CCNA Cloud Technology and Services Questions

75 of 341 questions · Page 1/5 · Cloud Technology and Services · Answers revealed

1
MCQeasy

Which Amazon EC2 pricing option allows customers to bid for unused EC2 capacity with potential savings of up to 90%, while accepting that instances may be interrupted?

A.On-Demand Instances
B.Reserved Instances
C.Spot Instances
D.Dedicated Instances
AnswerC

Spot Instances use AWS spare capacity at up to 90% discount, with the trade-off that AWS can interrupt with 2 minutes notice when capacity is needed.

Why this answer

Spot Instances allow customers to bid for unused EC2 capacity, offering potential savings of up to 90% compared to On-Demand pricing. However, these instances can be interrupted (terminated or hibernated) by AWS when the Spot price exceeds the customer's bid or when capacity is needed for On-Demand or Reserved Instance customers, making them ideal for fault-tolerant and flexible workloads.

Exam trap

The trap here is that candidates may confuse Spot Instances with Reserved Instances, thinking both offer similar discounts, but Reserved Instances require a commitment and are not interruptible, while Spot Instances are interruptible and involve bidding on unused capacity.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances provide full pricing flexibility with no interruption risk, but they do not allow bidding on unused capacity or offer up to 90% savings. Option B is wrong because Reserved Instances provide a significant discount (up to 72%) in exchange for a 1- or 3-year commitment, but they are not interruptible and do not involve bidding on unused capacity. Option D is wrong because Dedicated Instances run on single-tenant hardware and are not associated with bidding on unused capacity or interruption; they are used for compliance or licensing requirements, not for cost savings via spot pricing.

2
MCQmedium

Which AWS service automatically moves S3 objects between storage classes based on access patterns without requiring upfront knowledge of how frequently data will be accessed?

A.S3 Lifecycle policies
B.S3 Intelligent-Tiering
C.S3 Standard-IA
D.S3 Replication
AnswerB

Intelligent-Tiering monitors access frequency and automatically moves objects to the most cost-effective tier without performance impact or retrieval fees.

Why this answer

S3 Intelligent-Tiering is the correct answer because it is the only AWS service that automatically moves objects between storage classes based on changing access patterns, without requiring any upfront knowledge or lifecycle rules. It monitors access at the object level and moves data between two access tiers (frequent and infrequent) and an optional archive tier, charging a small monitoring fee but no retrieval costs.

Exam trap

The trap here is that candidates confuse S3 Lifecycle policies (which require manual rule creation) with Intelligent-Tiering (which automates transitions based on actual usage), leading them to choose A instead of B.

How to eliminate wrong answers

Option A is wrong because S3 Lifecycle policies require you to define explicit rules (e.g., 'move to S3 Standard-IA after 30 days') based on your own predictions of access patterns, not automatic adaptation. Option C is wrong because S3 Standard-IA is a static storage class that does not automatically move data; it simply provides lower-cost storage for infrequently accessed data with a retrieval fee. Option D is wrong because S3 Replication is used to copy objects across buckets or regions for redundancy or compliance, not to transition between storage classes based on access patterns.

3
MCQmedium

Which AWS storage class is optimized for long-term archival where data is rarely accessed and retrieval time of several hours is acceptable?

A.S3 Standard-IA
B.S3 One Zone-IA
C.S3 Glacier Deep Archive
D.S3 Intelligent-Tiering
AnswerC

Deep Archive is the lowest-cost storage, designed for rarely accessed archival data with retrieval times of 12–48 hours.

Why this answer

S3 Glacier Deep Archive is designed for long-term archival of data that is accessed rarely, with retrieval times ranging from 12 to 48 hours. This makes it the most cost-effective storage class for scenarios where retrieval latency of several hours is acceptable, such as compliance or regulatory archives.

Exam trap

The trap here is that candidates confuse S3 Glacier Deep Archive with S3 Glacier Flexible Retrieval, assuming both offer similar retrieval times, but the exam specifically tests the distinction that Deep Archive requires 12–48 hours while Flexible Retrieval can provide minutes to hours.

How to eliminate wrong answers

Option A is wrong because S3 Standard-IA is optimized for infrequently accessed data but offers millisecond retrieval times, not the several-hour retrieval window required for archival. Option B is wrong because S3 One Zone-IA stores data in a single Availability Zone and provides rapid access, making it unsuitable for long-term archival with multi-hour retrieval. Option D is wrong because S3 Intelligent-Tiering automatically moves data between access tiers based on usage patterns but still provides millisecond retrieval for all tiers, not the several-hour retrieval specified in the question.

4
MCQmedium

A company runs a read-heavy web application that retrieves the same product catalog data from an Amazon RDS database hundreds of times per second. The database is experiencing high CPU utilization due to repeated reads of the same information. The company wants to reduce the load on the database and improve application response time without modifying the application code or adding more database capacity. The solution must be fully managed and provide a low-latency, in-memory cache for frequently accessed data. Which AWS service should the company use?

A.Amazon CloudFront
B.Amazon ElastiCache
C.Amazon DynamoDB Accelerator (DAX)
D.Amazon Simple Queue Service (SQS)
AnswerB

Amazon ElastiCache is a fully managed, in-memory caching service that supports Memcached and Redis. It can be used to cache the results of frequently executed database queries, reducing the load on the RDS instance and improving application latency. The application can be configured to check the cache first before querying the database, which does not require modifying the core application logic if designed appropriately. This is the correct solution for offloading read traffic from the database.

Why this answer

Amazon ElastiCache is the correct choice because it provides a fully managed, in-memory caching service (Memcached or Redis) that can store frequently accessed product catalog data. By caching the results of repeated read queries, ElastiCache offloads the RDS database, reducing CPU utilization and improving response times without requiring application code changes or additional database capacity.

Exam trap

The trap here is that candidates may confuse DAX (a DynamoDB-specific cache) with a general-purpose cache for RDS, or assume CloudFront can serve as an application-level cache for database queries, when in fact ElastiCache is the only fully managed, in-memory caching service that works with RDS without code changes.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches static and dynamic content at edge locations, but it is not designed as a low-latency, in-memory cache for database query results; it operates at the HTTP/HTTPS level and would require modifying the application to route requests through it. Option C is wrong because Amazon DynamoDB Accelerator (DAX) is an in-memory cache specifically for DynamoDB tables, not for Amazon RDS databases; it cannot be used to cache RDS query results. Option D is wrong because Amazon Simple Queue Service (SQS) is a fully managed message queuing service for decoupling application components, not a caching service; it does not provide low-latency, in-memory data retrieval for repeated reads.

5
MCQmedium

Which AWS service allows you to create a private network connection between your on-premises data center and AWS without using the public internet?

A.AWS VPN
B.Amazon VPC Peering
C.AWS Direct Connect
D.AWS Transit Gateway
AnswerC

Direct Connect provides a dedicated, private network connection from on-premises to AWS bypassing the internet.

Why this answer

AWS Direct Connect is the correct answer because it provides a dedicated, private network connection from your on-premises data center directly to AWS, bypassing the public internet entirely. This is achieved through a physical cross-connect at an AWS Direct Connect location, using industry-standard 802.1Q VLANs to maintain traffic isolation. Unlike VPN-based solutions, Direct Connect offers consistent network performance, lower latency, and higher bandwidth, making it ideal for hybrid workloads and large-scale data transfers.

Exam trap

The trap here is that candidates confuse AWS VPN (which also creates a private tunnel) with a truly private connection, forgetting that VPNs still traverse the public internet, whereas Direct Connect uses a dedicated physical link that never touches the internet.

How to eliminate wrong answers

Option A is wrong because AWS VPN uses the public internet to establish an encrypted tunnel (IPsec) between your on-premises network and AWS, so it does not create a private connection that bypasses the public internet. Option B is wrong because Amazon VPC Peering connects two VPCs within the AWS network, not an on-premises data center to AWS; it also relies on the AWS global infrastructure but does not extend to on-premises environments. Option D is wrong because AWS Transit Gateway is a network transit hub that connects VPCs, VPNs, and Direct Connect attachments, but it is not itself a private connection service; it requires Direct Connect or VPN to extend to on-premises.

6
MCQeasy

Which Amazon EC2 instance type provides the best performance for a relational database that requires very high IOPS with consistent sub-millisecond storage latency?

A.General purpose instances (M family)
B.Storage-optimized instances (I family)
C.Compute-optimized instances (C family)
D.Memory-optimized instances (R family)
AnswerB

I-family instances provide NVMe SSD-backed storage with hundreds of thousands of IOPS and sub-millisecond latency — designed for I/O-intensive database workloads.

Why this answer

The I family (Storage-optimized instances) is designed for high-frequency, low-latency I/O operations, leveraging NVMe SSD-backed instance storage to deliver very high IOPS and consistent sub-millisecond latency, making it ideal for relational databases with demanding storage performance requirements.

Exam trap

The trap here is that candidates often confuse 'high IOPS' with compute or memory optimization, overlooking that storage-optimized instances are the only family specifically engineered for ultra-low latency and high-throughput storage operations.

How to eliminate wrong answers

Option A is wrong because General purpose instances (M family) offer a balanced mix of compute, memory, and networking, but their EBS-optimized throughput and local NVMe storage options are not designed to sustain the extreme IOPS and sub-millisecond latency required for high-performance relational databases. Option C is wrong because Compute-optimized instances (C family) prioritize CPU performance for compute-intensive workloads, not storage I/O, and lack the dedicated NVMe instance storage or high-throughput EBS configurations needed for very high IOPS with low latency. Option D is wrong because Memory-optimized instances (R family) are optimized for large datasets in memory, but their storage performance is not specialized for high IOPS or sub-millisecond latency; they rely on EBS or instance storage that does not match the I family's dedicated NVMe performance.

7
MCQmedium

Which AWS service provides a managed graph database for storing and querying highly connected data?

A.Amazon DocumentDB
B.Amazon Keyspaces
C.Amazon Neptune
D.Amazon QLDB
AnswerC

Neptune is AWS's managed graph database for highly connected data.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data. It supports both property graph models (using Apache TinkerPop Gremlin) and RDF models (using SPARQL), making it ideal for use cases like social networks, fraud detection, and knowledge graphs.

Exam trap

The trap here is that candidates confuse 'graph database' with 'document database' (DocumentDB) or 'ledger database' (QLDB), because all three involve structured data but only Neptune is designed for relationship-heavy queries.

How to eliminate wrong answers

Option A is wrong because Amazon DocumentDB is a document database (MongoDB-compatible) designed for JSON-like documents, not for graph relationships. Option B is wrong because Amazon Keyspaces is a managed Apache Cassandra-compatible wide-column database for key-value and tabular data, not for graph traversal. Option D is wrong because Amazon QLDB is a ledger database that provides an immutable, cryptographically verifiable transaction log, not a graph database for connected data.

8
MCQmedium

A company stores large amounts of data in Amazon S3 and wants to query it using standard SQL without loading it into a database. They need queries to complete in seconds. Which query optimization technique should they apply?

A.Store data in CSV format for maximum compatibility
B.Convert data to columnar Parquet format and implement partitioning
C.Enable S3 Transfer Acceleration on the bucket
D.Move all data to Amazon RDS for faster SQL queries
AnswerB

Parquet's columnar storage lets Athena skip irrelevant columns. Partitioning by date/region reduces files scanned. Together, these can reduce query time from minutes to seconds and cost by 90%+.

Why this answer

B is correct because converting data to columnar Parquet format reduces the amount of data scanned by only reading the columns needed for the query, and partitioning further limits the data scanned by filtering on partition keys. This combination enables queries to complete in seconds on Amazon S3 using services like Amazon Athena or Amazon Redshift Spectrum, without loading data into a database.

Exam trap

The trap here is that candidates often confuse data transfer optimization (S3 Transfer Acceleration) with query optimization, or assume that CSV's universal compatibility makes it the best choice for performance, ignoring the critical role of columnar formats and partitioning in reducing scan volume.

How to eliminate wrong answers

Option A is wrong because CSV is a row-oriented format that requires scanning entire rows even when only a few columns are needed, leading to slower query performance and higher data scanned. Option C is wrong because S3 Transfer Acceleration optimizes data transfer speed over long distances by using AWS edge locations, not query performance or optimization. Option D is wrong because moving data to Amazon RDS would require loading it into a database, which contradicts the requirement to query data directly in S3 without loading it, and RDS is not designed for direct S3 querying.

9
MCQmedium

A company operates an e-commerce website that sends transactional emails such as order confirmations, password reset links, and shipping updates to customers. The company expects email volume to grow significantly during promotional events. The development team wants a fully managed AWS service that can reliably send high volumes of transactional emails, provide real-time tracking of bounces and complaints, and allow integration through a simple API. The team does not want to manage any email servers. Which AWS service should the team use?

A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Email Service (Amazon SES)
C.Amazon Simple Queue Service (Amazon SQS)
D.Amazon Pinpoint
AnswerB

Amazon SES is a cloud-based email sending service designed specifically for sending high-volume transactional and marketing emails. It provides detailed feedback loops for bounces and complaints, a simple API, and does not require managing email servers.

Why this answer

Amazon Simple Email Service (Amazon SES) is a fully managed, cloud-based email sending service designed specifically for sending transactional and marketing emails at high volume. It provides a simple API for integration, real-time tracking of bounces, complaints, and deliveries via Amazon CloudWatch and Amazon SNS notifications, and eliminates the need to manage any email servers. This makes it the ideal choice for the e-commerce company's requirements.

Exam trap

The trap here is that candidates confuse Amazon SNS with an email service because SNS can send email notifications, but they overlook that SNS is not a dedicated transactional email platform and lacks the deliverability features, bounce/complaint tracking, and high-volume sending capabilities that Amazon SES provides.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service for sending notifications via SMS, email, or HTTP endpoints, but it is not designed for high-volume transactional email sending, lacks dedicated email deliverability features like bounce and complaint tracking, and does not provide a dedicated email-sending API. Option C is wrong because Amazon SQS is a fully managed message queue service for decoupling application components, not an email sending service; it cannot send emails directly or track email bounces and complaints. Option D is wrong because Amazon Pinpoint is a customer engagement service focused on targeted marketing campaigns, audience segmentation, and analytics, and while it can send transactional emails, it is more complex and overkill for the simple transactional email use case described, and its primary strength is not raw high-volume transactional email sending with a simple API.

10
MCQmedium

A SaaS company wants to expose their service to AWS customers through the AWS Marketplace and allow customers to access it privately without traversing the public internet. Which technology enables this?

A.Amazon VPC Peering
B.AWS PrivateLink
C.AWS Direct Connect
D.AWS Transit Gateway
AnswerB

PrivateLink enables service providers to expose their services privately to multiple customer VPCs — customers create Interface Endpoints that connect to the provider's service over the AWS network without internet exposure.

Why this answer

AWS PrivateLink enables private connectivity between VPCs and AWS services without traversing the public internet. By creating a VPC Endpoint powered by PrivateLink, the SaaS company can expose their service via an internal Network Load Balancer (NLB) in their own VPC, and customers can access it privately using Elastic Network Interfaces (ENIs) in their VPCs. This ensures traffic stays within the AWS network, meeting the requirement for private, non-internet-based access through the AWS Marketplace.

Exam trap

The trap here is that candidates often confuse AWS PrivateLink with VPC Peering, thinking peering provides private connectivity between accounts, but they miss that PrivateLink is specifically designed for exposing services to multiple customer VPCs without requiring full VPC mesh or routing tables.

