CCNA Technology Questions

75 of 341 questions · Page 4/5 · Technology topic · Answers revealed

226
MCQmedium

A fast-growing mobile game company uses a NoSQL database to store player profiles, leaderboards, and game state. The database must deliver consistent single-digit millisecond response times regardless of the number of concurrent players. The company wants a fully managed service that automatically scales throughput capacity up and down based on traffic and replicates data across multiple Availability Zones for high availability. Which AWS service should the company use?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon ElastiCache for Redis
AnswerB

Amazon DynamoDB is the correct answer. It is a fully managed NoSQL service that delivers consistent single-digit millisecond latency at any scale. It automatically scales read/write throughput based on traffic patterns and replicates data across three Availability Zones in an AWS Region by default, meeting all requirements.

Why this answer

Amazon DynamoDB is a fully managed NoSQL database service that delivers consistent single-digit millisecond latency at any scale. It supports automatic scaling of throughput capacity based on traffic patterns and replicates data across multiple Availability Zones (AZs) for high availability and durability, making it the ideal choice for a fast-growing mobile game company.

Exam trap

The trap here is that candidates may confuse Amazon ElastiCache for Redis (a caching layer) with a primary NoSQL database, overlooking that DynamoDB is the fully managed, auto-scaling, multi-AZ NoSQL service designed for consistent low-latency workloads.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database, not a NoSQL database, and while it can be scaled vertically, it does not automatically scale throughput capacity up and down based on traffic in the same way DynamoDB does. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not for low-latency, high-concurrency transactional workloads like player profiles and leaderboards. Option D is wrong because Amazon ElastiCache for Redis is an in-memory caching service, not a primary database; it lacks the durability and automatic scaling of throughput capacity that DynamoDB provides, and it is typically used as a cache layer rather than a persistent data store.

227
MCQeasy

A company uses Amazon CloudFront to serve their website globally. They want to ensure that users in China can also access the website with low latency. What infrastructure consideration is required?

A.Enable CloudFront Geo-targeting for the China region
B.Use AWS China Regions (cn-north-1, cn-northwest-1) which require a separate AWS account
C.Enable CloudFront Accelerated Transfer for China
D.Use Route 53 latency routing to direct Chinese users to the nearest CloudFront PoP
AnswerB

AWS China Regions are legally separate entities requiring a separate account, ICP license, and compliance with Chinese regulations — standard CloudFront is not available in mainland China.

Why this answer

Option B is correct because serving content to users in China with low latency via CloudFront requires using AWS China Regions (cn-north-1, cn-northwest-1), which are isolated from global AWS Regions and require a separate AWS account due to Chinese regulatory and legal requirements. CloudFront distributions cannot directly serve content from global edge locations to users in China with optimal performance; instead, you must set up a separate CloudFront distribution in a China Region or use third-party CDN integration.

Exam trap

The trap here is that candidates assume CloudFront's global network can serve China with low latency through standard features like Geo-targeting or latency routing, overlooking the regulatory and infrastructure isolation that mandates a separate AWS account and China-specific Regions.

How to eliminate wrong answers

Option A is wrong because CloudFront Geo-targeting restricts content based on geographic location but does not provide low-latency access for users in China; it simply controls access or serves different content versions. Option C is wrong because CloudFront does not have an 'Accelerated Transfer for China' feature; AWS offers a 'CloudFront China' service that requires a separate account and uses local edge locations in China, not a global acceleration feature. Option D is wrong because Route 53 latency routing directs traffic to the nearest CloudFront Point of Presence (PoP) based on latency, but CloudFront PoPs outside China cannot provide low-latency access to users within China due to internet restrictions and firewall latency; a China-based distribution is necessary.

228
MCQmedium

A company runs a critical e-commerce application that uses an Amazon RDS for MySQL database deployed in a single Availability Zone. The company needs to ensure that the database remains available if the underlying hardware or the entire Availability Zone fails. The solution must provide automatic failover with minimal downtime and must not require any changes to the application's database connection string. Which Amazon RDS feature should the company use to meet these requirements?

A.Deploy a Read Replica in another Availability Zone and configure the application to use it as a failover target
B.Enable automated backups with point-in-time recovery
C.Manually provision a standby database instance in another Availability Zone and configure a custom failover script
D.Configure a Multi-AZ deployment for the Amazon RDS database instance
AnswerD

Multi-AZ deployments create a synchronous standby replica in a different Availability Zone. Amazon RDS automatically handles failover to the standby replica when a failure is detected, and updates the DNS record so that the same connection endpoint continues to work without any application changes. This meets all the stated requirements.

Why this answer

Option D is correct because a Multi-AZ deployment for Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. In the event of a failure, Amazon RDS automatically fails over to the standby, and the DNS record for the database endpoint is updated to point to the standby, so the application's connection string remains unchanged. This provides automatic failover with minimal downtime without requiring any manual intervention or application changes.

Exam trap

The trap here is that candidates often confuse Read Replicas (which are for read scaling and require manual promotion) with Multi-AZ deployments (which provide automatic failover with no application changes), leading them to incorrectly select Option A.

How to eliminate wrong answers

Option A is wrong because a Read Replica is an asynchronous replica used primarily for read scaling; it does not support automatic failover, and promoting it to a primary instance requires manual intervention and a change to the application's connection string. Option B is wrong because automated backups with point-in-time recovery provide data durability and restore capability, but they do not provide automatic failover or high availability; restoring from a backup incurs significant downtime. Option C is wrong because manually provisioning a standby instance and configuring a custom failover script is error-prone, introduces operational complexity, and would require changes to the application's connection string or DNS configuration to redirect traffic, violating the requirement for no application changes.

229
MCQeasy

Which AWS service provides a fully managed environment for creating, maintaining, and documenting APIs using REST, HTTP, and WebSocket protocols?

A.AWS AppSync
B.Amazon API Gateway
C.Elastic Load Balancing
D.AWS Lambda
AnswerB

API Gateway is AWS's managed API platform supporting REST APIs, HTTP APIs, and WebSocket APIs with built-in throttling, authorization, caching, and monitoring.

Why this answer

Amazon API Gateway is the correct service because it is a fully managed service that enables developers to create, publish, maintain, monitor, and secure APIs at any scale. It specifically supports RESTful APIs, HTTP APIs (for lower-latency and simpler integrations), and WebSocket APIs (for real-time two-way communication), making it the only AWS service that natively covers all three protocol types in a managed environment.

Exam trap

The trap here is that candidates often confuse AWS AppSync (which also supports real-time data via GraphQL subscriptions) with API Gateway's WebSocket support, but AppSync does not provide REST or HTTP API creation, and it uses GraphQL as its sole protocol.

How to eliminate wrong answers

Option A is wrong because AWS AppSync is a managed GraphQL service that uses GraphQL endpoints, not REST, HTTP, or WebSocket APIs directly; it focuses on real-time data synchronization and offline capabilities for mobile and web apps, not general-purpose API creation with those three protocols. Option C is wrong because Elastic Load Balancing (ELB) is a load balancer that distributes incoming traffic across targets, such as EC2 instances or containers, and does not create, maintain, or document APIs; it operates at the transport layer (TCP) or application layer (HTTP/HTTPS) but lacks API management features like request/response transformation, API keys, or documentation generation. Option D is wrong because AWS Lambda is a serverless compute service that runs code in response to events, not an API management service; while Lambda can be integrated with API Gateway as a backend, it does not itself create, maintain, or document APIs.

230
MCQmedium

A company runs a multiplayer gaming application on Amazon EC2 instances in the us-east-1 Region. The application uses the UDP protocol for real-time communication between players and game servers. Players in Asia and Europe report high latency and packet loss. The company wants to improve performance by directing player traffic from the nearest edge location to the application over the AWS global network, without modifying the application code. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 latency routing
D.AWS Site-to-Site VPN
AnswerB

AWS Global Accelerator uses the AWS global network to improve the performance of TCP/UDP applications. It directs user traffic to the nearest edge location and then routes it over the AWS global backbone to the optimal regional endpoint, reducing latency and packet loss. This matches the requirement for UDP-based gaming application without application changes.

Why this answer

AWS Global Accelerator uses the AWS global network to route UDP traffic from the nearest edge location to the application, reducing latency and packet loss without requiring code changes. It leverages Anycast IP addresses to direct player traffic to the closest edge location, then transports it over the optimized AWS backbone to the EC2 instances in us-east-1.

Exam trap

The trap here is that candidates often confuse CloudFront's edge caching with Global Accelerator's network path optimization, but CloudFront does not support UDP and cannot accelerate non-HTTP traffic without application changes.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) optimized for HTTP/HTTPS and WebSocket traffic, not for UDP-based real-time gaming protocols, and it would require modifying the application to use HTTP-based delivery. Option C is wrong because Amazon Route 53 latency routing only controls DNS resolution to direct traffic to the nearest endpoint based on latency, but it does not optimize the network path after DNS resolution and does not use the AWS global network for packet transport; it also cannot handle UDP traffic flow optimization. Option D is wrong because AWS Site-to-Site VPN creates an encrypted tunnel between on-premises networks and AWS, not between players and the application, and it would not improve performance for global player traffic without modifying the application to route through a VPN.

231
MCQmedium

A company runs a web application across multiple Amazon EC2 instances that are distributed across several Availability Zones. The application needs to share a common set of configuration files and static assets that must be accessible concurrently and consistently from all instances. The company wants a fully managed, scalable file storage solution that does not require provisioning or managing underlying storage hardware. Which AWS service should the company use?

A.Amazon Elastic File System (EFS)
B.Amazon Elastic Block Store (EBS)
C.Amazon Simple Storage Service (S3)
D.Amazon Relational Database Service (RDS)
AnswerA

Correct. Amazon EFS provides a fully managed NFS file system that can be mounted on multiple EC2 instances across multiple Availability Zones simultaneously. It scales automatically and is designed for high availability and durability, making it ideal for shared file access.

Why this answer

Amazon EFS provides a fully managed, scalable, and shared file system that can be mounted concurrently by multiple EC2 instances across different Availability Zones. It uses the NFSv4.1 protocol, ensuring consistent access to configuration files and static assets without any provisioning or management of underlying storage hardware.

Exam trap

The trap here is that candidates often confuse Amazon S3's object storage capabilities with a shared file system, overlooking that S3 does not support POSIX file locking or concurrent mount-based access required for shared configuration files across EC2 instances.

How to eliminate wrong answers

Option B is wrong because Amazon EBS provides block-level storage volumes that can only be attached to a single EC2 instance in a specific Availability Zone, and it does not support concurrent access from multiple instances across zones. Option C is wrong because Amazon S3 is an object storage service accessed via HTTP/HTTPS APIs, not a file system that can be mounted directly as a shared drive with POSIX-style file locking and concurrent read/write consistency required for shared configuration files.

232
MCQmedium

A company wants to protect their web application from common Layer 7 attacks and also implement rate limiting to prevent API abuse. Which AWS service provides both capabilities?

A.AWS Shield Standard
B.AWS WAF
C.Security Groups
D.Amazon GuardDuty
AnswerB

WAF provides Layer 7 web protection with managed rule groups (OWASP Top 10, bot control) and rate-based rules that block IPs exceeding configurable request thresholds.

Why this answer

AWS WAF is a web application firewall that helps protect web applications from common Layer 7 attacks such as SQL injection and cross-site scripting (XSS). It also supports rate-based rules that automatically block requests from a client IP when the request rate exceeds a defined threshold, enabling API abuse prevention. This makes AWS WAF the correct choice for both capabilities.

Exam trap

The trap here is that candidates often confuse AWS Shield (which handles network-layer DDoS) with AWS WAF (which handles application-layer filtering and rate limiting), leading them to select AWS Shield Standard despite it lacking Layer 7 inspection and rate control capabilities.

How to eliminate wrong answers

Option A is wrong because AWS Shield Standard provides protection against Layer 3 and Layer 4 DDoS attacks (e.g., SYN floods, UDP reflection) and does not include Layer 7 attack filtering or rate limiting. Option C is wrong because Security Groups act as a stateful firewall at the instance level (Layer 3/4) and cannot inspect application-layer payloads or enforce rate-based rules. Option D is wrong because Amazon GuardDuty is a threat detection service that analyzes VPC Flow Logs, DNS logs, and CloudTrail events for malicious activity; it does not actively block attacks or provide rate limiting at the application layer.

233
MCQmedium

A company needs to monitor their application's performance and identify bottlenecks by tracing requests as they travel through multiple AWS services and microservices. Which AWS service provides distributed tracing?

A.Amazon CloudWatch
B.AWS CloudTrail
C.AWS X-Ray
D.AWS Config
AnswerC

X-Ray traces requests end-to-end through distributed applications, creating service maps that show request flows and identifying latency bottlenecks across microservices.

Why this answer

AWS X-Ray is the correct service because it is specifically designed for distributed tracing, allowing you to trace requests end-to-end as they travel through AWS services and microservices. It provides a service map, traces, and annotations to identify performance bottlenecks and debug errors across distributed applications.

Exam trap

The trap here is that candidates often confuse CloudWatch Logs or CloudTrail with distributed tracing, but X-Ray is the only service that provides trace-level visibility across multiple services and microservices.

How to eliminate wrong answers

Option A is wrong because Amazon CloudWatch is a monitoring service for metrics, logs, and alarms, but it does not provide distributed tracing or trace individual requests across services. Option B is wrong because AWS CloudTrail records API calls for auditing and governance, not for tracing request flows or performance analysis. Option D is wrong because AWS Config evaluates resource configurations and compliance, not request tracing or performance monitoring.

234
MCQeasy

Which Amazon S3 feature protects against accidental deletion by maintaining multiple versions of every object in a bucket?

A.S3 Replication
B.S3 Versioning
C.S3 Object Lock
D.S3 Lifecycle policies
AnswerB

S3 Versioning keeps every version of every object — deletions create delete markers, preserving previous versions that can be recovered at any time.

Why this answer

S3 Versioning is the correct answer because it is the specific S3 feature designed to protect against accidental deletion by preserving multiple versions of every object in a bucket. When versioning is enabled, deleting an object does not permanently remove it; instead, S3 inserts a delete marker, and the previous versions remain recoverable. This directly addresses the scenario of preventing permanent data loss from accidental deletions.

Exam trap

The trap here is that candidates often confuse S3 Object Lock with versioning because both involve protection, but Object Lock prevents overwrites and deletions via legal holds or retention periods, not by maintaining a version history for recovery from accidental deletion.

How to eliminate wrong answers

Option A is wrong because S3 Replication (Cross-Region or Same-Region) asynchronously copies objects to a destination bucket for redundancy or compliance, but it does not maintain multiple versions of the same object within the source bucket to protect against accidental deletion. Option C is wrong because S3 Object Lock enforces a write-once-read-many (WORM) model to prevent objects from being deleted or overwritten for a fixed retention period, but it does not inherently maintain multiple versions of every object; it works with versioning but is not the feature that provides version history. Option D is wrong because S3 Lifecycle policies automate the transition or expiration of objects based on age or other rules, but they do not create or maintain multiple versions; in fact, they can permanently delete older versions if configured to do so.

235
MCQeasy

Which AWS storage service is designed for shared file storage accessible simultaneously by multiple EC2 instances using the NFS protocol?

A.Amazon EBS
B.Amazon S3
C.Amazon EFS
D.Amazon FSx for Windows File Server
AnswerC

EFS is a managed NFS file system that can be mounted by multiple EC2 instances across multiple AZs simultaneously, with automatic scaling from gigabytes to petabytes.

Why this answer

Amazon EFS (Elastic File System) is a fully managed, scalable NFS file system that can be mounted concurrently on multiple EC2 instances. It uses the NFSv4.1 protocol, enabling shared access across Availability Zones and instances, which is exactly what the question describes.

Exam trap

The trap here is that candidates confuse EBS (block storage) with a shared file system, not realizing that EBS volumes are single-instance attached by default, while EFS is purpose-built for multi-instance NFS access.

How to eliminate wrong answers

Option A is wrong because Amazon EBS provides block-level storage volumes that can be attached to only one EC2 instance at a time (unless using a multi-attach EBS, which is limited to specific instance types and does not use NFS). Option B is wrong because Amazon S3 is an object storage service accessed via HTTP/HTTPS APIs, not a file system that supports the NFS protocol or concurrent mounting as a shared file system. Option D is wrong because Amazon FSx for Windows File Server uses the SMB protocol, not NFS, and is designed for Windows-based workloads.

236
MCQmedium

A company runs containerised microservices using Amazon ECS. The operations team wants to stop managing EC2 instances, including patching and capacity planning for the container hosts. Which option allows them to run containers on ECS without managing servers?

A.Run ECS tasks on On-Demand EC2 instances
B.Use AWS Fargate as the ECS launch type
C.Use AWS Lambda to run the containers
D.Run ECS tasks on Reserved EC2 instances
AnswerB

Fargate removes the need to manage EC2 instances. The team defines CPU and memory requirements for each container, and AWS provisions and manages the underlying compute automatically.

Why this answer

AWS Fargate is a serverless compute engine for containers that works with Amazon ECS. When you use Fargate as the launch type, you no longer need to provision, patch, or manage EC2 instances; AWS handles the underlying infrastructure, including capacity planning and OS patching. This directly meets the operations team's requirement to stop managing servers.

Exam trap

The trap here is that candidates often confuse the pricing model (Reserved Instances) with the compute management model, or they think Lambda can fully replace ECS for containerised microservices, not realising Fargate is the serverless compute option specifically designed for ECS.

How to eliminate wrong answers

Option A is wrong because running ECS tasks on On-Demand EC2 instances still requires you to manage the EC2 instances themselves, including patching and capacity planning. Option C is wrong because AWS Lambda is designed for short-running, event-driven functions, not for running containerised microservices as a general-purpose compute platform; while Lambda supports container images, it has strict timeout (15 minutes) and resource limits that make it unsuitable for typical long-running microservices. Option D is wrong because Reserved EC2 instances are a pricing model for EC2, not a launch type; they still require you to manage the underlying EC2 instances, including patching and capacity planning.

237
MCQeasy

Which AWS service makes it easy for developers to create, publish, and manage APIs that act as the front door for applications to access backend services?

A.Amazon CloudFront
B.Elastic Load Balancing
C.Amazon API Gateway
D.AWS App Runner
AnswerC

API Gateway is the managed API platform for creating REST, HTTP, and WebSocket APIs with authentication, throttling, monitoring, and versioning built in.

Why this answer

Amazon API Gateway is a fully managed service that enables developers to create, publish, maintain, monitor, and secure APIs at any scale. It acts as a front door for applications to access backend services such as AWS Lambda, Amazon EC2, or any publicly accessible web endpoint, handling all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.

Exam trap

The trap here is that candidates often confuse Amazon API Gateway with Elastic Load Balancing because both can route traffic to backend services, but ELB lacks API-specific features like API key management, request/response transformation, and usage plans that are central to API lifecycle management.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches and delivers static and dynamic content at the edge, not a service for creating, publishing, or managing APIs as a front door to backend services. Option B is wrong because Elastic Load Balancing distributes incoming traffic across multiple targets (e.g., EC2 instances) but does not provide API creation, publishing, or management capabilities; it operates at the transport or application layer without API-specific features like request transformation or API keys. Option D is wrong because AWS App Runner is a service for deploying containerized web applications and APIs directly from source code or container images, but it does not offer the API management, versioning, throttling, or authorization features that API Gateway provides as a dedicated front door for APIs.

238
MCQmedium

A media company hosts its website on Amazon EC2 instances in the us-east-1 Region. Static assets such as images, CSS, and JavaScript files are stored in an Amazon S3 bucket. Users across the globe report slow page load times due to high latency when fetching these assets. The company wants to deliver the static content with low latency and high transfer speeds to users worldwide, reduce the load on the EC2 instances, and add protection against common DDoS attacks. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53 latency-based routing
D.AWS WAF
AnswerA

Correct. Amazon CloudFront is a CDN that caches content at edge locations to deliver low latency and high throughput to users globally. It also offloads origin servers and provides DDoS protection via AWS Shield.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets (images, CSS, JavaScript) at edge locations worldwide, reducing latency for global users. It offloads requests from the EC2 origin by serving cached content directly from the edge, and it integrates with AWS Shield Standard to provide automatic protection against common DDoS attacks. This directly addresses the company's requirements for low latency, reduced EC2 load, and DDoS protection.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator with a CDN, but Global Accelerator does not cache content—it only optimizes network path routing, making it unsuitable for static asset delivery.

How to eliminate wrong answers

Option B (AWS Global Accelerator) is wrong because it improves performance by routing traffic over the AWS global network to the optimal regional endpoint, but it does not cache static content at edge locations; it is designed for dynamic traffic (e.g., TCP/UDP) and does not reduce load on EC2 for static asset delivery. Option C (Amazon Route 53 latency-based routing) is wrong because it only directs DNS queries to the region with the lowest latency, but it does not cache content or reduce the load on EC2 instances; each user still fetches assets directly from the origin S3 bucket or EC2. Option D (AWS WAF) is wrong because it is a web application firewall that filters and monitors HTTP requests for security threats, but it does not cache content or improve latency; it only provides protection, not performance benefits.

239
MCQmedium

A manufacturing company collects sensor data from thousands of IoT devices every second. The data includes temperature, pressure, and vibration readings. The company needs to store this time-series data and perform real-time queries to detect anomalies, as well as run historical analysis. The data volume is extremely high and will grow continuously. The company wants a fully managed, serverless solution that can automatically scale to handle the data volume and provide built-in analytics functions for time-series. Which AWS service should the company use?

A.Amazon DynamoDB
B.Amazon Timestream
C.Amazon ElastiCache for Redis
D.Amazon RDS for MySQL
AnswerB

Amazon Timestream is a purpose-built time-series database that can efficiently ingest, store, and analyze trillions of time-stamped data points per day. It is serverless and auto-scaling, with built-in time-series analytics functions such as interpolation, smoothing, and approximation. This makes it the ideal choice for the company's IoT sensor data requirements.

Why this answer

Amazon Timestream is a fully managed, serverless time-series database service designed specifically for IoT and operational applications. It automatically scales to handle trillions of events per day, provides built-in time-series analytics functions (e.g., smoothing, approximation, interpolation), and supports both real-time queries and historical analysis with separate storage tiers (in-memory for recent data and magnetic for historical data). This makes it the ideal choice for the company's high-volume sensor data requirements.

Exam trap

The trap here is that candidates often choose DynamoDB (Option A) because they associate it with high-scale IoT workloads, but they overlook the requirement for built-in time-series analytics functions and automatic tiered storage, which Timestream uniquely provides as a purpose-built time-series database.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a key-value and document database optimized for low-latency reads/writes at scale, but it lacks native time-series functions, automatic data retention policies, and built-in analytics for time-series queries like interpolation or smoothing. Option C is wrong because Amazon ElastiCache for Redis is an in-memory cache, not a durable storage solution; it is designed for sub-millisecond performance on transient data and does not provide built-in time-series analytics functions or automatic scaling for long-term historical storage. Option D is wrong because Amazon RDS for MySQL is a relational database that requires manual scaling, schema management, and does not offer native time-series functions or automatic tiered storage; it would incur high operational overhead for the extreme write volume and continuous growth described.

240
MCQmedium

A company stores genomics data (several petabytes) on Amazon S3. They need to run complex analytics on this data using standard bioinformatics tools that require a POSIX file system interface. Which AWS solution provides this?

A.Amazon EFS mounted on EC2
B.Amazon FSx for Lustre linked to S3
C.Amazon EBS io2 volumes on EC2
D.Amazon S3 with S3 Select
AnswerB

FSx for Lustre is a high-performance parallel file system that integrates with S3 — it presents S3 data as files with POSIX semantics and delivers the throughput needed for genomics HPC workloads.

Why this answer

Amazon FSx for Lustre is a high-performance file system that provides a POSIX-compliant interface and can be linked directly to an S3 bucket, allowing you to run standard bioinformatics tools on genomics data stored in S3 without needing to copy it. This solution delivers the low-latency, high-throughput file access required for complex analytics on petabyte-scale datasets, while seamlessly integrating with S3 for durable storage.

Exam trap

The trap here is that candidates confuse Amazon EFS (a POSIX file system) with the high-performance requirements of HPC workloads, overlooking that FSx for Lustre is specifically optimized for low-latency, parallel access to large datasets, while EFS is designed for general-purpose, throughput-oriented use cases.

How to eliminate wrong answers

Option A is wrong because Amazon EFS provides a POSIX file system but is designed for general-purpose, NFS-based workloads with moderate throughput, not for the high-performance computing (HPC) demands of complex genomics analytics on petabytes of data; it lacks the parallel, low-latency access that FSx for Lustre offers. Option C is wrong because Amazon EBS io2 volumes provide block storage with high IOPS but are limited to a single EC2 instance and cannot be directly linked to S3, requiring manual data movement and lacking the shared, scalable file system needed for distributed bioinformatics tools. Option D is wrong because Amazon S3 with S3 Select is an object storage service that does not provide a POSIX file system interface; S3 Select only allows server-side filtering of data using SQL expressions and cannot run standard bioinformatics tools that require a file system.

241
MCQmedium

A company operates a global e-commerce website with static assets (product images, CSS, JavaScript) stored in an Amazon S3 bucket. Users in different geographic regions report slow page load times. The company wants to reduce latency without rearchitecting the application or moving the S3 bucket. Which AWS service should the company use to distribute the static assets closer to users?

A.Amazon CloudFront
B.S3 Transfer Acceleration
C.Add more Amazon EC2 instances in different regions
D.Application Load Balancer with cross-zone load balancing
AnswerA

Amazon CloudFront is a global content delivery network (CDN) that caches static assets at edge locations near users, reducing latency and offloading from the origin S3 bucket.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets at edge locations worldwide, significantly reducing latency for users by serving content from the nearest edge location rather than from the origin S3 bucket. It integrates directly with S3 without requiring any application rearchitecture or bucket relocation, making it the ideal solution for this use case.

Exam trap

The trap here is that candidates often confuse S3 Transfer Acceleration (which optimizes uploads to S3) with a CDN service (which optimizes downloads to users), leading them to choose Option B even though it does not address the latency problem for end users.

How to eliminate wrong answers

Option B (S3 Transfer Acceleration) is wrong because it accelerates uploads to S3 over long distances using AWS edge locations, but it does not cache or distribute content for low-latency downloads; it only speeds up the transfer of data into the bucket, not the delivery to end users. Option C (Add more Amazon EC2 instances in different regions) is wrong because it would require rearchitecting the application to serve static assets from multiple regions, and EC2 instances are not designed for static asset distribution; they would add complexity, cost, and management overhead without the caching and edge delivery benefits of a CDN.

242
MCQmedium

A company has a web application that processes customer orders. The frontend web servers run on Amazon EC2 instances and receive order requests from users. The backend order processing system runs on a separate fleet of EC2 instances. The company wants to decouple these two tiers so that order requests are stored reliably until the backend is ready to process them. The solution must handle occasional traffic spikes without losing any messages and must allow the backend to scale independently. Which AWS service should the company use to meet these requirements?

A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Queue Service (Amazon SQS)
C.Amazon Kinesis Data Streams
D.AWS Step Functions
AnswerB

Amazon SQS is a fully managed message queuing service that decouples application components. It stores messages durably, handles traffic spikes, and allows independent scaling of producers and consumers. This matches all requirements.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS reliably stores messages in a queue until the backend order processing system retrieves and processes them, ensuring no messages are lost even during traffic spikes. The backend can independently scale based on the queue depth, and SQS offers at-least-once delivery and exactly-once processing with FIFO queues if needed.

Exam trap

The trap here is that candidates often confuse SNS with SQS because both are messaging services, but SNS is a push-based pub/sub system that does not durably store messages, whereas SQS is a pull-based queue that provides persistent storage and decoupling, which is exactly what the scenario requires.

How to eliminate wrong answers

Option A is wrong because Amazon Simple Notification Service (SNS) is a pub/sub messaging service that pushes messages to subscribers (e.g., HTTP endpoints, Lambda, SQS) but does not store messages durably; if a subscriber is unavailable, messages are lost unless you configure a dead-letter queue, and it does not provide the reliable, persistent storage required for decoupling with independent scaling. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large data volumes (e.g., clickstreams, logs) with a retention period of up to 365 days, but it is not optimized for simple point-to-point decoupling of order processing; it requires consumers to manage shard-level scaling and checkpointing, adding complexity that is unnecessary for this use case.

243
MCQmedium

A company needs a managed message queue service that guarantees each message is delivered at least once and supports unlimited message retention. Which AWS service should they use?

A.Amazon SNS
B.Amazon SQS
C.Amazon Kinesis Data Streams
D.AWS Step Functions
AnswerB

SQS provides managed message queuing with at-least-once delivery for standard queues and up to 14-day message retention.

Why this answer

Amazon SQS (Simple Queue Service) is a fully managed message queuing service that guarantees at-least-once delivery by default and supports unlimited message retention (up to 14 days for standard queues, but retention can be extended indefinitely using a dead-letter queue or custom re-queuing logic). This makes it the correct choice for a service that must ensure each message is delivered at least once and can be retained for an unlimited duration.

Exam trap

The trap here is that candidates often confuse SNS (pub/sub) with SQS (queue) because both are messaging services, but SNS does not store messages or guarantee at-least-once delivery, making it unsuitable for this requirement.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that does not guarantee at-least-once delivery (it offers at-most-once delivery by default) and does not support message retention—messages are pushed to subscribers immediately and not stored. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming data with a default retention period of 24 hours (up to 365 days with extended retention), but it does not guarantee at-least-once delivery per record; it uses a shard-based model where records can be replayed but not individually acknowledged. Option D is wrong because AWS Step Functions is a serverless orchestration service for coordinating multiple AWS services into workflows, not a message queue service; it does not provide message retention or at-least-once delivery guarantees for individual messages.

244
MCQmedium

A gaming company operates a mobile game with millions of active users. The game stores player profiles and session state in a key-value database. The database must provide single-digit millisecond latency for read and write operations at any scale. The company expects traffic to grow unpredictably, and the database must scale horizontally without downtime. The company wants a fully managed, highly available solution with built-in replication across multiple Availability Zones. Which AWS service should the company use?

A.Amazon RDS for PostgreSQL
B.Amazon Redshift
C.Amazon DynamoDB
D.Amazon ElastiCache for Redis
AnswerC

Correct. Amazon DynamoDB is a fully managed NoSQL key-value and document database that provides single-digit millisecond latency at any scale. It scales horizontally, supports auto scaling, and offers built-in multi-AZ replication for high availability and durability.

Why this answer

Amazon DynamoDB is the correct choice because it is a fully managed, serverless, NoSQL key-value database that delivers single-digit millisecond latency at any scale. It supports horizontal scaling via automatic partitioning and replication across multiple Availability Zones (AZs) for high availability, with no downtime required for scaling. This directly matches the gaming company's requirements for low-latency reads/writes, unpredictable traffic growth, and built-in multi-AZ replication.

Exam trap

The trap here is that candidates often confuse Amazon ElastiCache for Redis with a durable database, but it is an in-memory cache that lacks native multi-AZ replication for persistence and is not designed as a primary key-value store for session state that must survive node failures.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for PostgreSQL is a relational database that does not natively support horizontal scaling for key-value workloads; scaling requires manual sharding or read replicas, and it cannot achieve single-digit millisecond latency at massive scale without significant overhead. Option B is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for complex analytical queries, not for low-latency key-value operations; it uses columnar storage and is not designed for real-time read/write workloads. Option D is wrong because Amazon ElastiCache for Redis is an in-memory cache, not a durable database; while it offers sub-millisecond latency, it lacks built-in multi-AZ replication for persistence and is typically used as a caching layer, not as the primary data store for player profiles and session state.

245
MCQmedium

A company is planning to deploy a multi-tier web application on AWS. The architecture includes Amazon EC2 instances, an Application Load Balancer, an Amazon RDS database, and security groups. The company wants to define and provision these resources as reusable, version-controlled infrastructure so they can consistently deploy the same environment to development, testing, and production accounts. The solution should allow the team to use JSON or YAML templates to describe the resources and their dependencies. Which AWS service should the company use?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS OpsWorks
D.AWS CodeDeploy
AnswerB

AWS CloudFormation is an infrastructure as code service that enables you to model and provision AWS resources using templates written in JSON or YAML. These templates can be stored in version control systems, making it possible to deploy identical environments across multiple accounts and regions consistently.

Why this answer

AWS CloudFormation is the correct service because it allows you to define and provision AWS infrastructure as code using JSON or YAML templates. This enables version-controlled, repeatable deployments across multiple accounts (development, testing, production) by describing resources like EC2 instances, ALBs, RDS databases, and security groups along with their dependencies in a declarative template.

Exam trap

The trap here is that candidates confuse AWS Elastic Beanstalk's environment configuration files (e.g., .ebextensions) with infrastructure-as-code, but Elastic Beanstalk does not provide the same level of resource-level control, dependency management, or cross-account stack deployment as CloudFormation.

How to eliminate wrong answers

Option A is wrong because AWS Elastic Beanstalk is a Platform as a Service (PaaS) that abstracts infrastructure management and does not provide native JSON/YAML template-based resource definition for version-controlled, reusable infrastructure across accounts; it focuses on application deployment and scaling rather than granular infrastructure-as-code. Option C is wrong because AWS OpsWorks is a configuration management service that uses Chef and Puppet, not JSON/YAML templates for defining AWS resources, and it is designed for managing server configurations and application stacks, not for declarative infrastructure provisioning with dependency resolution.

246
MCQeasy

Which AWS service provides an immutable, cryptographically verifiable transaction log for tracking the complete history of changes to application data?

A.Amazon Managed Blockchain
B.Amazon RDS with point-in-time recovery
C.Amazon QLDB (Quantum Ledger Database)
D.AWS CloudTrail
AnswerC

QLDB provides an immutable, cryptographically verifiable journal — every data change is recorded with a hash, making the complete history tamper-evident.

Why this answer

Amazon QLDB (Quantum Ledger Database) provides an immutable, append-only journal that records every change to application data. It uses cryptographic hashing to chain entries together, creating a verifiable history that cannot be altered or deleted, which is exactly what the question describes.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail's immutable logging of API calls with an application-level immutable transaction log, but CloudTrail does not track application data changes or provide a cryptographically verifiable ledger.

How to eliminate wrong answers

Option A is wrong because Amazon Managed Blockchain is a fully managed service for creating and managing blockchain networks using Hyperledger Fabric or Ethereum, which is decentralized and requires consensus among multiple parties, not a single immutable ledger for application data. Option B is wrong because Amazon RDS with point-in-time recovery provides the ability to restore a database to any second within a retention period, but it does not offer an immutable, cryptographically verifiable transaction log; changes can be overwritten or deleted. Option D is wrong because AWS CloudTrail records API activity for governance and auditing, but it captures AWS management events, not application-level data changes, and its logs can be configured to be immutable but are not inherently a cryptographically chained ledger.

247
MCQmedium

A company is running their application on EC2 instances behind an Application Load Balancer. They want to ensure the application remains available during an AZ outage. What is the minimum architecture configuration required?

A.Multiple EC2 instances in a single Availability Zone
B.EC2 instances distributed across at least two Availability Zones behind an ALB
C.A single large EC2 instance with enhanced networking
D.EC2 instances in a single Region across multiple subnets in the same AZ
AnswerB

Deploying instances across multiple AZs with an ALB spanning those AZs ensures that an outage in one AZ doesn't take down the application — traffic automatically routes to the surviving AZ.

Why this answer

To remain available during an Availability Zone outage, the application must be resilient to the failure of an entire AZ. An Application Load Balancer distributes traffic across healthy targets, but it cannot route to instances in a failed AZ. Therefore, EC2 instances must be deployed in at least two separate Availability Zones, and the ALB must be configured with subnets in those same AZs to route traffic and perform health checks, ensuring continuous availability if one AZ goes down.

Exam trap

The trap here is that candidates often confuse 'multiple subnets' with 'multiple Availability Zones,' assuming that deploying across subnets within the same AZ provides fault tolerance, but subnets are AZ-scoped and do not offer AZ-level redundancy.

How to eliminate wrong answers

Option A is wrong because multiple EC2 instances in a single Availability Zone cannot survive an outage of that AZ; all instances would be affected simultaneously. Option C is wrong because a single large EC2 instance, even with enhanced networking, represents a single point of failure and cannot provide high availability across AZs. Option D is wrong because multiple subnets within the same Availability Zone do not provide fault isolation; an AZ outage would still take down all instances regardless of subnet count.

248
MCQmedium

A company is developing a REST API that processes customer orders. The API receives JSON payloads via HTTPS and performs short-lived operations, such as data validation, transformation, and writing to a database. The workload is very unpredictable: sometimes there are long periods of inactivity, but during flash sales the API may receive thousands of requests per second for a few minutes. The company wants a fully managed compute service that automatically scales to handle any request volume, charges only for the compute time used during execution, and requires no server provisioning or ongoing infrastructure management. Which AWS service should the company use?

A.Amazon EC2 with Auto Scaling
B.AWS Lambda
C.Amazon ECS with Fargate launch type
D.Amazon Lightsail
AnswerB

AWS Lambda is a serverless compute service that executes code in response to events. It automatically scales to handle any volume of requests, charging only for the compute time consumed during execution (per millisecond). No servers to provision or manage, making it ideal for unpredictable, short-lived workloads.

Why this answer

AWS Lambda is the correct choice because it is a fully managed, event-driven compute service that automatically scales from zero to thousands of concurrent executions in response to incoming HTTPS requests. It charges only for the compute time consumed during execution (in 1ms increments), requires no server provisioning, and is ideal for short-lived operations like data validation, transformation, and database writes. The unpredictable, bursty workload pattern—long idle periods followed by flash sales—maps perfectly to Lambda's pay-per-use model and automatic scaling.

Exam trap

The trap here is that candidates often confuse 'fully managed' with 'container orchestration' and select ECS with Fargate, overlooking that Lambda is the only option that charges strictly per execution (not per provisioned resource) and automatically scales to zero during inactivity without any ongoing cost.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Auto Scaling requires provisioning and managing virtual servers (instances), ongoing patching, and capacity planning; it does not charge only for compute time used during execution (you pay for running instances even when idle), and it is not a fully managed service in the sense of zero infrastructure management. Option C is wrong because Amazon ECS with Fargate launch type, while serverless and fully managed, still requires you to define task definitions, manage container images, and pay for the duration that containers are provisioned (even if idle), and it is not optimized for sub-second, short-lived operations triggered by individual HTTP requests—it is better suited for long-running or batch container workloads.

249
MCQmedium

A company is building a real-time chat application that relies on long-lived WebSocket connections between clients and backend servers. The application runs on Amazon EC2 instances across multiple Availability Zones. The company needs a load balancer that can distribute incoming WebSocket traffic while preserving the connection and supporting sticky sessions. Which AWS load balancing solution should the company use?

A.Application Load Balancer
B.Network Load Balancer
C.Classic Load Balancer
D.Amazon Route 53
AnswerA

Correct. ALB supports WebSocket protocol natively and provides sticky sessions (session affinity) using cookies or source IP. It operates at Layer 7, making it ideal for real-time chat applications that require persistent connections and application-aware routing.

Why this answer

The Application Load Balancer (ALB) supports WebSocket connections natively at the application layer (Layer 7) and can maintain persistent connections via its built-in sticky session (session affinity) feature, which uses a cookie to bind a client to a specific target for the duration of the WebSocket session. This makes ALB the correct choice for a real-time chat application requiring long-lived WebSocket connections and sticky sessions across multiple Availability Zones.

Exam trap

The trap here is that candidates often assume Network Load Balancer is the only option for WebSocket because it operates at Layer 4 and handles long-lived TCP connections, but they overlook that ALB explicitly supports WebSocket at Layer 7 and provides the required sticky session feature via cookies, which NLB lacks.

How to eliminate wrong answers

Option B (Network Load Balancer) is wrong because although NLB supports WebSocket connections at Layer 4 and preserves long-lived connections, it does not natively support application-level sticky sessions (session affinity) based on cookies; NLB's stickiness is limited to source IP hash, which is not as granular or reliable for WebSocket session persistence. Option C (Classic Load Balancer) is wrong because it does not support WebSocket connections at all; it operates at Layer 4/7 but lacks native WebSocket protocol support, and its sticky session feature is limited to HTTP/HTTPS traffic using duration-based cookies, not suitable for WebSocket upgrades.

250
MCQeasy

Which AWS service enables you to create a private, isolated network within the AWS Cloud where you can define your own IP address range, subnets, and routing?

A.AWS Direct Connect
B.Amazon VPC
C.Amazon Route 53
D.AWS Transit Gateway
AnswerB

VPC provides the isolated virtual network in the cloud where customers control IP addressing, subnet design, routing, and connectivity options.

Why this answer

Amazon VPC (Virtual Private Cloud) enables you to provision a logically isolated section of the AWS Cloud where you can define your own IP address range using CIDR notation (e.g., 10.0.0.0/16), create subnets across Availability Zones, and configure custom route tables to control traffic flow. This service gives you full control over your virtual networking environment, including the selection of private and public IP addresses, network gateways, and security settings.

Exam trap

The trap here is that candidates often confuse AWS Transit Gateway with Amazon VPC, thinking Transit Gateway provides the isolated network itself, when in fact Transit Gateway only connects multiple VPCs and does not allow you to define IP ranges or subnets within a single isolated network.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect is a dedicated network connection service that links your on-premises data center to AWS, not a service for creating private, isolated networks with custom IP ranges and subnets. Option C is wrong because Amazon Route 53 is a DNS (Domain Name System) web service that translates domain names to IP addresses and manages traffic routing, not a service for defining IP address ranges or subnets. Option D is wrong because AWS Transit Gateway acts as a central hub to interconnect VPCs and on-premises networks, but it does not itself allow you to define IP address ranges, subnets, or routing within a single isolated network—that is the role of Amazon VPC.

251
MCQeasy

A company needs to provide business users with self-service business intelligence dashboards and visualizations of data from multiple AWS data sources. Which AWS service enables this?

A.Amazon Athena
B.Amazon Redshift
C.Amazon QuickSight
D.Amazon EMR
AnswerC

QuickSight provides self-service BI with drag-and-drop dashboard creation, ML-powered insights, and pay-per-session pricing for business users.

Why this answer

Amazon QuickSight is a fully managed, serverless business intelligence (BI) service designed specifically for creating interactive dashboards and visualizations. It natively integrates with multiple AWS data sources (e.g., Amazon S3, Amazon RDS, Amazon Redshift, Amazon Athena) and provides self-service capabilities for business users via a web-based interface, without requiring any infrastructure management.

Exam trap

The trap here is that candidates often confuse data querying or warehousing services (Athena, Redshift) with visualization tools, assuming that because a service can run SQL or store data, it can also generate dashboards—but QuickSight is the only AWS-native BI service for self-service visualizations.

How to eliminate wrong answers

Option A is wrong because Amazon Athena is an interactive query service that allows you to analyze data directly in Amazon S3 using standard SQL, but it does not provide built-in dashboarding or visualization capabilities—it only returns query results as raw data. Option B is wrong because Amazon Redshift is a fully managed petabyte-scale data warehouse optimized for complex analytical queries, but it is not a BI visualization tool; it serves as a data source for BI tools like QuickSight. Option D is wrong because Amazon EMR is a big data platform for processing vast amounts of data using frameworks like Apache Spark and Hadoop, but it is designed for data engineering and transformation, not for creating self-service dashboards or visualizations.

252
MCQmedium

A company wants an automated tool that analyses their AWS account and provides recommendations across five categories: cost optimisation, performance, security, fault tolerance, and service limits. Which AWS service provides this analysis?

A.Amazon Inspector
B.AWS Config
C.AWS Trusted Advisor
D.Amazon CloudWatch
AnswerC

Trusted Advisor inspects the AWS account against a set of best practices and provides recommendations across cost optimisation, performance, security, fault tolerance, and service quotas. Higher support tiers unlock more checks.

Why this answer

AWS Trusted Advisor is the correct service because it is specifically designed to analyze an AWS account and provide recommendations across the five categories listed: cost optimization, performance, security, fault tolerance, and service limits. It evaluates resources against AWS best practices and offers actionable guidance, making it the only service that covers all these domains in a single, automated tool.

Exam trap

The trap here is that candidates often confuse AWS Trusted Advisor with AWS Config or Amazon Inspector, because they all involve analysis or checks, but only Trusted Advisor provides the specific five-category recommendation framework described in the question.

How to eliminate wrong answers

Option A is wrong because Amazon Inspector is a vulnerability management service that scans workloads for software vulnerabilities and unintended network exposure, not for cost, performance, or service limit recommendations. Option B is wrong because AWS Config is a service for evaluating, auditing, and assessing resource configurations against desired policies, but it does not provide recommendations across the five categories; it focuses on compliance and configuration history. Option D is wrong because Amazon CloudWatch is a monitoring and observability service for metrics, logs, and alarms, not an analysis tool that generates recommendations for cost, performance, security, fault tolerance, or service limits.

253
MCQeasy

Which AWS service enables you to run containerized applications without managing the underlying servers?

A.Amazon EC2 with Docker
B.AWS Fargate
C.AWS Lambda
D.Amazon EKS on EC2
AnswerB

Fargate is serverless compute for containers — no server management required.

Why this answer

AWS Fargate is a serverless compute engine for containers that allows you to run containers without managing the underlying servers or clusters. You define your container images, CPU, memory, and networking, and Fargate automatically handles the infrastructure, including patching and scaling.

Exam trap

The trap here is that candidates confuse AWS Lambda's container image support with a full container orchestration service, or assume that any container service (like ECS or EKS) is serverless by default, when in fact only Fargate removes the server management burden.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Docker requires you to provision, configure, and manage the EC2 instances that host the Docker containers, which contradicts the 'without managing servers' requirement. Option C is wrong because AWS Lambda is designed for running code in response to events, not for running containerized applications (though Lambda now supports container images, it is still a function-as-a-service model, not a container orchestrator). Option D is wrong because Amazon EKS on EC2 requires you to manage the worker nodes (EC2 instances) that run the Kubernetes pods, so you are still responsible for server management.

254
MCQmedium

A development team wants to deploy a containerized microservices application on AWS. The team wants to minimize operational overhead by not managing any servers or container orchestration control plane. They also want to pay only for the compute and memory resources their containers consume, without needing to provision or scale underlying infrastructure. Which AWS compute service should the team use?

A.Amazon EC2 with Amazon ECS using the EC2 launch type
B.AWS Elastic Beanstalk with a Docker platform
C.Amazon ECS with the AWS Fargate launch type
D.AWS Lambda
AnswerC

Fargate is a serverless compute engine for containers. You define your task definitions, and Fargate runs the containers on shared, AWS-managed infrastructure. No servers to manage, and you pay only for the vCPU and memory resources consumed by your running tasks.

Why this answer

Amazon ECS with the AWS Fargate launch type is the correct choice because Fargate is a serverless compute engine that removes the need to manage servers or the container orchestration control plane. With Fargate, you define your containerized microservices and pay only for the vCPU and memory resources consumed at the task level, without provisioning or scaling underlying EC2 instances. This directly meets the team's requirement for zero operational overhead and pay-per-consumption billing.

Exam trap

The trap here is that candidates often confuse AWS Fargate with AWS Lambda, assuming both are 'serverless' for containers, but Lambda is for functions with strict execution limits and runtime constraints, while Fargate is the true serverless compute engine for containers that supports long-running processes and full Docker images.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Amazon ECS using the EC2 launch type requires you to manage and scale a cluster of EC2 instances, which introduces server management and operational overhead, contradicting the 'not managing any servers' requirement. Option B is wrong because AWS Elastic Beanstalk with a Docker platform abstracts some infrastructure but still provisions and manages underlying EC2 instances (or a load balancer) on your behalf, meaning you are paying for provisioned resources rather than only consumed compute and memory, and you do not have the granular per-container billing of Fargate. Option D is wrong because AWS Lambda is designed for short-lived, event-driven functions with a maximum execution timeout of 15 minutes and limited runtime environments, making it unsuitable for long-running containerized microservices that require persistent processes or stateful workloads.

255
MCQmedium

A development team is migrating a monolithic application to a microservices architecture. Each microservice will run in a separate container. The team wants to deploy and scale these containers without managing any underlying servers or clusters. The team also wants to pay only for the vCPU and memory resources consumed by each container, not for any idle capacity. Which AWS compute service should the team use?

A.Amazon ECS with the EC2 launch type
B.AWS Fargate
C.Amazon EKS with managed node groups
D.AWS Lambda
AnswerB

Fargate is a serverless compute engine for containers. You define the tasks and containers, and Fargate manages the infrastructure. You pay only for the vCPU and memory used by each running container, with no idle costs.

Why this answer

AWS Fargate is the correct choice because it is a serverless compute engine for containers that allows you to run containers without managing any underlying servers or clusters. With Fargate, you pay only for the vCPU and memory resources consumed by each container, not for any idle capacity, which directly matches the team's requirements.

Exam trap

The trap here is that candidates often confuse the EC2 launch type with Fargate, thinking that ECS itself is serverless, but the EC2 launch type still requires server management and pays for idle capacity, while Fargate is the truly serverless option.

How to eliminate wrong answers

Option A is wrong because Amazon ECS with the EC2 launch type requires you to manage and provision EC2 instances (the underlying servers) and you pay for the entire EC2 instance, including idle capacity, not just per-container resources. Option C is wrong because Amazon EKS with managed node groups still requires you to manage EC2 instances (the node groups) and you pay for the underlying EC2 instances, not per-container consumption. Option D is wrong because AWS Lambda is designed for event-driven, short-lived functions, not for running long-running microservices in containers; it has a maximum execution timeout of 15 minutes and does not support container-based microservices in the same way as Fargate.

256
MCQmedium

A company runs a MySQL database and wants to migrate to a cloud-native relational database that is fully managed, provides up to 5x the performance of standard MySQL, offers automated backups with point-in-time recovery, and is compatible with MySQL drivers and tools without application changes. Which AWS service meets these requirements?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Aurora
D.Amazon Redshift
AnswerC

Aurora is AWS's cloud-native relational database that is fully compatible with MySQL and PostgreSQL. It provides up to 5x the performance of standard MySQL, automated backups, and continuous replication to six copies across three AZs.

Why this answer

Amazon Aurora is a fully managed, MySQL-compatible relational database that delivers up to 5x the performance of standard MySQL, provides automated backups with point-in-time recovery, and is designed to work with existing MySQL drivers and tools without requiring application changes. This makes it the ideal choice for migrating a MySQL database to a cloud-native, high-performance relational database service.

Exam trap

The trap here is that candidates may confuse Amazon RDS for MySQL with Aurora, overlooking the specific performance multiplier (up to 5x) and the cloud-native architecture that distinguishes Aurora from standard MySQL on RDS.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a managed MySQL service but does not offer up to 5x the performance of standard MySQL; it runs standard MySQL engines without the performance enhancements of Aurora. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, and is not compatible with MySQL drivers or SQL queries. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a transactional relational database, and it is not compatible with MySQL drivers or tools.

257
MCQmedium

A company runs a customer relationship management (CRM) application on a single Amazon RDS for PostgreSQL instance. The application experiences heavy read traffic during business hours, often causing the primary database to become overloaded with SELECT queries. The company needs a solution that offloads read queries to a separate database endpoint and provides automatic failover to a standby database in a different Availability Zone if the primary fails. Which combination of Amazon RDS features should the company use to meet these requirements?

A.Multi-AZ deployment only
B.Read Replicas only
C.Multi-AZ deployment with one or more Read Replicas
D.Cross-Region Read Replicas only
AnswerC

A Multi-AZ deployment ensures high availability with automatic failover to a standby in a different AZ. Adding Read Replicas offloads read traffic from the primary instance, reducing its load. Both features can be combined.

Why this answer

Option C is correct because it combines Multi-AZ deployment for automatic failover to a standby in a different Availability Zone with Read Replicas to offload SELECT queries to a separate database endpoint. Multi-AZ ensures high availability by synchronously replicating data to a standby instance, while Read Replicas asynchronously replicate data to handle read-heavy traffic without burdening the primary.

Exam trap

The trap here is that candidates often assume Multi-AZ alone can handle read offloading because the standby is available, but AWS explicitly prevents reads from the Multi-AZ standby to maintain consistency, making Read Replicas necessary for read scaling.

How to eliminate wrong answers

Option A is wrong because Multi-AZ deployment alone provides automatic failover and high availability but does not offload read queries; the standby is not accessible for reads. Option B is wrong because Read Replicas alone offload read traffic but do not provide automatic failover to a standby in a different Availability Zone if the primary fails.

258
MCQmedium

A media company streams live video to a global audience. The application runs on Application Load Balancers in two AWS Regions (us-east-1 and eu-west-1). The company's clients require the use of a fixed set of static IP addresses for firewall allowlisting. The company needs to route user traffic to the nearest healthy endpoint to minimize latency. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Network Load Balancer
D.Amazon Route 53 latency-based routing
AnswerB

AWS Global Accelerator uses the AWS global network to route user traffic to the nearest healthy endpoint, improving performance and reliability. It provides two static anycast IP addresses that remain fixed, allowing clients to add them to firewall allowlists. This meets both the latency and static IP requirements.

Why this answer

AWS Global Accelerator provides two static Anycast IP addresses that serve as fixed entry points for traffic, which are then routed over the AWS global network to the nearest healthy endpoint (e.g., Application Load Balancer in us-east-1 or eu-west-1). This minimizes latency by directing users to the closest Region while preserving the static IPs required for firewall allowlisting. Unlike CloudFront, Global Accelerator does not cache content and is optimized for TCP/UDP traffic, making it ideal for live video streaming where low latency and static IPs are critical.

Exam trap

The trap here is that candidates often confuse Amazon CloudFront's ability to use a custom origin with static IPs (via AWS WAF or origin shield) as providing static IPs for the client-facing side, but CloudFront's edge IPs are dynamic and not suitable for firewall allowlisting, whereas Global Accelerator explicitly provides two static Anycast IPs that remain fixed.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront uses a dynamic set of IP addresses that can change over time, and it is primarily a content delivery network (CDN) for caching static and dynamic content, not for providing fixed static IPs for allowlisting. Option C is wrong because a Network Load Balancer (NLB) operates within a single AWS Region and cannot provide global routing to the nearest healthy endpoint across multiple Regions; it also does not offer static IP addresses that are shared across Regions. Option D is wrong because Amazon Route 53 latency-based routing can route users to the nearest endpoint based on latency, but it does not provide a fixed set of static IP addresses for firewall allowlisting; it relies on DNS resolution, which can change and introduces additional latency due to DNS caching.

259
MCQmedium

A company is developing a web application that uses Node.js, Express, and a MySQL database. The development team wants to deploy the application to AWS without manually configuring Amazon EC2 instances, load balancers, or Auto Scaling groups. They want AWS to automatically manage the underlying infrastructure, monitor application health, and allow them to deploy new versions by simply uploading a zip file. Which AWS service should the team use to meet these requirements?

A.AWS Elastic Beanstalk
B.Amazon EC2 Auto Scaling
C.AWS CloudFormation
D.AWS OpsWorks
AnswerA

Correct. Elastic Beanstalk is a fully managed service that automatically provisions and manages the infrastructure for web applications, including EC2 instances, load balancers, and Auto Scaling groups. Developers simply upload their code, and Elastic Beanstalk handles the deployment, capacity provisioning, load balancing, and health monitoring.

Why this answer

AWS Elastic Beanstalk is the correct choice because it provides a Platform-as-a-Service (PaaS) offering that automatically handles the provisioning of EC2 instances, load balancers, and Auto Scaling groups based on the application's environment configuration. The team can upload a zip file containing their Node.js/Express application code, and Elastic Beanstalk will deploy it, monitor health via integrated CloudWatch alarms, and manage the underlying infrastructure without manual intervention.

Exam trap

The trap here is that candidates may confuse AWS Elastic Beanstalk with AWS CloudFormation, thinking both are equally automated, but CloudFormation requires manual resource definition and does not handle application deployment or health monitoring out of the box.

How to eliminate wrong answers

Option B (Amazon EC2 Auto Scaling) is wrong because it only manages the scaling of EC2 instances based on demand, but it does not automatically provision load balancers, deploy application code from a zip file, or monitor application health at the service level; it requires manual setup of the entire stack. Option C (AWS CloudFormation) is wrong because it is an Infrastructure as Code (IaC) service that requires the team to manually define all resources (EC2, load balancers, Auto Scaling groups) in a template, and it does not automatically deploy application code from a zip file or monitor application health without additional configuration.

260
MCQmedium

A developer wants to run code in response to an S3 object upload without managing any servers. The code runs for less than 5 minutes. Which AWS service is most appropriate?

A.Amazon EC2
B.AWS Fargate
C.AWS Lambda
D.Amazon ECS
AnswerC

Lambda triggers directly on S3 events, runs the code without server management, and is cost-effective for short-duration processing.

Why this answer

AWS Lambda is the most appropriate service because it is a serverless compute service that automatically runs code in response to events, such as an S3 object upload, without requiring any server management. Lambda supports code execution up to 15 minutes per invocation, which easily accommodates the less-than-5-minute requirement, and it integrates natively with S3 event notifications via the S3 bucket notification configuration.

Exam trap

The trap here is that candidates may confuse AWS Fargate (serverless containers) with AWS Lambda (serverless functions), but Fargate still requires container management and is not event-driven by S3 uploads without additional services like EventBridge or S3 Event Notifications to a custom endpoint.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 requires provisioning and managing virtual servers, which contradicts the requirement of not managing any servers. Option B is wrong because AWS Fargate is a serverless compute engine for containers, but it still requires defining a task definition and container image, and it is not directly triggered by S3 events without additional orchestration (e.g., EventBridge). Option D is wrong because Amazon ECS is a container orchestration service that requires managing a cluster of EC2 instances or using Fargate, and it does not natively respond to S3 events without custom integration.

261
MCQmedium

A company is developing a microservices-based application using Docker containers. The development team wants to run these containers on AWS without having to provision or manage any servers. The solution must automatically scale the containers based on demand and integrate with an Application Load Balancer for traffic distribution. Which AWS service should the team use to meet these requirements?

A.AWS Lambda
B.Amazon ECS on Amazon EC2
C.AWS Fargate
D.Amazon Lightsail
AnswerC

AWS Fargate is a serverless compute engine for containers. It automatically manages the underlying infrastructure, scales containers based on demand, and integrates with Application Load Balancers. This meets all the stated requirements.

Why this answer

AWS Fargate is the correct choice because it is a serverless compute engine for containers that allows you to run Docker containers without provisioning or managing servers. It automatically scales containers based on demand and integrates natively with an Application Load Balancer (ALB) for traffic distribution, meeting all the stated requirements.

Exam trap

The trap here is that candidates often confuse AWS Lambda with serverless container services, but Lambda is for functions, not long-running containers, and Amazon ECS on EC2 is serverless in terms of orchestration but still requires server management, which the question explicitly excludes.

How to eliminate wrong answers

Option A is wrong because AWS Lambda is a serverless compute service for running code in response to events, not for running Docker containers; it supports custom runtimes but is not designed for container orchestration or ALB integration in the same way. Option B is wrong because Amazon ECS on Amazon EC2 requires you to provision and manage EC2 instances (servers) as the underlying infrastructure, which contradicts the requirement to not provision or manage any servers.

262
MCQeasy

Which AWS service provides a managed in-memory caching layer to reduce database load and improve application response times?

A.Amazon DynamoDB Accelerator (DAX)
B.Amazon ElastiCache
C.Amazon CloudFront
D.AWS Global Accelerator
AnswerB

ElastiCache provides managed Redis and Memcached clusters as caching layers, reducing database read latency from milliseconds to microseconds.

Why this answer

Amazon ElastiCache is the correct answer because it provides a managed in-memory caching service that supports both Redis and Memcached, allowing applications to retrieve data from a fast, in-memory cache instead of querying a slower disk-based database. This reduces database load and improves application response times by serving frequently accessed data directly from the cache.

Exam trap

The trap here is that candidates may confuse DAX (a DynamoDB-specific cache) with a general-purpose caching solution, but ElastiCache is the correct managed service for reducing database load across various database engines.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache specifically for Amazon DynamoDB, not a general-purpose caching layer for any database. Option C is wrong because Amazon CloudFront is a content delivery network (CDN) that caches static and dynamic content at edge locations to reduce latency for end users, not a caching layer to reduce database load. Option D is wrong because AWS Global Accelerator improves availability and performance by directing traffic over the AWS global network using Anycast, but it does not provide an in-memory caching layer for databases.

263
MCQmedium

A company wants to deploy a static website with global low-latency delivery and automatic SSL/TLS certificates. Which combination of AWS services best satisfies both requirements?

A.Amazon EC2 + Elastic Load Balancing
B.Amazon S3 + Amazon CloudFront
C.AWS Amplify only
D.Amazon Lightsail + Route 53
AnswerB

S3 stores static assets; CloudFront distributes them from 400+ edge locations worldwide with ACM-managed SSL.

Why this answer

Amazon S3 provides durable, cost-effective storage for static website content, while Amazon CloudFront acts as a global content delivery network (CDN) that caches content at edge locations for low-latency delivery. CloudFront also integrates with AWS Certificate Manager (ACM) to automatically provision and renew SSL/TLS certificates at no additional cost, enabling HTTPS without manual certificate management.

Exam trap

The trap here is that candidates may think AWS Amplify (Option C) is sufficient because it can deploy static sites, but they overlook that Amplify does not provide automatic SSL/TLS certificates and global low-latency delivery as a native feature—it relies on CloudFront, making S3 + CloudFront the simpler and more direct solution.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Elastic Load Balancing requires manual configuration of SSL/TLS certificates (e.g., via ACM or third-party CAs) and does not provide global low-latency delivery out of the box; it relies on a single region and requires additional services like CloudFront for CDN capabilities. Option C is wrong because AWS Amplify is a full-stack development platform that can host static websites, but it does not natively offer automatic SSL/TLS certificate provisioning with global low-latency delivery via a CDN; it relies on CloudFront under the hood but adds unnecessary complexity for a simple static site. Option D is wrong because Amazon Lightsail is a simplified VPS service that requires manual SSL/TLS setup and lacks a built-in global CDN; Route 53 is a DNS service that does not provide content caching or automatic certificate management.

264
MCQmedium

A company runs a global e-commerce website hosted on Amazon EC2 instances in the us-west-2 Region. The website includes static assets (product images, CSS, JavaScript) and dynamic content generated by the application. The company wants to improve page load times for users in Europe and Asia by caching static content at edge locations, while also reducing the direct load on the EC2 instances. Which AWS service should the company use?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Amazon Route 53
D.AWS Direct Connect
AnswerA

CloudFront is a CDN that caches static content at edge locations, reducing latency for users and reducing load on origin servers. It also accelerates dynamic content routing over the AWS backbone.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static assets (images, CSS, JavaScript) at edge locations worldwide, reducing latency for users in Europe and Asia. By offloading static content delivery from the origin EC2 instances, CloudFront directly reduces the load on those servers, improving overall performance and scalability.

Exam trap

The trap here is confusing Global Accelerator (which optimizes network routing for dynamic content) with CloudFront (which caches static content at edge locations), leading candidates to pick Global Accelerator for a caching use case.

How to eliminate wrong answers

Option B (AWS Global Accelerator) is wrong because it improves performance by routing traffic over the AWS global network to the optimal regional endpoint, but it does not cache content at edge locations—it only optimizes network path and provides static IP addresses. Option C (Amazon Route 53) is wrong because it is a DNS service that resolves domain names to IP addresses; it does not cache or serve static content. Option D (AWS Direct Connect) is wrong because it establishes a dedicated private network connection from on-premises to AWS, which is irrelevant for caching static content at edge locations for global users.

265
MCQmedium

A company has a serverless architecture on AWS for its order processing system. The system uses AWS Lambda functions to validate payment, check inventory, update the database, and send email notifications. The company needs a managed service to coordinate these functions into a workflow, implement retry logic in case of failures, and manage the execution of each step sequentially. Which AWS service should the company use?

A.AWS Step Functions
B.Amazon Simple Workflow Service (Amazon SWF)
C.Amazon Simple Queue Service (Amazon SQS)
D.AWS AppSync
AnswerA

AWS Step Functions is the correct service because it is purpose-built for orchestrating serverless workflows, providing state machines, retry logic, and error handling to coordinate Lambda functions and other AWS services.

Why this answer

AWS Step Functions is a fully managed service designed to coordinate multiple AWS services into a serverless workflow. It allows you to define state machines that execute Lambda functions sequentially, implement built-in retry logic with exponential backoff, and handle error conditions, making it the ideal choice for orchestrating the order processing steps (payment validation, inventory check, database update, and email notification).

Exam trap

The trap here is that candidates often confuse Amazon SWF with Step Functions because both are workflow services, but SWF is designed for human-in-the-loop processes and requires custom workers, while Step Functions is serverless-native and directly integrates with Lambda for automated orchestration.

How to eliminate wrong answers

Option B (Amazon SWF) is wrong because it is a legacy service designed for long-running, human-interactive workflows and requires managing workers and deciders, whereas the question specifies a serverless architecture with Lambda functions and a managed coordination service. Option C (Amazon SQS) is wrong because it is a message queue service for decoupling components and does not provide workflow orchestration, sequential step execution, or built-in retry logic for coordinating multiple functions. Option D (AWS AppSync) is wrong because it is a managed GraphQL service for real-time data synchronization and API management, not a workflow orchestrator for sequential Lambda execution.

266
MCQmedium

Which AWS service provides a managed blockchain network using open-source frameworks like Hyperledger Fabric and Ethereum?

A.Amazon DynamoDB
B.AWS Quantum Ledger Database (QLDB)
C.Amazon Managed Blockchain
D.Amazon Neptune
AnswerC

Amazon Managed Blockchain provides fully managed blockchain networks using Hyperledger Fabric and Ethereum, handling node provisioning, network configuration, and certificate management.

Why this answer

Amazon Managed Blockchain is the correct AWS service because it is specifically designed to create and manage blockchain networks using popular open-source frameworks like Hyperledger Fabric and Ethereum. It handles the heavy lifting of setting up the blockchain infrastructure, including peer nodes, ordering service, and certificate authorities, allowing developers to focus on building decentralized applications.

Exam trap

The trap here is that candidates often confuse AWS QLDB (a centralized ledger) with a blockchain service, but QLDB does not support decentralized consensus or open-source blockchain frameworks like Hyperledger Fabric and Ethereum.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a fully managed NoSQL key-value and document database, not a blockchain service; it does not support distributed ledger frameworks like Hyperledger Fabric or Ethereum. Option B is wrong because AWS Quantum Ledger Database (QLDB) is a centralized, immutable ledger database that provides a cryptographically verifiable transaction log, but it is not a blockchain network and does not use open-source blockchain frameworks; it is owned by a single authority. Option D is wrong because Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data, not a blockchain or distributed ledger service.

267
MCQmedium

A company wants to run containerized applications without managing the underlying EC2 instances or clusters. Which AWS service enables this?

A.Amazon EC2 with Docker installed
B.Amazon ECS on EC2
C.AWS Fargate
D.AWS Lambda
AnswerC

Fargate removes all EC2 instance management — developers specify container requirements and Fargate provisions and manages the underlying infrastructure invisibly.

Why this answer

AWS Fargate is a serverless compute engine for containers that allows you to run containerized applications without managing the underlying EC2 instances or clusters. You define your task definitions and Fargate automatically provisions and scales the compute infrastructure, abstracting away the need to handle instance patching, capacity planning, or cluster management.

Exam trap

The trap here is that candidates often confuse Amazon ECS on EC2 (which still requires instance management) with AWS Fargate (which is serverless), or they incorrectly assume AWS Lambda can run any containerized application despite its execution time and resource constraints.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Docker installed still requires you to manually provision, configure, patch, and manage the underlying EC2 instances, which contradicts the requirement of not managing instances or clusters. Option B is wrong because Amazon ECS on EC2 (the EC2 launch type) requires you to manage a cluster of EC2 instances, including scaling, patching, and cluster optimization, which does not meet the 'without managing' condition. Option D is wrong because AWS Lambda is designed for event-driven, short-running functions (max 15 minutes execution time and limited to 10 GB memory) and is not optimized for running general containerized applications, especially those requiring persistent or long-running processes.

268
MCQeasy

Which AWS service provides a hybrid cloud storage solution that allows on-premises applications to seamlessly access data stored in AWS cloud storage using standard file protocols?

A.AWS DataSync
B.AWS Direct Connect
C.AWS Storage Gateway
D.Amazon FSx
AnswerC

Storage Gateway bridges on-premises and AWS storage — File Gateway presents S3 as NFS/SMB, Volume Gateway provides iSCSI block storage, and Tape Gateway replaces physical tape.

Why this answer

AWS Storage Gateway provides a hybrid cloud storage solution by offering on-premises appliances that expose standard file protocols (NFS, SMB) to local applications, while storing data durably in Amazon S3 or Amazon EBS. This allows seamless access to AWS cloud storage without modifying existing workflows, as the gateway caches frequently accessed data locally and asynchronously transfers data to the cloud.

Exam trap

The trap here is that candidates often confuse AWS DataSync (a transfer tool) with Storage Gateway (a hybrid storage appliance), because both involve moving data to AWS, but DataSync lacks the on-premises file protocol access and local caching that define a hybrid storage solution.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS, but it does not provide real-time, protocol-based access to cloud storage; it operates as a scheduled or one-time migration tool. Option B is wrong because AWS Direct Connect establishes a dedicated network connection from on-premises to AWS, but it is a connectivity service, not a storage service, and does not expose file protocols or provide storage access on its own. Option D is wrong because Amazon FSx is a fully managed file system service that runs within AWS, not a hybrid solution; it does not include an on-premises gateway component for local caching or protocol bridging.

269
MCQmedium

A company stores compliance logs in Amazon S3. After 90 days, logs are never accessed again but must be retained for 7 years to meet regulatory requirements. Which S3 storage class provides the lowest storage cost for this long-term archival requirement?

A.S3 Standard
B.S3 Standard-IA
C.S3 Glacier Flexible Retrieval
D.S3 Glacier Deep Archive
AnswerD

S3 Glacier Deep Archive offers the lowest storage cost in Amazon S3, purpose-built for data retained for 7–10 years that is rarely or never retrieved. It meets the 7-year compliance requirement at the minimum cost.

Why this answer

Amazon S3 Glacier Deep Archive is designed for long-term retention of data that is accessed extremely rarely, with a retrieval time of 12 hours or more. It offers the lowest storage cost among all S3 storage classes, making it the most cost-effective choice for compliance logs that must be retained for 7 years but are never accessed after 90 days.

Exam trap

The trap here is that candidates often choose S3 Glacier Flexible Retrieval (Option C) because they see 'Glacier' and assume it is the cheapest archival option, but they overlook that Glacier Deep Archive is specifically designed for even lower-cost, longer-term archival with retrieval times of 12+ hours.

How to eliminate wrong answers

Option A is wrong because S3 Standard is optimized for frequently accessed data with millisecond retrieval and incurs higher storage costs, making it unsuitable for archival data that is never accessed. Option B is wrong because S3 Standard-IA is designed for infrequently accessed data but still has higher storage costs than archival classes and charges retrieval fees, making it more expensive for long-term retention. Option C is wrong because S3 Glacier Flexible Retrieval offers retrieval times from minutes to hours and has higher storage costs than Glacier Deep Archive, so it is not the lowest-cost option for data that is never accessed.

270
MCQmedium

A company runs a web application that processes customer orders. During flash sales, the application's backend servers become overwhelmed because orders are submitted faster than they can be processed. The company needs a fully managed, highly available service that can buffer incoming orders so that the backend can process them at its own pace without losing any data. The service must automatically scale to handle any volume of orders without requiring manual provisioning. Which AWS service meets these requirements?

A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Queue Service (Amazon SQS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerB

Amazon SQS is a fully managed message queuing service that stores messages until a consumer processes them. It decouples the order submission from order processing, allowing the backend to process at its own pace. SQS automatically scales to handle any volume of messages and provides high availability and durability by replicating messages across Availability Zones.

Why this answer

Amazon Simple Queue Service (SQS) is a fully managed, highly available message queuing service that decouples application components. It buffers incoming orders by storing them in a queue, allowing the backend to process messages at its own pace without losing data. SQS automatically scales to handle any volume of messages, eliminating the need for manual provisioning.

Exam trap

The trap here is that candidates confuse Amazon SNS (push-based) with Amazon SQS (pull-based), failing to recognize that buffering and decoupling require a queue, not a notification service.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes messages to subscribers in real time; it does not buffer messages or allow the backend to process at its own pace, and messages are lost if subscribers are unavailable. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large data streams (e.g., clickstreams, logs) with a retention window of up to 365 days, not for simple buffering of discrete order messages; it requires consumers to track shard offsets and does not guarantee exactly-once processing without additional complexity. Option D is wrong because Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ, which requires provisioning of broker instances and does not automatically scale to handle variable workloads without manual intervention.

271
MCQmedium

A company runs a large fleet of Amazon EC2 instances across multiple environments (development, test, production). The security team requires a centralized, automated solution to apply operating system security patches on a regular schedule (e.g., every Tuesday at 2 AM). The solution must generate compliance reports showing which instances are patched and which are missing patches. The company wants a managed AWS service that works without requiring SSH or RDP access to the instances and does not require installing any custom agents. Which AWS service should the company use to meet these requirements?

A.AWS Systems Manager Patch Manager
B.AWS Config
C.Amazon Inspector
D.AWS OpsWorks
AnswerA

Correct. AWS Systems Manager Patch Manager automates the process of patching managed nodes with both security-related and other types of updates. It uses the SSM Agent, which is preinstalled on many EC2 AMIs, to run patch scans and installations according to a schedule you define. Compliance reports are available directly in the AWS Systems Manager console.

Why this answer

AWS Systems Manager Patch Manager is a managed service that automates the process of patching managed nodes with both security-related and other types of updates. It can be configured to run on a schedule (e.g., every Tuesday at 2 AM) using a Systems Manager maintenance window, and it generates compliance reports via Systems Manager Inventory and Compliance. Patch Manager works without requiring SSH or RDP access because it uses the AWS Systems Manager Agent (SSM Agent), which is pre-installed on many Amazon EC2 AMIs and can be installed without interactive logon, and it does not require custom agents beyond the SSM Agent itself.

Exam trap

The trap here is that candidates often confuse Amazon Inspector (which detects missing patches) with Patch Manager (which applies them), or assume AWS Config can enforce patching when it only evaluates configuration rules, not execute operational actions.

How to eliminate wrong answers

Option B (AWS Config) is wrong because AWS Config is a service for evaluating and auditing the configuration of AWS resources against desired policies (e.g., checking if an EC2 instance has a specific security group rule), not for applying operating system security patches or generating patch compliance reports. Option C (Amazon Inspector) is wrong because Amazon Inspector is a vulnerability assessment service that scans EC2 instances for software vulnerabilities and network exposure, but it does not apply patches or schedule patch installations; it only detects missing patches and reports them. Option D (AWS OpsWorks) is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet to manage server configurations, which can apply patches, but it requires installing a Chef or Puppet agent on each instance and typically relies on SSH or RDP for initial setup, contradicting the requirement for a managed service that works without custom agents or interactive access.

272
MCQeasy

Which Amazon EC2 Auto Scaling feature ensures a minimum number of healthy instances are always running, replacing terminated instances automatically?

A.Auto Scaling scheduled scaling
B.Auto Scaling self-healing / instance replacement
C.EC2 Auto Recovery
D.Predictive scaling
AnswerB

Auto Scaling continuously monitors instance health and automatically replaces any instance that fails EC2 or ELB health checks, maintaining the configured minimum capacity.

Why this answer

Amazon EC2 Auto Scaling's self-healing (instance replacement) feature automatically detects and replaces unhealthy instances to maintain a minimum number of healthy instances. When an instance fails a health check, Auto Scaling terminates it and launches a new one to keep the desired capacity, ensuring high availability without manual intervention.

Exam trap

The trap here is that candidates often confuse EC2 Auto Recovery (which recovers a single instance) with Auto Scaling self-healing (which replaces instances across the group to maintain minimum healthy count).

How to eliminate wrong answers

Option A is wrong because scheduled scaling adjusts capacity based on a time-based schedule, not in response to instance health or termination. Option C is wrong because EC2 Auto Recovery recovers an individual instance by restarting it on new hardware, but it does not replace instances or manage the minimum healthy count across an Auto Scaling group. Option D is wrong because predictive scaling uses machine learning to forecast future traffic and adjust capacity proactively, not to reactively replace terminated instances.

273
MCQmedium

A company has 50 TB of historical data stored on on-premises network-attached storage (NAS). The company wants to transfer this data to Amazon S3. The internet connection provides only 10 Mbps upload speed, and the company wants to complete the transfer within 2 weeks. The data is not sensitive and does not require encryption during transfer. Which AWS service should the company use to meet these requirements?

A.AWS Snowball Edge
B.AWS DataSync
C.AWS Storage Gateway (File Gateway)
D.AWS Direct Connect
AnswerA

Correct. AWS Snowball Edge is a physical device that can be ordered, loaded with data on-premises, and shipped to AWS for ingestion into S3. This bypasses network limitations and meets the 2-week timeline.

Why this answer

AWS Snowball Edge is the correct choice because it is a physical data transport solution designed for large-scale data transfers over slow or unreliable networks. With 50 TB of data and only 10 Mbps upload speed, transferring over the internet would take approximately 50 TB * 8 bits/byte / (10 Mbps) ≈ 11,574 hours (482 days), far exceeding the 2-week window. Snowball Edge allows the company to physically ship the data to AWS, bypassing network constraints entirely.

Exam trap

The trap here is that candidates often choose AWS DataSync or Storage Gateway because they are familiar with online transfer tools, but they fail to calculate the actual transfer time given the bandwidth constraint, overlooking that physical shipping is the only viable option for such large data volumes over slow links.

How to eliminate wrong answers

Option B (AWS DataSync) is wrong because DataSync is an online data transfer service that relies on network bandwidth; at 10 Mbps, it would take far longer than 2 weeks to transfer 50 TB, making it unsuitable for this time constraint. Option C (AWS Storage Gateway, File Gateway) is wrong because File Gateway provides low-latency access to S3 from on-premises via caching, but it still requires the initial data transfer over the network, which would be bottlenecked by the 10 Mbps connection and cannot meet the 2-week deadline. Option D (AWS Direct Connect) is wrong because Direct Connect establishes a dedicated network connection from on-premises to AWS, but it still requires internet-level bandwidth (typically 50 Mbps to 10 Gbps) and provisioning time; even at the lowest 50 Mbps tier, the transfer would take ~96 days, and the setup latency (weeks to months) makes it impractical for a 2-week window.

274
MCQmedium

A company stores customer health records in an application database and needs a HIPAA-eligible AWS service for the database tier. Which relational database option on AWS is eligible for HIPAA workloads?

A.Amazon RDS requires no special configuration for HIPAA compliance
B.Amazon RDS with a signed Business Associate Agreement (BAA) with AWS
C.Amazon Redshift only, because RDS does not support HIPAA workloads
D.Only self-managed databases on EC2 can be used for HIPAA workloads on AWS
AnswerB

RDS is a HIPAA-eligible service. Customers handling PHI must sign a BAA with AWS and ensure appropriate encryption, access controls, and audit logging are configured.

Why this answer

Amazon RDS can be used for HIPAA workloads when the customer has signed a Business Associate Agreement (BAA) with AWS and configures the RDS instance with encryption at rest (using AWS KMS) and encryption in transit (using TLS). The BAA is a contractual requirement under HIPAA that makes AWS a business associate, allowing covered entities to store protected health information (PHI) in RDS. Without a signed BAA, no AWS service is automatically HIPAA-eligible, even if technical security controls are in place.

Exam trap

The trap here is that candidates assume RDS is automatically HIPAA-compliant (Option A) or that only self-managed EC2 databases qualify (Option D), when in fact the critical missing piece is the signed Business Associate Agreement (BAA) with AWS, which is a contractual prerequisite for any HIPAA-eligible service.

How to eliminate wrong answers

Option A is wrong because Amazon RDS does require special configuration for HIPAA compliance, including enabling encryption, logging, and access controls, and most critically, the customer must sign a BAA with AWS; it is not automatically compliant. Option C is wrong because Amazon Redshift is also a HIPAA-eligible service when a BAA is in place, but it is not the only option; RDS fully supports HIPAA workloads with proper configuration. Option D is wrong because self-managed databases on EC2 are not the only option; AWS offers multiple managed services (RDS, Redshift, DynamoDB, etc.) that are HIPAA-eligible when a BAA is signed, and EC2-based databases also require a BAA and proper configuration.

275
MCQmedium

A company wants to allow their on-premises employees to access S3 objects using Windows file system operations (drive mapping) without migrating their workflows. Which AWS service provides this capability?

A.Amazon S3 with AWS Direct Connect
B.AWS Storage Gateway File Gateway (SMB)
C.Amazon FSx for Windows File Server
D.Amazon EFS with SMB protocol
AnswerB

Storage Gateway File Gateway presents S3 as an SMB file share that Windows clients can map as a network drive — transparently storing files in S3 while providing native Windows file system access.

Why this answer

AWS Storage Gateway File Gateway with SMB (Server Message Block) support allows on-premises employees to mount S3 buckets as Windows file shares using standard drive mapping. This enables access to S3 objects via Windows file system operations without migrating existing workflows, as the gateway caches frequently accessed data locally while storing the primary data in S3.

Exam trap

The trap here is that candidates confuse FSx for Windows File Server (a native Windows file system) with Storage Gateway File Gateway (which bridges S3 to SMB), or assume Direct Connect alone can expose S3 as a file system, but neither provides the SMB-to-S3 translation required for drive mapping.

How to eliminate wrong answers

Option A is wrong because Amazon S3 with AWS Direct Connect provides a dedicated network connection but does not expose S3 as a Windows file system; S3 natively uses REST API calls, not SMB or NFS protocols, so drive mapping is not possible. Option C is wrong because Amazon FSx for Windows File Server provides a fully managed Windows file server using SMB, but it does not directly back onto S3 objects; it uses its own file system storage, not S3 as the primary data store. Option D is wrong because Amazon EFS with SMB protocol is not supported; EFS uses NFSv4 protocol for Linux instances and does not support SMB, making it incompatible with Windows drive mapping.

276
MCQmedium

A company runs a monolithic web application on Amazon EC2 that processes user-uploaded files synchronously. During peak hours, the application experiences slow response times because the file processing blocks the web server. The company wants to decouple the upload process from the file processing to improve responsiveness and allow each component to scale independently. The file processing backend must poll for new work and handle failures gracefully by retrying failed messages. Which AWS service should the company use to implement this decoupling?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerB

Amazon SQS is a fully managed message queue that enables asynchronous communication between application components. The frontend sends a message to the SQS queue, and the processing backend polls the queue for messages. SQS supports at-least-once delivery and can be configured to retain failed messages for retries, meeting the requirements perfectly.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed message queue that decouples the upload process from the file processing backend. The web server can immediately return a response after placing a message in the SQS queue, while the backend workers poll the queue for new work. SQS also supports dead-letter queues and configurable redrive policies to handle failures gracefully by retrying failed messages.

Exam trap

The trap here is that candidates often confuse SNS with SQS because both are messaging services, but SNS is a push-based pub/sub model that cannot provide the polling and retry behavior required for decoupling a synchronous processing bottleneck.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes messages to subscribers; it does not support polling or built-in retry logic for failed message processing, and it cannot decouple a synchronous request-response flow like a queue does. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large volumes of data, not for decoupling a simple work queue with polling and retry semantics; it also requires a consumer to manage checkpointing and does not natively support message-level retries. Option D is wrong because Amazon MQ is a managed message broker for ActiveMQ or RabbitMQ, which is more complex and overkill for this use case; it is typically used when migrating existing applications that rely on standard messaging protocols, not for a simple decoupling pattern that SQS handles more cost-effectively and with less operational overhead.

277
MCQmedium

Which AWS service provides a fully managed extract, transform, and load (ETL) service that automatically discovers data schemas and generates ETL code?

A.Amazon EMR
B.Amazon Kinesis Data Firehose
C.AWS Glue
D.AWS Data Pipeline
AnswerC

Glue provides serverless ETL with automatic schema discovery via Crawlers, a centralized Data Catalog, and auto-generated Spark ETL code through Glue Studio.

Why this answer

AWS Glue is a fully managed ETL service that automatically discovers data schemas using its crawler component and generates ETL code via its code generation engine. It integrates with the AWS Glue Data Catalog to store metadata and provides a serverless Spark environment to run ETL jobs without manual infrastructure management.

Exam trap

The trap here is that candidates confuse AWS Glue's automatic schema discovery and code generation with Amazon EMR's manual big data processing, or they mistake Kinesis Data Firehose's streaming ingestion for ETL capabilities, leading them to overlook Glue's unique serverless ETL features.

How to eliminate wrong answers

Option A is wrong because Amazon EMR is a managed cluster platform for big data frameworks like Apache Spark and Hadoop, but it does not automatically discover schemas or generate ETL code; it requires manual configuration and code writing. Option B is wrong because Amazon Kinesis Data Firehose is a streaming data ingestion service that loads data into destinations like S3 or Redshift, but it does not perform ETL transformations or schema discovery; it only supports simple data format conversions. Option D is wrong because AWS Data Pipeline is a workflow orchestration service for moving and processing data between AWS services and on-premises sources, but it does not automatically discover schemas or generate ETL code; it requires users to define activities and preconditions manually.

278
MCQmedium

A company wants to improve the performance of their global application by caching API responses closer to end users. Which AWS service provides an API proxy with built-in caching and CloudFront integration?

A.Amazon CloudFront alone
B.Elastic Load Balancing
C.Amazon API Gateway
D.AWS AppSync
AnswerC

API Gateway is a fully managed API service with built-in caching, throttling, authentication, and native CloudFront integration for global edge distribution.

Why this answer

Amazon API Gateway is correct because it provides a fully managed API proxy that can cache responses at the API endpoint level, reducing latency and backend load. It also natively integrates with Amazon CloudFront, allowing cached API responses to be distributed globally via CloudFront's edge locations for even lower latency.

Exam trap

The trap here is that candidates may assume CloudFront alone provides API proxy capabilities, but CloudFront is a CDN and lacks the API management features (e.g., request validation, throttling, caching at the API level) that API Gateway offers.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront alone is a content delivery network (CDN) that caches static and dynamic content at edge locations, but it does not provide API proxy functionality such as request/response transformation, throttling, or built-in API caching without an origin like API Gateway. Option B is wrong because Elastic Load Balancing distributes incoming traffic across targets (e.g., EC2 instances) but does not offer API-level caching or CloudFront integration as a proxy. Option D is wrong because AWS AppSync is a managed GraphQL service that provides real-time data synchronization and offline capabilities, but it does not serve as a RESTful API proxy with built-in caching and CloudFront integration.

279
MCQmedium

A company is building a web application that requires a fully managed NoSQL database with single-digit millisecond latency at any scale. The application will experience unpredictable traffic spikes, and the database must automatically scale throughput capacity up and down without manual intervention. The developers want to focus on application code rather than database management tasks. Which AWS database service should the company choose?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon ElastiCache
AnswerB

Correct. Amazon DynamoDB is a fully managed NoSQL database that offers single-digit millisecond latency at any scale. It supports on-demand capacity mode and auto scaling to automatically handle unpredictable traffic spikes without manual intervention. It is serverless, so developers do not manage servers or clusters.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale. It supports automatic scaling of read/write throughput capacity via Auto Scaling policies, eliminating the need for manual intervention. This makes it ideal for web applications with unpredictable traffic spikes, as it offloads all database management tasks to AWS.

Exam trap

The trap here is that candidates may confuse Amazon ElastiCache (a caching layer) with a fully managed NoSQL database, overlooking that ElastiCache is not a persistent database and lacks automatic throughput scaling for unpredictable write-heavy workloads.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database, not NoSQL, and requires manual scaling of instance size or read replicas to handle traffic spikes, which does not meet the automatic throughput scaling requirement. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a low-latency NoSQL database for transactional web applications. Option D is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis or Memcached) that is not a fully managed NoSQL database; it is typically used to accelerate existing databases, not as a primary persistent data store with automatic throughput scaling.

280
MCQmedium

A company wants to build a serverless application that processes images uploaded to an Amazon S3 bucket. When a user uploads a new image, the application must automatically resize the image to multiple dimensions and store the resized versions in the same bucket under a different prefix. The company wants to minimize operational overhead and pay only for the compute time used. Which AWS service should be used to run the image processing code?

A.Amazon EC2 Auto Scaling group
B.AWS Lambda
C.Amazon ECS with Fargate
D.AWS Batch
AnswerB

AWS Lambda is a serverless compute service that can be triggered directly by Amazon S3 events. It runs code only when an image is uploaded, scales automatically, and bills per millisecond of execution. This matches the requirements for minimal overhead and pay-per-use.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to S3 events, such as object creation. It automatically scales with the number of uploads, charges only for the compute time consumed (per 100ms increments), and requires no infrastructure management, making it ideal for event-driven image processing tasks.

Exam trap

The trap here is that candidates may choose Amazon ECS with Fargate because they think 'serverless containers' are always the best option, but they overlook that Lambda is simpler, cheaper, and more appropriate for lightweight, event-driven tasks like image resizing, whereas Fargate adds unnecessary overhead for container orchestration.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling groups require managing virtual servers, incurring costs even when idle, and add operational overhead for patching and scaling, which contradicts the requirement to minimize overhead and pay only for compute time used. Option C is wrong because Amazon ECS with Fargate, while serverless, is designed for running containerized applications and introduces unnecessary complexity (e.g., container image management, task definitions) for a simple event-driven image resize task that Lambda handles more directly and cost-effectively. Option D is wrong because AWS Batch is optimized for batch computing jobs with dependencies and scheduling, not for real-time event-driven processing triggered by S3 uploads, and it requires more setup and orchestration than needed.

281
MCQmedium

A company wants to deploy a web application and have AWS handle the infrastructure, OS, and runtime — they only want to manage the application code and configuration. Which AWS service provides this experience?

A.Amazon EC2
B.AWS Elastic Beanstalk
C.AWS Lambda
D.Amazon ECS
AnswerB

Elastic Beanstalk is PaaS — developers provide the application code and Beanstalk handles provisioning, scaling, load balancing, and health monitoring automatically.

Why this answer

AWS Elastic Beanstalk is a Platform as a Service (PaaS) offering that automatically handles the provisioning of underlying infrastructure (EC2 instances, load balancers, auto-scaling groups), the operating system, and the runtime environment (e.g., Java, Python, Node.js). The customer only needs to upload their application code and configuration, and Elastic Beanstalk manages the deployment, capacity provisioning, load balancing, and health monitoring, matching the requirement exactly.

Exam trap

The trap here is that candidates confuse AWS Elastic Beanstalk with AWS Lambda, thinking both are 'serverless' — but Elastic Beanstalk is a PaaS that runs on provisioned servers (EC2 instances), while Lambda is truly serverless and event-driven, making Lambda unsuitable for hosting a full web application with persistent runtime requirements.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 is an Infrastructure as a Service (IaaS) offering where the customer is responsible for managing the OS, runtime, and infrastructure — the opposite of the desired experience. Option C is wrong because AWS Lambda is a Function as a Service (FaaS) for running stateless, event-driven code without managing servers, but it does not handle full web application deployment with a runtime environment; it runs individual functions, not a complete web app stack. Option D is wrong because Amazon ECS is a container orchestration service that requires the customer to define and manage container images, task definitions, and cluster configurations, still leaving OS and runtime management to the customer unless combined with Fargate, but even then it does not provide the turnkey PaaS experience described.

282
MCQmedium

A company runs a legacy on-premises file server that stores 10 TB of shared documents used by a team of 50 employees. The company wants to migrate this data to Amazon S3 to benefit from durable, scalable storage. However, the team requires low-latency access to frequently used files (less than 5 milliseconds latency) because the application reads and writes files multiple times per second. The company also wants to maintain a local cache of recently accessed files on premises to reduce latency and minimize egress costs. The entire solution should be managed through the AWS Management Console and support standard file-sharing protocols like SMB. Which AWS service should the company use to meet these requirements?

A.AWS Storage Gateway File Gateway
B.Amazon FSx for Windows File Server
C.AWS DataSync
D.Amazon S3 with AWS Direct Connect
AnswerA

This service is designed exactly for this use case: it provides a local VM that caches frequently accessed files on premises, presents SMB/NFS shares to applications, and stores the primary data in Amazon S3. It offers low-latency access through the cache and is managed from the AWS Management Console.

Why this answer

AWS Storage Gateway File Gateway is the correct choice because it provides a hybrid cloud storage service that enables low-latency, on-premises access to frequently used files by maintaining a local cache of recently accessed data. It supports the SMB protocol for standard file sharing, integrates with Amazon S3 for durable, scalable storage, and can be managed through the AWS Management Console. The local cache reduces both latency (targeting sub-5 ms for cached data) and egress costs by serving reads from the on-premises cache instead of fetching from S3.

Exam trap

The trap here is that candidates often confuse AWS Storage Gateway File Gateway with Amazon FSx for Windows File Server, assuming both provide on-premises caching, but FSx is a cloud-only service without a local cache, making it unsuitable for sub-5 ms latency requirements from on-premises clients.

How to eliminate wrong answers

Option B (Amazon FSx for Windows File Server) is wrong because it is a fully managed native Windows file server in the cloud, not a hybrid solution with an on-premises local cache; it would require all data to be accessed over the network, introducing latency that cannot guarantee sub-5 ms for on-premises users. Option C (AWS DataSync) is wrong because it is a data transfer and synchronization tool, not a storage service; it does not provide ongoing low-latency file access or an on-premises cache for frequently used files. Option D (Amazon S3 with AWS Direct Connect) is wrong because while Direct Connect reduces network latency, S3 does not natively support the SMB protocol or provide an on-premises local cache, and accessing S3 directly over Direct Connect still incurs higher latency than a local cache and does not meet the sub-5 ms requirement for frequent reads/writes.

283
MCQmedium

A company's data analytics team needs to process log files immediately after they are uploaded to an Amazon S3 bucket. The processing logic is implemented as a custom Python script that runs for about 10 seconds per file. The team wants a fully managed solution that does not require provisioning or managing servers, automatically scales with the number of incoming log files, and executes the script only when new files are uploaded. Which AWS service should the team use to meet these requirements?

A.Amazon EC2 with an Auto Scaling group configured to launch instances based on S3 events
B.AWS Lambda with an S3 bucket notification trigger
C.AWS Elastic Beanstalk configured with a worker environment
D.Amazon EMR with a scheduled step to process new files
AnswerB

Correct. AWS Lambda is a serverless compute service that runs code in response to events, such as S3 object creation. It automatically scales, requires no server management, and executes the function only when new files are uploaded, making it the best fit for this use case.

Why this answer

AWS Lambda is the correct choice because it is a fully managed, serverless compute service that can be triggered directly by S3 bucket notifications (e.g., s3:ObjectCreated:* events). The custom Python script runs within the Lambda function, which automatically scales to handle concurrent invocations for each new log file, and the 10-second execution time is well within the 15-minute maximum duration for Lambda functions. This meets all requirements without provisioning or managing servers.

Exam trap

The trap here is that candidates may confuse 'fully managed' with services like EC2 Auto Scaling or Elastic Beanstalk, which still require server management, or think EMR is suitable for small, event-driven tasks, when in fact Lambda is the only serverless option that directly integrates with S3 events for immediate, per-file processing.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Auto Scaling requires provisioning and managing server instances, even if scaling is based on S3 events, which violates the 'fully managed' and 'no provisioning or managing servers' requirement. Option C is wrong because AWS Elastic Beanstalk worker environments still run on underlying EC2 instances that must be provisioned and managed, and they are not directly triggered by S3 events without additional configuration (e.g., SQS polling). Option D is wrong because Amazon EMR is designed for big data processing using Hadoop/Spark clusters, not for lightweight, event-driven processing of individual log files, and scheduled steps would not execute immediately upon file upload.

284
MCQmedium

A DevOps team needs to deploy a multi-tier web application on AWS. The application consists of Amazon EC2 instances, an Application Load Balancer, an Amazon RDS database, and security groups. The team wants to define all these resources in a single declarative template, automatically manage the creation order and dependencies, and version control the template for repeatable deployments. Which AWS service should the team use to meet these requirements?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodePipeline
AnswerA

CloudFormation is the correct choice because it provides infrastructure as code using declarative templates, automatically manages resource dependencies and creation order, and supports version control.

Why this answer

AWS CloudFormation is the correct service because it allows you to define all AWS resources (EC2, ALB, RDS, security groups) in a single declarative JSON or YAML template. It automatically manages the creation order based on resource dependencies (e.g., EC2 instances depend on security groups), supports version control of templates, and enables repeatable, consistent deployments across environments.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (a PaaS service) with CloudFormation, thinking it can also define all resources declaratively, but Elastic Beanstalk only manages the environment and does not give you control over individual resource dependencies or a single version-controlled template.

How to eliminate wrong answers

Option B (AWS Elastic Beanstalk) is wrong because it is a PaaS service that abstracts infrastructure management and does not provide a declarative template for fine-grained resource definition; it uses environment configurations and application code, not a single template for all resources. Option C (AWS OpsWorks) is wrong because it is a configuration management service based on Chef/Puppet, not a declarative infrastructure-as-code template; it focuses on server configuration and automation, not on defining resource dependencies and order. Option D (AWS CodePipeline) is wrong because it is a CI/CD service for automating build, test, and deploy pipelines, not a service for defining or provisioning infrastructure resources; it does not manage creation order or dependencies of resources.

285
MCQmedium

A company has a serverless application built with AWS Lambda. The application requires a series of functions to run in a specific order: after a user uploads a file, a validation function must run, then a processing function, and finally a metadata storage function. The company needs a service to coordinate these steps, manage state, handle errors, and automatically retry failed functions based on defined conditions. Which AWS service should the company use to meet these requirements?

A.AWS Step Functions
B.Amazon Simple Queue Service (SQS)
C.AWS Batch
D.Amazon EventBridge
AnswerA

Correct. AWS Step Functions is a fully managed service that lets you coordinate multiple AWS services into stateful, scalable workflows. It supports sequencing, parallel execution, error handling, and retries, making it ideal for orchestrating a series of Lambda functions in a defined order.

Why this answer

AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services into a flexible, visual workflow. It directly meets the requirement to run Lambda functions in a specific order, manage state between steps, handle errors with built-in retry logic, and define conditions for automatic retries using Amazon States Language (ASL). This makes it the ideal choice for orchestrating a multi-step serverless application with error handling and state management.

Exam trap

AWS often tests the distinction between orchestration (Step Functions) and simple messaging (SQS) or batch processing (AWS Batch), so the trap here is that candidates might choose SQS thinking it can coordinate steps, but SQS lacks workflow state management and built-in retry conditions.

How to eliminate wrong answers

Option B (Amazon SQS) is wrong because it is a message queuing service that decouples components and does not provide workflow orchestration, state management, or built-in retry logic based on defined conditions; it simply stores messages for consumers to poll. Option C (AWS Batch) is wrong because it is designed for batch computing jobs on EC2 or Fargate, not for orchestrating serverless functions in a defined sequence with error handling and state tracking.

286
MCQmedium

A company wants to accelerate their machine learning workloads using purpose-built ML chips instead of general-purpose GPUs. Which AWS compute option provides custom ML accelerator chips?

A.EC2 GPU instances (P and G family)
B.EC2 Inf and Trn instances (AWS Inferentia and Trainium)
C.EC2 Compute-optimized instances (C family)
D.AWS Lambda with extended memory
AnswerB

AWS Inferentia (Inf instances) and Trainium (Trn instances) are custom AWS-designed ML chips that provide high-throughput, cost-effective ML inference and training.

Why this answer

Option B is correct because AWS Inferentia and Trainium are purpose-built ML accelerator chips designed specifically to optimize machine learning inference and training workloads, respectively. Unlike general-purpose GPUs, these custom chips provide higher performance per watt and lower cost for ML tasks, making them the ideal choice for accelerating ML workloads with dedicated hardware.

Exam trap

The trap here is that candidates often assume GPU instances (like P3 or G4) are the best choice for all ML workloads, overlooking that AWS offers purpose-built ML chips (Inferentia and Trainium) specifically designed to outperform GPUs in cost and efficiency for dedicated ML tasks.

How to eliminate wrong answers

Option A is wrong because EC2 GPU instances (P and G families) use general-purpose NVIDIA GPUs, not custom ML accelerator chips, and are optimized for a broader range of compute-intensive tasks like graphics rendering and scientific simulations, not specifically for ML acceleration with purpose-built chips. Option C is wrong because EC2 Compute-optimized instances (C family) rely on standard Intel or AMD CPUs with high clock speeds, lacking any specialized ML accelerator hardware, and are designed for general compute-bound applications rather than ML workloads. Option D is wrong because AWS Lambda with extended memory is a serverless compute service that uses standard CPU resources and cannot provide custom ML accelerator chips, as it is intended for short-running, event-driven functions without dedicated hardware acceleration.

287
MCQmedium

A company hosts an e-commerce website on Amazon EC2 instances behind an Application Load Balancer in the us-east-1 Region. The website includes both static assets (product images, CSS files) and dynamic content (user-specific cart data). The company has customers all over the world who complain about slow page load times. The company wants to reduce latency by caching static content closer to users while still allowing dynamic requests to reach the origin. Which AWS service should the company use to meet these requirements?

A.Amazon CloudFront with Application Load Balancer as the origin
B.Amazon Route 53 with latency-based routing
C.AWS Global Accelerator with static IP addresses
D.Amazon S3 Transfer Acceleration
AnswerA

Correct. Amazon CloudFront is a global content delivery network (CDN) that can cache static content at edge locations closer to users. It also supports dynamic content by forwarding requests to the origin, which can be an Application Load Balancer. This meets both the caching and origin integration requirements.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static content (e.g., images, CSS) at edge locations worldwide, reducing latency for users. By configuring the Application Load Balancer as the origin, CloudFront forwards dynamic requests (e.g., cart data) to the ALB, which then routes them to the EC2 instances. This hybrid approach meets the requirement to cache static assets globally while allowing dynamic content to be processed by the origin servers.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator's network optimization (which only reduces latency for all traffic via the AWS backbone) with CloudFront's caching capability, mistakenly thinking Global Accelerator can cache static content when it cannot.

How to eliminate wrong answers

Option B is wrong because Amazon Route 53 with latency-based routing only directs DNS queries to the lowest-latency endpoint (e.g., an ALB in a different region), but it does not cache content at edge locations; it still requires the user to fetch all content from the origin, failing to reduce latency for static assets. Option C is wrong because AWS Global Accelerator improves performance by routing traffic over the AWS global network and providing static IP addresses, but it does not cache content; it only optimizes the network path to the origin, so static assets are still served from the origin without edge caching.

288
Drag & Dropmedium

Drag and drop the steps to recover an EC2 instance from a snapshot in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Recovery involves creating a volume from snapshot, detaching old volume, attaching new one, and starting the instance.

289
Matchingmedium

Match each AWS networking service to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Isolated cloud network

Dedicated network connection to AWS

DNS and domain registration

Content delivery network (CDN)

Improve application availability and performance

Why these pairings

Networking services connect and optimize traffic.

290
MCQmedium

Which AWS service provides a fully managed API for building conversational interfaces (chatbots) using natural language understanding powered by the same technology as Amazon Alexa?

A.Amazon Polly
B.Amazon Transcribe
C.Amazon Lex
D.Amazon Comprehend
AnswerC

Lex provides ASR and NLU capabilities to build chatbots and voice interfaces, using the same technology as Alexa — developers define intents and utterances through the API.

Why this answer

Amazon Lex is the correct answer because it is a fully managed AWS service that provides APIs for building conversational interfaces (chatbots) using automatic speech recognition (ASR) and natural language understanding (NLU), leveraging the same deep learning technology that powers Amazon Alexa. This enables developers to create applications that can understand and respond to natural language input.

Exam trap

The trap here is that candidates often confuse Amazon Lex (conversational interfaces/NLU) with Amazon Polly (speech output) or Amazon Transcribe (speech-to-text), not realizing that Lex combines both ASR and NLU to build chatbots, while the others are single-purpose services.

How to eliminate wrong answers

Option A is wrong because Amazon Polly is a text-to-speech (TTS) service that converts text into lifelike speech, not a service for building conversational interfaces or understanding natural language. Option B is wrong because Amazon Transcribe is an automatic speech recognition (ASR) service that converts audio to text, but it does not provide NLU capabilities or APIs for building chatbots. Option D is wrong because Amazon Comprehend is a natural language processing (NLP) service that extracts insights from text (e.g., sentiment, entities), but it is not a managed API for building conversational interfaces or chatbots.

291
MCQmedium

A company runs a microservices-based e-commerce application on AWS. During peak hours, the order processing service often gets overwhelmed because the web frontend sends requests directly to it. This causes delays and occasional failures. The architecture team needs to decouple the frontend from the order processing service by introducing a fully managed, highly available, and durable message queue. The queue must automatically replicate messages across multiple Availability Zones and allow the order processing service to pull messages at its own pace. Which AWS service should the company use?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerA

Correct. Amazon SQS is a fully managed message queuing service that decouples application components. It is highly available and durable, automatically replicating messages across multiple Availability Zones. It supports polling mechanisms, allowing the order processing service to consume messages at its own pace.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it is a fully managed, highly available, and durable message queue service that automatically replicates messages across multiple Availability Zones (AZs) to ensure fault tolerance. It decouples the web frontend from the order processing service, allowing the latter to poll and process messages at its own pace, which prevents overload during peak hours. SQS provides at-least-once delivery and supports standard queues with high throughput, making it ideal for this use case.

Exam trap

The trap here is that candidates often confuse SNS (push-based) with SQS (pull-based) because both are messaging services, but the requirement for the consumer to pull messages at its own pace eliminates SNS, which pushes messages immediately to subscribers.

How to eliminate wrong answers

Option B (Amazon Simple Notification Service) is wrong because SNS is a pub/sub messaging service that pushes messages to subscribers (e.g., HTTP endpoints, Lambda, SQS) and does not provide a pull-based queue where the consumer controls the processing pace; it would still overwhelm the order processing service if subscribed directly. Option C (Amazon Kinesis Data Streams) is wrong because it is designed for real-time streaming of large-scale data (e.g., clickstreams, logs) with shard-based processing, not for simple decoupling with a durable, pull-based message queue; it requires more complex consumer management and is not optimized for decoupling a request-response pattern. Option D (Amazon MQ) is wrong because it is a managed message broker for protocols like AMQP and MQTT, but it is not automatically replicated across multiple AZs by default (requires manual configuration) and is less fully managed and durable than SQS for this specific decoupling need.

292
MCQmedium

A company runs a high-traffic e-commerce application. During peak holiday season, database read performance degrades. They want to offload read traffic from their RDS primary database. What should they implement?

A.RDS Multi-AZ
B.RDS Read Replicas
C.Increase the RDS instance size
D.Enable RDS Automated Backups
AnswerB

Read Replicas serve read-only queries, offloading read traffic from the primary database and allowing it to focus on writes during peak periods.

Why this answer

B is correct because RDS Read Replicas are specifically designed to offload read traffic from the primary database instance. By creating one or more read-only replicas, the application can direct SELECT queries to the replicas, reducing the load on the primary RDS instance and improving overall read performance during peak traffic.

Exam trap

The trap here is that candidates often confuse Multi-AZ (which provides failover but not read scaling) with Read Replicas, assuming that a standby in another AZ can serve reads, but AWS explicitly prevents read traffic to the Multi-AZ standby to maintain consistency and failover integrity.

How to eliminate wrong answers

Option A is wrong because RDS Multi-AZ provides high availability and automatic failover by maintaining a standby replica in a different Availability Zone, but it does not offload read traffic—the standby is not used for reads unless a failover occurs. Option C is wrong because increasing the RDS instance size (scaling up) can improve performance but is a vertical scaling approach that does not specifically offload read traffic; it also incurs higher cost and may still hit limits under extreme load. Option D is wrong because RDS Automated Backups are for point-in-time recovery and disaster recovery, not for read scaling; they do not serve read requests from the application.

293
MCQeasy

A company wants to provide employees with secure, managed virtual Windows or Linux desktops accessible from any device, without purchasing physical computers or managing on-premises VDI infrastructure. Which AWS service provides cloud-based virtual desktops?

A.Amazon AppStream 2.0
B.Amazon WorkSpaces
C.Amazon EC2 with Remote Desktop
D.AWS Connect
AnswerB

WorkSpaces provides fully managed, persistent virtual desktops (Windows or Linux) in the cloud. Employees access them from any device. AWS manages the underlying infrastructure, security, and availability.

Why this answer

Amazon WorkSpaces is a fully managed, cloud-based virtual desktop infrastructure (VDI) service that provides secure, persistent Windows or Linux desktops accessible from any supported device. It eliminates the need to purchase physical hardware or manage on-premises VDI, aligning directly with the scenario described.

Exam trap

The trap here is confusing Amazon WorkSpaces (full virtual desktop) with Amazon AppStream 2.0 (application streaming), as both provide remote access but serve fundamentally different use cases — one delivers an entire OS desktop, the other delivers individual applications.

How to eliminate wrong answers

Option A is wrong because Amazon AppStream 2.0 is a non-persistent application streaming service that delivers individual applications to a user's browser or device, not full virtual desktops with a persistent operating system environment. Option C is wrong because Amazon EC2 with Remote Desktop requires manual configuration, patching, and management of the underlying EC2 instances, security groups, and Remote Desktop Protocol (RDP) access, which does not provide the managed, turnkey VDI experience described. Option D is wrong because AWS Connect is a cloud-based contact center service for managing customer interactions, not a virtual desktop solution.

294
MCQmedium

A company has an on-premises file server that stores large datasets. The company wants to reduce its on-premises storage footprint by moving cold data to AWS. However, users need low-latency access to frequently used files, and the applications must be able to access the data using the standard SMB protocol. The company wants to cache frequently accessed data locally on-premises for low latency, while securely storing all data in Amazon S3. Which AWS service should the company use?

A.AWS Storage Gateway File Gateway
B.Amazon FSx for Windows File Server
C.AWS DataSync
D.Amazon S3 with AWS Direct Connect
AnswerA

Correct. File Gateway provides an on-premises file share that caches active data locally and stores all data durably in Amazon S3. It supports SMB protocol, enabling existing applications to access the cloud storage seamlessly while maintaining low latency for frequently used files.

Why this answer

AWS Storage Gateway File Gateway is the correct choice because it provides on-premises caching of frequently accessed files for low-latency access via the standard SMB protocol, while all data is stored durably in Amazon S3. This directly meets the requirement to reduce on-premises storage footprint by moving cold data to AWS, while keeping hot data cached locally for performance.

Exam trap

The trap here is that candidates confuse AWS DataSync (a transfer tool) with a storage service that provides ongoing local caching and SMB access, or assume Amazon FSx for Windows File Server can be deployed on-premises when it is a cloud-only service.

How to eliminate wrong answers

Option B (Amazon FSx for Windows File Server) is wrong because it is a fully managed native Windows file server in the cloud, not an on-premises caching solution; it does not cache data locally on-premises or reduce the on-premises storage footprint. Option C (AWS DataSync) is wrong because it is a data transfer and synchronization tool, not a storage service; it can move data to S3 but does not provide on-premises caching or SMB access to cached files.

295
MCQeasy

A small business owner wants to host a simple WordPress website on AWS with a predictable flat monthly price, without learning about VPCs, security groups, instance types, or other AWS complexity. Which AWS service is designed for this simplified use case?

A.Amazon EC2 with a t3.micro
B.AWS Elastic Beanstalk
C.Amazon Lightsail
D.AWS Lambda
AnswerC

Lightsail provides pre-configured virtual servers with fixed monthly pricing that includes compute, SSD storage, DNS, and data transfer. It is specifically designed for simple websites and small applications without requiring AWS expertise.

Why this answer

Amazon Lightsail is designed specifically for users who need a simple, predictable monthly pricing model without managing underlying AWS infrastructure like VPCs, security groups, or instance types. It provides pre-configured virtual private servers (VPS) with a fixed monthly cost, including a one-click WordPress deployment, making it ideal for a small business owner who wants to avoid AWS complexity.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk with a simplified solution, but Elastic Beanstalk still requires understanding of environments and scaling, and its pricing is not a flat monthly fee; Lightsail is the only service explicitly designed for predictable flat-rate pricing and zero infrastructure management.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with a t3.micro requires the user to manually configure VPCs, security groups, and instance management, and its pricing is per-hour (or per-second) with variable costs, not a predictable flat monthly price. Option B is wrong because AWS Elastic Beanstalk is a PaaS service that abstracts some infrastructure but still requires understanding of environments, scaling, and underlying EC2 instances, and its costs are not a simple flat monthly fee; it also does not offer a one-click WordPress deployment. Option D is wrong because AWS Lambda is a serverless compute service for event-driven code execution, not designed for hosting a full WordPress website with persistent storage and a web server; it lacks a flat monthly pricing model and requires knowledge of functions, triggers, and stateless architecture.

296
MCQeasy

Which AWS service provides a fully managed, scalable search service that allows you to set up, manage, and scale a search solution for your website or application?

A.Amazon Athena
B.Amazon OpenSearch Service
C.Amazon RDS with full-text search
D.AWS Glue
AnswerB

OpenSearch Service provides managed Elasticsearch/OpenSearch clusters for full-text search, log analytics, and application monitoring with automatic cluster management.

Why this answer

Amazon OpenSearch Service is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. It provides built-in integrations with tools like Kibana for visualization and Logstash for data ingestion, and it supports full-text search, structured search, and analytics, making it the correct choice for a scalable search solution.

Exam trap

The trap here is that candidates often confuse Amazon Athena's SQL-based querying of S3 data with a search service, but Athena is not designed for low-latency, full-text search or real-time indexing required for website or application search.

How to eliminate wrong answers

Option A is wrong because Amazon Athena is an interactive query service that analyzes data directly in Amazon S3 using standard SQL, not a search service for websites or applications. Option C is wrong because Amazon RDS with full-text search is a relational database service that requires manual scaling and management, and its full-text search capabilities are limited compared to a dedicated search engine like OpenSearch. Option D is wrong because AWS Glue is a serverless data integration service used for ETL (extract, transform, load) jobs and data cataloging, not for powering search functionality.

297
MCQmedium

A company stores log files in Amazon S3 Standard. After 30 days, the logs are rarely accessed. After 365 days, they should be archived and almost never retrieved. The company wants to automatically move objects between storage classes to minimise cost. Which S3 feature enables this automated transition?

A.S3 Versioning
B.S3 Lifecycle policy
C.S3 Intelligent-Tiering
D.S3 Event Notification
AnswerB

S3 Lifecycle policies automate the transition of objects between storage classes based on defined rules (e.g., move to Standard-IA after 30 days, then to Glacier after 365 days). This reduces cost without manual intervention.

Why this answer

S3 Lifecycle policies allow you to define rules that automatically transition objects between storage classes based on age or other criteria. In this scenario, a lifecycle rule can move logs from S3 Standard to a lower-cost infrequent access class after 30 days, and then to S3 Glacier Deep Archive after 365 days, minimizing storage costs without manual intervention.

Exam trap

The trap here is that candidates confuse S3 Intelligent-Tiering with a scheduled lifecycle policy, but Intelligent-Tiering does not allow you to specify exact day-based transitions — it only adapts to access patterns, making it unsuitable for fixed archiving schedules.

How to eliminate wrong answers

Option A is wrong because S3 Versioning is a feature that preserves, retrieves, and restores every version of an object, not for automating transitions between storage classes. Option C is wrong because S3 Intelligent-Tiering automatically moves data between access tiers based on changing access patterns, but it does not support a fixed schedule like 'after 30 days' or 'after 365 days' — it relies on monitoring access, not predefined time-based rules. Option D is wrong because S3 Event Notification sends alerts or triggers actions (e.g., Lambda functions) when specific events occur in a bucket, but it does not directly manage storage class transitions.

298
MCQeasy

Which AWS service provides private connectivity between VPCs and supported AWS services without requiring internet gateway, NAT device, VPN, or Direct Connect?

A.Internet Gateway
C.VPC Endpoints
D.VPC Peering
AnswerC

VPC Endpoints enable private connectivity to AWS services from within a VPC — traffic stays on the AWS network, never traversing the public internet.

Why this answer

VPC Endpoints (specifically Gateway Endpoints for S3/DynamoDB and Interface Endpoints for other services) enable private connectivity between a VPC and supported AWS services using the AWS network, without requiring an internet gateway, NAT device, VPN, or Direct Connect. Traffic stays within the AWS backbone and never traverses the public internet, leveraging AWS PrivateLink for interface endpoints or route table entries for gateway endpoints.

Exam trap

The trap here is that candidates often confuse VPC Peering (Option D) as a way to access AWS services privately, but VPC Peering only connects VPCs, not services, and does not eliminate the need for internet gateways or NAT devices for service access.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway is a horizontally scaled, redundant component that allows communication between a VPC and the internet, not private connectivity to AWS services without internet exposure. Option B is wrong because a NAT Gateway enables outbound internet traffic from private subnets but does not provide private connectivity to AWS services without internet transit. Option D is wrong because VPC Peering connects two VPCs directly using AWS infrastructure, but it does not provide connectivity to AWS services themselves; it only links VPCs.

299
MCQeasy

Which AWS service provides a managed customer relationship management (CRM) platform for sales and customer service teams?

A.Amazon Connect
B.Amazon Pinpoint
C.Amazon QuickSight
D.AWS AppFlow
AnswerA

Amazon Connect is AWS's managed cloud contact center service that enables customer service operations including agent workspaces, IVR, and customer interaction management.

Why this answer

Amazon Connect is a managed cloud-based contact center service that provides a CRM platform for sales and customer service teams. It enables organizations to set up omnichannel customer interactions (voice, chat, tasks) with AI-powered capabilities like Amazon Lex for chatbots and Amazon Polly for speech, all without managing underlying infrastructure.

Exam trap

The trap here is that candidates may confuse Amazon Connect (a contact center/CRM service) with Amazon Pinpoint (a marketing communication service) because both involve customer engagement, but Pinpoint is for outbound campaigns, not inbound sales/service workflows.

How to eliminate wrong answers

Option B (Amazon Pinpoint) is wrong because it is a targeted marketing communications service for sending push notifications, emails, and SMS campaigns, not a CRM platform for sales and customer service. Option C (Amazon QuickSight) is wrong because it is a business analytics and visualization service for creating dashboards and reports, not a CRM system. Option D (AWS AppFlow) is wrong because it is a fully managed integration service for securely transferring data between SaaS applications and AWS services, not a CRM platform.

300
MCQmedium

A company is developing a mobile application backend. The backend needs to process REST API requests that are triggered by user actions in the app. Usage is expected to start low but may spike unpredictably. The development team wants to focus solely on writing code and does not want to manage any servers or containers. The team also wants to only pay for compute time when requests are being processed. Which AWS service should the team use to meet these requirements?

A.Amazon EC2 Auto Scaling
B.AWS Lambda
C.AWS Fargate
D.Amazon API Gateway
AnswerB

Correct. AWS Lambda is a serverless compute service that runs your code only when triggered (e.g., via Amazon API Gateway). It automatically scales to handle any number of requests and you pay only for the compute time consumed during execution (per millisecond). There are no servers or containers to manage, aligning perfectly with the team's focus on writing code and minimizing operational overhead.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to REST API requests via Amazon API Gateway, automatically scaling from zero to thousands of concurrent executions. The team pays only for the compute time consumed while requests are being processed, with no charges when idle, and they never need to manage servers or containers.

Exam trap

The trap here is that candidates often confuse AWS Fargate as a 'serverless' option, but Fargate still requires container management and incurs costs for provisioned vCPU and memory even when idle, whereas Lambda is truly serverless with no idle costs.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling requires managing virtual servers (EC2 instances) and their scaling policies, which contradicts the requirement to avoid managing servers and containers. Option C is wrong because AWS Fargate is a serverless container engine that still requires the team to define and manage container images and task definitions, and it incurs costs for provisioned resources even when no requests are being processed.

← PreviousPage 4 of 5 · 341 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Technology questions.