CCNA Cloud Technology and Services Questions

41 of 341 questions · Page 5/5 · Cloud Technology and Services · Answers revealed

301
MCQmedium

A development team is building a serverless image processing application. When a user uploads an image to Amazon S3, the application must perform three sequential steps: first, resize the image; second, generate a thumbnail; third, store metadata in Amazon DynamoDB. The team wants to define this workflow as a visual state machine, handle errors with retries, and manage the execution flow without writing custom orchestration code. Which AWS service should the team use?

A.AWS Step Functions
B.Amazon Simple Queue Service (SQS)
C.Amazon EventBridge
D.AWS Lambda
AnswerA

Correct. AWS Step Functions allows you to define workflows as state machines that can orchestrate multiple AWS services, manage sequencing, error handling, and retries without custom code.

Why this answer

AWS Step Functions is the correct choice because it allows you to define a visual state machine that orchestrates three sequential steps (resize, thumbnail, metadata storage) without writing custom orchestration code. It natively supports error handling with retries and manages execution flow, making it ideal for serverless workflows that require coordination across multiple AWS services like Lambda and DynamoDB.

Exam trap

AWS often tests the distinction between orchestration and messaging services, and the trap here is that candidates confuse Amazon SQS or EventBridge as workflow orchestrators because they handle events, but they lack the sequential state management and retry logic that Step Functions provides.

How to eliminate wrong answers

Option B (Amazon SQS) is wrong because SQS is a message queuing service for decoupling components and does not provide a visual state machine or built-in orchestration for sequential steps with error handling and retries. Option C (Amazon EventBridge) is wrong because EventBridge is an event bus for routing events between services, not a workflow orchestrator that can define sequential steps or manage retries. Option D (AWS Lambda) is wrong because Lambda is a compute service for running code in response to events, but it lacks native orchestration capabilities for multi-step workflows and would require custom code to manage sequencing, error handling, and retries.

302
MCQmedium

A company is designing a cloud architecture for a critical customer-facing application. The CTO requires that the architecture automatically recover from infrastructure failures without manual intervention. The solution must be able to withstand the failure of individual components, such as an Amazon EC2 instance or an entire Availability Zone. Which design principle from the AWS Well-Architected Framework's Reliability pillar should the company implement to meet this requirement?

A.Implement a monolithic architecture to reduce complexity and minimize points of failure.
B.Use a single large EC2 instance to minimize the number of components that could fail.
C.Test recovery procedures by simulating infrastructure failures in a staging environment.
D.Scale horizontally to increase aggregate system availability.
AnswerD

Horizontal scaling involves adding more instances (e.g., EC2 instances) to distribute the load. If one instance or even an entire Availability Zone fails, the remaining healthy instances continue serving traffic. Combined with automated health checks and Auto Scaling, this design principle ensures automatic recovery from component failures, directly meeting the requirement.

Why this answer

Scaling horizontally (adding more EC2 instances behind a load balancer) increases aggregate system availability because if one instance fails, traffic is redistributed to the remaining healthy instances. This design also supports multi-AZ deployments, allowing the application to survive an entire Availability Zone failure without manual intervention, which directly meets the CTO's requirement for automatic recovery.

Exam trap

The trap here is that candidates may confuse 'testing recovery procedures' (a design principle for validating resilience) with 'implementing automatic recovery' (which requires architectural choices like horizontal scaling and multi-AZ deployment).

How to eliminate wrong answers

Option A is wrong because a monolithic architecture concentrates all functionality into a single process, creating a single point of failure; if any component within the monolith fails, the entire application becomes unavailable, and it cannot withstand an AZ failure without manual intervention. Option B is wrong because using a single large EC2 instance creates a single point of failure; if that instance fails (e.g., due to hardware issues or AZ outage), the application is completely unavailable until manual recovery is performed. Option C is wrong because while testing recovery procedures is a good practice (part of the Reliability pillar's 'Test Recovery Procedures' design principle), it does not itself provide automatic recovery from failures; it only validates that manual or automated recovery plans work, but the question specifically requires automatic recovery without manual intervention.

303
MCQeasy

Which AWS compute service allows developers to run code in response to HTTP requests without managing servers, using a simple programming model based on functions?

A.Amazon EC2
B.AWS Lambda
C.Amazon ECS
D.AWS Fargate
AnswerB

Lambda runs code functions in response to events without infrastructure management, automatic scaling, and per-millisecond billing — the serverless compute service for event-driven architectures.

Why this answer

AWS Lambda is the correct answer because it is a serverless compute service that executes code in response to events such as HTTP requests via Amazon API Gateway. Developers upload functions and Lambda automatically scales and manages the underlying infrastructure, aligning with the question's requirement of running code without managing servers using a function-based model.

Exam trap

The trap here is that candidates may confuse AWS Fargate's 'serverless containers' with serverless functions, but Fargate still requires container orchestration and does not use a function-based programming model triggered directly by HTTP requests.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 requires developers to provision, configure, and manage virtual servers, which contradicts the 'without managing servers' requirement. Option C is wrong because Amazon ECS is a container orchestration service that still requires management of the underlying EC2 instances or a control plane, not a function-based model. Option D is wrong because AWS Fargate is a serverless compute engine for containers, but it runs containerized applications, not individual functions triggered by HTTP requests, and still involves container image management.

304
MCQmedium

A company runs a multi-tier web application on Amazon EC2 instances across multiple Availability Zones. The application has separate backend services for serving images and handling API requests, each running on different sets of EC2 instances. The company needs a load balancer that can inspect incoming HTTP/HTTPS requests and route them to the correct target group based on the URL path (e.g., /images to one group, /api to another). The solution must also offload SSL/TLS termination and perform health checks on the instances. Which AWS service should the company use?

A.Application Load Balancer
B.Network Load Balancer
C.Classic Load Balancer
D.AWS CloudFront
AnswerA

Correct. Application Load Balancer (ALB) is a Layer 7 load balancer that can route traffic based on URL path, host header, and other request attributes. It also offloads SSL/TLS and performs health checks.

Why this answer

The Application Load Balancer (ALB) operates at Layer 7 of the OSI model, allowing it to inspect HTTP/HTTPS headers and route traffic based on URL path patterns (e.g., /images vs /api). It natively supports SSL/TLS termination and can perform health checks on target instances, making it the correct choice for this multi-tier web application.

Exam trap

The trap here is that candidates often confuse the Network Load Balancer's ability to handle high throughput with the need for Layer 7 routing, forgetting that NLB cannot inspect URL paths, or they mistakenly think CloudFront can perform path-based routing to multiple origins without an ALB.

How to eliminate wrong answers

Option B is wrong because the Network Load Balancer operates at Layer 4 (TCP/UDP) and cannot inspect HTTP/HTTPS request paths or perform content-based routing; it only forwards traffic based on IP and port. Option C is wrong because the Classic Load Balancer (now legacy) does not support path-based routing; it can only route traffic to a single target group per listener and lacks native HTTP path inspection. Option D is wrong because AWS CloudFront is a content delivery network (CDN) that caches and distributes content at edge locations, not a load balancer; it cannot route traffic to different target groups based on URL paths within a single distribution without an ALB as origin.

305
MCQmedium

A financial services company needs to maintain a tamper-proof audit log of all financial transactions for regulatory compliance. Which AWS service is most appropriate?

A.Amazon RDS with transaction logging
B.Amazon DynamoDB with global tables
C.Amazon QLDB
D.AWS CloudTrail with log file integrity validation
AnswerC

QLDB's journal is immutable and cryptographically verifiable — every change is hash-chained so any alteration to historical records can be mathematically detected, satisfying financial regulatory requirements.

Why this answer

Amazon QLDB (Quantum Ledger Database) is purpose-built to provide a cryptographically verifiable, immutable, and tamper-proof transaction log. It uses a journal that stores every change as a series of entries, and each entry is chained using a hash, making it impossible to alter or delete past records without detection. This aligns directly with the financial services requirement for an audit log that must be tamper-proof for regulatory compliance.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail's log file integrity validation with a tamper-proof ledger, but CloudTrail is for API activity logging and does not provide the immutable, cryptographically chained journal that QLDB offers for application-level transaction records.

How to eliminate wrong answers

Option A is wrong because Amazon RDS with transaction logging provides database-level logging but does not offer cryptographic verification or immutability; logs can be altered or deleted by an administrator with sufficient permissions. Option B is wrong because Amazon DynamoDB with global tables is a multi-region, multi-master NoSQL database designed for high availability and scalability, not for providing a tamper-proof, immutable audit trail; it lacks built-in cryptographic chaining and journaling. Option D is wrong because AWS CloudTrail with log file integrity validation records API activity for governance and auditing, but it is designed for operational auditing of AWS API calls, not for storing financial transaction records with a cryptographically verifiable, append-only ledger; its integrity validation uses digital signatures on log files, but the underlying data can still be altered if the log files are compromised before validation.