How to eliminate wrong answers

Option A is wrong because Amazon VPC Peering connects two VPCs directly using private IP addresses, but it does not allow a SaaS provider to expose a service to multiple customer VPCs without complex transitive routing and does not integrate with AWS Marketplace for service listing. Option C is wrong because AWS Direct Connect establishes a dedicated physical network connection from an on-premises data center to AWS, not between VPCs or for SaaS service exposure to other AWS customers. Option D is wrong because AWS Transit Gateway acts as a central hub for interconnecting multiple VPCs and on-premises networks, but it does not provide the ability to expose a specific service privately to other AWS accounts without additional components like PrivateLink or VPC endpoints.

11
MCQmedium

A company generates large log files from its application and stores them in an Amazon S3 bucket. During the first 30 days, logs are frequently accessed for troubleshooting. After 30 days, logs are accessed infrequently (a few times per month). After 90 days, logs are rarely accessed but must be retained for compliance for one year, with retrieval possible within minutes if needed. The company wants to minimize storage costs while meeting these access and retention requirements. Which S3 feature should the company configure?

A.S3 Object Lock
B.S3 Lifecycle policies
C.S3 Transfer Acceleration
D.S3 Replication
AnswerB

S3 Lifecycle policies automate the transition of objects to more cost-effective storage classes (e.g., from Standard to Standard-IA to Glacier Instant Retrieval) as data ages, directly meeting the cost optimization and retention requirements described.

Why this answer

B is correct because S3 Lifecycle policies allow you to define rules that automatically transition objects between storage classes (e.g., from S3 Standard to S3 Standard-IA after 30 days, then to S3 Glacier Instant Retrieval after 90 days) and expire them after one year. This directly matches the access patterns: frequent access for 30 days, infrequent access for the next 60 days, rare access with minute-level retrieval for the remainder of the year, and deletion after compliance retention is met.

Exam trap

The trap here is that candidates may confuse S3 Object Lock (a compliance feature) with lifecycle policies (a cost-optimization feature), or assume that S3 Transfer Acceleration is relevant to storage cost reduction, when it only addresses upload speed.

How to eliminate wrong answers

Option A is wrong because S3 Object Lock is used to enforce a write-once-read-many (WORM) model to prevent object deletion or overwrites for compliance or legal hold, not to automate storage class transitions or cost optimization based on access patterns. Option C is wrong because S3 Transfer Acceleration speeds up uploads over long distances by using AWS edge locations and the AWS global network, but it does not manage storage tiering, retention, or cost reduction for existing objects.

12
MCQmedium

A company stores product images in an Amazon S3 bucket. New images are accessed frequently for the first 30 days, but access drops sharply after that. The company wants to automatically optimize storage costs by moving data between access tiers without any manual intervention or upfront lifecycle policy setup. Which Amazon S3 storage class should the company use to meet these requirements?

A.Amazon S3 Intelligent-Tiering
B.Amazon S3 Standard
C.Amazon S3 One Zone-Infrequent Access
D.Amazon S3 Glacier Deep Archive
AnswerA

Correct. S3 Intelligent-Tiering automatically moves objects between frequent and infrequent access tiers based on changing access patterns, achieving cost optimization without manual lifecycle policies.

Why this answer

Amazon S3 Intelligent-Tiering is the correct choice because it automatically moves objects between three access tiers (frequent, infrequent, and archive instant) based on changing access patterns, with no lifecycle rules required. This meets the requirement of optimizing storage costs for images that are frequently accessed for the first 30 days and then rarely accessed afterward, without any manual intervention or upfront setup.

Exam trap

AWS often tests the misconception that S3 Intelligent-Tiering requires lifecycle policies to be configured, but the key trap here is that candidates may choose S3 Standard-Infrequent Access or Glacier Deep Archive, failing to recognize that Intelligent-Tiering is the only storage class that automatically optimizes costs without any manual or upfront lifecycle setup.

How to eliminate wrong answers

Option B (Amazon S3 Standard) is wrong because it is designed for frequently accessed data and does not automatically transition data to lower-cost tiers, leading to higher costs for data that becomes infrequently accessed. Option C (Amazon S3 One Zone-Infrequent Access) is wrong because it is intended for infrequently accessed data from the start and does not automatically adapt to changing access patterns; it also lacks the multi-AZ resilience needed for this use case. Option D (Amazon S3 Glacier Deep Archive) is wrong because it is meant for long-term archival data with retrieval times of 12 hours or more, and it does not support automatic tiering from a frequently accessed state; it would require manual lifecycle policies to move data into it.

13
Multi-Selectmedium

A company needs to generate detailed AWS billing reports segmented by department. Each department uses distinct AWS accounts under an AWS Organization. Which two mechanisms work together to provide department-level cost allocation?

Select 2 answers
A.AWS Budgets + CloudWatch Billing Alarms
B.AWS Organizations consolidated billing + Cost Explorer grouped by linked account
C.AWS Pricing Calculator + Cost and Usage Report
D.AWS Config + AWS Trusted Advisor
AnswersB, C

Organizations aggregates member account bills into one, while Cost Explorer's 'group by linked account' view shows each department account's contribution — providing department-level cost allocation.

Why this answer

Option B is correct because AWS Organizations consolidated billing aggregates costs from all linked accounts into a single payer account, and Cost Explorer can then group costs by linked account ID. This combination allows the company to view and allocate costs per department, where each department uses a distinct AWS account under the organization.

Exam trap

The trap here is that candidates may confuse cost monitoring tools (like Budgets and Alarms) or configuration tools (like Config and Trusted Advisor) with actual cost allocation and reporting mechanisms, leading them to select options that sound plausible but lack the specific segmentation capability required.

14
MCQmedium

A development team uses AWS developer tools for their entire software delivery process: a Git-based code repository, automated compilation and testing, and automated deployment to EC2 instances. Which combination of AWS services provides these three capabilities?

A.AWS CloudFormation, AWS Elastic Beanstalk, and Amazon EC2
B.Amazon S3, AWS Lambda, and Amazon CloudWatch
C.AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy
D.AWS CodePipeline, Amazon ECR, and Amazon ECS
AnswerC

CodeCommit is a managed Git-based source code repository. CodeBuild compiles code and runs tests. CodeDeploy automates application deployments to EC2, Lambda, and ECS. Together they form a complete CI/CD toolchain.

Why this answer

AWS CodeCommit provides a Git-based code repository for source control. AWS CodeBuild performs automated compilation and testing. AWS CodeDeploy automates deployment to EC2 instances.

Together, these three services directly map to the three capabilities described in the question.

Exam trap

The trap here is that candidates may confuse AWS CodePipeline (a CI/CD orchestrator) with the individual services that actually provide the repository, build, and deployment capabilities, leading them to select Option D instead of the correct combination of CodeCommit, CodeBuild, and CodeDeploy.

How to eliminate wrong answers

Option A is wrong because AWS CloudFormation is an Infrastructure as Code service for provisioning resources, not a code repository or build service; AWS Elastic Beanstalk is a PaaS that automates deployment but does not provide a Git repository or separate build service. Option B is wrong because Amazon S3 is object storage, AWS Lambda is serverless compute, and Amazon CloudWatch is monitoring — none of these provide a Git-based code repository, automated compilation/testing, or deployment to EC2 instances. Option D is wrong because AWS CodePipeline is a CI/CD orchestrator, not a code repository; Amazon ECR is a container registry; Amazon ECS is a container orchestration service — this combination lacks a Git repository and a dedicated build service, and targets containers rather than EC2 instances directly.

15
MCQmedium

A company runs a data processing job once per month. The job takes approximately 3 hours to complete when run on a single server. The company wants to minimize operational overhead and pay only for the compute time used during the job. The job does not require user interaction and must be able to automatically retry if a task fails. Which AWS service should the company use?

A.AWS Lambda
B.AWS Batch
C.Amazon EC2
D.AWS Elastic Beanstalk
AnswerB

Correct. AWS Batch is a fully managed service that enables you to run batch computing workloads of any scale. It automatically provisions compute resources (e.g., Amazon EC2 instances or AWS Fargate), schedules jobs, and retries failed tasks. You only pay for the compute resources consumed, and there is no need to manage underlying servers.

Why this answer

AWS Batch is designed for batch computing workloads that run to completion without user interaction. It automatically provisions the necessary compute resources (e.g., EC2 instances or Fargate), scales them to zero when idle, and provides built-in retry logic for failed tasks. This matches the requirement of a monthly 3-hour job with minimal operational overhead and pay-per-use billing.

Exam trap

The trap here is that candidates may choose AWS Lambda for its serverless and pay-per-use model, overlooking the hard 15-minute execution limit that makes it unsuitable for long-running batch jobs.

How to eliminate wrong answers

Option A is wrong because AWS Lambda has a maximum execution timeout of 15 minutes per invocation, which cannot accommodate a 3-hour job. Option C is wrong because Amazon EC2 requires manual provisioning, scaling, and management of instances, increasing operational overhead and requiring payment for idle time if not carefully stopped. Option D is wrong because AWS Elastic Beanstalk is a PaaS service for deploying web applications, not optimized for long-running batch jobs, and it lacks native retry logic for task failures.

16
MCQmedium

A company wants to deploy their application globally and needs AWS to automatically route users to the nearest healthy application endpoint with improved network performance. Which AWS service uses the AWS global network backbone for routing optimization?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 with latency routing
D.Amazon VPC peering
AnswerB

Global Accelerator routes traffic into the AWS network at the nearest edge location, then uses AWS's congestion-free backbone to the endpoint — improving performance for TCP/UDP applications beyond what CloudFront provides.

Why this answer

AWS Global Accelerator uses the AWS global network backbone to optimize the path from users to applications. It routes traffic over the AWS internal network rather than the public internet, improving performance and reliability. It also automatically directs users to the nearest healthy endpoint, meeting the requirement for global deployment with automatic failover.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's edge caching with Global Accelerator's network-layer routing, but CloudFront is for content delivery and does not optimize TCP/UDP traffic routing to application endpoints using the AWS global backbone.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches static and dynamic content at edge locations, but it does not route traffic to application endpoints—it serves cached content or proxies requests to an origin, and it does not provide the same TCP/UDP optimization or static IP addresses for application routing. Option C is wrong because Amazon Route 53 with latency routing directs users based on DNS resolution, which can be affected by DNS caching and does not use the AWS global network backbone for real-time traffic optimization; it also does not provide static IP addresses or health-check-driven endpoint routing at the network layer. Option D is wrong because Amazon VPC peering connects two VPCs within the same or different AWS regions using the AWS network, but it is not a global traffic routing service for users on the internet and does not automatically route users to the nearest healthy endpoint.

17
MCQmedium

A media company processes user-uploaded images. When a user uploads a high-resolution image to an Amazon S3 bucket, the company must automatically generate three resized thumbnail versions (small, medium, large) within seconds. The company wants a solution that requires no infrastructure management and scales automatically to handle thousands of concurrent uploads. Which AWS service should the company use to execute the thumbnail generation code?

A.Run the thumbnailing code on Amazon EC2 instances behind an Application Load Balancer
B.AWS Lambda
C.Amazon ECS with AWS Fargate launch type
D.AWS Elastic Beanstalk
AnswerB

AWS Lambda is a serverless function-as-a-service (FaaS) platform that runs code in response to events and automatically manages the underlying compute resources. It can be directly triggered by S3 bucket notifications (e.g., s3:ObjectCreated events). Lambda scales instantly to handle the upload volume and requires no server provisioning, making it ideal for this workload.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that executes code in response to S3 events (e.g., object creation) without provisioning or managing servers. It scales automatically to handle thousands of concurrent uploads, and the 15-minute execution timeout is sufficient for generating three thumbnail versions within seconds. This meets the requirement for no infrastructure management and automatic scaling.

Exam trap

The trap here is that candidates may choose Amazon ECS with Fargate (Option C) thinking it is the only serverless container option, but they overlook that Lambda is purpose-built for short-lived, event-driven tasks like image processing and requires no cluster or task definition management, making it the simpler and more cost-effective choice for this use case.

How to eliminate wrong answers

Option A is wrong because running EC2 instances behind an ALB requires manual management of server capacity, scaling policies, and infrastructure, which violates the 'no infrastructure management' requirement. Option C is wrong because Amazon ECS with Fargate, while serverless, still requires cluster configuration, task definition management, and is overkill for simple event-driven thumbnail generation; it also incurs higher latency for short-lived tasks compared to Lambda. Option D is wrong because Elastic Beanstalk abstracts infrastructure but still manages underlying EC2 instances and requires environment configuration, scaling policies, and is not designed for event-driven, sub-second execution triggered by S3 uploads.

18
MCQmedium

A company has workloads that must remain on-premises due to data residency regulations but want to use the same AWS APIs, tools, and services they use in the cloud — including EC2, RDS, and S3 — on their on-premises hardware. Which AWS service enables this?

A.AWS Direct Connect
B.AWS Snow Family
C.AWS Outposts
D.AWS Local Zones
AnswerC

AWS Outposts delivers fully managed AWS racks to customer on-premises facilities. AWS manages the hardware, and customers run native AWS services (EC2, EBS, EKS, RDS) using standard AWS APIs on-premises.

Why this answer

AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to virtually any on-premises data center or co-location space. It allows customers to run EC2, RDS, and S3 locally on Outposts hardware while maintaining the same AWS control plane and APIs, satisfying data residency requirements without sacrificing cloud-native tooling.

Exam trap

The trap here is that candidates confuse AWS Outposts with AWS Local Zones or Direct Connect, mistakenly thinking that a network connection or edge location alone provides the same on-premises service compatibility, when only Outposts actually runs the AWS infrastructure on customer-owned hardware.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect is a dedicated network connection from on-premises to AWS, but it does not provide local compute or storage services; it only improves network latency and reliability. Option B is wrong because the AWS Snow Family (Snowcone, Snowball, Snowmobile) is used for physical data transport and edge computing in disconnected or limited-connectivity environments, not for running persistent workloads with full AWS API compatibility on customer premises. Option D is wrong because AWS Local Zones are extensions of an AWS Region that place compute, storage, and database services closer to end users, but they are still AWS-managed infrastructure in AWS data centers, not on customer premises.

19
MCQmedium

A company hosts a web application on Amazon EC2 instances in two AWS Regions: us-east-1 and eu-west-1. The application serves a global user base. The company wants to improve performance by directing users to the nearest healthy regional endpoint with minimal latency. Additionally, the company requires two static Anycast IP addresses that remain constant, representing the application entry point. The solution should automatically reroute traffic if a regional endpoint becomes unhealthy. Which AWS service should the company use?

A.AWS Global Accelerator
B.Amazon CloudFront
C.Amazon Route 53
D.AWS Shield
AnswerA

AWS Global Accelerator uses the global AWS network to direct traffic to the nearest healthy endpoint via static Anycast IP addresses. It improves performance for global users by minimizing latency and provides automatic failover. This matches all requirements.

Why this answer

AWS Global Accelerator is correct because it uses the AWS global network and Anycast static IP addresses to route user traffic to the nearest healthy regional endpoint (EC2 instances in us-east-1 or eu-west-1). It automatically reroutes traffic if an endpoint becomes unhealthy, providing low latency and high availability for global users.

