internet access.

Explanation

If you have multiple resources that perform the same function, for example, web servers or email servers, and you want Amazon Route 53 to route traffic only to the resources that are healthy, you can configure DNS failover by associating health checks with your resource record sets. If a health check determines that the underlying resource is unhealthy, Amazon Route 53 routes traffic away from the associated resource record set.

Explanation

49 / 65

You are designing an AWS cloud environment for a new client. You will be responsible for designing and implementing the solution while also training their IT personnel to eventually take over administration of the environment. a major part of your task will be educating them on IAM and how to administer IAM moving forward. Which action can be authorized by IAM and is something for which you will have to prepare training material?

Querying a SQL Server database

Connecting to on-premises Active Directory

Launching an EC2 instance

Querying a DynamoDB database

Explanation

If an IAM user wants to launch an EC2 instance, you need to grant the EC2 RunInstance permission to that user. If the EC2 instance should include an instance profile—that is, if applications in the EC2 instance will be able to get temporary security credentials via an IAM role—the user who launches the EC2 instance must also have the IAM PassRole permission. Not only that, but the user might need PassRole permission to associate a specific role with the EC2 instance.

Explanation

50 / 65

Your engineers are concerned about application availability during in-place updates to a live Elastic Beanstalk stack. You advise them to consider a blue/green deployment and then list the necessary steps to carry out this deployment. Which steps are valid to include? (Choose 3 answers)

Clone your current environment

From the new environment’s dashboard, swap environmental URLs and click Swap

Deploy the new version of the application

From the new environment’s dashboard, choose Restart Environment

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment’s dashboard, choose Actions and then choose Swap Environment URLs.

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment’s dashboard, choose Actions and then choose Swap Environment URLs.

51 / 65

You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks). AWS has some recommendations for RAID setups. Which RAID setup is not recommended for Amazon EBS?

RAID 1 only

RAID 1 and RAID 6

RAID 5 and RAID 6

RAID 5 only

Explanation

With Amazon EBS, you can use any of the standard RAID configurations that you can use with a traditional bare metal server, as long as that particular RAID configuration is supported by the operating system for your instance. This is because all RAID is accomplished at the software level. For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together, for on-instance redundancy, RAID 1 can mirror two volumes together. RAID 5 and RAID 6 are not recommended for Amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes

Explanation

52 / 65

Name the disk storage supported by Amazon Elastic Compute Cloud (EC2).

Amazon AppStream store

Amazon SNS store

Amazon Instance Store

None of these

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

53 / 65

Your client is a legal firm with offices in New York and Boston. You have gathered all of the requirements and have started designing their AWS cloud environment. The design calls for a VPC for the New York office and a VPC for the Boston office. The client wants this separation for billing purposes and other considerations. But they have a need for interoperability between the two VPCs. How can you best meet this requirement?

Set up a vpn between the two VPCs.

Set up Direct Connect between the two VPCs.

Set up a VPC Peering connection

Place an Internet Gateway between the two VPCs.

Explanation

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.

Explanation

54 / 65

After monitoring your online sales application for the last two weeks of holiday sales, it is apparent that your database tier’s current architectural design is not sufficient. Your database is currently managed within Amazon RDS. The decision is made to scale your instance to a greater size based on database recommendations from the vendor. Your current database storage type is magnetic, and storage usage is currently at 70%.

Which modifications could potentially improve the performance of your database? (Choose 2 answers)

Change the storage type to general-purpose SSD.

Increase the currently allocated storage space

Decrease the currently allocated storage space

Increase the number of read replicas.

Explanation

When scaling a database, you can increase the storage capacity of a DB Instance up to a maximum of 64 terabytes (TiB). Please note that scaling the storage allocation with Amazon RDS does not incur a database outage. The performance will be increased as well.

Explanation

55 / 65

You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?

Amazon SQS is a non-distributed queuing system.

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds.

Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receiving speeds

Amazon SQS is for single-threaded sending or receiving speeds.

Explanation

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.

Explanation

56 / 65

You need to create a JSON-formatted text file for AWS CloudFormation. This is your first template and the only thing you know is that the templates include several major sections but there is only one that is required for it to work. What is the only section required?

Resources

Mappings

Outputs

Conditions

Explanation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. A template is a JSON-formatted text file that describes your AWS infrastructure. Templates include several major sections. The Resources section is the only section that is required. The first character in the template must be an open brace ({), and the last character must be a closed brace (}). The following template fragment shows the template structure and sections

Explanation

57 / 65

You have created an S3 bucket where project managers can upload their projects’ files. Project files change frequently, so retaining multiple copies of files when changes occur is essential. Each project is also considered confidential, each project file must be encrypted at rest when stored in S3.

How could you meet these requirements for your bucket and contents?

Each PM should compress project files and assign a password for compressed files, and encryption needs to be enabled on the bucket

Delete all prior versions after a certain timestamp alert is met

Server-side encryption should be enabled on the S3 bucket

Enable versioning for the S3 bucket, and encrypt project files using client-side or server-side encryption

Explanation

Versioning provides redundancy as it keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Explanation

58 / 65

You are configuring Amazon Route 53 to route traffic destined for yourwebsite.com to an Application Load Balancer that is configured to distribute traffic in two availability zones in the same AWS region. Which record set should you edit to point traffic for yourwebsite.com to your Application Load Balancer? Select the answer that is the most cost-effective and scalable.

