1

An enterprise is planning to migrate its on-premises applications to AWS. The leadership team is keen on understanding how AWS can help reduce capital expenditures. Which AWS cloud benefit primarily addresses this concern?

✅ Verification & Rationale: Pay-as-you-go pricing allows organizations to pay only for the resources they consume, converting large upfront capital expenditures (CapEx) into predictable operational expenditures (OpEx). Elasticity, Agility, and Global Reach are significant benefits but do not directly address the reduction of CapEx in the same way.

2

A large corporation running an application on AWS EC2 instances needs to ensure the operating system is regularly patched. Under the AWS Shared Responsibility Model, who is primarily responsible for applying these OS patches?

✅ Verification & Rationale: Under the AWS Shared Responsibility Model, AWS is responsible for the security ‘of’ the cloud (the underlying infrastructure, hardware, global network, etc.), while the customer is responsible for security ‘in’ the cloud. For EC2 instances, this includes managing the guest operating system, application software, and their respective patching, configurations, and security.

3

An application development team requires a highly scalable compute service that automatically manages underlying servers, scales based on demand, and charges only for the compute time consumed. Which AWS service would best meet these requirements for running event-driven, short-duration code?

✅ Verification & Rationale: AWS Lambda is a serverless compute service that runs code in response to events and automatically manages the underlying compute resources. It scales automatically and you pay only for the compute time consumed, making it ideal for event-driven, short-duration code without server management overhead.

4

A company has a set of applications running on Amazon EC2 instances that have a consistent, predictable workload and are required to run 24/7 for the next three years. To significantly reduce compute costs, which AWS pricing model would be most appropriate?

✅ Verification & Rationale: Reserved Instances (RIs) offer a significant discount (up to 75% compared to On-Demand prices) in exchange for a commitment to a specific instance type and region for a 1-year or 3-year term. This is ideal for applications with predictable, consistent, and long-term workloads. Spot Instances are for fault-tolerant, flexible applications that can handle interruptions, and On-Demand is the most expensive option. Dedicated Hosts are for specific licensing requirements, not general cost optimization.

5

A multinational enterprise wants to deploy an application in AWS that requires high availability and disaster recovery capabilities within a specific geographical region. Which AWS architectural component should be utilized to achieve these goals by distributing resources?

✅ Verification & Rationale: To achieve high availability and resilience within a specific geographical region, resources should be distributed across multiple Availability Zones (AZs). Each AZ is an isolated location within an AWS Region, designed to be isolated from failures in other AZs, providing fault tolerance for applications. Using multiple AWS Regions would be for global disaster recovery or compliance requirements across different geographies, not typically for high availability within a single region.

6

An IT administrator needs to grant a new department specific permissions to access S3 buckets, but only for read-only operations. Following the principle of least privilege, which AWS service and feature should be used to assign these permissions?

✅ Verification & Rationale: AWS IAM (Identity and Access Management) is the service for managing access. Creating an IAM role and attaching an AWS managed policy like ‘AmazonS3ReadOnlyAccess’ is a best practice. This adheres to the principle of least privilege by granting only the necessary permissions and allows for flexible assignment to users or services as needed within the department. While an inline policy on an IAM user could work, managed policies on roles are more scalable and maintainable for organizational use cases.

7

A media company needs to store petabytes of archival video footage that is infrequently accessed but must be highly durable and accessible when needed. Cost-effectiveness for long-term storage is a primary concern. Which AWS storage service is best suited for this use case?

✅ Verification & Rationale: Amazon S3 Glacier Deep Archive is designed for long-term data archiving with retrieval times ranging from hours, offering the lowest cost storage in the cloud. This aligns perfectly with the need for cost-effective storage for petabytes of infrequently accessed archival video footage. Amazon EBS is block storage for EC2 instances, S3 Standard-IA is for less frequently accessed data but not deep archive, and Amazon EFS is a scalable file system for EC2 instances.

