CCNA Design Cost-Optimized Architectures Questions

75 of 202 questions · Page 1/3 · Design Cost-Optimized Architectures · Answers revealed

1
Multi-Selectmedium

A startup runs a 24/7 web tier on Amazon EC2 with a stable baseline of 8 instances and a nightly analytics batch job that can resume from checkpoints if interrupted. The company wants to minimize monthly compute cost without hurting the always-on web tier. Which two actions should it take? Select two.

Select 2 answers
A.Buy a Compute Savings Plan for the steady web tier baseline.
B.Buy Standard Reserved Instances only for the nightly analytics batch job.
C.Run the batch job on Spot Instances and checkpoint progress frequently.
D.Move the entire workload to On-Demand Instances for maximum flexibility.
E.Use Dedicated Hosts for the batch job so the fleet is isolated.
AnswersA, C

A Compute Savings Plan reduces cost for the predictable baseline while preserving flexibility across instance families and Regions. That fits a 24/7 web tier that is expected to run continuously. It is cheaper than On-Demand for the committed portion and avoids overcommitting to a specific instance family.

Why this answer

A Compute Savings Plan offers the largest discount (up to 66%) in exchange for a 1- or 3-year hourly spend commitment, and it automatically applies to any EC2 instance family, size, or region. For the stable 8-instance web tier that runs 24/7, this plan provides significant cost savings while maintaining full flexibility to change instance types or even move to containers or Lambda, without affecting the always-on requirement.

Exam trap

The trap here is that candidates often assume Reserved Instances are always the best choice for any steady workload, but for a part-time batch job, a Savings Plan or Spot is more cost-effective, and they may overlook that Spot Instances with checkpointing are ideal for fault-tolerant, interruptible workloads.

2
MCQmedium

A marketing site runs on x86 EC2 instances and uses open-source software with no architecture-specific licensing restriction. What should be evaluated to reduce compute cost?

A.Cross-Region data replication for all data
B.io2 Block Express volumes for all instances
C.AWS Graviton-based instances after performance testing
D.Dedicated Hosts by default
AnswerC

Graviton instances often provide better price performance for compatible workloads.

Why this answer

Option C is correct because AWS Graviton-based instances (ARM architecture) offer up to 40% better price-performance compared to comparable x86 instances for many workloads. Since the marketing site uses open-source software with no architecture-specific licensing restrictions, migrating to Graviton after performance testing can significantly reduce compute costs without sacrificing performance.

Exam trap

The trap here is that candidates assume Dedicated Hosts (Option D) always reduce costs due to 'dedicated' implying efficiency, but they actually increase costs unless specific licensing requirements (e.g., Windows Server or SQL Server) mandate physical isolation.

How to eliminate wrong answers

Option A is wrong because cross-Region data replication increases storage and data transfer costs, not reduces compute costs; it is a disaster recovery strategy, not a cost-optimization technique for compute. Option B is wrong because io2 Block Express volumes are high-performance, high-cost SSDs designed for latency-sensitive workloads, not for reducing compute costs; they would increase overall costs without addressing compute efficiency. Option D is wrong because Dedicated Hosts incur additional hourly charges for physical server isolation and are typically used for licensing or compliance requirements, not for cost reduction; they would increase compute costs compared to shared tenancy.

3
Multi-Selecthard

A company processes product-image uploads in bursts. Each transform takes up to ten minutes, and every job can be retried safely from the beginning. The current EC2 worker fleet is idle most of the day. Which two changes most reduce cost and idle capacity? Select two.

Select 2 answers
A.Buffer jobs in Amazon SQS and let workers scale from queue depth.
B.Run the workers on AWS Fargate Spot, since interruptions are acceptable.
C.Keep a fixed fleet of m6i.large instances in an Auto Scaling group with a higher minimum.
D.Use Reserved Instances for the workers even though demand is highly bursty.
E.Process uploads only during a nightly window so the fleet looks busier.
AnswersA, B

Correct. SQS decouples uploads from processing and smooths bursty demand. Queue depth is a practical scaling signal, so the company avoids paying for idle workers while still absorbing traffic spikes.

Why this answer

Option A is correct because Amazon SQS can decouple the upload bursts from the worker fleet, allowing the workers to scale based on the ApproximateNumberOfMessagesVisible metric via a target tracking scaling policy. This eliminates idle capacity by keeping workers at zero when no jobs are queued and scaling up only when bursts arrive. Option B is correct because AWS Fargate Spot provides up to a 70% discount over On-Demand, and since each transform can be retried safely from the beginning, interruptions are acceptable without data loss.

Exam trap

The trap here is that candidates often choose Reserved Instances for any cost reduction scenario, forgetting that bursty workloads with idle periods are better served by spot instances and serverless scaling, not commitment-based discounts.

4
MCQeasy

A media processing pipeline runs batch jobs overnight. The jobs are stateless, can be restarted from checkpoints, and can tolerate interruptions. The team wants to minimize compute cost. Which EC2 approach is the best fit?

A.Use On-Demand instances to guarantee uninterrupted capacity.
B.Use Spot Instances and design the jobs to handle interruptions by checkpointing and retrying.
C.Use a 1-year Reserved Instance for the current instance type and lock the fleet to it.
D.Use Savings Plans but still treat interruptions as failures that require manual intervention.
AnswerB

Spot is the most cost-effective EC2 option when the workload can handle interruption. Because the jobs are stateless and can resume from checkpoints, losing an instance due to a Spot interruption does not lose progress. The design aligns directly with Spot’s best-effort interruption model, minimizing compute cost while still completing the batch work.

Why this answer

Spot Instances offer significant cost savings (up to 90% off On-Demand) but can be reclaimed by AWS with a 2-minute interruption notice. Since the batch jobs are stateless, checkpointable, and interruption-tolerant, they are an ideal workload for Spot Instances. Designing the jobs to save progress to a durable checkpoint (e.g., Amazon S3) and automatically retry on interruption ensures resilience while minimizing compute cost.

Exam trap

The trap here is that candidates often assume all production workloads need On-Demand or Reserved Instances for reliability, failing to recognize that stateless, checkpointable batch jobs are the perfect use case for Spot Instances to drastically reduce costs.

How to eliminate wrong answers

Option A is wrong because On-Demand instances are the most expensive pricing model and provide no cost optimization benefit for workloads that can tolerate interruptions. Option C is wrong because a 1-year Reserved Instance locks the fleet to a specific instance type and commits to a full year of payment, which is inflexible and not cost-optimal for a batch workload that may vary in size or instance needs. Option D is wrong because Savings Plans provide a discount in exchange for a 1- or 3-year hourly spend commitment, but they do not inherently handle interruptions; treating interruptions as failures requiring manual intervention defeats the purpose of automation and increases operational overhead.

5
MCQhard

Based on the exhibit, your application runs entirely in private subnets and only needs to reach Amazon S3, Amazon DynamoDB, AWS Secrets Manager, and CloudWatch Logs. The monthly bill is dominated by NAT Gateway charges. Which change most directly reduces cost while preserving private connectivity to these AWS services?

A.Replace the NAT Gateway with an Internet Gateway and keep the current private subnet routes unchanged.
B.Add a second NAT Gateway in another Availability Zone to reduce cross-AZ data transfer charges.
C.Create only interface endpoints for all four services and keep the NAT Gateway for fallback.
D.Create S3 and DynamoDB gateway endpoints, create interface endpoints for Secrets Manager and CloudWatch Logs, update route tables, and remove the NAT Gateway.
AnswerD

S3 and DynamoDB use gateway endpoints, which are the cost-effective private path for those services. Secrets Manager and CloudWatch Logs require interface endpoints for private access. Once these are in place, the NAT Gateway is no longer needed for this workload, eliminating the hourly and per-GB NAT charges while keeping traffic on the AWS network.

Why this answer

Option D is correct because it replaces the costly NAT Gateway with free VPC Gateway Endpoints for S3 and DynamoDB, and uses AWS PrivateLink interface endpoints for Secrets Manager and CloudWatch Logs. This eliminates all internet-bound data transfer costs while keeping traffic entirely within the AWS network, directly addressing the cost concern without sacrificing private connectivity.

Exam trap

The trap here is that candidates assume all AWS services require the same type of VPC endpoint, leading them to either use only interface endpoints (costly) or keep the NAT Gateway as a safety net, missing the opportunity to use free gateway endpoints for S3 and DynamoDB.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway alone does not enable private subnets to reach AWS services; private subnets still need a NAT device to route traffic through the Internet Gateway, so removing the NAT Gateway without adding endpoints would break connectivity. Option B is wrong because adding a second NAT Gateway increases costs (additional hourly charges and cross-AZ data transfer fees) rather than reducing them, and the current bill is dominated by NAT Gateway charges, not cross-AZ traffic. Option C is wrong because using interface endpoints for all four services would incur per-hour and per-GB data processing charges for S3 and DynamoDB, which are more expensive than using free gateway endpoints for those two services; keeping the NAT Gateway as a fallback also retains unnecessary costs.

6
Multi-Selectmedium

An application runs in private subnets and must access Amazon S3, Amazon DynamoDB, and AWS Secrets Manager. The security team wants the traffic to stay on the AWS network and the finance team wants to eliminate NAT Gateway charges. Which three changes should they make? Select three.

Select 3 answers
A.Create gateway VPC endpoints for S3.
B.Create gateway VPC endpoints for DynamoDB.
C.Create an interface VPC endpoint for Secrets Manager.
D.Place the instances in public subnets with an internet gateway.
E.Keep the NAT Gateway and add a proxy instance for service access.
AnswersA, B, C

A gateway endpoint for S3 allows private access without sending traffic through a NAT Gateway. It keeps S3 traffic on the AWS network and reduces NAT processing charges.

Why this answer

A gateway VPC endpoint for S3 allows instances in private subnets to access S3 over the AWS network without traversing the internet or a NAT gateway. This eliminates NAT Gateway charges and keeps traffic on the AWS backbone, meeting both security and cost requirements.

Exam trap

The trap here is that candidates often confuse gateway endpoints (for S3 and DynamoDB) with interface endpoints (for most other AWS services), leading them to incorrectly select interface endpoints for S3 or DynamoDB, which would incur hourly charges and not be the most cost-optimized solution.

7
Multi-Selectmedium

A solutions architect is designing a cost-optimized data storage solution for a large dataset that is accessed infrequently but must be retained for compliance for 7 years. Which three actions should the architect take to minimize costs? (Choose three.)

Select 3 answers
.Store the data in Amazon S3 Glacier Deep Archive immediately after creation.
.Use Amazon S3 lifecycle policies to transition data from S3 Standard to S3 Glacier Deep Archive after 30 days.
.Enable S3 Intelligent-Tiering to automatically move data between access tiers based on usage patterns.
.Store all data in Amazon EBS gp2 volumes attached to an EC2 instance for low-latency access.
.Use S3 Object Lock in compliance mode to prevent data deletion during the retention period.
.Replicate all data to a second AWS Region using S3 Cross-Region Replication to ensure durability.