Exam trap

The trap here is that candidates often confuse Global Accelerator with CloudFront or Route 53, thinking DNS-based routing or CDN caching can provide static Anycast IPs and instant failover, but only Global Accelerator offers fixed Anycast addresses with automatic traffic rerouting at the network layer.

How to eliminate wrong answers

Option B (Amazon CloudFront) is wrong because CloudFront is a content delivery network (CDN) that caches content at edge locations and does not provide static Anycast IP addresses as a fixed entry point; it uses DNS-based routing and domain names. Option C (Amazon Route 53) is wrong because Route 53 is a DNS service that resolves domain names to IP addresses using policies like latency-based routing, but it does not provide static Anycast IP addresses and relies on DNS caching, which can introduce latency and does not offer the same level of immediate traffic rerouting as Global Accelerator.

20
MCQmedium

A company wants to deploy AWS services in a specific geographic location within a metropolitan area to reduce latency for end users in that city, while still using standard AWS APIs. Which AWS infrastructure type addresses this?

A.AWS Outposts
B.AWS Local Zones
C.CloudFront Edge Locations
D.AWS Wavelength Zones
AnswerB

Local Zones extend AWS infrastructure to metropolitan areas for ultra-low latency (<10ms) applications, using standard AWS APIs and connecting to the parent Region.

Why this answer

AWS Local Zones are an infrastructure type that places compute, storage, and other select AWS services closer to end users in a specific metropolitan area, enabling single-digit millisecond latency for latency-sensitive applications while using the same AWS APIs and tools as in an AWS Region. This directly meets the requirement of reducing latency within a city without requiring custom APIs or on-premises hardware.

Exam trap

The trap here is that candidates confuse AWS Local Zones with CloudFront Edge Locations, assuming both provide compute and storage for general workloads, but CloudFront Edge Locations are limited to caching and content delivery, not full AWS service deployment.

How to eliminate wrong answers

Option A is wrong because AWS Outposts is a fully managed service that extends AWS infrastructure, services, and APIs to on-premises or co-location facilities, not to a specific geographic location within a metropolitan area for latency reduction. Option C is wrong because CloudFront Edge Locations are content delivery network (CDN) points of presence that cache static and dynamic content for low-latency delivery, but they do not run compute or storage services with standard AWS APIs for deploying arbitrary workloads. Option D is wrong because AWS Wavelength Zones embed AWS compute and storage services at the edge of 5G telecommunications networks, targeting ultra-low-latency mobile and IoT applications, not general-purpose deployment in a metropolitan area using standard internet connectivity.

21
MCQmedium

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application normally handles 1,000 requests per second, but occasionally experiences unpredictable spikes of up to 10,000 requests per second for a few minutes. The Auto Scaling group is configured with a maximum capacity of 2,000 instances, which is insufficient to handle the spikes. The company must ensure that no requests are lost during these spikes without requiring manual scaling. Which solution should the company implement?

A.Configure an Amazon CloudFront distribution in front of the ALB to cache responses and absorb the spike.
B.Use an Amazon SQS queue between the ALB and the EC2 instances to decouple the request flow and buffer excess requests.
C.Enable Amazon EC2 Auto Scaling with predictive scaling to forecast and pre-provision capacity for the spikes.
D.Register additional EC2 instances in an on-premises data center as targets for the ALB and use manual failover.
AnswerB

Amazon SQS is a fully managed message queuing service that can decouple application components. By placing an SQS queue between the ALB and the EC2 instances, incoming requests are stored as messages. The instances process messages at their own pace, buffering the excess during spikes. This ensures no requests are lost even when the spike exceeds the Auto Scaling group's maximum capacity.

Why this answer

Option B is correct because an Amazon SQS queue decouples the ALB from the EC2 instances, allowing the ALB to offload excess requests into the queue during traffic spikes. The EC2 instances then process messages from the queue at their own pace, ensuring no requests are lost even if the spike exceeds the Auto Scaling group's maximum capacity. This buffering mechanism handles unpredictable bursts without requiring manual intervention or pre-provisioning.

Exam trap

The trap here is that candidates often assume CloudFront can absorb any traffic spike, but it only helps with cacheable content and does not prevent request loss for dynamic, uncacheable workloads.

How to eliminate wrong answers

Option A is wrong because CloudFront caches static or dynamic content at edge locations, but it cannot absorb unpredictable spikes of dynamic web requests that must be processed by the backend; it only reduces load on the origin for cacheable content, and if the spike consists of uncacheable requests, the ALB and EC2 instances still face the full load. Option C is wrong because predictive scaling relies on historical patterns to forecast capacity, but the spikes are unpredictable and occasional, so predictive scaling cannot accurately pre-provision instances for events that have no consistent trend, and it cannot exceed the maximum capacity of 2,000 instances.

22
MCQmedium

A company uses AWS Organizations to manage multiple accounts. The operations team runs hundreds of Amazon EC2 instances across these accounts for various applications. The security team requires that all EC2 instances be patched with the latest security updates within 7 days of release. Currently, the operations team manually applies patches by logging into each account and using Systems Manager Patch Manager individually. The team wants to centralize patch compliance management so that a single operations team can define patch baselines, schedule patching, and view compliance status across all accounts from a single pane of glass, without needing to switch between accounts. Which AWS service or feature should the team use to meet these requirements?

A.AWS Config
B.Amazon Inspector
C.AWS Systems Manager Patch Manager
D.AWS Trusted Advisor
AnswerC

AWS Systems Manager Patch Manager automates the process of patching managed instances. With cross-account support via AWS Organizations and IAM roles, it allows you to define a single patch baseline, schedule patching across multiple accounts, and view aggregated compliance status in the Systems Manager console.

Why this answer

AWS Systems Manager Patch Manager is the correct choice because it allows the operations team to centrally define patch baselines, schedule patching across multiple AWS accounts, and view compliance status from a single pane of glass using AWS Systems Manager Quick Setup or multi-account management features. By integrating with AWS Organizations, Patch Manager can target EC2 instances across all accounts without requiring the team to switch between accounts, meeting the requirement for centralized patch compliance management.

Exam trap

The trap here is that candidates may confuse Amazon Inspector's vulnerability scanning with actual patch management, but Inspector only identifies vulnerabilities and does not apply patches, whereas Patch Manager is the service designed for centralized patching and compliance reporting.

How to eliminate wrong answers

Option A is wrong because AWS Config is a service for evaluating resource configurations against desired policies (e.g., checking if EC2 instances have a specific tag or security group rule), but it does not have the ability to define patch baselines, schedule patching, or apply patches to EC2 instances; it only provides compliance visibility for configuration rules, not patch management. Option B is wrong because Amazon Inspector is a vulnerability assessment service that scans EC2 instances for software vulnerabilities and unintended network exposure, but it does not perform patching or schedule patch operations; it only identifies vulnerabilities and generates findings, leaving the actual patching to another service like Patch Manager.

23
MCQmedium

An e-commerce company runs a MySQL database on-premises to support its transactional workload. The company plans to migrate this database to AWS to reduce operational overhead. The company requires a fully managed database solution that automatically replicates data across multiple Availability Zones to provide failover in the event of an Availability Zone failure. The company does not want to manage database patching, backup scheduling, or replication. Which AWS service should the company use to meet these requirements?

A.Amazon DynamoDB
B.Amazon RDS with Multi-AZ deployment
C.Amazon EC2 with a self-managed MySQL installation
D.Amazon Redshift
AnswerB

Amazon RDS with Multi-AZ deployment is the correct choice. RDS provides a fully managed relational database service compatible with MySQL. Multi-AZ creates a synchronous standby replica in a different Availability Zone, ensuring automatic failover if the primary instance fails. RDS also automates patching, backups, and replication, meeting all stated requirements.

Why this answer

Amazon RDS with Multi-AZ deployment is the correct choice because it provides a fully managed MySQL database that automatically replicates data synchronously across multiple Availability Zones, enabling automatic failover in the event of an AZ failure. AWS handles patching, backup scheduling, and replication management, meeting the company's requirement to reduce operational overhead.

Exam trap

The trap here is that candidates may confuse Amazon DynamoDB's built-in Multi-AZ replication with the requirement for a MySQL relational database, or assume that a self-managed EC2 instance can meet the 'fully managed' requirement by using additional services like Auto Scaling.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational MySQL database, and it does not support the MySQL engine or SQL queries required for the transactional workload. Option C is wrong because Amazon EC2 with a self-managed MySQL installation requires the company to manually manage patching, backup scheduling, replication, and failover, which contradicts the requirement for a fully managed solution. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical workloads, not for transactional MySQL workloads, and it does not provide automatic Multi-AZ failover for MySQL databases.

24
MCQmedium

A company runs hundreds of Amazon EC2 instances for its application. The operations team manually reviews instance utilization metrics once a month to identify instances that are over-provisioned (e.g., using only 10% of CPU) or under-provisioned. They want to automate this analysis and receive rightsizing recommendations to optimize costs and performance. The solution must be natively provided by AWS and must use historical utilization data to generate recommendations. Which AWS service should the company use?

A.AWS Compute Optimizer
B.AWS Trusted Advisor
C.AWS Cost Explorer
D.AWS Systems Manager
AnswerA

Correct. AWS Compute Optimizer uses machine learning to analyze historical utilization metrics and provides actionable rightsizing recommendations for EC2 instances, Auto Scaling groups, and EBS volumes, exactly matching the company's need for automated optimization.

Why this answer

AWS Compute Optimizer is the correct choice because it is a native AWS service that uses machine learning to analyze historical utilization metrics (such as CPU, memory, and network) across EC2 instances and automatically generates rightsizing recommendations. It specifically identifies over-provisioned and under-provisioned instances to optimize both cost and performance, meeting the requirement for automated analysis based on historical data.

Exam trap

The trap here is that candidates often confuse AWS Trusted Advisor's cost optimization checks with detailed rightsizing recommendations, but Trusted Advisor does not analyze historical utilization data or provide instance-specific rightsizing suggestions like Compute Optimizer does.

How to eliminate wrong answers

Option B (AWS Trusted Advisor) is wrong because it provides general best-practice checks (e.g., security, cost optimization, service limits) but does not analyze historical utilization data to generate specific EC2 rightsizing recommendations; its cost optimization checks are high-level and not based on detailed historical metrics. Option C (AWS Cost Explorer) is wrong because it focuses on visualizing and analyzing cost and usage data over time, not on providing rightsizing recommendations based on resource utilization; it lacks the machine learning-driven analysis of instance performance metrics that Compute Optimizer offers.

25
MCQmedium

A company runs a web application on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The application serves dynamic content that changes frequently, but also serves static assets (CSS, JavaScript, images) that change rarely. The company wants to improve the overall performance and reduce the load on the EC2 instances by caching the static assets at edge locations while still routing dynamic requests to the ALB. Which combination of AWS services should the company use?

A.Use Amazon CloudFront with the ALB as the origin, and configure CloudFront to cache the static assets while forwarding dynamic requests to the ALB.
B.Use Amazon Route 53 with latency-based routing to direct users to the closest ALB endpoint.
C.Use Amazon S3 to host the entire application, and use the ALB to route traffic to the S3 bucket.
D.Use AWS Global Accelerator to distribute traffic across multiple ALBs in different AWS Regions.
AnswerA

CloudFront acts as a CDN and can be configured with multiple cache behaviors. Static assets are cached at edge locations, reducing the load on the ALB and EC2 instances. Dynamic requests are forwarded to the ALB as needed. This directly meets the company's requirements.

Why this answer

Amazon CloudFront can be configured with the ALB as the origin, allowing it to cache static assets (CSS, JavaScript, images) at edge locations while forwarding dynamic requests to the ALB. This reduces latency for users by serving cached content from the nearest edge location and offloads the EC2 instances from handling repeated requests for static files. CloudFront supports path-based caching behaviors, so you can define specific URL patterns (e.g., /static/*) to cache and others to forward directly to the ALB.

Exam trap

The trap here is that candidates may think Route 53 latency-based routing (Option B) can cache content at edge locations, but Route 53 is a DNS service only and does not provide any caching or content delivery functionality.

How to eliminate wrong answers

Option B is wrong because Route 53 latency-based routing directs users to the closest ALB endpoint, but it does not cache static assets at edge locations or reduce load on EC2 instances; it only optimizes network routing. Option C is wrong because hosting the entire application on S3 would not support dynamic content that changes frequently, as S3 is a static object store and cannot process server-side logic or database queries; the ALB cannot route traffic to an S3 bucket as an origin for dynamic requests.

26
MCQmedium

A company is developing a real-time multiplayer game that requires extremely low latency (under 10ms) for player interactions. The game will be accessed by mobile users on 5G networks in select metropolitan areas. The company wants to run the game server logic as close to the users as possible, leveraging the low latency of 5G and avoiding the round trip to an AWS Region. Which AWS service should the company use to deploy the game server compute at the edge of the 5G network?

A.AWS Outposts
B.AWS Local Zones
C.AWS Wavelength
D.AWS Global Accelerator
AnswerC

AWS Wavelength is the correct choice. It embeds AWS compute and storage at the edge of 5G networks, directly within the mobile network operator's data centers. This enables developers to build applications that require ultra-low latency (single-digit milliseconds) for mobile devices on 5G, ideal for real-time gaming.

Why this answer

AWS Wavelength is designed specifically to bring AWS compute and storage services to the edge of 5G networks, embedding AWS infrastructure within telecommunications providers' data centers. This enables sub-10ms latency for mobile users by eliminating the round trip to a regional AWS Region, making it ideal for real-time multiplayer game server logic on 5G.

Exam trap

The trap here is that candidates confuse AWS Local Zones with Wavelength, but Local Zones reduce latency only to ~10-20ms from a nearby metro area, not the sub-10ms edge latency achievable only by embedding compute inside the 5G carrier's network via Wavelength.

How to eliminate wrong answers

Option A is wrong because AWS Outposts is a fully managed service that extends AWS infrastructure on-premises, but it is not embedded within a 5G carrier's network edge and does not provide the sub-10ms latency required for mobile users on 5G. Option B is wrong because AWS Local Zones place compute resources closer to end users than a standard Region, but they are still located in metropolitan areas outside of telecom carrier edge sites, adding latency that exceeds the 10ms requirement for 5G real-time gaming.

27
MCQmedium

A media company runs a website that serves video content globally. Users request video previews, which require the generation of thumbnail images on-the-fly. The company wants to generate these thumbnails at AWS edge locations so that the processing occurs close to users, reducing latency and offloading the origin servers. The solution must run custom code in response to CloudFront events without provisioning any servers. Which AWS service should the company use to meet these requirements?

A.AWS Lambda
B.AWS Lambda@Edge
C.Amazon EC2 instances in an Auto Scaling group
D.Amazon ElastiCache
AnswerB

AWS Lambda@Edge is a feature of Amazon CloudFront that runs Lambda functions at AWS edge locations in response to CloudFront events. It is serverless, scales automatically, and is ideal for processing content close to users, such as on-the-fly thumbnail generation.

Why this answer

AWS Lambda@Edge is the correct service because it allows you to run custom code in response to CloudFront events (such as viewer request, origin request, viewer response, and origin response) at AWS edge locations, enabling on-the-fly thumbnail generation close to users without provisioning any servers. This reduces latency and offloads origin servers, meeting the requirement for serverless edge processing.

