100 Free AWS Solutions Architect (SAA-C03) Practice Test Questions to Crush the Exam

An application running on an EC2 instance needs to securely access an Amazon S3 bucket without storing AWS credentials on the instance. What is the most secure method to grant the required permissions?

A database workload on an EC2 instance requires a high number of I/O operations per second (IOPS). The performance must be consistent regardless of the size of the storage volume. Which EBS volume type is most suitable for this use case?

An Amazon RDS for PostgreSQL database is experiencing high read traffic, which is causing performance degradation. The application can tolerate slightly stale data for read queries. What is the most effective way to scale the read capacity of the database?

Which AWS service would you use to find recommendations for improving security, reducing costs, and increasing the performance of your AWS environment based on AWS best practices?

A company wants to receive alerts when its estimated AWS charges exceed a certain amount. Which service can be used to create a budget and send notifications when the costs or usage exceed a defined threshold?

A company needs to host a relational database that will be managed by AWS. The solution must support point-in-time recovery to allow restoring the database to any second during a retention period. Which AWS service and feature should be used?

A company is hosting a static website on Amazon S3. They want to use their own domain name (e.g., www.example.com) and provide HTTPS access to their users. Which combination of services should be used to achieve this?

A company has a stateless application that runs on a large fleet of EC2 instances. The workload is periodic, fault-tolerant, and can be interrupted without adverse effects. To significantly reduce compute costs, which EC2 purchasing option is the most appropriate?

An Application Load Balancer is configured with a listener rule that forwards requests with the path `/api/*` to one target group, and all other requests to a different target group. What type of routing is this?

A company has several VPCs in the same region and needs to connect them all so that resources in any VPC can communicate with resources in any other VPC. The company anticipates adding more VPCs in the future and wants a scalable solution that avoids complex mesh peering. Which service should be used?

An EC2 instance is launched into a VPC with a default security group. By default, what traffic is allowed by this security group?

A company is using Amazon Aurora Global Database, with a primary cluster in us-east-1 and a secondary cluster in eu-west-1. What is the primary benefit of this architecture?

A company is running an application with a consistent and predictable workload 24/7 for the next three years. They want the most significant possible discount on their EC2 compute costs. Which purchasing option should they choose?

Which of the following describes a ‘stateless’ application architecture?

A company requires that network traffic between its VPCs does not traverse the public internet. The VPCs are in the same AWS account and region and have non-overlapping CIDR blocks. What is the simplest way to enable private communication between them?

Which of the following services is serverless? (Choose two)

An application is being designed with a microservices architecture. The services are loosely coupled and communicate asynchronously. One service needs to publish an event, and multiple other services need to receive and process that same event independently. Which communication pattern and AWS service should be used?

A company needs to transfer 50 TB of data from its on-premises data center to Amazon S3. The company has a slow and unreliable internet connection, making an online transfer impractical. Which AWS service provides a physical appliance to securely transfer this large amount of data?

A company is storing sensitive user data in an Amazon S3 bucket. They need to ensure the data is encrypted at rest. What is the simplest way to enforce that all new objects uploaded to the bucket are encrypted without any client-side action?

A solutions architect must ensure that an Amazon S3 bucket containing confidential documents cannot be accidentally deleted. Additionally, any user who tries to delete an object from the bucket must provide a second factor of authentication. Which S3 features should be enabled on the bucket?

An application needs to send notifications to a large number of subscribers through multiple protocols, such as email, SMS, and mobile push notifications. Which AWS service is best suited for this task?

A data processing application generates a large number of messages that need to be processed by a fleet of EC2 instances. The number of messages can vary significantly. To prevent overloading the consumers and losing messages, the application needs a durable buffer to store the messages. Which service should be used to decouple the message producer from the consumers?

What is the key benefit of deploying an application across multiple Availability Zones within a single AWS Region?

A solutions architect needs to design a shared storage solution for a fleet of Linux-based EC2 instances that require concurrent access to the same files. The storage solution must be fully managed and scale automatically as data grows. Which service is the most appropriate?

A company is designing a multi-tier web application that must be highly available and fault-tolerant. The web servers will run on EC2 instances and need to access a database. To ensure the database can withstand the failure of an entire Availability Zone, which Amazon RDS configuration should be implemented?