Why this answer

Amazon S3 lifecycle policies allow you to define rules that automatically transition objects to colder storage tiers like S3 Glacier Deep Archive after a specified period. This approach minimizes costs by keeping data in S3 Standard only for the initial 30 days when it might be accessed, then moving it to the lowest-cost storage class for the remaining compliance period. S3 Intelligent-Tiering automatically optimizes costs by monitoring access patterns and moving data between frequent, infrequent, and archive access tiers without manual intervention.

S3 Object Lock in compliance mode prevents any user, including the root user, from deleting or overwriting objects during the retention period, ensuring regulatory compliance.

Exam trap

The trap here is that candidates may think immediate archiving to Glacier Deep Archive is the cheapest option, but they overlook the need for lifecycle policies to balance initial access needs with long-term cost savings, and they may confuse durability (which S3 already provides) with compliance retention, leading them to select unnecessary replication.

8
MCQmedium

A team serves static web assets (JS, CSS, images) from an Amazon S3 origin through CloudFront. Recently, the S3 origin has received a high number of requests for the same files, increasing origin data transfer costs. CloudFront access logs show many cache misses, and each request includes a unique query string used only for tracking (for example, ?utm=...). The application does not require query-string-specific content. What CloudFront change will most directly reduce origin fetches and cost?

A.Update the CloudFront cache policy to exclude query strings from the cache key so that requests differing only by tracking query parameters reuse the same cached object.
B.Lower the minimum TTL and set Cache-Control headers to no-store to force CloudFront to revalidate more often.
C.Enable Origin Shield to ensure all origin fetches go through a single regional shield with no other configuration changes.
D.Switch the S3 origin from S3 to a different storage class optimized for request rates, keeping the cache key the same.
AnswerA

CloudFront cache misses increase when the cache key includes values that vary per request. If the tracking query string is part of the cache key, each unique ?utm value generates a separate cache entry even though the underlying object (JS/CSS/image) is identical, causing repeated origin fetches. Excluding query strings from the cache key collapses those variations into a single cached object, increasing the cache hit rate and reducing origin fetches and origin data transfer.

Why this answer

Option A is correct because CloudFront's cache policy controls which parts of a request (including query strings) are included in the cache key. By excluding the tracking query strings (e.g., `?utm=...`) from the cache key, CloudFront will treat all requests for the same file as identical, serving the cached object regardless of the query string. This directly reduces the number of origin fetches (cache misses) and lowers S3 data transfer costs, as the application does not require query-string-specific content.

Exam trap

The trap here is that candidates may think enabling Origin Shield (Option C) or changing storage classes (Option D) will solve the problem, but they overlook the fundamental issue of cache key fragmentation caused by unique query strings, which is directly addressed by adjusting the cache policy.

How to eliminate wrong answers

Option B is wrong because lowering the minimum TTL and setting `Cache-Control: no-store` would force CloudFront to revalidate or bypass the cache entirely, increasing origin fetches and costs, not reducing them. Option C is wrong because enabling Origin Shield alone, without adjusting the cache key to exclude query strings, does not address the root cause of cache misses caused by unique query strings; Origin Shield would still forward each unique query string request to the origin. Option D is wrong because switching the S3 storage class (e.g., to S3 Standard-IA or One Zone-IA) does not change the cache key behavior; the high number of unique query strings would still cause cache misses and origin fetches, and some storage classes may even incur higher per-request costs.

9
Multi-Selecthard

An application stores user-uploaded binaries in S3. Access is unpredictable for the first month, then most objects become cold. The team wants the cheapest approach that avoids manually guessing access patterns. Which two actions are best? Select two.

Select 2 answers
A.Enable S3 Intelligent-Tiering on the bucket.
B.Keep all objects in S3 Standard because lifecycle transitions add too much management.
C.Add a lifecycle rule to move very old objects to S3 Glacier Deep Archive when minute-level retrieval is no longer required.
D.Copy all binaries to Amazon EFS so retrieval is faster.
E.Disable versioning because S3 Intelligent-Tiering needs it to work.
AnswersA, C

Correct. Intelligent-Tiering is designed for objects with uncertain or changing access patterns. It automatically moves data between access tiers, reducing the need for manual guessing and avoiding overpaying for standard storage.

Why this answer

Option A is correct because S3 Intelligent-Tiering automatically moves objects between access tiers (frequent, infrequent, archive instant, and deep archive) based on changing access patterns, without manual lifecycle rules. This is ideal for unpredictable access in the first month followed by cold storage, as it optimizes cost by charging only for the storage tier actually used per object, with a small monthly monitoring fee per object.

Exam trap

The trap here is that candidates may think S3 Intelligent-Tiering requires versioning or manual lifecycle rules, but it is a fully automated, versioning-independent feature designed specifically for unpredictable access patterns.

10
Multi-Selectmedium

A media company keeps application logs in Amazon S3 for 400 days. The logs are read heavily for the first 30 days, occasionally for the next 90 days, and almost never after that. The team wants to lower storage cost without affecting retention requirements. Which two lifecycle transitions should it configure? Select two.

Select 2 answers
A.Transition the objects to S3 Standard-IA after 30 days.
B.Transition the objects to S3 Glacier Deep Archive after 120 days.
C.Transition the objects to S3 One Zone-IA after 30 days.
D.Keep the objects in S3 Standard for the full 400 days.
E.Use only S3 Intelligent-Tiering and never add archival transitions.
AnswersA, B

Standard-IA is a good fit after the initial hot period because retrievals become less frequent but still matter. It reduces storage cost compared with S3 Standard while keeping the data quickly accessible for the next several months.

Why this answer

Option A is correct because after the first 30 days of heavy read access, transitioning to S3 Standard-IA reduces storage costs while still providing low-latency retrieval for the occasional reads that occur over the next 90 days. S3 Standard-IA is designed for data accessed infrequently but requires rapid access, matching the usage pattern described.

Exam trap

The trap here is that candidates often confuse 'occasional access' with 'rare access' and incorrectly choose Glacier Deep Archive too early, or they overlook that S3 Intelligent-Tiering does not include archival tiers, leading to higher costs for long-term retention.

11
Multi-Selecthard

A internal reporting portal has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances?

Select 2 answers
A.Disable CloudTrail logging
B.Stop all EC2 instances in the account
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Option C is correct because unattached EBS volumes incur storage costs without providing any benefit to running instances. Deleting them after verifying they are no longer needed directly reduces these costs without affecting any active EC2 instances.

Exam trap

The trap here is that candidates may confuse stopping EC2 instances with reducing EBS costs, but stopping instances does not delete the underlying volumes or snapshots, so storage charges continue.

12
MCQeasy

You store application logs in an S3 bucket. After 30 days, the logs are rarely accessed, but you must retain them for 1 year for compliance. Which S3 feature is the best way to reduce storage cost while meeting the retention requirement?

A.Create an S3 lifecycle rule to transition older objects to a colder storage class after 30 days, then expire after 1 year
B.Keep all logs in S3 Standard and rely on lower request rates to reduce cost
C.Copy logs to EBS snapshots each week and delete the original files
D.Use S3 replication to a second bucket in another region to reduce costs
AnswerA

S3 lifecycle policies can automatically transition objects to lower-cost storage classes based on age. Transitioning after 30 days reduces ongoing storage costs because the logs are rarely accessed, while expiring after 1 year ensures you still meet the compliance retention window.

Why this answer

Option A is correct because an S3 Lifecycle rule can automatically transition objects from S3 Standard to a colder storage class (e.g., S3 Glacier Instant Retrieval or S3 Glacier Deep Archive) after 30 days, reducing storage costs for rarely accessed logs. After 1 year, the rule can expire the objects, which permanently deletes them, meeting the compliance retention requirement without manual intervention.

Exam trap

The trap here is that candidates may think S3 Standard is always the cheapest option for infrequently accessed data, but they overlook the significant cost savings from lifecycle transitions to colder storage classes like S3 Glacier Deep Archive, which are designed for long-term archival with rare access.

How to eliminate wrong answers

Option B is wrong because keeping all logs in S3 Standard incurs higher storage costs for data that is rarely accessed after 30 days, and lower request rates do not offset the per-GB storage cost of S3 Standard. Option C is wrong because copying logs to EBS snapshots is not a cost-effective or scalable solution for log retention; EBS snapshots are designed for block-level backups of volumes, not for storing individual log files, and deleting the original S3 objects would lose the logs. Option D is wrong because S3 replication to a second bucket in another region increases costs due to replication fees, data transfer charges, and storage costs in the destination bucket, and does not inherently reduce storage costs.

13
Multi-Selectmedium

An ecommerce company runs a 24/7 frontend tier on EC2 and a nightly image-rendering job that can be interrupted and resumed from checkpoints. They want to minimize monthly compute cost without changing the application architecture. Which two actions should they take? Select two.

Select 2 answers
A.Purchase a Compute Savings Plan for the always-on frontend tier.
B.Use Spot Instances for the rendering job fleet.
C.Move both workloads to Dedicated Hosts.
D.Keep the rendering fleet entirely on On-Demand Instances.
E.Use dedicated GPUs for the frontend tier even though it is CPU-light.
AnswersA, B

A Compute Savings Plan reduces cost for steady compute usage while keeping flexibility across supported compute services. It is a strong fit for the always-on frontend tier because the workload runs continuously and is not interruption tolerant.

Why this answer

A Compute Savings Plan offers the largest discount (up to 66%) in exchange for a consistent compute spend commitment, making it ideal for the always-on frontend tier that runs 24/7. This plan applies to any EC2 instance family, region, and even Fargate or Lambda, providing flexibility while reducing costs for steady-state workloads.

Exam trap

The trap here is that candidates might choose On-Demand Instances for the rendering job out of fear of interruptions, failing to recognize that checkpointing makes Spot Instances viable and cost-effective.

14
MCQhard

A risk simulation workload generates analytics files that are accessed unpredictably. Some files become hot again months later. The team wants automatic storage cost optimisation without retrieval delays. What should be used?

A.Manual monthly review and object copying
B.S3 Glacier Flexible Retrieval for all files
C.S3 Intelligent-Tiering
D.EFS One Zone for analytics files
AnswerC

Intelligent-Tiering automatically moves objects between access tiers based on usage while preserving low-latency access.

Why this answer

S3 Intelligent-Tiering is the correct choice because it automatically moves objects between access tiers (frequent, infrequent, and archive instant access) based on changing access patterns, without any retrieval delays. This handles the unpredictable access described—files that become hot again months later—by keeping them in the archive instant access tier until access resumes, then promoting them instantly. It optimizes storage costs automatically without manual intervention or cold retrieval waits.

Exam trap

The trap here is that candidates often choose S3 Glacier Flexible Retrieval for cost savings, overlooking the 'without retrieval delays' requirement, which disqualifies any cold storage option that requires restoration time.

