CCNA Technology Questions

75 of 341 questions · Page 2/5 · Technology topic · Answers revealed

76
MCQmedium

Which AWS service provides a managed graph database for use cases like social networks, recommendation engines, and fraud detection?

A.Amazon DynamoDB
B.Amazon Neptune
C.Amazon RDS
D.Amazon Redshift
AnswerB

Neptune is purpose-built for graph workloads, supporting property graph (Gremlin/openCypher) and RDF (SPARQL) data models with optimized graph traversal performance.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected datasets. It supports both property graph (using Apache TinkerPop Gremlin) and RDF (using SPARQL) models, making it ideal for use cases like social networks, recommendation engines, and fraud detection that require traversing complex relationships.

Exam trap

The trap here is that candidates often confuse Amazon DynamoDB (a NoSQL database) with graph databases because both are non-relational, but DynamoDB lacks native graph traversal capabilities and is unsuitable for relationship-heavy queries like those in social networks or fraud detection.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a key-value and document NoSQL database, not a graph database; it lacks native graph traversal capabilities and is optimized for simple key-based lookups rather than relationship-heavy queries. Option C is wrong because Amazon RDS is a relational database service supporting SQL-based engines (e.g., MySQL, PostgreSQL), which are not designed for efficient graph traversal and require complex joins for connected data. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries on structured data, not for graph-based relationship modeling or real-time traversal.

77
MCQmedium

A company hosts its website on a single Amazon EC2 instance in the us-east-1 Region. The website includes static assets such as images, CSS, and JavaScript files. Users in Europe and Asia report that the website loads slowly because the static assets must travel from the us-east-1 Region. The company wants to reduce latency for global users and decrease the load on the EC2 instance by serving static content from locations that are closer to the users. Which AWS service should the company use to meet these requirements?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 with latency-based routing
D.Amazon S3 Transfer Acceleration
AnswerA

Correct. CloudFront is a global CDN that caches static assets at edge locations, reducing latency and origin load.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets (images, CSS, JavaScript) at edge locations worldwide. By serving content from edge locations closer to users in Europe and Asia, CloudFront reduces latency and offloads requests from the origin EC2 instance, decreasing its load. This directly meets the requirements for global latency reduction and reduced EC2 load.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator (which optimizes network path but does not cache) with a CDN, or think Route 53 latency-based routing alone can serve content from edge locations, when in fact it only directs traffic to the same single origin.

How to eliminate wrong answers

Option B (AWS Global Accelerator) is wrong because it improves performance by routing traffic over the AWS global network to the optimal regional endpoint, but it does not cache static content at edge locations; it only optimizes TCP/UDP traffic flow, so it would not reduce load on the EC2 instance or serve static assets from locations closer to users. Option C (Amazon Route 53 with latency-based routing) is wrong because it only directs DNS queries to the EC2 instance with the lowest latency, but the static assets still originate from that single EC2 instance in us-east-1; it does not cache or replicate content, so it does not reduce the load on the instance or serve content from edge locations.

78
MCQeasy

Which AWS service provides managed Microsoft Windows file storage that supports SMB protocol, Active Directory integration, and Windows ACL permissions?

A.Amazon EFS
B.Amazon FSx for Windows File Server
C.Amazon S3
D.AWS Storage Gateway
AnswerB

FSx for Windows provides fully managed Windows file shares with SMB support, AD integration, shadow copies, and Windows ACLs — purpose-built for Windows workloads.

Why this answer

Amazon FSx for Windows File Server provides fully managed native Microsoft Windows file storage that supports the Server Message Block (SMB) protocol, integrates with Active Directory for identity-based access, and enforces Windows NTFS ACL permissions. This makes it the only AWS service designed specifically to offer these Windows-native features out of the box.

Exam trap

The trap here is that candidates often confuse Amazon EFS (which is NFS-based) with a Windows file share, or assume S3 can serve as a network drive via SMB, but neither supports the required Windows-specific protocols and permissions.

How to eliminate wrong answers

Option A is wrong because Amazon EFS uses the NFSv4 protocol (not SMB) and does not support Active Directory integration or Windows ACLs; it is designed for Linux-based workloads. Option C is wrong because Amazon S3 is an object storage service that uses RESTful APIs, not the SMB protocol, and does not natively support Active Directory authentication or Windows ACLs. Option D is wrong because AWS Storage Gateway provides hybrid storage connectivity (e.g., file gateway, volume gateway) but does not offer a fully managed, native Windows file server with SMB, Active Directory, and Windows ACL support; it is a gateway appliance, not a managed file system.

79
MCQmedium

A company is developing a microservices application on AWS. The application includes a front-end web tier and a backend order processing service. The front-end sends order requests to the backend, which may take several seconds to process. The company wants to ensure that the front-end does not wait for the backend to complete, and that no orders are lost if the backend service is temporarily unavailable. Which AWS service should the company use to decouple the front-end and backend?

A.Amazon ElastiCache
B.Amazon Simple Queue Service (SQS)
C.Amazon Route 53
D.Amazon CloudWatch
AnswerB

Amazon SQS is a message queuing service that decouples application components. It allows the front-end to send messages to a queue, which are then processed by the backend independently, ensuring no data loss and asynchronous processing.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed message queue that decouples the front-end and backend services. The front-end can send order requests to an SQS queue and immediately return a response, while the backend processes messages asynchronously. SQS also stores messages durably across multiple Availability Zones, ensuring no orders are lost even if the backend is temporarily unavailable.

Exam trap

The trap here is that candidates may confuse ElastiCache's in-memory caching with message queuing, mistakenly thinking it can buffer requests, but ElastiCache has no persistent storage or asynchronous delivery guarantees for decoupling services.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis or Memcached) designed to reduce latency for read-heavy workloads, not to provide durable, asynchronous message queuing for decoupling services. Option C is wrong because Amazon Route 53 is a DNS and traffic management service that resolves domain names to IP addresses and routes end-user requests, but it does not store or buffer application messages between services.

80
MCQmedium

A company needs to run scheduled jobs that execute SQL queries on their Amazon RDS database every night. Which AWS service provides fully managed job scheduling without maintaining dedicated compute resources?

A.Amazon EC2 with cron jobs
B.AWS Lambda triggered by Amazon EventBridge Scheduler
C.Amazon ECS with scheduled tasks
D.AWS OpsWorks
AnswerB

EventBridge Scheduler invokes Lambda on a schedule without any persistent compute — Lambda runs the database query and terminates, with zero idle costs.

Why this answer

AWS Lambda triggered by Amazon EventBridge Scheduler is the correct choice because EventBridge Scheduler provides fully managed, serverless job scheduling that can invoke Lambda functions to execute SQL queries on Amazon RDS. This eliminates the need to provision or maintain any dedicated compute resources, as the scheduling and execution are handled entirely by AWS.

Exam trap

The trap here is that candidates may confuse 'fully managed job scheduling' with services like EC2 cron jobs or ECS scheduled tasks, overlooking that EventBridge Scheduler is the only option that requires zero compute resource management for this specific use case.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with cron jobs requires you to provision, patch, and manage a dedicated EC2 instance, which contradicts the requirement of 'without maintaining dedicated compute resources'. Option C is wrong because Amazon ECS with scheduled tasks still requires you to manage a cluster of EC2 instances (or use Fargate, which is serverless but not the simplest fully managed scheduling service for this use case) and involves container orchestration overhead. Option D is wrong because AWS OpsWorks is a configuration management service (based on Chef/Puppet) that manages EC2 instances and applications, not a simple scheduled job execution service, and it still requires maintaining compute resources.

81
MCQmedium

A development team accidentally deletes important files from an Amazon S3 bucket. The company wants to protect against accidental deletions and overwrites in the future, allowing recovery of previous versions of objects. Which S3 feature should they enable?

A.S3 Object Lock
B.S3 Cross-Region Replication
C.S3 Versioning
D.S3 Intelligent-Tiering
AnswerC

S3 Versioning maintains multiple versions of each object. A deletion adds a delete marker and keeps the previous versions, which can be restored. Overwrites create a new version without removing the old one.

Why this answer

S3 Versioning is the correct feature because it preserves every version of an object, including overwrites and deletions. When versioning is enabled, deleting an object only adds a delete marker, and previous versions remain recoverable. This directly addresses the requirement to protect against accidental deletions and overwrites by allowing restoration of earlier object versions.

Exam trap

The trap here is that candidates often confuse S3 Object Lock with versioning, thinking that locking objects prevents deletion entirely, but Object Lock only enforces retention periods and does not provide the ability to recover from accidental deletions or overwrites after they occur.

How to eliminate wrong answers

Option A is wrong because S3 Object Lock prevents objects from being deleted or overwritten for a fixed retention period, but it does not inherently preserve multiple versions; it works with versioning to enforce write-once-read-many (WORM) compliance, not to recover from accidental deletions after the fact. Option B is wrong because S3 Cross-Region Replication asynchronously copies objects to a different AWS region for redundancy or compliance, but it does not protect against accidental deletions or overwrites in the source bucket; deletions and overwrites are replicated, so they cannot be recovered from the source alone. Option D is wrong because S3 Intelligent-Tiering automatically moves objects between access tiers to optimize storage costs based on changing access patterns; it has no capability to preserve or recover previous object versions.

82
MCQmedium

A company manages a web application that consists of Amazon EC2 instances, an Amazon RDS database, and an Amazon S3 bucket. The team deploys the application to separate development, test, and production environments. Currently, the team manually configures each environment, which has led to configuration drift and deployment errors. The company wants to define the entire infrastructure as code, store the definition in a version control system, and deploy it consistently across all environments with a single template. Which AWS service should the company use to meet these requirements?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerA

Correct. AWS CloudFormation is the dedicated Infrastructure as Code service that allows you to define and provision AWS resources using templates, enabling consistent and repeatable deployments across environments.

Why this answer

AWS CloudFormation is the correct choice because it enables you to define your entire infrastructure—including EC2 instances, RDS databases, and S3 buckets—as code in a JSON or YAML template. This template can be stored in a version control system and deployed consistently across development, test, and production environments using a single template, eliminating configuration drift and manual errors.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk's automated deployment and scaling capabilities with infrastructure-as-code provisioning, overlooking that CloudFormation provides the explicit, version-controlled template required for consistent multi-environment infrastructure management.

How to eliminate wrong answers

Option B is wrong because AWS Elastic Beanstalk is a Platform as a Service (PaaS) that automates application deployment and scaling but does not provide a single template to define and manage all infrastructure resources as code; it abstracts the underlying infrastructure and is less suitable for fine-grained control over resources like RDS and S3. Option C is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet to manage server configurations, but it is not designed to define the entire infrastructure as code in a single template; it focuses on server-level automation rather than infrastructure provisioning and orchestration.

83
MCQmedium

Which AWS service provides a continuous integration/continuous deployment (CI/CD) pipeline that automates the build, test, and deploy phases of application release?

A.AWS CodeBuild
B.AWS CodeDeploy
C.AWS CodePipeline
D.AWS CodeCommit
AnswerC

CodePipeline orchestrates the entire CI/CD workflow, connecting source (CodeCommit/GitHub), build (CodeBuild), test, and deployment (CodeDeploy/CloudFormation) stages into an automated release pipeline.

Why this answer

AWS CodePipeline is a fully managed CI/CD service that orchestrates the build, test, and deploy phases of a release process. It integrates with services like AWS CodeBuild for building and testing, and AWS CodeDeploy for deployment, providing a single pipeline to automate the entire workflow.

Exam trap

The trap here is that candidates often confuse the individual CI/CD component services (CodeBuild, CodeDeploy, CodeCommit) with the orchestration service (CodePipeline) that ties them together, leading them to select a service that only handles one phase of the pipeline.

How to eliminate wrong answers

Option A is wrong because AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages, but it does not orchestrate the entire CI/CD pipeline or manage deployment phases. Option B is wrong because AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 and on-premises, but it is only the deploy phase and does not handle build or test automation. Option D is wrong because AWS CodeCommit is a fully managed source control service that hosts Git-based repositories, but it does not provide build, test, or deployment automation.

84
MCQmedium

Which AWS service enables event-driven architectures by acting as a central event bus that routes events from AWS services, SaaS applications, and custom applications to configured targets?

A.Amazon SNS
B.Amazon SQS
C.Amazon EventBridge
D.AWS Step Functions
AnswerC

EventBridge is the serverless event bus for building event-driven architectures, routing events from AWS services, SaaS providers, and custom apps to targets based on declarative rules.

Why this answer

Amazon EventBridge is a serverless event bus that ingests events from AWS services, SaaS partners, and custom applications, then routes them to targets like Lambda, Step Functions, or SQS based on configurable rules. It decouples event producers from consumers, enabling event-driven architectures without polling or custom middleware. This matches the question's description of a central event bus for cross-domain event routing.

Exam trap

The trap here is that candidates confuse Amazon SNS (pub/sub) with an event bus, but SNS lacks rule-based filtering and multi-source event ingestion from SaaS and custom apps, which is the defining feature of EventBridge.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes notifications to subscribers (e.g., email, SMS, HTTP endpoints), but it does not act as a central event bus with rule-based routing from multiple sources like SaaS or custom apps. Option B is wrong because Amazon SQS is a fully managed message queue for decoupling microservices, not an event bus; it stores messages for polling consumers and lacks built-in event routing rules. Option D is wrong because AWS Step Functions is a serverless orchestration service for coordinating workflows (state machines), not an event bus for routing events from diverse sources to targets.

85
MCQeasy

A company wants to monitor the CPU utilisation of their EC2 instances and automatically send an email alert when utilisation exceeds 80% for more than 5 consecutive minutes. Which AWS service provides this monitoring and alerting capability?

A.AWS CloudTrail
B.AWS Config
C.Amazon CloudWatch
D.AWS X-Ray
AnswerC

CloudWatch is the AWS monitoring service. It collects EC2 CPU utilisation metrics, allows you to create alarms with configurable thresholds and evaluation periods, and integrates with SNS to send email notifications when alarms fire.

Why this answer

Amazon CloudWatch is the correct service because it provides both monitoring of EC2 CPU utilization metrics and the ability to create CloudWatch Alarms that trigger actions, such as sending an email via Amazon SNS, when a metric like CPUUtilization exceeds a threshold (e.g., 80%) for a specified number of consecutive evaluation periods (e.g., 5 minutes). This directly fulfills the requirement for monitoring and alerting on CPU utilization.

Exam trap

The trap here is that candidates often confuse CloudTrail (audit logging) with CloudWatch (monitoring), or assume AWS Config can handle performance alerts, when in fact only CloudWatch provides metric-based monitoring and alarm actions.