What is the function of AWS CloudFormation stack policies?

An Amazon Aurora database cluster is configured with a primary writer instance and several Aurora Replicas. What is the primary purpose of the Aurora Replicas?

A company needs to store frequently accessed data in a shared file system for a high-performance computing (HPC) cluster running on Linux EC2 instances. The file system must provide millions of IOPS and sub-millisecond latencies. Which AWS storage service is designed for these extreme performance requirements?

A solutions architect is designing a stateless web application. To improve scalability and resilience, user session data must be stored externally from the EC2 instances. The session data requires extremely low latency (sub-millisecond) for read and write operations. Which service is the best choice for storing this session data?

What is the primary purpose of AWS Organizations?

A company is migrating its on-premises Oracle database to AWS. The company has existing Oracle licenses that it wants to continue using to save costs. Which Amazon RDS licensing model should be selected?

A solutions architect is creating a custom VPC. After creating the VPC and a public subnet, they launch an EC2 instance into the subnet. However, the instance cannot reach the internet. What is a likely missing component?

A company wants to establish a private, dedicated network connection between its on-premises data center and its AWS VPC. The connection must provide consistent, low-latency performance and cannot traverse the public internet. Which AWS service should be used?

A company is launching a new web service and expects the traffic to grow rapidly. They want a solution that automatically adds or removes EC2 instances based on demand to maintain performance and minimize costs. Which AWS services should be combined to achieve this?

A company wants to use a managed Chef and Puppet configuration management service to automate the configuration of its EC2 instances. Which AWS service provides this capability?

To improve the security posture of an AWS account, a security engineer wants to automatically assess EC2 instances for vulnerabilities and unintended network exposure. Which service should be used?

An application requires access to a set of files that must be shared among multiple EC2 instances. The file system must support the NFS protocol. Which AWS storage service is the most suitable choice?

A company needs to implement a disaster recovery strategy with a Recovery Time Objective (RTO) of 15 minutes and a Recovery Point Objective (RPO) of 1 hour. The primary site runs in an AWS region. Which DR strategy is most appropriate and cost-effective for these requirements?

An application is designed to be deployed using immutable infrastructure. When a new version of the application is released, what is the correct deployment procedure?

A developer needs programmatic access to AWS services from their local machine using the AWS CLI. What type of IAM credentials are required?

A company has a requirement to use a file storage service that is accessible from both their on-premises servers and their EC2 instances. They want a single, unified view of their files. Which AWS service provides a hybrid cloud storage solution for files?

A solutions architect needs to monitor the performance of an application running on EC2 instances. Specifically, they need to track CPU Utilization, Disk I/O, and Network traffic. Which AWS service provides these metrics by default?

A company needs to implement a backup strategy for their EBS volumes. The backups should be automated, and older backups should be automatically deleted to save costs. Which combination of services provides the most automated solution?

A company is running a production application on EC2 instances and requires a support plan that provides a response time of less than 1 hour for production system-down events. They also need access to the full set of AWS Trusted Advisor checks. Which is the lowest-tier support plan that meets these requirements?

A new gaming application requires a database with extremely low latency for its leaderboard feature. The data needs to be read very frequently. To improve read performance for the existing DynamoDB table, which feature or service should be implemented?

An organization wants to provide its development team with access to AWS resources. Each developer needs a unique set of permissions based on their project. Managing permissions for each developer individually is becoming cumbersome. What is the most efficient and secure way to manage these permissions?

An analytics workload processes large amounts of data stored in Amazon S3. The company wants to run complex SQL queries directly on the data in S3 without loading it into a traditional data warehouse. Which service allows for this serverless, interactive querying?

A solutions architect needs to choose an EBS volume type for a boot volume on a general-purpose EC2 instance used for development and testing. The workload is bursty, and cost is a primary concern. A moderate baseline performance is acceptable. Which volume type is the most cost-effective choice?

A solutions architect is designing a system that processes a continuous stream of real-time data from thousands of IoT devices. The data must be processed in order and be available for multiple consuming applications to read simultaneously. Which service is best suited for ingesting and processing this data stream?