Exam trap

The trap here is that candidates often confuse standard AWS Lambda with Lambda@Edge, assuming Lambda can run at edge locations, but standard Lambda is region-bound and cannot intercept CloudFront events at the edge.

How to eliminate wrong answers

Option A is wrong because AWS Lambda functions run in a specific AWS Region, not at edge locations, so they cannot process requests close to users globally to reduce latency for CloudFront events. Option C is wrong because Amazon EC2 instances require provisioning and managing servers, which violates the requirement of not provisioning any servers, and they cannot run at edge locations natively. Option D is wrong because Amazon ElastiCache is a caching service that does not run custom code in response to CloudFront events, nor does it process thumbnail generation at edge locations.

28
MCQmedium

A company needs to synchronize data in real time between its on-premises Oracle database and an Amazon RDS MySQL instance during a migration. Which AWS service handles ongoing data replication between heterogeneous databases?

A.AWS DataSync
B.AWS Database Migration Service (DMS)
C.AWS Snowball
D.Amazon Kinesis Data Streams
AnswerB

DMS handles both full-load migration and continuous change data capture (CDC) replication between heterogeneous databases, supporting live cutover with minimal downtime.

Why this answer

AWS Database Migration Service (DMS) is the correct choice because it supports ongoing replication (change data capture, CDC) from an on-premises Oracle database to an Amazon RDS MySQL instance, even when the source and target are heterogeneous database engines. DMS uses a replication instance to read the source database's transaction logs and apply changes in near real time to the target, making it ideal for continuous synchronization during a migration.

Exam trap

The trap here is that candidates confuse AWS DataSync (file sync) or Kinesis (streaming) with database replication, but only DMS provides native support for ongoing, heterogeneous database replication using CDC.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is designed for file-based data transfers (e.g., NFS, SMB) between on-premises storage and AWS, not for database-level replication or heterogeneous database synchronization. Option C is wrong because AWS Snowball is a physical data transport device used for large-scale offline data migration, not for real-time or ongoing replication between databases. Option D is wrong because Amazon Kinesis Data Streams is a real-time streaming service for ingesting and processing large streams of data records (e.g., log events, IoT telemetry), not for direct database-to-database replication with change data capture.

29
MCQmedium

A company runs a web application that accepts customer orders. During peak hours, the order processing component often becomes overloaded, causing orders to be dropped. The company wants to ensure that every order is reliably stored and processed, and that the web tier and the processing tier can scale independently without losing data. Which AWS service should the company use to decouple the application components and provide a durable buffer for incoming orders?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.AWS Step Functions
AnswerA

Amazon SQS is a message queue service that reliably stores messages until they are consumed. It decouples the web tier from the processing tier, buffers orders during spikes, and ensures no orders are lost. This makes it the correct choice for this scenario.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed, durable, and scalable message queue that decouples the web tier from the processing tier. Orders are reliably stored in an SQS queue until the processing component retrieves them, ensuring no orders are dropped even during peak loads. SQS guarantees at-least-once delivery and supports independent scaling of producers and consumers without data loss.

Exam trap

The trap here is that candidates confuse SQS with SNS, thinking both can decouple components, but SNS pushes messages and lacks a durable buffer, while SQS stores messages until consumers retrieve them, making it the correct choice for reliable order processing.

How to eliminate wrong answers

Option B (Amazon Simple Notification Service) is wrong because SNS is a pub/sub messaging service that pushes messages to subscribers, but it does not provide a durable buffer or allow consumers to pull messages at their own pace; if a subscriber is unavailable, messages can be lost. Option C (Amazon Kinesis Data Streams) is wrong because it is designed for real-time streaming of large volumes of data (e.g., log ingestion, clickstreams) and requires shard-level management, making it overly complex and costly for simple order buffering; it also does not guarantee exactly-once processing without additional logic. Option D (AWS Step Functions) is wrong because it is a serverless orchestration service for coordinating multiple AWS services into workflows, not a message buffer; it lacks the durable, decoupled queueing mechanism needed to absorb spikes in order volume.

30
MCQmedium

A company needs to run a data processing job that typically takes 2 hours to complete. The job is stateless and can be parallelized across multiple workers. The company wants to minimize operational overhead and only pay for the compute time consumed. The job runs only once a month. Which AWS compute service should the company use?

A.AWS Lambda
B.Amazon EC2 Spot Instances
C.AWS Fargate
D.AWS Batch
AnswerD

AWS Batch is purpose-built for batch computing. It automatically provisions the required compute resources (including Spot Instances) based on job requirements, manages job queues, retries, and dependencies. The company pays only for the underlying compute resources consumed. This combination of minimal operational overhead and pay-per-use pricing makes AWS Batch the best fit for this scenario.

Why this answer

AWS Batch is the correct choice because it is designed for running batch computing workloads that are stateless, parallelizable, and can run on a schedule. It automatically provisions and manages the underlying compute resources (EC2 or Fargate), scales to the required number of workers, and only charges for the compute time consumed. The 2-hour, once-a-month job fits perfectly within AWS Batch's capabilities, and it minimizes operational overhead by handling job queuing, retries, and dependency management.

Exam trap

The trap here is that candidates often choose AWS Lambda for any serverless or 'pay-per-use' scenario, forgetting its hard 15-minute timeout limit, or they pick Fargate thinking it handles batch jobs natively, when in fact AWS Batch is the dedicated service for batch computing with built-in scheduling and scaling.

How to eliminate wrong answers

Option A is wrong because AWS Lambda has a maximum execution timeout of 15 minutes, which is far less than the required 2-hour job duration. Option B is wrong because Amazon EC2 Spot Instances require manual provisioning, scaling, and management of instances, which increases operational overhead and does not natively handle job scheduling or parallelization. Option C is wrong because AWS Fargate is a serverless compute engine for containers, but it lacks native batch job scheduling, queue management, and automatic parallelization features that AWS Batch provides; you would need to build additional orchestration logic.

31
MCQeasy

Which Amazon EC2 instance family is optimized for memory-intensive workloads such as in-memory databases, real-time big data analytics, and high-performance computing?

A.Compute-optimized instances (C family)
B.Memory-optimized instances (R and X family)
C.Storage-optimized instances (I and D family)
D.Accelerated computing instances (P and G family)
AnswerB

Memory-optimized instances provide large amounts of RAM for workloads that need to process large datasets in memory — up to 24 TB of RAM for high-memory instances.

Why this answer

Memory-optimized instances (R and X families) are designed for workloads that require large amounts of RAM and high memory bandwidth, such as in-memory databases (e.g., Redis, Memcached), real-time big data analytics (e.g., Apache Spark), and high-performance computing (HPC) tasks. These instances offer a high memory-to-vCPU ratio and support for large instance sizes, enabling efficient processing of data sets that reside primarily in memory.

Exam trap

The trap here is that candidates often confuse 'high-performance computing' with compute-optimized instances, but in the context of memory-intensive HPC (e.g., large-scale simulations or in-memory analytics), the bottleneck is memory capacity and bandwidth, not CPU speed, making memory-optimized instances the correct choice.

How to eliminate wrong answers

Option A is wrong because compute-optimized instances (C family) are optimized for high compute power and are best suited for CPU-intensive workloads like batch processing, web servers, and gaming servers, not for memory-intensive tasks. Option C is wrong because storage-optimized instances (I and D families) are designed for workloads that require high, sequential read/write access to large data sets on local storage, such as data warehousing and log processing, not for memory-bound applications. Option D is wrong because accelerated computing instances (P and G families) are optimized for hardware acceleration using GPUs or FPGAs, targeting workloads like machine learning, graphics rendering, and scientific simulations, not general memory-intensive processing.

32
MCQeasy

Which AWS service provides a low-code platform for building mobile and web applications with built-in backend features including authentication, storage, and APIs?

A.AWS AppRunner
B.Amazon Honeycode
C.AWS Amplify
D.AWS Elastic Beanstalk
AnswerC

Amplify provides libraries, UI components, and pre-built backend categories (Auth, Storage, API, Analytics) for building full-stack web and mobile applications.

Why this answer

AWS Amplify is the correct answer because it is a dedicated low-code/frontend development platform that provides built-in backend features such as authentication (via Amazon Cognito), storage (via Amazon S3), and GraphQL/REST APIs (via AWS AppSync and API Gateway). It allows developers to quickly build mobile and web applications without managing infrastructure, directly matching the question's description.

Exam trap

The trap here is that candidates may confuse AWS Amplify with AWS AppRunner or Elastic Beanstalk because all three can deploy web applications, but only Amplify provides the low-code, integrated backend services (auth, storage, APIs) specifically for mobile and web frontend development.

How to eliminate wrong answers

Option A is wrong because AWS AppRunner is a fully managed container service for deploying containerized web applications and APIs, not a low-code platform with built-in authentication, storage, and API features. Option B is wrong because Amazon Honeycode is a no-code spreadsheet-like tool for building simple business applications, but it does not provide the mobile/web app development framework or the specific backend services (e.g., Cognito, AppSync) described. Option D is wrong because AWS Elastic Beanstalk is a PaaS service for deploying and scaling traditional web applications using common programming languages (Java, .NET, PHP, etc.), not a low-code platform with pre-built authentication and storage features.

33
Drag & Dropmedium

Drag and drop the steps to migrate an on-premises database to Amazon RDS using AWS DMS in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

DMS requires a replication instance, endpoints, connection testing, task creation, and then migration execution.

34
MCQeasy

Which type of Elastic Load Balancer routes HTTP/HTTPS traffic based on content such as URL path, hostname, and HTTP headers, enabling advanced request routing rules?

A.Network Load Balancer (NLB)
B.Application Load Balancer (ALB)
C.Gateway Load Balancer (GWLB)
D.Classic Load Balancer
AnswerB

ALB operates at Layer 7 and supports content-based routing rules for URLs, hostnames, headers, and methods — ideal for microservices and container-based architectures.

Why this answer

The Application Load Balancer (ALB) operates at Layer 7 of the OSI model and can route HTTP/HTTPS traffic based on request-level attributes such as URL path, hostname, HTTP headers, and query strings. This enables advanced routing rules like path-based routing (e.g., /api to one target group, /images to another) and host-based routing (e.g., app1.example.com vs app2.example.com). ALB also supports features like WebSocket, HTTP/2, and AWS WAF integration, making it the correct choice for content-based routing.

Exam trap

The trap here is that candidates often confuse the Network Load Balancer (NLB) with the Application Load Balancer (ALB) because both can handle HTTPS traffic, but NLB cannot inspect HTTP/HTTPS content for routing decisions—it only forwards TCP traffic, making ALB the only correct answer for content-based routing.

How to eliminate wrong answers

Option A is wrong because a Network Load Balancer (NLB) operates at Layer 4 (TCP/UDP) and routes traffic based solely on IP address and port, not on HTTP/HTTPS content like URL paths or headers. Option C is wrong because a Gateway Load Balancer (GWLB) operates at Layer 3 (network layer) and is designed for transparent network gateway appliances (e.g., firewalls, intrusion detection), not for HTTP/HTTPS content-based routing. Option D is wrong because the Classic Load Balancer (now legacy) operates at both Layer 4 and Layer 7 but lacks native support for advanced content-based routing rules like path or hostname patterns; it only supports simple HTTP/HTTPS forwarding without the rich rule engine of ALB.

35
MCQeasy

Which Amazon S3 storage class is most cost-effective for data that is accessed frequently?

A.S3 Standard-IA
B.S3 Glacier Instant Retrieval
C.S3 Standard
D.S3 One Zone-IA
AnswerC

S3 Standard has no retrieval fee and no minimum storage duration, making it the most cost-effective choice when data is accessed frequently.

Why this answer

S3 Standard is the most cost-effective storage class for frequently accessed data because it offers low latency and high throughput with no retrieval costs or minimum storage duration charges. For data accessed often, the per-GB storage cost of S3 Standard is lower than the combined storage plus retrieval costs of infrequent access classes like S3 Standard-IA or One Zone-IA.

Exam trap

The trap here is that candidates often confuse 'cost-effective' with 'lowest storage price per GB' and overlook retrieval fees and minimum storage duration charges, leading them to choose S3 Standard-IA or Glacier Instant Retrieval instead of S3 Standard for frequently accessed data.

How to eliminate wrong answers

Option A is wrong because S3 Standard-IA is designed for infrequently accessed data and incurs a per-GB retrieval fee, making it more expensive than S3 Standard for frequent access patterns. Option B is wrong because S3 Glacier Instant Retrieval is optimized for long-lived, rarely accessed data with a higher storage cost than S3 Standard and a minimum 90-day storage charge, making it cost-ineffective for frequent access. Option D is wrong because S3 One Zone-IA also has retrieval costs and a minimum 30-day storage charge, and it is intended for infrequently accessed data, not for frequent access scenarios.

36
MCQmedium

A company archives compliance records that must be retained for 7 years but will almost never be accessed. They need the absolute lowest storage cost with retrieval times of several hours being acceptable. Which S3 storage class should they use?

A.S3 Glacier Instant Retrieval
B.S3 Standard-IA
C.S3 Glacier Flexible Retrieval
D.S3 Glacier Deep Archive
AnswerD

Deep Archive is the lowest-cost S3 storage class with 12-48 hour retrieval times — perfect for long-term compliance archives that are rarely accessed.

Why this answer

S3 Glacier Deep Archive is designed for long-term retention of data that is accessed rarely, with retrieval times of 12 hours or more, making it the lowest-cost S3 storage class. For compliance records that must be retained for 7 years and almost never accessed, with acceptable retrieval times of several hours, this class provides the absolute minimum storage cost while meeting the retrieval time requirement.

Exam trap

The trap here is that candidates often confuse 'Glacier Flexible Retrieval' with the lowest-cost option, but the question explicitly states 'absolute lowest storage cost' and 'retrieval times of several hours being acceptable,' which points to Glacier Deep Archive as the correct choice due to its significantly lower storage price.

How to eliminate wrong answers

Option A is wrong because S3 Glacier Instant Retrieval is optimized for data accessed once per quarter with millisecond retrieval, not for rarely accessed archives, and costs more than Deep Archive. Option B is wrong because S3 Standard-IA is designed for infrequently accessed data requiring millisecond retrieval, not for archival data with multi-hour retrieval tolerance, and has higher storage costs. Option C is wrong because S3 Glacier Flexible Retrieval offers retrieval times from minutes to hours but has higher storage costs than Deep Archive, and is intended for data that may need occasional access rather than near-zero access over 7 years.

37
MCQmedium

A company is building a serverless order-processing application. The workflow consists of several steps that must run in a defined order: validate the order, check inventory, process payment, and then update the database. Some steps, such as shipping notification and invoice generation, can run in parallel after payment is confirmed. The company needs a managed service to orchestrate these steps, automatically handle retries if a step fails, and provide a visual representation of the workflow's execution state. Which AWS service should the company use?

A.AWS Step Functions
B.Amazon Simple Workflow Service (SWF)
C.Amazon MQ
D.AWS Glue
AnswerA

AWS Step Functions is a serverless orchestration service that allows you to define workflows as state machines. It can coordinate sequential and parallel steps, handle retries and errors, and provides a visual console to track execution. This directly matches the requirement to orchestrate the order-processing steps with defined order and parallel branches.

Why this answer

AWS Step Functions is the correct choice because it is a fully managed serverless orchestration service that allows you to define workflows as state machines, specifying sequential steps (validate, check inventory, process payment, update database) and parallel branches (shipping notification, invoice generation). It automatically handles retries on failures with configurable backoff rates and provides a visual execution console to track the state of each workflow instance in real time, meeting all the company's requirements.