How to eliminate wrong answers

Option A is wrong because manual monthly review and object copying is not automatic, introduces operational overhead, and risks cost inefficiency or retrieval delays if the review cycle misses changing access patterns. Option B is wrong because S3 Glacier Flexible Retrieval has retrieval delays (minutes to hours) and is not suitable for files that may become hot again unpredictably, as it would cause unacceptable wait times for immediate access. Option D is wrong because EFS One Zone is a file system, not an object storage service, and does not provide the cost optimization or automatic tiering needed for unpredictable access patterns on analytics files.

15
MCQmedium

A marketing team runs a report-generation process that must execute once per day at 02:00 UTC. It usually completes in 10315 minutes, but sometimes takes up to 45 minutes due to varying data volumes. They currently run the workload on an EC2 instance that is always on, which wastes money during off-hours. The team wants to minimize operational overhead and pay mainly for actual execution time. What is the best architecture choice?

A.Use a scheduled Amazon EC2 Auto Scaling group that keeps a minimum of one instance running at all times.
B.Use an EventBridge schedule to run the report as an Amazon ECS task on AWS Fargate and write results to S3.
C.Use AWS Lambda triggered by an EventBridge schedule at 02:00 UTC and write results to S3.
D.Use an EMR cluster provisioned daily with manual teardown to ensure the instance is always available before 02:00.
AnswerB

Fargate allows the containerized job to run only when scheduled, so the team pays for task runtime instead of keeping an EC2 instance always on.

Why this answer

Option B is correct because AWS Fargate allows the report-generation task to run as an Amazon ECS task triggered by an EventBridge schedule, eliminating the need for an always-on EC2 instance. Fargate charges only for the vCPU and memory resources consumed during the task's execution (typically 10–45 minutes), which aligns with the team's goal of minimizing operational overhead and paying mainly for actual execution time. Writing results to S3 provides durable, cost-effective storage without managing infrastructure.

Exam trap

The trap here is that candidates often choose Lambda for scheduled tasks without checking the execution duration limit, overlooking that Lambda's 15-minute timeout makes it unsuitable for processes that can take up to 45 minutes.

How to eliminate wrong answers

Option A is wrong because an Auto Scaling group with a minimum of one instance keeps an EC2 instance running 24/7, which still wastes money during off-hours and does not pay mainly for actual execution time. Option C is wrong because AWS Lambda has a maximum execution timeout of 15 minutes (900 seconds), but the report-generation process can take up to 45 minutes, making Lambda unsuitable for this workload. Option D is wrong because manually provisioning and tearing down an EMR cluster daily introduces significant operational overhead, contradicting the team's goal to minimize operational overhead, and EMR is designed for big data processing, not a simple report-generation task.

16
MCQmedium

An S3 bucket stores user-uploaded images. Access patterns are unpredictable: some objects are never read again, while others are occasionally retrieved months later. The team wants to reduce storage cost without having to manually track access frequency or run periodic analyses. Which S3 storage and lifecycle approach is the best fit?

A.Enable S3 Intelligent-Tiering so objects can automatically move between access tiers based on observed access patterns.
B.Use S3 Glacier Instant Retrieval for all objects immediately to minimize storage cost.
C.Create a lifecycle rule that transitions objects to Standard-IA after a fixed 30 days, regardless of access.
D.Keep all objects in S3 Standard and reduce costs by enabling server access logging compression.
AnswerA

S3 Intelligent-Tiering is designed for unknown or changing access patterns. It monitors access and automatically moves objects between tiers (for example, between frequent-access and infrequent-access tiers) based on actual usage, which avoids the need to manually decide transition schedules. This directly meets the requirement to reduce storage cost while eliminating ongoing manual tracking or periodic analysis.

Why this answer

S3 Intelligent-Tiering is the best fit because it automatically moves objects between access tiers (frequent, infrequent, archive instant, archive) based on changing access patterns, eliminating the need for manual tracking or lifecycle rules. This optimizes storage costs for unpredictable access patterns without requiring you to define fixed time-based transitions or perform periodic analyses.

Exam trap

The trap here is that candidates often choose a fixed lifecycle rule (Option C) thinking it is simpler, but they overlook the retrieval fees and inefficiency of applying a rigid time-based policy to unpredictable access patterns, whereas Intelligent-Tiering adapts dynamically without manual tuning.

How to eliminate wrong answers

Option B is wrong because storing all objects immediately in S3 Glacier Instant Retrieval incurs higher retrieval costs and minimum storage charges (90 days) for objects that may never be accessed again, and it does not adapt to unpredictable patterns. Option C is wrong because a fixed 30-day transition to Standard-IA does not account for objects that are accessed frequently after 30 days, leading to retrieval fees, and it fails to optimize for objects that are never accessed again. Option D is wrong because enabling server access logging compression does not reduce storage costs for the objects themselves; it only reduces log storage size, and keeping all objects in S3 Standard is more expensive than using Intelligent-Tiering for unpredictable access.

17
MCQeasy

A company runs EC2 workloads in one region with somewhat steady overall demand. Over time, the team frequently changes instance families (for performance/optimization) and sometimes changes instance size, but wants predictable cost discounts. Which purchase option provides the best balance of cost savings and flexibility?

A.Standard Reserved Instances for a specific instance family and size only.
B.Savings Plans (Compute Savings Plans), scoped for flexible EC2 usage in the region.
C.Spot Instances for all workloads, assuming interruptions will never happen.
D.On-Demand only, because it avoids the complexity of purchase option scopes.
AnswerB

Compute Savings Plans provide discounted pricing for steady usage while allowing flexibility across instance families, OS, and sizes within the selected scope (for example, region). That matches the scenario: demand is steady enough for discounts, but the underlying instance type choices change frequently to meet performance needs.

Why this answer

Compute Savings Plans offer the best balance of cost savings and flexibility because they provide up to 66% discount in exchange for a commitment to a consistent amount of compute usage (measured per hour) in a region, but they automatically apply to any EC2 instance family, size, OS, or tenancy, as well as AWS Fargate and Lambda. This matches the team's need to frequently change instance families and sizes while still getting predictable discounts, unlike Standard RIs which lock you to a specific family and size.

Exam trap

The trap here is that candidates often confuse Standard Reserved Instances (which lock family/size) with Convertible RIs (which allow family changes but require a 1:1 exchange and still have restrictions), or they assume Savings Plans only apply to EC2, missing that Compute Savings Plans also cover Fargate and Lambda, making them the most flexible option for compute cost optimization.

How to eliminate wrong answers

Option A is wrong because Standard Reserved Instances require a commitment to a specific instance family and size (e.g., m5.large), which prevents the team from freely changing instance families for performance optimization without incurring modification fees or losing the discount. Option C is wrong because Spot Instances can be interrupted with a 2-minute warning when AWS needs capacity back, making them unsuitable for steady workloads where interruptions are assumed to never happen—this violates the fundamental design of Spot as a cost-optimization tool for fault-tolerant or flexible workloads. Option D is wrong because On-Demand pricing offers no discount (0% savings) and avoids complexity only by paying full price, which fails to meet the requirement for predictable cost savings.

18
Multi-Selecthard

A photo studio stores original project archives in Amazon S3. Objects are read heavily for 14 days after upload, occasionally during the next 11 months, and almost never after one year. The team wants the lowest storage cost while keeping retrieval within minutes during the first year. Which three actions are best? Select three.

Select 3 answers
A.Keep new objects in S3 Standard for the first 14 days.
B.Transition objects to S3 Standard-IA after 14 days.
C.Transition objects to S3 Glacier Flexible Retrieval after 14 days.
D.Transition objects to S3 Glacier Deep Archive after one year.
E.Disable versioning to make the lifecycle rules work correctly.
AnswersA, B, D

Correct. Standard is appropriate for the initial hot-access period because the data is read frequently and needs immediate performance. Using a cheaper archive tier too early would increase retrieval latency and likely access costs.

Why this answer

A is correct because S3 Standard is designed for frequently accessed data with low latency and high throughput, making it ideal for the first 14 days when objects are read heavily. This storage class provides immediate retrieval and no retrieval costs, aligning with the requirement for minutes-level access during the first year.

Exam trap

The trap here is that candidates might incorrectly choose S3 Glacier Flexible Retrieval for the 14-day transition, overlooking that its retrieval times (minutes to hours) do not meet the 'within minutes' requirement for the first year, or mistakenly think versioning must be disabled for lifecycle rules to function.

19
MCQmedium

A batch analytics job has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity?

A.DynamoDB on-demand capacity mode
B.Reserved capacity for maximum daily traffic
C.Provisioned capacity set for peak traffic
D.Global tables in every Region
AnswerA

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode automatically scales to handle unpredictable traffic spikes and idle periods, charging only for the reads and writes you perform. This eliminates the need to provision capacity for peak traffic, avoiding costs during long idle periods and reducing operational overhead from capacity management.

Exam trap

The trap here is that candidates may confuse 'Reserved capacity' with DynamoDB's reserved capacity option (which does not exist) or think provisioned capacity is always cheaper, ignoring the cost of idle provisioned throughput during unpredictable workloads.

How to eliminate wrong answers

Option B is wrong because Reserved capacity is not a DynamoDB pricing model; it applies to Amazon EC2 and RDS, not DynamoDB, and would still require provisioning for peak traffic. Option C is wrong because Provisioned capacity set for peak traffic would incur costs for idle periods when traffic is low, as you pay for the provisioned capacity regardless of actual usage. Option D is wrong because Global tables are a replication feature for multi-Region active-active setups, not a capacity mode; they do not address cost optimization for unpredictable traffic and add complexity and cost.

20
MCQhard

Based on the exhibit, the team serves versioned JavaScript and CSS files from an S3 origin through CloudFront. After a release, the cache hit ratio dropped and origin fetches increased sharply. What change best reduces both CloudFront and S3 costs without changing the application’s public behavior?

A.Increase the CloudFront price class to include more edge locations.
B.Create a cache policy that excludes Authorization, cookies, and unnecessary query strings, and narrow the origin request policy to forward only the headers the S3 origin actually needs.
C.Disable CloudFront and serve the files directly from S3 to avoid cache invalidation overhead.
D.Use Lambda@Edge to rewrite every request into a unique path so that clients never receive stale files.
AnswerB

The hit ratio is low because CloudFront is varying the cache on request attributes that do not change versioned static files. Removing Authorization, cookies, and irrelevant query strings from the cache key allows CloudFront to reuse cached objects across users and sessions. Reducing the origin request policy avoids sending unnecessary viewer context to the origin. Because the filenames are already versioned, long TTLs can be used safely and will lower origin requests and S3 request costs.

Why this answer

B is correct because versioned JavaScript and CSS files are immutable, so CloudFront should cache them aggressively. By creating a cache policy that excludes unnecessary headers (like Authorization and cookies) and query strings, and narrowing the origin request policy to forward only required headers, you maximize cache hits and reduce origin fetches. This directly lowers both CloudFront data transfer costs (fewer origin requests) and S3 request costs (fewer GET requests), without altering the application's public behavior.

Exam trap

The trap here is that candidates often think increasing edge locations (Option A) or using Lambda@Edge (Option D) will improve performance, but for versioned static files, the real cost optimization comes from maximizing cache hits by properly configuring cache and origin request policies, not from adding more infrastructure or rewriting requests.