A solutions architect is selecting an Elastic Load Balancer for a new application. The application uses HTTP and HTTPS protocols and requires routing decisions to be made based on the URL path of the incoming request (e.g., sending ‘/api’ requests to one group of servers and ‘/images’ to another). Which type of load balancer should be used?

An application running on EC2 instances needs access to database credentials that are rotated automatically every 30 days. The application should be able to retrieve these credentials securely at runtime without them being hardcoded. Which service is designed for this purpose?

To enhance security, an organization wants to ensure that EC2 instances in a private subnet can download software updates from the internet, but the instances must not be reachable from the internet. What is the most scalable and highly available solution?

During a security audit, it was discovered that a new IAM user was created with excessive permissions. The security team needs to determine who created this user and from what IP address the action was performed. Which service provides this information?

An organization is deploying a new application on AWS and has a strict requirement that all data stored in Amazon EBS volumes must be encrypted. What is the easiest way to ensure this compliance requirement is met for all future EBS volumes created in a specific region?

A company is migrating a legacy application to AWS that requires a static, unchanging public IP address for whitelisting by its partners. The application will run on an EC2 instance. Which AWS resource should be used to meet this requirement?

A solutions architect is designing a VPC with one public subnet and one private subnet. An EC2 instance in the private subnet needs to be able to connect to the internet to download security patches. Which of the following must be configured?

A company wants to enable its on-premises users, who authenticate via Microsoft Active Directory, to access the AWS Management Console without creating separate IAM users for each person. Which service or feature should be used to enable this federated access?

A company wants to improve the availability and performance of its TCP-based global application by directing user traffic through the AWS global network. The solution should provide static IP addresses that act as a fixed entry point for the application. Which service is best suited for this?

A new application requires a database that can handle millions of requests per second with single-digit millisecond latency. The data model is a simple key-value structure, and the database must scale automatically without manual intervention. Which AWS database service is the best fit?

An EC2 instance is launched in a public subnet of a VPC and needs to access the internet. What components are required for this to be possible?

A global application serves content to users across the world. To reduce latency and improve performance for users, a company wants to cache content closer to them. Which AWS service should be used?

An application’s user base has predictable traffic patterns, with high usage during business hours (9 AM – 5 PM) on weekdays and very low usage at night and on weekends. A solutions architect wants to ensure there are enough EC2 instances to handle the load during peak times but wants to reduce costs during off-peak times. What is the most effective solution?

What is the primary function of a route table within an Amazon VPC?

A solutions architect needs to enforce a strict firewall rule at the subnet boundary. The rule must explicitly deny all traffic from a specific malicious IP address range, while allowing all other traffic. Which AWS networking component should be used?

A company is using AWS Organizations to manage multiple AWS accounts. They need to apply a security policy that prevents IAM users in member accounts from disabling AWS CloudTrail, regardless of any permissions they might have. How can this be enforced from the management account?

In AWS CloudFormation, what is the function of the `Parameters` section in a template?

A company is designing a system where an AWS Lambda function needs to be invoked once every hour to perform a cleanup task. What is the simplest way to trigger this Lambda function on a recurring schedule?

A company is deploying a critical application and must ensure that it can withstand the failure of an entire AWS Availability Zone. Which is the minimum architecture required to achieve this?

Which of the following is a key difference between a Network Access Control List (NACL) and a Security Group?

A web application hosted on EC2 instances behind an Application Load Balancer needs a firewall to protect against common web exploits like SQL injection and cross-site scripting. Which AWS service should be used?

An Application Load Balancer (ALB) distributes traffic to a target group of EC2 instances. One of the instances has failed its health check. What action will the ALB take?

A developer has written an application as a Docker container. They want to store the container image in a secure, private, and managed registry on AWS. Which service should they use?

An organization wants a simplified way to deploy and manage a web application on AWS. They want the service to automatically handle the provisioning of resources like EC2 instances, load balancers, and auto-scaling, allowing developers to focus only on uploading their code. Which service provides this level of abstraction?

A financial services company needs to store long-term audit logs for 7 years to comply with regulations. The data will be accessed very rarely, perhaps once a year, but when access is needed, a retrieval time of up to 12 hours is acceptable. Which Amazon S3 storage class offers the lowest cost for this scenario?