306
MCQmedium

A company collects clickstream data from millions of users in real time and needs to process and analyse this data as it arrives — not after storing it — to detect patterns within seconds. Which AWS service is designed for real-time data streaming and processing?

A.Amazon SQS
B.Amazon S3
C.Amazon Kinesis Data Streams
D.Amazon DynamoDB Streams
AnswerC

Kinesis Data Streams is designed for real-time streaming of large data volumes. Multiple applications can consume the same stream simultaneously, enabling real-time analytics, pattern detection, and dashboards with sub-second latency.

Why this answer

Amazon Kinesis Data Streams is purpose-built for real-time data streaming and processing, enabling you to ingest and analyze clickstream data as it arrives with sub-second latency. It supports custom processing using AWS Lambda, Kinesis Data Analytics, or Kinesis Data Firehose, making it ideal for detecting patterns in real-time without waiting for data to be stored.

Exam trap

The trap here is that candidates often confuse Amazon SQS or DynamoDB Streams as streaming services, but SQS is a queue for decoupling and DynamoDB Streams is a change data capture mechanism, neither of which is designed for real-time, high-throughput data streaming and processing like Kinesis Data Streams.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a message queue service designed for decoupling application components and asynchronous message delivery, not for real-time streaming analytics or processing of high-throughput clickstream data. Option B is wrong because Amazon S3 is an object storage service that stores data after it is collected, not designed for real-time processing or streaming ingestion. Option D is wrong because Amazon DynamoDB Streams captures changes to DynamoDB tables in near-real-time but is limited to change data capture from a single table, not designed for ingesting and processing high-volume, real-time clickstream data from millions of users.

307
MCQmedium

A company runs a real-time bidding platform for online advertising. The platform requires a database that can handle millions of requests per second with single-digit millisecond latency for both reads and writes. The data model is simple key-value pairs, and the database must be fully managed so that the company does not have to provision or maintain servers. Which AWS database service should the company use to meet these requirements?

A.Amazon RDS
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon ElastiCache
AnswerB

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale. It automatically scales to handle millions of requests per second and requires no server provisioning, making it the perfect fit for a real-time bidding platform with high-throughput, low-latency key-value access.

Why this answer

Amazon DynamoDB is the correct choice because it is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale, handling millions of requests per second. Its serverless architecture eliminates the need to provision or manage servers, making it ideal for real-time bidding platforms with simple key-value data models and high-throughput, low-latency requirements.

Exam trap

The trap here is that candidates often confuse ElastiCache (a caching layer) with a primary database, overlooking DynamoDB's fully managed, serverless nature and its native support for high-throughput key-value workloads with persistent storage.

How to eliminate wrong answers

Option A is wrong because Amazon RDS is a relational database service that requires provisioning and managing server instances, and it cannot achieve single-digit millisecond latency for millions of requests per second with a simple key-value model. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for complex analytical queries, not for real-time key-value workloads with high write throughput. Option D is wrong because Amazon ElastiCache is a managed in-memory caching service that is not fully serverless (it requires provisioning nodes) and is typically used as a cache layer, not as a primary durable database for persistent key-value storage.

308
MCQmedium

A company runs compute-intensive batch processing jobs that require high CPU performance. The workload is not memory-intensive and does not require GPU acceleration. Which Amazon EC2 instance family is the most appropriate choice?

A.Memory optimised (R family)
B.Compute optimised (C family)
C.Storage optimised (I family)
D.Accelerated computing (P family)
AnswerB

Compute optimised instances deliver the highest performance per CPU core on AWS. They are designed for batch processing, scientific computing, and other CPU-intensive workloads that are not memory-bound.

Why this answer

The compute-optimized (C family) EC2 instances are designed for workloads that benefit from high-performance processors, such as batch processing, scientific modeling, and gaming servers. Since the job requires high CPU performance and is not memory-intensive or GPU-accelerated, the C family provides the best price-performance ratio for compute-bound tasks.

Exam trap

The trap here is that candidates often confuse 'compute-intensive' with 'memory-intensive' and select memory-optimized instances, or they assume all high-performance workloads require GPU acceleration and pick accelerated computing instances.

How to eliminate wrong answers

Option A is wrong because memory-optimized instances (R family) are designed for memory-intensive workloads like large in-memory databases or real-time analytics, not for high CPU performance. Option C is wrong because storage-optimized instances (I family) are optimized for high sequential I/O performance for storage-heavy workloads like NoSQL databases or data warehousing, not CPU-bound tasks. Option D is wrong because accelerated computing instances (P family) include GPUs or FPGAs for parallel processing or machine learning, which is unnecessary for a workload that does not require GPU acceleration.

309
MCQmedium

A company's IT team manually provisions S3 buckets, EC2 instances, security groups, and IAM roles for each new project using the AWS Management Console. This process often results in configuration errors, such as overly permissive security rules or incorrect tagging, which the security team then has to fix manually. The company wants to define its entire infrastructure in a declarative template file, store it in version control, and have AWS automatically create or update the resources based on that template. Which AWS service should the company use to meet these requirements?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerA

AWS CloudFormation is the correct service for infrastructure as code. It allows you to define all AWS resources in a declarative template, version-control the template, and automatically create or update the resources as a stack.

Why this answer

AWS CloudFormation is the correct service because it allows you to define your entire infrastructure—including S3 buckets, EC2 instances, security groups, and IAM roles—in a declarative JSON or YAML template. You can store this template in version control, and CloudFormation automatically provisions or updates the resources to match the template, eliminating manual configuration errors like overly permissive security rules or incorrect tagging.

Exam trap

The trap here is that candidates confuse AWS Elastic Beanstalk as an infrastructure-as-code solution because it automates deployment, but it does not provide the declarative template control over all AWS resources that CloudFormation offers.

How to eliminate wrong answers

Option B is wrong because AWS Elastic Beanstalk is a Platform-as-a-Service (PaaS) that automates application deployment and scaling, but it abstracts away the underlying infrastructure and does not allow you to define and manage arbitrary resources like S3 buckets or IAM roles in a declarative template. Option C is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet to manage server configurations and application stacks, but it is not designed for declarative infrastructure-as-code templates stored in version control; it focuses on automating operational tasks on EC2 instances rather than provisioning all AWS resources from a template.

310
MCQmedium

A company needs to connect multiple VPCs and on-premises networks through a single hub, simplifying network management. Which AWS service acts as a cloud router to interconnect these networks?

A.VPC Peering
B.AWS Transit Gateway
C.AWS Direct Connect
D.Internet Gateway
AnswerB

Transit Gateway is a managed cloud router that enables any-to-any connectivity between VPCs and on-premises networks through a single hub, with route tables controlling traffic flow.

Why this answer

AWS Transit Gateway acts as a cloud router, using a hub-and-spoke model to interconnect multiple VPCs and on-premises networks through a single gateway. It simplifies network management by centralizing routing, supporting transitive routing between all attached networks, and integrating with AWS Direct Connect and VPN connections.

Exam trap

The trap here is that candidates often confuse VPC Peering (which is free but non-transitive and requires full mesh) with Transit Gateway (which provides transitive routing and central management), leading them to choose VPC Peering for multi-VPC connectivity without considering the hub-and-spoke requirement.

How to eliminate wrong answers

Option A is wrong because VPC Peering provides only a one-to-one, non-transitive connection between two VPCs, requiring a full mesh of peering connections for multiple VPCs and cannot connect to on-premises networks directly. Option C is wrong because AWS Direct Connect is a dedicated physical network connection from on-premises to AWS, not a router that interconnects multiple VPCs; it requires a Transit Gateway or Virtual Private Gateway to enable multi-VPC connectivity. Option D is wrong because an Internet Gateway is a horizontally scaled, redundant component that allows VPC communication with the internet, not a router for interconnecting VPCs or on-premises networks.

311
MCQmedium

A company runs a multi-step order fulfilment process that includes payment verification, inventory check, warehouse notification, and shipping label generation. Each step is implemented as a Lambda function. They need a service to coordinate these steps, handle retries on failure, and visualise workflow state. Which AWS service should they use?

A.Amazon SQS
B.Amazon EventBridge
C.AWS Step Functions
D.Amazon SNS
AnswerC

Step Functions orchestrates multi-step workflows using a state machine model. It manages the sequence of Lambda invocations, retries failed steps, handles errors, and provides a visual console showing the current state of each workflow execution.