Exam trap

The trap here is that candidates confuse Amazon SWF with Step Functions because both orchestrate workflows, but SWF requires custom deciders and workers for coordination, whereas Step Functions is fully managed and serverless, making it the correct choice for this use case.

How to eliminate wrong answers

Option B (Amazon Simple Workflow Service, SWF) is wrong because SWF is a legacy service designed for long-running, human-interactive workflows and requires you to manage workers and deciders manually, whereas the question specifies a need for a managed service that automatically handles retries and provides a visual representation of execution state without custom code. Option C (Amazon MQ) is wrong because Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ, used for asynchronous message passing between applications, not for orchestrating a defined sequence of steps with retries and visual workflow tracking.

38
MCQeasy

Which AWS service provides a fully managed workflow orchestration service that coordinates multiple AWS services into serverless workflows using visual state machines?

A.Amazon EventBridge
B.Amazon SQS
C.AWS Step Functions
D.AWS Batch
AnswerC

Step Functions orchestrates multi-step workflows as visual state machines, with built-in error handling, retry logic, parallel execution, and integration with 200+ AWS services.

Why this answer

AWS Step Functions is a fully managed orchestration service that allows you to coordinate multiple AWS services into serverless workflows using visual state machines. It enables you to define complex, multi-step processes as a series of states (tasks, choices, parallel branches) that execute in order, with built-in error handling and retry logic, making it the correct choice for workflow orchestration.

Exam trap

The trap here is that candidates often confuse Amazon EventBridge's event routing capabilities with workflow orchestration, but EventBridge lacks the sequential state machine logic and visual workflow designer that Step Functions provides.

How to eliminate wrong answers

Option A is wrong because Amazon EventBridge is a serverless event bus service used for routing events between AWS services and applications, not for orchestrating multi-step workflows with state machines. Option B is wrong because Amazon SQS is a fully managed message queuing service for decoupling application components, not a workflow orchestration tool with visual state machines. Option D is wrong because AWS Batch is a service for running batch computing jobs at scale, but it does not provide visual state machine-based orchestration; it focuses on job scheduling and execution, not coordinating multiple services in a workflow.

39
MCQeasy

Which AWS service provides a private, dedicated network connection between an organization's on-premises environment and AWS through a colocation facility or telecommunications partner?

A.AWS VPN CloudHub
B.AWS Direct Connect
C.Amazon CloudFront Private Content
D.AWS PrivateLink
AnswerB

Direct Connect provides private, dedicated 1/10/100 Gbps connections to AWS through partner locations, bypassing the public internet for consistent performance and lower data transfer costs.

Why this answer

AWS Direct Connect is the correct answer because it provides a private, dedicated network connection from an on-premises data center to AWS, bypassing the public internet. This connection is established through a colocation facility or a telecommunications partner using industry-standard 802.1Q VLANs, offering consistent latency and higher bandwidth than internet-based VPNs.

Exam trap

The trap here is confusing AWS Direct Connect with AWS VPN solutions (like VPN CloudHub) because both can connect on-premises networks, but only Direct Connect offers a private, dedicated physical link that avoids the public internet entirely.

How to eliminate wrong answers

Option A is wrong because AWS VPN CloudHub uses IPsec VPN tunnels over the public internet to connect multiple on-premises sites to AWS, not a private dedicated physical connection. Option C is wrong because Amazon CloudFront Private Content is a content delivery service that restricts access to cached objects using signed URLs or cookies, not a network connectivity solution. Option D is wrong because AWS PrivateLink provides private connectivity between VPCs and AWS services using Elastic Network Interfaces and VPC endpoints, but it does not extend to on-premises environments via a colocation facility.

40
MCQeasy

Which AWS storage type provides the lowest latency storage for a single EC2 instance, with data stored on NVMe SSDs physically attached to the host computer?

A.Amazon EBS (Elastic Block Store)
B.Amazon EFS (Elastic File System)
C.EC2 Instance Store
D.Amazon S3
AnswerC

Instance store provides physically attached NVMe SSDs with the lowest possible latency for EC2 storage — ideal for temporary data like buffers, caches, and scratch data. Data is lost when the instance stops.

Why this answer

EC2 Instance Store provides temporary block-level storage for an EC2 instance, with data stored on NVMe SSDs that are physically attached to the host computer. This direct attachment eliminates network latency, offering the lowest possible latency for a single EC2 instance compared to any network-attached storage option.

Exam trap

The trap here is that candidates often confuse Amazon EBS with local storage, but EBS is network-attached and cannot match the latency of physically attached NVMe SSDs, which is the key differentiator for this question.

How to eliminate wrong answers

Option A is wrong because Amazon EBS is network-attached block storage accessed over the AWS network, which introduces higher latency than locally attached NVMe SSDs. Option B is wrong because Amazon EFS is a network file system (NFS) that provides shared file storage across multiple instances, not low-latency block storage for a single instance. Option D is wrong because Amazon S3 is object storage accessed via HTTP/S endpoints, designed for durability and scalability, not for low-latency block-level access from a single EC2 instance.

41
MCQmedium

A media company stores video files in Amazon S3 and needs to transcode them into multiple formats for different devices. Which AWS service is purpose-built for this workflow?

A.Amazon Kinesis Video Streams
B.Amazon Elastic Transcoder
C.AWS Lambda
D.Amazon Rekognition
AnswerB

Elastic Transcoder transcodes media files in S3 into multiple output formats optimized for different playback devices, integrated natively with S3.

Why this answer

Amazon Elastic Transcoder is a purpose-built media transcoding service that converts video files stored in Amazon S3 into the formats required by various devices. It handles the complexities of transcoding, including format conversion, resolution scaling, and bitrate adjustment, without requiring you to manage underlying infrastructure.

Exam trap

The trap here is that candidates may confuse Amazon Kinesis Video Streams (which deals with video but is for streaming/ingestion) with a transcoding service, or think AWS Lambda can easily handle transcoding without recognizing the specialized, managed nature of Elastic Transcoder.

How to eliminate wrong answers

Option A is wrong because Amazon Kinesis Video Streams is designed for real-time video ingestion and analytics from devices, not for batch transcoding of stored video files. Option C is wrong because AWS Lambda is a serverless compute service for running code in response to events, not a dedicated transcoding service; while you could build a transcoding workflow with Lambda, it is not purpose-built for this task and would require significant custom code and dependencies. Option D is wrong because Amazon Rekognition is a computer vision service for image and video analysis (e.g., object detection, facial recognition), not for transcoding media into different formats.

42
MCQeasy

Which AWS compute service is best suited for running batch processing jobs that require specific compute resources and can run for hours or days without user interaction?

A.AWS Lambda
B.Amazon EC2 with manual provisioning
C.AWS Batch
D.Amazon ECS with Fargate
AnswerC

AWS Batch manages job queues, schedules jobs, provisions appropriate EC2 or Spot Instances, and terminates resources when done — ideal for long-running batch processing.

Why this answer

AWS Batch is purpose-built for running batch computing workloads that can run for extended durations without user interaction. It dynamically provisions the optimal quantity and type of compute resources (e.g., EC2 instances or Spot Instances) based on the volume and specific resource requirements of the submitted jobs, making it ideal for hours- or days-long batch processing.

Exam trap

The trap here is that candidates often confuse AWS Lambda's serverless model with batch processing, overlooking Lambda's hard 15-minute timeout and lack of support for long-running, resource-intensive workloads.

How to eliminate wrong answers

Option A is wrong because AWS Lambda has a maximum execution timeout of 15 minutes and is designed for short-lived, event-driven functions, not for batch jobs that run for hours or days. Option B is wrong because Amazon EC2 with manual provisioning requires you to manually manage instance lifecycle, scaling, and job scheduling, which is inefficient and error-prone for long-running batch workloads compared to a fully managed batch service. Option D is wrong because Amazon ECS with Fargate is a container orchestration service that abstracts server management but lacks native batch job scheduling, queue management, and dependency handling that AWS Batch provides out of the box.

43
MCQmedium

A company runs multiple workloads in separate Amazon VPCs within the same AWS Region. The networking team needs to enable connectivity between all VPCs using private IP addresses. Additionally, the team must connect all VPCs to the company's on-premises data center through a single AWS Site-to-Site VPN connection to minimize costs and simplify management. The solution must support transitive routing so that any VPC can communicate with any other VPC and with the on-premises network. Which AWS service should the networking team use to meet these requirements?

A.VPC Peering with a VPN attachment to a Virtual Private Gateway
B.AWS Transit Gateway with VPN attachments
C.AWS Direct Connect gateway with VPC associations
D.A Network Load Balancer with VPN endpoints
AnswerB

Correct. AWS Transit Gateway acts as a central hub, enabling transitive routing between all attached VPCs and VPN connections. By attaching a single Site-to-Site VPN to the Transit Gateway, all VPCs can communicate with each other and with the on-premises network using private IP addresses, simplifying management and reducing costs.

Why this answer

AWS Transit Gateway acts as a central hub that connects multiple VPCs and on-premises networks through a single VPN attachment, supporting transitive routing between all connected networks. This meets the requirements for private IP connectivity, cost minimization, and simplified management by avoiding the need for full-mesh VPC peering or multiple VPN connections.

Exam trap

The trap here is that candidates often confuse VPC Peering with transitive routing, assuming that multiple peering connections can forward traffic between VPCs, but AWS explicitly does not support transitive routing through VPC peering.

How to eliminate wrong answers

Option A is wrong because VPC Peering does not support transitive routing; each peering connection is a one-to-one relationship, and traffic cannot flow through an intermediate VPC to reach another VPC or the on-premises network. Option C is wrong because AWS Direct Connect gateway is designed for connecting Direct Connect virtual interfaces to VPCs, not for transitive routing between multiple VPCs, and it does not natively support Site-to-Site VPN attachments. Option D is wrong because a Network Load Balancer operates at Layer 4 for distributing traffic to targets, not as a routing hub for VPC-to-VPC or VPC-to-on-premises connectivity, and it cannot provide transitive routing or VPN termination.

44
MCQmedium

A company has a web application deployed on AWS in the us-west-2 Region. The application is accessed by users across the globe, including Europe, Asia, and South America. The company wants to improve the application's performance for international users by reducing latency and packet loss. The solution must route user traffic over the AWS global network to the closest edge location. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 (with latency-based routing)
D.AWS Direct Connect
AnswerB

AWS Global Accelerator is designed to improve the performance of global applications by directing user traffic over the AWS global network to the closest edge location. It uses anycast IP addresses and routes traffic to the optimal endpoint based on location, network conditions, and health. This reduces latency and packet loss for global users, making it the correct choice for the described requirements.

Why this answer

AWS Global Accelerator is the correct choice because it uses the AWS global network to route user traffic to the closest edge location via Anycast IP addresses, reducing latency and packet loss. It optimizes the path from users to the application by directing traffic to the nearest edge endpoint, then forwarding it over the AWS backbone to the application in us-west-2. This improves performance for international users without caching content, unlike a CDN.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's edge caching with Global Accelerator's network path optimization, assuming a CDN is always the best choice for reducing latency, but CloudFront does not improve the network path for non-cacheable traffic or dynamic API calls.

How to eliminate wrong answers

Option A (Amazon CloudFront) is wrong because it is a content delivery network (CDN) that caches static and dynamic content at edge locations, but the question focuses on reducing latency and packet loss for a web application that likely requires real-time, non-cacheable traffic; CloudFront does not optimize the network path for all TCP/UDP traffic like Global Accelerator does. Option C (Amazon Route 53 with latency-based routing) is wrong because it only resolves DNS queries to the endpoint with the lowest latency, but it does not route traffic over the AWS global network or provide a fixed entry point; it relies on client DNS resolvers and can be affected by DNS caching, leading to suboptimal paths. Option D (AWS Direct Connect) is wrong because it establishes a dedicated private connection from an on-premises data center to AWS, not for global user traffic; it does not route users to the closest edge location and is designed for hybrid cloud connectivity, not internet-facing application performance.

45
MCQmedium

A company runs a read-heavy web application on Amazon EC2 instances that queries an Amazon RDS database. As traffic grows, the database CPU utilization is consistently high, causing slow response times for users. The company wants to reduce the load on the database by caching frequently accessed query results. They need a fully managed, in-memory caching service that can be set up quickly and integrates with common programming languages. Which AWS service should they use?

A.Amazon DynamoDB Accelerator (DAX)
B.Amazon ElastiCache
C.Amazon CloudFront
D.Amazon S3 Transfer Acceleration
AnswerB

Amazon ElastiCache is a fully managed in-memory caching service that supports Redis and Memcached. It can be used to cache frequently accessed database query results, reducing the load on Amazon RDS and improving application response times.

Why this answer

Amazon ElastiCache is a fully managed, in-memory caching service that supports Redis and Memcached, both of which integrate with common programming languages via standard client libraries. It can be deployed quickly to cache frequently accessed database query results, offloading read traffic from the Amazon RDS instance and reducing CPU utilization.

Exam trap

The trap here is that candidates may confuse DAX (a DynamoDB-specific cache) with a general-purpose cache, or think CloudFront can cache database query results, when in fact ElastiCache is the correct service for caching RDS query outputs in a read-heavy application.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB Accelerator (DAX) is an in-memory cache specifically for Amazon DynamoDB tables, not for an Amazon RDS database. Option C is wrong because Amazon CloudFront is a content delivery network (CDN) that caches static and dynamic web content at edge locations, not a database query result cache, and it does not integrate directly with application code to cache RDS query outputs. Option D is wrong because Amazon S3 Transfer Acceleration speeds up uploads to S3 over long distances using optimized network paths and edge locations; it is not an in-memory caching service for database queries.

46
MCQmedium

A global e-commerce company stores product images and videos in an Amazon S3 bucket located in the us-west-2 Region. Customers worldwide report slow page load times. The company also wants to protect its website against common distributed denial-of-service (DDoS) attacks without incurring additional costs for a dedicated DDoS protection service. Which AWS service should the company use to meet both requirements?

A.Amazon S3 Transfer Acceleration
B.AWS Global Accelerator
C.Amazon CloudFront
D.AWS Shield Advanced
AnswerC

Amazon CloudFront caches content at edge locations globally, significantly reducing latency for users. It also includes AWS Shield Standard, which automatically protects against common DDoS attacks. This combination meets both the performance and security requirements without additional charges.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations worldwide, reducing latency for global users. It also includes AWS Shield Standard at no additional cost, which provides always-on protection against common DDoS attacks (e.g., SYN floods, UDP reflection). This combination directly addresses both the slow page load times and the need for cost-effective DDoS protection.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator with a CDN, but Global Accelerator does not cache content—it only optimizes network routing, so it cannot reduce latency for repeated requests to static assets like images and videos.

How to eliminate wrong answers

Option A is wrong because Amazon S3 Transfer Acceleration only speeds up uploads to S3 by using edge locations for TCP optimization, but it does not cache content or provide any DDoS protection. Option B is wrong because AWS Global Accelerator improves performance by routing traffic over the AWS global network and provides some DDoS protection via Shield Standard, but it does not cache content at edge locations, so it cannot reduce latency for static assets like images and videos as effectively as a CDN. Option D is wrong because AWS Shield Advanced is a paid service ($3,000/month plus data transfer costs) that provides enhanced DDoS protection, but the question explicitly states 'without incurring additional costs for a dedicated DDoS protection service,' making it ineligible.