How to eliminate wrong answers

Option A is wrong because AWS CloudTrail records API activity and governance events, not system-level metrics like CPU utilization; it cannot monitor performance or trigger threshold-based alerts. Option B is wrong because AWS Config evaluates resource configurations against desired policies and tracks configuration changes, but it does not monitor real-time performance metrics or CPU utilization. Option D is wrong because AWS X-Ray is a distributed tracing service for analyzing and debugging application requests and latency, not for monitoring infrastructure metrics like CPU utilization.

86
MCQeasy

A company wants to create interactive dashboards and charts from data stored in Amazon S3, Amazon RDS, and Amazon Redshift, sharing them with business users across the organisation without managing BI server infrastructure. Which AWS service provides cloud-native business intelligence?

A.Amazon Athena
B.Amazon Redshift
C.Amazon QuickSight
D.Amazon CloudWatch
AnswerC

QuickSight is AWS's managed BI service for creating interactive dashboards and ML-powered insights. It connects to S3, RDS, Redshift, and other sources and shares dashboards with business users at a per-user cost with no server management.

Why this answer

Amazon QuickSight is a cloud-native, serverless business intelligence (BI) service that enables users to create interactive dashboards and visualizations from data sources such as Amazon S3, Amazon RDS, and Amazon Redshift. It requires no BI server infrastructure management, supports SPICE (Super-fast, Parallel, In-memory Calculation Engine) for high-performance data caching, and allows sharing dashboards with business users across an organization via a web browser or mobile app.

Exam trap

The trap here is that candidates confuse query engines (Athena) or data warehouses (Redshift) with full BI services, overlooking that QuickSight is the only AWS service purpose-built for serverless interactive dashboards and sharing with business users.

How to eliminate wrong answers

Option A is wrong because Amazon Athena is an interactive query service that uses standard SQL to analyze data directly in Amazon S3, but it does not provide BI dashboarding, charting, or sharing capabilities—it is a query engine, not a BI tool. Option B is wrong because Amazon Redshift is a cloud data warehouse optimized for large-scale analytics and SQL-based querying, but it does not natively create interactive dashboards or charts; it requires a separate BI tool like QuickSight for visualization. Option D is wrong because Amazon CloudWatch is a monitoring and observability service for AWS resources and applications, designed for metrics, logs, and alarms, not for business intelligence dashboards or ad-hoc analysis of business data from S3, RDS, or Redshift.

87
MCQmedium

Which AWS service provides a private connection from an on-premises network to AWS that bypasses the public internet and provides consistent network performance?

A.AWS Site-to-Site VPN
B.Amazon CloudFront
C.AWS Direct Connect
D.AWS Transit Gateway
AnswerC

Direct Connect provides dedicated private network connections to AWS, bypassing the internet for consistent performance, lower latency, and reduced data transfer costs.

Why this answer

AWS Direct Connect is the correct answer because it provides a dedicated, private network connection from an on-premises data center to AWS, completely bypassing the public internet. This ensures consistent network performance, lower latency, and higher bandwidth, as the connection is established through a standard 1 Gbps or 10 Gbps Ethernet fiber-optic cable linked to an AWS Direct Connect location.

Exam trap

The trap here is that candidates often confuse AWS Site-to-Site VPN (which also connects on-premises to AWS) with a private connection, but VPN still traverses the public internet and cannot guarantee consistent performance, whereas Direct Connect is the only option that physically bypasses the internet.

How to eliminate wrong answers

Option A is wrong because AWS Site-to-Site VPN uses the public internet to create an encrypted tunnel (IPsec), which introduces variable latency and potential bandwidth fluctuations due to internet congestion, so it does not bypass the public internet nor guarantee consistent performance. Option B is wrong because Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations to accelerate delivery over the internet; it does not provide a private connection from an on-premises network to AWS. Option D is wrong because AWS Transit Gateway is a network transit hub that connects VPCs and on-premises networks, but it requires an underlying connection method (such as VPN or Direct Connect) to actually reach the on-premises network; it does not itself provide a private, internet-bypassing link.

88
MCQmedium

A company is refactoring its legacy application into a microservices architecture using Docker containers. The operations team wants to deploy and manage these containers on AWS without the need to provision, patch, or manage the underlying servers. The solution must automatically scale containers based on demand and integrate with services like Application Load Balancer and Amazon RDS. Which AWS compute service should the company use?

A.Amazon ECS with Amazon EC2 launch type
B.Amazon ECS with AWS Fargate launch type
C.AWS Lambda
D.Amazon EC2 instances with Docker installed
AnswerB

AWS Fargate is a serverless compute engine for containers. It automatically provisions and scales the underlying infrastructure, so the team does not have to manage servers. It integrates with ECS, ALB, RDS, and other AWS services.

Why this answer

Amazon ECS with AWS Fargate launch type is the correct choice because it is a serverless compute engine for containers that eliminates the need to provision, patch, or manage underlying servers. Fargate automatically scales containers based on demand and integrates natively with services like Application Load Balancer and Amazon RDS, meeting all the stated requirements.

Exam trap

The trap here is that candidates often confuse the EC2 launch type (which still requires server management) with Fargate (which is serverless), or mistakenly think AWS Lambda can run Docker containers as a full microservice platform, ignoring its execution time and invocation model limitations.

How to eliminate wrong answers

Option A is wrong because Amazon ECS with the Amazon EC2 launch type requires the operations team to provision, patch, and manage the underlying EC2 instances, which contradicts the requirement to avoid server management. Option C is wrong because AWS Lambda is designed for event-driven, short-running functions (max 15-minute execution time) and is not suitable for running Docker containers as a general-purpose microservices platform; it also lacks native integration with Application Load Balancer for container-based traffic routing.

89
MCQmedium

Which AWS service provides a fully managed virtual desktop infrastructure (VDI) that allows users to access Windows or Linux desktops from any device?

A.Amazon AppStream 2.0
B.AWS Client VPN
C.Amazon WorkSpaces
D.Amazon EC2 with Remote Desktop Protocol
AnswerC

WorkSpaces provides fully managed persistent virtual desktops (Windows/Linux) as a service, accessible from any device, with AWS managing all underlying infrastructure.

Why this answer

Amazon WorkSpaces is a fully managed, secure virtual desktop infrastructure (VDI) service that provisions either Windows or Linux desktops. Users can access their persistent desktops from any supported device (e.g., PC, Mac, iPad, Chromebook) using the WorkSpaces client application or a web browser, without needing to manage the underlying EC2 instances or operating system.

Exam trap

The trap here is confusing Amazon WorkSpaces (full managed desktop VDI) with Amazon AppStream 2.0 (application streaming), as both involve streaming but serve fundamentally different use cases—one provides a complete desktop OS, the other only streams individual applications.

How to eliminate wrong answers

Option A is wrong because Amazon AppStream 2.0 is a fully managed non-persistent application streaming service that delivers individual applications to a user's browser or device, not a full virtual desktop with a persistent operating system environment. Option B is wrong because AWS Client VPN is a managed OpenVPN-based service that provides secure remote access to AWS or on-premises networks, not a virtual desktop infrastructure. Option D is wrong because Amazon EC2 with Remote Desktop Protocol (RDP) requires manual configuration, patching, and management of the EC2 instance, OS, and RDP settings, and is not a fully managed VDI service like WorkSpaces.

90
MCQmedium

A company plans to deploy a multi-tier web application on AWS. The architecture includes Amazon EC2 instances for the web and application tiers, an Application Load Balancer for traffic distribution, and an Amazon RDS database for the data tier. The company wants to automate the provisioning and configuration of all these AWS resources in a repeatable and predictable manner. The solution should allow the infrastructure definition to be stored in a version control system and be used to create identical environments for development, testing, and production with minimal manual effort. Which AWS service should the company use to define and manage the infrastructure as code?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerA

Correct. AWS CloudFormation lets you define your entire infrastructure as code in templates, enabling repeatable and version-controlled provisioning of resources like EC2, ALB, and RDS.

Why this answer

AWS CloudFormation is the correct service because it enables you to define your entire multi-tier infrastructure—EC2 instances, Application Load Balancer, and RDS database—as a declarative JSON or YAML template. This template can be stored in a version control system and used to provision identical environments across development, testing, and production with a single API call, ensuring repeatability and predictability.

Exam trap

The trap here is that candidates confuse AWS Elastic Beanstalk's ease-of-use with infrastructure-as-code, but Elastic Beanstalk manages the environment as a black box and does not allow you to version-control the individual resource definitions in a reusable template like CloudFormation does.

How to eliminate wrong answers

Option B is wrong because AWS Elastic Beanstalk is a Platform-as-a-Service (PaaS) that abstracts away the underlying infrastructure; it does not give you direct control over individual resources like EC2 or RDS in a version-controlled template, and it is designed for application deployment rather than granular infrastructure-as-code management. Option C is wrong because AWS OpsWorks is a configuration management service based on Chef and Puppet, which focuses on server configuration and automation of operating system tasks, not on defining and provisioning the full set of AWS resources (like the ALB and RDS) in a declarative, version-controlled template.

91
MCQmedium

A company is building a microservices application on AWS. The application consists of multiple independent services that need to communicate asynchronously. When an order is placed, the order service must send a notification to the inventory service, the shipping service, and the analytics service simultaneously. The company wants a fully managed, durable, and scalable messaging service that supports a fan-out pattern where a single message can be delivered to multiple subscribers. Which AWS service should the company use to meet these requirements?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.AWS Step Functions
AnswerB

Amazon SNS is a fully managed pub/sub messaging service that supports the fan-out pattern. It can send a single message to multiple subscribers, including other AWS services like Lambda, SQS, and HTTP/S endpoints, making it the ideal choice for this requirement.

Why this answer

Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that supports fan-out, where a single message published to a topic is delivered to multiple subscribers (e.g., SQS queues, Lambda functions, HTTP endpoints) simultaneously. It is durable (persists messages across AZs) and scales automatically to handle high throughput, making it ideal for the asynchronous notification requirements of the order, inventory, shipping, and analytics services.

Exam trap

The trap here is that candidates often confuse SQS (point-to-point queuing) with SNS (pub/sub fan-out), mistakenly thinking SQS can deliver to multiple consumers by using multiple queues, but SNS is the correct service for simultaneous, multi-subscriber delivery without polling.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a queue-based service designed for point-to-point message delivery between a single producer and a single consumer; it does not natively support fan-out to multiple subscribers. Option C is wrong because Amazon Kinesis Data Streams is a real-time streaming service optimized for ingesting and processing large volumes of data in order (e.g., log analytics), not for pub/sub fan-out messaging with simultaneous delivery to multiple independent services.

92
MCQmedium

A company needs to transfer petabytes of data from an on-premises data center to Amazon S3. The network connection is too slow for online transfer and the data must arrive within two weeks. Which AWS service is most appropriate?

A.AWS DataSync
B.AWS Direct Connect
C.AWS Snowball Edge
D.Amazon S3 Transfer Acceleration
AnswerC

Snowball Edge ships physical storage devices to the customer, data is loaded offline, and devices are returned to AWS for import — ideal for petabyte-scale migrations.

Why this answer

AWS Snowball Edge is the most appropriate service because it provides physical storage devices that can be shipped to the on-premises data center, allowing petabyte-scale data to be loaded locally and shipped back to AWS, bypassing slow network connections entirely. This meets the two-week deadline since network transfer would be infeasible at that scale over a slow link.

Exam trap

The trap here is that candidates often choose AWS DataSync or S3 Transfer Acceleration because they focus on 'fast transfer' without recognizing that physical shipment is the only viable method when the network is too slow for petabyte-scale data within a strict deadline.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is an online data transfer service that relies on network connectivity, making it unsuitable when the network is too slow for petabyte-scale transfers within two weeks. Option B is wrong because AWS Direct Connect establishes a dedicated network connection but still depends on the available bandwidth, which cannot overcome a fundamentally slow or congested link for such large data volumes. Option D is wrong because Amazon S3 Transfer Acceleration uses optimized network paths and edge locations but still requires an internet-based transfer, which would be too slow for petabytes of data over a constrained connection.

93
MCQmedium

A company uses AWS CloudFormation to define and manage its production infrastructure as code. The operations team wants to ensure that any proposed changes to the stack are reviewed and explicitly approved before being applied. Which AWS CloudFormation feature should the company use?

A.AWS CloudFormation StackSets
B.AWS CloudFormation Change Sets
C.AWS CloudFormation Drift Detection
D.AWS CloudFormation Stack Policies
AnswerB

Correct. Change Sets allow you to examine how proposed changes to a stack will impact your running resources before you decide to apply them, providing a mechanism for review and approval.

Why this answer

AWS CloudFormation Change Sets allow you to preview how proposed changes to a stack will impact your running resources before you apply them. This enables the operations team to review and explicitly approve changes, ensuring that modifications are not applied automatically without oversight.

Exam trap

The trap here is that candidates often confuse Change Sets with Stack Policies, thinking that policies can enforce approval workflows, but Stack Policies only restrict updates to specific resources, not provide a review-and-approve mechanism.

How to eliminate wrong answers

Option A is wrong because AWS CloudFormation StackSets are used to deploy stacks across multiple accounts and regions, not to review or approve changes to a single stack. Option C is wrong because AWS CloudFormation Drift Detection identifies whether a stack's actual resources have deviated from the template definition, but it does not control or approve proposed changes. Option D is wrong because AWS CloudFormation Stack Policies prevent updates to specific resources during a stack update, but they do not provide a mechanism to review and approve changes before they are applied.

94
MCQeasy

A startup's development team wants to deploy their Node.js web application to AWS without learning about load balancers, auto scaling, or EC2 configuration. They want to simply upload their application code and have AWS handle everything else. Which AWS service is designed for this use case?

A.Amazon EC2 Auto Scaling
B.AWS CloudFormation
C.Amazon ECS
D.AWS Elastic Beanstalk
AnswerD

Elastic Beanstalk is specifically designed for developers who want to deploy applications without managing infrastructure. Upload the code, and Elastic Beanstalk handles load balancing, auto scaling, and health monitoring automatically.

Why this answer

AWS Elastic Beanstalk is the correct service because it is a Platform as a Service (PaaS) offering that automatically handles capacity provisioning, load balancing, auto scaling, and application health monitoring. The development team can simply upload their Node.js application code, and Elastic Beanstalk deploys it on pre-configured EC2 instances without requiring any manual configuration of infrastructure components.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with Amazon ECS or EC2 Auto Scaling, mistakenly thinking that container orchestration or raw scaling services provide the same 'upload and go' abstraction, but only Elastic Beanstalk fully automates the entire deployment pipeline from code to running application without requiring infrastructure expertise.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling is a scaling service that automatically adjusts the number of EC2 instances based on demand, but it does not deploy application code or manage the underlying infrastructure; it requires manual setup of launch configurations and scaling policies. Option B is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service that provisions AWS resources using templates, but it does not automatically deploy or manage application code; it requires the team to define and manage all resources themselves. Option C is wrong because Amazon ECS is a container orchestration service that requires the team to create a cluster, define task definitions, and manage Docker containers; it does not abstract away EC2 configuration or load balancer setup for a simple code upload.