Why this answer

AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services, including Lambda functions, into a visual workflow. It natively supports sequential execution, parallel branches, retries on failure, and state visualization, making it the ideal choice for a multi-step order fulfillment process.

Exam trap

The trap here is that candidates confuse message/event services (SQS, SNS, EventBridge) with orchestration services, failing to recognize that only Step Functions provides the stateful coordination, retry logic, and visual workflow required for multi-step processes.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a message queue service for decoupling application components, not a workflow orchestrator; it cannot coordinate multi-step logic, handle retries based on business logic, or visualize workflow state. Option B is wrong because Amazon EventBridge is an event bus for routing events between services, not a stateful workflow engine; it lacks built-in support for sequential step coordination, retry policies, and state visualization. Option D is wrong because Amazon SNS is a pub/sub notification service for sending messages to subscribers, not a workflow orchestrator; it cannot manage multi-step processes, retries, or provide a visual representation of workflow state.

312
MCQmedium

A retail company's order processing system receives large bursts of orders during flash sales. The order intake API gets overwhelmed because it directly calls a downstream processing service that is slower. The company wants to decouple the API from the processing service so orders are not lost during spikes. Which AWS service should they use?

A.Amazon SNS
B.Amazon SQS
C.Amazon EventBridge
D.AWS Step Functions
AnswerB

SQS is a durable message queue that stores messages until they are processed. The intake API enqueues orders, and the processing service dequeues and processes them at its own pace. Messages persist even if the processor is temporarily unavailable.

Why this answer

Amazon SQS (Simple Queue Service) is the correct choice because it provides a fully managed message queue that decouples the order intake API from the downstream processing service. When the API receives a burst of orders, it can immediately push each order message into an SQS queue, and the processing service can poll and consume messages at its own pace, ensuring no orders are lost even during traffic spikes.

Exam trap

The trap here is that candidates often confuse SNS (push-based pub/sub) with SQS (pull-based queue), assuming any decoupling service works the same, but SNS cannot buffer messages or allow the consumer to control the consumption rate, making it unsuitable for handling bursts from a slower downstream service.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes notifications to subscribers; it does not provide a durable buffer or allow the consumer to control the processing rate, so it cannot decouple the API from a slower downstream service without risking message loss or overload. Option C is wrong because Amazon EventBridge is a serverless event bus for routing events between AWS services and custom applications; it is not designed for point-to-point decoupling with a queue-like buffer and does not offer the same message retention and polling mechanics as SQS. Option D is wrong because AWS Step Functions is a serverless orchestration service for coordinating multiple AWS services into workflows; it does not inherently provide a message queue for buffering bursts of requests and would not prevent the API from being overwhelmed by direct calls.

313
MCQmedium

A retail company expects 10x normal traffic during Black Friday. They want to ensure their application can handle this peak load automatically. Which AWS services should they configure to handle this requirement?

A.Launch the maximum number of instances before Black Friday and keep them running year-round
B.EC2 Auto Scaling + Application Load Balancer with CloudWatch scaling policies
C.Increase the EC2 instance size to the largest available type
D.Use AWS Snowball to temporarily add compute capacity
AnswerB

Auto Scaling dynamically adds EC2 instances as demand rises and removes them as it falls. ALB distributes traffic evenly. CloudWatch metrics trigger scaling policies — the canonical elastic scaling architecture.

Why this answer

EC2 Auto Scaling automatically adjusts the number of EC2 instances based on demand, and an Application Load Balancer distributes incoming traffic across those instances. CloudWatch scaling policies monitor metrics like CPU utilization or request count to trigger scaling actions, ensuring the application can handle the 10x traffic spike without manual intervention.

Exam trap

AWS often tests the misconception that vertical scaling (increasing instance size) is sufficient for handling traffic spikes, but the exam emphasizes horizontal scaling with Auto Scaling and load balancers as the correct approach for elasticity and high availability.

How to eliminate wrong answers

Option A is wrong because launching the maximum number of instances year-round leads to unnecessary cost and resource waste, as the company only needs the extra capacity during the Black Friday peak, not constantly. Option C is wrong because simply increasing the instance size to the largest available type does not provide horizontal scaling; a single large instance can still be overwhelmed by a 10x traffic spike and creates a single point of failure. Option D is wrong because AWS Snowball is a petabyte-scale data transfer service for moving large amounts of data into or out of AWS, not a compute capacity solution; it cannot handle real-time traffic spikes.

314
MCQmedium

A company has 50 TB of on-premises file server data that must be transferred to Amazon S3. The company's internet connection is limited to 100 Mbps, and the data transfer must not impact daily business operations. The company needs a physical device to securely copy the data and then ship it to AWS for ingestion. Which AWS service should the company use?

A.AWS Snowball
B.AWS DataSync
C.Amazon S3 Transfer Acceleration
D.AWS Direct Connect
AnswerA

Correct. AWS Snowball is a physical device service for offline data transfer. It is ideal for moving large datasets (terabytes to petabytes) when network bandwidth is limited, costly, or unavailable. The device is shipped to the customer, data is copied locally, and the device is returned to AWS for ingestion into Amazon S3.

Why this answer

AWS Snowball is a physical data transport solution designed for large-scale data transfers when network bandwidth is limited or unreliable. With 50 TB of data and a 100 Mbps connection, transferring over the network would take approximately 46 days and saturate the link, impacting business operations. Snowball provides a rugged, secure device that you copy data to locally and ship to AWS, bypassing the network entirely.

Exam trap

The trap here is that candidates may choose DataSync or S3 Transfer Acceleration because they are familiar AWS data transfer services, but they overlook the explicit requirement for a physical device and the need to avoid impacting business operations on a low-bandwidth link.

How to eliminate wrong answers

Option B (AWS DataSync) is wrong because it is a network-based data transfer service that requires a stable, high-bandwidth internet connection to move data online, and it would still saturate the 100 Mbps link, impacting daily operations. Option C (Amazon S3 Transfer Acceleration) is wrong because it only accelerates uploads over the internet by using AWS edge locations, but it does not eliminate the bandwidth bottleneck or provide a physical device; the transfer would still be constrained by the 100 Mbps connection.

315
MCQmedium

A company runs a containerized application that uses multiple Docker containers. The development team wants to run these containers on AWS without provisioning or managing any EC2 instances. They also do not want to manage the container orchestration control plane. The application requires consistent access to persistent storage volumes that can be attached to containers. Which AWS service should the team use to run the containers with the least operational overhead?

A.Amazon EC2 with a container-optimized AMI
B.AWS Lambda
C.AWS Fargate
D.Amazon ECR (Amazon Elastic Container Registry)
AnswerC

AWS Fargate is a serverless compute engine for containers. It eliminates the need to provision and manage EC2 instances or the container orchestration control plane. You define your containerized application (task definition) and Fargate launches and runs the containers. Fargate also supports persistent storage through Amazon EFS or Docker volumes, meeting the storage requirement with minimal operational overhead.

Why this answer

AWS Fargate is a serverless compute engine for containers that allows you to run containers without provisioning or managing EC2 instances or the underlying container orchestration control plane (Amazon EKS or Amazon ECS). It directly meets the requirement of zero infrastructure management while supporting persistent storage through Amazon EFS filesystems or Docker volumes that can be attached to Fargate tasks, providing consistent access to storage volumes.

Exam trap

The trap here is that candidates often confuse AWS Fargate with Amazon ECS or EKS, thinking they must choose a managed orchestration service that still requires EC2 management, but Fargate eliminates both instance and control plane management.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with a container-optimized AMI still requires the team to provision, patch, and manage EC2 instances, violating the requirement to not manage any EC2 instances. Option B is wrong because AWS Lambda is designed for short-lived, event-driven functions with a maximum execution duration of 15 minutes and does not support running multiple Docker containers with persistent storage volumes attached; it also lacks native support for container orchestration and long-running containerized applications.

316
MCQmedium

A company has a mobile application that allows users to upload profile photos. When a new photo is uploaded to an Amazon S3 bucket, the application must automatically create a thumbnail version and store it in another S3 bucket. The company wants a solution that runs only when needed, scales automatically, and requires no management of underlying servers. Which AWS service should the company use to meet these requirements?

A.AWS Lambda
B.AWS Batch
C.Amazon EC2
D.Amazon ECS with EC2 launch type
AnswerA

AWS Lambda is correct. It executes code in response to S3 events, scales automatically, and is serverless, meaning no server management is needed.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to events, such as an S3 PUT object event. It automatically scales from zero to thousands of concurrent executions based on the number of incoming uploads, and requires no server management, perfectly meeting the requirement for an on-demand, auto-scaling thumbnail generation solution.