47
MCQmedium

A company's application needs to process streaming data from IoT sensors in real time and store processed results in S3. Which AWS service is designed for ingesting and processing real-time streaming data?

A.Amazon SQS
B.Amazon Kinesis Data Streams
C.AWS Batch
D.Amazon EMR
AnswerB

Kinesis Data Streams is designed for real-time ingestion of large volumes of streaming data, supporting real-time analytics, dashboards, and continuous processing from IoT and other sources.

Why this answer

Amazon Kinesis Data Streams is purpose-built for ingesting and processing real-time streaming data at scale. It can continuously capture gigabytes of data per second from hundreds of thousands of sources, such as IoT sensors, and integrate with downstream consumers like AWS Lambda or Kinesis Data Analytics for real-time processing before storing results in Amazon S3.

Exam trap

The trap here is that candidates often confuse Amazon SQS (a message queue) with a streaming service, but SQS does not support real-time ordered processing or high-throughput data ingestion from continuous streams like IoT sensors.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a message queue service designed for decoupling application components and asynchronous message delivery, not for real-time streaming data ingestion or ordered processing of continuous data streams. Option C is wrong because AWS Batch is a batch computing service for running large-scale batch jobs, not for real-time stream processing or continuous data ingestion. Option D is wrong because Amazon EMR is a big data platform for processing large datasets using frameworks like Apache Spark and Hadoop, typically in batch or near-real-time modes, but it is not a dedicated service for ingesting and processing real-time streaming data directly.

48
MCQmedium

A data analyst needs to run SQL queries directly against log files stored in Amazon S3 without loading the data into a database and without provisioning any servers. Which AWS service enables this?

A.Amazon RDS
B.Amazon Redshift
C.Amazon Athena
D.Amazon DynamoDB
AnswerC

Athena is a serverless service that queries data directly in S3 using standard SQL. No database loading or server provisioning is required — the analyst defines a schema over the S3 data and runs SQL immediately.

Why this answer

Amazon Athena is a serverless interactive query service that allows you to analyze data directly in Amazon S3 using standard SQL. It requires no infrastructure to manage and charges only for the data scanned per query, making it ideal for ad-hoc analysis of log files without loading data into a database.

Exam trap

The trap here is that candidates often confuse Amazon Athena with Amazon Redshift Spectrum, but the question explicitly states 'without provisioning any servers,' which eliminates Redshift because it requires a provisioned cluster even when using Spectrum.

How to eliminate wrong answers

Option A is wrong because Amazon RDS is a managed relational database service that requires provisioning database instances and loading data into them, not querying data directly from S3. Option B is wrong because Amazon Redshift is a petabyte-scale data warehouse that requires provisioning a cluster and loading data into it, and it does not natively support querying data directly from S3 without using features like Redshift Spectrum, which still requires a provisioned cluster. Option D is wrong because Amazon DynamoDB is a NoSQL key-value and document database that requires loading data into tables and does not support SQL queries against files in S3.

49
MCQmedium

A company wants to centralize backup management across multiple AWS services (EC2, RDS, EFS, DynamoDB) from a single place. Which AWS service provides centralized backup management with policy-based scheduling?

A.Amazon S3 Lifecycle policies
B.AWS Backup
C.AWS DataSync
D.Amazon EBS Snapshots
AnswerB

AWS Backup provides centralized backup management with policy-based scheduling, cross-account and cross-region backup, and compliance reporting across multiple AWS services.

Why this answer

AWS Backup is the correct service because it provides a fully managed, centralized backup solution that supports multiple AWS services including EC2, RDS, EFS, and DynamoDB. It allows you to define backup policies with schedule-based automation, retention rules, and lifecycle management from a single console, eliminating the need for custom scripts or per-service manual snapshots.

Exam trap

The trap here is that candidates often confuse AWS Backup with individual snapshot services (like EBS Snapshots) or data transfer tools (like DataSync), failing to recognize that AWS Backup is the only service that provides centralized, policy-based backup management across multiple AWS services.

How to eliminate wrong answers

Option A is wrong because Amazon S3 Lifecycle policies are used to manage object lifecycle transitions (e.g., moving data to S3 Glacier or deleting objects) and do not provide backup scheduling or support for EC2, RDS, EFS, or DynamoDB. Option C is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS (or between AWS services), not a backup management or policy-based scheduling tool. Option D is wrong because Amazon EBS Snapshots are a point-in-time backup mechanism for EBS volumes only, and they lack centralized policy-based scheduling across multiple AWS services like RDS, EFS, or DynamoDB.

50
MCQeasy

A solutions architect needs to isolate an application in its own virtual network within AWS, with full control over IP address ranges, subnet definitions, route tables, and internet gateway configuration. Which AWS service provides this capability?

A.Amazon Route 53
B.Amazon CloudFront
C.AWS Direct Connect
D.Amazon VPC
AnswerD

Amazon VPC is the AWS networking service that provides a logically isolated virtual network. Customers define IP CIDR blocks, create public and private subnets, configure route tables, and attach internet gateways to control traffic flow.

Why this answer

Amazon VPC (Virtual Private Cloud) enables you to provision a logically isolated section of the AWS cloud where you can define your own IP address range (using CIDR notation, e.g., 10.0.0.0/16), create subnets, configure route tables, and attach an Internet Gateway for public internet access. This gives you full control over the virtual networking environment, exactly matching the requirement.

Exam trap

The trap here is that candidates often confuse AWS Direct Connect (a physical or virtual private network connection) with the ability to create and control a virtual network, when Direct Connect merely extends an existing VPC and does not provide the foundational network isolation and control that VPC does.

How to eliminate wrong answers

Option A is wrong because Amazon Route 53 is a DNS (Domain Name System) web service that translates domain names to IP addresses, not a service for creating isolated virtual networks. Option B is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and delivers content at edge locations, not a service for managing IP ranges, subnets, or route tables. Option C is wrong because AWS Direct Connect is a dedicated network connection from on-premises to AWS, which operates over an existing VPC or VPN, but it does not itself provide the capability to define IP ranges, subnets, or route tables.

51
MCQmedium

A company's development team has written a Python web application using the Flask framework. The team wants to deploy the application to the AWS Cloud without managing the underlying servers, operating system, or web server software. They want AWS to automatically handle the deployment, from provisioning EC2 instances to configuring the web server and load balancer, and to scale the application based on traffic. They also want the ability to upload new code versions directly from their Git repository. Which AWS service should the team use?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.Amazon EC2 Auto Scaling
D.AWS CodeDeploy
AnswerA

AWS Elastic Beanstalk is correct because it is a PaaS service that automatically provisions the underlying infrastructure (EC2 instances, load balancer, scaling policies), deploys the application, manages the web server, and supports Git-based deployment workflows.

Why this answer

AWS Elastic Beanstalk is the correct choice because it is a Platform as a Service (PaaS) offering that automatically handles the deployment, capacity provisioning, load balancing, and auto-scaling of web applications. The team can upload code directly from a Git repository using the EB CLI or integrated CodePipeline, and Elastic Beanstalk manages the underlying EC2 instances, operating system, and web server (e.g., Apache or Nginx) without requiring manual intervention.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with AWS CloudFormation, assuming both are 'automation' services, but CloudFormation requires explicit resource definitions and does not automatically configure the web server or deploy application code.

How to eliminate wrong answers

Option B (AWS CloudFormation) is wrong because it is an Infrastructure as Code (IaC) service that requires the team to manually define and manage all AWS resources (EC2, load balancer, scaling policies) in templates, which contradicts the requirement of not managing underlying servers or software. Option C (Amazon EC2 Auto Scaling) is wrong because it only handles the scaling of EC2 instances based on demand but does not provision the instances, configure the web server, deploy the application code, or set up a load balancer automatically. Option D (AWS CodeDeploy) is wrong because it is a deployment service that automates code deployment to existing compute instances (EC2, on-premises) but does not provision infrastructure, configure the web server, or manage load balancing and scaling.

52
MCQmedium

A company is migrating its legacy Java web application to AWS. The application consists of a stateless web tier that receives HTTP traffic. The company wants to minimize operational overhead. The development team wants to simply upload a WAR file and have AWS automatically handle the deployment, capacity provisioning, load balancing, and auto-scaling based on traffic. The team does not want to manage the underlying EC2 instances or configure the load balancer manually. Which AWS service should the company use?

A.Amazon EC2 Auto Scaling
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.Amazon Lightsail
AnswerB

AWS Elastic Beanstalk is a fully managed service that automatically handles the deployment, capacity provisioning, load balancing, and auto-scaling of applications. Simply upload your WAR file and Elastic Beanstalk manages the underlying infrastructure, making it the ideal choice for this scenario.

Why this answer

AWS Elastic Beanstalk is the correct choice because it provides a Platform as a Service (PaaS) offering that automatically handles deployment, capacity provisioning, load balancing, and auto-scaling for Java web applications. The team can simply upload a WAR file, and Elastic Beanstalk manages the underlying EC2 instances and Application Load Balancer (ALB) without requiring manual configuration. This directly meets the requirement to minimize operational overhead while supporting stateless web tiers.

Exam trap

The trap here is that candidates often confuse EC2 Auto Scaling (Option A) as a complete solution for deployment and load balancing, but it only handles scaling and requires separate manual setup for the load balancer and application deployment, which does not satisfy the 'simply upload a WAR file' requirement.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling only manages the scaling of EC2 instances based on policies, but it does not handle deployment of the WAR file, load balancer configuration, or application lifecycle management, requiring the team to manually set up and manage those components. Option C is wrong because AWS OpsWorks is a configuration management service based on Chef and Puppet that requires the team to define cookbooks or recipes and manage the underlying infrastructure, which contradicts the goal of minimizing operational overhead and avoiding manual EC2 management. Option D is wrong because Amazon Lightsail is a simplified virtual private server (VPS) service that offers pre-configured instances but does not provide automated deployment, load balancing, or auto-scaling out of the box; it requires manual setup for scaling and load balancing, and it does not natively support WAR file deployment.

53
MCQmedium

A company runs a globally distributed web application on Amazon EC2 instances behind Network Load Balancers in two AWS Regions: us-east-1 and eu-west-1. Users around the world access the application over the internet. The company wants to improve latency for all users by directing each user to the nearest healthy application endpoint. Additionally, the company requires two static IP addresses that clients can use for firewall whitelisting and that do not change even if the underlying infrastructure changes. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 latency-based routing
D.AWS Direct Connect
AnswerB

AWS Global Accelerator improves application performance by directing user traffic to the nearest healthy endpoint using the AWS global network. It provides two static anycast IP addresses that act as a fixed entry point, so clients can whitelist these IPs without worrying about changes. It supports TCP and UDP traffic and can route to endpoints in multiple Regions, making it an ideal choice for this use case.

Why this answer

AWS Global Accelerator is the correct choice because it provides two static anycast IP addresses that serve as fixed entry points, and it directs user traffic to the nearest healthy application endpoint via the AWS global network, reducing latency. Unlike CloudFront, it does not cache content but optimizes TCP/UDP traffic, making it ideal for non-HTTP or dynamic applications behind Network Load Balancers.

Exam trap

The trap here is that candidates often confuse latency-based routing (DNS) with Global Accelerator, not realizing that DNS caching can prevent immediate failover and that Global Accelerator provides fixed anycast IPs, not just DNS resolution.

How to eliminate wrong answers

Option A (Amazon CloudFront) is wrong because it is a content delivery network (CDN) that caches static and dynamic content at edge locations, but it does not provide static IP addresses for firewall whitelisting; its IP addresses can change and are not fixed. Option C (Amazon Route 53 latency-based routing) is wrong because it is a DNS-based routing policy that resolves to the IP addresses of the load balancers, but DNS responses can be cached by clients and ISPs, causing stale routing and no guarantee of static IP addresses for whitelisting. Option D (AWS Direct Connect) is wrong because it is a dedicated network connection from on-premises to AWS, not a service for directing internet users to the nearest endpoint or providing static anycast IP addresses.

54
MCQeasy

A company wants to automatically detect and label objects in photos uploaded by users — such as identifying if a photo contains a person, a car, or an outdoor scene — without building their own machine learning model. Which AWS service provides this pre-built computer vision capability?

A.Amazon SageMaker
B.Amazon Comprehend
C.Amazon Rekognition
D.Amazon Polly
AnswerC

Rekognition provides pre-trained computer vision via an API. It detects objects, scenes, people, text, and faces in images and video without requiring any ML model training.

Why this answer

Amazon Rekognition is the correct choice because it is a fully managed, pre-trained computer vision service that can automatically detect and label objects, scenes, and faces in images without requiring any custom machine learning model development. It provides APIs for image analysis, including object and scene detection, which directly matches the requirement to identify if a photo contains a person, car, or outdoor scene.

Exam trap

The trap here is that candidates often confuse Amazon Rekognition with Amazon SageMaker, assuming SageMaker is the go-to for all AI/ML tasks, but SageMaker requires custom model building, whereas Rekognition provides pre-built computer vision capabilities out of the box.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a machine learning platform for building, training, and deploying custom models, not a pre-built computer vision service; it would require the company to develop their own model. Option B is wrong because Amazon Comprehend is a natural language processing (NLP) service for analyzing text, not images, so it cannot detect objects in photos. Option D is wrong because Amazon Polly is a text-to-speech service that converts text into lifelike speech, and it has no capability for image analysis or object detection.

55
MCQmedium

A media processing company runs multiple Amazon EC2 instances in different Availability Zones. All instances need to read and write to a shared file system simultaneously. The file system must be fully managed, automatically replicated across multiple Availability Zones for durability, and accessible by all instances using standard file access protocols. The company does not want to provision or manage any file servers. Which AWS service should the company use to meet these requirements?

A.Amazon S3
B.Amazon EBS Multi-Attach
C.Amazon EFS
D.Amazon FSx for Windows File Server
AnswerC

Correct. Amazon EFS provides a fully managed, elastic NFS file system that can be mounted on multiple EC2 instances across different Availability Zones simultaneously. It automatically replicates data across zones within a region for durability and is ideal for shared file storage.

Why this answer

Amazon EFS (Elastic File System) is a fully managed, scalable NFS file system that can be mounted concurrently by multiple EC2 instances across different Availability Zones. It automatically replicates data across multiple AZs for durability and uses standard NFSv4.1 and NFSv4.0 protocols, meeting all requirements without any server provisioning or management.

Exam trap

The trap here is that candidates often confuse Amazon EBS Multi-Attach (Option B) as a solution for shared storage across AZs, but it is strictly limited to a single AZ and requires Nitro-based instances, making it unsuitable for multi-AZ access.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service, not a file system; it does not support standard file access protocols like NFS or SMB and cannot be mounted as a shared file system by EC2 instances simultaneously. Option B is wrong because Amazon EBS Multi-Attach only allows a single EBS volume to be attached to up to 16 Nitro-based EC2 instances in the same Availability Zone, not across multiple AZs, and it requires manual management of the volume. Option D is wrong because Amazon FSx for Windows File Server is a fully managed Windows file server that uses SMB protocol, but it is not automatically replicated across multiple Availability Zones for durability by default; it requires a Multi-AZ deployment configuration, and the question specifies the company does not want to provision or manage any file servers, which FSx still involves some server management overhead.

