AWS Certified Solution Architect – Associate – Sample Questions – Part IV

Question #14

A consulting firm repeatedly builds large, standardized architectures for their customers using AWS resources from many AWS Services, including IAM, Amazon EC2, Amazon RDS, DynamoDB, and Amazon VPC. The consultants have architecture diagrams for each of their architectures, and they are frustrated that they cannot use them to automatically create their resources.

Which service should provide immediate benefits to the organization?

A. Elastic Beanstalk

B. AWS CloudFormation

C. AWS CodeBuild

D. AWS CodeDeploy

Question #15

A team is building an application that must persist and index JSON files in a highly-available data store. Latency of data access must remain consistent despite very high application traffic.

What service should the team choose?

A. Amazon EFS

B. Amazon Redshift

C. DynamoDB

D. AWS CLoudFormation

Question #16

An application with a 150 GB relational database runs on an EC2 instance. The application is used infrequently with small peaks in the morning and evening.

What is the MOST cost-effective storage type?

A. Amazon EBS Provisioned IOPS SSD

B. Amazon EBS Throughput Optimized HDD

C. Amazon EBS General Purpose SSD

D. Amazon EFS

Question #17

An organization hosts a multi-language website on AWS. The website is served using CloudFront. The language is specified in the HTTP request:




How should CloudFront be configured to deliver cached data in the correct language?

A. Forward cookies to the origin

B. Based on query string parameters

C. Cache objects at the origin

D. Serve dynamic content

Question #18

An application currently stores all data on Amazon EBS volumes. All EBS volumes must be backed up durably across multiple Availability Zones.

What is the MOST resilient way to back up the volumes?

A. Take regular EBS snapshots

B. Enable EBS volume encryption

C. Create a script to copy data to an EC2 instance store

D. Mirror data across two EBS volumes

Question #19

A data-processing application in AWS must pull data from an Internet service. A Solutions Architect must design a highly available solution to access data without placing bandwidth constraints on the application traffic.

Which solution meets these requirements?

A. Launch a NAT Gateway and add routes for

B. Attach a VPC endpoint and add routes for

C. Attach an Internet Gateway and add routes for

D. Deploy a NAT instance in a public subnet and add routes for

Question #20

You have an application running in us-west-2 that requires six EC2 instances running at all times.

With three Availability Zones available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides fault tolerance if any Availability Zone in use-west-2 becomes unavailable? (Select TWO.)

A. 2 EC2 instances in in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c

B. 3 EC2 instances in in us-west-2a, 3 EC2 instances in us-west-2b, 0 EC2 instances in us-west-2c

C. 4 EC2 instances in in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c

D. 6 EC2 instances in in us-west-2a, 6 EC2 instances in us-west-2b, 0 EC2 instances in us-west-2c

E. 3 EC2 instances in in us-west-2a, 3 EC2 instances in us-west-2b, 3 EC2 instances in us-west-2c

Question #21

A Solutions Architect is designing a solution to store and archive corporate documents, and has determined that Amazon Glacier is the right solution. Data must be delivered within 10 minutes of a retrieval request.

Which feature in Amazon Glacier can help meet this requirement?

A. Vault Lock

B. Expedited retrieval

C. Bulk retrieval

D. Standard retrieval

Question #22

A company is migrating an on-premise 10 TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replica lag must be kept under 100 milliseconds.

Which Amazon RDS engine meets these requirements?


B. Microsoft SQL Server

C. Oracle

D. Amazon Aurora

Question #23

An application allows manufacturing sites to upload files. Each 3 GB file is then processed to extract metadata, with the processing taking a few seconds for each file. The frequency updates is unpredictable – there may be no updates for hours, then several files uploaded concurrently.

What architecture will address this workload the most cost efficiently?

A. Use a Kinesis data delivery stream to store the file, and use Lambda for processing.

B. Use an SQS queue to store the file, which is then accessed by a fleet of EC2 instances.

C. Store the file in an EBS volume, which can then be accessed by another EC2 instance for processing

D. Store the file in an S3 bucket, and use Amazon S3 event notification to invoke a Lambda function to process the file.

Question #24

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The web servers must be accessible only to customers on an SSL connection. The database should only be accessible to web servers in a public subnet.

Which solution meets these requirements without impacting other running applications? (Select TWO.)

A. Create a network ACL on the web server’s subnet, allow HTTPS port 443 inbound, and specify the source as

B. Create a web server security group that allows HTTPS port 443 inbound traffic from Anywhere ( and apply it to the web servers.

C. Create a DB server security group that allows MySQL port 3306 inbound and specify the source as a web server security group.

D. Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for web servers, and deny all outbound traffic.

E. Create a DB server security group that allows the HTTPS port 443 inbound and specify the source as the web server security group.

Question #25

The security policy of an organize requires an application to encrypt data before writing to the disk.

Which solution should the organization use to meet this requirement?


B. AWS Certificate Manager

C. API Gateway with STS

D. IAM Access Key


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s