Exam trap

The trap here is that candidates may confuse AWS Batch with event-driven processing, but Batch is optimized for scheduled or queued batch jobs, not for real-time, per-object triggers like S3 uploads.

How to eliminate wrong answers

Option B (AWS Batch) is wrong because AWS Batch is designed for batch computing workloads that run as jobs on a managed cluster of EC2 instances or Fargate containers, not for real-time, event-driven processing of individual S3 object uploads. Option C (Amazon EC2) is wrong because EC2 requires provisioning, managing, and scaling underlying virtual servers, which contradicts the requirement for a solution that requires no management of underlying servers and runs only when needed.

317
MCQmedium

A company runs an application with variable workloads. During business hours, they need 10 EC2 instances; overnight they only need 2. Which combination minimizes cost while meeting this requirement?

A.10 On-Demand Instances running 24/7
B.10 Reserved Instances
C.2 Reserved Instances + Auto Scaling with On-Demand for variable demand
D.10 Spot Instances with Auto Scaling
AnswerC

Reserved Instances cover the predictable 2-instance baseline at lowest cost, while Auto Scaling adds On-Demand capacity during business hours and removes it overnight.

Why this answer

Option C is correct because it uses 2 Reserved Instances to cover the baseline workload (overnight) at a lower cost, and Auto Scaling with On-Demand Instances to dynamically add capacity during business hours. Reserved Instances provide a significant discount over On-Demand for steady-state usage, while On-Demand instances handle variable demand without upfront commitment, minimizing total cost.

Exam trap

The trap here is that candidates may choose Spot Instances (Option D) for cost savings without recognizing their lack of reliability for a workload requiring consistent availability during business hours, or they may over-purchase Reserved Instances (Option B) assuming all capacity must be reserved, ignoring the variable nature of the workload.

How to eliminate wrong answers

Option A is wrong because running 10 On-Demand Instances 24/7 incurs the highest cost, as On-Demand pricing is premium and does not leverage any discount for steady-state usage. Option B is wrong because 10 Reserved Instances lock in capacity for a 1- or 3-year term, but only 2 are needed overnight; the additional 8 Reserved Instances would be underutilized during off-peak hours, wasting money. Option D is wrong because Spot Instances can be terminated by AWS with little notice (2-minute warning) when capacity is reclaimed, making them unsuitable for a workload that must be available during business hours; they lack the reliability needed for consistent daytime operation.

318
MCQmedium

A company needs to process and analyze streaming log data from thousands of servers in near real-time, loading the results into Amazon Redshift for dashboards. Which AWS service is designed for this streaming ETL delivery use case?

A.Amazon Kinesis Data Streams
B.Amazon Kinesis Data Firehose
C.AWS Glue
D.Amazon MSK
AnswerB

Kinesis Data Firehose is the managed streaming delivery service that loads data into Redshift, S3, and OpenSearch automatically — including optional Lambda transformation, with no consumer code needed.

Why this answer

Amazon Kinesis Data Firehose is the correct choice because it is a fully managed service designed specifically for streaming ETL (extract, transform, load) delivery. It can capture, transform (e.g., convert to Parquet/ORC, perform Lambda-based data transformation), and automatically load streaming data into Amazon Redshift, Amazon S3, or Amazon OpenSearch Service in near real-time, with no ongoing administration required.

Exam trap

The trap here is that candidates often confuse Kinesis Data Streams (raw ingestion) with Kinesis Data Firehose (managed ETL delivery), assuming both can directly load into Redshift, but only Firehose provides the built-in COPY command integration and automatic transformation capabilities.

How to eliminate wrong answers

Option A is wrong because Amazon Kinesis Data Streams is a raw data ingestion service that stores streaming data in shards for custom consumers to process; it does not natively perform ETL transformations or directly load data into Redshift without additional custom code. Option C is wrong because AWS Glue is a serverless data integration service primarily for batch ETL jobs and cataloging, not designed for continuous near-real-time streaming ingestion into Redshift. Option D is wrong because Amazon MSK (Managed Streaming for Apache Kafka) provides a managed Kafka cluster for building custom streaming applications, but it lacks built-in ETL transformation and direct Redshift delivery capabilities, requiring additional infrastructure and code.

319
MCQmedium

A company is deploying a new web application on AWS. The operations team needs to provision and manage AWS resources such as Amazon EC2 instances, Amazon RDS databases, and Amazon S3 buckets in a repeatable, consistent manner across development, test, and production environments. The team wants to define the entire infrastructure as code using declarative templates that can be version-controlled and reviewed. Which AWS service should the team use to meet this requirement?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerB

AWS CloudFormation is the correct service. It enables you to define and provision AWS infrastructure using declarative templates. You can version control these templates, review them, and deploy consistent environments across development, test, and production. This is the ideal solution for infrastructure as code on AWS.

Why this answer

AWS CloudFormation is the correct service because it allows you to define your entire infrastructure as code using declarative templates (JSON or YAML). These templates can be version-controlled and reviewed, enabling repeatable and consistent provisioning of resources like EC2 instances, RDS databases, and S3 buckets across multiple environments. CloudFormation manages the lifecycle of these resources as stacks, ensuring idempotent deployments.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (a PaaS for application deployment) with infrastructure-as-code, but Elastic Beanstalk does not provide the declarative, version-controlled resource templates that CloudFormation offers for managing individual AWS resources like EC2, RDS, and S3 across environments.

How to eliminate wrong answers

Option A is wrong because AWS Elastic Beanstalk is a Platform-as-a-Service (PaaS) that abstracts infrastructure management and automates deployment, but it does not provide the granular, declarative infrastructure-as-code templates for defining individual resources like EC2, RDS, and S3 in a version-controlled manner; it focuses on application deployment rather than explicit resource provisioning. Option C is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet to manage server configurations and application stacks, but it is not a declarative infrastructure-as-code service for defining and provisioning AWS resources directly; it relies on recipes and cookbooks for server state, not on declarative templates for resource orchestration.

320
MCQmedium

A company is deploying a multi-tier application on AWS. Which AWS service provides layer 4 (TCP/UDP) load balancing with ultra-high performance and static IP addresses?

A.Application Load Balancer (ALB)
B.Network Load Balancer (NLB)
C.Gateway Load Balancer (GWLB)
D.Classic Load Balancer
AnswerB

NLB operates at Layer 4 with ultra-low latency, supporting millions of requests per second, static Elastic IP addresses per AZ, and preservation of client source IP.

Why this answer

Network Load Balancer (NLB) operates at Layer 4 (TCP/UDP) and is designed to handle millions of requests per second with ultra-low latency. It provides static IP addresses per Availability Zone, which is essential for applications requiring fixed endpoints for whitelisting or DNS stability.

Exam trap

The trap here is that candidates often confuse ALB's Layer 7 features with NLB's Layer 4 capabilities, or assume Classic Load Balancer still provides static IPs, but only NLB offers both Layer 4 operation and static IP addresses for ultra-high performance scenarios.

How to eliminate wrong answers

Option A is wrong because Application Load Balancer (ALB) operates at Layer 7 (HTTP/HTTPS) and does not provide static IP addresses; it uses a DNS name that resolves to changing IPs. Option C is wrong because Gateway Load Balancer (GWLB) operates at Layer 3 (IP) and Layer 4, but it is specifically designed for transparent network gateways (e.g., firewalls, intrusion detection) and does not provide static IP addresses for client-facing load balancing. Option D is wrong because Classic Load Balancer (CLB) is a legacy option that supports Layer 4 and Layer 7 but does not offer static IP addresses and lacks the ultra-high performance and scalability of NLB.

321
MCQmedium

A financial services company runs a high-frequency trading application that must process transactions with sub-millisecond latency. The application must run in the company's own data center to meet strict latency requirements, but the company wants to use the same AWS management APIs, control plane, and tools (such as AWS CloudFormation and Amazon CloudWatch) for consistency across on-premises and cloud environments. The company also needs the ability to seamlessly run Amazon EBS-backed Amazon EC2 instances locally. Which AWS service should the company use to meet these requirements?

A.AWS Outposts
B.AWS Wavelength
C.AWS Local Zones
D.AWS Direct Connect
AnswerA

Correct. AWS Outposts extends AWS infrastructure and services to on-premises facilities, allowing the company to run EC2 instances with EBS storage using the same AWS APIs and management tools, while keeping the application in the local data center for ultra-low latency.