56
MCQmedium

Which AWS service provides quantum computing hardware as a cloud service, enabling researchers to run algorithms on actual quantum processors?

A.AWS Inferentia
B.Amazon Braket
C.AWS Wavelength
D.Amazon EC2 High Performance Computing
AnswerB

Amazon Braket provides access to quantum computing hardware (from multiple quantum computing providers) and simulators through a managed cloud service for quantum algorithm research.

Why this answer

Amazon Braket is the correct answer because it is a fully managed AWS service that provides access to quantum computing hardware from multiple providers, including IonQ, Rigetti, and D-Wave, in a single environment. It allows researchers to design, test, and run quantum algorithms on actual quantum processors without managing the underlying infrastructure, making it the only option that directly offers quantum computing as a cloud service.

Exam trap

The trap here is that candidates often confuse 'quantum computing' with 'high-performance computing' (HPC) and select Amazon EC2 HPC, not realizing that quantum processors require specialized hardware and a dedicated service like Braket, not traditional CPU/GPU clusters.

How to eliminate wrong answers

Option A is wrong because AWS Inferentia is a custom machine learning inference chip designed to accelerate deep learning models, not quantum computing hardware. Option C is wrong because AWS Wavelength is a service that embeds AWS compute and storage at the edge of 5G networks for ultra-low-latency applications, not quantum processing. Option D is wrong because Amazon EC2 High Performance Computing (HPC) provides traditional CPU/GPU-based compute clusters for parallel workloads, but it does not offer access to quantum processors or quantum algorithms.

57
MCQmedium

A company wants to implement a serverless web application with no server management. They need a database that scales automatically without managing cluster capacity. Which combination best supports this?

A.Amazon EC2 + RDS MySQL
B.AWS Lambda + API Gateway + Amazon DynamoDB on-demand
C.AWS Fargate + Amazon Aurora Serverless
D.Amazon EC2 + DynamoDB on-demand
AnswerB

Lambda handles compute serverlessly, API Gateway provides HTTP routing, and DynamoDB on-demand mode scales automatically with zero capacity management — a fully serverless stack.

Why this answer

AWS Lambda + API Gateway + Amazon DynamoDB on-demand provides a fully serverless architecture where Lambda handles compute without server management, API Gateway serves as the HTTP endpoint, and DynamoDB on-demand scales automatically based on traffic without requiring capacity planning or cluster management. This combination meets the requirement for zero server management and automatic scaling of the database.

Exam trap

The trap here is that candidates often confuse 'serverless' with 'managed services'—for example, assuming Amazon RDS or Aurora Serverless are fully serverless when they still require some capacity management or have scaling limitations, whereas DynamoDB on-demand truly eliminates all capacity planning.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 requires manual server management (patching, scaling, OS maintenance) and RDS MySQL, while managed, still requires managing instance sizes and read replicas, not fully serverless. Option C is wrong because AWS Fargate, though serverless for containers, still requires managing container images, task definitions, and Amazon Aurora Serverless, while scaling compute, still involves managing database storage and has a warm-up time for scaling, not fully automatic like DynamoDB on-demand. Option D is wrong because Amazon EC2 requires server management, and while DynamoDB on-demand scales automatically, the compute layer is not serverless, violating the 'no server management' requirement.

58
MCQeasy

Which AWS service provides a simple way to deploy, manage, and scale containerized applications without requiring Kubernetes or deep container expertise?

A.Amazon ECS
B.Amazon EKS
C.AWS App Runner
D.AWS Lambda
AnswerC

App Runner provides the simplest path to deploying containerized web apps — just provide the image or source code and App Runner handles everything else automatically.

Why this answer

AWS App Runner is the correct answer because it provides a fully managed service that automatically builds, deploys, and scales containerized web applications and APIs from source code or a container image, without requiring any knowledge of Kubernetes or container orchestration. It abstracts away the underlying infrastructure, making it ideal for developers who want to deploy containers quickly without managing clusters or control planes.

Exam trap

The trap here is that candidates often confuse Amazon ECS with a 'simple' container service, but the question explicitly requires 'without requiring Kubernetes or deep container expertise,' and ECS still requires understanding of container orchestration concepts, whereas App Runner is the only option that completely abstracts that complexity.

How to eliminate wrong answers

Option A is wrong because Amazon ECS (Elastic Container Service) requires users to manage or configure a cluster of EC2 instances or use AWS Fargate, and while it simplifies container orchestration, it still demands understanding of task definitions, services, and cluster management, not a 'simple way' that avoids container expertise. Option B is wrong because Amazon EKS (Elastic Kubernetes Service) is a managed Kubernetes service that explicitly requires knowledge of Kubernetes concepts such as pods, deployments, and services, which contradicts the 'without requiring Kubernetes' requirement. Option D is wrong because AWS Lambda is a serverless compute service for running code in response to events, not for deploying and managing containerized applications; while it supports container images, it is designed for short-lived, stateless functions, not long-running containerized applications.

59
MCQmedium

Which AWS service enables developers to add user sign-up, sign-in, and access control to web and mobile applications quickly?

A.AWS Directory Service
B.AWS IAM Identity Center
C.Amazon Cognito
D.AWS IAM
AnswerC

Cognito provides user pools for web/mobile app authentication with built-in UI, social login, MFA, and SAML federation.

Why this answer

Amazon Cognito is the correct AWS service for adding user sign-up, sign-in, and access control to web and mobile applications. It provides identity pools and user pools that handle authentication, authorization, and user management, including social identity providers (e.g., Google, Facebook) and enterprise federation via SAML 2.0 or OIDC. This allows developers to quickly integrate these features without building custom backend infrastructure.

Exam trap

The trap here is confusing AWS IAM (which manages internal AWS users and permissions) with Amazon Cognito (which manages external application users), leading candidates to pick IAM for customer-facing authentication.

How to eliminate wrong answers

Option A is wrong because AWS Directory Service is designed for managing Microsoft Active Directory in the cloud or connecting on-premises directories to AWS, not for providing user sign-up/sign-in for web/mobile apps. Option B is wrong because AWS IAM Identity Center (formerly AWS SSO) centralizes access management for multiple AWS accounts and business applications, but it is not optimized for adding customer-facing sign-up/sign-in to custom applications. Option D is wrong because AWS IAM is used for managing permissions for AWS resources and users within an AWS account, not for handling external user authentication or sign-up flows for web/mobile applications.

60
MCQmedium

A healthcare company needs to extract structured medical data from clinical notes and medical documents. Which AWS service provides ML-powered extraction of medical information from unstructured text?

A.Amazon Textract
B.Amazon Comprehend
C.Amazon Comprehend Medical
D.Amazon Rekognition
AnswerC

Comprehend Medical uses pre-trained models for medical text understanding, extracting medications, conditions, dosages, and PHI from clinical notes and medical documents.

Why this answer

Amazon Comprehend Medical is specifically designed to extract structured medical information such as diagnoses, medications, and test results from unstructured clinical text using natural language processing (NLP) and machine learning. It is the only AWS service purpose-built for healthcare use cases like parsing clinical notes and medical documents.

Exam trap

The trap here is that candidates confuse Amazon Comprehend (general NLP) with Amazon Comprehend Medical (healthcare-specific), assuming the general service can handle medical text without the specialized medical ontology and compliance features.

How to eliminate wrong answers

Option A is wrong because Amazon Textract is an OCR service that extracts text, tables, and forms from scanned documents, but it does not perform medical-specific NLP or understand clinical concepts. Option B is wrong because Amazon Comprehend is a general-purpose NLP service for sentiment, entities, and key phrases, but it lacks the medical ontology and HIPAA-eligible compliance required for healthcare data extraction. Option D is wrong because Amazon Rekognition is a computer vision service for image and video analysis, such as face detection and object recognition, and cannot process unstructured text or medical information.

61
MCQmedium

A company runs a global gaming application on Amazon EC2 instances behind an Application Load Balancer in the us-east-1 Region. Players in Europe and Asia report high latency and intermittent connection drops. The company wants to improve the application's performance for global users by routing traffic over the AWS global network. The company also needs two static IP addresses that users can whitelist in their firewalls for consistent access, and the solution must provide health checks to automatically route traffic away from unhealthy endpoints. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.AWS WAF
D.Amazon Route 53
AnswerB

AWS Global Accelerator uses the AWS global network to route traffic from users to the closest healthy endpoint. It provides two static anycast IP addresses that serve as fixed entry points, which can be whitelisted in firewalls. It also performs health checks and automatically reroutes traffic away from unhealthy endpoints, making it ideal for global performance improvement and reliable access.

Why this answer

AWS Global Accelerator is correct because it uses the AWS global network to route traffic from users to the application, reducing latency and jitter by avoiding the public internet. It provides two static anycast IP addresses that remain consistent for firewall whitelisting, and it integrates with health checks to automatically reroute traffic away from unhealthy EC2 endpoints behind the Application Load Balancer.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's edge caching with Global Accelerator's network path optimization, assuming CloudFront can provide static IPs and accelerate any TCP/UDP traffic, but CloudFront only accelerates HTTP/HTTPS and does not offer static IP addresses for whitelisting.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations, but it does not provide static IP addresses for whitelisting and is not designed to optimize TCP/UDP traffic for dynamic applications like gaming; it primarily accelerates HTTP/HTTPS content delivery. Option C is wrong because AWS WAF is a web application firewall that filters HTTP/HTTPS requests based on rules, but it does not provide global traffic acceleration, static IP addresses, or health-check-based routing. Option D is wrong because Amazon Route 53 is a DNS service that resolves domain names to IP addresses and can perform health checks, but it does not provide static anycast IP addresses for whitelisting and does not optimize traffic routing over the AWS global network; DNS-based routing can be affected by client-side caching and does not offer the same low-latency path optimization as Global Accelerator.

62
MCQmedium

A company processes millions of customer records and needs to query data in Amazon S3 without loading it into a database. The data is stored in Parquet format. Which AWS service enables this with no infrastructure to manage?

A.Amazon Redshift Spectrum
B.Amazon Athena
C.Amazon EMR
D.AWS Glue ETL
AnswerB

Athena queries S3 data directly using SQL with no infrastructure management — Parquet's columnar format minimizes data scanned and query cost, making it ideal for Athena.

Why this answer

Amazon Athena is a serverless interactive query service that allows you to analyze data directly in Amazon S3 using standard SQL, with no infrastructure to manage. It natively supports Parquet format, which is columnar and optimized for efficient querying, making it ideal for querying millions of customer records without loading them into a database.

Exam trap

The trap here is that candidates often confuse Amazon Redshift Spectrum (which also queries S3) with a serverless service, but it still requires a managed Redshift cluster, whereas Athena is truly serverless with zero infrastructure management.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift Spectrum is a feature of Amazon Redshift that queries data in S3, but it requires an active Redshift cluster (provisioned infrastructure) to manage, not serverless. Option C is wrong because Amazon EMR requires you to provision and manage EC2 instances and clusters, even if transient, which contradicts the 'no infrastructure to manage' requirement. Option D is wrong because AWS Glue ETL is primarily a data transformation and cataloging service, not an interactive query engine; it runs extract-transform-load jobs on provisioned resources, not ad-hoc SQL queries without infrastructure.

63
MCQeasy

A company wants to run code that automatically resizes images whenever a new image is uploaded to an Amazon S3 bucket. The code runs for less than 60 seconds per image. The company wants to pay only for the compute time used and does not want to provision or manage any servers. Which AWS service best meets these requirements?

A.Amazon EC2
B.AWS Elastic Beanstalk
C.AWS Lambda
D.Amazon ECS
AnswerC

Lambda is the ideal solution for event-driven, short-lived tasks like image processing. It is triggered by S3 events, runs the code, and charges only for execution time in millisecond increments. No servers to manage.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to events, such as an S3 object creation event, and automatically scales. It charges only for the compute time consumed (rounded to the nearest 1 ms) and requires no server provisioning or management. The 60-second execution limit per invocation is well within the 15-minute maximum duration of Lambda, making it ideal for short-lived image resizing tasks.

Exam trap

The trap here is that candidates may choose AWS Elastic Beanstalk because it automates deployment and scaling, but they overlook that it still runs on EC2 instances that incur costs continuously, not per execution, and does not provide the event-driven, pay-per-use billing model required by the question.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 requires provisioning, managing, and paying for virtual servers even when idle, which violates the requirement to pay only for compute time used and to avoid server management. Option B is wrong because AWS Elastic Beanstalk abstracts server management but still runs on provisioned EC2 instances that incur costs continuously, not just per execution, and does not provide the event-driven, pay-per-use model needed. Option D is wrong because Amazon ECS (Elastic Container Service) requires managing a cluster of EC2 instances or using AWS Fargate, which, while serverless, is designed for containerized workloads and typically incurs costs for running containers continuously, not for sub-60-second event-driven tasks; it also adds unnecessary complexity compared to Lambda.

64
MCQmedium

Which AWS service provides a fully managed message broker supporting ActiveMQ and RabbitMQ protocols for migrating on-premises messaging systems to the cloud?

A.Amazon SQS
B.Amazon SNS
C.Amazon MQ
D.Amazon Kinesis Data Streams
AnswerC

Amazon MQ provides managed ActiveMQ and RabbitMQ brokers that support standard messaging protocols, enabling lift-and-shift of existing on-premises messaging systems.

Why this answer

Amazon MQ is a fully managed message broker service that supports industry-standard protocols like AMQP (ActiveMQ) and MQTT/STOMP (RabbitMQ), making it ideal for migrating on-premises messaging systems without rewriting code. Unlike Amazon SQS or SNS, which are proprietary AWS services, Amazon MQ provides compatibility with existing ActiveMQ and RabbitMQ-based applications, enabling a seamless lift-and-shift migration to the cloud.

Exam trap

The trap here is that candidates confuse Amazon MQ with Amazon SQS or SNS because all three are messaging services, but only Amazon MQ supports the specific ActiveMQ and RabbitMQ protocols needed for migrating existing on-premises brokers without code changes.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a fully managed queue service that uses a proprietary API and does not support ActiveMQ or RabbitMQ protocols; it is designed for decoupling microservices, not for migrating existing message brokers. Option B is wrong because Amazon SNS is a pub/sub notification service that uses HTTP/S, email, or SMS endpoints, not the AMQP or MQTT protocols required for ActiveMQ/RabbitMQ compatibility. Option D is wrong because Amazon Kinesis Data Streams is a real-time data streaming service for ingesting large volumes of data, not a message broker that supports ActiveMQ or RabbitMQ protocols.

65
MCQeasy

Which AWS service provides a managed Kubernetes service that removes the overhead of installing, operating, and maintaining a Kubernetes control plane?

A.Amazon ECS
B.Amazon EKS
C.AWS Fargate
D.AWS App Mesh
AnswerB

EKS provides managed Kubernetes clusters where AWS fully manages the control plane, enabling customers to run Kubernetes workloads without control plane operational overhead.

Why this answer

Amazon EKS (Elastic Kubernetes Service) is the correct answer because it is a managed Kubernetes service that handles the provisioning, scaling, and maintenance of the Kubernetes control plane (including the API server, etcd, and controller manager). This removes the operational overhead of installing and operating the control plane yourself, allowing you to focus on deploying and managing containerized applications.

Exam trap

The trap here is that candidates often confuse Amazon ECS (a proprietary AWS container service) with Amazon EKS (a managed Kubernetes service), or mistakenly think AWS Fargate is a standalone Kubernetes service rather than a compute engine that can be used with EKS.