A company needs to analyze terabytes of data using a business intelligence tool. The data is structured and will be queried frequently by analysts. The company requires a fully managed petabyte-scale data warehouse service. Which AWS service should be chosen?

A company wants to automate the deployment of its infrastructure using code. The team wants to use a declarative template in either JSON or YAML format to define all the required AWS resources (e.g., EC2, VPC, S3) as a single unit called a stack. Which AWS service enables this?

A company needs to encrypt data in an S3 bucket and wants to have full control over the lifecycle of the encryption keys, including the ability to create, rotate, and disable them. However, they do not want to manage the underlying cryptographic hardware. Which encryption option should they use?

A solutions architect wants to automatically discover and classify sensitive data, such as personally identifiable information (PII), stored in Amazon S3 buckets. Which service uses machine learning to achieve this?

Which AWS Well-Architected Framework pillar focuses on the ability to run workloads effectively, gain insight into their operations, and continuously improve supporting processes and procedures?

A legacy application is being migrated to an EC2 instance. The application writes data to a local file share that must be accessible to other Windows servers in the same VPC. The file share needs to support the SMB protocol and integrate with Microsoft Active Directory. Which storage service should be used?

According to the AWS Well-Architected Framework, what is the best practice for managing an AWS account’s root user credentials after initial setup?

An Application Load Balancer is configured with a listener for HTTPS on port 443. What is required for the ALB to terminate the SSL/TLS connection?

What is the most secure and efficient way to provide an application running in a VPC with access to AWS services like S3 and DynamoDB, without the traffic leaving the AWS network?

In a disaster recovery scenario, what does Recovery Time Objective (RTO) refer to?

An Application Load Balancer needs to distribute traffic to a set of EC2 instances that are frequently terminated and replaced by an Auto Scaling group. How can the ALB dynamically discover and route traffic to the available instances?

A company needs to analyze VPC Flow Logs to identify suspicious traffic patterns. The logs are stored in Amazon S3. Which service can be used to perform complex SQL queries on these log files directly?

What does the AWS Shared Responsibility Model state about the customer’s responsibility for an IaaS service like Amazon EC2?

Which EC2 pricing model offers the most significant long-term discount in exchange for a 1- or 3-year commitment to a consistent amount of compute usage (measured in $/hour)?

A solutions architect needs to set up DNS for a new domain. When users in Europe access the domain, they should be directed to servers in the eu-west-1 region. When users in North America access the domain, they should be directed to servers in the us-east-1 region. Which Amazon Route 53 routing policy should be used?

A company is concerned about Distributed Denial of Service (DDoS) attacks against its public-facing web application. Which AWS service provides automatic protection against common, network and transport layer DDoS attacks for all AWS customers at no additional charge?

A solutions architect needs to provision an AWS resource that will act as a centralized router to simplify the network topology between hundreds of VPCs and on-premises connections. What service should be used?

A solutions architect is designing a network infrastructure in AWS. There is a requirement to allow web traffic on port 80 to a group of EC2 instances in a public subnet, but deny all other inbound traffic. At the same time, all outbound traffic from these instances should be allowed. Which security control is most appropriate for this requirement?

Which of the following services can be used to run a serverless application defined by a collection of AWS Lambda functions?

A company is storing sensitive documents in an S3 bucket and needs to ensure that the objects cannot be deleted or overwritten by any user, including the root user, for a specified retention period. Which S3 feature should be used?

A developer needs to execute a piece of code in response to an object being uploaded to an S3 bucket. The execution should be event-driven, and the developer does not want to manage any servers. Which compute service is the most appropriate choice?

A media company is using Amazon CloudFront to distribute its video content globally. Some of the content is premium and should only be accessible to authenticated users. What CloudFront feature can be used to restrict access to this premium content?

An Amazon EC2 instance needs a block storage volume that will persist independently of the instance’s lifecycle. If the instance is terminated, the data on the volume must remain. Which type of storage should be used?

What is the purpose of an Amazon S3 lifecycle policy?

A company wants to run a containerized application on AWS but wants to avoid managing the underlying EC2 instances for the container cluster. They need a serverless compute engine for containers. Which AWS service or feature should they use?

An organization needs a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect their AWS accounts, workloads, and data stored in Amazon S3. Which service should they enable?