Why this answer

AWS Outposts is correct because it extends AWS infrastructure, services, APIs, and tools to on-premises data centers, enabling the company to run Amazon EBS-backed EC2 instances locally with sub-millisecond latency while using the same AWS management APIs, CloudFormation, and CloudWatch for consistency.

Exam trap

The trap here is confusing AWS Outposts with AWS Local Zones or Wavelength, as candidates often think any edge or local compute service can run in their own data center, but only Outposts provides the fully managed, on-premises AWS infrastructure with local EBS-backed EC2 instances.

How to eliminate wrong answers

Option B (AWS Wavelength) is wrong because it embeds AWS compute and storage at the edge of 5G networks for ultra-low latency mobile applications, not for on-premises data center use. Option C (AWS Local Zones) is wrong because they place AWS infrastructure closer to end users in metropolitan areas but still within the AWS cloud, not in the customer's own data center. Option D (AWS Direct Connect) is wrong because it only provides a dedicated network connection from on-premises to AWS, not local compute or storage capabilities.

322
MCQmedium

A company needs to migrate 80 TB of on-premises data to Amazon S3. Their internet connection is 100 Mbps and transferring this much data over the internet would take months. Which AWS service allows them to migrate this data physically without relying on internet bandwidth?

A.AWS DataSync
B.AWS Direct Connect
C.Amazon S3 Transfer Acceleration
D.AWS Snowball Edge
AnswerD

Snowball Edge is a physical device with up to 80 TB capacity. Data is copied locally at the customer's site, then the device is shipped to AWS. This bypasses internet bandwidth limitations entirely.

Why this answer

AWS Snowball Edge is a physical data transport solution designed for large-scale data migrations when network transfer is impractical. With 80 TB of data and a 100 Mbps connection, internet transfer would take over 80 days, making Snowball Edge the correct choice as it allows you to ship the data on a ruggedized device directly to AWS, bypassing internet bandwidth entirely.

Exam trap

The trap here is that candidates may confuse AWS DataSync or S3 Transfer Acceleration as solutions for large data volumes, not realizing that these services still depend on network bandwidth and cannot physically transport data when the connection is too slow.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a network-based data transfer service that relies on your internet or Direct Connect connection, not a physical device, so it would still be constrained by the 100 Mbps bandwidth. Option B is wrong because AWS Direct Connect establishes a dedicated network connection but does not eliminate the bandwidth limitation; it would still require weeks to transfer 80 TB over a 100 Mbps link. Option C is wrong because Amazon S3 Transfer Acceleration uses optimized network paths and edge locations but still depends on your internet connection speed, so it cannot overcome the fundamental bandwidth bottleneck of 100 Mbps.

323
MCQmedium

A company wants to provide their data analysts with a way to run SQL queries on their S3 data lake using familiar BI tools like Tableau or Power BI. Which AWS service provides an ODBC/JDBC connection to S3 data?

A.Amazon QuickSight
B.Amazon Athena with JDBC/ODBC drivers
C.Amazon EMR with Hive
D.AWS Glue Data Catalog only
AnswerB

Athena provides official JDBC and ODBC drivers enabling Tableau, Power BI, and other BI tools to query S3 data via standard SQL interfaces as if connecting to a traditional database.

Why this answer

Amazon Athena is a serverless interactive query service that allows you to run standard SQL directly against data stored in Amazon S3. It provides JDBC and ODBC drivers that enable BI tools like Tableau and Power BI to connect to Athena and query the S3 data lake without needing to move or transform the data.

Exam trap

The trap here is that candidates may confuse Amazon QuickSight (a visualization tool) with the query engine that provides the actual JDBC/ODBC connectivity, or think that AWS Glue Data Catalog alone enables SQL queries, when in fact Athena is the service that combines the Data Catalog with a serverless SQL engine and JDBC/ODBC support.

How to eliminate wrong answers

Option A is wrong because Amazon QuickSight is a BI visualization service, not a SQL query engine that provides JDBC/ODBC connectivity to S3 data; it can use Athena as a data source but does not itself expose an ODBC/JDBC interface. Option C is wrong because Amazon EMR with Hive can query S3 data, but it requires provisioning and managing a Hadoop cluster, and while Hive has a JDBC driver, the question specifically asks for a service that provides an ODBC/JDBC connection to S3 data in a serverless, familiar BI tool context—Athena is the simpler, direct answer. Option D is wrong because AWS Glue Data Catalog is a metadata repository that stores table definitions and schema information; it does not provide a query engine or ODBC/JDBC connectivity on its own.

324
MCQmedium

A company is deploying a multi-tier web application that includes a VPC, subnets, security groups, EC2 instances, and an Application Load Balancer. The team needs to define the entire infrastructure in a version-controlled template so that it can be consistently deployed across development, test, and production environments with minimal manual effort. Which AWS service should the team use to meet this requirement?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS Systems Manager
AnswerA

Correct. AWS CloudFormation is a service that allows you to model and provision AWS resources using templates. This enables Infrastructure as Code (IaC), ensuring consistent and repeatable deployments across environments.

Why this answer

AWS CloudFormation is the correct choice because it is an Infrastructure as Code (IaC) service that allows you to define your entire multi-tier web application infrastructure—including VPC, subnets, security groups, EC2 instances, and an Application Load Balancer—in a version-controlled template (JSON or YAML). This enables consistent, repeatable deployments across development, test, and production environments with minimal manual effort, as CloudFormation handles the provisioning and updates in an orderly, predictable manner.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (a PaaS that simplifies deployment) with CloudFormation (an IaC service), but Elastic Beanstalk does not provide the granular, version-controlled control over network components like VPCs and subnets required by the question.

How to eliminate wrong answers

Option B (AWS Elastic Beanstalk) is wrong because it is a Platform as a Service (PaaS) that abstracts away the underlying infrastructure; while it can deploy web applications, it does not give you fine-grained control over VPC, subnets, security groups, and other network components in a version-controlled template—it manages the environment for you, not the raw infrastructure. Option C (AWS OpsWorks) is wrong because it is a configuration management service that uses Chef or Puppet to manage server configurations and deployments, but it is not designed for defining and provisioning the entire network and compute infrastructure (VPC, subnets, ALB) as a single, version-controlled template; it focuses on application configuration and lifecycle management. Option D (AWS Systems Manager) is wrong because it is an operations management service for patching, automation, and monitoring of existing instances, not for defining and deploying infrastructure from a template; it lacks the ability to provision VPCs, subnets, security groups, and load balancers as a cohesive, version-controlled stack.

325
MCQmedium

A company needs to provide secure, scalable file storage for thousands of concurrent users accessing the same shared file system from Linux-based EC2 instances. Which AWS service is most appropriate?

A.Amazon EBS Multi-Attach
B.Amazon EFS
C.Amazon S3
D.Amazon FSx for Windows File Server
AnswerB

EFS scales automatically to support thousands of concurrent NFS connections from Linux instances across multiple AZs, with no capacity planning required.

Why this answer

Amazon EFS (Elastic File System) is the correct choice because it provides a fully managed, scalable, and elastic NFS file system that can be concurrently accessed by thousands of Linux-based EC2 instances. It automatically scales storage capacity up and down as files are added or removed, and it supports the NFSv4.1 and NFSv4.0 protocols, making it ideal for shared file workloads on Linux.

Exam trap

The trap here is that candidates often confuse Amazon EBS Multi-Attach with a true shared file system, not realizing it is limited to a small number of instances in the same AZ and requires application-level coordination for writes, making it unsuitable for thousands of concurrent users.

How to eliminate wrong answers

Option A is wrong because Amazon EBS Multi-Attach only allows a single EBS volume to be attached to up to 16 Nitro-based EC2 instances in the same Availability Zone, and it does not support concurrent write access from multiple instances—it is designed for clustered applications that manage I/O coordination themselves, not for thousands of concurrent users. Option C is wrong because Amazon S3 is an object storage service accessed via HTTP/HTTPS APIs (REST/SOAP), not a file system; it does not provide a POSIX-compliant file system interface and cannot be mounted directly as a shared file system by EC2 instances without additional software (e.g., S3FS FUSE), which introduces performance and consistency limitations. Option D is wrong because Amazon FSx for Windows File Server provides SMB-based file storage for Windows-based workloads, not Linux; it does not natively support NFS and is not designed for Linux-based EC2 instances.

326
MCQmedium

A company hosts a static website on Amazon S3. Users in different geographic locations experience high latency when accessing the website. The company wants to reduce latency for all users and also minimize the number of direct requests to the S3 bucket. Which AWS service should the company use?