95
MCQeasy

A company needs to verify the identity of users who call into their contact center by comparing their voice against a stored voiceprint. Which AWS service provides speaker identification from voice data?

A.Amazon Transcribe
B.Amazon Rekognition
C.Amazon Connect Voice ID
D.Amazon Lex
AnswerC

Connect Voice ID uses ML to authenticate callers based on their unique voice characteristics, comparing against enrolled voiceprints in real-time during contact center calls.

Why this answer

Amazon Connect Voice ID is the correct AWS service for real-time speaker identification and verification using voice biometrics. It compares a caller's live voice against a stored voiceprint to authenticate their identity, specifically designed for contact center use cases within Amazon Connect.

Exam trap

The trap here is that candidates confuse Amazon Transcribe (speech-to-text) with speaker identification, or assume Amazon Rekognition can handle audio, when in fact Rekognition is strictly for visual media (images and video).

How to eliminate wrong answers

Option A is wrong because Amazon Transcribe is a speech-to-text service that converts audio to text, not a speaker identification service. Option B is wrong because Amazon Rekognition analyzes images and videos for faces, objects, and text, not voice data. Option D is wrong because Amazon Lex is a service for building conversational interfaces (chatbots and IVR) using natural language understanding, not for voice biometric verification.

96
MCQmedium

A data engineering team processes petabytes of raw log data using Apache Spark and Hadoop frameworks. They need a managed AWS service that provisions the cluster, installs the big data frameworks, and terminates the cluster after the job completes to minimise cost. Which service should they use?

A.Amazon Redshift
B.AWS Glue
C.Amazon EMR
D.Amazon Athena
AnswerC

EMR is AWS's managed big data service that provisions and configures Hadoop, Spark, Hive, and other frameworks. It supports transient clusters that terminate after job completion, minimising cost for batch processing workflows.

Why this answer

Amazon EMR is the correct choice because it is a managed big data platform that can provision Apache Spark and Hadoop clusters, install the required frameworks, and automatically terminate the cluster upon job completion using features like transient clusters and step-based lifecycle management. This minimizes cost by only paying for compute resources during active processing.

Exam trap

The trap here is that candidates confuse AWS Glue's use of Apache Spark with the ability to run custom Hadoop/Spark jobs on petabyte-scale data, but Glue is serverless and lacks the cluster management and framework installation capabilities required for this use case.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for SQL-based analytics and structured data, not for running Apache Spark or Hadoop jobs on raw log data. Option B is wrong because AWS Glue is a serverless ETL service that uses Apache Spark under the hood but does not provision or manage Hadoop clusters; it is designed for smaller-scale, event-driven data transformation, not for petabyte-scale raw log processing with custom Hadoop frameworks. Option D is wrong because Amazon Athena is a serverless interactive query service that runs SQL directly on data in S3, not a cluster-based big data framework for running Spark or Hadoop jobs.

97
MCQeasy

A company needs to implement DevOps practices and wants a fully managed service to store their application source code with version control. Which AWS service provides managed Git repositories?

A.AWS CodeBuild
B.AWS CodeCommit
C.AWS CodeDeploy
D.AWS CodeArtifact
AnswerB

CodeCommit provides managed, private Git repositories with IAM-based access control, encryption, and integration with the AWS developer tools ecosystem.

Why this answer

AWS CodeCommit is a fully managed source control service that hosts secure Git-based repositories. It eliminates the need to operate your own source control system by providing managed Git repositories that integrate with other AWS services, making it the correct choice for storing application source code with version control.

Exam trap

The trap here is that candidates often confuse AWS CodeCommit with AWS CodeBuild or CodeDeploy because all three are part of the AWS Developer Tools suite, but only CodeCommit provides managed Git repositories for version control.

How to eliminate wrong answers

Option A is wrong because AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages, not a Git repository hosting service. Option C is wrong because AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 and on-premises, and does not provide version-controlled source code storage. Option D is wrong because AWS CodeArtifact is a fully managed artifact repository service for storing and retrieving software packages (e.g., Maven, npm, PyPI), not Git repositories.

98
MCQmedium

A company wants to provide a virtual contact center for their customer service operations without managing any telephony infrastructure. Which AWS service enables this?

A.Amazon Chime SDK
B.Amazon Connect
C.Amazon Pinpoint
D.Amazon SES
AnswerB

Amazon Connect is a managed cloud contact center that provides telephony, IVR, agent interfaces, and analytics without infrastructure management.

Why this answer

Amazon Connect is a cloud-based contact center service that enables organizations to set up a virtual contact center without managing any underlying telephony infrastructure. It provides built-in telephony, IVR, and agent management, allowing customer service operations to scale on demand without the need for physical PBX or SIP trunking.

Exam trap

The trap here is that candidates may confuse Amazon Chime SDK (a communication API) with a full contact center service, but Amazon Connect is the only AWS service designed specifically for virtual contact centers with built-in telephony management.

How to eliminate wrong answers

Option A is wrong because Amazon Chime SDK is used for embedding real-time audio/video communication into custom applications, not for building a full contact center with telephony infrastructure management. Option C is wrong because Amazon Pinpoint is a marketing and engagement service for sending targeted push notifications, emails, and SMS campaigns, not a contact center solution. Option D is wrong because Amazon SES is a transactional email sending service, not a telephony-based contact center platform.

99
MCQeasy

A media company stores frequently accessed video thumbnails in Amazon S3. The thumbnails are read multiple times every day and must be highly available and durable. Which S3 storage class is most appropriate for this workload?

A.S3 One Zone-IA
B.S3 Glacier Flexible Retrieval
C.S3 Standard
D.S3 Standard-IA
AnswerC

S3 Standard is designed for frequently accessed data with high durability across three AZs and high availability. It provides immediate access with low latency — perfect for frequently read video thumbnails.

Why this answer

S3 Standard is the most appropriate storage class because it offers high durability (99.999999999%) and high availability (99.99%) with low-latency access, making it ideal for frequently accessed, critical data like video thumbnails that are read multiple times daily. It provides automatic replication across a minimum of three Availability Zones, ensuring both high availability and durability without retrieval fees or minimum storage duration penalties.

Exam trap

The trap here is that candidates often choose S3 Standard-IA thinking it saves costs for any infrequently accessed data, but they overlook the per-GB retrieval fee and minimum storage duration that make it more expensive than S3 Standard for data read multiple times daily.

How to eliminate wrong answers

Option A is wrong because S3 One Zone-IA stores data in a single Availability Zone, which does not provide the high availability required for this workload; if that AZ fails, the thumbnails become unavailable. Option B is wrong because S3 Glacier Flexible Retrieval is designed for long-term archival data with retrieval times ranging from minutes to hours, not for frequently accessed thumbnails that require immediate, low-latency access. Option D is wrong because S3 Standard-IA, while durable and cost-effective for infrequently accessed data, incurs a per-GB retrieval fee and a minimum 30-day storage charge, making it more expensive and less suitable for data read multiple times every day.

100
MCQeasy

Which AWS service enables you to run relational database workloads with up to 5x the throughput of standard MySQL and 3x the throughput of standard PostgreSQL at a lower price point than commercial databases?

A.Amazon RDS for MySQL
B.Amazon Aurora
C.Amazon Redshift
D.Amazon DynamoDB
AnswerB

Aurora's distributed storage architecture delivers 5x MySQL and 3x PostgreSQL throughput while maintaining full compatibility and offering lower cost than Oracle or SQL Server.

Why this answer

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, offering up to 5x the throughput of standard MySQL and 3x the throughput of standard PostgreSQL. It achieves this performance through a distributed, auto-healing storage subsystem that separates compute from storage, and it is priced lower than commercial databases like Oracle or SQL Server while providing high availability and durability.

Exam trap

The trap here is that candidates confuse Amazon RDS for MySQL with Amazon Aurora, assuming RDS offers the same performance enhancements, but Aurora is a separate engine with a fundamentally different distributed architecture that provides the stated throughput gains.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a managed service for standard MySQL, which does not provide the 5x throughput improvement over itself; Aurora is the enhanced version that delivers that performance boost. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse for analytical workloads, not a relational database for transactional workloads, and it does not offer MySQL or PostgreSQL compatibility or the stated throughput ratios. Option D is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, and it does not support MySQL or PostgreSQL compatibility or the specific throughput claims.

101
MCQmedium

A company wants to create RESTful APIs that serve as the front door to their backend Lambda functions and EC2 services. They need features including API key management, throttling to protect backends from overload, and usage plan enforcement. Which AWS service provides this?

A.Amazon CloudFront
B.AWS Direct Connect
C.Amazon API Gateway
D.Amazon Route 53
AnswerC

API Gateway is the AWS service for creating, publishing, and managing APIs. It handles API key management, throttling to protect backend services, usage plans, and integrates natively with Lambda and EC2.

Why this answer

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure RESTful APIs at any scale. It directly provides built-in API key management, throttling (rate limiting and burst limits), and usage plan enforcement to protect backend services like Lambda functions and EC2 instances from overload. These features are core to API Gateway's functionality, making it the correct choice for acting as the front door to the described backend resources.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's edge caching and origin shielding capabilities with API management features, mistakenly thinking CloudFront can handle API key validation and throttling, when in fact CloudFront lacks native API key management and usage plan enforcement.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and delivers static and dynamic content at the edge; it does not natively provide API key management, throttling, or usage plan enforcement for RESTful APIs. Option B is wrong because AWS Direct Connect is a dedicated network connection from an on-premises data center to AWS, used for private, low-latency connectivity, not for managing API access, throttling, or usage plans. Option D is wrong because Amazon Route 53 is a DNS (Domain Name System) web service that translates domain names to IP addresses; it does not offer API key management, throttling, or usage plan capabilities.

102
MCQmedium

Which AWS service provides a fully managed environment to run Apache Spark, Hadoop, and other big data frameworks for data processing and analytics?

A.Amazon Redshift
B.Amazon Athena
C.Amazon EMR
D.AWS Glue
AnswerC

EMR provides managed clusters running Spark, Hadoop, and other big data frameworks, handling all infrastructure setup while customers focus on data processing logic.

Why this answer

Amazon EMR (Elastic MapReduce) is the correct answer because it is a fully managed big data platform that natively supports Apache Spark, Hadoop, Hive, Presto, and other distributed processing frameworks. It automatically provisions EC2 instances, configures the cluster, and handles scaling, patching, and monitoring, allowing you to run large-scale data processing and analytics workloads without manual infrastructure management.

Exam trap

The trap here is that candidates often confuse AWS Glue (which uses Spark for ETL) with a general-purpose Spark/Hadoop platform, but Glue is a serverless ETL service with limited customization, whereas EMR provides full control over cluster configuration, libraries, and frameworks.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a fully managed petabyte-scale data warehouse optimized for SQL-based analytics using columnar storage, not a platform for running Apache Spark or Hadoop frameworks. Option B is wrong because Amazon Athena is a serverless interactive query service that uses Presto and standard SQL to analyze data directly in S3, not a managed environment for running Spark or Hadoop jobs. Option D is wrong because AWS Glue is a serverless data integration and ETL service that uses Apache Spark under the hood for job execution, but it is not designed as a general-purpose managed cluster for running arbitrary Hadoop or Spark applications; it focuses on schema discovery, cataloging, and ETL workflows.

103
MCQmedium

A company runs a web application where requests to /api/* should be routed to one group of EC2 instances and requests to /images/* should be routed to another group. Which AWS load balancer type supports this URL path-based routing?

A.Network Load Balancer (NLB)
B.Classic Load Balancer (CLB)
D.Application Load Balancer (ALB)
AnswerD

ALB operates at Layer 7 and supports rule-based routing based on URL path, host header, HTTP headers, and query strings. Routing /api/* to one target group and /images/* to another is a standard ALB path-based routing configuration.

Why this answer

The Application Load Balancer (ALB) operates at Layer 7 (HTTP/HTTPS) and supports content-based routing, including path-based routing rules that direct requests to different target groups based on URL paths such as /api/* and /images/*. This makes ALB the correct choice for the described use case.

Exam trap

The trap here is that candidates may confuse the Layer 4 capabilities of NLB with Layer 7 routing features, mistakenly thinking NLB can handle URL-based routing because it supports TLS termination, but NLB cannot inspect HTTP path patterns.

How to eliminate wrong answers

Option A is wrong because a Network Load Balancer (NLB) operates at Layer 4 (TCP/UDP/TLS) and cannot inspect HTTP URL paths for routing decisions. Option B is wrong because the Classic Load Balancer (CLB) is a legacy option that only supports simple round-robin or sticky session routing and does not support path-based routing rules. Option C is wrong because a Gateway Load Balancer (GWLB) is designed for transparent network gateway appliances (e.g., firewalls, intrusion detection) at Layer 3/4 and does not provide HTTP path-based routing.

104
MCQmedium

A company wants to implement a hub-and-spoke network architecture where multiple VPCs can communicate with a shared services VPC (containing DNS, monitoring, and security tools) but not with each other. Which AWS networking feature enables this?

A.VPC Peering with route table customization
B.AWS Transit Gateway with route tables
C.Internet Gateway with security groups
D.VPC Endpoints
AnswerB

Transit Gateway supports multiple route tables that control which VPCs can communicate with which. Spoke VPCs route only to the hub's route table, isolating them from each other while allowing shared services access.

Why this answer

AWS Transit Gateway with route tables is the correct choice because it acts as a central hub that connects multiple VPCs (spokes) to a shared services VPC, while using separate route tables to prevent inter-spoke communication. This allows the shared services VPC to be reachable from all other VPCs, but the route tables can be configured to not propagate routes between the spoke VPCs, enforcing the desired isolation.

Exam trap

The trap here is that candidates often confuse VPC Peering with Transit Gateway, assuming that route table customization in peering can achieve transitive routing, but VPC Peering does not support transitive routing (e.g., if VPC A is peered with VPC B and VPC B is peered with VPC C, VPC A cannot reach VPC C through VPC B).

How to eliminate wrong answers

Option A is wrong because VPC Peering with route table customization does not support transitive routing; each peering connection is a one-to-one relationship, so to connect multiple VPCs to a shared services VPC without them communicating with each other, you would need a full mesh of peering connections and complex route table entries, which is not scalable and does not natively prevent inter-spoke traffic without additional network appliances. Option C is wrong because an Internet Gateway is used for internet connectivity, not for private VPC-to-VPC communication; it cannot route traffic between VPCs. Option D is wrong because VPC Endpoints (Gateway or Interface endpoints) are used to privately connect VPCs to AWS services (like S3 or DynamoDB) or to services powered by AWS PrivateLink, not to route traffic between multiple VPCs.

105
MCQmedium

A startup wants to deploy their web application to AWS with minimal configuration. They want AWS to handle provisioning, load balancing, scaling, and health monitoring automatically. Which service is most appropriate?

A.Amazon EC2 with Auto Scaling
B.AWS Elastic Beanstalk
C.Amazon EKS
D.AWS CloudFormation
AnswerB

Elastic Beanstalk handles all infrastructure management automatically — developers provide the application code and Beanstalk provisions and manages the environment.

Why this answer

AWS Elastic Beanstalk is the correct choice because it is a Platform-as-a-Service (PaaS) offering that automatically handles provisioning, load balancing, auto scaling, and health monitoring with minimal configuration. The startup simply uploads their web application code, and Elastic Beanstalk manages the underlying infrastructure, including the EC2 instances, Elastic Load Balancer, and CloudWatch health checks, without requiring manual setup.

Exam trap

AWS often tests the distinction between managed services (PaaS) and infrastructure services (IaaS), and the trap here is that candidates confuse Amazon EC2 with Auto Scaling as a 'fully managed' solution when it actually requires significant manual configuration for load balancing and health monitoring.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Auto Scaling requires manual configuration of the Auto Scaling group, launch templates, load balancer, and health checks, which contradicts the 'minimal configuration' requirement. Option C is wrong because Amazon EKS is a managed Kubernetes service that demands significant setup and expertise to configure clusters, node groups, and networking, making it overkill for a simple web application deployment. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service that requires writing and maintaining templates to define resources, which is not a fully managed platform and does not automatically handle provisioning or scaling without explicit configuration.

106
MCQmedium

A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) in the us-east-1 Region. The application serves users worldwide, and the company wants to optimize both performance and availability for all users. The solution should use the AWS global network to route traffic from users to the nearest edge location and then over the AWS backbone to the ALB, without caching content at edge locations. Which AWS service should the company use?

A.AWS Global Accelerator
B.Amazon CloudFront
C.AWS Shield
D.Amazon Route 53 latency-based routing
AnswerA

AWS Global Accelerator uses Anycast IP addresses at AWS edge locations to receive user traffic and then routes it over the AWS global network to the application endpoint. This improves performance by reducing internet latency and provides fast failover between regions or endpoints. It does not cache content, making it suitable for dynamic applications.

Why this answer

AWS Global Accelerator uses the AWS global network to route user traffic to the nearest edge location via Anycast IP addresses, then forwards it over the AWS backbone directly to the Application Load Balancer (ALB) in us-east-1. This optimizes performance by reducing latency and jitter, and improves availability by providing static IP addresses and health-check-based traffic shifting, without caching any content at edge locations.

Exam trap

The trap here is that candidates often confuse Global Accelerator with CloudFront because both use edge locations, but the key differentiator is that CloudFront caches content at the edge, while Global Accelerator does not cache and instead optimizes network path routing for dynamic content or non-HTTP traffic.

How to eliminate wrong answers

Option B (Amazon CloudFront) is wrong because CloudFront is a content delivery network (CDN) that caches content at edge locations to reduce origin load, but the question explicitly states 'without caching content at edge locations,' making it unsuitable. Option C (AWS Shield) is wrong because AWS Shield is a managed DDoS protection service that safeguards applications from attacks, but it does not route traffic over the AWS global network or optimize performance and availability for global users.

107
MCQeasy

Which AWS service provides a serverless, fully managed Apache Spark processing engine for big data analytics without managing clusters?

A.Amazon EMR on EC2
B.Amazon Redshift
C.AWS Glue (serverless Apache Spark ETL)
D.Amazon Kinesis Data Analytics
AnswerC

AWS Glue provides a serverless Apache Spark environment for ETL processing — no cluster provisioning or management, automatic scaling, and pay-per-DPU-second pricing.

Why this answer

AWS Glue provides a fully managed, serverless Apache Spark environment for ETL (extract, transform, load) workloads. It automatically provisions, configures, and scales the Spark cluster behind the scenes, so you don't need to manage any infrastructure. This makes it the correct choice for a serverless Apache Spark processing engine for big data analytics.

Exam trap

The trap here is that candidates often confuse Amazon EMR (which can run Spark but requires cluster management) with a fully serverless Spark offering, or they mistakenly think Amazon Kinesis Data Analytics supports Apache Spark when it actually supports Apache Flink and SQL for stream processing.

How to eliminate wrong answers

Option A is wrong because Amazon EMR on EC2 requires you to manage EC2 instances and clusters, even though it can run Apache Spark; it is not serverless. Option B is wrong because Amazon Redshift is a fully managed data warehouse that uses its own SQL-based engine, not Apache Spark, and it is not designed as a serverless Spark processing engine. Option D is wrong because Amazon Kinesis Data Analytics is a serverless service for real-time stream processing using Apache Flink or SQL, not Apache Spark.

108
MCQeasy

Which AWS service allows you to build, train, and deploy machine learning models at scale?

A.Amazon Rekognition
B.Amazon Comprehend
C.Amazon SageMaker
D.AWS DeepLens
AnswerC

SageMaker provides a complete ML platform for building, training, and deploying custom ML models at scale.

Why this answer

Amazon SageMaker is the correct answer because it is a fully managed service that provides every component needed for the machine learning lifecycle, including building, training, and deploying models at scale. It offers integrated Jupyter notebooks for development, built-in algorithms, automatic model tuning, and one-click deployment to a production endpoint with auto-scaling. This makes it the single AWS service designed specifically for end-to-end ML workflows, unlike the other options which serve narrower AI/ML functions.

Exam trap

The trap here is that candidates confuse purpose-built AI services (like Rekognition or Comprehend) with the full ML platform (SageMaker), assuming any service with 'AI' in its name can handle custom model training and deployment.

How to eliminate wrong answers

Option A is wrong because Amazon Rekognition is a pre-trained AI service for image and video analysis (e.g., object detection, facial recognition) and does not allow you to build, train, or deploy custom machine learning models. Option B is wrong because Amazon Comprehend is a natural language processing (NLP) service that uses pre-trained models to extract insights from text (e.g., sentiment, entities) and cannot be used to train or deploy your own ML models. Option D is wrong because AWS DeepLens is a hardware device (a deep learning-enabled video camera) that runs pre-trained models locally for edge inference, not a service for building, training, or deploying models at scale in the cloud.

109
MCQmedium

A company's data scientists want a managed environment for collaborative Jupyter notebooks connected to their AWS data sources and compute without managing infrastructure. Which AWS service provides this?

A.AWS Cloud9
B.Amazon SageMaker Studio
C.Amazon EMR Studio
D.AWS Lambda with Jupyter
AnswerB

SageMaker Studio is the unified ML IDE providing managed Jupyter notebooks with auto-scaling compute, direct AWS service integration, and collaboration features for data science teams.

Why this answer

Amazon SageMaker Studio is a fully managed, web-based visual interface for data scientists to build, train, debug, deploy, and monitor machine learning models. It provides collaborative Jupyter notebooks that can connect directly to AWS data sources (e.g., S3, Athena, Redshift) and compute resources (e.g., SageMaker training instances, endpoints) without requiring any infrastructure management by the user.

Exam trap

The trap here is that candidates may confuse Amazon SageMaker Studio with AWS Cloud9 or Amazon EMR Studio, because all three offer web-based development environments, but only SageMaker Studio is specifically designed for collaborative Jupyter notebooks with integrated ML compute and data source connectivity without infrastructure management.

How to eliminate wrong answers

Option A is wrong because AWS Cloud9 is a cloud-based integrated development environment (IDE) for writing, running, and debugging code, but it is not purpose-built for collaborative Jupyter notebooks with integrated ML workflows and does not natively connect to SageMaker compute or data sources. Option C is wrong because Amazon EMR Studio is a web-based IDE for big data analytics using Apache Spark, Hive, and other open-source frameworks, but it is not designed for Jupyter notebooks in a managed ML environment and focuses on EMR clusters rather than SageMaker. Option D is wrong because AWS Lambda with Jupyter is not a managed service; Lambda is a serverless compute service for running code in response to events, and it does not provide a collaborative notebook interface or persistent compute for interactive data science work.

110
MCQmedium

A company is migrating a legacy on-premises application to AWS. The application requires a shared file system that can be mounted by multiple Amazon EC2 instances concurrently. The EC2 instances run Amazon Linux and are deployed across multiple Availability Zones for high availability. The file system must grow and shrink automatically as files are added or removed, and the company wants to avoid provisioning storage capacity in advance. Which AWS service should the company use to meet these requirements?

A.Amazon S3
B.Amazon EBS
C.Amazon EFS
D.Amazon FSx for Windows File Server
AnswerC

Amazon EFS provides a fully managed, scalable NFS file system that can be mounted by multiple EC2 instances across different Availability Zones. It automatically scales storage capacity on demand and charges only for the storage used, meeting all the stated requirements.

Why this answer

Amazon EFS (Elastic File System) is a fully managed NFS file system that can be mounted concurrently by multiple EC2 instances across different Availability Zones. It automatically scales storage capacity up and down as files are added or removed, eliminating the need to provision storage in advance. EFS supports the NFSv4.1 and NFSv4.0 protocols, making it ideal for shared file workloads on Amazon Linux.

Exam trap

The trap here is that candidates often confuse Amazon EBS with a shared file system, overlooking that EBS volumes are single-instance attachments (except for the limited multi-attach feature) and require upfront capacity provisioning, whereas EFS is designed specifically for shared, elastic file storage across multiple instances and AZs.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service, not a file system; it cannot be mounted as a shared file system via NFS or provide POSIX-compliant file locking required for concurrent EC2 mounts. Option B is wrong because Amazon EBS provides block-level storage volumes that can only be attached to a single EC2 instance at a time (except for multi-attach EBS, which is limited to specific instance types and a single Availability Zone), and it requires manual provisioning of capacity in advance, not automatic scaling.

111
MCQmedium

A company uses AWS and wants to make their application fault tolerant against the failure of an entire AWS Region. Which approach achieves Region-level fault tolerance?

A.Deploy resources across multiple Availability Zones within a single Region
B.Deploy the application in multiple AWS Regions with Route 53 failover routing
C.Use Reserved Instances in a single Region for guaranteed capacity
D.Enable S3 versioning in a single Region
AnswerB

Multi-Region deployment with Route 53 health-check-based failover routing enables automatic traffic redirection to a healthy Region if the primary Region becomes unavailable.

Why this answer

Option B is correct because deploying the application in multiple AWS Regions and using Route 53 failover routing ensures that if an entire Region becomes unavailable, traffic is automatically redirected to a healthy Region. This is the only approach that provides fault tolerance against a complete Region failure, as Availability Zones within a single Region cannot protect against a Region-wide outage.

Exam trap

The trap here is that candidates often confuse high availability within a Region (using multiple Availability Zones) with disaster recovery across Regions, and incorrectly assume that deploying across Availability Zones alone provides Region-level fault tolerance.

How to eliminate wrong answers

Option A is wrong because deploying across multiple Availability Zones within a single Region protects against the failure of a single data center, but not against the failure of an entire Region, as all Availability Zones in a Region share the same physical infrastructure and can be impacted by a Region-wide event. Option C is wrong because Reserved Instances provide a billing discount and capacity reservation in a single Region, but do not offer any fault tolerance or redundancy against Region failure. Option D is wrong because enabling S3 versioning in a single Region protects against accidental deletion or overwrite of objects, but does not provide any protection against a Region-wide outage, as all data remains in that single Region.

112
MCQmedium

A web application queries a relational database for a product catalogue that changes infrequently but is requested thousands of times per second. Database query latency is becoming a bottleneck. Which AWS service can the company use to cache frequently accessed query results in memory and reduce database load?

A.Amazon RDS Read Replica
B.Amazon S3
C.Amazon ElastiCache
D.Amazon DynamoDB
AnswerC

ElastiCache provides fully managed in-memory caching with Redis or Memcached. Caching the product catalogue in ElastiCache means most requests never reach the database, dramatically reducing latency and database load.

Why this answer

Amazon ElastiCache is the correct choice because it provides an in-memory caching layer (using Redis or Memcached) that can store frequently accessed query results, reducing the need to repeatedly query the relational database. This dramatically lowers latency for high-throughput read workloads (thousands of requests per second) and offloads database pressure, directly addressing the bottleneck described.

Exam trap

The trap here is that candidates often confuse a read replica (Option A) with a caching solution, not realizing that a read replica still executes SQL queries against a relational engine and does not provide the in-memory speed needed for thousands of requests per second.

How to eliminate wrong answers

Option A is wrong because Amazon RDS Read Replica is a read-only copy of the database that still requires querying a relational engine, which does not eliminate the latency of disk-based I/O and cannot match the sub-millisecond response times of an in-memory cache. Option B is wrong because Amazon S3 is an object store designed for blob data (images, backups, logs) and does not support low-latency, high-QPS query caching for relational database results; its request rates are limited and latency is higher than in-memory solutions. Option D is wrong because Amazon DynamoDB is a NoSQL key-value and document database that, while fast, is a separate database service and not a caching layer for an existing relational database; using it would require redesigning the data model and does not cache existing query results.

113
MCQmedium

A media company produces video content and stores all videos in Amazon S3. New videos are accessed frequently for the first 30 days after release. After that, access drops significantly, but the company must retain all videos for 5 years for archival purposes. The company wants to minimize storage costs without compromising retrieval speed for the frequently accessed period. Which S3 storage class strategy should the company implement?

A.Store all videos in S3 Standard for the entire 5-year retention period.
B.Store all videos in S3 Glacier Deep Archive immediately upon upload.
C.Store newly uploaded videos in S3 Standard, then use an S3 Lifecycle policy to transition them to S3 Glacier Deep Archive after 30 days.
D.Store newly uploaded videos in S3 One Zone-IA, then transition to S3 Glacier Flexible Retrieval after 30 days.
AnswerC

S3 Standard provides low-latency access for the first 30 days. An S3 Lifecycle policy automatically moves data to S3 Glacier Deep Archive after that period, minimizing long-term storage costs while meeting the archival retention requirement.

Why this answer

Option C is correct because it uses S3 Standard for the first 30 days to ensure low-latency retrieval for frequently accessed content, then an S3 Lifecycle policy automatically transitions objects to S3 Glacier Deep Archive, which offers the lowest storage cost for long-term archival data. This balances cost and performance by matching the storage class to the access pattern, and the lifecycle transition is seamless with no manual intervention required.

Exam trap

The trap here is that candidates may confuse S3 Glacier Flexible Retrieval with S3 Glacier Deep Archive, or assume that S3 One Zone-IA is suitable for archival data, but the question explicitly requires 5-year retention and minimal cost, making Deep Archive the correct archival tier.

How to eliminate wrong answers

Option A is wrong because storing all videos in S3 Standard for the full 5 years incurs unnecessary high storage costs for data that is rarely accessed after 30 days, violating the cost-minimization goal. Option B is wrong because S3 Glacier Deep Archive has retrieval times of 12–48 hours, which would not meet the requirement of fast retrieval for the first 30 days when videos are accessed frequently. Option D is wrong because S3 One Zone-IA does not provide the same durability as Standard (it stores data in a single Availability Zone) and is not designed for archival retention; additionally, S3 Glacier Flexible Retrieval has retrieval times of minutes to hours, which is not the lowest-cost archival option, and the company needs 5-year retention, making Glacier Deep Archive more cost-effective.

114
MCQmedium

A company needs a managed service to forecast product demand using machine learning, helping them optimize inventory levels without building a custom ML model. Which AWS AI service provides ready-to-use time-series forecasting?

A.Amazon SageMaker
B.Amazon Forecast
C.Amazon Comprehend
D.Amazon Rekognition
AnswerB

Amazon Forecast delivers managed time-series forecasting — customers provide historical data and Forecast trains models using the same technology that powers Amazon.com's demand forecasting.

Why this answer

Amazon Forecast is a fully managed service that uses machine learning to deliver highly accurate time-series forecasts based on historical data, without requiring any custom model building. It is specifically designed for use cases like product demand forecasting, inventory planning, and resource allocation, making it the correct choice for this scenario.

Exam trap

The trap here is that candidates may confuse Amazon SageMaker as a general-purpose ML service that can do forecasting, overlooking that Amazon Forecast is the purpose-built, fully managed service for time-series forecasting without custom model development.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a platform for building, training, and deploying custom machine learning models, not a ready-to-use forecasting service; it requires significant ML expertise and custom development. Option C is wrong because Amazon Comprehend is a natural language processing (NLP) service for extracting insights from text, such as sentiment or entities, and has no capability for time-series forecasting. Option D is wrong because Amazon Rekognition is a computer vision service for analyzing images and videos, such as facial recognition or object detection, and cannot perform time-series forecasting.

115
MCQmedium

A company is building a data lake on AWS. Which AWS service provides a serverless interactive query service that allows analysts to query data stored in Amazon S3 using standard SQL?

A.Amazon Redshift
B.Amazon Athena
C.Amazon EMR
D.AWS Glue
AnswerB

Athena provides serverless SQL queries directly on S3 data with no infrastructure management — pay per query based on data scanned, with results available in seconds to minutes.

Why this answer

Amazon Athena is a serverless interactive query service that enables analysts to query data stored in Amazon S3 using standard SQL. It requires no infrastructure management, as Athena automatically scales and executes queries directly against data in S3, making it the ideal choice for ad-hoc analysis on a data lake.

Exam trap

The trap here is that candidates confuse AWS Glue (an ETL service) with Athena (a query service), or assume Amazon Redshift is serverless because of its recent serverless option, but the question explicitly requires a serverless interactive query service for S3 data using standard SQL, which only Athena fulfills.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a fully managed data warehouse that requires provisioning and managing clusters, not a serverless query service; it is designed for structured data and complex analytics, not for directly querying raw data in S3 without loading. Option C is wrong because Amazon EMR is a managed big data platform that uses frameworks like Apache Spark, Hive, or Presto, requiring cluster provisioning and management, and is not serverless nor purely SQL-based without additional configuration. Option D is wrong because AWS Glue is a serverless data integration and ETL service that prepares and transforms data, but it does not provide an interactive SQL query engine; its Glue Data Catalog can be used by Athena, but Glue itself is not the query service.

116
MCQeasy

A company needs a service to translate domain names (like www.example.com) into IP addresses, check the health of their web servers, and automatically redirect traffic to a healthy backup server if the primary server fails. Which AWS service provides all of these capabilities?

A.Amazon VPC
B.Amazon CloudFront
C.Amazon Route 53
D.AWS Direct Connect
AnswerC

Route 53 is AWS's DNS service. It translates domain names to IP addresses, performs health checks on endpoints, and supports failover routing policies that redirect traffic to a healthy resource when the primary fails.

Why this answer

Amazon Route 53 is a DNS web service that translates domain names to IP addresses. It also offers health checks that monitor the availability of web servers and can automatically route traffic away from unhealthy endpoints to healthy ones using DNS failover routing policies.

Exam trap

The trap here is that candidates may confuse CloudFront's edge caching and origin failover (which only works for specific HTTP errors) with Route 53's DNS-level health checks and failover, which operate at the network layer and can redirect traffic before it even reaches the web server.

How to eliminate wrong answers

Option A is wrong because Amazon VPC is a virtual private cloud service for launching AWS resources in a logically isolated network; it does not provide DNS resolution, health checks, or traffic failover. Option B is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and delivers content at edge locations; while it can use DNS, it does not natively perform health checks or automatic failover routing between origin servers. Option D is wrong because AWS Direct Connect is a dedicated network connection from on-premises to AWS; it does not offer DNS resolution, health monitoring, or traffic rerouting capabilities.

117
MCQmedium

A company needs to ensure their containerized applications pass security scans for known vulnerabilities before being deployed to production. Which AWS service scans container images for CVEs?

A.Amazon GuardDuty
B.Amazon Inspector
C.AWS Security Hub
D.Amazon Macie
AnswerB

Inspector continuously scans ECR container images for software vulnerabilities, generating prioritized findings with remediation guidance when CVEs are detected.

Why this answer

Amazon Inspector is the correct service because it is designed to automatically scan container images stored in Amazon Elastic Container Registry (ECR) for software vulnerabilities, including Common Vulnerabilities and Exposures (CVEs). It continuously monitors the images at rest and during deployment, providing a detailed findings report that helps you remediate security issues before the container reaches production.

Exam trap

The trap here is that candidates often confuse Amazon Inspector (which scans for CVEs in container images and EC2 instances) with Amazon GuardDuty (which detects threats but does not perform vulnerability scanning), leading them to select GuardDuty because of its security monitoring name.

How to eliminate wrong answers

Option A is wrong because Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior using VPC Flow Logs, DNS logs, and CloudTrail events, not for scanning container images for CVEs. Option C is wrong because AWS Security Hub is a centralized security posture management service that aggregates findings from multiple AWS services (including Inspector) and performs compliance checks, but it does not itself scan container images for vulnerabilities. Option D is wrong because Amazon Macie is a data security service that uses machine learning to discover, classify, and protect sensitive data (like PII) in S3 buckets, not for scanning container images for CVEs.

118
MCQmedium

A company hosts its primary web application on Amazon EC2 instances in the us-east-1 AWS Region. To meet disaster recovery requirements, the company has launched an identical set of EC2 instances in the eu-west-1 Region. The company wants to direct all user traffic to the us-east-1 endpoints under normal conditions. If us-east-1 becomes unhealthy due to a regional outage, traffic must be automatically redirected to the eu-west-1 endpoints. The company uses Amazon Route 53 as its DNS service. Which Route 53 routing policy should the company use to meet these requirements?

A.Geolocation routing
B.Latency routing
C.Failover routing
D.Weighted routing
AnswerC

Failover routing is specifically designed for active-passive failover. You configure a primary and a secondary record. Route 53 uses health checks to monitor the primary endpoint; if it fails, traffic is automatically directed to the secondary endpoint. This exactly meets the company's requirement for normal traffic to us-east-1 with automatic redirection to eu-west-1 during a failure.

Why this answer

Failover routing is the correct choice because it allows you to configure an active-passive setup where Route 53 health checks monitor the primary endpoint (us-east-1). If the health check fails, Route 53 automatically routes traffic to the secondary (eu-west-1) endpoint, meeting the disaster recovery requirement.

Exam trap

The trap here is that candidates confuse failover routing with latency routing, assuming latency-based routing will automatically redirect traffic during an outage, but latency routing does not consider endpoint health and will not fail over.

How to eliminate wrong answers

Option A is wrong because geolocation routing directs traffic based on the geographic location of the user, not on the health of the endpoint; it cannot automatically fail over to another region during an outage. Option B is wrong because latency routing directs traffic to the endpoint with the lowest latency for the user, but it does not provide automatic failover based on endpoint health; it would continue sending traffic to an unhealthy endpoint if it still has low latency.

119
MCQmedium

A company needs to send transactional emails such as order confirmations and password resets at scale. Which AWS service should they use?

A.Amazon SNS
B.Amazon SQS
C.Amazon SES
D.Amazon Pinpoint
AnswerC

SES is AWS's managed email sending service designed for transactional and bulk emails.

Why this answer

Amazon SES (Simple Email Service) is specifically designed for sending high-volume transactional and marketing emails, such as order confirmations and password resets. It provides reliable delivery with built-in feedback loops, bounce handling, and dedicated IP management, making it the correct choice for this use case.

Exam trap

The trap here is that candidates confuse Amazon SNS's email notification capability with a full transactional email service, overlooking that SNS lacks the dedicated sending infrastructure, bounce handling, and reputation management that SES provides for high-volume email delivery.

How to eliminate wrong answers

Option A is wrong because Amazon SNS (Simple Notification Service) is a pub/sub messaging service for sending notifications via SMS, email, or HTTP endpoints, but it is not optimized for high-volume transactional email delivery with dedicated sending infrastructure and bounce/complaint handling. Option B is wrong because Amazon SQS (Simple Queue Service) is a message queuing service for decoupling application components, not for sending emails. Option D is wrong because Amazon Pinpoint is a customer engagement service focused on targeted marketing campaigns, analytics, and multi-channel messaging (SMS, push, email), but it is overkill and not the primary service for straightforward transactional email sending at scale.

120
MCQmedium

A company wants to automatically detect anomalies in their application metrics, such as unusual spikes in error rates, without manually setting thresholds. Which AWS service provides ML-powered anomaly detection for CloudWatch metrics?

A.Amazon GuardDuty
B.Amazon DevOps Guru
C.Amazon CloudWatch Anomaly Detection
D.AWS X-Ray
AnswerC

CloudWatch Anomaly Detection uses ML to model normal metric behavior based on historical data, automatically detecting deviations without requiring manually set thresholds.

Why this answer

Amazon CloudWatch Anomaly Detection applies machine learning algorithms to analyze historical CloudWatch metric data and establish a baseline of expected values. It then continuously evaluates new data points against this baseline to automatically detect anomalies, such as unusual spikes in error rates, without requiring manual threshold configuration. This makes it the correct choice for the described use case.

Exam trap

The trap here is that candidates may confuse Amazon DevOps Guru's ML-powered anomaly detection for operational issues with CloudWatch Anomaly Detection, but DevOps Guru works at a higher level across multiple AWS services and does not directly provide anomaly detection on individual CloudWatch metrics.

How to eliminate wrong answers

Option A is wrong because Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior in AWS accounts and workloads using VPC Flow Logs, DNS logs, and CloudTrail events, not application metrics. Option B is wrong because Amazon DevOps Guru is an ML-powered service for detecting operational issues and anomalies in application performance and resource utilization, but it analyzes operational data from multiple AWS services (e.g., Amazon RDS, Amazon DynamoDB) and provides insights via a separate console, not directly on CloudWatch metrics. Option D is wrong because AWS X-Ray is a distributed tracing service that helps analyze and debug application requests as they travel through microservices, focusing on request latency and errors, not on anomaly detection in CloudWatch metrics.

121
MCQmedium

A company needs to generate a pre-signed URL to allow a business partner to download a specific S3 object for 24 hours without requiring AWS credentials. Which S3 feature enables this?

A.S3 Bucket Policy with IP-based restrictions
B.S3 Access Points
C.S3 Pre-signed URLs
D.S3 Bucket public-read ACL
AnswerC

Pre-signed URLs embed the generator's credentials and expiration time — the recipient accesses the specific object without needing AWS credentials, and access expires automatically.

Why this answer

Pre-signed URLs grant temporary access to a specific S3 object by embedding credentials in a URL signed with the bucket owner's AWS signature. The URL is valid for a specified duration (up to 7 days, here 24 hours) and allows the partner to download the object without having AWS credentials. This is the only S3 feature that provides time-limited, object-specific access without requiring the partner to authenticate with AWS.

Exam trap

The trap here is that candidates confuse pre-signed URLs with bucket policies or ACLs, thinking those can also grant temporary access, but they lack the time-limited, credential-free delegation that pre-signed URLs uniquely provide.

How to eliminate wrong answers

Option A is wrong because a bucket policy with IP-based restrictions controls access based on source IP addresses, not time-limited access, and still requires the request to be authenticated (e.g., via IAM credentials) unless combined with other settings. Option B is wrong because S3 Access Points simplify managing data access for large datasets but do not generate temporary URLs; they enforce policies at the access point level but still require AWS credentials or a pre-signed URL for anonymous access. Option D is wrong because a bucket public-read ACL makes the object publicly readable for everyone, indefinitely, without any time restriction or the ability to limit access to a specific partner.

122
MCQmedium

A company has a global user base that uploads images to an Amazon S3 bucket in the us-east-1 Region. Users report slow upload speeds and frequent timeouts when uploading large files from distant locations. The company wants to use the AWS global network and edge locations to accelerate uploads to the S3 bucket. The solution must require minimal infrastructure changes on the client side and must be configured at the bucket level. Which AWS feature should the company enable?

A.Amazon S3 Transfer Acceleration
B.Amazon CloudFront with an origin access identity
C.AWS Global Accelerator using a custom routing accelerator
D.Amazon S3 cross-region replication
AnswerA

Correct. S3 Transfer Acceleration uses AWS edge locations to accelerate uploads over the AWS global network. It is configured at the bucket level and requires only a simple URL change on the client side.

Why this answer

Amazon S3 Transfer Acceleration (A) uses AWS edge locations to route uploads over the AWS global network, reducing latency and timeouts for large files from distant locations. It is enabled at the bucket level and requires only a simple client-side change (using the accelerated endpoint instead of the standard S3 endpoint), meeting the requirement for minimal client-side modifications.

Exam trap

The trap here is confusing CloudFront's edge caching for downloads with S3 Transfer Acceleration's edge-based upload optimization, leading candidates to select CloudFront even though it does not accelerate client-to-S3 uploads.

How to eliminate wrong answers

Option B (CloudFront with an origin access identity) is wrong because CloudFront is a content delivery network (CDN) optimized for caching and delivering static content to end users, not for accelerating uploads to an S3 bucket; it does not improve upload speeds from clients. Option C (AWS Global Accelerator using a custom routing accelerator) is wrong because Global Accelerator improves traffic flow for TCP/UDP applications via edge locations but is designed for application endpoints like ALB or NLB, not for S3 bucket-level upload acceleration, and it requires client-side configuration changes that violate the minimal infrastructure change requirement.

123
MCQmedium

A company runs a web application that allows users to upload images. After each upload, the application must perform several background processing tasks (e.g., resizing, generating thumbnails) that take up to 30 seconds each. Users should receive an immediate response and the processing should continue asynchronously. The company wants a solution that scales automatically with the number of uploads and requires no server management. Which AWS service should the company use to run these background processing tasks?

A.AWS Lambda
B.Amazon EC2 with Auto Scaling
C.Amazon ECS with AWS Fargate
D.AWS Batch
AnswerA

Correct. AWS Lambda is a serverless compute service that runs code in response to events like an S3 upload. It scales automatically, requires no server management, and supports execution times up to 15 minutes, easily covering the 30-second tasks.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that executes code in response to events, such as an image upload to Amazon S3. It scales automatically with the number of uploads, requires no server management, and can run background tasks like resizing and thumbnail generation within its 15-minute maximum execution time, easily accommodating the 30-second processing requirement. Users receive an immediate response because the upload triggers Lambda asynchronously, decoupling the frontend from the processing.

Exam trap

The trap here is that candidates may choose Amazon ECS with AWS Fargate because they think containerization is required for complex processing, but Lambda is simpler, cheaper, and more appropriate for short-lived, event-driven tasks that fit within its execution limits.

How to eliminate wrong answers

Option B (Amazon EC2 with Auto Scaling) is wrong because it requires manual server management, including patching, scaling policies, and capacity planning, which contradicts the 'no server management' requirement; it also incurs costs even when idle. Option C (Amazon ECS with AWS Fargate) is wrong because while Fargate is serverless for containers, it introduces unnecessary complexity for simple background tasks that do not require container orchestration, and it has a higher cold start latency compared to Lambda for short-lived, event-driven workloads.

124
MCQmedium

A company runs an e-commerce web application on Amazon EC2 instances. During flash sales, the backend order processing service becomes overloaded and drops requests, causing customer failures. The company needs a durable, scalable, and fully managed service to buffer incoming order requests and decouple the web tier from the backend processing tier. Orders must be stored reliably and processed in the order they were received. Which AWS service should the company use?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerB

Amazon SQS is a fully managed message queuing service that decouples application components. It can durably store messages until they are processed, and FIFO queues guarantee exactly-once processing and strict message ordering. This matches all stated requirements.

Why this answer

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that decouples application components. It provides durable, scalable storage for incoming order requests and supports FIFO (First-In-First-Out) queues to guarantee that messages are processed exactly once and in the order they were sent, meeting the requirement for ordered processing.

Exam trap

The trap here is that candidates often confuse Amazon Kinesis Data Streams with a message queue, but Kinesis is optimized for real-time analytics and stream processing, not for durable, ordered, exactly-once message buffering required for decoupling web and backend tiers.

How to eliminate wrong answers

Option A is wrong because Amazon Simple Notification Service (SNS) is a pub/sub messaging service that pushes messages to subscribers, not a durable buffer; it does not guarantee order preservation or provide a queue for decoupling. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large data volumes with shard-level ordering, not for reliable, ordered message buffering with exactly-once processing; it requires more operational overhead and does not natively support FIFO semantics. Option D is wrong because Amazon MQ is a managed message broker for Apache ActiveMQ and RabbitMQ, which can provide ordering but is not fully serverless and requires provisioning and managing broker instances, making it less scalable and more complex than SQS for this use case.

125
MCQeasy

Which AWS service provides a fully managed NoSQL database with single-digit millisecond latency at any scale?

A.Amazon RDS
B.Amazon ElastiCache
C.Amazon Redshift
D.Amazon DynamoDB
AnswerD

DynamoDB is AWS's fully managed NoSQL database with single-digit millisecond latency at any scale.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers consistent single-digit millisecond latency at any scale. It achieves this through its distributed architecture, automatic partitioning, and SSD-backed storage, making it ideal for high-traffic applications like gaming, ad tech, and IoT.

Exam trap

The trap here is that candidates confuse Amazon ElastiCache's low-latency caching with a fully managed NoSQL database, but ElastiCache lacks persistent storage and native query capabilities, making DynamoDB the correct choice for a durable, scalable NoSQL database.

How to eliminate wrong answers

Option A is wrong because Amazon RDS is a relational database service (SQL-based) that does not provide a NoSQL data model and can experience higher latency under heavy load due to its traditional ACID constraints. Option B is wrong because Amazon ElastiCache is an in-memory caching service (Redis/Memcached) that is not a fully managed NoSQL database; it is used for caching to reduce latency but does not offer persistent, durable storage with query capabilities. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical SQL queries on structured data, not a NoSQL database, and its latency is measured in seconds for complex aggregations, not single-digit milliseconds for point lookups.

126
MCQmedium

A company wants to store frequently changing configuration data and feature flags that their applications need to read at runtime without hard-coding values. Which AWS service provides secure, centralized configuration storage with version history?

A.Amazon S3
B.AWS Systems Manager Parameter Store
C.Amazon DynamoDB
D.AWS CloudFormation
AnswerB

Parameter Store provides centralized, versioned storage for configuration data and secrets with IAM-based access control, KMS encryption for secure strings, and a hierarchical namespace.

Why this answer

AWS Systems Manager Parameter Store is the correct choice because it provides a secure, centralized service for storing configuration data and feature flags, with built-in version history for each parameter. It allows applications to read configuration values at runtime via the AWS SDK or CLI without hard-coding, and supports encryption using AWS KMS for sensitive data.

Exam trap

The trap here is that candidates often confuse Amazon S3's object versioning with configuration version history, but S3 lacks the centralized parameter management, secure runtime access patterns, and integration with AWS KMS that Parameter Store provides for frequently changing configuration data.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service for files and static assets, not designed for storing frequently changing configuration data with version history in a parameter-style access pattern; while S3 has versioning, it lacks the hierarchical parameter structure and secure runtime retrieval features of Parameter Store. Option C is wrong because Amazon DynamoDB is a NoSQL database for high-performance, scalable application data, not a configuration store; it requires custom code for versioning and lacks native parameter management features like tiers, policies, and secure parameter references. Option D is wrong because AWS CloudFormation is an Infrastructure as Code (IaC) service for provisioning AWS resources, not a runtime configuration store; it does not provide a mechanism for applications to read configuration values at runtime without redeploying stacks.

127
MCQmedium

A company wants to use Amazon S3 as their data lake but needs a way to track, search, and govern all datasets across multiple S3 buckets. Which AWS service provides centralized data catalog management?

A.Amazon Macie
B.AWS Glue Data Catalog
C.Amazon S3 Inventory
D.AWS Lake Formation
AnswerB

Glue Data Catalog is the centralized metadata store for S3-based data lakes — Crawlers discover schemas automatically, and the catalog integrates with Athena, Redshift, and EMR.

Why this answer

AWS Glue Data Catalog is a fully managed, centralized metadata repository that stores table definitions, schema information, and partition details for datasets across multiple S3 buckets. It integrates with AWS Glue ETL, Amazon Athena, and Amazon Redshift Spectrum to provide a unified view for tracking, searching, and governing data lake assets, making it the correct choice for centralized data catalog management.

Exam trap

The trap here is that candidates confuse AWS Lake Formation with the Glue Data Catalog because Lake Formation provides a visual interface for managing data lakes and uses the catalog under the hood, but the question specifically asks for the service that provides centralized data catalog management, which is the Glue Data Catalog itself.

How to eliminate wrong answers

Option A (Amazon Macie) is wrong because it is a data security and privacy service that uses machine learning to discover and protect sensitive data (e.g., PII) in S3, not a metadata catalog for tracking and governing datasets. Option C (Amazon S3 Inventory) is wrong because it generates flat-file reports of object metadata (e.g., size, last modified date) for a single bucket, not a searchable, centralized catalog across multiple buckets. Option D (AWS Lake Formation) is wrong because it is a service for building, securing, and managing data lakes, and while it uses the Glue Data Catalog internally for metadata, it is not itself the centralized catalog; its primary function is data lake setup and fine-grained access control, not standalone catalog management.

128
MCQmedium

A company is developing a mobile application that requires a database to store user session data and preferences. The data is accessed very frequently with low-latency requirements, and the access patterns are unpredictable – the application experiences sudden spikes in read and write traffic. The company wants a fully managed database service that automatically scales to handle the workload, requires no patching or server administration, and charges based on the throughput consumed rather than on provisioned capacity. Which AWS service meets these requirements?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon EBS
AnswerB

Amazon DynamoDB is a fully managed NoSQL database that provides single-digit millisecond performance at any scale. It supports on-demand capacity mode, which automatically scales to accommodate traffic spikes and charges per request, eliminating the need for provisioning. It is ideal for session storage, gaming, and real-time applications.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale. It supports on-demand capacity mode, which automatically scales to handle unpredictable traffic spikes and charges based on the actual reads and writes consumed, not on pre-provisioned throughput. This eliminates the need for patching, server administration, or capacity planning, matching all the stated requirements exactly.

Exam trap

The trap here is that candidates often confuse 'fully managed' with 'serverless' and pick Amazon RDS for MySQL because it is also fully managed, but they overlook the specific requirement for throughput-based pricing and automatic scaling for unpredictable spikes, which only DynamoDB's on-demand mode provides.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database that requires provisioning and managing compute and storage capacity, does not automatically scale for sudden spikes without manual intervention or Auto Scaling setup, and charges based on provisioned instances rather than throughput consumed. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for complex analytical queries on large datasets, not for low-latency, high-frequency read/write access patterns typical of user session data and preferences.

129
MCQmedium

A company wants to provision and manage SSL/TLS certificates for their AWS resources without paying for certificates or manually handling renewals. Which AWS service provides this?

A.AWS KMS
B.AWS Certificate Manager (ACM)
C.AWS CloudHSM
D.AWS IAM
AnswerB

ACM provides free SSL/TLS certificates for AWS services with automatic renewal — no certificate purchase, no manual renewal, no CSR submissions required.

Why this answer

AWS Certificate Manager (ACM) provisions, manages, and deploys public and private SSL/TLS certificates for use with AWS services (e.g., Elastic Load Balancing, CloudFront, API Gateway) at no additional cost. ACM automatically handles certificate renewals, eliminating the need for manual intervention.

Exam trap

The trap here is that candidates may confuse AWS KMS or CloudHSM as certificate management services because they deal with encryption, but they do not provision or renew SSL/TLS certificates.

How to eliminate wrong answers

Option A is wrong because AWS KMS is a key management service for creating and controlling encryption keys, not for managing SSL/TLS certificates. Option C is wrong because AWS CloudHSM provides dedicated hardware security modules for cryptographic key storage and operations, but it does not provision or manage SSL/TLS certificates. Option D is wrong because AWS IAM manages users, groups, roles, and permissions, and while it can store server certificates for use with Elastic Load Balancing, it does not automate certificate provisioning or renewal.

130
MCQmedium

A company is migrating its on-premises infrastructure to AWS. The operations team needs a managed service that allows them to define their entire cloud environment—including VPCs, subnets, EC2 instances, and RDS databases—as a reusable template stored in version control. The service must automatically handle resource dependencies, such as creating the database before launching the application servers, and ensure that the infrastructure is provisioned consistently across multiple environments (e.g., development, staging, production). Which AWS service should the company use to meet these requirements?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerA

AWS CloudFormation allows you to define your entire infrastructure as code in a template. It automatically manages resource dependencies, handles creation and updates in the correct order, and provides consistent provisioning across environments. This matches the requirement for a managed infrastructure-as-code service.

Why this answer

AWS CloudFormation is the correct choice because it provides Infrastructure as Code (IaC) capabilities, allowing you to define your entire cloud environment—including VPCs, subnets, EC2 instances, and RDS databases—in a reusable JSON or YAML template stored in version control. It automatically manages resource dependencies using the DependsOn attribute and intrinsic functions like Ref and Fn::GetAtt, ensuring resources are created in the correct order (e.g., database before application servers). CloudFormation also supports consistent provisioning across multiple environments by using parameters, mappings, and stacksets, making it ideal for the operations team's requirements.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with Infrastructure as Code because it automates resource provisioning, but Elastic Beanstalk is a managed PaaS that does not give you full control over defining every resource (like VPCs and subnets) in a reusable template, whereas CloudFormation provides that granular, declarative control.

How to eliminate wrong answers

Option B (AWS Elastic Beanstalk) is wrong because it is a Platform as a Service (PaaS) that abstracts away the underlying infrastructure, automatically provisioning resources like EC2 and RDS, but it does not allow you to define the entire cloud environment as a reusable template stored in version control; it focuses on application deployment and scaling, not granular infrastructure definition. Option C (AWS OpsWorks) is wrong because it is a configuration management service that uses Chef or Puppet to manage server configurations and deployments, but it does not provide a declarative template for defining all cloud resources like VPCs and subnets, and it does not inherently handle resource dependencies across multiple environments in the same way as CloudFormation. Option D (AWS CodeDeploy) is wrong because it is a deployment service that automates code deployments to EC2 instances, Lambda functions, or on-premises servers, but it does not define or provision infrastructure resources like VPCs, subnets, or RDS databases; it only handles the application deployment phase.

131
MCQeasy

Which AWS service provides a fully managed NoSQL database designed for single-digit millisecond performance at any scale?

A.Amazon RDS
B.Amazon Redshift
C.Amazon DynamoDB
D.Amazon ElastiCache
AnswerC

DynamoDB is AWS's serverless, fully managed NoSQL database with guaranteed single-digit millisecond latency.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers consistent single-digit millisecond latency at any scale. It achieves this through its distributed architecture, automatic partitioning, and SSD-backed storage, making it ideal for high-traffic web applications, gaming, and IoT workloads.

Exam trap

The trap here is that candidates often confuse Amazon ElastiCache (an in-memory cache) with a NoSQL database, but ElastiCache is not a persistent database and lacks the durability and querying capabilities of DynamoDB.

How to eliminate wrong answers

Option A is wrong because Amazon RDS is a relational database service that supports SQL-based engines like MySQL and PostgreSQL, not a NoSQL database, and it does not guarantee single-digit millisecond performance at any scale. Option B is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries using SQL, not a NoSQL database designed for low-latency transactional workloads. Option D is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis and Memcached) that provides microsecond latency, but it is not a fully managed NoSQL database; it is primarily used for caching and session storage, not as a persistent database.

132
MCQmedium

A company wants to improve the resilience of their Amazon RDS database by ensuring that read traffic is distributed across multiple copies of the database and that a replica can be promoted if the primary fails. Which RDS feature enables this?

A.RDS Multi-AZ deployment
B.RDS Read Replicas
C.RDS Automated Backups
D.RDS Performance Insights
AnswerB

Read Replicas create asynchronous read-only copies that serve read traffic (improving performance) and can be manually promoted to standalone databases if the primary fails.

Why this answer

Amazon RDS Read Replicas allow you to create one or more copies of your database instance that serve read traffic, offloading read queries from the primary DB instance. In the event of a primary failure, a Read Replica can be manually promoted to a standalone primary instance, providing resilience and continuity for read-heavy workloads. This directly matches the requirement to distribute read traffic and enable replica promotion.

Exam trap

The trap here is that candidates confuse Multi-AZ with Read Replicas, assuming Multi-AZ also distributes read traffic, but Multi-AZ's standby is passive and only used for automatic failover, not for serving reads or manual promotion.

How to eliminate wrong answers

Option A is wrong because RDS Multi-AZ deployment provides high availability by automatically failing over to a standby replica in a different Availability Zone, but that standby does not serve read traffic and cannot be promoted manually—it is only used for automatic failover. Option C is wrong because RDS Automated Backups are point-in-time recovery snapshots and transaction logs, not live copies that can serve read traffic or be promoted. Option D is wrong because RDS Performance Insights is a monitoring and diagnostic feature for database performance, not a replication or failover mechanism.

133
MCQeasy

Which AWS service is used to send emails, SMS messages, and push notifications to subscribers in a publish/subscribe pattern?

A.Amazon SES
B.Amazon Pinpoint
C.Amazon SNS
D.Amazon SQS
AnswerC

SNS enables publish/subscribe messaging with delivery to email, SMS, push notifications, HTTP endpoints, SQS, and Lambda.

Why this answer

Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables you to send messages to a large number of subscribers via multiple protocols, including email (JSON/plain text), SMS (text messages), and push notifications to mobile devices. It decouples message producers from consumers by using topics, where each topic can have multiple subscriber endpoints that receive messages asynchronously.

Exam trap

The trap here is that candidates confuse Amazon Pinpoint's ability to send SMS and push notifications with the pub/sub pattern, but Pinpoint is a campaign and analytics tool, not a general-purpose pub/sub messaging service like SNS.

How to eliminate wrong answers

Option A is wrong because Amazon SES (Simple Email Service) is designed specifically for sending transactional and marketing emails, not for SMS or push notifications, and it does not implement a publish/subscribe pattern—it uses a sender-recipient model. Option B is wrong because Amazon Pinpoint is a customer engagement service focused on targeted marketing campaigns, analytics, and audience segmentation, not a general-purpose pub/sub messaging service; while it can send SMS and push notifications, its primary architecture is campaign-driven rather than topic-based pub/sub. Option D is wrong because Amazon SQS (Simple Queue Service) is a message queue service that uses a pull-based polling model for decoupling components, not a push-based publish/subscribe pattern, and it does not natively support sending to email or SMS endpoints.

134
MCQmedium

A company runs database servers in private subnets with no direct internet access for security. However, these servers need to download OS updates from the internet. Which VPC component allows the private instances to make outbound internet connections while remaining unreachable from the internet?

A.Internet Gateway
D.VPC Endpoint
AnswerB

A NAT Gateway placed in a public subnet translates private instance IP addresses for outbound internet traffic. Return traffic is allowed back through the NAT, but no inbound connections initiated from the internet can reach the private instances.

Why this answer

A NAT Gateway enables instances in a private subnet to initiate outbound IPv4 traffic to the internet (e.g., for OS updates) while preventing the internet from initiating inbound connections to those instances. It resides in a public subnet with an Elastic IP and uses Source Network Address Translation (SNAT) to replace the private source IP with the gateway's public IP, making the response traffic routable back without exposing the private instances.

Exam trap

The trap here is that candidates confuse a NAT Gateway with an Internet Gateway, assuming both provide internet access, but the key differentiator is that a NAT Gateway only allows outbound-initiated traffic and blocks unsolicited inbound connections, which is exactly what the question requires.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway allows bidirectional traffic; attaching it to a private subnet would make instances directly reachable from the internet, violating the security requirement. Option C is wrong because a VPN Gateway establishes encrypted tunnels to on-premises networks, not to the public internet; it does not provide outbound internet access for OS updates. Option D is wrong because a VPC Endpoint provides private connectivity to AWS services (e.g., S3, DynamoDB) via the AWS network, not to general internet destinations like OS update servers.

135
MCQmedium

A company runs a web application on Amazon EC2 instances that accepts user uploads. The uploads need to be processed by a backend service that performs virus scanning and thumbnail generation. The backend processing can take up to 30 seconds per upload. Users should not experience delays when submitting their files. The company wants to decouple the web tier from the processing tier so that the web application can immediately return a response to the user while the processing happens asynchronously. The solution must be fully managed, durable, and scale automatically with demand. Which AWS service should the company use?

A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Queue Service (Amazon SQS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerB

Amazon SQS is a fully managed message queuing service that allows you to decouple application components. The web application can send a message to a queue immediately after user upload, and the backend service can poll and process messages asynchronously. SQS stores messages durably and scales automatically, making it ideal for this use case.

Why this answer

Amazon SQS is the correct choice because it provides a fully managed, durable, and scalable message queue that decouples the web tier from the processing tier. When a user uploads a file, the web application can immediately return a response after sending a message to an SQS queue, while the backend service polls the queue and processes the upload asynchronously, handling the up-to-30-second processing time without blocking the user.

Exam trap

The trap here is that candidates often confuse SNS with SQS because both are messaging services, but SNS is push-based and not designed for decoupled asynchronous processing where the consumer needs to pull messages at its own pace.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes messages to subscribers, but it does not provide durable message storage or allow a backend service to pull messages at its own pace; messages are lost if the subscriber is unavailable, and it lacks the decoupling and asynchronous processing capabilities required. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large volumes of data (e.g., clickstreams, logs) and requires a consumer to process records in order, which adds complexity and cost for simple decoupling of upload processing; it is not optimized for individual job messages with variable processing times. Option D is wrong because Amazon MQ is a managed message broker for applications that use standard protocols like AMQP, MQTT, or STOMP, but it is not serverless and requires provisioning and scaling of broker instances, making it less fully managed and less automatically scalable than SQS for this use case.

136
MCQmedium

A company runs a critical web application on Amazon EC2 instances in the us-east-1 Region, with a secondary standby deployment in us-west-2 for disaster recovery. The application requires that user traffic be directed to the nearest healthy endpoint, automatically failover to the secondary region if the primary region becomes unavailable, and the company needs two static IP addresses that remain fixed regardless of infrastructure changes. The application uses TCP and UDP protocols. Which AWS service should the company use to meet these requirements?

A.Amazon Route 53
B.AWS Global Accelerator
C.Amazon CloudFront
D.Elastic Load Balancing
AnswerB

AWS Global Accelerator uses the AWS global network to direct traffic to the optimal regional endpoint based on health, latency, and geography. It provides two static anycast IP addresses that remain fixed, and supports TCP and UDP. It automatically performs health checks and failover between endpoints across Regions, meeting all stated requirements.

Why this answer

AWS Global Accelerator is the correct choice because it provides two static anycast IP addresses that remain fixed regardless of infrastructure changes, directs traffic to the nearest healthy endpoint using the AWS global network, and supports automatic failover between regions for both TCP and UDP traffic. It also integrates with Network Load Balancers, Application Load Balancers, or EC2 instances to route traffic to the closest healthy endpoint, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse DNS-based routing (Route 53) with anycast IP-based routing (Global Accelerator), assuming that DNS can provide static IPs and instant failover, but DNS caching and TTL delays make it unsuitable for the requirement of fixed IPs and rapid failover for both TCP and UDP traffic.

How to eliminate wrong answers

Option A is wrong because Amazon Route 53 is a DNS-based routing service that does not provide static IP addresses; it relies on DNS resolution which can be cached and does not offer fixed IPs, and it does not natively support UDP traffic for health checks or failover at the transport layer. Option C is wrong because Amazon CloudFront is a content delivery network (CDN) optimized for HTTP/HTTPS traffic and does not support UDP protocols; it also does not provide static IP addresses as it uses a dynamic set of edge locations. Option D is wrong because Elastic Load Balancing (ELB) operates within a single region and does not provide cross-region failover or static IP addresses (unless using a Network Load Balancer with Elastic IPs, but that still lacks global anycast and multi-region failover capabilities).

137
MCQmedium

A company runs a fleet of 100 EC2 instances and needs to remotely execute commands, apply patches, and collect inventory data across all instances without opening SSH ports. Which AWS service enables this?

A.AWS CloudShell
B.AWS Systems Manager
C.Amazon EC2 Instance Connect
D.AWS Config
AnswerB

Systems Manager enables fleet management including Run Command (remote script execution), Patch Manager, Inventory collection, and Session Manager (SSH-free interactive access) without requiring open inbound ports.

Why this answer

AWS Systems Manager is the correct service because it provides a unified interface to remotely execute commands, apply patches, and collect inventory data across EC2 instances without requiring SSH access. It uses the Systems Manager Agent (SSM Agent) installed on the instances and communicates over HTTPS (port 443), eliminating the need to open inbound SSH ports (port 22). This aligns directly with the requirement to manage a fleet of 100 instances securely and at scale.

Exam trap

The trap here is that candidates often confuse Amazon EC2 Instance Connect (which still requires SSH port 22 to be open) with a solution that avoids opening ports entirely, or they mistakenly think AWS CloudShell can directly manage EC2 instances, when it is only a shell for the AWS CLI.

How to eliminate wrong answers

Option A is wrong because AWS CloudShell is a browser-based shell environment for running AWS CLI commands, not a service for remotely executing commands or managing patches on EC2 instances. Option C is wrong because Amazon EC2 Instance Connect allows SSH access to instances via a one-time key push but still requires the SSH port (22) to be open in the security group, which violates the 'without opening SSH ports' constraint. Option D is wrong because AWS Config is a service for evaluating and auditing resource configurations against rules, not for executing commands, applying patches, or collecting inventory data on running instances.

138
MCQeasy

A company wants to use machine learning to automatically identify objects, scenes, and activities in images uploaded by users. Which AWS service should they use?

A.Amazon Textract
B.Amazon SageMaker
C.Amazon Rekognition
D.Amazon Comprehend
AnswerC

Rekognition provides pre-trained ML models for image and video analysis including object detection, facial analysis, and scene recognition via simple API calls.

Why this answer

Amazon Rekognition is the correct service because it is specifically designed to analyze images and videos to identify objects, scenes, activities, faces, and text. It provides pre-trained machine learning models that can automatically detect these elements without requiring custom model training, making it ideal for the use case described.

Exam trap

The trap here is that candidates often confuse Amazon Rekognition with Amazon Textract or Amazon Comprehend, mistakenly thinking text extraction or NLP can handle visual analysis, when in fact Rekognition is the only service purpose-built for image and video content recognition.

How to eliminate wrong answers

Option A is wrong because Amazon Textract is a service for extracting text, handwriting, and data from scanned documents, not for identifying objects, scenes, or activities in images. Option B is wrong because Amazon SageMaker is a fully managed machine learning platform for building, training, and deploying custom models, which is overkill and not the pre-built solution needed for this specific task. Option D is wrong because Amazon Comprehend is a natural language processing (NLP) service used to extract insights from text, such as sentiment or entities, not for analyzing visual content.

139
MCQmedium

A company ingests sensor data from IoT devices into an Amazon S3 bucket. The data is accessed frequently for the first 30 days, but after that, it is rarely queried. The company’s compliance policy requires all data to be retained for 7 years. The company wants to minimize storage costs by automatically moving data to more cost-effective storage classes as it ages, without any manual intervention. Which Amazon S3 feature should the company configure to meet these requirements?

A.S3 Lifecycle policy
B.S3 Object Lock
C.S3 Replication
D.S3 Transfer Acceleration
AnswerA

Correct. An S3 Lifecycle policy can automatically transition objects to cheaper storage classes (e.g., from S3 Standard to S3 Glacier Deep Archive) based on the object's age, meeting the cost-optimization and compliance requirements without manual intervention.

Why this answer

An S3 Lifecycle policy automates the transition of objects between storage classes based on age. By configuring a lifecycle rule to move objects to S3 Standard-IA or S3 One Zone-IA after 30 days, and then to S3 Glacier Deep Archive after a longer period, the company can meet the 7-year retention requirement while minimizing costs without manual intervention.

Exam trap

The trap here is that candidates may confuse S3 Object Lock (which only enforces retention, not cost-efficient transitions) with lifecycle policies, or think S3 Replication can change storage classes, but replication only copies objects and does not alter the source's storage class over time.

How to eliminate wrong answers

Option B (S3 Object Lock) is wrong because it prevents objects from being deleted or overwritten for a fixed retention period, but it does not automate transitions between storage classes to reduce costs. Option C (S3 Replication) is wrong because it asynchronously copies objects to another bucket for redundancy or compliance, but it does not change the storage class of the source objects over time. Option D (S3 Transfer Acceleration) is wrong because it speeds up uploads over long distances using AWS edge locations, but it has no effect on storage class transitions or cost optimization for aged data.

140
MCQmedium

Which AWS service provides a managed message broker for Apache ActiveMQ and RabbitMQ to help migrate existing messaging systems to the cloud?

A.Amazon SQS
B.Amazon SNS
C.Amazon MQ
D.Amazon Kinesis
AnswerC

Amazon MQ is the managed broker service for ActiveMQ and RabbitMQ with standard protocol support.

Why this answer

Amazon MQ is a managed message broker service that natively supports Apache ActiveMQ and RabbitMQ, making it the ideal choice for migrating existing messaging systems that rely on these protocols to the cloud without rewriting application code. It handles the provisioning, patching, and high availability of the broker infrastructure, allowing you to use standard JMS, AMQP, MQTT, and STOMP protocols.

Exam trap

The trap here is that candidates often confuse Amazon MQ with Amazon SQS or SNS because all three handle messaging, but only Amazon MQ provides managed brokers for ActiveMQ and RabbitMQ, which is specifically tested in migration scenarios.

How to eliminate wrong answers

Option A is wrong because Amazon SQS is a fully managed, pull-based queue service that uses a proprietary API and does not support ActiveMQ or RabbitMQ protocols, so it would require application code changes to migrate. Option B is wrong because Amazon SNS is a pub/sub notification service that uses HTTP/S, email, SMS, and Lambda triggers, not a message broker for ActiveMQ or RabbitMQ. Option D is wrong because Amazon Kinesis is a real-time data streaming service for ingesting and processing large data streams, not a message broker compatible with ActiveMQ or RabbitMQ.

141
MCQmedium

Which AWS service enables no-code integration between SaaS applications (like Salesforce, ServiceNow, Zendesk) and AWS services for automated data flows?

A.AWS DataSync
B.Amazon AppFlow
C.AWS Glue
D.Amazon EventBridge
AnswerB

AppFlow provides no-code SaaS-to-AWS data integration with pre-built connectors for dozens of SaaS providers, data transformation, and scheduling — no custom integration code required.

Why this answer

Amazon AppFlow is the correct service because it is specifically designed for no-code integration between SaaS applications (such as Salesforce, ServiceNow, and Zendesk) and AWS services, enabling automated data flows without writing any code. It supports bi-directional data transfer, transformation, and filtering, making it ideal for syncing customer records or support tickets directly into Amazon S3 or Redshift.

Exam trap

The trap here is that candidates often confuse Amazon EventBridge's event routing capability with the actual data integration and transformation features of AppFlow, assuming EventBridge can directly pull data from SaaS apps without custom code.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS (e.g., NFS/SMB to S3/EFS), not for integrating SaaS applications. Option C is wrong because AWS Glue is a serverless ETL service that requires writing or generating code (e.g., PySpark or Scala) for data preparation and cataloging, not a no-code SaaS integration tool. Option D is wrong because Amazon EventBridge is an event bus service for routing events between AWS services and custom applications, but it does not provide built-in connectors for SaaS applications like Salesforce or ServiceNow for automated data flows without custom code.

142
MCQmedium

A company runs a monolithic order processing application on a single Amazon EC2 instance. During peak hours, the instance receives a sudden burst of orders that exceeds its processing capacity. Orders are dropped and customers do not receive confirmations. The company needs a solution that buffers incoming orders, stores them durably, and allows the application to process them at a manageable pace. The solution must be fully managed and ensure that no orders are lost. Which AWS service should the company use to meet these requirements?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Firehose
D.Amazon ElastiCache
AnswerA

SQS is a fully managed message queue that reliably stores messages until consumers retrieve them. It decouples the order submission from processing, buffering bursts and preventing loss.

Why this answer

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that decouples application components. It durably stores incoming orders in a queue, allowing the EC2 instance to poll and process them at its own pace, preventing order loss during traffic bursts. SQS guarantees at-least-once delivery and provides a buffer that absorbs spikes in demand.

Exam trap

The trap here is that candidates confuse SNS (push-based) with SQS (pull-based), assuming any notification or messaging service can buffer orders, but only SQS provides the durable, decoupled queue needed for the application to process at its own pace.

How to eliminate wrong answers

Option B (Amazon SNS) is wrong because it is a pub/sub messaging service that pushes messages to subscribers; it does not buffer messages or allow the application to pull them at a manageable pace, and messages are lost if the subscriber is unavailable. Option C (Amazon Kinesis Data Firehose) is wrong because it is designed for streaming data ingestion into data stores like S3 or Redshift, not for decoupling a single application's processing; it does not provide a queue for the application to pull from at its own pace. Option D (Amazon ElastiCache) is wrong because it is an in-memory caching service that does not provide durable message storage or guaranteed message delivery; it is not designed for buffering and decoupling workloads.

143
MCQmedium

A company wants to automate the deployment of its infrastructure across multiple AWS environments (development, staging, production). The operations team needs to define all AWS resources (such as Amazon EC2 instances, security groups, and load balancers) in a declarative JSON or YAML template. They want to version control these templates, quickly replicate the entire infrastructure in a new region, and ensure that each deployment is consistent and repeatable. Which AWS service should the company use to achieve this?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodePipeline
AnswerA

CloudFormation is the correct service because it provides Infrastructure as Code using declarative JSON or YAML templates to define and provision AWS resources consistently across environments. Templates can be version-controlled, and stacks can be replicated in different regions.

Why this answer

AWS CloudFormation is the correct choice because it allows you to define all AWS resources (EC2 instances, security groups, load balancers) in a declarative JSON or YAML template. These templates can be version-controlled, enabling you to replicate the entire infrastructure in a new region by simply reusing the same template, ensuring consistent and repeatable deployments across environments.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (which also uses templates but is application-focused) with CloudFormation, or they think AWS CodePipeline can define infrastructure directly, but CodePipeline only orchestrates pipelines and relies on other services like CloudFormation for provisioning.

How to eliminate wrong answers

Option B (AWS Elastic Beanstalk) is wrong because it is a Platform-as-a-Service (PaaS) that abstracts infrastructure management and is not designed for declarative infrastructure-as-code templates; it focuses on deploying applications, not defining raw AWS resources in JSON/YAML. Option C (AWS OpsWorks) is wrong because it uses Chef or Puppet for configuration management, not declarative JSON/YAML templates, and is more suited for managing server configurations rather than provisioning infrastructure resources. Option D (AWS CodePipeline) is wrong because it is a continuous integration and continuous delivery (CI/CD) service that orchestrates build, test, and deploy phases, but it does not itself define infrastructure resources in a declarative template; it can integrate with CloudFormation but is not the service for defining resources.

144
MCQmedium

A company wants to accelerate their machine learning workflows by using pre-trained foundation models for tasks like text generation and image creation without training models from scratch. Which AWS service provides access to pre-trained foundation models via API?

A.Amazon SageMaker
B.Amazon Rekognition
C.Amazon Bedrock
D.AWS DeepComposer
AnswerC

Amazon Bedrock provides serverless API access to foundation models from Amazon, Anthropic, Meta, Stability AI, and others — enabling generative AI applications without managing model training or inference infrastructure.

Why this answer

Amazon Bedrock is a fully managed service that provides access to pre-trained foundation models (FMs) from leading AI providers like AI21 Labs, Anthropic, Cohere, Meta, Stability AI, and Amazon via a single API. It enables you to build generative AI applications for tasks such as text generation and image creation without managing underlying infrastructure or training models from scratch.

Exam trap

The trap here is that candidates often confuse Amazon SageMaker (a full ML lifecycle service) with Bedrock (a managed FM API service), or mistakenly think Amazon Rekognition or AWS DeepComposer provide general-purpose generative AI capabilities, when in fact they are specialized for narrow use cases.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a machine learning platform for building, training, and deploying custom models, not a service that provides direct API access to pre-trained foundation models. Option B is wrong because Amazon Rekognition is a specialized service for image and video analysis (e.g., object detection, facial recognition) and does not offer generative foundation models for text generation or image creation. Option D is wrong because AWS DeepComposer is a service for creating music using generative AI, specifically for composing melodies, and is not a general-purpose API for accessing pre-trained foundation models for text or image generation.

145
MCQmedium

A company manages a fleet of hundreds of Amazon EC2 instances running across multiple AWS Regions. The company's security policy requires that all instances be patched with the latest security updates within 7 days of release. The operations team currently logs in to each instance manually to apply patches, which is time-consuming and error-prone. The team wants to automate the patching process, track compliance across all instances, and receive reports on patch status. The solution must not require any changes to the existing application code or the use of additional third-party software. Which AWS service should the operations team use to meet these requirements?

A.AWS Config
B.AWS Systems Manager
C.Amazon Inspector
D.AWS Trusted Advisor
AnswerB

AWS Systems Manager includes Patch Manager, which automates the process of patching managed instances with security updates and provides compliance reporting across the fleet.

Why this answer

AWS Systems Manager is the correct choice because it provides Patch Manager, a native capability that automates the patching of EC2 instances across multiple Regions without requiring any changes to application code or third-party software. It also integrates with Systems Manager Compliance to track patch status and generate reports, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse AWS Config (which tracks configuration changes) with Systems Manager (which can both track and remediate), leading them to choose Config for compliance reporting while overlooking the patching automation requirement.

How to eliminate wrong answers

Option A is wrong because AWS Config is a configuration auditing and compliance service that records resource changes and evaluates rules, but it cannot apply patches or automate the patching process itself. Option C is wrong because Amazon Inspector is a vulnerability assessment service that scans for software vulnerabilities and unintended network exposure, but it does not patch instances or manage patch compliance reporting. Option D is wrong because AWS Trusted Advisor is an advisory service that inspects your AWS environment and makes recommendations for cost optimization, performance, security, and fault tolerance, but it cannot automate patching or track patch compliance across instances.

146
MCQmedium

A retail company wants to implement a recommendation engine based on customer purchase history. Which AWS service is designed to provide ML-based personalized recommendations with no ML experience required?

A.Amazon SageMaker
B.Amazon Personalize
C.Amazon Comprehend
D.Amazon Rekognition
AnswerB

Personalize delivers real-time personalized recommendations without requiring ML expertise, using the same algorithms as Amazon.com.

Why this answer

Amazon Personalize is a fully managed AWS service that enables developers to build applications with real-time personalized recommendations without requiring any prior machine learning experience. It uses the same technology that powers Amazon.com's recommendation engine, processing customer purchase history to deliver tailored product suggestions.

Exam trap

The trap here is that candidates often confuse Amazon SageMaker as the go-to ML service for any ML task, overlooking that Amazon Personalize is specifically designed for recommendation use cases with minimal ML expertise required.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a comprehensive ML service that requires users to build, train, and deploy their own models, demanding significant ML expertise and coding, not a no-experience-required solution. Option C is wrong because Amazon Comprehend is a natural language processing (NLP) service for extracting insights from text (e.g., sentiment, entities), not for generating personalized recommendations from purchase history. Option D is wrong because Amazon Rekognition is a computer vision service for analyzing images and videos (e.g., object detection, facial recognition), not for building recommendation engines.

147
MCQeasy

Which AWS service is used to distribute incoming application traffic across multiple EC2 instances to improve availability and fault tolerance?

A.Amazon Route 53
B.Amazon CloudFront
C.Elastic Load Balancing
D.AWS Auto Scaling
AnswerC

ELB distributes incoming traffic across multiple EC2 instances to improve availability and fault tolerance.

Why this answer

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple Amazon EC2 instances in one or more Availability Zones. By doing so, it increases the fault tolerance of your application because if one instance fails, the load balancer routes traffic to the remaining healthy instances, ensuring high availability. ELB supports multiple types (Application, Network, and Gateway Load Balancers) to handle different traffic patterns and protocols.

Exam trap

The trap here is that candidates often confuse Amazon Route 53's DNS routing policies (like weighted or latency-based routing) with actual load balancing, but Route 53 only resolves DNS queries and does not manage traffic distribution to EC2 instances at the application or network layer.

How to eliminate wrong answers

Option A is wrong because Amazon Route 53 is a DNS web service that translates domain names to IP addresses and routes end users to internet applications, but it does not distribute traffic across EC2 instances for load balancing. Option B is wrong because Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations to accelerate delivery of static and dynamic web content, not a load balancer for distributing traffic across EC2 instances. Option D is wrong because AWS Auto Scaling automatically adjusts the number of EC2 instances based on demand, but it does not distribute incoming traffic; it works in conjunction with a load balancer to scale the fleet.

148
MCQmedium

A healthcare company needs to store patient medical records that must be retained for 10 years to comply with regulatory requirements. These records are accessed very rarely, only in the event of an audit or legal request. Which Amazon S3 storage class is the MOST cost-effective choice for this data?

A.S3 Standard
B.S3 Intelligent-Tiering
C.S3 One Zone-IA
D.S3 Glacier Deep Archive
AnswerD

S3 Glacier Deep Archive is the lowest-cost S3 storage class, designed for long-term retention of data that is accessed extremely rarely (e.g., once or twice per year). It provides secure and durable storage with retrieval times of 12-48 hours, making it the most cost-effective choice for regulatory archives with a 10-year retention requirement.

Why this answer

S3 Glacier Deep Archive is the most cost-effective choice because it is designed for long-term retention of rarely accessed data with a retrieval time of 12–48 hours. The 10-year retention requirement and infrequent access pattern (only during audits or legal requests) align perfectly with this storage class, offering the lowest storage cost among S3 classes while still meeting compliance needs.

Exam trap

The trap here is that candidates often choose S3 Glacier (Flexible Retrieval) instead of S3 Glacier Deep Archive, confusing the two, but the question specifically asks for the 'most cost-effective' option for data accessed 'very rarely' over a 10-year period, making Deep Archive the correct choice due to its lower storage cost and longer retrieval time.

How to eliminate wrong answers

Option A is wrong because S3 Standard is optimized for frequently accessed data with low latency and high throughput, making it unnecessarily expensive for data that is accessed only a few times over a decade. Option B is wrong because S3 Intelligent-Tiering automatically moves data between access tiers based on changing usage patterns, but it incurs a monthly monitoring and automation fee per object, which is not cost-effective for data that will almost never be accessed and is better served by a static deep archive tier. Option C is wrong because S3 One Zone-IA stores data in a single Availability Zone and is designed for infrequently accessed data that can be recreated, but it does not provide the durability or resilience required for regulatory compliance over a 10-year period, and its cost is higher than Glacier Deep Archive for long-term retention.

149
MCQmedium

A company needs to synchronize files between their on-premises file server and Amazon S3 on a recurring schedule, detecting and copying only the changed files. Which AWS service is designed for this use case?

A.AWS Snowball
B.Amazon S3 Transfer Acceleration
C.AWS DataSync
D.AWS Storage Gateway
AnswerC

DataSync automates file transfers between on-premises and AWS storage, detecting changed files, scheduling recurring syncs, validating data integrity, and encrypting transfers.

Why this answer

AWS DataSync is purpose-built for automating and accelerating the transfer of data between on-premises storage systems and AWS storage services, including Amazon S3. It supports incremental, scheduled transfers that detect and copy only changed files, making it the ideal choice for recurring file synchronization with S3.

Exam trap

The trap here is that candidates confuse AWS Storage Gateway's file gateway with DataSync, but file gateway provides a live file server interface to S3 rather than a scheduled, agent-based sync tool for changed files.

How to eliminate wrong answers

Option A is wrong because AWS Snowball is a physical data transport device used for large-scale, one-time data migrations, not for recurring scheduled synchronization of changed files. Option B is wrong because Amazon S3 Transfer Acceleration only speeds up uploads to S3 over the internet by using AWS edge locations; it does not provide scheduling, change detection, or on-premises agent capabilities. Option D is wrong because AWS Storage Gateway offers file gateway, volume gateway, and tape gateway modes for hybrid cloud storage, but its file gateway does not natively support recurring scheduled synchronization of changed files to S3; it provides a cached or stored volume interface rather than a dedicated sync service.

150
MCQmedium

A company wants to ensure their containerized microservices can discover each other by name without hard-coding IP addresses. Which AWS service provides DNS-based service discovery for ECS and EKS?

A.Amazon Route 53
B.AWS Cloud Map
C.Elastic Load Balancing
D.Amazon VPC
AnswerB

Cloud Map automatically registers service instances as they start and removes them as they stop, enabling dynamic DNS-based and API-based service discovery for containers.

Why this answer

AWS Cloud Map is a cloud resource discovery service that enables microservices to dynamically discover each other by name using DNS queries or API calls. It integrates directly with Amazon ECS and EKS, allowing containers to register and resolve service endpoints without hard-coded IP addresses, making it the correct choice for DNS-based service discovery.

Exam trap

The trap here is that candidates often confuse Route 53's general DNS capabilities with Cloud Map's specialized service discovery, overlooking that Route 53 lacks the dynamic registration and health-check-aware instance management required for containerized microservices.

How to eliminate wrong answers

Option A is wrong because Amazon Route 53 is a DNS web service primarily for domain registration and routing traffic to AWS resources, but it does not provide native service discovery for dynamic containerized microservices with health checks and instance registration. Option C is wrong because Elastic Load Balancing distributes incoming traffic across targets but does not offer DNS-based service discovery for containers to find each other by name. Option D is wrong because Amazon VPC provides networking isolation and IP address management, but it lacks built-in service discovery mechanisms for resolving service names to dynamic IP addresses.

← PreviousPage 2 of 5 · 341 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Technology questions.