8

An enterprise finance team needs to visualize AWS spending trends, identify cost drivers, and get forecasts of future costs to better manage their cloud budget. Which AWS tool is specifically designed for these purposes?

✅ Verification & Rationale: AWS Cost Explorer is a tool that allows you to visualize, understand, and manage your AWS costs and usage over time. You can use it to analyze your spending, identify cost drivers, and get forecasts of future costs. AWS Budgets allows you to set custom budgets and receive alerts, while Trusted Advisor provides recommendations for cost optimization, security, and performance. Personal Health Dashboard provides personalized views of AWS service health.

9

An application requires maximum uptime and resilience against failures of individual servers or data centers within a region. How does AWS recommend architecting an application to achieve this level of availability?

✅ Verification & Rationale: AWS recommends deploying application components across multiple Availability Zones (AZs) within an AWS Region to achieve high availability and fault tolerance. AZs are physically separate data centers, so distributing resources across them protects against failures of individual servers or an entire data center. Deploying in a single AZ creates a single point of failure. Deploying across multiple regions is for even higher levels of disaster recovery, not primarily ‘within a region’ availability. Dedicated hosts are for specific hardware requirements, not inherently for high availability.

10

A security team needs to configure stateless filtering for incoming and outgoing traffic at the subnet level within their Amazon VPC. Which AWS networking security feature should they use?

✅ Verification & Rationale: Network Access Control Lists (NACLs) are stateless firewall rules that operate at the subnet level, allowing or denying traffic into and out of subnets. Security Groups are stateful firewalls that operate at the instance level. AWS WAF is a web application firewall, and Route 53 is a DNS service.

11

A company needs to create a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define. This network should be completely separate from other AWS customer networks. Which AWS service provides this functionality?

✅ Verification & Rationale: Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network is logically isolated from other virtual networks in the AWS Cloud, giving you complete control over your virtual networking environment.

12

A large organization has multiple AWS accounts for different departments and projects. To simplify billing management and potentially reduce costs, which AWS Organizations feature should they leverage?

✅ Verification & Rationale: Consolidated Billing, a feature of AWS Organizations, allows you to consolidate billing and payment for multiple AWS accounts into one master account. This simplifies billing management and can lead to cost savings through volume pricing discounts and Reserved Instance utilization across all linked accounts.

13

A retail company experiences significant, unpredictable spikes in website traffic during holiday sales. Which AWS cloud characteristic allows their application infrastructure to automatically scale up or down to meet these fluctuating demands without manual intervention?

✅ Verification & Rationale: Elasticity is the ability of a system to automatically scale computing resources up or down to meet fluctuating demands. This ensures that resources are always available when needed and that costs are optimized by not over-provisioning during low-demand periods. Agility refers to the speed of deploying resources, Global Reach to the worldwide infrastructure, and Durability to the long-term integrity of data.

14

An organization needs to ensure that data stored in their Amazon S3 buckets is encrypted at rest. Which AWS service is primarily used to manage encryption keys for various AWS services, including S3?

✅ Verification & Rationale: AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. Many AWS services, including Amazon S3, integrate with KMS to provide server-side encryption with customer-managed keys (CMK). AWS Shield provides DDoS protection, Security Hub provides a unified view of security alerts, and Secrets Manager helps manage database credentials and other secrets.

15

A financial institution needs a fully managed relational database service that supports complex queries and transactions, with automated backups, patching, and scaling. They prefer a familiar database engine like PostgreSQL or MySQL. Which AWS database service meets these requirements?

✅ Verification & Rationale: Amazon RDS (Relational Database Service) is a fully managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It supports several popular database engines, including PostgreSQL, MySQL, MariaDB, Oracle, and SQL Server, and handles tasks like patching, backups, and scaling. DynamoDB and DocumentDB are NoSQL databases, and Redshift is a data warehousing service for analytics.

0%