How to eliminate wrong answers

Option A is wrong because increasing the CloudFront price class to include more edge locations increases costs (more regional data transfer) and does not improve cache hit ratio for versioned static files—it may even reduce it by spreading requests across more locations. Option C is wrong because disabling CloudFront and serving files directly from S3 eliminates caching entirely, drastically increasing S3 request costs (GET, data transfer) and latency, while also losing CloudFront's edge caching benefits. Option D is wrong because using Lambda@Edge to rewrite every request into a unique path would bypass caching entirely (each unique path is a cache miss), increasing origin fetches and costs, and it does not solve the stale-file problem because versioned files are already immutable.

21
MCQmedium

An application runs on EC2 in us-east-1 and frequently reads objects from an S3 bucket that is physically located in us-west-2. The finance team reports unexpectedly high inter-Region data transfer charges because the application retrieves objects for many user requests. A constraint: the bucket in us-west-2 must remain the system of record for compliance, but the application can read from a replica in us-east-1. What should the solutions architect do to minimize network spend while meeting the compliance constraint?

A.Enable S3 Cross-Region Replication from the us-west-2 source bucket to a destination bucket in us-east-1, and update the app to read from the us-east-1 bucket.
B.Create an interface VPC endpoint for S3 in us-east-1 and keep all object reads pointing to the us-west-2 bucket.
C.Use VPC peering between two regions and route all requests to the us-west-2 bucket over the peering link.
D.Use Route 53 latency-based routing to send users to a us-west-2 web endpoint and keep the S3 bucket unchanged.
AnswerA

CRR keeps the west bucket as the source of record while creating a near-region copy to reduce inter-Region transfer on reads.

Why this answer

Option A is correct because S3 Cross-Region Replication (CRR) automatically replicates objects from the source bucket in us-west-2 to a destination bucket in us-east-1, satisfying the compliance requirement that the us-west-2 bucket remains the system of record. By updating the application to read from the us-east-1 bucket, all read traffic stays within the same region, eliminating inter-region data transfer charges for object retrievals. This approach directly addresses the cost issue while preserving the original bucket as the authoritative source.

Exam trap

The trap here is that candidates may assume VPC endpoints or peering can eliminate inter-region costs, but S3 data transfer charges are based on the bucket's physical region, not the network path, so only replicating the data locally avoids the charges.

How to eliminate wrong answers

Option B is wrong because an interface VPC endpoint for S3 in us-east-1 does not change the physical location of the bucket; the application would still read from the us-west-2 bucket, incurring inter-region data transfer charges for each request. Option C is wrong because VPC peering does not support inter-region traffic for S3; S3 is a regional service accessed via public endpoints or VPC endpoints, and VPC peering does not route traffic to S3 buckets in another region without additional NAT or gateway configurations, and it would still incur inter-region data transfer costs. Option D is wrong because Route 53 latency-based routing directs user traffic to a web endpoint in us-west-2, but the S3 bucket remains unchanged in us-west-2, so the application still reads from the remote bucket, incurring inter-region transfer charges; it does not create a local replica.

22
MCQmedium

A SaaS company uses an S3 bucket for database backups created daily. Backups are rarely restored; the company’s documented RTO is 24 hours, and the compliance policy requires backups be kept for 90 days. The team currently stores all backups in S3 Standard, which is costly. Which single lifecycle policy change is most cost-optimized while still meeting the 24-hour RTO and 90-day retention?

A.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Flexible Retrieval, and keep them until day 90.
B.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Instant Retrieval, and keep them until day 90.
C.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Deep Archive, and keep them until day 90 with no restore configuration.
D.Add a lifecycle rule to transition backups older than 1 day to S3 One Zone-IA, and delete them after 7 days.
AnswerA

Glacier Flexible Retrieval is intended for backups with infrequent access and supports restores within an RTO measured in hours.

Why this answer

Option A is correct because S3 Glacier Flexible Retrieval offers retrieval times ranging from minutes to hours, which comfortably meets the 24-hour RTO, while providing significant cost savings over S3 Standard for data that is rarely accessed. Transitioning backups older than 1 day to this storage class reduces costs without compromising the 90-day retention requirement.

Exam trap

The trap here is that candidates may choose S3 Glacier Deep Archive for maximum cost savings without considering that its standard retrieval time (12 hours) could fail to meet the 24-hour RTO under load or without expedited retrieval, which adds cost and complexity.

How to eliminate wrong answers

Option B is wrong because S3 Glacier Instant Retrieval is designed for data accessed once a quarter with millisecond retrieval, but it is more expensive than S3 Glacier Flexible Retrieval and not the most cost-optimized choice for backups that are rarely restored. Option C is wrong because S3 Glacier Deep Archive has a standard retrieval time of 12 hours, which can exceed the 24-hour RTO if restore requests are queued or require expedited retrieval (which costs more), and the option lacks a restore configuration, making it risky for meeting the RTO. Option D is wrong because S3 One Zone-IA does not provide the durability needed for compliance (data is lost if the single AZ fails), and deleting backups after 7 days violates the 90-day retention policy.

23
Multi-Selectmedium

A company runs a customer portal on self-managed PostgreSQL on EC2, plus a self-managed RabbitMQ cluster for asynchronous work that only requires durable queueing and does not depend on RabbitMQ-specific exchange features. The operations team spends a lot of time patching, backing up, and scaling both systems. The business wants to reduce infrastructure management overhead and total cost of ownership. Which two changes are the best fit? Select two.

Select 2 answers
A.Migrate PostgreSQL to Amazon RDS for PostgreSQL.
B.Replace RabbitMQ with Amazon SQS for asynchronous message handling.
C.Move PostgreSQL to Amazon DynamoDB without redesigning the application.
D.Replace RabbitMQ with another EC2-based broker cluster for more control.
E.Keep the same design and increase instance sizes to simplify maintenance.
AnswersA, B

Amazon RDS removes much of the undifferentiated heavy lifting for backups, patching, and high availability management. For a standard relational database workload, RDS usually lowers operational effort and total cost of ownership compared with a self-managed PostgreSQL deployment on EC2.

Why this answer

Option A is correct because migrating PostgreSQL to Amazon RDS for PostgreSQL offloads patching, backups, and scaling to AWS, reducing operational overhead. RDS automates OS and database patching, provides automated backups with point-in-time recovery, and supports vertical scaling with minimal downtime. This directly addresses the team's time spent on maintenance while lowering TCO compared to self-managed EC2.

Exam trap

The trap here is that candidates may think DynamoDB can replace any database to reduce costs, ignoring that it requires application redesign and cannot directly substitute a relational database like PostgreSQL.

24
Multi-Selectmedium

A startup runs two EC2-based workloads in the same AWS Region. Its customer-facing API is always on, and its nightly video transcoding fleet can restart jobs from checkpoints if an instance is interrupted. The finance team wants the lowest monthly compute cost without changing the application design. Which two actions should the team take? Select two.

Select 2 answers
A.Purchase an All Upfront Reserved Instance for the transcoding fleet only.
B.Buy a Compute Savings Plan to cover the always-on API baseline usage.
C.Run the transcoding fleet on Spot Instances because interrupted jobs can resume from checkpoints.
D.Increase the API instance size so CPU utilization stays below 30 percent.
E.Move the API tier to Dedicated Hosts to improve isolation and lower spend.
AnswersB, C

Savings Plans reduce cost for consistent compute usage and are well suited to the always-on API.

Why this answer

Option B is correct because a Compute Savings Plan offers the lowest cost for steady-state workloads like the always-on API by committing to a consistent amount of compute usage (measured in $/hour) across any EC2 instance family, size, or region, providing up to 66% savings compared to On-Demand. Option C is correct because the transcoding fleet can tolerate interruptions (jobs restart from checkpoints), making Spot Instances ideal for up to 90% discount over On-Demand, which directly minimizes compute cost without architectural changes.

Exam trap

The trap here is that candidates often choose Reserved Instances for the transcoding fleet (Option A) because they think 'always-on' workloads need RIs, but they overlook that Spot Instances are far cheaper for interruptible workloads, and a Compute Savings Plan (Option B) covers the API baseline more flexibly than an instance-specific RI.

25
Drag & Dropmedium

Order the steps for setting up an Application Load Balancer with an EC2 target group.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

ALB creation first, then target group, health checks, association, and testing.

26
Multi-Selectmedium

A data-processing application runs in private subnets and needs to read objects from Amazon S3 and write items to Amazon DynamoDB. The team currently routes all outbound traffic through a NAT Gateway, and monthly networking charges are rising. Which two changes will most directly reduce cost while keeping traffic on the AWS network? Select two.

Select 2 answers
A.Add an S3 gateway VPC endpoint to the private route tables.
B.Add a DynamoDB gateway VPC endpoint to the private route tables.
C.Add a second NAT Gateway in another Availability Zone.
D.Move the instances into public subnets so they can reach AWS services directly.
E.Send private subnet traffic to S3 and DynamoDB through an Internet Gateway route.
AnswersA, B

An S3 gateway endpoint lets the instances reach S3 without sending traffic through the NAT Gateway. Gateway endpoints are the standard low-cost pattern for S3 access from private subnets and keep traffic on the AWS network.

Why this answer

Adding an S3 gateway VPC endpoint allows instances in private subnets to access S3 directly over the AWS network without traversing the NAT Gateway, eliminating NAT data processing charges for S3 traffic. This reduces monthly networking costs while keeping traffic within the AWS backbone.

Exam trap

The trap here is that candidates often think DynamoDB requires an interface endpoint (which incurs hourly charges) rather than a gateway endpoint, but DynamoDB supports both, and the gateway endpoint is the cost-optimal choice for reducing NAT Gateway traffic.

27
MCQmedium

A production internal reporting portal runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy?

A.Spot Instances only
B.Dedicated Instances
C.Compute Savings Plan
D.S3 Intelligent-Tiering
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

A Compute Savings Plan offers the lowest prices on EC2 usage (up to 66% off On-Demand) in exchange for a 1- or 3-year commitment, and it automatically applies to any EC2 instance family in any region, giving the flexibility the team needs. Since the workload runs continuously with predictable usage for three years, this plan is ideal for reducing costs while retaining the ability to change instance families if needed.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with EC2 Instance Savings Plans, assuming any Savings Plan locks you to a specific instance family, but Compute Savings Plans provide broader flexibility across families and services.

How to eliminate wrong answers

Option A is wrong because Spot Instances are designed for fault-tolerant, interruptible workloads and can be terminated with a 2-minute notice, making them unsuitable for a continuously running production reporting portal. Option B is wrong because Dedicated Instances are physically isolated at the host hardware level and billed per instance, which does not inherently provide a discount and lacks the instance-family flexibility of a Savings Plan. Option D is wrong because S3 Intelligent-Tiering is a storage class for objects with changing access patterns, not a compute pricing model, and cannot be applied to EC2 instances.

28
Multi-Selectmedium

A company is running a stateful web application on EC2 instances that processes user uploads. The architecture currently uses a Multi-AZ deployment for high availability. Which three cost-optimization strategies can be applied without sacrificing high availability? (Choose three.)

Select 3 answers
.Replace Multi-AZ EC2 with a single-AZ deployment to reduce data transfer costs.
.Use an Amazon ElastiCache cluster in a single Availability Zone to reduce costs.
.Store uploaded files in Amazon S3 and use S3 Transfer Acceleration for uploads, then remove the local storage from EC2 instances.
.Use an Application Load Balancer with cross-zone load balancing disabled to reduce inter-AZ data transfer costs.
.Implement a NAT Gateway in each Availability Zone for outbound traffic to reduce data transfer costs.
.Use EC2 Auto Scaling with a mixed instances policy that includes Spot Instances for the stateless web tier, while using On-Demand for the stateful tier.

Why this answer

Storing uploaded files in Amazon S3 and using S3 Transfer Acceleration for uploads removes the need for local storage on EC2 instances, reducing storage costs and eliminating the cost of managing EBS volumes. This strategy does not affect high availability because S3 is inherently highly available and durable across multiple Availability Zones. Transfer Acceleration optimizes upload speed over the public internet without impacting the availability of the application.

Exam trap

The trap here is that candidates may think disabling cross-zone load balancing reduces availability, but it actually preserves high availability as long as each AZ has enough instances to handle failover, while reducing inter-AZ data transfer costs.

29
MCQeasy

CloudWatch metrics show your EC2 instances have average CPU utilization around 10% with stable performance over several weeks. The application does not require additional headroom right now. What is the most effective cost-optimization action?

A.Right-size the instances to a smaller size that matches the observed utilization
B.Increase the Auto Scaling desired capacity to add more instances
C.Switch to Spot Instances immediately even though interruptions would impact users
D.Disable detailed monitoring to reduce CPU usage from the monitoring agent
AnswerA

Right sizing reduces cost by matching instance capacity to actual demand. If average CPU is consistently low (around 10%) and performance is stable, it strongly indicates overprovisioning. Moving to a smaller instance (or a smaller capability within the same family) typically lowers hourly cost while maintaining sufficient capacity for the workload.

Why this answer

Right-sizing EC2 instances to match observed utilization is the most effective cost-optimization action because the current instances are over-provisioned (average CPU at 10%). By selecting a smaller instance type that aligns with the actual workload, you reduce hourly costs without impacting performance, as the application has stable behavior and no need for headroom.

Exam trap

The trap here is that candidates may think increasing capacity (Option B) or switching to Spot Instances (Option C) is always cost-effective, but they fail to recognize that right-sizing is the foundational first step before scaling or using Spot, especially when current utilization is low and stable.

How to eliminate wrong answers

Option B is wrong because increasing Auto Scaling desired capacity would add more instances, increasing costs without any performance need, and does not address the over-provisioning issue. Option C is wrong because switching to Spot Instances immediately risks interruptions that would impact users, and the question states the application does not require additional headroom but does not mention fault tolerance or interruption handling. Option D is wrong because disabling detailed monitoring does not reduce CPU usage from the monitoring agent (CloudWatch agent overhead is negligible), and it would remove valuable metrics needed for right-sizing decisions.

30
MCQhard

A risk simulation workload in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost?

A.A larger NAT gateway
B.Gateway VPC endpoint for Amazon S3
C.S3 Object Lambda
D.AWS Shield Advanced
AnswerB

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC endpoint for Amazon S3 allows instances in private subnets to access S3 directly via the AWS network, bypassing the NAT gateway entirely. This eliminates NAT data processing charges (per GB) for S3 traffic, which can be significant for large data downloads. The endpoint is free to use and routes traffic through AWS's private backbone, not the internet.

Exam trap

The trap here is that candidates often assume all VPC endpoints incur costs or require NAT gateways, but Gateway endpoints for S3 and DynamoDB are free and specifically designed to eliminate NAT data processing charges for those services.

How to eliminate wrong answers

Option A is wrong because a larger NAT gateway would increase, not reduce, costs due to higher hourly charges and data processing fees per GB. Option C is wrong because S3 Object Lambda is a feature for transforming data on the fly during retrieval, not for reducing network costs or bypassing a NAT gateway. Option D is wrong because AWS Shield Advanced is a DDoS protection service that adds cost and does not address NAT gateway data processing charges.

31
MCQhard

Based on the exhibit, the company runs a self-managed RabbitMQ cluster on EC2 for asynchronous work. The queue only needs durable at-least-once delivery, and the application does not require AMQP-specific features such as exchanges, routing keys, or broker plugins. Which change is the best cost-optimization move?

A.Replace RabbitMQ with Amazon SQS Standard and keep the workers unchanged except for the queue client library.
B.Replace RabbitMQ with Amazon MQ for RabbitMQ to keep the same protocol and reduce costs.
C.Increase the RabbitMQ instance size and add a fourth node for higher availability.
D.Move the queue to Amazon DynamoDB and use scans for consumers to detect new messages.
AnswerA

Amazon SQS is a fully managed queue that satisfies durable, at-least-once messaging without requiring broker administration. It removes the EC2 broker fleet, patching, backups, and failover testing, and it reduces outage risk from broker maintenance. Because the workload does not need AMQP-specific features such as exchanges or routing keys, SQS is the most cost-effective and operationally simple replacement.

Why this answer

Option A is correct because Amazon SQS Standard provides at-least-once delivery and durable message storage without requiring AMQP-specific features like exchanges or routing keys. Replacing RabbitMQ with SQS eliminates the operational overhead of managing EC2 instances and RabbitMQ clusters, while SQS's pay-per-request pricing is more cost-effective than running EC2 instances 24/7 for a self-managed queue.

Exam trap

The trap here is that candidates assume Amazon MQ for RabbitMQ is always the cheapest managed option, but SQS is more cost-effective when AMQP-specific features are not required, as it eliminates per-instance costs and leverages a serverless pricing model.

How to eliminate wrong answers

Option B is wrong because Amazon MQ for RabbitMQ is a managed broker service that still incurs hourly instance costs, which is typically more expensive than SQS's serverless, pay-per-request model for workloads that don't need AMQP features. Option C is wrong because increasing instance size and adding nodes increases costs without addressing the core cost-optimization goal, and the current setup already meets the requirements. Option D is wrong because DynamoDB is not a queue service; using scans to detect new messages is inefficient, costly (consumes read capacity units), and does not provide at-least-once delivery semantics or message visibility timeouts, leading to potential duplicate processing and higher latency.

32
MCQmedium

A risk simulation workload uses CloudWatch Logs heavily. Retaining all debug logs forever is increasing costs. What should be configured? The architecture review board prefers a managed AWS-native control.

A.CloudWatch Logs retention policies per log group
B.AWS Config aggregation
C.CloudWatch detailed monitoring on all instances
D.Route 53 health checks
AnswerA

Retention policies automatically delete older logs after the required period.

Why this answer

CloudWatch Logs retention policies allow you to set per-log-group expiration rules (e.g., 30 days, 90 days) to automatically delete old log events, directly reducing storage costs for debug logs that are no longer needed. This is a managed, AWS-native control that requires no custom scripts or external tools, aligning with the architecture review board's preference.

Exam trap

The trap here is that candidates may confuse CloudWatch Logs retention policies with CloudWatch metric retention (which is fixed at 15 months and cannot be changed), leading them to overlook the simple, cost-effective per-log-group expiration setting.

How to eliminate wrong answers

Option B is wrong because AWS Config aggregation is used to consolidate configuration and compliance data from multiple accounts/regions, not to manage log retention or costs. Option C is wrong because CloudWatch detailed monitoring on all instances increases metric data collection frequency (1-minute intervals) and incurs additional costs, doing nothing to reduce log storage expenses. Option D is wrong because Route 53 health checks monitor endpoint availability and DNS routing, not log retention or cost optimization.

33
Multi-Selectmedium

A company is designing a cost-optimized serverless architecture using AWS Lambda for a data processing workload. The workload runs multiple times per day and processes files up to 500 MB. Which three design decisions will help minimize costs? (Choose three.)

Select 3 answers
.Allocate the maximum memory (10,240 MB) to each Lambda function to reduce execution time.
.Use Lambda Provisioned Concurrency to ensure zero cold starts, improving performance.
.Optimize the Lambda function code to reduce execution duration, as cost is based on compute time.
.Store processed output in Amazon S3 using the S3 Standard-Infrequent Access (S3 Standard-IA) storage class if accessed infrequently.
.Use Amazon S3 batch operations to invoke Lambda functions in parallel, reducing overall processing time.
.Deploy Lambda functions in multiple Regions to reduce latency for global users.

Why this answer

Optimizing the Lambda function code to reduce execution duration directly lowers costs because AWS Lambda pricing is based on the number of requests and the duration of code execution, measured in GB-seconds. By writing efficient code, you reduce the compute time, which minimizes the billable GB-seconds. Storing processed output in S3 Standard-IA is cost-effective for infrequently accessed data, as it offers lower storage costs than S3 Standard while still providing high durability and availability.

Using S3 batch operations to invoke Lambda functions in parallel reduces the overall processing time by distributing the workload across multiple concurrent invocations, which can lower the total compute duration and thus the cost.

Exam trap

AWS often tests the misconception that more memory always reduces cost because it speeds up execution, but the trap is that cost is a product of memory and duration, so the optimal memory must be empirically determined, not set to the maximum.

34
MCQmedium

A team serves static content (JavaScript, CSS, images) from S3 through CloudFront. After a recent release, CloudFront reports a low cache hit ratio and the S3 origin receives a much higher request rate. The site still works, but billing shows higher origin and data transfer costs. Which change is most likely to improve cache hit ratio and reduce origin load?

A.Configure a CloudFront cache policy (or update HTTP cache-control headers) to increase TTLs for versioned static assets and enable compression for text assets.
B.Disable CloudFront access logging so fewer requests are recorded and billing decreases automatically.
C.Set the distribution’s origin to use S3 Transfer Acceleration to reduce the number of requests hitting S3.
D.Force CloudFront to forward query strings to the origin for all static content so the latest versions are always fetched.
AnswerA

CloudFront cache hit ratio improves when objects are cacheable for longer and requests can be served from edge caches. Proper TTLs for versioned assets prevent unnecessary revalidation. Compression reduces payload size for eligible content types, lowering transfer costs.

Why this answer

Option A is correct because increasing TTLs for versioned static assets via a CloudFront cache policy or HTTP Cache-Control headers ensures that CloudFront caches these immutable objects for longer periods, reducing the number of requests forwarded to the S3 origin. Enabling compression for text assets reduces the data transferred from origin to edge, further lowering origin load and costs. This directly addresses the low cache hit ratio and high origin request rate described in the scenario.

Exam trap

The trap here is that candidates may think forwarding query strings (Option D) ensures freshness, but it actually destroys cacheability for static assets, while the real solution is to use versioned filenames and increase TTLs to maximize edge caching.

How to eliminate wrong answers

Option B is wrong because disabling CloudFront access logging does not affect cache hit ratio or origin request rate; it only stops the generation of log files, which does not reduce billing for data transfer or origin requests. Option C is wrong because S3 Transfer Acceleration is designed to speed up uploads over long distances by using AWS edge locations, but it does not reduce the number of requests hitting S3; it actually adds a network hop and does not improve cache hit ratio. Option D is wrong because forcing CloudFront to forward query strings to the origin for all static content would bypass the edge cache for every request, drastically reducing the cache hit ratio and increasing origin load, which is the opposite of the desired outcome.

35
Multi-Selectmedium

A marketing site serves versioned JavaScript and CSS files from Amazon S3 through CloudFront. The origin bill is rising because CloudFront keeps fetching the same files too often, and the application never changes a file at the same URL once it is published. Which two changes should you make? Select two.

Select 2 answers
A.Set long-lived Cache-Control headers, such as a high max-age and immutable policy, on the versioned assets.
B.Configure the CloudFront cache policy to avoid forwarding unnecessary query strings, headers, and cookies.
C.Move the static assets to an EC2 web server behind an Application Load Balancer.
D.Disable CloudFront caching so every request always reaches the origin.
E.Add more viewer-facing headers to the cache key so each browser variation gets a unique cached object.
AnswersA, B

Versioned assets are ideal for long cache lifetimes because their URLs change when the content changes. Strong Cache-Control headers let CloudFront serve more requests from edge locations instead of repeatedly fetching the same files from S3.

Why this answer

Option A is correct because setting long-lived Cache-Control headers (e.g., `max-age=31536000` and `immutable`) on versioned assets tells CloudFront and browsers to cache the files aggressively. Since the application never changes a file at the same URL, this eliminates redundant origin fetches, directly reducing the origin bill.

Exam trap

The trap here is that candidates may think disabling caching (Option D) or adding more cache key variations (Option E) will improve performance, but both increase origin load and costs, while the correct approach is to leverage versioned URLs with aggressive caching headers.

36
MCQeasy

A team runs an Amazon NLB in a VPC with targets registered in multiple Availability Zones (AZs). Their bill shows high inter-AZ data transfer charges. They want to reduce unnecessary cross-AZ traffic costs while still maintaining healthy targets per AZ. What change is most likely to reduce inter-AZ charges?

A.Disable cross-zone load balancing on the NLB so each client is routed to targets in the same AZ when possible.
B.Enable cross-zone load balancing so all targets receive traffic from every AZ.
C.Move the NLB to a different Region so traffic is always kept local.
D.Replace the NLB with a NAT gateway to reduce data charges between AZs.
AnswerA

Disabling cross-zone load balancing helps keep traffic within the same AZ, reducing inter-AZ data transfer charges.

Why this answer

Option A is correct because disabling cross-zone load balancing on an NLB ensures that each client is routed only to targets within the same Availability Zone as the NLB node that receives the traffic. This eliminates inter-AZ data transfer charges because traffic never leaves the AZ boundary, while still maintaining healthy targets per AZ as each AZ independently handles its own client requests.

Exam trap

The trap here is that candidates often assume enabling cross-zone load balancing always reduces costs or improves performance, but in reality it increases inter-AZ data transfer charges, and the question specifically asks for cost reduction, not performance optimization.

How to eliminate wrong answers

Option B is wrong because enabling cross-zone load balancing distributes traffic across all targets in all AZs, which increases inter-AZ data transfer and raises costs, the opposite of the desired outcome. Option C is wrong because moving the NLB to a different Region does not reduce inter-AZ charges within the original VPC; it introduces cross-Region data transfer costs and latency, which are typically higher than inter-AZ charges. Option D is wrong because a NAT gateway is used for outbound internet traffic from private subnets, not for load balancing inbound traffic, and it does not reduce inter-AZ data transfer charges; in fact, NAT gateways themselves incur inter-AZ charges if used across AZs.

37
MCQeasy

An application serves static images through Amazon CloudFront. The team observes higher-than-expected origin fetches, which increases origin bandwidth costs. Which change most directly improves CloudFront cache reuse to reduce origin requests for the static content?

A.Set appropriate Cache-Control headers (or origin cache settings) so CloudFront caches responses longer
B.Disable caching for the distribution so every request goes back to the origin
C.Configure CloudFront to forward all request headers and query strings to the origin
D.Move the S3 bucket to a different AWS Region, without changing CloudFront caching behavior
AnswerA

Cache headers and TTL determine how long objects are kept in CloudFront’s edge caches. Longer caching for static assets increases the cache hit ratio, reducing how often requests must go back to the origin.

Why this answer

Option A is correct because setting appropriate Cache-Control headers (e.g., max-age or s-maxage) or configuring origin cache settings tells CloudFront how long to keep objects in its edge cache before revalidating with the origin. By extending the cache duration, CloudFront serves more requests from its cache, reducing the number of origin fetches and lowering bandwidth costs.

Exam trap

The trap here is that candidates may think forwarding all headers or query strings improves caching, but in reality it fragments the cache and increases origin requests, while disabling caching or moving the bucket does not address the root cause of low cache reuse.

How to eliminate wrong answers

Option B is wrong because disabling caching forces every request to go to the origin, which would drastically increase origin fetches and bandwidth costs, the opposite of the desired outcome. Option C is wrong because forwarding all headers and query strings to the origin reduces cache hit ratios, as CloudFront treats each unique combination as a separate cache key, leading to more origin requests. Option D is wrong because moving the S3 bucket to a different AWS Region does not change CloudFront's caching behavior; origin fetches depend on cache settings and request patterns, not the geographic location of the origin.

38
MCQeasy

Your team runs a batch processing workload on EC2 that can tolerate interruptions. If an instance is terminated, the job can restart from checkpoints. To reduce compute costs, what is the most cost-optimized approach?

A.Use EC2 Spot Instances for the batch workers
B.Use Dedicated Hosts to ensure capacity for the cheapest instance
C.Use On-Demand instances and schedule extra runs to offset interruptions
D.Use Reserved Instances only, because they eliminate instance termination events
AnswerA

Spot provides significantly lower pricing than On-Demand for interruptible workloads. Because the workload can restart from checkpoints, termination interruptions are acceptable and the application can recover efficiently, meeting both correctness and throughput requirements at a lower cost.

Why this answer

Spot Instances are ideal for fault-tolerant, interruption-tolerant batch workloads because they offer significant cost savings (up to 90% compared to On-Demand) while allowing the job to resume from checkpoints if terminated. This aligns perfectly with the requirement to reduce compute costs without compromising the ability to restart interrupted jobs.

Exam trap

The trap here is that candidates may confuse cost optimization with reliability, assuming that On-Demand or Reserved Instances are always safer, but the question explicitly states the workload can tolerate interruptions, making Spot the clear cost-optimized choice.

How to eliminate wrong answers

Option B is wrong because Dedicated Hosts are designed for licensing or compliance requirements, not cost optimization, and they are significantly more expensive than Spot or On-Demand instances. Option C is wrong because using On-Demand instances and scheduling extra runs does not reduce costs—On-Demand is the most expensive pricing model, and extra runs only increase total spend. Option D is wrong because Reserved Instances provide a discount for a commitment (1 or 3 years) but do not eliminate termination events; they still can be stopped or terminated, and they are not the most cost-effective choice for interruptible workloads compared to Spot.

39
MCQmedium

A marketing site stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost? The architecture review board prefers a managed AWS-native control.

A.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
B.Keep all logs in S3 Standard indefinitely
C.Use EBS snapshots for the logs
D.Move all logs immediately to S3 Glacier Deep Archive
AnswerA

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

Option A is correct because an S3 Lifecycle policy is a managed AWS-native feature that automatically transitions objects to lower-cost storage classes (e.g., S3 Standard-IA after 30 days, S3 Glacier Instant Retrieval or S3 Glacier Flexible Retrieval after one year) based on age, reducing storage costs while maintaining compliance. This aligns with the access pattern: frequent queries for 30 days, rare access for a year, then long-term retention. It avoids manual intervention and optimizes cost without sacrificing availability or retrieval needs.

Exam trap

The trap here is that candidates may choose Option D (immediate move to Glacier Deep Archive) thinking it maximizes cost savings, but they overlook the 30-day query requirement, which necessitates a storage class that supports frequent access (like S3 Standard-IA) before transitioning to archival storage.

How to eliminate wrong answers

Option B is wrong because keeping all logs in S3 Standard indefinitely incurs the highest per-GB storage cost, ignoring the significant savings from transitioning to lower-cost tiers for data that is rarely accessed after 30 days. Option C is wrong because EBS snapshots are designed for block-level backups of EC2 instances, not for storing log files from S3; they are not a native S3 solution, incur additional costs for snapshot storage and data transfer, and violate the architecture review board's preference for a managed AWS-native control. Option D is wrong because moving all logs immediately to S3 Glacier Deep Archive (which has retrieval times of 12+ hours and high retrieval costs) would prevent the 30-day querying requirement, as the data would be inaccessible for frequent queries without significant delay and expense.

40
MCQhard

A risk simulation workload generates analytics files that are accessed unpredictably. Some files become hot again months later. The team wants automatic storage cost optimisation without retrieval delays. What should be used? The design must avoid adding custom operational scripts.

A.Manual monthly review and object copying
B.S3 Glacier Flexible Retrieval for all files
C.S3 Intelligent-Tiering
D.EFS One Zone for analytics files
AnswerC

Intelligent-Tiering automatically moves objects between access tiers based on usage while preserving low-latency access.

Why this answer

S3 Intelligent-Tiering automatically moves objects between access tiers (frequent, infrequent, and archive instant access) based on changing access patterns, with no retrieval delays for hot objects and no operational overhead. This matches the unpredictable access pattern where files become hot again months later, as Intelligent-Tiering monitors access at the object level and adjusts storage class without manual intervention or custom scripts.

Exam trap

The trap here is that candidates may choose S3 Glacier Flexible Retrieval because it is cheaper for cold data, but they overlook the 'no retrieval delays' requirement, as Glacier Flexible Retrieval has a retrieval time of minutes to hours, making it unsuitable for files that become hot again unpredictably.

How to eliminate wrong answers

Option A is wrong because manual monthly review and object copying introduces operational overhead and potential retrieval delays, violating the requirement to avoid custom operational scripts and automatic cost optimisation. Option B is wrong because S3 Glacier Flexible Retrieval has retrieval delays (minutes to hours) for files that become hot again, which violates the 'no retrieval delays' requirement. Option D is wrong because EFS One Zone is a file system, not an object storage service, and does not provide automatic storage class tiering based on access patterns; it also incurs costs for all data regardless of access frequency.

41
MCQmedium

A team runs an EC2-based API on a single Auto Scaling group (ASG). Over the last month, they observed: - Average CPU utilization is ~15%. - p95 latency is stable and within the performance target. - The attached EBS volumes are gp3, provisioned with high baseline IOPS/throughput “just to be safe,” but CloudWatch shows consistently low utilization of those provisioned IOPS/throughput limits. They want to reduce monthly cost while maintaining current performance. Which action is the best cost-optimized choice?

A.Stop resizing EBS and only scale out the ASG during peak traffic, because changing EBS performance settings risks latency spikes.
B.Right-size both the compute and the gp3 volumes: reduce the EC2 instance size (via the ASG launch template/desired capacity configuration) and update gp3 IOPS/throughput settings to match observed utilization while keeping p95 latency targets.
C.Switch the instances to EC2 Spot immediately, because Spot always lowers costs without adding operational risk or affecting performance.
D.Move the workload to a larger instance class and keep the gp3 settings unchanged to avoid operational tuning work.
AnswerB

The metrics indicate headroom that is not being used (low CPU, stable latency, and low gp3 utilization). The most direct cost optimization is to reduce overprovisioned spend by right-sizing the instance type and tuning gp3 IOPS/throughput to match actual demand. Because performance and latency are already stable, these changes are the most likely to reduce cost without degrading performance.

Why this answer

Option B is correct because the workload is over-provisioned in both compute and storage. Average CPU is only 15%, so a smaller instance size can handle the load without affecting p95 latency. The gp3 volumes have high baseline IOPS/throughput that are never used, so reducing them to match actual utilization directly lowers costs without performance risk.

Exam trap

The trap here is that candidates assume EBS performance settings are fixed or risky to change, or that scaling out the ASG is always the best cost optimization, when in fact gp3 allows flexible, no-downtime IOPS/throughput adjustments and the real savings come from matching provisioned resources to actual utilization.

How to eliminate wrong answers

Option A is wrong because stopping EBS resizing and only scaling out the ASG during peak traffic ignores the clear over-provisioning of gp3 IOPS/throughput, which is a direct source of unnecessary cost; changing gp3 settings (downward) does not risk latency spikes if you stay above the observed utilization. Option C is wrong because switching to Spot instances introduces the risk of interruption (Spot can be reclaimed with a 2-minute warning), which could cause API latency spikes or failures if the workload is not designed for Spot termination handling; the statement that Spot always lowers costs without operational risk is false. Option D is wrong because moving to a larger instance class would increase compute cost without addressing the over-provisioned gp3 volumes, and the current performance is already meeting targets, so larger instances are unnecessary.

42
Drag & Dropmedium

Order the steps to set up an Amazon CloudFront distribution with an S3 origin.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

S3 bucket first, then CloudFront distribution, cache settings, OAI creation, and bucket policy update.

43
MCQeasy

A media company runs a batch job that processes image thumbnails. The job can be restarted from checkpoints and does not have user-facing SLAs. The batch capacity can tolerate interruptions. Which EC2 purchasing option is the best cost optimization choice?

A.Use On-Demand Instances because interruptions are not allowed for production workloads.
B.Use EC2 Spot Instances, accepting the possibility of interruptions and using checkpoints to resume.
C.Purchase Reserved Instances because they provide a discount regardless of the workload timing.
D.Buy Savings Plans because they guarantee capacity and remove the risk of interruptions entirely.
AnswerB

Spot Instances are typically the cheapest option for workloads that can tolerate interruptions with recovery.

Why this answer

Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, stateless, or checkpointable workloads. Since the batch job can restart from checkpoints and tolerates interruptions, Spot Instances provide the best cost optimization without compromising functionality.

Exam trap

The trap here is that candidates often assume Spot Instances are only for non-production or test workloads, but the SAA-C03 exam emphasizes that Spot Instances are suitable for any fault-tolerant or checkpointable production workload, including batch processing, big data, and containerized applications.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are not cost-optimized for workloads that can tolerate interruptions; the statement that 'interruptions are not allowed for production workloads' is a misconception, as many production workloads (e.g., batch processing, CI/CD) run successfully on Spot. Option C is wrong because Reserved Instances require a 1- or 3-year commitment and are best for steady-state, predictable workloads, not for a batch job that can be interrupted and does not need guaranteed capacity. Option D is wrong because Savings Plans provide a discount based on a commitment to a consistent amount of compute usage (measured in $/hour) but do not guarantee capacity or remove the risk of interruptions; they are a billing discount mechanism, not a capacity reservation.

44
MCQmedium

A development team expects their EC2 utilization to average about 40% of capacity across the next year. They want to lower costs but need flexibility to change instance families and sizes as requirements evolve (for example, moving from compute-optimized to memory-optimized instances). Which AWS purchasing commitment best meets the goal of reducing cost while keeping flexibility?

A.Compute Savings Plans, sized to the expected average usage, because they provide savings across instance families and usage types.
B.All Upfront EC2 Instance Reserved Instances for a single instance family to maximize discount.
C.Spot Instances for the entire workload so they can avoid commitments entirely.
D.On-Demand Instances with increased Auto Scaling to match the peak month only.
AnswerA

Compute Savings Plans provide a discount for a consistent amount of EC2 (and related covered usage) in a region while allowing flexibility to change instance families and sizes within the covered scope. Because the team’s requirements may evolve and they primarily need to manage average utilization (40% baseline), Compute Savings Plans match both the cost-reduction goal and the flexibility requirement better than instance-specific commitments.

Why this answer

Compute Savings Plans offer the best balance of cost reduction and flexibility for this scenario. They provide up to 66% savings in exchange for a commitment to a consistent amount of compute usage (measured in $/hour), but unlike Reserved Instances, they automatically apply to any EC2 instance family, size, OS, or region (within a given AWS region). This allows the team to switch from compute-optimized to memory-optimized instances as needs evolve without losing the discount, directly meeting the requirement for flexibility while lowering costs.

Exam trap

The trap here is that candidates often confuse Reserved Instances (which lock to a specific instance family) with Savings Plans (which offer cross-family flexibility), leading them to choose Option B for the higher discount without considering the flexibility requirement.

How to eliminate wrong answers

Option B is wrong because All Upfront EC2 Instance Reserved Instances lock the team into a single instance family (e.g., C5) and size, which eliminates the flexibility to change instance families as requirements evolve. Option C is wrong because Spot Instances can be terminated by AWS with only a 2-minute warning if capacity is reclaimed, making them unsuitable for a steady-state workload that expects 40% average utilization across the year; they also do not provide a guaranteed cost commitment. Option D is wrong because On-Demand Instances with increased Auto Scaling to match the peak month only does not reduce costs for the average 40% utilization; it actually increases costs by paying full On-Demand rates for all usage, and Auto Scaling alone does not provide a discount.

45
Multi-Selectmedium

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer. The workload is predictable during business hours but has low usage at night. Which three options can reduce costs without compromising performance? (Choose three.)

Select 3 answers
.Use a single large EC2 instance to handle all traffic, reducing the number of running instances.
.Purchase Compute Savings Plans to cover the baseline EC2 usage during business hours.
.Configure a scheduled auto scaling policy to reduce the number of instances during off-peak hours.
.Replace the Application Load Balancer with a Network Load Balancer, which is cheaper per hour.
.Use EC2 Spot Instances for the entire workload to achieve the lowest possible cost.
.Implement a scaling policy based on CPU utilization to right-size the fleet dynamically.

Why this answer

Compute Savings Plans offer significant discounts (up to 66%) compared to On-Demand pricing in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) over a 1- or 3-year term. They apply to EC2 instances, AWS Fargate, and Lambda, making them ideal for covering the predictable baseline workload during business hours. This reduces costs without affecting performance because the instances continue to run at full capacity.

Exam trap

The trap here is that candidates often confuse cost-reduction strategies that sacrifice reliability (like using Spot Instances for all traffic) with those that maintain performance, or they incorrectly assume a cheaper load balancer type can replace application-layer features without consequence.

46
MCQhard

A batch analytics job currently uses two NAT gateways in each of three Availability Zones, but only one private subnet per AZ needs outbound internet access. What should the architect review first? The architecture review board prefers a managed AWS-native control.

A.Replacing every NAT gateway with an internet gateway attached to private subnets
B.Whether one NAT gateway per AZ is sufficient for the required private subnets
C.Disabling route tables
D.Moving all workloads to public subnets
AnswerB

NAT gateways are normally deployed per AZ for resilience; duplicate NAT gateways in the same AZ may be unnecessary.

Why this answer

The architecture currently uses two NAT gateways per AZ, but only one private subnet per AZ requires outbound internet access. Since a single NAT gateway in an AZ can serve all private subnets in that AZ via the route table, the first step is to verify whether one NAT gateway per AZ is sufficient for the required throughput and availability. This aligns with cost optimization by eliminating unnecessary NAT gateway hourly charges and data processing fees.

Exam trap

The trap here is that candidates assume more NAT gateways automatically mean better availability or performance, overlooking that a single NAT gateway per AZ is often sufficient and that cost optimization should be the first review priority when multiple gateways are deployed per AZ.

How to eliminate wrong answers

Option A is wrong because an internet gateway (IGW) cannot be attached to private subnets; IGWs are used for public subnets and direct inbound/outbound internet access, not for outbound-only access from private subnets. Option C is wrong because disabling route tables would break all network connectivity, not just outbound internet access, and is not a valid optimization technique. Option D is wrong because moving all workloads to public subnets would expose them directly to the internet, violating security best practices and the requirement for a managed AWS-native control.

47
Multi-Selectmedium

A development team stores application logs in Amazon CloudWatch Logs and has enabled detailed EC2 monitoring on every instance. Auditors require the logs to be retained for 90 days, but the operations team only needs the last 7 days to remain searchable in CloudWatch. Which two actions should they take to reduce monitoring cost? Select two.

Select 2 answers
A.Set the CloudWatch Logs retention period to 7 days and export or archive older logs in Amazon S3 or S3 Glacier for the remaining retention period.
B.Disable detailed EC2 monitoring and rely on basic monitoring unless a one-minute metric collection interval is specifically required.
C.Set the CloudWatch Logs retention period to 90 days so everything stays searchable in CloudWatch.
D.Send logs to DynamoDB because it is cheaper for long-term retention.
E.Enable detailed monitoring only during peak business hours on every instance.
AnswersA, B

CloudWatch Logs is the expensive searchable tier, so keeping only the last 7 days there reduces stored log volume and ongoing cost. Older logs can be archived to S3 or S3 Glacier to satisfy the 90-day retention requirement without paying CloudWatch prices for data that is rarely queried.

Why this answer

Option A is correct because CloudWatch Logs charges for data storage and search capabilities. By setting the retention period to 7 days, logs older than 7 days are automatically deleted from CloudWatch, eliminating ongoing storage and search costs. Exporting or archiving these logs to Amazon S3 or S3 Glacier satisfies the 90-day audit requirement at a much lower cost, as S3 and Glacier have minimal storage fees and no search costs.

Exam trap

The trap here is that candidates may think keeping logs searchable in CloudWatch for the full 90 days is simpler and cost-effective, overlooking the fact that CloudWatch Logs storage and search costs far exceed S3/Glacier for long-term retention, and that detailed monitoring is an independent cost driver unrelated to log retention.