How to eliminate wrong answers

Option A is wrong because Amazon ECS is a container orchestration service that uses its own proprietary control plane and task definitions, not Kubernetes. Option C is wrong because AWS Fargate is a serverless compute engine for containers that can run tasks for both ECS and EKS, but it does not provide a managed Kubernetes control plane itself. Option D is wrong because AWS App Mesh is a service mesh that provides application-level networking (using Envoy proxies) for microservices, not a container orchestration or Kubernetes management service.

66
MCQeasy

Which AWS service provides a domain name system (DNS) that routes end-user requests to AWS infrastructure and external resources?

A.AWS Global Accelerator
B.Amazon CloudFront
C.Amazon Route 53
D.Elastic Load Balancing
AnswerC

Route 53 is AWS's managed DNS service, handling domain registration, DNS resolution, and intelligent routing with health checks.

Why this answer

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to route end-user requests to AWS infrastructure (such as EC2 instances, ELBs, and S3 buckets) and to external resources by translating human-readable domain names into IP addresses. This directly matches the question's requirement for a DNS-based routing service.

Exam trap

The trap here is confusing a content delivery network (CloudFront) or a traffic accelerator (Global Accelerator) with a DNS service, since both can improve performance and route traffic, but only Route 53 provides actual domain name resolution and DNS record management.

How to eliminate wrong answers

Option A is wrong because AWS Global Accelerator uses the AWS global network and Anycast IPs to improve performance and reliability for TCP/UDP traffic, but it does not provide DNS resolution or domain name management; it operates at the network layer (Layer 3/4). Option B is wrong because Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations for faster delivery, but it does not function as a DNS service; it uses DNS only to resolve its own distribution domain names. Option D is wrong because Elastic Load Balancing (ELB) distributes incoming application or network traffic across multiple targets (e.g., EC2 instances) within a single region, but it does not provide DNS resolution for domain names; it only provides a DNS name for its own endpoint.

67
MCQmedium

A company needs to manage multiple Kubernetes clusters across different AWS Regions and on-premises environments from a single control plane. Which AWS service provides this?

A.Amazon ECS
B.Amazon EKS with EKS Connector
C.AWS Fargate
D.Amazon EC2 with self-managed Kubernetes
AnswerB

EKS Connector registers any conformant Kubernetes cluster with Amazon EKS for unified visibility and management in the AWS console, spanning EKS, EKS Anywhere, and third-party clusters.

Why this answer

Amazon EKS with EKS Connector allows you to register and connect any Kubernetes cluster—whether running in AWS, on-premises, or in other clouds—to the AWS EKS console. This provides a single control plane view for managing multiple clusters across different AWS Regions and on-premises environments, fulfilling the requirement exactly.

Exam trap

The trap here is that candidates often confuse Amazon ECS with Kubernetes management, or assume that AWS Fargate can serve as a multi-cluster management plane, when in fact only EKS with EKS Connector provides the specific capability to register and manage external Kubernetes clusters from a single AWS console.

How to eliminate wrong answers

Option A is wrong because Amazon ECS is a container orchestration service for Docker containers, not Kubernetes, and it does not provide a single control plane for managing multiple Kubernetes clusters across regions and on-premises. Option C is wrong because AWS Fargate is a serverless compute engine for containers that works with ECS or EKS, but it is not a service for managing multiple Kubernetes clusters from a single control plane. Option D is wrong because Amazon EC2 with self-managed Kubernetes requires you to manually set up and manage the Kubernetes control plane on EC2 instances, which does not offer a built-in single control plane for multiple clusters across different environments.

68
MCQhard

Which AWS service provides a petabyte-scale data transfer solution for moving large amounts of data into AWS when network transfer is not feasible?

A.AWS DataSync
B.AWS Transfer Family
C.AWS Snowball
D.Amazon S3 Multipart Upload
AnswerC

Snowball is a physical appliance for petabyte-scale offline data transfer into AWS.

Why this answer

AWS Snowball is a petabyte-scale data transport solution that uses physical storage devices to transfer large amounts of data into and out of AWS when network transfer is not feasible due to high latency, low bandwidth, or high costs. It is specifically designed for moving massive datasets (up to 80 TB per device) where network uploads would take weeks or months, making it the correct choice for this scenario.

Exam trap

The trap here is that candidates often confuse AWS DataSync or S3 Multipart Upload as viable options for offline data transfer, but these services require network connectivity and are not designed for petabyte-scale data movement when the network is not feasible.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is an online data transfer service that automates moving data over the network between on-premises storage and AWS, but it does not provide a physical, petabyte-scale solution for when network transfer is not feasible. Option B is wrong because AWS Transfer Family provides managed file transfer protocols (SFTP, FTPS, FTP) for transferring data over the network, not a physical offline transfer mechanism. Option D is wrong because Amazon S3 Multipart Upload is a feature for uploading large objects to S3 over the network by breaking them into parts, but it still relies on network connectivity and does not solve the problem of network transfer being infeasible.

69
MCQmedium

A company wants to test a new version of their application by sending 10% of user traffic to the new version and 90% to the existing version, gradually increasing traffic to the new version as confidence grows. Which Amazon Route 53 routing policy supports this?

A.Failover routing
B.Geolocation routing
C.Weighted routing
D.Latency routing
AnswerC

Weighted routing assigns relative weights to route records. A weight of 10 for the new version and 90 for the existing version routes approximately 10% of requests to the new version — ideal for gradual canary deployments.

Why this answer

Weighted routing (C) is correct because it allows you to assign a percentage of traffic to each resource, such as 10% to the new version and 90% to the existing version. As confidence grows, you can adjust the weights to gradually shift more traffic to the new version. This policy is specifically designed for load balancing between multiple endpoints in a controlled, proportional manner.

Exam trap

The trap here is that candidates often confuse weighted routing with latency routing, thinking that latency-based routing can also distribute traffic proportionally, but latency routing only optimizes for response time and cannot enforce a fixed percentage split.

How to eliminate wrong answers

Option A is wrong because failover routing is used for active-passive disaster recovery, where traffic is sent to a primary resource unless it becomes unhealthy, then all traffic fails over to a secondary resource — it does not support percentage-based traffic splitting. Option B is wrong because geolocation routing directs traffic based on the geographic location of the user (e.g., country or continent), not based on a percentage split between versions. Option D is wrong because latency routing routes traffic to the endpoint with the lowest latency for the user, which is useful for performance optimization but cannot enforce a specific percentage distribution of traffic.

70
MCQmedium

A company needs a relational database that automatically scales storage, replicates data across multiple AZs, and can failover automatically without manual intervention. Which AWS service provides these capabilities?

A.Amazon DynamoDB
B.Amazon RDS with Multi-AZ deployment
C.Amazon Redshift
D.Amazon ElastiCache for Redis
AnswerB

RDS Multi-AZ automatically replicates data to a standby in another AZ and performs automatic failover — no manual intervention required for database continuity.

Why this answer

Amazon RDS with Multi-AZ deployment automatically provisions and maintains a synchronous standby replica in a different Availability Zone. This setup provides automatic failover to the standby without manual intervention, and storage scaling can be handled via Amazon EBS or Aurora storage auto-scaling, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse DynamoDB's built-in Multi-AZ replication and auto-scaling with relational database capabilities, overlooking the explicit requirement for a relational database in the question.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, so it does not support SQL queries or relational schemas. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a transactional relational database, and its Multi-AZ support is limited to RA3 node types with manual failover steps. Option D is wrong because Amazon ElastiCache for Redis is an in-memory caching service, not a relational database, and it does not provide persistent relational storage or automatic failover for relational workloads.

71
MCQmedium

A startup is building a Node.js web application. The development team has limited DevOps experience and wants to focus on writing code. They need a managed platform that automatically deploys their application code, provisions the necessary AWS resources (such as EC2 instances, a load balancer, and Auto Scaling), and handles health monitoring and scaling. However, they want the ability to later customize the underlying EC2 instances and configure environment variables without switching to a different compute service. Which AWS service should the startup use?

A.AWS Lambda
B.AWS Elastic Beanstalk
C.Amazon ECS
D.AWS CloudFormation
AnswerB

AWS Elastic Beanstalk is a PaaS service that automatically deploys application code, manages capacity provisioning, load balancing, and auto scaling for web applications. It provides full control over the underlying AWS resources when needed, making it the best fit for a team that wants a managed platform with the option to customize later.

Why this answer

AWS Elastic Beanstalk is a Platform as a Service (PaaS) that automatically handles deployment, capacity provisioning, load balancing, Auto Scaling, and health monitoring for web applications. It allows developers to upload their Node.js code and have Elastic Beanstalk provision the underlying EC2 instances, load balancer, and Auto Scaling group while still providing the option to later customize the EC2 instances (e.g., via .ebextensions or SSH) and configure environment variables through the Elastic Beanstalk console or CLI. This matches the startup's need for a managed platform with future customization flexibility.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with AWS CloudFormation, thinking both are Infrastructure as Code tools, but Elastic Beanstalk is a managed PaaS that abstracts the underlying resources, while CloudFormation requires manual resource definition and does not handle application deployment or health monitoring automatically.

How to eliminate wrong answers

Option A is wrong because AWS Lambda is a serverless compute service that runs code in response to events and does not provision or manage EC2 instances, load balancers, or Auto Scaling groups; it also does not allow customization of underlying EC2 instances. Option C is wrong because Amazon ECS is a container orchestration service that requires users to manage container images, task definitions, and cluster configurations, which demands more DevOps experience than Elastic Beanstalk and does not automatically provision EC2 instances or a load balancer without additional setup. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service that provisions resources based on templates but does not automatically deploy application code, handle health monitoring, or provide a managed platform; it requires users to define and manage all resources manually.

72
Matchingmedium

Match each AWS Well-Architected Framework pillar to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Run and monitor systems to deliver business value

Protect data, systems, and assets

Recover from failures and meet demand

Use computing resources efficiently

Avoid unnecessary costs

Why these pairings

The five pillars guide architectural best practices.

73
MCQmedium

A financial analytics company runs a mission-critical application in its on-premises data center. The application must replicate large volumes of market data to Amazon S3 in real time. The company requires a dedicated, private network connection with consistent low latency and high throughput. The connection must not traverse the public internet. Which AWS service should the company use to meet these requirements?

A.AWS Site-to-Site VPN
B.AWS Direct Connect
C.Amazon VPC peering
D.AWS Transit Gateway
AnswerB

AWS Direct Connect provides a dedicated, private physical link from an on-premises data center to AWS, ensuring low latency, high throughput, and no traversal of the public internet.

Why this answer

AWS Direct Connect provides a dedicated, private network connection from an on-premises data center to AWS, bypassing the public internet. This ensures consistent low latency and high throughput, which is essential for replicating large volumes of market data in real time. The connection uses industry-standard 802.1Q VLANs and can be provisioned at speeds up to 100 Gbps, meeting the requirement for a private, high-performance link.

Exam trap

The trap here is that candidates confuse AWS Site-to-Site VPN as a private connection because it is encrypted, but it still traverses the public internet and lacks the dedicated, low-latency characteristics of Direct Connect.

How to eliminate wrong answers

Option A is wrong because AWS Site-to-Site VPN uses the public internet to establish encrypted tunnels (IPsec), which introduces variable latency and throughput, and does not provide a dedicated private connection. Option C is wrong because Amazon VPC peering connects two VPCs within the AWS cloud, not an on-premises data center to AWS, and it cannot extend to on-premises environments. Option D is wrong because AWS Transit Gateway is a network transit hub that connects VPCs and on-premises networks via VPN or Direct Connect, but it is not a direct connection service itself; it requires an underlying connection like Direct Connect to meet the dedicated private link requirement.

74
MCQmedium

A company wants to use AWS for disaster recovery but wants to minimize costs. They only need backups of their data, with recovery taking several hours if disaster strikes. Which DR strategy requires the least investment?

A.Pilot Light
B.Warm Standby
C.Backup and Restore
D.Multi-Site Active/Active
AnswerC

Backup and Restore has the lowest cost — only backup storage (S3/Glacier) is paid during normal operations, with no running infrastructure. RTO is hours but cost is minimal.

Why this answer

The Backup and Restore strategy (Option C) requires the least investment because it involves periodically copying data to low-cost storage like Amazon S3 (including S3 Glacier for archival) and only restoring infrastructure when needed. This approach has the highest Recovery Time Objective (RTO) and Recovery Point Objective (RPO), often measured in hours, which aligns with the requirement of minimizing costs while tolerating several hours for recovery.

Exam trap

The trap here is that candidates often confuse 'least investment' with 'fastest recovery,' leading them to choose Pilot Light or Warm Standby, but the question explicitly prioritizes minimizing costs over recovery speed, making Backup and Restore the correct choice despite its longer RTO.

How to eliminate wrong answers

Option A (Pilot Light) is wrong because it requires maintaining a minimal, pre-provisioned copy of the core infrastructure (e.g., a small EC2 instance running critical services) that can be scaled up during a disaster, incurring ongoing costs for that running environment. Option B (Warm Standby) is wrong because it involves running a scaled-down but fully functional version of the production environment (e.g., a smaller EC2 Auto Scaling group) that is always on, leading to higher continuous costs than Backup and Restore. Option D (Multi-Site Active/Active) is wrong because it requires running full production capacity in two or more AWS Regions simultaneously, with traffic routing via Route 53, resulting in the highest cost due to duplicate infrastructure and data replication.

75
MCQmedium

A company hosts a web application on an Application Load Balancer in the us-east-1 AWS Region. Users are distributed across North America, Europe, and Asia. The company wants to improve application performance and availability for global users by using the AWS global network. The solution must provide two static anycast IP addresses that do not change over time and automatically route incoming traffic to the nearest healthy endpoint in the region. Which AWS service should the company use?

A.Amazon CloudFront with the Application Load Balancer configured as a custom origin
B.AWS Global Accelerator with the Application Load Balancer configured as an endpoint
C.Amazon Route 53 with latency-based routing policy
D.Amazon S3 Transfer Acceleration
AnswerB

AWS Global Accelerator provides two static anycast IP addresses that act as a fixed entry point. It uses the AWS global network to route traffic over UDP and TCP to the nearest healthy endpoint (e.g., an Application Load Balancer). This improves performance by reducing internet latency and provides automatic failover. The solution meets all the requirements: static IPs, global network routing, and health-based routing.

Why this answer

AWS Global Accelerator provides two static anycast IP addresses that serve as fixed entry points to the application. It uses the AWS global network to route traffic to the nearest healthy Application Load Balancer endpoint in us-east-1, automatically rerouting in case of endpoint failure. This meets the requirement for static IPs and performance improvement via the AWS backbone.

Exam trap

The trap here is confusing CloudFront's edge caching with Global Accelerator's static IP and anycast routing; candidates often pick CloudFront because it also improves performance, but it does not provide fixed anycast IP addresses that remain unchanged over time.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront does not provide static anycast IP addresses; it uses a DNS-based distribution of edge locations and the IP addresses can change over time. Option C is wrong because Amazon Route 53 with latency-based routing does not provide static anycast IP addresses; it relies on DNS resolution, which can be cached and does not offer fixed IPs, and it does not provide automatic failover at the IP layer like Global Accelerator does.

Page 1 of 5 · 341 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Cloud Technology and Services questions.