A.AWS Global Accelerator
B.Amazon CloudFront
C.Amazon Route 53 latency-based routing
D.AWS Direct Connect
AnswerB

Amazon CloudFront is a content delivery network (CDN) that caches static content at edge locations worldwide. This reduces latency by serving content from a nearby edge location and reduces the number of direct requests to the S3 bucket, thereby offloading the origin.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static content at edge locations worldwide, significantly reducing latency for users regardless of their geographic location. By serving content from the edge, CloudFront also offloads direct requests to the S3 bucket, reducing the load on the origin and potentially lowering costs.

Exam trap

The trap here is that candidates often confuse AWS Global Accelerator (which optimizes network path but does not cache) with CloudFront (which caches content at the edge), leading them to choose Global Accelerator for a static website latency problem.

How to eliminate wrong answers

Option A is wrong because AWS Global Accelerator improves performance by routing traffic over the AWS global network using anycast IPs, but it is designed for TCP/UDP applications (e.g., HTTP(S) behind ALB/NLB) and does not cache content or reduce direct requests to an S3 bucket. Option C is wrong because Amazon Route 53 latency-based routing directs DNS queries to the region with the lowest latency, but it does not cache content and still results in direct requests to the S3 bucket from the chosen region, failing to minimize direct requests. Option D is wrong because AWS Direct Connect establishes a dedicated network connection from on-premises to AWS, which does not reduce latency for geographically distributed users accessing a public S3 website and does not cache content.

327
MCQmedium

A company is refactoring its monolithic e-commerce application into multiple microservices. The order-processing service must send messages to the inventory service to reserve stock. The company needs a fully managed service that can durably store these messages, handle high throughput, and allow the inventory service to poll for messages at its own pace. The company wants to avoid any message loss. Which AWS service should the company use?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerA

Correct. Amazon SQS is a fully managed message queue service designed for decoupling application components. It stores messages durably, supports high throughput, and allows consumers to poll for messages, ensuring no message loss. This fits the requirement perfectly.

Why this answer

Amazon SQS is the correct choice because it is a fully managed message queuing service that durably stores messages across multiple Availability Zones, ensuring no message loss. It supports high throughput and allows the inventory service to poll for messages at its own pace using long or short polling, decoupling the order-processing and inventory services.

Exam trap

The trap here is that candidates might choose Amazon SNS because they confuse push-based notifications with durable message queuing, overlooking that SNS does not store messages or allow polling, which is essential for decoupled, loss-free communication.

How to eliminate wrong answers

Option B (Amazon SNS) is wrong because it is a pub/sub messaging service that pushes messages to subscribers (e.g., HTTP endpoints, Lambda, SQS) and does not provide durable message storage or allow the inventory service to poll at its own pace; messages are not retained if the subscriber is unavailable. Option C (Amazon Kinesis Data Streams) is wrong because it is designed for real-time streaming of large data volumes (e.g., clickstreams, logs) and requires consumers to track shard offsets, not for simple point-to-point message queuing with polling; it also has a 24-hour default retention and is more complex and costly for this use case.

328
MCQeasy

Which AWS service helps you manage and deploy infrastructure as code using templates?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerB

CloudFormation is AWS's IaC service for provisioning and managing resources using JSON/YAML templates.

Why this answer

AWS CloudFormation is the correct service because it allows you to model and provision AWS resources using declarative templates (JSON or YAML). This enables Infrastructure as Code (IaC) by treating infrastructure as version-controlled, repeatable code, which can be used to create, update, and delete entire stacks of resources in a predictable manner.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (which also uses a 'template' concept for environment configuration) with CloudFormation, but Elastic Beanstalk is a higher-level abstraction for application deployment, not a general-purpose IaC tool for managing all AWS resources.

How to eliminate wrong answers

Option A is wrong because AWS Elastic Beanstalk is a Platform as a Service (PaaS) that automates application deployment and scaling, but it does not use templates for IaC; it uses a managed environment with limited customization. Option C is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet recipes, not declarative templates, and is more focused on server configuration than IaC. Option D is wrong because AWS CodeDeploy is a deployment automation service that handles code deployment to compute instances, but it does not manage infrastructure provisioning or use templates for resource creation.

329
MCQeasy

A company runs multiple EC2 instances across several applications and wants to centralise all application log files in one place for searching, analysis, and long-term retention. Which AWS service provides centralised log storage and querying?

A.Amazon S3
B.AWS CloudTrail
C.Amazon CloudWatch Logs
D.Amazon Kinesis Data Firehose
AnswerC

CloudWatch Logs centralises log collection from EC2 instances, Lambda, and AWS services. It supports log group organisation, metric filters to create CloudWatch metrics from log patterns, and CloudWatch Logs Insights for querying.

Why this answer

Amazon CloudWatch Logs is the correct service because it is designed to centralize log storage from multiple sources, including EC2 instances, via the CloudWatch agent. It provides built-in querying with Logs Insights, supports real-time monitoring, and offers configurable retention policies for long-term storage, meeting all requirements for searching, analysis, and retention.

Exam trap

The trap here is that candidates often confuse CloudWatch Logs with CloudTrail, mistakenly thinking CloudTrail handles application logs, when in fact CloudTrail only records AWS API calls, not application-generated log data.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service, not a log querying service; while logs can be stored in S3, it lacks native querying capabilities without additional services like Athena. Option B is wrong because AWS CloudTrail records API activity for governance and auditing, not application log files; it captures control-plane events, not application-level logs. Option D is wrong because Amazon Kinesis Data Firehose is a data ingestion and delivery service that streams data to destinations like S3 or Redshift, but it does not provide native log storage or querying capabilities.

330
MCQmedium

A company wants to create a hybrid cloud architecture where their on-premises applications can access AWS services as if they were running locally. Which AWS service extends AWS infrastructure and services to on-premises locations?

A.AWS Direct Connect
B.AWS VPN
C.AWS Outposts
D.AWS Local Zones
AnswerC

Outposts physically extends AWS infrastructure to on-premises locations, running AWS services locally with the same APIs, tools, and management as the AWS cloud.

Why this answer

AWS Outposts is the correct answer because it is a fully managed service that extends AWS infrastructure, services, APIs, and tools to virtually any on-premises or edge location. This allows customers to run AWS services locally, enabling a true hybrid cloud experience where on-premises applications can access AWS services with low latency and local data processing, as if they were running in an AWS Region.

Exam trap

The trap here is that candidates often confuse AWS Direct Connect or VPN as the solution for extending AWS services on-premises, but those only provide network connectivity, not the actual deployment of AWS infrastructure locally.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect is a dedicated network connection from on-premises to AWS, but it does not extend AWS infrastructure or services locally; it only provides a private, high-bandwidth link to AWS Regions. Option B is wrong because AWS VPN creates an encrypted tunnel over the public internet to connect on-premises networks to AWS, but it does not bring AWS services or infrastructure on-premises. Option D is wrong because AWS Local Zones are extensions of AWS Regions that place compute, storage, and database services closer to end users for low-latency applications, but they are still within the AWS network and not deployed on customer premises.

331
MCQmedium

A media company processes user-uploaded images to generate thumbnails and metadata. The current solution runs a script on a single Amazon EC2 instance, which becomes overloaded during peak hours, causing delays. The company wants a solution that automatically scales to handle spikes in upload volume, requires no server management, and charges only for the processing time consumed. Which AWS service should the company use?

A.AWS Lambda
B.Amazon EC2 Auto Scaling
C.AWS Batch
D.Amazon Lightsail
AnswerA

Correct. AWS Lambda is a serverless compute service that executes code in response to triggers (e.g., S3 uploads) and automatically scales based on incoming traffic. It requires no server management and charges only for the compute time used, meeting all stated requirements.

Why this answer

AWS Lambda is the correct choice because it provides a serverless compute service that automatically scales with incoming upload volume, requires no server management, and charges only for the actual processing time (in 1ms increments). The media company's need for automatic scaling, zero server management, and pay-per-use billing aligns perfectly with Lambda's event-driven architecture, where each image upload can trigger a Lambda function to generate thumbnails and metadata without provisioning or managing any underlying infrastructure.

Exam trap

The trap here is that candidates often confuse 'auto scaling' with 'serverless' and choose Amazon EC2 Auto Scaling (Option B) because it scales, but they overlook the requirement for 'no server management' and 'pay only for processing time,' which EC2 Auto Scaling does not satisfy.