CNAME

Alias

Explanation

yourwebsite.com is a zone apex. Alias record sets can be used to set a zone apex, but CNAME records cannot. Additionally, queries to Alias records that are mapped to an ELB are free. A records are used to map IPv4 addresses to FQDNs, the IP address of the ELB may change. MX records are used for email servers.

Explanation

59 / 65

Connection draining

Proxy protocol

Sticky session

Tagging

Explanation

60 / 65

A user is implementing resources for a group of separate batch processes to be completed during non-business hours. The process is predicted to take 6 hours to complete. This group of batch processing will require a compute-optimized instance, which is a different instance family than any deployed within your production environment. Which option is the right instance type and purchase option in this case, assuming the user performs the same task for the next twelve months?

An instance on an EC2 instance savings plan

A spot instance

A convertible reserved instance

An instance on a compute savings plan

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

61 / 65

You have been asked to perform some penetration testing on your company’s AWS infrastructure. However, you are not sure who is responsible for this. Which statement describing the AWS policy regarding penetration testing is correct?

The information you share with AWS as part of this process is kept confidential within AWS.

Permission is required from AWS for all penetration testing.

You can always perform pentration testing with no prior AWS approval.

You need to employ a third-party specialist to do the testing.

Explanation

There are several important things to note about penetration testing requests:

Permission may be required for penetration testing, depending on which AWS services are in use.
To request permission, you must be logged into the AWS portal using the root credentials associated with the instances you wish to test, otherwise the form will not pre-populate correctly

Explanation

There are several important things to note about penetration testing requests:

Permission may be required for penetration testing, depending on which AWS services are in use.
To request permission, you must be logged into the AWS portal using the root credentials associated with the instances you wish to test, otherwise the form will not pre-populate correctly

62 / 65

The common use cases for DynamoDB Fine-Grained Access Control (FGAC) are cases in which the end user wants .

to read or modify any codecommit key of the table directly, without a middle-tier service

to read or modify the table directly, without a middle-tier service

to check if an IAM policy requires the hash keys of the tables directly

to change the hash keys of the table directly

Explanation

FGAC can benefit any application that tracks information in a DynamoDB table, where the end user (or application client acting on behalf of an end user) wants to read or modify the table directly, without a middle-tier service. For instance, a developer of a mobile app named Acme can use FGAC to track the top score of every Acme user in a DynamoDB table. FGAC allows the application client to modify only the top score for the user that is currently running the application

Explanation

63 / 65

After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective?

The settings will be effective only for the new instances added to the security group.

The settings will be effective for all the instances only after 30 minutes

The settings will be effective immediately for all the instances in the security group.

The settings will be effective only when all the instances are restarted

Explanation

Amazon Redshift applies changes to a cluster security group immediately. So if you have associated the cluster security group with a cluster, inbound cluster access rules in the updated cluster security group apply immediately.

Explanation

64 / 65

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason thatthe instance is unavailable in the assigned IP console?

The IP address belongs to a different zone than the subnet zone

The IP address may be attached to one of the instances

The IP addresses belong to EC2 Classic, so they cannot be assigned to VPC

The user has not created an internet gateway

Explanation

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP, then it will only have a private IP when launched. If the user wants to connect to an instance from the Internet, he should create an elastic IP with VPC. If the elastic IP isa part of EC2 Classic, it cannot be assigned to a VPC instance.

Explanation

65 / 65

You run a stateless web application with the following components:

An Application Load Balancer (ALB)
A two-tier application with frontend instances processing user requests, and backend RDS MySQL instances
The MySQL RDS database offers a maximum of 3000 IOPS with Provisioned IOPS

You notice that the average response time for users is increasing. Looking at CloudWatch, you observe 85% CPU usage on the web and application servers and 20% CPU usage on the database. The average number of database disk operations varies between 1000 and 1500. How would you improve performance? (Choose 2 answers)

Use Amazon RDS Read Replicas to improve your throughput

Replace the backend RDS database instances with Aurora database engine

Choose a different EC2 instance type for the frontend servers with a more appropriate CPU/Memory ratio

Use EC2 Auto Scaling to add additional frontend instances based on the CPU load threshold

Explanation

Because of the 97% CPU usage on the Web/Application servers using larger instance types or using auto scaling to add more servers will alleviate this problem.

You have 3000 provisioned IOPS and the average number of database disk operations varies between 1000 and 1500 so you do not need to change your database at all.

Explanation

Because of the 97% CPU usage on the Web/Application servers using larger instance types or using auto scaling to add more servers will alleviate this problem.

You have 3000 provisioned IOPS and the average number of database disk operations varies between 1000 and 1500 so you do not need to change your database at all.

Your score is

The average score is 44%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Associate (SAA02) – Free Practice Tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation