CCNA Cloud Technology and Services Questions

75 of 341 questions · Page 3/5 · Cloud Technology and Services · Answers revealed

151
MCQmedium

A company is adopting microservices and wants to enable their services to communicate securely and track network traffic between them. Which AWS service provides service mesh capabilities with mutual TLS and observability?

A.Amazon VPC with security groups
B.AWS App Mesh
C.Amazon API Gateway
D.AWS Transit Gateway
AnswerB

App Mesh provides a service mesh layer for microservices with mTLS encryption, traffic control (routing policies, retry logic), and observability (metrics, traces) via Envoy proxy integration.

Why this answer

AWS App Mesh is a service mesh that provides application-level networking, enabling microservices to communicate securely with mutual TLS (mTLS) and offering observability through metrics, logs, and traces. It integrates with AWS services like AWS X-Ray and Amazon CloudWatch to track network traffic between services, making it the correct choice for this requirement.

Exam trap

The trap here is that candidates often confuse network-level services like VPC security groups or Transit Gateway with application-level service mesh capabilities, overlooking that mTLS and observability require a dedicated service mesh like AWS App Mesh.

How to eliminate wrong answers

Option A is wrong because Amazon VPC with security groups provides network-level traffic filtering and segmentation, not service mesh capabilities like mTLS or observability at the application layer. Option C is wrong because Amazon API Gateway is a managed API proxy for creating, publishing, and securing APIs, not a service mesh for inter-service communication within a microservices architecture. Option D is wrong because AWS Transit Gateway is a network transit hub for connecting VPCs and on-premises networks, lacking service mesh features such as mTLS and observability for service-to-service traffic.

152
MCQeasy

Which AWS service provides managed Elasticsearch (OpenSearch) clusters for log analytics and full-text search?

A.Amazon CloudSearch
B.Amazon OpenSearch Service
C.Amazon Athena
D.Amazon Redshift
AnswerB

OpenSearch Service provides managed Elasticsearch/OpenSearch clusters for search and log analytics without cluster management overhead.

Why this answer

Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is the correct choice because it provides managed clusters for Elasticsearch and OpenSearch, enabling log analytics, full-text search, and real-time application monitoring. It integrates with Logstash and Kibana (the ELK stack) and supports the OpenSearch API, making it the direct AWS offering for this use case.

Exam trap

The trap here is that candidates often confuse Amazon CloudSearch (a simpler, proprietary search service) with Amazon OpenSearch Service, not realizing that CloudSearch does not support the Elasticsearch/OpenSearch ecosystem required for log analytics and Kibana integration.

How to eliminate wrong answers

Option A is wrong because Amazon CloudSearch is a managed search service that uses its own proprietary search engine and API, not Elasticsearch or OpenSearch, and is designed for simpler full-text search use cases like website search, not log analytics. Option C is wrong because Amazon Athena is a serverless interactive query service for analyzing data in Amazon S3 using standard SQL, not a managed search or analytics engine for Elasticsearch/OpenSearch clusters. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for SQL-based analytics on structured data, not for real-time log analytics or full-text search with Elasticsearch/OpenSearch.

153
MCQmedium

A company manages a fleet of hundreds of EC2 instances and needs to automate patching across all instances, run commands remotely without SSH, and store configuration parameters centrally. Which AWS service provides these operational management capabilities?

A.Amazon CloudWatch
B.AWS Config
C.AWS Systems Manager
D.AWS CloudFormation
AnswerC

Systems Manager provides Patch Manager for automated patching, Session Manager for SSH-free remote access, Run Command for running scripts across instances, and Parameter Store for centralised configuration — all required capabilities.

Why this answer

AWS Systems Manager is the correct choice because it provides a unified interface for operational management tasks, including automated patching via Patch Manager, remote command execution without SSH using Run Command, and centralized parameter storage with Parameter Store. These capabilities directly address the need to manage fleets of EC2 instances at scale without requiring direct network access to each instance.

Exam trap

The trap here is that candidates often confuse AWS Systems Manager with AWS Config because both deal with 'management' and 'configuration,' but Config is only for compliance auditing and drift detection, not for patching or remote command execution.

How to eliminate wrong answers

Option A is wrong because Amazon CloudWatch is a monitoring and observability service for metrics, logs, and alarms, not a tool for patching, remote command execution, or parameter storage. Option B is wrong because AWS Config is a service for evaluating and auditing resource compliance against desired configurations, not for automating patching or running commands remotely. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service for provisioning and managing AWS resources via templates, not for ongoing operational tasks like patching or remote command execution.

154
MCQmedium

A company runs a globally distributed multiplayer game on AWS. The game uses UDP for real-time communication and requires static IP addresses that do not change for whitelisting by internet service providers. The company needs to route traffic to the nearest healthy application endpoint to minimize latency and improve performance. The solution must work with both TCP and UDP traffic and provide static IP addresses. Which AWS service should the company use?

A.AWS Global Accelerator
B.Amazon CloudFront
C.Amazon Route 53
D.AWS Direct Connect
AnswerA

Correct. AWS Global Accelerator provides static IP addresses and optimizes the path from users to applications over TCP/UDP, routing traffic to the nearest healthy endpoint using the AWS global network.

Why this answer

AWS Global Accelerator provides static IP addresses that serve as fixed entry points to your application, and it uses the AWS global network to route traffic to the nearest healthy endpoint via Anycast. It supports both TCP and UDP traffic, making it ideal for real-time UDP-based gaming workloads that require low latency and static IPs for ISP whitelisting.

Exam trap

The trap here is that candidates often confuse CloudFront's edge caching with Global Accelerator's network-layer optimization, but CloudFront does not support UDP or provide static IPs, making it unsuitable for real-time gaming traffic.

How to eliminate wrong answers

Option B (Amazon CloudFront) is wrong because CloudFront is a content delivery network optimized for HTTP/HTTPS traffic and does not support UDP, nor does it provide static IP addresses for whitelisting. Option C (Amazon Route 53) is wrong because Route 53 is a DNS service that resolves domain names to IP addresses but does not provide static IP addresses or handle UDP traffic routing at the network layer; it relies on DNS caching and can change IPs over time. Option D (AWS Direct Connect) is wrong because Direct Connect establishes a dedicated private network connection from on-premises to AWS, but it does not provide globally distributed static IP addresses or anycast routing for traffic to the nearest endpoint.

155
MCQmedium

A company wants to automate the creation and management of machine learning models without writing code. Which AWS service provides a no-code ML model building interface?

A.Amazon SageMaker Studio
B.Amazon SageMaker Canvas
C.Amazon SageMaker Autopilot
D.Amazon Rekognition Custom Labels
AnswerB

SageMaker Canvas provides a visual, no-code interface for building ML models — business analysts can import data and generate predictions without writing any code.

Why this answer

Amazon SageMaker Canvas is a no-code ML service that provides a visual, drag-and-drop interface for building and managing machine learning models without writing any code. It is designed for business analysts and domain experts who need to generate predictions from their data without programming expertise.

Exam trap

The trap here is that candidates confuse SageMaker Studio (a code-based IDE) or SageMaker Autopilot (automated but code-required) with a true no-code service, missing that Canvas is the only option explicitly designed for non-programmers.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker Studio is an integrated development environment (IDE) for ML that requires writing code in notebooks or scripts, not a no-code interface. Option C is wrong because Amazon SageMaker Autopilot automates the ML pipeline (feature engineering, model selection, tuning) but still requires some code or API calls to initiate and manage; it does not provide a no-code visual builder. Option D is wrong because Amazon Rekognition Custom Labels is a service for training custom image classification models using a visual interface, but it is limited to computer vision tasks and is not a general-purpose no-code ML model building tool.

156
MCQmedium

A data team needs to extract data from S3 and RDS, transform it (clean, enrich, join), and load it into Amazon Redshift for analytics. They want a serverless service that discovers and catalogues data schemas automatically and runs the ETL jobs without provisioning servers. Which AWS service provides this?

A.Amazon EMR
B.AWS Data Pipeline
C.AWS Glue
D.Amazon Kinesis Data Firehose
AnswerC

Glue is a serverless ETL service. The Glue Crawler discovers and catalogues schemas from S3 and databases automatically. Glue Jobs run Spark-based transformations serverlessly, loading results to Redshift without any server provisioning.

Why this answer

AWS Glue is a fully managed, serverless ETL service that automatically discovers and catalogs data schemas using its Crawler feature, which populates the AWS Glue Data Catalog. It can extract data from S3 and RDS, transform it (clean, enrich, join), and load it into Amazon Redshift without any server provisioning or management.

Exam trap

The trap here is that candidates confuse AWS Glue with Amazon EMR because both can run Spark-based ETL, but EMR requires server provisioning and lacks automatic schema discovery, while Glue is fully serverless and includes the Data Catalog.

How to eliminate wrong answers

Option A is wrong because Amazon EMR is a cluster-based big data platform that requires provisioning and managing EC2 instances (servers), and it does not automatically discover or catalog data schemas. Option B is wrong because AWS Data Pipeline is a managed orchestration service but it is not serverless—it relies on EC2 instances or task runners that must be provisioned, and it lacks built-in schema discovery and cataloging. Option D is wrong because Amazon Kinesis Data Firehose is a serverless streaming data ingestion service that loads data into destinations like S3 or Redshift, but it does not perform complex transformations (e.g., joins, enrichment) and has no schema discovery or cataloging capabilities.

157
MCQmedium

A company operates multiple Amazon VPCs across several AWS accounts for different business units. The company also has an on-premises data center connected to AWS via AWS Direct Connect. The network team wants to simplify the connectivity between all VPCs and the on-premises network. Currently, they manage individual VPC peering connections, which is becoming complex as more VPCs are added. They need a single network hub that can scale to connect hundreds of VPCs and the on-premises network, with centralized routing management. Which AWS service should the network team use?

A.AWS Transit Gateway
B.Amazon VPC peering
C.AWS PrivateLink
D.AWS Site-to-Site VPN
AnswerA

AWS Transit Gateway is a central hub that connects VPCs and on-premises networks. It supports hub-and-spoke topology, scales to hundreds of VPCs, and works with Direct Connect and VPNs. This meets the requirement for simplified, scalable connectivity with centralized routing.

Why this answer

AWS Transit Gateway acts as a single, scalable network hub that connects multiple VPCs and on-premises networks via Direct Connect, using a centralized routing table. This eliminates the need for complex, meshed VPC peering connections and provides transitive routing across all attached networks, which directly addresses the requirement for a hub that scales to hundreds of VPCs.

Exam trap

AWS often tests the misconception that VPC peering can be used as a hub-and-spoke solution, but candidates must remember that VPC peering is non-transitive and requires a full mesh, whereas Transit Gateway provides transitive routing and centralized management.

How to eliminate wrong answers

Option B (Amazon VPC peering) is wrong because it creates a one-to-one, non-transitive connection between two VPCs only, requiring a full mesh of peering connections as VPCs increase, which does not scale to hundreds of VPCs and does not natively integrate with Direct Connect for on-premises connectivity. Option C (AWS PrivateLink) is wrong because it is designed for private, one-way access to a specific service or endpoint within a VPC, not for routing traffic between multiple VPCs or to an on-premises network; it lacks transitive routing and hub-and-spoke capabilities. Option D (AWS Site-to-Site VPN) is wrong because it only connects a single VPC to an on-premises network over the internet, not multiple VPCs, and does not provide centralized routing or transitive connectivity between VPCs.

158
MCQeasy

Which AWS service is used to register domain names and route DNS queries for domain names like 'example.com'?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53
D.AWS Certificate Manager
AnswerC

Route 53 provides domain registration, DNS hosting, and health checking — a complete managed DNS solution from domain purchase to global traffic routing.

Why this answer

Amazon Route 53 is a scalable Domain Name System (DNS) web service that provides both domain name registration and DNS resolution. It translates human-readable domain names like 'example.com' into IP addresses and can also register new domains or transfer existing ones. This dual functionality makes it the correct choice for the question.

Exam trap

The trap here is that candidates often confuse AWS Global Accelerator with a DNS service because both use anycast and improve performance, but Global Accelerator does not handle domain registration or standard DNS query resolution.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and delivers content at edge locations, not a DNS service or domain registrar. Option B is wrong because AWS Global Accelerator improves application availability and performance by directing traffic over the AWS global network using anycast IP addresses, but it does not register domain names or perform DNS resolution. Option D is wrong because AWS Certificate Manager (ACM) provisions, manages, and deploys SSL/TLS certificates for use with AWS services, but it has no role in domain registration or DNS routing.

159
MCQmedium

A company runs a web application on multiple EC2 instances across multiple Availability Zones. All instances need to access and share the same file system simultaneously to read and write shared configuration files. Which AWS storage service supports simultaneous access from multiple EC2 instances?

A.Amazon EBS
B.Instance Store
C.Amazon EFS
D.Amazon S3
AnswerC

EFS provides a shared NFS file system that can be mounted simultaneously by multiple EC2 instances across multiple AZs. It scales automatically and supports concurrent reads and writes from many instances.

Why this answer

Amazon EFS is a fully managed, NFS-based file system that can be mounted concurrently by multiple EC2 instances across different Availability Zones, providing shared access for reading and writing configuration files. It uses the NFSv4.1 protocol and supports thousands of simultaneous connections, making it ideal for shared storage scenarios.

Exam trap

The trap here is that candidates may confuse Amazon EBS with a shared file system, not realizing that standard EBS volumes are single-instance attachable, while EFS is purpose-built for multi-instance shared access.

How to eliminate wrong answers

Option A is wrong because Amazon EBS volumes are block-level storage that can only be attached to a single EC2 instance at a time (except for multi-attach EBS io1/io2 volumes, which are limited to a few instances and not designed for general shared file access). Option B is wrong because Instance Store provides temporary, block-level storage that is physically attached to the host server and cannot be shared across instances; data is lost if the instance stops or terminates. Option D is wrong because Amazon S3 is object storage accessed via HTTP/HTTPS APIs, not a POSIX-compliant file system, and does not support standard file locking or direct mount as a shared file system for EC2 instances.

160
MCQmedium

A company runs a web application on Amazon EC2 instances that connect to a relational database. The application requires high database availability so that if the primary database instance fails, a standby instance automatically takes over without manual intervention. The company wants to minimize administrative overhead for database patching, backups, and replication. Which AWS service should the company use to meet these requirements?

A.Amazon RDS Multi-AZ
B.Amazon RDS Single-AZ
C.Amazon DynamoDB Global Tables
D.Amazon S3
AnswerA

Correct. Amazon RDS Multi-AZ automatically provisions and maintains a synchronous standby replica in a different Availability Zone. If the primary instance fails, Amazon RDS automatically fails over to the standby, providing high availability. It also handles automated backups, patching, and replication.

Why this answer

Amazon RDS Multi-AZ provides high availability by automatically provisioning and maintaining a synchronous standby replica in a different Availability Zone. If the primary database instance fails, Amazon RDS automatically fails over to the standby, ensuring minimal downtime without manual intervention. Additionally, RDS handles patching, backups, and replication automatically, reducing administrative overhead.

Exam trap

The trap here is that candidates may confuse Amazon RDS Multi-AZ with Amazon DynamoDB Global Tables, assuming both provide high availability for relational databases, but DynamoDB is NoSQL and does not support relational queries or the same failover model.

How to eliminate wrong answers

Option B is wrong because Amazon RDS Single-AZ does not provide a standby instance or automatic failover; if the instance fails, the database becomes unavailable until manual recovery is performed. Option C is wrong because Amazon DynamoDB Global Tables is a NoSQL database service, not a relational database, and while it offers multi-region replication, it does not support the relational database model required by the application. Option D is wrong because Amazon S3 is an object storage service, not a relational database, and cannot serve as the primary database for a web application requiring relational queries and high availability.

161
MCQmedium

A company needs a managed workflow service to coordinate long-running business processes that may require human approval steps and can run for up to one year. Which AWS service handles this?

A.AWS Lambda
B.Amazon SQS
C.AWS Step Functions (Standard Workflows)
D.Amazon EventBridge
AnswerC

Step Functions Standard Workflows support executions lasting up to one year, human approval steps via task tokens, parallel execution, and comprehensive error handling — ideal for long-running business processes.

Why this answer

AWS Step Functions Standard Workflows are designed for long-running, durable, and auditable workflows that can run for up to one year, making them ideal for coordinating business processes that require human approval steps. They provide built-in error handling, retries, and state management, which are essential for orchestrating multi-step processes with human intervention.

Exam trap

The trap here is that candidates often confuse AWS Step Functions with Amazon EventBridge, but EventBridge is only for event routing and cannot orchestrate long-running workflows with human approval steps, while Step Functions Standard Workflows are explicitly built for this purpose.

How to eliminate wrong answers

Option A is wrong because AWS Lambda has a maximum execution timeout of 15 minutes, making it unsuitable for workflows that can run for up to one year. Option B is wrong because Amazon SQS is a message queuing service that does not provide workflow orchestration, state management, or built-in human approval step capabilities. Option D is wrong because Amazon EventBridge is an event bus service for routing events between applications, not a workflow orchestrator that can manage long-running business processes with human approval steps.

162
MCQeasy

A company needs to convert text documents into natural-sounding speech in multiple languages for an audiobook application. Which AWS service provides this capability?

A.Amazon Transcribe
B.Amazon Translate
C.Amazon Polly
D.Amazon Lex
AnswerC

Polly is AWS's managed TTS service that converts text into lifelike speech in dozens of languages, with standard and neural voice options for audiobook-quality output.

Why this answer

Amazon Polly is a managed service that turns text into lifelike speech using deep learning technologies, supporting multiple languages and voices. It is specifically designed for text-to-speech (TTS) conversion, making it the correct choice for generating natural-sounding audio for an audiobook application.

Exam trap

The trap here is confusing Amazon Polly (text-to-speech) with Amazon Transcribe (speech-to-text), as both deal with speech but in opposite directions, leading candidates to mistakenly choose Transcribe when the requirement is to generate speech from text.

How to eliminate wrong answers

Option A is wrong because Amazon Transcribe is an automatic speech recognition (ASR) service that converts speech to text, not text to speech. Option B is wrong because Amazon Translate is a neural machine translation service that translates text between languages, but it does not generate speech output. Option D is wrong because Amazon Lex is a service for building conversational interfaces (chatbots) using speech recognition and natural language understanding, but its primary purpose is not standalone text-to-speech conversion for audiobooks.

163
MCQeasy

A company uses several AWS services and wants to create a unified monitoring dashboard to track metrics and set alarms. Which AWS service provides this capability?

A.AWS CloudTrail
B.Amazon CloudWatch
C.AWS Config
D.AWS X-Ray
AnswerB

CloudWatch provides metrics collection, custom dashboards, alarms, log analysis, and automated responses for AWS services and custom applications.

Why this answer

Amazon CloudWatch is AWS's observability service for monitoring metrics, logs, events, and traces from AWS services and custom applications. CloudWatch dashboards display metrics from multiple services in a single view. CloudWatch Alarms trigger notifications or automated actions when metrics exceed thresholds.

164
MCQeasy

Which AWS service provides a desktop development environment in the cloud with a browser-based code editor and computing resources, requiring no local installation?

A.AWS CloudShell
B.AWS Cloud9
C.AWS CodeCommit
D.AWS CodeBuild
AnswerB

Cloud9 is a full browser-based IDE with code editing, debugging, terminal access, and collaborative development features — no local installation required.

Why this answer

AWS Cloud9 is a cloud-based integrated development environment (IDE) that provides a browser-based code editor, terminal, and pre-configured computing resources (e.g., EC2 instances or SSH servers). It requires no local installation, making it ideal for developing applications directly from a web browser.

Exam trap

The trap here is that candidates confuse AWS CloudShell (a simple shell) with a full development environment, but CloudShell lacks the code editor and project management features that Cloud9 provides.

How to eliminate wrong answers

Option A is wrong because AWS CloudShell provides a browser-based shell with pre-installed CLI tools, but it does not include a code editor or a full development environment like Cloud9. Option C is wrong because AWS CodeCommit is a fully managed source control service (Git-based) for storing and versioning code, not a development environment. Option D is wrong because AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages, but it does not provide an interactive desktop or code editor.

165
MCQmedium

A company runs a microservices application on AWS. It needs to send real-time alerts to mobile devices via push notifications and to administrators via email whenever a critical event occurs. The solution must be a fully managed service that supports both delivery channels without requiring separate infrastructure for each. Which AWS service should the company use?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon Simple Email Service (SES)
D.Amazon Pinpoint
AnswerA

Amazon SNS is a fully managed pub/sub messaging service that can deliver messages to a variety of subscribers, including mobile push notifications and email. It is the correct choice for this requirement.

Why this answer

Amazon SNS is a fully managed pub/sub messaging service that supports multiple delivery protocols, including push notifications to mobile devices (via Apple Push Notification Service, Firebase Cloud Messaging, etc.) and email (via SMTP or HTTP endpoints). This allows the company to send real-time alerts through both channels from a single service without provisioning separate infrastructure for each.

Exam trap

The trap here is that candidates often confuse Amazon Pinpoint (a marketing and analytics service) with Amazon SNS (a simple pub/sub notification service), but the question explicitly asks for a fully managed service that supports both push notifications and email without separate infrastructure — SNS fits this requirement directly, while Pinpoint is designed for targeted campaigns and user segmentation, not simple event-driven alerts.

How to eliminate wrong answers

Option B (Amazon SQS) is wrong because it is a message queue service for decoupling application components, not a push notification or email delivery service; it requires consumers to poll messages and does not natively send push notifications or emails. Option C (Amazon SES) is wrong because it is designed for sending transactional and bulk email only, not push notifications to mobile devices. Option D (Amazon Pinpoint) is wrong because while it supports push notifications and email, it is primarily a customer engagement and marketing analytics service, not a simple pub/sub alerting service; it requires more configuration and is overkill for straightforward event-driven alerts.

166
MCQmedium

A company runs a multi-region application on AWS with separate VPCs in us-east-1 and eu-west-1. The company also has an on-premises data center connected to AWS via AWS Direct Connect. The network team wants to simplify the routing topology so that traffic between all VPCs and the on-premises network flows through a central hub. They need a service that can manage many VPC attachments and provide transitive routing across all connected networks. Which AWS service should the network team use?

A.AWS Transit Gateway
B.Amazon Route 53
C.AWS Direct Connect Gateway
D.AWS PrivateLink
AnswerA

AWS Transit Gateway is a network transit hub that connects VPCs, VPN connections, and AWS Direct Connect connections. It supports transitive routing, allowing all attached networks to communicate through a single gateway, which simplifies network architecture.

Why this answer

AWS Transit Gateway is the correct choice because it acts as a central hub that connects multiple VPCs and on-premises networks via a single gateway, enabling transitive routing between all attached networks. It supports many VPC attachments (up to thousands per gateway) and simplifies routing topology by eliminating the need for complex peering or VPN mesh configurations. This directly meets the requirement for a service that manages many VPC attachments and provides transitive routing across all connected networks.

Exam trap

The trap here is that candidates often confuse AWS Direct Connect Gateway with Transit Gateway, assuming Direct Connect Gateway can provide transitive routing between VPCs, but it only connects Direct Connect circuits to multiple VPCs and does not enable VPC-to-VPC routing or act as a central hub for all network attachments.

How to eliminate wrong answers

Option B (Amazon Route 53) is wrong because it is a DNS and domain name resolution service, not a network routing or connectivity service; it cannot route traffic between VPCs or to on-premises networks. Option C (AWS Direct Connect Gateway) is wrong because it only facilitates connectivity between Direct Connect connections and multiple VPCs in different regions, but it does not provide transitive routing between VPCs themselves or act as a central hub for all network attachments. Option D (AWS PrivateLink) is wrong because it enables private connectivity between VPCs and specific services (like SaaS endpoints) without traversing the public internet, but it does not provide transitive routing between multiple VPCs or between VPCs and on-premises networks.

167
MCQmedium

A company is developing a microservices application using Docker containers. The development team wants to deploy and run these containers on AWS without having to provision or manage any underlying EC2 instances. Additionally, the team does not want to manage the container orchestration control plane. They need a fully serverless compute engine for containers that automatically scales based on demand. Which AWS compute option should the team use?

A.Amazon EC2 instances with Docker installed
B.AWS Lambda
C.Amazon ECS with the AWS Fargate launch type
D.Amazon EKS with managed node groups
AnswerC

AWS Fargate is a serverless compute engine for containers that works with Amazon ECS and Amazon EKS. With Fargate, you do not need to provision or manage EC2 instances; you specify the CPU and memory requirements, and Fargate automatically runs and scales the containers. This fully meets the requirement of a serverless container compute service with no cluster management.

Why this answer

Amazon ECS with the AWS Fargate launch type is the correct choice because it provides a fully serverless compute engine for containers. Fargate eliminates the need to provision or manage EC2 instances and removes the burden of managing the container orchestration control plane, as AWS handles both the underlying infrastructure and the orchestration layer. It automatically scales container instances based on demand, meeting the team's requirement for a serverless, auto-scaling container solution.

Exam trap

The trap here is that candidates often confuse AWS Lambda's container image support with a full container orchestration solution, but Lambda is not designed for long-running or stateful container workloads and lacks the orchestration features of ECS or EKS.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 instances with Docker installed require the team to provision, manage, and scale the underlying EC2 instances, which contradicts the requirement to avoid managing any EC2 instances. Option B is wrong because AWS Lambda is designed for event-driven, short-lived functions, not for running Docker containers as a primary compute model; while Lambda supports container images, it is not a container orchestration service and does not provide the same level of control for microservices applications. Option D is wrong because Amazon EKS with managed node groups still requires the team to manage the Kubernetes control plane (even though node groups are managed), and it does not offer a fully serverless experience; the control plane is managed by AWS but the team must still handle node scaling and patching, unlike Fargate which abstracts all infrastructure.

168
MCQmedium

A company wants to migrate their on-premises VMware virtual machines to Amazon EC2. Which AWS service simplifies this lift-and-shift migration?

A.AWS Snowball
B.AWS Application Migration Service (AWS MGN)
C.AWS Database Migration Service
D.Amazon EC2 Import/Export
AnswerB

AWS MGN continuously replicates on-premises servers (physical, virtual, or cloud) to AWS, enabling non-disruptive testing and cutover for lift-and-shift migrations to EC2.

Why this answer

AWS Application Migration Service (AWS MGN) is the correct choice because it is specifically designed to simplify and automate the lift-and-shift migration of on-premises VMware virtual machines to Amazon EC2. It continuously replicates source servers (including VMware VMs) to a staging area in AWS, then automatically converts and launches the instances on EC2, minimizing downtime and manual effort.

Exam trap

The trap here is that candidates often confuse AWS MGN with the older EC2 Import/Export service, mistakenly thinking the legacy tool is sufficient for a modern lift-and-shift migration, but EC2 Import/Export requires manual steps and does not support continuous replication or automated conversion.

How to eliminate wrong answers

Option A is wrong because AWS Snowball is a physical data transport device used for large-scale data transfer (petabytes) or edge computing, not for live migration of VMware VMs to EC2. Option C is wrong because AWS Database Migration Service (DMS) is designed for migrating databases (e.g., Oracle to Amazon RDS), not for migrating entire virtual machines or server workloads. Option D is wrong because Amazon EC2 Import/Export is a legacy service that allows importing VM images as AMIs but requires manual conversion and does not provide continuous replication or automated lift-and-shift capabilities like AWS MGN.

169
MCQmedium

A company runs an e-commerce application on Amazon EC2 instances in the us-east-1 Region. The application serves static assets (images, CSS files) and dynamic API responses. Users in Europe and Asia report that the website loads slowly, especially for images. The company needs a solution that reduces latency for both static and dynamic content by caching static assets at edge locations and accelerating dynamic API calls using optimized network paths. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon S3 Transfer Acceleration
D.Application Load Balancer
AnswerA

CloudFront is correct because it provides caching of static assets at edge locations and accelerates dynamic content via optimized routing, addressing both latency requirements for a global audience.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets (images, CSS files) at edge locations worldwide, reducing latency for users in Europe and Asia. It also supports dynamic API acceleration by using optimized network paths (AWS global network backbone) and features like origin shield and TCP optimizations, making it the correct choice for both static and dynamic content.

Exam trap

The trap here is that candidates may confuse AWS Global Accelerator (which optimizes dynamic traffic only) with CloudFront (which handles both caching and acceleration), failing to recognize that caching static assets is a requirement that only a CDN like CloudFront can fulfill.

How to eliminate wrong answers

Option B (AWS Global Accelerator) is wrong because it only improves performance for dynamic traffic by routing over the AWS global network and providing static IP addresses, but it does not cache static assets at edge locations. Option C (Amazon S3 Transfer Acceleration) is wrong because it only speeds up uploads to S3 buckets over long distances, not caching or accelerating delivery of static assets or dynamic API responses to end users. Option D (Application Load Balancer) is wrong because it distributes traffic across EC2 instances within a region and does not provide edge caching or global network path optimization.

170
MCQmedium

A company has a two-tier web application. The front-end web servers run on Amazon EC2 instances in a public subnet. The back-end application servers process jobs that are submitted by the front end. The company wants to decouple the front-end and back-end tiers so that the back-end servers can process jobs as they are submitted, even if the front-end servers experience a spike in traffic. The solution must be durable and fully managed, and must allow the front-end servers to send job requests without waiting for the back-end servers to be available. Which AWS service should the company use to send the job requests from the front end to the back end?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.AWS Step Functions
AnswerA

Amazon SQS is a fully managed message queue service that decouples application components. Front-end servers can send job requests to an SQS queue, and back-end servers process them asynchronously. Messages are stored durably across multiple Availability Zones, and the front end can continue sending requests without waiting for the back end to be ready. This correctly meets the requirement for a durable, fully managed decoupling solution.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed, durable, and decoupled message queue that allows front-end EC2 instances to send job requests as messages. The back-end application servers can then poll and process these messages asynchronously, ensuring that spikes in front-end traffic do not overwhelm the back-end, and the front-end does not need to wait for back-end availability.

Exam trap

The trap here is that candidates often confuse SNS (push-based, no durability for offline consumers) with SQS (pull-based, durable queue), or they overcomplicate the solution by selecting Kinesis Data Streams for its streaming capability, not recognizing that the requirement is simply a decoupled job queue, not real-time analytics.

How to eliminate wrong answers

Option B (Amazon Simple Notification Service) is wrong because SNS is a pub/sub messaging service that pushes notifications to subscribers; it does not provide a durable queue where messages are stored until consumed, so if the back-end is unavailable, messages are lost. Option C (Amazon Kinesis Data Streams) is wrong because it is designed for real-time streaming of large volumes of data (e.g., log ingestion, analytics) and requires custom consumers to manage checkpointing and shard processing; it is not a simple job queue for decoupling request/response patterns. Option D (AWS Step Functions) is wrong because it is a serverless orchestration service for coordinating multiple AWS services into workflows, not a message queue for decoupling front-end and back-end tiers; it adds unnecessary complexity and does not natively provide a durable buffer for job requests.

171
MCQeasy

Which Amazon RDS feature enables automatic scaling of database storage capacity without any downtime when storage is running low?

A.RDS Multi-AZ
B.RDS Read Replicas
C.RDS Storage Auto Scaling
D.RDS Automated Backups
AnswerC

RDS Storage Auto Scaling monitors free storage space and automatically increases storage capacity when utilization is high, eliminating manual storage management and downtime.

Why this answer

RDS Storage Auto Scaling is the correct answer because it automatically increases the allocated storage for an RDS database instance when free space drops below a configured threshold, without requiring any downtime or manual intervention. This feature uses a scaling policy that triggers a storage increase in predefined increments, ensuring the database remains available and performant during storage growth.

Exam trap

The trap here is that candidates often confuse RDS Multi-AZ with storage scaling because both involve 'automatic' behavior, but Multi-AZ only handles failover, not storage growth.

How to eliminate wrong answers

Option A is wrong because RDS Multi-AZ provides high availability and automatic failover across Availability Zones, but it does not automatically scale storage capacity. Option B is wrong because RDS Read Replicas are used to offload read traffic and improve read performance, not to manage storage scaling. Option D is wrong because RDS Automated Backups handle point-in-time recovery and backup retention, but they have no role in dynamically increasing storage when it runs low.

172
MCQmedium

A company runs a latency-sensitive application on AWS that must communicate with an on-premises data center. The company requires a dedicated, private network connection that provides consistent, low-latency performance and bypasses the public internet. Which AWS service should the company use to meet these requirements?

A.AWS Direct Connect
B.AWS Site-to-Site VPN
C.AWS Client VPN
D.AWS Transit Gateway
AnswerA

Correct. AWS Direct Connect establishes a dedicated, private network link between an on-premises data center and AWS, offering consistent bandwidth and lower latency by avoiding the public internet.

Why this answer

AWS Direct Connect is the correct choice because it provides a dedicated, private network connection from an on-premises data center to AWS, bypassing the public internet entirely. This ensures consistent, low-latency performance for latency-sensitive applications by using a physical cross-connect or hosted virtual interface, which avoids the variability and potential congestion of internet-based connections.

Exam trap

The trap here is that candidates confuse AWS Site-to-Site VPN (which also provides a private tunnel) with a dedicated connection, overlooking that VPNs still traverse the public internet and cannot guarantee consistent low latency, whereas Direct Connect offers a physically private path.

How to eliminate wrong answers

Option B (AWS Site-to-Site VPN) is wrong because it uses the public internet to establish an encrypted tunnel (IPsec), which introduces variable latency and potential bandwidth limitations, making it unsuitable for consistent low-latency requirements. Option C (AWS Client VPN) is wrong because it is a managed VPN service for individual client devices (using OpenVPN) to connect to AWS, not for dedicated site-to-site connectivity between a data center and AWS. Option D (AWS Transit Gateway) is wrong because it is a network transit hub that connects VPCs and on-premises networks, but it does not itself provide a dedicated private connection; it requires an underlying connection like Direct Connect or VPN to function.

173
MCQmedium

A company publishes a message each time a new product is added to its catalogue. Three services need to receive this message simultaneously: an email notification service, an inventory update service, and an analytics service. Which AWS service should the company use to deliver the message to all three services at the same time?

A.Amazon SQS
B.Amazon SNS
C.Amazon Kinesis Data Streams
D.AWS EventBridge
AnswerB

SNS supports the fan-out pattern where a single message published to a topic is delivered to all subscribers simultaneously. The three services can each subscribe to the SNS topic and receive every product update message at the same time.

Why this answer

Amazon SNS is the correct choice because it is a fully managed pub/sub messaging service designed to deliver messages to multiple subscribers simultaneously. When a new product is added, the company can publish a single message to an SNS topic, and SNS will fan out that message to all three subscribed endpoints (email, inventory, and analytics) in parallel, ensuring they receive it at the same time.

Exam trap

The trap here is that candidates often confuse SQS (a queue for one-to-one processing) with SNS (a pub/sub for one-to-many delivery), or they overcomplicate the solution by choosing Kinesis or EventBridge when a simple fan-out pattern is required.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a queue-based service that stores messages for a single consumer to pull, not push to multiple subscribers simultaneously; it is designed for decoupling and asynchronous processing, not fan-out. Option C is wrong because Amazon Kinesis Data Streams is intended for real-time streaming of large volumes of data for processing by multiple consumers in order, but it does not provide immediate push delivery to endpoints like email; it requires consumers to poll and process records sequentially per shard. Option D is wrong because AWS EventBridge is a serverless event bus that routes events based on rules, but it is primarily for event-driven architectures and does not natively support direct push to email endpoints without additional integration; SNS is the simpler, purpose-built service for simultaneous fan-out to heterogeneous subscribers.

174
MCQmedium

A company runs a web application on multiple Amazon EC2 instances across two Availability Zones. The application processes user-uploaded documents and must store them in a shared file system that all instances can access simultaneously. The file system must be scalable to petabytes, durable, and fully managed. Which AWS service should the company use to meet these requirements?

A.Amazon EBS with Multi-Attach enabled
B.Amazon EFS
C.Amazon S3
D.Amazon EC2 Instance Store
AnswerB

Amazon EFS provides a fully managed, elastic NFS file system that can be mounted on multiple EC2 instances across multiple Availability Zones. It scales automatically to petabytes, offers high durability, and is designed for concurrent access from thousands of instances. This matches all requirements.

Why this answer

Amazon EFS is a fully managed, scalable, and durable NFS file system that can be mounted concurrently by multiple EC2 instances across different Availability Zones. It automatically scales storage capacity up to petabytes as files are added or removed, and it provides high durability by replicating data across multiple AZs within a region. This makes it the ideal choice for a shared file system that must be accessed simultaneously by all instances.

Exam trap

The trap here is that candidates often confuse Amazon S3's object storage capabilities with a shared file system, but S3 lacks POSIX file locking and mountability, making it unsuitable for simultaneous file-level access from multiple EC2 instances.

How to eliminate wrong answers

Option A is wrong because Amazon EBS with Multi-Attach enabled only supports a maximum of 16 Nitro-based EC2 instances in a single Availability Zone, and it does not provide cross-AZ access or petabyte-scale storage. Option C is wrong because Amazon S3 is an object storage service accessed via HTTP/HTTPS APIs, not a POSIX-compliant shared file system that can be mounted directly as a drive by EC2 instances. Option D is wrong because Amazon EC2 Instance Store provides temporary block-level storage that is physically attached to the host server, is not durable (data is lost on instance stop/termination), and cannot be shared across multiple instances.

175
MCQmedium

A company runs a web application behind an Application Load Balancer (ALB). The security team wants to protect the application from common web exploits such as SQL injection and cross-site scripting (XSS). They need a managed service that allows them to create custom rules to filter malicious HTTP traffic and integrates directly with the ALB and Amazon CloudFront. Which AWS service should the security team configure?

A.AWS WAF
B.AWS Shield Advanced
C.AWS Firewall Manager
D.AWS Network Firewall
AnswerA

Correct. AWS WAF is a web application firewall that protects against common web exploits like SQL injection and XSS. It integrates directly with ALB and CloudFront and allows custom rule creation.

Why this answer

AWS WAF is a managed web application firewall that protects against common web exploits like SQL injection and cross-site scripting (XSS). It integrates directly with Application Load Balancers (ALB) and Amazon CloudFront, and allows you to create custom rules to filter malicious HTTP traffic based on conditions such as IP addresses, HTTP headers, and request body patterns.

Exam trap

The trap here is that candidates often confuse AWS WAF with AWS Shield Advanced, thinking both provide application-layer filtering, but Shield Advanced only provides DDoS mitigation and does not inspect HTTP payloads for SQL injection or XSS.

How to eliminate wrong answers

Option B (AWS Shield Advanced) is wrong because it provides DDoS protection at the network and transport layers, not application-layer filtering for SQL injection or XSS. Option C (AWS Firewall Manager) is wrong because it is a centralized policy management service for deploying firewall rules across accounts, not a service that itself inspects HTTP traffic for web exploits. Option D (AWS Network Firewall) is wrong because it inspects network traffic at layers 3 and 4 (and some layer 7 for domain filtering), but it does not provide the granular HTTP request inspection needed for SQL injection or XSS detection.

176
MCQmedium

A financial institution needs a private, dedicated, high-bandwidth network connection from their on-premises data centre to AWS that does not traverse the public internet, provides consistent low latency, and supports up to 100 Gbps bandwidth. Which AWS service provides this?

A.AWS Site-to-Site VPN
B.AWS Direct Connect
C.Amazon CloudFront
D.AWS Transit Gateway
AnswerB

Direct Connect provides a dedicated, private physical connection (1 Gbps to 100 Gbps) from on-premises to AWS. Traffic never touches the public internet, providing consistent low latency and reliable bandwidth.

Why this answer

AWS Direct Connect is the correct choice because it provides a private, dedicated network connection from an on-premises data center to AWS that bypasses the public internet, ensuring consistent low latency and supporting bandwidths up to 100 Gbps (via 100 Gbps dedicated connections or link aggregation). This meets all the specified requirements for a high-bandwidth, private, and low-latency link.

Exam trap

The trap here is that candidates often confuse AWS Site-to-Site VPN with Direct Connect, assuming VPN provides dedicated bandwidth and low latency, but VPNs are inherently internet-based and subject to public network variability, while Direct Connect offers a private, dedicated physical link.

How to eliminate wrong answers

Option A (AWS Site-to-Site VPN) is wrong because it traverses the public internet over encrypted tunnels (IPsec), which cannot guarantee consistent low latency or dedicated bandwidth, and typically maxes out at lower throughput (e.g., ~1.25 Gbps per VPN tunnel). Option C (Amazon CloudFront) is wrong because it is a content delivery network (CDN) that caches data at edge locations for low-latency delivery to end users, not a dedicated network connection for hybrid connectivity between a data center and AWS. Option D (AWS Transit Gateway) is wrong because it is a network transit hub that connects multiple VPCs and on-premises networks, but it does not itself provide the physical or dedicated connection; it requires an underlying connection like Direct Connect or VPN to function.

177
MCQmedium

A company hosts an e-commerce website on Amazon EC2 instances in the us-east-1 Region. The website serves static assets (images, CSS, and JavaScript) to a global user base. Users in Europe and Asia report slow page load times. The company needs to improve the performance of delivering these static assets to all users without modifying the application code or provisioning additional origin servers. Which AWS service should the company use?

A.Deploy the website on additional Amazon EC2 instances in the eu-west-1 and ap-southeast-1 Regions, and use a Network Load Balancer to distribute traffic across all Regions.
B.Use Amazon CloudFront to distribute the static assets from AWS edge locations.
C.Use Amazon Route 53 with geolocation routing policies to route users to the nearest AWS Region for the website.
D.Enable S3 Transfer Acceleration on the Amazon S3 bucket that stores the static assets.
AnswerB

CloudFront caches static content at edge locations around the world. When a user requests a file, CloudFront serves it from the nearest edge location, reducing latency and improving load times without any changes to the origin application.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets at AWS edge locations worldwide, reducing latency for global users without requiring code changes or additional origin servers. It integrates seamlessly with EC2 origins and automatically serves content from the nearest edge location, directly addressing the slow page load times reported in Europe and Asia.

Exam trap

The trap here is that candidates often confuse S3 Transfer Acceleration (which optimizes uploads to S3) with a CDN service (which optimizes downloads to users), leading them to select Option D even though the question explicitly asks about delivering static assets to a global user base.

How to eliminate wrong answers

Option A is wrong because provisioning additional EC2 instances in other Regions and using a Network Load Balancer (NLB) does not cache static assets at edge locations; NLB operates at the transport layer (Layer 4) and cannot distribute traffic across multiple Regions or reduce latency for static content without modifying application code. Option C is wrong because Amazon Route 53 geolocation routing policies only direct DNS queries to the nearest Region's origin server, but they do not cache or accelerate content delivery; users would still experience latency from the origin server's response time. Option D is wrong because S3 Transfer Acceleration only speeds up uploads to an S3 bucket over long distances using AWS edge locations, but it does not accelerate downloads or serve cached content to end users; the scenario requires improving delivery of static assets to users, not uploading them.

178
MCQmedium

A company wants to use AWS to run a relational database that is compatible with MySQL but with improved performance and availability. Which service should they use?

A.Amazon RDS for MySQL
B.Amazon Aurora
C.Amazon DynamoDB
D.Amazon Redshift
AnswerB

Aurora is MySQL-compatible with up to 5x better performance, automatic multi-AZ replication, and auto-scaling storage.

Why this answer

Amazon Aurora is the correct choice because it is a MySQL-compatible relational database engine that provides significantly higher performance (up to 5x faster than standard MySQL) and improved availability through features like distributed storage, automatic failover, and six-way replication across three Availability Zones. Aurora is designed to deliver the durability and availability of commercial databases while maintaining MySQL compatibility, making it ideal for workloads requiring enhanced performance and uptime.

Exam trap

The trap here is that candidates may assume Amazon RDS for MySQL is sufficient for improved performance and availability, overlooking that Aurora is specifically engineered to outperform standard MySQL while maintaining full compatibility, and that DynamoDB and Redshift are not relational databases.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a managed MySQL database service that does not offer the same level of performance improvements or built-in high availability as Aurora; it relies on standard MySQL engine limitations and requires manual Multi-AZ configuration for failover. Option C is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, and is not compatible with MySQL queries or schemas. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a relational database for transactional workloads, and it is not compatible with MySQL.

179
MCQeasy

A company runs a database on an Amazon EC2 instance. They need block storage that persists independently from the EC2 instance — if the instance is stopped or terminated, the data must remain available. Which AWS storage service provides this?

A.Amazon S3
B.Instance Store
C.Amazon EBS
D.Amazon EFS
AnswerC

EBS provides durable, persistent block storage volumes that attach to EC2 instances. Data persists independently of the instance state — if the instance is stopped or the volume is detached, data remains intact.

Why this answer

Amazon EBS (Elastic Block Store) provides persistent block-level storage volumes that can be attached to an EC2 instance. Unlike instance store, EBS volumes persist independently of the instance lifecycle — data remains intact even when the instance is stopped or terminated, as long as the volume is not deleted. This makes EBS the correct choice for the requirement of persistent, independent block storage.

Exam trap

The trap here is that candidates confuse 'persistent block storage' with 'instance store' because both appear as block devices, but instance store is ephemeral and tied to the instance's physical host, while EBS is a separate network-attached volume that survives instance stops and terminations.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service, not block storage; it stores data as objects in buckets and is accessed via HTTP/HTTPS APIs, not as a block device attached to an EC2 instance. Option B is wrong because Instance Store provides temporary block-level storage physically attached to the host computer, but its data is ephemeral — it is lost when the instance is stopped, terminated, or fails. Option D is wrong because Amazon EFS is a file-level storage service (NFS-based) that provides a shared file system for multiple instances, not a block storage device that can be attached as a single volume to one instance.

180
MCQmedium

A company is building a serverless web application using AWS Lambda for compute. The application needs to expose RESTful API endpoints that allow users to perform CRUD operations on a database. The API must support authentication using API keys, throttle requests to prevent abuse, and validate incoming request payloads before they reach the Lambda functions. The company wants a fully managed service that handles these API management tasks and integrates directly with AWS Lambda. Which AWS service should the company use?

A.Amazon CloudFront
B.Amazon API Gateway
C.Application Load Balancer
D.AWS Step Functions
AnswerB

Amazon API Gateway is a fully managed service designed to handle all aspects of API management, including authentication (API keys, IAM, Cognito), request throttling, rate limiting, request validation, and direct integration with AWS Lambda. It is the correct choice for exposing Lambda-based serverless applications as RESTful APIs.

Why this answer

Amazon API Gateway is a fully managed service that handles RESTful API creation, authentication via API keys, request throttling to prevent abuse, and request payload validation before invoking AWS Lambda functions. It integrates natively with Lambda, making it the ideal choice for serverless web applications requiring CRUD operations with built-in API management.

Exam trap

The trap here is that candidates may confuse Application Load Balancer (ALB) with API Gateway because both can invoke Lambda, but ALB lacks the API management features (API keys, throttling, payload validation) that are explicitly required in the question.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and distributes content at edge locations; it does not provide API key authentication, request throttling, or payload validation for RESTful APIs. Option C is wrong because Application Load Balancer (ALB) distributes incoming HTTP/HTTPS traffic to targets like Lambda functions but lacks native API key management, throttling, and request validation features; it is a load balancer, not an API management service. Option D is wrong because AWS Step Functions is a serverless orchestration service for coordinating multiple AWS services into workflows; it does not expose RESTful API endpoints, handle authentication, or perform request validation.

181
MCQmedium

A company launches EC2 instances in a public subnet of their VPC. For these instances to communicate directly with the internet — both to receive inbound requests and to make outbound requests — which VPC component must be attached to the VPC and referenced in the subnet's route table?

A.NAT Gateway
B.VPC Peering connection
C.Internet Gateway
D.Virtual Private Gateway
AnswerC

An Internet Gateway enables instances in public subnets to communicate bidirectionally with the internet. The subnet's route table must direct 0.0.0.0/0 traffic to the IGW for instances with public IPs to be reachable from the internet.

Why this answer

An Internet Gateway (IGW) is a horizontally scaled, redundant VPC component that enables communication between a VPC and the internet. For EC2 instances in a public subnet to both receive inbound requests and make outbound requests, the IGW must be attached to the VPC and a route in the subnet's route table must point 0.0.0.0/0 (or a specific public IP range) to the IGW. Without the IGW, the instances have no path to the internet, even if they have public IP addresses.

Exam trap

The trap here is that candidates often confuse a NAT Gateway with an Internet Gateway, mistakenly thinking a NAT Gateway alone can provide bidirectional internet access, when in fact a NAT Gateway only supports outbound traffic and requires an IGW for internet connectivity.

How to eliminate wrong answers

Option A is wrong because a NAT Gateway only enables outbound internet traffic from private subnets and does not allow inbound connections from the internet; it requires an Internet Gateway in the VPC to function. Option B is wrong because a VPC Peering connection only allows traffic between two VPCs using private IP addresses, not direct internet access. Option D is wrong because a Virtual Private Gateway is used to connect a VPC to an on-premises network via VPN or Direct Connect, not for direct internet communication.

182
MCQmedium

A mobile gaming company is developing a real-time multiplayer game that requires ultra-low latency (under 10 milliseconds) for player interactions. The company expects most of its users to be on 5G mobile networks. To meet the latency requirement, the company needs to deploy compute and storage resources as close as possible to the mobile subscribers, directly at the edge of the telecommunications network. Which AWS service should the company use?

A.AWS Wavelength
B.AWS Local Zones
C.AWS Outposts
D.Amazon CloudFront Edge Locations
AnswerA

Correct. AWS Wavelength brings AWS compute and storage to the edge of 5G networks, providing ultra-low latency for mobile applications such as real-time gaming, AR/VR, and live video processing. This service is purpose-built for scenarios where latency to mobile subscribers is critical and the application must run within the telecom network edge.

Why this answer

AWS Wavelength is the correct choice because it embeds AWS compute and storage services directly at the edge of 5G telecommunications networks, enabling ultra-low latency (under 10 ms) for mobile subscribers. This allows the gaming company to process player interactions within the carrier's network, minimizing the round-trip time between the mobile device and the application server.

Exam trap

The trap here is that candidates confuse AWS Local Zones or CloudFront Edge Locations as suitable for ultra-low latency compute, but only Wavelength is purpose-built for 5G mobile edge computing with direct carrier integration.

How to eliminate wrong answers

Option B (AWS Local Zones) is wrong because Local Zones place AWS infrastructure closer to metropolitan areas but not directly inside telecom carrier edge nodes, so they cannot guarantee sub-10 ms latency for 5G mobile users. Option C (AWS Outposts) is wrong because Outposts are customer-managed racks deployed on-premises, not integrated into a telecom provider's 5G network edge, and they lack the native 5G connectivity required for this use case. Option D (Amazon CloudFront Edge Locations) is wrong because CloudFront edge locations are designed for content delivery and caching, not for running compute-intensive real-time game logic with ultra-low latency requirements, and they do not provide the direct 5G network integration that Wavelength offers.

183
MCQmedium

A company hosts a static website on Amazon S3. The website serves product images and documents to customers around the world. Users in distant regions report slow load times. The company wants to reduce latency for all users without changing the existing S3 bucket configuration. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Direct Connect
C.Amazon Route 53
D.AWS Global Accelerator
AnswerA

Correct. CloudFront is a CDN that caches static content at edge locations, reducing latency for global users.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static content (e.g., images, documents) at edge locations worldwide. By distributing content from the nearest edge location to the user, CloudFront significantly reduces latency without requiring any changes to the existing S3 bucket configuration. The origin remains the S3 bucket, and CloudFront handles the global distribution automatically.

Exam trap

The trap here is that candidates often confuse AWS Global Accelerator with a CDN, but Global Accelerator optimizes network path for dynamic traffic (e.g., API calls) and does not cache static content, making CloudFront the correct choice for static website acceleration.

How to eliminate wrong answers

Option B (AWS Direct Connect) is wrong because it establishes a dedicated private network connection from an on-premises data center to AWS, which does not improve latency for global end users accessing a public website; it only benefits hybrid cloud connectivity. Option C (Amazon Route 53) is wrong because it is a DNS service that translates domain names to IP addresses and can route traffic via latency-based routing, but it does not cache or accelerate content delivery—it only directs users to the S3 bucket endpoint, which still suffers from the same geographic latency. Option D (AWS Global Accelerator) is wrong because it improves performance for TCP/UDP traffic by routing users to the nearest AWS edge location and then over the AWS global network, but it is designed for dynamic content and non-HTTP protocols, not for caching static assets; it does not reduce latency for static file downloads as effectively as a CDN.

184
MCQmedium

A development team is building a serverless application that processes image uploads to Amazon S3. The application needs to automatically generate a thumbnail version of each uploaded image and store it in a separate S3 bucket. The team wants to minimize operational overhead and only pay for the compute time used during thumbnail generation. Which AWS service should the team use to execute the thumbnail generation code in response to S3 upload events?

A.Amazon EC2 Auto Scaling group
B.AWS Lambda
C.Amazon ECS with Fargate
D.Amazon Elastic Beanstalk
AnswerB

AWS Lambda is a serverless compute service that can be triggered directly by S3 events. It runs code only when invoked, scales automatically, and bills only for the compute time used, meeting all the stated requirements.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that can be triggered directly by S3 events (e.g., s3:ObjectCreated:*). This allows the thumbnail generation code to run automatically in response to each image upload, with no servers to manage and billing based only on the compute time consumed during execution.

Exam trap

The trap here is that candidates may confuse 'serverless' with container services like Fargate, but Lambda is the only option that natively integrates with S3 events and charges only for execution time, while Fargate still requires managing task definitions and incurs costs for running containers even when idle.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling group manages a fleet of virtual servers that run continuously, incurring costs even when idle, and requires manual integration with S3 events via polling or additional services like SQS, adding operational overhead. Option C is wrong because Amazon ECS with Fargate, while serverless at the container level, still requires defining a task definition, managing a cluster, and handling event integration via EventBridge or S3 notifications, which introduces more complexity and potential for idle costs compared to Lambda's direct event-driven model. Option D is wrong because Amazon Elastic Beanstalk is a PaaS service that provisions and manages underlying EC2 instances, which run continuously and are not event-driven; it would require additional components (e.g., SQS, Lambda) to react to S3 uploads, defeating the goal of minimizing overhead and pay-per-use compute.

185
MCQeasy

A gaming company needs a database that can handle millions of requests per second with consistent single-digit millisecond latency and automatically scales without any capacity planning. Which AWS database service meets these requirements?

A.Amazon RDS for MySQL
B.Amazon Aurora
C.Amazon DynamoDB
D.Amazon Redshift
AnswerC

DynamoDB is a serverless NoSQL database that automatically scales to handle millions of requests per second with single-digit millisecond response times. No server or capacity management is needed.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers consistent single-digit millisecond latency at any scale. It automatically scales throughput capacity via on-demand mode, eliminating the need for capacity planning, and can handle millions of requests per second, making it ideal for high-traffic gaming workloads.

Exam trap

The trap here is that candidates often confuse Amazon Aurora's auto-scaling storage with automatic throughput scaling, overlooking that Aurora still requires manual compute provisioning and does not match DynamoDB's ability to handle millions of requests per second without capacity planning.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database that requires manual scaling (e.g., instance resizing, read replicas) and cannot automatically handle millions of requests per second with single-digit millisecond latency without significant tuning and capacity planning. Option B is wrong because Amazon Aurora, while high-performance and auto-scaling for storage, is a relational database that still requires provisioning compute capacity and does not natively support the sub-millisecond, auto-scaling throughput needed for millions of requests per second without manual intervention. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for complex analytical queries, not for high-throughput, low-latency transactional workloads, and it requires capacity planning for node types and clusters.

186
MCQeasy

Which AWS service provides a serverless, fully managed Apache Kafka-compatible data streaming service?

A.Amazon SQS
B.Amazon Kinesis Data Streams
C.Amazon MSK (Managed Streaming for Apache Kafka)
D.AWS Step Functions
AnswerC

Amazon MSK provides fully managed Apache Kafka clusters on AWS, with MSK Serverless for serverless operation, maintaining full Kafka API compatibility.

Why this answer

Amazon MSK (Managed Streaming for Apache Kafka) is the correct answer because it is a fully managed, serverless service that provides Apache Kafka-compatible data streaming. It handles cluster provisioning, scaling, and maintenance, allowing you to run Kafka workloads without managing infrastructure. This directly matches the question's requirement for a serverless, fully managed Apache Kafka-compatible service.

Exam trap

The trap here is that candidates confuse Amazon Kinesis Data Streams with a Kafka-compatible service, but Kinesis uses its own API and is not compatible with Kafka protocols, while MSK is the only fully managed Kafka-compatible option.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a fully managed message queue service that uses pull-based messaging, not a streaming platform, and it is not compatible with Apache Kafka protocols or APIs. Option B is wrong because Amazon Kinesis Data Streams is a serverless streaming service but uses its own proprietary API and is not Apache Kafka-compatible; it does not support Kafka producers or consumers. Option D is wrong because AWS Step Functions is a serverless orchestration service for coordinating workflows, not a data streaming service, and it has no relation to Apache Kafka.

187
MCQmedium

A data science team wants to build, train, and deploy machine learning models without managing the underlying server infrastructure for training and inference. Which AWS service provides a fully managed environment for the machine learning workflow?

A.AWS Lambda
B.Amazon EC2 with NVIDIA GPUs
C.Amazon SageMaker
D.Amazon Rekognition
AnswerC

SageMaker provides a complete managed ML platform: data labelling (Ground Truth), a managed Jupyter notebook environment, distributed training infrastructure, and one-click model deployment to a managed endpoint.

Why this answer

Amazon SageMaker is a fully managed service that provides every component needed for the machine learning workflow, including data labeling, model building, training, tuning, and deployment. It eliminates the need to manage underlying server infrastructure for both training and inference by automatically provisioning, scaling, and managing compute resources.

Exam trap

The trap here is that candidates often confuse 'fully managed ML workflow' with 'serverless compute' (Lambda) or 'raw compute power' (EC2), but the key differentiator is that SageMaker manages the entire ML lifecycle from data preparation to deployment, not just a single compute step.

How to eliminate wrong answers

Option A is wrong because AWS Lambda is a serverless compute service designed for short-running, event-driven functions (max 15-minute execution time) and is not suitable for the long-running, resource-intensive training and inference tasks of a full ML workflow. Option B is wrong because Amazon EC2 with NVIDIA GPUs provides raw compute infrastructure that requires the data science team to manually manage the operating system, ML frameworks, scaling, and fault tolerance, which contradicts the requirement of not managing underlying server infrastructure. Option D is wrong because Amazon Rekognition is a pre-trained AI service for image and video analysis (e.g., facial recognition, object detection) and does not allow users to build, train, or deploy custom machine learning models.

188
MCQeasy

Which AWS service enables real-time translation of text between languages for applications serving a global audience?

A.Amazon Comprehend
B.Amazon Polly
C.Amazon Translate
D.Amazon Transcribe
AnswerC

Amazon Translate provides real-time and batch neural machine translation between multiple language pairs via a simple API.

Why this answer

Amazon Translate is a neural machine translation service that delivers fast, high-quality, and customizable language translation in real time. It is specifically designed to translate text between languages for applications serving a global audience, making it the correct choice for this use case.

Exam trap

The trap here is that candidates often confuse Amazon Translate with Amazon Comprehend, mistakenly thinking that NLP capabilities include translation, but Comprehend only analyzes text in its original language and does not convert it to another language.

How to eliminate wrong answers

Option A is wrong because Amazon Comprehend is a natural language processing (NLP) service that extracts insights like sentiment, entities, and key phrases from text, but it does not translate text between languages. Option B is wrong because Amazon Polly is a text-to-speech service that converts text into lifelike speech, not a translation service. Option D is wrong because Amazon Transcribe is an automatic speech recognition (ASR) service that converts audio to text, but it does not perform language translation.

189
MCQmedium

A company has two separate VPCs — one for development workloads and one for a shared services environment — and wants EC2 instances in both VPCs to communicate with each other using private IP addresses without traffic traversing the public internet. Which AWS feature enables this?

A.Internet Gateway
B.NAT Gateway
C.VPC Peering
D.AWS Direct Connect
AnswerC

VPC Peering connects two VPCs (even across accounts or regions) so instances can communicate using private IPs without public internet exposure. Traffic remains on the AWS private network.

Why this answer

VPC Peering enables direct network connectivity between two VPCs using private IP addresses, with traffic routed entirely within the AWS network backbone. This allows EC2 instances in the development VPC and the shared services VPC to communicate without traversing the public internet, as traffic stays within the AWS global infrastructure.

Exam trap

The trap here is that candidates often confuse VPC Peering with a NAT Gateway or Internet Gateway, mistakenly thinking those services can bridge two VPCs, when in fact they are designed for internet-bound traffic, not private VPC-to-VPC connectivity.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway (IGW) is a horizontally scaled, redundant component that allows communication between a VPC and the public internet, not between two separate VPCs. Option B is wrong because a NAT Gateway enables instances in a private subnet to initiate outbound traffic to the internet (e.g., for updates) but does not allow inbound connections from another VPC or direct VPC-to-VPC communication. Option D is wrong because AWS Direct Connect establishes a dedicated private network connection from an on-premises data center to AWS, not between two VPCs within AWS.

190
MCQeasy

Which AWS service is a fully managed data warehousing service optimized for online analytical processing (OLAP) of large datasets?

A.Amazon RDS
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon Aurora
AnswerC

Redshift is AWS's cloud data warehouse, optimized for complex analytical queries across petabytes of structured data using columnar storage and MPP.

Why this answer

Amazon Redshift is a fully managed, petabyte-scale data warehouse service designed specifically for online analytical processing (OLAP) of large datasets. It uses columnar storage, massively parallel processing (MPP), and data compression to deliver fast query performance on structured and semi-structured data, making it the correct choice for OLAP workloads.

Exam trap

The trap here is that candidates often confuse OLTP services (RDS, Aurora, DynamoDB) with OLAP services, mistakenly thinking any database can handle large-scale analytics, but AWS specifically positions Redshift as the only fully managed data warehouse for OLAP workloads.

How to eliminate wrong answers

Option A is wrong because Amazon RDS is a relational database service optimized for online transaction processing (OLTP), not for large-scale analytical queries. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database designed for low-latency, high-throughput OLTP workloads, not for complex analytical queries on large datasets. Option D is wrong because Amazon Aurora is a MySQL- and PostgreSQL-compatible relational database engine focused on OLTP performance and high availability, not on OLAP or data warehousing.

191
MCQeasy

A company collects sensor data from IoT devices and stores the data in Amazon S3. For the first 90 days, the data is accessed frequently for real-time analysis. After 90 days, the data is rarely accessed but must be retrievable within 24 hours for compliance audits. After 365 days, the data must be retained for legal purposes but can be deleted after 7 years. Which S3 storage class should the company use for the data from day 91 to day 365 to minimize storage costs while meeting the retrieval time requirement?

A.Amazon S3 Standard
B.Amazon S3 Glacier Flexible Retrieval
C.Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
D.Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
AnswerC

S3 Standard-IA is ideal for data that is accessed less frequently but requires rapid access when needed. It provides the same low-latency retrieval as S3 Standard at a lower storage cost, perfectly matching the requirement of retrievability within 24 hours while minimizing cost.

Why this answer

From day 91 to day 365, the data is rarely accessed but must be retrievable within 24 hours. Amazon S3 Standard-IA (S3 Standard-IA) is designed for infrequently accessed data that needs rapid access when required, with retrieval times in milliseconds, easily meeting the 24-hour requirement. It offers lower storage costs than S3 Standard while still providing high durability and low-latency retrieval, making it the most cost-effective choice for this period.

Exam trap

The trap here is that candidates see 'rarely accessed' and 'retrievable within 24 hours' and incorrectly choose S3 Glacier Flexible Retrieval, forgetting that Glacier retrieval times are typically minutes to hours (not milliseconds) and that S3 Standard-IA is the correct infrequent-access tier for data that still needs rapid retrieval.

How to eliminate wrong answers

Option A is wrong because Amazon S3 Standard is optimized for frequently accessed data and has higher storage costs, making it unnecessarily expensive for data that is rarely accessed after 90 days. Option B is wrong because Amazon S3 Glacier Flexible Retrieval has a retrieval time of minutes to hours (typically 1-5 minutes for expedited, but standard retrievals can take 3-5 hours), which does not meet the requirement of retrievable within 24 hours, but more importantly, it is designed for archival data and would be overkill for data that is only 91-365 days old and still needs occasional access. Option D is wrong because Amazon S3 One Zone-IA stores data in a single Availability Zone, which does not provide the same level of durability and availability as S3 Standard-IA, and the scenario does not specify that data can tolerate zone-level failures; S3 Standard-IA is the safer and more appropriate choice for compliance and legal retention needs.

192
MCQmedium

A company needs to integrate their on-premises Active Directory with AWS to enable SSO for employees accessing AWS services. Which AWS service provides this federation capability?

A.Amazon Cognito
B.AWS IAM Identity Center
C.AWS Directory Service AD Connector
D.AWS IAM roles
AnswerB

IAM Identity Center integrates with Active Directory to provide SSO access to multiple AWS accounts, with users signing in once to access all their permitted AWS environments.

Why this answer

AWS IAM Identity Center (formerly AWS SSO) is the correct service for integrating on-premises Active Directory with AWS to enable single sign-on (SSO) for employees accessing AWS services. It supports federation via SAML 2.0 or SCIM protocols, allowing you to connect your existing AD identity source and centrally manage user access to multiple AWS accounts and business applications.

Exam trap

The trap here is that candidates confuse AWS Directory Service AD Connector (which only proxies authentication) with the full SSO and access management capabilities of IAM Identity Center, leading them to choose Option C.

How to eliminate wrong answers

Option A is wrong because Amazon Cognito is designed for customer-facing identity and access management (e.g., mobile app users), not for federating enterprise on-premises Active Directory with AWS for employee SSO. Option C is wrong because AWS Directory Service AD Connector is a proxy that forwards authentication requests to your on-premises AD but does not provide the centralized SSO portal, permission sets, or multi-account management capabilities that IAM Identity Center offers. Option D is wrong because AWS IAM roles are a mechanism for granting permissions, not a service that provides federation or SSO integration; while roles can be used in federation flows, they require an external identity provider (IdP) and do not themselves integrate with on-premises AD.

193
MCQmedium

A development team needs to deploy a web application on AWS. They want to avoid managing the underlying infrastructure, such as EC2 instances and load balancers, but still need the ability to control scaling, update the application code, and perform rollbacks. The application must scale automatically based on demand and remain highly available. Which AWS service should the team use?

A.AWS Elastic Beanstalk
B.Amazon EC2 with Auto Scaling groups and an Application Load Balancer
C.AWS Lambda
D.Amazon ECS using the EC2 launch type
AnswerA

Correct. AWS Elastic Beanstalk is a PaaS that abstracts the underlying infrastructure (EC2, load balancers, scaling) and automatically manages deployment, scaling, and health monitoring. Developers can upload code and configure scaling and rollback policies without managing servers.

Why this answer

AWS Elastic Beanstalk is the correct choice because it provides a Platform as a Service (PaaS) model that abstracts the underlying EC2 instances, load balancers, and Auto Scaling groups. It allows the team to upload their application code, and Elastic Beanstalk automatically handles capacity provisioning, load balancing, scaling, and health monitoring. The team retains control over scaling configuration, application version updates, and rollbacks through the Elastic Beanstalk console or CLI, without managing the infrastructure directly.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with Amazon EC2 Auto Scaling, thinking that Auto Scaling alone meets the 'no infrastructure management' requirement, but Auto Scaling still requires managing the underlying EC2 instances and load balancer configuration.

How to eliminate wrong answers

Option B is wrong because Amazon EC2 with Auto Scaling groups and an Application Load Balancer requires the team to manually provision, configure, and manage the EC2 instances, load balancer, and scaling policies, which contradicts the requirement to avoid managing underlying infrastructure. Option C is wrong because AWS Lambda is a serverless compute service designed for event-driven, short-running functions (max 15-minute execution time) and is not suitable for deploying a full web application that requires persistent connections, long-running processes, or custom runtime environments. Option D is wrong because Amazon ECS using the EC2 launch type requires the team to manage the underlying EC2 instances, including patching, scaling the cluster, and configuring the container orchestration, which does not meet the requirement to avoid infrastructure management.

194
MCQmedium

A company runs an e-commerce application using Amazon RDS for MySQL. The database stores order and customer information. To achieve high availability, the company configures a Multi-AZ deployment. Which of the following describes a benefit of this configuration?

A.It automatically scales the database read capacity to handle traffic spikes.
B.It automatically fails over to a standby instance in a different Availability Zone if the primary instance fails.
C.It creates read replicas in multiple Regions to reduce latency for global users.
D.It encrypts data at rest using AWS KMS without any additional configuration.
AnswerB

This is the primary benefit of Multi-AZ. A synchronous standby is maintained in another AZ, and failover happens automatically to ensure high availability.

Why this answer

Option B is correct because a Multi-AZ deployment for Amazon RDS automatically synchronously replicates data to a standby instance in a different Availability Zone. If the primary instance fails (due to hardware failure, AZ outage, or patching), Amazon RDS automatically performs a failover to the standby, promoting it to become the new primary. This provides high availability by minimizing downtime without requiring manual intervention.

Exam trap

The trap here is that candidates often confuse Multi-AZ deployments with Read Replicas, assuming Multi-AZ provides read scaling or cross-Region benefits, when in fact it only provides high availability within a single Region.

How to eliminate wrong answers

Option A is wrong because Multi-AZ deployments do not automatically scale read capacity; they are designed for high availability and failover, not for scaling read traffic. To scale read capacity, you would need to use RDS Read Replicas, which are separate from Multi-AZ. Option C is wrong because Multi-AZ deployments operate within a single AWS Region across multiple Availability Zones, not across multiple Regions; cross-Region read replicas are a separate feature used for disaster recovery or global latency reduction.

195
MCQmedium

A company wants to analyse petabytes of historical sales data using standard SQL queries and connect their existing business intelligence (BI) tools to the data store. The workload is analytical (OLAP), not transactional (OLTP). Which AWS service is designed for this use case?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon Aurora
AnswerC

Redshift is AWS's managed data warehouse service specifically designed for OLAP. It uses columnar storage and parallel query execution to efficiently run complex SQL queries across petabytes of data and integrates with standard BI tools.

Why this answer

Amazon Redshift is a fully managed, petabyte-scale data warehouse service designed for analytical (OLAP) workloads. It uses standard SQL and integrates directly with popular BI tools via JDBC/ODBC connections, making it ideal for querying large historical datasets and connecting existing business intelligence tools.

Exam trap

The trap here is that candidates often confuse OLTP databases (like RDS, Aurora, or DynamoDB) with OLAP data warehouses, assuming any SQL-capable service can handle petabyte-scale analytics, but only Redshift is purpose-built for that workload with columnar storage and MPP.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database optimized for transactional (OLTP) workloads, not for petabyte-scale analytical queries; it lacks the columnar storage and massively parallel processing (MPP) architecture needed for OLAP. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database designed for low-latency, high-throughput transactional workloads, not for complex SQL analytical queries on petabytes of data. Option D is wrong because Amazon Aurora is a MySQL- and PostgreSQL-compatible relational database built for OLTP, not for petabyte-scale data warehousing; it does not provide the columnar storage or MPP engine required for large-scale analytical processing.

196
MCQmedium

A company's application experiences traffic spikes every weekday morning when employees arrive at work. During off-hours, very few users are active. Which AWS feature automatically adjusts the number of EC2 instances based on demand, adding instances during peak hours and removing them during quiet periods?

A.Amazon EC2 Reserved Instances
B.AWS Elastic Load Balancing
C.Amazon EC2 Auto Scaling
D.AWS CloudFormation
AnswerC

EC2 Auto Scaling Groups automatically launch or terminate instances based on scaling policies. Scheduled policies add capacity before known peaks; dynamic policies respond to CloudWatch metrics in real time.

Why this answer

Amazon EC2 Auto Scaling is the correct service because it automatically adjusts the number of EC2 instances in response to demand, using scaling policies (e.g., scheduled scaling or dynamic scaling) to add instances during peak hours and terminate them during quiet periods. This directly matches the described traffic pattern of weekday morning spikes and off-hour lulls, without manual intervention.

Exam trap

The trap here is that candidates often confuse Elastic Load Balancing with Auto Scaling, assuming load balancers automatically scale instances, when in fact ELB only distributes traffic and requires Auto Scaling to adjust capacity.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Reserved Instances provide a billing discount for committing to a specific instance configuration over 1 or 3 years, but they do not automatically add or remove instances based on demand. Option B is wrong because AWS Elastic Load Balancing distributes incoming traffic across multiple targets (e.g., EC2 instances) but does not scale the number of instances up or down; it requires an external scaling mechanism like Auto Scaling. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service that provisions and manages AWS resources via templates, but it does not dynamically adjust instance counts in response to real-time traffic changes.

197
MCQmedium

A media production company has a physical studio in Atlanta, Georgia. The company runs video editing workloads on Amazon EC2 instances that require single-digit millisecond latency to the studio's on-premises storage and workstations. The company wants to use AWS infrastructure that is physically located in or very near Atlanta to achieve this latency, while still having full access to AWS services like EC2, EBS, and VPC. The company does not want to manage the underlying hardware. Which AWS infrastructure option should the company use?

A.AWS Outposts
B.AWS Local Zones
C.AWS Wavelength
D.AWS Edge Locations
AnswerB

AWS Local Zones are specifically designed to provide single-digit millisecond latency for applications in a specific geographic area. They are fully managed by AWS and extend the AWS Region to be closer to end users. The company can run EC2 instances in a Local Zone near Atlanta to achieve the required low latency for video editing workloads.

Why this answer

AWS Local Zones are an infrastructure deployment that places compute, storage, and database services closer to large population centers, enabling single-digit millisecond latency for latency-sensitive applications. Since the company needs physical proximity to Atlanta without managing hardware, a Local Zone in or near Atlanta provides the required low latency while offering full access to EC2, EBS, and VPC services, with AWS handling the underlying hardware.

Exam trap

The trap here is that candidates may confuse AWS Local Zones with AWS Outposts, assuming Outposts is the only way to get on-premises-like latency, but Outposts requires customer-managed hardware, whereas Local Zones provide AWS-managed infrastructure in a specific geographic location.

How to eliminate wrong answers

Option A is wrong because AWS Outposts requires the customer to manage and maintain the physical hardware on-premises, which contradicts the requirement of not wanting to manage underlying hardware. Option C is wrong because AWS Wavelength is specifically designed for ultra-low latency applications at the edge of 5G networks, integrating with telecom providers, and is not intended for general-purpose EC2 workloads requiring proximity to a specific geographic location like Atlanta. Option D is wrong because AWS Edge Locations are content delivery endpoints for CloudFront and Route 53, not compute infrastructure that supports EC2, EBS, and VPC services for running video editing workloads.

198
MCQmedium

A company hosts a file-sharing platform on Amazon S3. The application bucket is in the us-west-2 (Oregon) Region. Users in Europe and Asia experience slow upload speeds when transferring large files. The company wants to improve upload performance by using AWS edge locations to accelerate data transfers to the bucket. The solution must work with standard S3 PUT operations and require minimal application changes. Which AWS feature should the company enable?

A.Amazon CloudFront
B.AWS Direct Connect
C.Amazon S3 Transfer Acceleration
D.AWS Global Accelerator
AnswerC

Amazon S3 Transfer Acceleration uses AWS edge locations to accelerate uploads to S3 buckets. It works with standard S3 PUT operations and only requires using a different endpoint URL, making it the correct choice for this scenario.

Why this answer

Amazon S3 Transfer Acceleration (C) uses AWS edge locations to route uploads over the optimized AWS network backbone, reducing latency for geographically distant clients. It works with standard S3 PUT operations and requires only enabling the feature on the bucket and updating the endpoint URL, minimizing application changes.

Exam trap

The trap here is that candidates confuse CloudFront's download acceleration (caching) with upload acceleration, or assume Direct Connect is a simple, minimal-change solution when it actually requires physical infrastructure and network configuration.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that accelerates downloads via caching at edge locations, not uploads; it does not accelerate S3 PUT operations. Option B is wrong because AWS Direct Connect provides a dedicated private network connection from on-premises to AWS, but it does not leverage edge locations and requires significant infrastructure changes, not minimal application changes.

199
MCQmedium

A company has a web application that processes user-uploaded images. When a user uploads an image, the application needs to resize the image into multiple formats (thumbnail, medium, large). The company wants to avoid managing servers and wants the image processing to execute only when a new image is uploaded. The solution must automatically scale to handle thousands of concurrent uploads. Which AWS service should the company use to perform the image processing?

A.Amazon EC2 Auto Scaling group
B.AWS Lambda
C.Amazon ECS with Fargate launch type
D.AWS Elastic Beanstalk
AnswerB

AWS Lambda is a serverless compute service that runs code in response to triggers, such as an S3 upload event. It scales automatically and charges only for execution duration, making it perfect for short-lived, sporadic image processing tasks.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to events, such as an image upload to Amazon S3. It automatically scales from zero to thousands of concurrent executions, perfectly matching the requirement to avoid managing servers and to process images only when a new upload occurs.

Exam trap

The trap here is that candidates may choose Amazon ECS with Fargate because it is also serverless, but they overlook that Lambda is the simpler, event-driven, and cost-effective service for short-lived, stateless processing tasks triggered by S3 events.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling group requires managing server instances (even with scaling policies) and incurs costs even when idle, which contradicts the requirement to avoid server management and to execute only on upload events. Option C is wrong because Amazon ECS with Fargate launch type, while serverless, is designed for running containerized applications as long-running tasks or services, not for event-driven, short-lived executions triggered by S3 uploads; it adds unnecessary complexity and cost compared to Lambda for this use case.

200
MCQeasy

Which AWS service provides a managed Apache Kafka streaming service without requiring customers to provision, configure, or manage Kafka clusters?

A.Amazon Kinesis Data Streams
B.Amazon MSK Serverless
C.Amazon SQS FIFO queues
D.AWS Glue Streaming ETL
AnswerB

MSK Serverless provides serverless Apache Kafka — AWS manages capacity automatically with full Kafka API compatibility and no cluster provisioning required.

Why this answer

Amazon MSK Serverless is a fully managed Apache Kafka service that automatically provisions, scales, and manages Kafka clusters, eliminating the need for customers to handle cluster infrastructure. It supports the same Kafka producer and consumer APIs, making it ideal for streaming workloads without operational overhead.

Exam trap

The trap here is confusing Amazon Kinesis Data Streams with a managed Kafka service, as both handle streaming data, but Kinesis uses a proprietary API and shard model, not the open-source Kafka protocol.

How to eliminate wrong answers

Option A is wrong because Amazon Kinesis Data Streams is a proprietary streaming service with its own API and shard-based model, not a managed Apache Kafka service. Option C is wrong because Amazon SQS FIFO queues provide ordered, exactly-once message delivery but are not a streaming platform and do not implement the Kafka protocol. Option D is wrong because AWS Glue Streaming ETL is a serverless data integration service for running ETL jobs on streaming data, not a managed Kafka cluster service.

201
MCQeasy

Which AWS service enables automatic speech recognition (ASR) to convert audio from customer service calls into text for further analysis?

A.Amazon Polly
B.Amazon Lex
C.Amazon Transcribe
D.Amazon Comprehend
AnswerC

Transcribe is purpose-built for converting speech recordings to text, supporting batch and real-time transcription with speaker diarization and custom vocabulary.

Why this answer

Amazon Transcribe is the correct AWS service for automatic speech recognition (ASR) because it is specifically designed to convert audio speech into text. It uses deep learning-based ASR models to process audio files or real-time streams, making it ideal for transcribing customer service call recordings for downstream analysis.

Exam trap

The trap here is that candidates confuse Amazon Lex (which also uses ASR) with Amazon Transcribe, but Lex's ASR is used for real-time conversational interactions, not for batch transcription of recorded audio for analysis.

How to eliminate wrong answers

Option A is wrong because Amazon Polly is a text-to-speech (TTS) service that converts text into lifelike speech, not the reverse. Option B is wrong because Amazon Lex is a service for building conversational interfaces (chatbots) using automatic speech recognition (ASR) and natural language understanding (NLU), but its primary purpose is to power interactive voice and text chatbots, not to provide a standalone transcription service for recorded audio. Option D is wrong because Amazon Comprehend is a natural language processing (NLP) service that extracts insights (e.g., sentiment, entities) from text, not audio.

202
MCQmedium

A retail company wants to provide personalized product recommendations on their homepage using machine learning. Which AWS service delivers this without requiring any ML expertise or model training?

A.Amazon SageMaker
B.Amazon Personalize
C.Amazon Forecast
D.Amazon Comprehend
AnswerB

Personalize delivers managed real-time personalized recommendations using interaction data — no ML expertise needed, just data ingestion and API calls for recommendations.

Why this answer

Amazon Personalize is a fully managed ML service that enables developers to build applications with real-time personalized recommendations without requiring any ML expertise or model training. It uses the same technology used by Amazon.com for its recommendation engine, and it automatically handles the entire ML pipeline, including data processing, model training, and inference.

Exam trap

The trap here is that candidates often confuse Amazon SageMaker (a general-purpose ML platform) with Amazon Personalize (a specialized recommendation service), mistakenly assuming that any ML task requires SageMaker, but the question explicitly asks for a service that delivers recommendations without ML expertise or model training.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a comprehensive ML service that requires users to build, train, and deploy their own models, demanding ML expertise and manual model training. Option C is wrong because Amazon Forecast is specifically designed for time-series forecasting (e.g., demand planning, inventory forecasting), not for generating personalized product recommendations. Option D is wrong because Amazon Comprehend is a natural language processing (NLP) service used for extracting insights and relationships from text, such as sentiment analysis or entity recognition, not for recommendation systems.

203
MCQeasy

Which AWS service enables sending promotional and transactional email at scale, such as marketing newsletters and order confirmations?

A.Amazon SNS
B.Amazon Pinpoint
C.Amazon SES
D.Amazon Cognito
AnswerC

SES is purpose-built for high-volume email sending — both transactional and marketing email — with deliverability management, bounce handling, and dedicated IP options.

Why this answer

Amazon SES (Simple Email Service) is specifically designed for sending high-volume transactional and marketing emails, such as order confirmations and newsletters. It provides dedicated SMTP endpoints and APIs for email delivery, with features like bounce handling, suppression lists, and deliverability tracking. This makes it the correct choice for scalable email sending at scale.

Exam trap

The trap here is that candidates confuse Amazon SNS with SES because both can send emails, but SNS is a pub/sub notification service with limited email features, while SES is the dedicated email-sending service for high-volume transactional and marketing emails.

How to eliminate wrong answers

Option A is wrong because Amazon SNS (Simple Notification Service) is a pub/sub messaging service for sending notifications via SMS, email, HTTP, or Lambda, but it is not optimized for high-volume transactional or marketing email campaigns—it lacks dedicated email deliverability features like DKIM signing and suppression lists. Option B is wrong because Amazon Pinpoint is a customer engagement service focused on targeted marketing campaigns across multiple channels (email, SMS, push), but it is not the primary service for raw transactional email at scale; SES is the core email-sending engine behind Pinpoint's email channel. Option D is wrong because Amazon Cognito is an identity and user management service for authentication, authorization, and user pools—it has no capability to send promotional or transactional emails.

204
MCQmedium

A company runs its primary database on an Amazon RDS for MySQL DB instance in the us-east-1 Region. The company's disaster recovery policy requires that the database be recoverable in a different AWS Region within 1 hour of a region-wide failure, with a Recovery Point Objective (RPO) of less than 5 minutes and a Recovery Time Objective (RTO) of less than 1 hour. Which AWS feature should the company use to meet these requirements?

A.Deploy a Multi-AZ RDS DB instance in us-east-1.
B.Create a cross-region read replica of the DB instance in us-west-2.
C.Take manual DB snapshots daily and copy them to us-west-2.
D.Enable termination protection on the RDS instance.
AnswerB

A cross-region read replica asynchronously replicates data from the primary RDS instance to a replica in another region. The replica can be promoted to a standalone primary instance in minutes, achieving an RTO under 1 hour. As replication is near real-time, the RPO is typically a few seconds to minutes, satisfying the <5 minute RPO. This is the correct solution.

Why this answer

A cross-region read replica in us-west-2 meets the RPO of less than 5 minutes because replication is asynchronous with a lag typically under 1 minute, and the RTO of less than 1 hour is achievable by promoting the replica to a standalone primary in the event of a region-wide failure. This approach provides a ready-to-use database copy in another region without the need for manual snapshot restoration.

Exam trap

The trap here is confusing Multi-AZ (single-region high availability) with cross-region disaster recovery, leading candidates to choose Option A because they think 'redundancy' automatically means cross-region protection.

How to eliminate wrong answers

Option A is wrong because Multi-AZ provides high availability within a single region, not cross-region disaster recovery, and cannot meet the RPO/RTO if us-east-1 fails entirely. Option C is wrong because manual daily snapshots have an RPO of up to 24 hours, far exceeding the required 5-minute RPO, and restoring from a snapshot would take longer than 1 hour. Option D is wrong because termination protection only prevents accidental deletion of the DB instance, it does not provide any replication, backup, or recovery capability across regions.

205
MCQeasy

A company wants to run a MySQL database in AWS without managing database software installation, applying patches, setting up backups, or configuring replication for high availability. Which AWS service meets these requirements?

A.Amazon EC2 with a self-managed MySQL installation
B.Amazon RDS
C.Amazon Redshift
D.Amazon ElastiCache
AnswerB

Amazon RDS is a fully managed relational database service. AWS handles patching, automated backups, Multi-AZ failover, and monitoring while the customer focuses on schema design and queries.

Why this answer

Amazon RDS is a managed database service that automates database software installation, patching, backup, and replication for high availability. By choosing RDS for MySQL, the company offloads these administrative tasks to AWS, meeting the requirement to avoid manual management of the database software, patches, backups, and replication configuration.

Exam trap

The trap here is that candidates may confuse Amazon RDS with Amazon EC2, thinking that running MySQL on EC2 is also 'managed' because AWS manages the hypervisor, but the question explicitly requires not managing the database software, patches, backups, or replication, which EC2 does not provide.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with a self-managed MySQL installation requires the company to manually install, patch, back up, and configure replication for the database, which directly contradicts the requirement to avoid these tasks. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse service based on PostgreSQL, not a relational database for transactional workloads like MySQL, and it does not provide MySQL compatibility or managed MySQL features. Option D is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis and Memcached) that does not persist data like a relational database and cannot run MySQL workloads or provide MySQL-specific management features.

206
MCQmedium

A company needs to implement a disaster recovery strategy where data is continuously replicated to AWS but AWS compute resources are only started during a declared disaster. Which DR strategy does this describe?

A.Backup and Restore
B.Pilot Light
C.Warm Standby
D.Multi-Site Active/Active
AnswerB

Pilot Light keeps a minimal environment running (data replication, database) with compute resources ready to be quickly provisioned only when a disaster is declared, balancing cost and RTO.

Why this answer

The Pilot Light strategy involves continuously replicating data to AWS (e.g., using AWS Database Migration Service or S3 replication) while keeping only a minimal core set of AWS resources (like a small EC2 instance or RDS database) running. Compute resources are not fully provisioned until a disaster is declared, at which point they are scaled up to handle production traffic. This matches the description of data being continuously replicated but compute only started during a declared disaster.

Exam trap

The trap here is that candidates confuse 'Pilot Light' with 'Warm Standby' because both involve some pre-provisioned resources, but Pilot Light keeps compute resources minimal and inactive until failover, whereas Warm Standby runs a scaled-down but fully operational environment.

How to eliminate wrong answers

Option A is wrong because Backup and Restore involves periodic backups (e.g., snapshots to S3) rather than continuous replication, and compute resources are provisioned from scratch during recovery, not started from a pre-existing minimal environment. Option C is wrong because Warm Standby maintains a scaled-down but fully functional copy of the production environment running on AWS, with compute resources already active and ready to handle traffic, not started only during a disaster. Option D is wrong because Multi-Site Active/Active requires compute resources to be running in multiple AWS Regions simultaneously to handle live traffic, not started only upon disaster declaration.

207
MCQmedium

A company runs a web application on multiple Amazon EC2 instances that are behind an Application Load Balancer. The operations team wants to ensure that if any EC2 instance fails, a new instance is automatically launched to replace it and maintain a minimum number of running instances. Which AWS service should the company use to meet this requirement?

A.AWS Elastic Load Balancing
B.Amazon EC2 Auto Scaling
C.AWS Lambda
D.AWS Auto Scaling
AnswerB

Amazon EC2 Auto Scaling is the correct service. It automatically adds or removes EC2 instances based on defined policies or to maintain a desired capacity. If an instance fails, Auto Scaling detects the decrease in healthy capacity and launches a new instance to replace it, ensuring the application remains available.

Why this answer

Amazon EC2 Auto Scaling is the correct service because it automatically launches new EC2 instances to replace failed ones and maintains a specified minimum number of running instances. It integrates with the Application Load Balancer to register new instances and deregister failed ones, ensuring the web application remains available. This directly meets the requirement for automatic instance replacement and capacity maintenance.

Exam trap

The trap here is confusing Amazon EC2 Auto Scaling (which directly manages EC2 instance lifecycle and replacement) with AWS Auto Scaling (a broader service for scaling multiple resources), leading candidates to pick D instead of B.

How to eliminate wrong answers

Option A is wrong because AWS Elastic Load Balancing distributes incoming traffic across healthy instances but does not launch new instances or manage instance counts; it only routes traffic to existing instances. Option C is wrong because AWS Lambda is a serverless compute service for running code in response to events, not for managing or replacing EC2 instances; it lacks the lifecycle management and scaling policies needed for EC2 instance replacement. Option D is wrong because AWS Auto Scaling is a service that helps configure scaling plans for multiple resources (e.g., EC2, DynamoDB), but the specific service that directly launches and replaces EC2 instances to maintain a minimum count is Amazon EC2 Auto Scaling; AWS Auto Scaling is a higher-level orchestration service, not the one that performs the actual instance replacement.

208
MCQmedium

A company runs a batch processing application in Docker containers. The application runs for several hours at a time and requires significant CPU and memory resources. The company wants to run these containers on AWS without provisioning or managing any underlying EC2 instances or cluster capacity. They need a service that automatically scales based on demand and charges only for the resources consumed by the containers. Which AWS service should the company use?

A.Amazon ECS with EC2 launch type
B.Amazon EKS with managed node groups
C.AWS Fargate
D.AWS Lambda
AnswerC

AWS Fargate is the correct choice. It is a serverless compute engine for containers that runs on Amazon ECS or EKS. You define your containerized application and its resource requirements, and Fargate handles the underlying infrastructure, scaling, and billing per resource consumption.

Why this answer

AWS Fargate is the correct choice because it is a serverless compute engine for containers that eliminates the need to provision or manage EC2 instances. It automatically scales based on demand and charges only for the CPU and memory resources consumed by the containers, which aligns perfectly with the requirement to run long-running batch processing without managing underlying infrastructure.

Exam trap

The trap here is that candidates often confuse the EC2 launch type (which still requires instance management) with Fargate's serverless model, or they assume managed node groups in EKS eliminate all infrastructure management, when in fact they still involve EC2 instances and cluster scaling decisions.

How to eliminate wrong answers

Option A is wrong because Amazon ECS with the EC2 launch type requires you to provision, configure, and manage a cluster of EC2 instances, which contradicts the requirement to avoid managing underlying instances. Option B is wrong because Amazon EKS with managed node groups still involves managing EC2 instances (even if partially automated) and does not provide the serverless, pay-per-resource model that Fargate offers.

209
MCQmedium

A company hosts its corporate website entirely as static content (HTML, CSS, JavaScript, images) in an Amazon S3 bucket. The website currently has no authentication requirements and is accessible to the public. The company wants to serve this content to users around the world with low latency. Additionally, the company wants to enforce HTTPS for all traffic using a custom domain name (www.example.com). The company does not want to manage SSL/TLS certificates on any servers. Which AWS service should the company use to meet these requirements?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon S3 Transfer Acceleration
D.AWS Lambda@Edge
AnswerA

Amazon CloudFront is a global content delivery network (CDN) that caches static content at edge locations, reducing latency. It integrates with ACM for free SSL/TLS certificates, supports custom domain names, and enforces HTTPS. This meets all the requirements without any server management.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static content at edge locations worldwide, reducing latency for global users. It supports custom domain names and can enforce HTTPS by using AWS Certificate Manager (ACM) to provision and renew SSL/TLS certificates automatically, eliminating the need for server-side certificate management. CloudFront integrates directly with an S3 bucket as the origin, allowing the bucket to remain private while serving content securely via HTTPS.

Exam trap

The trap here is that candidates often confuse S3 Transfer Acceleration (which only accelerates uploads) with CloudFront (which accelerates downloads and caches content), or they think Global Accelerator can serve static content with HTTPS, but it lacks caching and certificate management at the edge.

How to eliminate wrong answers

Option B (AWS Global Accelerator) is wrong because it is designed to improve availability and performance for TCP/UDP traffic by routing users to the nearest healthy application endpoint, but it does not cache static content or provide HTTPS termination at the edge; it also requires managing certificates on the backend. Option C (Amazon S3 Transfer Acceleration) is wrong because it only speeds up uploads to S3 buckets by using edge locations for data transfer, not for serving cached content to end users, and it does not support custom domain names or HTTPS enforcement for content delivery.

210
MCQmedium

A company uses three separate AWS accounts for development, testing, and production workloads. The security team needs to enforce a policy that prevents users in any account from disabling AWS CloudTrail or deleting CloudTrail log files. The team also wants to consolidate billing and have a single payment method for all accounts. Which AWS service should the security team use to meet these requirements?

A.AWS Organizations
B.AWS Identity and Access Management (IAM)
C.AWS Config
D.AWS CloudTrail
AnswerA

Correct. AWS Organizations enables both cross-account policy enforcement via Service Control Policies (SCPs) and consolidated billing. SCPs can deny actions such as disabling CloudTrail or deleting log files across all accounts in the organization.

Why this answer

AWS Organizations is the correct service because it allows the security team to create a multi-account structure with a single consolidated billing method and a single payment method across all accounts. Additionally, Organizations supports service control policies (SCPs), which can be applied to the root or individual accounts to explicitly deny actions such as disabling CloudTrail or deleting CloudTrail log files, ensuring enforcement across the development, testing, and production accounts.

Exam trap

The trap here is that candidates often confuse AWS Organizations with IAM, thinking IAM can enforce cross-account policies, but IAM is account-scoped and cannot apply preventive controls across multiple accounts like SCPs in Organizations can.

How to eliminate wrong answers

Option B (IAM) is wrong because IAM manages permissions for individual users and roles within a single account, not across multiple accounts, and cannot enforce policies that prevent CloudTrail disabling or log deletion across all three accounts simultaneously. Option C (AWS Config) is wrong because AWS Config is a service for evaluating resource configurations against rules and tracking changes, but it cannot enforce preventive controls or block actions; it only provides detective compliance and notifications. Option D (AWS CloudTrail) is wrong because CloudTrail is the service being protected (it records API activity), not a service that can enforce policies or consolidate billing; it cannot prevent its own disabling or log deletion.

211
MCQmedium

A company's application receives images from users and needs to detect and blur any credit card numbers visible in the images for compliance. Which AWS AI service provides document text extraction from images?

A.Amazon Rekognition
B.Amazon Textract
C.Amazon Comprehend
D.Amazon Macie
AnswerB

Textract automatically extracts text, forms, and tables from documents and images using ML, providing structured data extraction that goes beyond basic OCR.

Why this answer

Amazon Textract is specifically designed to extract text, including handwritten and printed text, from scanned documents and images. It goes beyond simple optical character recognition (OCR) by using machine learning to identify and extract key-value pairs, tables, and form data, making it the correct choice for extracting credit card numbers from images for compliance processing.

Exam trap

The trap here is that candidates confuse Amazon Rekognition's ability to detect text in images (via its DetectText API) with Amazon Textract's specialized document text extraction, but Rekognition is optimized for general scene text (e.g., signs, labels) and lacks the layout analysis and key-value extraction capabilities needed for compliance-grade document processing.

How to eliminate wrong answers

Option A is wrong because Amazon Rekognition is primarily an image and video analysis service for object detection, facial recognition, and scene understanding, not a document text extraction service. Option C is wrong because Amazon Comprehend is a natural language processing (NLP) service that analyzes text for sentiment, entities, and key phrases, but it does not extract text from images. Option D is wrong because Amazon Macie is a data security and privacy service that discovers and protects sensitive data using machine learning and pattern matching, but it does not perform document text extraction from images.

212
MCQmedium

A company runs a multiplayer gaming application on AWS. The application uses UDP for real-time communication between players. Players in different geographic regions report high latency and connection instability. The company wants to improve performance by directing user traffic to the nearest healthy application endpoint and using a static IP address for the application. Which AWS service should the company use to meet these requirements?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53
D.AWS Direct Connect
AnswerB

Global Accelerator uses static anycast IP addresses and the AWS global network to optimize the path for TCP and UDP traffic. It automatically routes users to the nearest healthy application endpoint, improving latency and connection stability for real-time applications.

Why this answer

AWS Global Accelerator uses the AWS global network to route UDP traffic over optimized paths to the nearest healthy application endpoint, reducing latency and jitter. It provides two static anycast IP addresses that act as a fixed entry point, masking changes to underlying infrastructure. This directly addresses the need for low-latency UDP communication and a static IP for the gaming application.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's edge caching with network path optimization, but CloudFront does not support UDP traffic or provide static IP addresses, making AWS Global Accelerator the correct choice for real-time UDP applications.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) optimized for HTTP/HTTPS and WebSocket traffic, not for UDP-based real-time gaming protocols; it cannot handle raw UDP packets. Option C is wrong because Amazon Route 53 is a DNS service that resolves domain names to IP addresses but does not provide static IP addresses for the application endpoint; it also lacks the ability to optimize network path routing for UDP traffic. Option D is wrong because AWS Direct Connect establishes a dedicated network connection from on-premises to AWS, which is irrelevant for directing user traffic from multiple geographic regions to the nearest endpoint and does not provide a static IP address for the application.

213
MCQmedium

A media company runs a video-on-demand platform on AWS. Video files (.mp4) and thumbnail images (.jpg) are stored in the same Amazon S3 bucket. The company uses Amazon CloudFront to deliver content to users globally. The video files are large and do not change frequently, so the company wants them to be cached at CloudFront edge locations for 30 days. Thumbnails change more often when new uploads are processed, so the company wants them to be cached for only 1 day. The company wants a single CloudFront distribution to serve both types of content from the same S3 bucket. Which configuration should the company use to meet these requirements with minimal operational overhead?

A.Create one CloudFront behavior for all content. Set a cache policy with a TTL of 30 days. Create a Lambda@Edge function to override the TTL to 1 day for requests with .jpg extension.
B.Create two CloudFront behaviors: one for the path pattern /videos/* and one for /thumbnails/*. Associate a cache policy with a TTL of 30 days to the video behavior and a cache policy with a TTL of 1 day to the thumbnail behavior. Both behaviors point to the same S3 origin.
C.Create two separate CloudFront distributions: one for videos with a cache policy of 30 days, and one for thumbnails with a cache policy of 1 day. Point both to the same S3 bucket.
D.In the S3 bucket, create two folders: /videos and /thumbnails. Use S3 Cross-Region Replication to replicate thumbnails to a separate bucket in a different Region. Create a single CloudFront behavior with a cache policy of 1 day for the thumbnail bucket and a separate behavior for the original bucket.
AnswerB

This uses CloudFront's built-in behavior routing with path patterns. Each behavior can have its own cache policy (or TTL settings), allowing different caching durations for videos and thumbnails while using a single distribution and a single S3 bucket. This meets the requirements with minimal operational overhead.

Why this answer

Option B is correct because CloudFront allows multiple behaviors within a single distribution, each with its own path pattern and cache policy. By configuring path patterns /videos/* and /thumbnails/*, the company can apply a 30-day TTL cache policy to video requests and a 1-day TTL cache policy to thumbnail requests, both pointing to the same S3 origin. This meets the caching requirements with minimal operational overhead, as it avoids custom code or multiple distributions.

Exam trap

The trap here is that candidates may think Lambda@Edge or multiple distributions are necessary to apply different TTLs to different file types from the same origin, but CloudFront’s multiple behaviors with path patterns and cache policies provide a simpler, native solution.

How to eliminate wrong answers

Option A is wrong because using a single behavior with a 30-day TTL and a Lambda@Edge function to override TTL for .jpg requests adds unnecessary complexity and operational overhead; CloudFront natively supports multiple behaviors with different cache policies, making Lambda@Edge overkill for this simple requirement. Option C is wrong because creating two separate CloudFront distributions increases management overhead and complexity, and it is unnecessary since a single distribution can handle both content types via multiple behaviors. Option D is wrong because S3 Cross-Region Replication is irrelevant to caching TTL requirements; it adds cost and complexity without solving the caching duration difference, and the proposed setup with two buckets and behaviors is overly complicated compared to using path patterns in a single distribution.

214
MCQeasy

Which AWS service provides a landing zone and automated multi-account setup with pre-configured security baselines and guardrails for AWS Organizations?

A.AWS Organizations
B.AWS Control Tower
C.AWS CloudFormation StackSets
D.AWS Service Catalog
AnswerB

Control Tower automates the creation of a secure, well-governed multi-account landing zone including Organizations structure, SSO, centralized logging, and pre-configured guardrails.

Why this answer

AWS Control Tower is the correct service because it provides a pre-configured landing zone and automates the setup of a multi-account environment based on AWS Organizations. It enforces security baselines and guardrails (preventive and detective controls) using AWS Service Catalog and AWS Config rules, ensuring compliance from the start.

Exam trap

The trap here is that candidates often confuse AWS Organizations (the underlying service) with AWS Control Tower (the managed orchestration service), thinking Organizations alone provides the landing zone and guardrails, when in fact it only provides the multi-account structure and policy framework without the automated setup and pre-configured baselines.

How to eliminate wrong answers

Option A is wrong because AWS Organizations is the underlying service that enables multi-account management and policy-based control, but it does not provide a pre-built landing zone or automated guardrails; it is a building block, not the orchestration layer. Option C is wrong because AWS CloudFormation StackSets allows you to deploy CloudFormation templates across multiple accounts and regions, but it does not provide a landing zone, security baselines, or guardrails; it is a deployment tool, not a governance framework. Option D is wrong because AWS Service Catalog creates and manages a catalog of approved IT services (products), but it does not automate multi-account setup or enforce security guardrails; it is used for governance of service provisioning, not for landing zone orchestration.

215
MCQeasy

Which AWS service provides a fully managed content delivery network (CDN) that caches content at global edge locations to reduce latency for end users?

A.AWS Global Accelerator
B.Amazon Route 53
C.Amazon CloudFront
D.AWS Transfer Acceleration
AnswerC

CloudFront is AWS's CDN that caches content at 400+ global edge locations, delivering content to users with low latency by serving from the nearest cache.

Why this answer

Amazon CloudFront is a fully managed content delivery network (CDN) that caches static and dynamic content at global edge locations. By serving cached content from the edge closest to the user, CloudFront significantly reduces latency and improves data transfer speeds for end users.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator (a network optimization service) with a CDN, because both use edge locations, but Global Accelerator does not cache content—it only optimizes network routing.

How to eliminate wrong answers

Option A is wrong because AWS Global Accelerator improves application availability and performance by directing traffic over the AWS global network using anycast IP addresses, but it does not cache content at edge locations—it is a network traffic optimization service, not a CDN. Option B is wrong because Amazon Route 53 is a DNS web service that translates domain names to IP addresses and routes end users to applications, but it does not cache or serve content at edge locations. Option D is wrong because AWS Transfer Acceleration uses edge locations to accelerate uploads to Amazon S3 by routing traffic over the AWS network, but it is not a general-purpose CDN for caching and serving content to end users.

216
MCQmedium

A company runs a data analytics workload on a cluster of Amazon EC2 instances. The application requires a shared file system that can be mounted by multiple EC2 instances simultaneously. The workload is bursty: during data processing jobs, the instances write and read large datasets, but between jobs the file system is mostly idle. The company wants a fully managed, highly available, and durable file storage solution that automatically scales capacity up and down and charges only for the storage used. The solution must be accessible from EC2 instances across multiple Availability Zones in the same AWS Region. Which AWS service should the company use?

A.Amazon Elastic Block Store (EBS) with Multi-Attach enabled
B.Amazon Elastic File System (EFS)
C.Amazon Simple Storage Service (S3)
D.Amazon FSx for Windows File Server
AnswerB

Amazon EFS is a fully managed NFS file system that automatically scales storage capacity as you add or remove files, and you pay only for the storage used. It provides high availability and durability by storing data across multiple Availability Zones within a Region, and can be accessed by multiple EC2 instances concurrently.

Why this answer

Amazon EFS is a fully managed, highly available, and durable NFS file system that automatically scales storage capacity up and down as files are added or removed, charging only for the storage used. It can be mounted by multiple EC2 instances across different Availability Zones simultaneously, making it ideal for bursty, shared-file workloads that require concurrent access and automatic scaling.

Exam trap

The trap here is that candidates often confuse Amazon EBS Multi-Attach (which is limited to a single AZ and requires manual capacity management) with a truly multi-AZ, auto-scaling shared file system, or they mistakenly think S3 can serve as a POSIX-compatible shared file system for EC2 instances.

How to eliminate wrong answers

Option A is wrong because Amazon EBS with Multi-Attach is limited to a maximum of 16 Nitro-based EC2 instances in a single Availability Zone, does not automatically scale capacity, and you pay for provisioned storage regardless of usage. Option C is wrong because Amazon S3 is an object storage service, not a file system; it cannot be mounted as a shared file system using standard POSIX file operations (NFS/SMB) and does not support concurrent file-level locking from multiple EC2 instances. Option D is wrong because Amazon FSx for Windows File Server is designed for Windows-based workloads using SMB protocol, and while it is fully managed and highly available, it does not automatically scale capacity down when idle—you provision and pay for fixed throughput and storage.

217
MCQeasy

A development team builds Docker container images as part of their CI/CD pipeline and needs a managed, private registry to store and version these images, integrated with Amazon ECS and EKS for deployment. Which AWS service provides this container image registry?

A.Amazon ECS
B.Amazon S3
C.Amazon ECR
D.AWS CodeBuild
AnswerC

ECR is a fully managed private container image registry. It stores Docker images in repositories, supports image versioning with tags and digests, integrates natively with ECS and EKS, and includes automated vulnerability scanning.

Why this answer

Amazon ECR (Elastic Container Registry) is the correct choice because it is a fully managed Docker container registry that stores, manages, and deploys container images. It integrates natively with Amazon ECS and Amazon EKS, allowing seamless image pulls during deployment without needing to manage underlying infrastructure.

Exam trap

AWS often tests the distinction between a container registry (ECR) and a container orchestrator (ECS/EKS), so candidates mistakenly select ECS thinking it includes image storage, but ECS only schedules and runs containers.

How to eliminate wrong answers

Option A is wrong because Amazon ECS is a container orchestration service that runs containers, not a registry for storing container images. Option B is wrong because Amazon S3 is an object storage service that can store arbitrary files but lacks native Docker Registry API support (e.g., /v2/ endpoints) and does not provide image-specific features like vulnerability scanning or lifecycle policies. Option D is wrong because AWS CodeBuild is a continuous integration service that builds and tests code, not a registry for storing or versioning container images.

218
MCQeasy

Which Amazon S3 feature allows you to automatically delete objects after a specified number of days to reduce storage costs?

A.S3 Versioning
B.S3 Lifecycle policies with expiration rules
C.S3 Object Lock
D.S3 Block Public Access
AnswerB

Lifecycle expiration rules automatically delete objects (or their versions) after a specified number of days, reducing storage costs for data with defined retention periods.

Why this answer

S3 Lifecycle policies with expiration rules allow you to define rules that automatically delete objects after a specified number of days. This is a cost-optimization feature that helps reduce storage costs by removing data that is no longer needed, such as logs or temporary files, without manual intervention.

Exam trap

The trap here is that candidates often confuse S3 Lifecycle policies with S3 Versioning, mistakenly thinking versioning alone can delete old versions to save costs, but versioning actually retains all versions and requires a Lifecycle policy with noncurrent version expiration to remove them.

How to eliminate wrong answers

Option A is wrong because S3 Versioning is a feature that preserves, retrieves, and restores every version of an object, which can increase storage costs, not reduce them. Option C is wrong because S3 Object Lock is a feature that prevents objects from being deleted or overwritten for a fixed retention period, which is used for compliance and data protection, not for automatic deletion to reduce costs. Option D is wrong because S3 Block Public Access is a security feature that blocks public access to buckets and objects, and has no role in managing object lifecycle or deletion.

219
MCQmedium

A developer wants to build a serverless application that responds to HTTP requests. Which combination of AWS services would be most appropriate?

A.Amazon EC2 and Elastic Load Balancing
B.Amazon ECS and AWS Fargate
C.Amazon API Gateway and AWS Lambda
D.AWS Elastic Beanstalk and Amazon RDS
AnswerC

API Gateway + Lambda is the standard serverless HTTP API pattern — no server management required.

Why this answer

Amazon API Gateway acts as a fully managed HTTP endpoint that receives and routes incoming requests to AWS Lambda functions, which execute the application logic without provisioning servers. This combination directly fulfills the requirement for a serverless application that responds to HTTP requests, as Lambda handles compute in a stateless, event-driven manner and API Gateway provides the HTTP interface with built-in features like throttling, authentication, and request validation.

Exam trap

The trap here is that candidates may confuse 'serverless' with 'managed services' and choose options like ECS with Fargate or Elastic Beanstalk, which still involve underlying compute management, whereas the correct answer requires a fully event-driven, no-server model with API Gateway and Lambda.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Elastic Load Balancing requires managing virtual servers, scaling groups, and load balancer configurations, which contradicts the serverless requirement and introduces operational overhead. Option B is wrong because Amazon ECS with AWS Fargate, while reducing server management, still involves container orchestration, task definitions, and cluster management, making it container-based rather than truly serverless in the event-driven, pay-per-request sense. Option D is wrong because AWS Elastic Beanstalk with Amazon RDS provisions and manages EC2 instances and a relational database, requiring ongoing server maintenance and scaling decisions, which is not serverless.

220
MCQeasy

A company wants to define their entire AWS infrastructure — VPCs, EC2 instances, RDS databases, and load balancers — as code in a text template so they can version-control the infrastructure, deploy it consistently across multiple environments, and recreate it reliably after deletion. Which AWS service enables this?

A.AWS Systems Manager
B.AWS CodePipeline
C.Amazon CloudWatch
D.AWS CloudFormation
AnswerD

CloudFormation allows AWS infrastructure to be defined as code in YAML or JSON templates. Templates can be version-controlled, redeployed across environments, and used to reliably recreate identical infrastructure stacks.

Why this answer

AWS CloudFormation is the correct service because it enables you to model your entire AWS infrastructure as a text template (JSON or YAML), which can be version-controlled, deployed consistently across environments, and used to recreate resources reliably. It is an Infrastructure as Code (IaC) service that provisions and manages AWS resources in an orderly and predictable fashion, directly matching the company's requirements.

Exam trap

The trap here is that candidates often confuse AWS CloudFormation with AWS Elastic Beanstalk or AWS OpsWorks, but the question specifically asks for defining infrastructure as code in a text template, which is the core function of CloudFormation, not a deployment or management service.

How to eliminate wrong answers

Option A is wrong because AWS Systems Manager is a management service for operational tasks like patching, configuration, and automation, not for defining infrastructure as code in a template. Option B is wrong because AWS CodePipeline is a continuous delivery service for automating build, test, and deploy phases, not for defining or provisioning infrastructure resources. Option C is wrong because Amazon CloudWatch is a monitoring and observability service for metrics, logs, and alarms, not for infrastructure provisioning or template-based deployment.

221
MCQeasy

A company hosts a website in the US East (N. Virginia) AWS region. Users in Europe and Asia Pacific report slow page load times because content must travel long distances from the origin server. Which AWS service should the company deploy to reduce latency for global users?

A.AWS Direct Connect
B.Amazon Route 53 with latency routing
C.Amazon CloudFront
D.Amazon VPC peering
AnswerC

CloudFront is a CDN that caches static and dynamic content at 400+ edge locations globally. A user in Europe would be served cached content from a nearby edge location instead of making a round-trip to US East, dramatically reducing latency.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static and dynamic content at edge locations worldwide, including Europe and Asia Pacific. By serving content from the edge location closest to each user, CloudFront significantly reduces latency and improves page load times for global users without requiring changes to the origin infrastructure.

Exam trap

The trap here is that candidates often confuse latency-based routing (Route 53) with content caching (CloudFront), mistakenly thinking that routing traffic to a different region solves the problem of content traveling long distances, when in fact only a CDN reduces the physical distance by serving cached content from edge locations.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect establishes a dedicated private network connection from on-premises to AWS, which reduces network variability and bandwidth costs but does not cache content or provide edge locations to reduce latency for global users. Option B is wrong because Amazon Route 53 with latency routing directs traffic to the AWS region with the lowest latency for the user, but it still requires content to travel from the origin server in US East (N. Virginia), so it does not reduce the physical distance content must travel.

Option D is wrong because Amazon VPC peering connects two VPCs privately using AWS's internal network, but it does not provide any caching or edge distribution capabilities and is irrelevant for reducing latency for users outside the VPC network.

222
MCQeasy

A company wants to set up a cloud-based customer service contact centre with an interactive voice response (IVR) system, agent call routing, and the ability to scale to thousands of agents without purchasing phone hardware or PBX equipment. Which AWS service provides this?

A.Amazon Chime
B.Amazon Connect
C.Amazon SNS
D.Amazon WorkMail
AnswerB

Amazon Connect is a cloud-native contact centre service. It provides IVR, call routing to agents, omnichannel support (voice and chat), and pay-per-use pricing with no upfront hardware or licensing costs.

Why this answer

Amazon Connect is a cloud-based contact center service that provides an interactive voice response (IVR) system, automatic call distribution (ACD) for agent routing, and the ability to scale to thousands of agents without requiring any physical phone hardware or PBX equipment. It is purpose-built for this exact use case, offering pay-as-you-go pricing and integration with AWS services like Lambda and Lex for custom IVR flows.

Exam trap

The trap here is that candidates may confuse Amazon Chime (a meeting/collaboration tool) with a contact center service, because both involve voice, but Chime lacks IVR, agent routing, and queue management that are core to Amazon Connect.

How to eliminate wrong answers

Option A is wrong because Amazon Chime is a communications service for online meetings, video conferencing, and chat, not a contact center solution with IVR and agent routing capabilities. Option C is wrong because Amazon SNS is a pub/sub messaging service for sending notifications via email, SMS, or HTTP endpoints, and it lacks the telephony, IVR, and agent management features required for a contact center. Option D is wrong because Amazon WorkMail is a managed email and calendaring service, not a voice-based contact center platform.

223
MCQmedium

A company wants to centralise backup management for all their AWS resources — EC2, EBS, RDS, DynamoDB, and EFS — under a single policy, automate backup schedules, and ensure cross-region backup copies for disaster recovery. Which AWS service provides this?

A.Amazon S3 versioning
B.AWS Snapshot Manager
C.AWS Backup
D.AWS CloudFormation
AnswerC

AWS Backup provides centralised backup management across multiple AWS services from a single console. It automates backup schedules, enforces retention policies, creates cross-region copies for DR, and provides compliance reporting.

Why this answer

AWS Backup is the correct choice because it provides a fully managed, centralized backup service that supports EC2, EBS, RDS, DynamoDB, and EFS. It allows you to define a single backup policy, automate backup schedules, and configure cross-region copies for disaster recovery, meeting all the stated requirements.

Exam trap

The trap here is that candidates might confuse AWS Backup with the non-existent 'AWS Snapshot Manager' (Option B) because of the word 'Snapshot,' but AWS Backup is the actual service that centralizes and automates backups across multiple AWS services, including snapshot-based resources like EBS and RDS.

How to eliminate wrong answers

Option A is wrong because Amazon S3 versioning is a feature for preserving, retrieving, and restoring every version of an object in an S3 bucket; it does not centralize backup management across EC2, EBS, RDS, DynamoDB, or EFS, nor does it automate cross-region copies for those resources. Option B is wrong because AWS Snapshot Manager is not a real AWS service; the correct service for managing snapshots is AWS Backup, and this option is a distractor that does not exist. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service for provisioning and managing AWS resources via templates, not a backup management service; it cannot automate backup schedules or enforce cross-region backup copies natively.

224
MCQmedium

A company is building a global e-commerce application that requires a database with single-digit millisecond latency, seamless scaling to handle millions of requests per second, and the ability to replicate data across multiple AWS Regions for disaster recovery and low-latency reads. The database must be fully managed with automatic backup and restores. Which AWS service should the company choose?

A.Amazon Aurora
B.Amazon DynamoDB
C.Amazon RDS for MySQL
D.Amazon Redshift
AnswerB

Amazon DynamoDB is a fully managed NoSQL database that delivers consistent single-digit millisecond latency at any scale. It supports global tables for multi-Region replication and automatic scaling to handle millions of requests per second. It also provides built-in backup and restore, meeting all stated requirements.

Why this answer

Amazon DynamoDB is the correct choice because it is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale, supports automatic multi-Region replication via DynamoDB Global Tables for disaster recovery and low-latency reads, and provides built-in backup and restore capabilities. This combination of performance, seamless scaling to millions of requests per second, and global replication aligns perfectly with the requirements of a global e-commerce application.

Exam trap

The trap here is that candidates often choose Amazon Aurora because of its familiarity with relational databases and its 'high performance' reputation, but they overlook the specific requirement for single-digit millisecond latency at millions of requests per second, which is a key-value/NoSQL workload that DynamoDB is purpose-built for, not a relational database.

How to eliminate wrong answers

Option A is wrong because Amazon Aurora is a relational database that, while offering high performance and multi-Region replication via Aurora Global Database, does not natively achieve single-digit millisecond latency at the scale of millions of requests per second without significant read replica scaling and caching layers, and its scaling model is not as seamless or cost-effective for high-throughput, key-value workloads as DynamoDB. Option C is wrong because Amazon RDS for MySQL is a relational database that cannot provide single-digit millisecond latency at millions of requests per second due to its traditional SQL engine overhead and limited horizontal scaling (primarily read replicas), and its multi-Region replication requires manual setup or additional services like MySQL binlog replication, lacking the native global table support of DynamoDB.

225
MCQmedium

A gaming company needs ultra-low latency access to AWS compute for their mobile game players at 5G network edges. Which AWS infrastructure extension enables this?

A.AWS Local Zones
B.AWS Outposts
C.AWS Wavelength Zones
D.Amazon CloudFront Edge Locations
AnswerC

Wavelength Zones embed EC2 and EBS within 5G carrier networks, enabling mobile applications to access AWS compute with single-digit millisecond latency at the 5G network edge.

Why this answer

AWS Wavelength Zones embed AWS compute and storage services at the edge of 5G networks, enabling ultra-low latency for mobile game players by minimizing the distance data must travel between the device and the application. This is specifically designed for applications that require single-digit millisecond latencies over 5G, such as real-time gaming, AR/VR, and live video processing.

Exam trap

The trap here is that candidates often confuse AWS Local Zones with Wavelength Zones, but Local Zones are designed for latency-sensitive workloads in metro areas (e.g., media rendering) and lack the direct integration with 5G carrier networks that Wavelength Zones provide.

How to eliminate wrong answers

Option A is wrong because AWS Local Zones place compute and storage closer to large population centers but not at the 5G network edge, so they do not provide the sub-10ms latency required for mobile gaming over 5G. Option B is wrong because AWS Outposts are fully managed racks of AWS infrastructure installed on-premises, which are not integrated into telecom 5G networks and cannot offer the ultra-low latency from the carrier edge. Option D is wrong because Amazon CloudFront Edge Locations are content delivery network (CDN) nodes optimized for caching and accelerating static and dynamic content delivery, not for running compute workloads with the single-digit millisecond latency needed at the 5G edge.

← PreviousPage 3 of 5 · 341 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Cloud Technology and Services questions.