How to eliminate wrong answers

Option B (Amazon EC2 Auto Scaling) is wrong because it still requires managing EC2 instances (e.g., patching, scaling policies, instance types) and charges for running instances even when idle, not just for processing time. Option C (AWS Batch) is wrong because it is designed for batch computing jobs (e.g., large-scale parallel processing) and typically runs on EC2 instances or Fargate, which either requires server management or incurs costs for idle resources, and it is not optimized for event-driven, per-request processing like image thumbnails. Option D (Amazon Lightsail) is wrong because it provides pre-configured virtual private servers (VPS) that require manual scaling, do not auto-scale, and charge a fixed monthly fee regardless of actual usage, contradicting the 'no server management' and 'pay only for processing time' requirements.

332
MCQmedium

A company is developing a microservices application on AWS. The application has multiple independent services that must communicate asynchronously. The company needs a fully managed service to reliably store and deliver messages between these services, ensuring that each message is processed at least once and allowing the services to scale independently. Which AWS service should the company use?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon MQ
D.Amazon Kinesis Data Streams
AnswerA

Correct. Amazon SQS is a fully managed message queue service that decouples microservices. It stores messages in a queue and delivers them to consumers, ensuring at-least-once processing and independent scaling.

Why this answer

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables asynchronous communication between microservices. It reliably stores messages in queues and ensures each message is delivered at least once, allowing services to poll and process messages independently, which supports decoupling and independent scaling.

Exam trap

The trap here is that candidates confuse SNS (push-based pub/sub) with SQS (pull-based queue), overlooking that the requirement for at-least-once processing and independent scaling points to a queue-based service, not a notification fan-out service.

How to eliminate wrong answers

Option B is wrong because Amazon Simple Notification Service (SNS) is a pub/sub messaging service that pushes messages to multiple subscribers (e.g., SQS queues, Lambda, HTTP endpoints) but does not guarantee at-least-once processing per message; it is designed for fan-out notifications, not for reliable point-to-point queuing with individual message processing. Option C is wrong because Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ, which provides JMS-compatible messaging but is not fully serverless and requires provisioning of broker instances; it is intended for migrating existing message brokers, not for a fully managed, serverless at-least-once queue pattern.

333
MCQeasy

A developer wants to send real-time notifications to mobile app users when new content is available. Which AWS service enables push notifications to iOS and Android devices?

A.Amazon SES
B.Amazon Pinpoint
C.Amazon SNS
D.AWS AppSync
AnswerC

SNS directly integrates with Apple APNs, Google FCM, and Amazon ADM to deliver push notifications to mobile devices at scale.

Why this answer

Amazon SNS (Simple Notification Service) is the correct choice because it provides a fully managed pub/sub messaging service that supports push notifications to mobile endpoints via platform application endpoints for iOS (APNs) and Android (FCM). It enables real-time delivery of messages directly to mobile apps without requiring polling or additional infrastructure.

Exam trap

The trap here is that candidates may confuse Amazon Pinpoint as the only service for push notifications due to its marketing focus, but Amazon SNS is the core service for direct programmatic push notification delivery to mobile devices.

How to eliminate wrong answers

Option A is wrong because Amazon SES (Simple Email Service) is designed for sending transactional and marketing emails, not push notifications to mobile devices; it lacks the ability to send to mobile push endpoints. Option B is wrong because Amazon Pinpoint is a customer engagement service that can send push notifications, but it is primarily a multi-channel marketing and analytics tool, not the simplest or most direct service for a developer to send real-time push notifications programmatically; SNS is the more appropriate service for this specific use case. Option D is wrong because AWS AppSync is a managed GraphQL service for building real-time and offline-capable applications, but it does not directly send push notifications to mobile devices; it can trigger notifications via other services like SNS but is not the push notification delivery mechanism itself.

334
MCQmedium

A company stores historical sales data in Amazon S3. The data is accessed only once a month for generating quarterly reports. When accessed, the data must be available for retrieval within seconds. The company wants to minimize storage costs while meeting the retrieval latency requirement. Which S3 storage class should the company use?

A.S3 Standard
B.S3 Intelligent-Tiering
C.S3 Standard-IA (Infrequent Access)
D.S3 Glacier Deep Archive
AnswerC

S3 Standard-IA is optimized for infrequently accessed data that requires millisecond retrieval. It offers lower storage costs than S3 Standard, with a retrieval fee. This matches the scenario: monthly access with seconds retrieval latency and lowest cost.

Why this answer

S3 Standard-IA (Infrequent Access) is the correct choice because it offers the same low-latency retrieval (milliseconds) as S3 Standard but at a lower storage cost, making it ideal for data accessed infrequently (e.g., once a month) yet requiring immediate availability. The company's requirement of 'within seconds' is fully met by S3 Standard-IA, which provides the same first-byte latency as S3 Standard, while minimizing storage costs for data that is not accessed frequently.

Exam trap

The trap here is that candidates often confuse 'infrequent access' with 'archival access' and incorrectly choose S3 Glacier Deep Archive, overlooking the critical retrieval latency requirement of 'within seconds' that only S3 Standard-IA (or S3 Standard) can meet.

How to eliminate wrong answers

Option A is wrong because S3 Standard is designed for frequently accessed data and has a higher storage cost than necessary for data accessed only once a month, leading to unnecessary expense. Option B is wrong because S3 Intelligent-Tiering automatically moves data between access tiers based on changing access patterns, but it incurs a monthly monitoring and automation fee per object, which is not cost-effective for a predictable, infrequent access pattern like once a month. Option D is wrong because S3 Glacier Deep Archive has retrieval times ranging from 12 to 48 hours (not within seconds), which fails the company's requirement for data to be available within seconds.

335
MCQmedium

A company wants to use Amazon S3 to store objects that must not be deleted or overwritten for a specified period for regulatory compliance. Which S3 feature enforces this?

A.S3 Versioning
B.S3 Lifecycle policies
C.S3 Object Lock
D.S3 Block Public Access
AnswerC

Object Lock enforces WORM storage with Governance or Compliance retention modes — Compliance mode is immutable even to root users, satisfying strict regulatory requirements.

Why this answer

Amazon S3 Object Lock is designed specifically to prevent objects from being deleted or overwritten for a fixed period or indefinitely. It enforces a write-once-read-many (WORM) model by applying retention modes (Governance or Compliance) or legal holds, which block both DELETE and PUT operations on locked objects until the retention period expires. This directly meets the regulatory compliance requirement described in the question.

Exam trap

The trap here is that candidates often confuse S3 Versioning with immutability, assuming that keeping multiple versions prevents deletion, but versioning alone does not block the ability to delete the latest version or permanently delete all versions.

How to eliminate wrong answers

Option A is wrong because S3 Versioning creates multiple versions of an object but does not prevent deletion or overwriting; a user can still delete the current version or overwrite it, and versioning alone offers no WORM protection. Option B is wrong because S3 Lifecycle policies automate transitions or expirations of objects based on age or rules, but they do not enforce a retention lock that blocks user-initiated deletions or overwrites. Option D is wrong because S3 Block Public Access only restricts public access to buckets and objects via ACLs or bucket policies; it has no mechanism to prevent deletion or overwriting of objects.

336
MCQeasy

Which AWS database service is best suited for storing and querying data with complex relationships using structured query language?

A.Amazon DynamoDB
B.Amazon RDS
C.Amazon ElastiCache
D.Amazon Neptune
AnswerB

RDS provides fully managed relational databases with SQL support, making it ideal for structured relational data.

Why this answer

Amazon RDS is the correct choice because it provides managed relational database services (e.g., MySQL, PostgreSQL, Oracle, SQL Server) that use structured query language (SQL) and are designed to handle complex relationships through foreign keys, joins, and normalized schemas. This makes it ideal for applications requiring ACID transactions and complex queries across multiple tables.

Exam trap

The trap here is that candidates often confuse Amazon DynamoDB's ability to store JSON documents with relational capabilities, but DynamoDB lacks SQL support and cannot efficiently handle complex multi-table joins or referential integrity constraints.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support complex relational queries or SQL; it is optimized for high-scale, low-latency access with simple query patterns. Option C is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis and Memcached) that is not designed for persistent relational data storage or complex SQL queries. Option D is wrong because Amazon Neptune is a graph database that uses query languages like Gremlin and SPARQL, not SQL, and is specialized for highly connected data (e.g., social networks, recommendation engines) rather than general relational data.

337
MCQmedium

A company's microservices application consists of 10 services. When a user request is slow, the development team cannot determine which service in the chain is the bottleneck. Which AWS service provides distributed tracing so they can see the full path of a request and identify the slow component?

A.Amazon CloudWatch Metrics
B.AWS CloudTrail
C.AWS X-Ray
D.Amazon Inspector
AnswerC

X-Ray instruments applications with the X-Ray SDK to capture trace data for each request. It builds a service map showing latency at each service hop, making it straightforward to identify the bottleneck in a multi-service chain.

Why this answer

AWS X-Ray is the correct service because it provides end-to-end distributed tracing, allowing developers to trace a request as it travels through multiple microservices. It generates a service map that shows the full path of a request, including latency breakdowns for each service, enabling identification of the slow component. This directly addresses the need to pinpoint bottlenecks in a chain of 10 services.

Exam trap

The trap here is that candidates confuse Amazon CloudWatch Metrics (which shows aggregate performance data) with distributed tracing, not realizing that only X-Ray can trace a single request's full path across multiple services to identify the specific slow component.

How to eliminate wrong answers

Option A is wrong because Amazon CloudWatch Metrics aggregates and monitors performance metrics (e.g., CPU, memory) but does not trace individual requests across services or show the request path through a microservices chain. Option B is wrong because AWS CloudTrail records API calls for auditing and governance, not application-level request tracing or latency analysis. Option D is wrong because Amazon Inspector is a vulnerability management service that scans for software vulnerabilities and unintended network exposure, not a distributed tracing tool.

338
MCQmedium

A company needs to replicate their Amazon S3 data to a different AWS Region automatically to meet disaster recovery requirements. Which S3 feature enables this?

A.S3 Intelligent-Tiering
B.S3 Cross-Region Replication (CRR)
C.S3 Lifecycle policies
D.S3 Transfer Acceleration
AnswerB

CRR automatically replicates new and updated objects to a destination bucket in another Region, supporting DR, compliance, and latency optimization use cases.

Why this answer

Amazon S3 Cross-Region Replication (CRR) is the correct feature because it automatically and asynchronously replicates objects across S3 buckets in different AWS Regions, meeting disaster recovery requirements by ensuring data is available in a secondary geographic location. CRR requires versioning to be enabled on both source and destination buckets, and it replicates new objects and object metadata by default, with optional configuration for replicating delete markers or objects from specific prefixes.

Exam trap

The trap here is that candidates often confuse S3 Lifecycle policies (which manage storage tiers) with replication features, or mistakenly think S3 Transfer Acceleration provides replication because it improves transfer speed, but neither performs automatic cross-region copying.

How to eliminate wrong answers

Option A is wrong because S3 Intelligent-Tiering is a storage class that optimizes costs by moving data between access tiers based on usage patterns, not a replication feature; it does not copy data to another Region. Option C is wrong because S3 Lifecycle policies automate transitioning objects between storage classes or expiring them, but they do not replicate data across Regions. Option D is wrong because S3 Transfer Acceleration speeds up uploads over long distances using AWS edge locations and optimized network paths, but it does not provide automatic replication or disaster recovery.

339
MCQmedium

A company uses Amazon S3 to store raw data files for a data analytics platform. The company requires that files remain immediately accessible for the first 30 days after upload. After 30 days, files must be automatically moved to a lower-cost storage class for archival access. After 7 years, files must be automatically deleted. The company wants to implement this data management strategy with minimal ongoing effort. Which AWS S3 feature should the company use?

A.S3 Lifecycle policies
B.S3 Intelligent-Tiering
C.S3 Object Lock
D.S3 Versioning
AnswerA

This is correct. S3 Lifecycle policies allow you to define rules for transitioning objects to other storage classes after a specified number of days and for expiring (deleting) objects after a set period. This automates the company's data management requirements.

Why this answer

S3 Lifecycle policies allow you to define rules that automatically transition objects between storage classes (e.g., from S3 Standard to S3 Glacier Deep Archive) and expire (delete) objects based on object age. This directly meets the requirement to keep files immediately accessible for 30 days, move them to a lower-cost archival class after 30 days, and delete them after 7 years, all with minimal ongoing effort.

Exam trap

The trap here is that candidates often confuse S3 Intelligent-Tiering (which automates cost optimization based on access patterns) with S3 Lifecycle policies (which enforce a fixed, time-based data management schedule), leading them to choose Intelligent-Tiering even though it cannot enforce a mandatory deletion date.

How to eliminate wrong answers

Option B (S3 Intelligent-Tiering) is wrong because it automatically moves objects between access tiers based on changing access patterns, not on a fixed time-based schedule, and it does not support automatic deletion after a specific period. Option C (S3 Object Lock) is wrong because it is designed to prevent object deletion or overwrites for a fixed retention period (write-once-read-many, WORM), not to automate transitions or deletions based on age. Option D (S3 Versioning) is wrong because it preserves multiple versions of an object to protect against accidental deletion or overwrite, but it does not provide any automated lifecycle transitions or time-based deletion.

340
MCQmedium

A development team needs to deploy a web application on AWS quickly. The team wants a fully managed service that automatically handles capacity provisioning, load balancing, auto-scaling, and application health monitoring. The team does not want to manage the underlying Amazon EC2 instances or the application stack manually. Which AWS service should the team use?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS OpsWorks
D.Amazon EC2 Auto Scaling
AnswerA

Correct. AWS Elastic Beanstalk is a PaaS service that automatically manages capacity provisioning, load balancing, auto-scaling, and application health monitoring for deployed web applications. You simply upload your code and the service handles the underlying infrastructure.

Why this answer

AWS Elastic Beanstalk is the correct choice because it is a fully managed Platform as a Service (PaaS) that automatically handles capacity provisioning, load balancing, auto-scaling, and application health monitoring without requiring the team to manage the underlying EC2 instances or application stack. It abstracts away infrastructure management, allowing developers to simply upload their code and have the service handle deployment, scaling, and monitoring out of the box.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with AWS CloudFormation, mistakenly thinking that CloudFormation provides the same level of automated management, when in fact CloudFormation only provisions resources based on templates and does not include built-in application health monitoring or auto-scaling logic without additional configuration.

How to eliminate wrong answers

Option B (AWS CloudFormation) is wrong because it is an Infrastructure as Code (IaC) service that provisions and manages AWS resources declaratively, but it does not automatically handle capacity provisioning, load balancing, auto-scaling, or health monitoring; it requires manual configuration of each resource. Option C (AWS OpsWorks) is wrong because it is a configuration management service that uses Chef or Puppet to manage EC2 instances and application stacks, but it still requires the team to manage the underlying instances and does not provide fully automated capacity provisioning or health monitoring without manual setup. Option D (Amazon EC2 Auto Scaling) is wrong because it only handles automatic scaling of EC2 instances based on defined policies, but it does not provide load balancing, application health monitoring, or a fully managed application stack; it is a component that must be combined with other services like Elastic Load Balancing and Amazon CloudWatch.

341
MCQmedium

A company runs a data-intensive workload in a colocation facility and wants to establish a dedicated, private network connection to its Amazon VPC. The connection must bypass the public internet to provide consistent high throughput and low latency. The company also wants to avoid data transfer costs associated with internet-based connections. Which AWS service should the company use?

A.AWS Site-to-Site VPN
B.AWS Direct Connect
C.AWS VPN CloudHub
D.AWS Transit Gateway
AnswerB

Correct. AWS Direct Connect establishes a dedicated private connection between an on-premises data center and AWS. This connection bypasses the public internet, resulting in more consistent network performance, lower latency, and potentially lower data transfer costs. It is the appropriate service for the described requirements.

Why this answer

AWS Direct Connect is the correct service because it provides a dedicated, private network connection from an on-premises or colocation facility directly to an Amazon VPC, bypassing the public internet entirely. This ensures consistent high throughput, low latency, and eliminates data transfer costs associated with internet-based connections, as traffic flows over a private physical link.

Exam trap

The trap here is that candidates often confuse AWS Site-to-Site VPN with a private connection, but VPNs still traverse the public internet and cannot guarantee the consistent performance or cost savings of a dedicated physical link like Direct Connect.

How to eliminate wrong answers

Option A is wrong because AWS Site-to-Site VPN uses the public internet to establish an encrypted tunnel (IPsec), which cannot guarantee consistent high throughput or low latency and incurs internet data transfer costs. Option C is wrong because AWS VPN CloudHub is a hub-and-spoke VPN architecture that connects multiple remote sites over the public internet, not a dedicated private connection to a VPC. Option D is wrong because AWS Transit Gateway is a network transit hub that interconnects VPCs and on-premises networks, but it does not itself provide a dedicated physical connection; it requires an underlying connection like Direct Connect or VPN to function.

← PreviousPage 5 of 5 · 341 questions total

Ready to test yourself?

Try a timed practice session using only Cloud Technology and Services questions.