48
MCQmedium

A log archive serves infrequently accessed user documents that must be available immediately when requested. Which S3 storage class is likely the best cost fit?

A.Instance store volumes
B.S3 Standard-IA or S3 One Zone-IA depending on resilience requirements
C.S3 Standard for all objects
D.S3 Glacier Deep Archive
AnswerB

Infrequent Access classes reduce storage cost while keeping millisecond retrieval.

Why this answer

S3 Standard-IA or S3 One Zone-IA is the best cost fit because the workload involves infrequently accessed data that requires immediate retrieval (millisecond latency). Standard-IA offers lower storage cost than S3 Standard while maintaining high durability and low-latency access, and One Zone-IA provides even lower cost for data that can tolerate a single-AZ failure. Both classes meet the 'available immediately' requirement, unlike Glacier tiers which have retrieval delays.

Exam trap

The trap here is that candidates often confuse 'infrequently accessed' with 'archival' and choose Glacier Deep Archive, forgetting that the requirement for immediate availability eliminates any Glacier tier due to its retrieval delays.

How to eliminate wrong answers

Option A is wrong because instance store volumes are ephemeral block storage attached to EC2 instances, not an S3 storage class, and they lose data on instance stop/termination, making them unsuitable for durable log archives. Option C is wrong because S3 Standard is designed for frequently accessed data with higher storage cost per GB, leading to unnecessary expense for infrequently accessed logs. Option D is wrong because S3 Glacier Deep Archive has retrieval times of 12–48 hours, which violates the 'available immediately' requirement.

49
MCQeasy

A company stores user uploads in an S3 bucket. Objects are accessed rarely after upload, but when an object is accessed, it must be retrievable quickly (minutes to a few hours). Objects must be retained for at least 18 months. The team wants to reduce storage cost while meeting these requirements. Which lifecycle configuration best fits these requirements?

A.Keep all objects in S3 Standard permanently to avoid lifecycle transition fees.
B.After 30 days, transition objects to S3 Glacier Instant Retrieval, and after 18 months, expire (delete) the objects.
C.After 30 days, transition objects to S3 Intelligent-Tiering, and set expiration to 12 months.
D.After 30 days, transition objects to S3 Glacier Deep Archive, and set expiration to 18 months.
AnswerB

The prompt requires (1) cost reduction for data that becomes infrequently accessed and (2) quick retrieval when accessed again, and (3) a minimum retention of at least 18 months. Glacier Instant Retrieval is intended for data that is accessed occasionally and needs fast retrieval. Transitioning after 30 days moves the long-term, rarely accessed portion of the data to a cheaper class, while expiring at 18 months satisfies the explicit retention requirement (the objects remain for at least 18 months).

Why this answer

Option B is correct because it transitions objects to S3 Glacier Instant Retrieval after 30 days, which provides millisecond retrieval for rarely accessed data, meeting the quick retrieval requirement. The 18-month expiration ensures compliance with the retention policy while minimizing storage costs compared to keeping data in S3 Standard.

Exam trap

The trap here is that candidates may confuse retrieval time requirements: S3 Glacier Deep Archive is cheaper but has retrieval times of hours, not minutes, and S3 Intelligent-Tiering is for unpredictable access, not for data that is rarely accessed after upload.

How to eliminate wrong answers

Option A is wrong because keeping all objects in S3 Standard permanently ignores the cost-saving opportunity of lifecycle transitions; S3 Standard is more expensive for rarely accessed data, and there are no lifecycle transition fees for moving to colder storage classes. Option C is wrong because S3 Intelligent-Tiering is designed for unpredictable access patterns, not for data that is rarely accessed after upload, and setting expiration to 12 months violates the 18-month retention requirement. Option D is wrong because S3 Glacier Deep Archive has retrieval times of 12-48 hours, which does not meet the requirement of retrievable within minutes to a few hours.

50
MCQmedium

A dev sandbox runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost?

A.On-Demand Instances only
B.Spot Instances
C.Dedicated Hosts
D.Provisioned IOPS volumes
AnswerB

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances can be interrupted and restarted, making them ideal for fault-tolerant workloads like a nightly dev sandbox. They offer significant cost savings (up to 90% off On-Demand) because they use spare AWS EC2 capacity, which aligns perfectly with the scenario's tolerance for interruption.

Exam trap

The trap here is that candidates confuse 'interruptible' with 'unreliable' and choose On-Demand for stability, missing that Spot Instances are explicitly designed for fault-tolerant, non-critical workloads like a nightly dev sandbox.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are billed per second with no interruption, which is unnecessary for a workload that can be stopped and resumed, leading to higher costs. Option C is wrong because Dedicated Hosts provide physical servers for licensing or compliance needs, which is overkill and expensive for a simple dev sandbox. Option D is wrong because Provisioned IOPS volumes are a storage option (EBS), not an EC2 purchasing option, and do not directly affect compute cost optimization.

51
MCQmedium

A marketing site has EC2 instances that are oversized based on CPU, memory, and network utilisation. Which AWS service should identify rightsizing recommendations? The design must avoid adding custom operational scripts.

A.AWS Shield
B.AWS Compute Optimizer
C.AWS DataSync
D.AWS Artifact
AnswerB

Compute Optimizer analyses utilisation metrics and recommends rightsizing for supported resources.

Why this answer

AWS Compute Optimizer analyzes historical utilization metrics (CPU, memory, network) of EC2 instances and generates rightsizing recommendations to reduce cost without compromising performance. It uses machine learning to identify over-provisioned resources and suggests instance type changes, all without requiring custom scripts or agents.

Exam trap

The trap here is that candidates may confuse AWS Compute Optimizer with AWS Trusted Advisor, but Trusted Advisor provides general cost optimization checks while Compute Optimizer specifically delivers granular, ML-driven rightsizing recommendations for EC2 and other compute resources.

How to eliminate wrong answers

Option A is wrong because AWS Shield is a managed DDoS protection service, not a resource optimization or rightsizing tool. Option C is wrong because AWS DataSync is used for transferring large amounts of data between on-premises storage and AWS services, not for analyzing EC2 utilization or recommending instance sizes. Option D is wrong because AWS Artifact provides on-demand access to AWS compliance reports and agreements, not cost optimization or rightsizing recommendations.

52
MCQmedium

A test environment runs on x86 EC2 instances and uses open-source software with no architecture-specific licensing restriction. What should be evaluated to reduce compute cost?

A.Cross-Region data replication for all data
B.AWS Graviton-based instances after performance testing
C.io2 Block Express volumes for all instances
D.Dedicated Hosts by default
AnswerB

Graviton instances often provide better price performance for compatible workloads.

Why this answer

AWS Graviton-based instances (e.g., M6g, C6g) use Arm-based custom AWS silicon, offering up to 40% better price-performance compared to comparable x86 instances for many workloads. Since the test environment runs open-source software with no architecture-specific licensing restrictions, migrating to Graviton after performance testing can significantly reduce compute costs without compatibility issues.

Exam trap

The trap here is that candidates may assume all cost optimization involves reducing instance size or using Spot Instances, but the question specifically tests knowledge of architecture-specific cost savings with Graviton when no licensing restrictions exist.

How to eliminate wrong answers

Option A is wrong because cross-Region data replication increases data transfer and storage costs, not compute costs, and is a data durability/disaster recovery feature, not a cost optimization for compute. Option C is wrong because io2 Block Express volumes are high-performance, high-cost SSD volumes designed for latency-sensitive workloads, not a compute cost reduction strategy; they would increase storage costs unnecessarily for a test environment. Option D is wrong because Dedicated Hosts incur additional per-host charges and are intended for licensing or compliance requirements (e.g., Windows Server with dedicated licensing), not for general compute cost reduction; using them by default would increase costs.

53
Multi-Selecthard

A photo studio stores original project archives in Amazon S3. Objects are read heavily for 14 days after upload, occasionally during the next 11 months, and almost never after one year. The team wants the lowest storage cost while keeping retrieval within minutes during the first year. Which three actions are best? Select three.

Select 3 answers
A.Keep new objects in S3 Standard for the first 14 days.
B.Transition objects to S3 Standard-IA after 14 days.
C.Transition objects to S3 Glacier Flexible Retrieval after 14 days.
D.Transition objects to S3 Glacier Deep Archive after one year.
E.Disable versioning to make the lifecycle rules work correctly.
AnswersA, B, D

Correct. Standard is appropriate for the initial hot-access period because the data is read frequently and needs immediate performance. Using a cheaper archive tier too early would increase retrieval latency and likely access costs.

Why this answer

A is correct because S3 Standard is designed for frequently accessed data with low latency and high throughput, making it ideal for the first 14 days when objects are read heavily. After this period, transitioning to S3 Standard-IA reduces storage costs while still providing millisecond retrieval for occasional access during the next 11 months.

Exam trap

The trap here is that candidates might choose Glacier Flexible Retrieval for the 14-day transition, overlooking that its retrieval time (minutes to hours) does not meet the 'within minutes' requirement for the first year, whereas Standard-IA provides both cost savings and instant retrieval.

54
Multi-Selectmedium

An internal rendering job runs on EC2 workers in an Auto Scaling group. Each job writes checkpoints every few minutes to S3 and can resume from the latest checkpoint after an interruption. The queue depth varies sharply, and the team wants the lowest possible compute cost. Which two changes should they make? Select two.

Select 2 answers
A.Run the worker fleet on EC2 Spot Instances.
B.Purchase Dedicated Hosts so the fleet keeps physical servers reserved for the workload.
C.Use a Mixed Instances Policy with several compatible instance types and Spot capacity-optimized allocation.
D.Run the entire fleet on On-Demand Instances to avoid any interruption risk.
E.Move the workers to AWS Outposts to keep compute close to the data.
AnswersA, C

Spot Instances usually provide the lowest EC2 compute price and fit workloads that can tolerate interruption. Because the job checkpoints to S3, the application can resume after Spot interruptions without losing all progress.

Why this answer

Option A is correct because Spot Instances can be interrupted with a two-minute warning, and since the rendering job writes checkpoints to S3 every few minutes and can resume from the latest checkpoint, it is fault-tolerant to interruptions. This allows the team to leverage the significantly lower cost of Spot Instances (up to 90% off On-Demand) while maintaining job completion, achieving the lowest compute cost for variable queue depths.

Exam trap

The trap here is that candidates often choose On-Demand Instances (Option D) to avoid interruption risk, overlooking that the checkpointing mechanism makes Spot Instances viable and far more cost-effective, or they select Dedicated Hosts (Option B) thinking physical isolation improves reliability, but it actually increases cost without benefit for this fault-tolerant workload.

55
MCQmedium

A media company runs a nightly batch job that processes video thumbnails. The batch can be interrupted at any time, and workers can resume automatically from checkpoints (a termination does not corrupt progress). The business goal is the lowest possible compute cost, and occasional interruptions are acceptable as long as the job continues automatically. Which approach is most cost-optimized?

A.Run the job on On-Demand EC2 instances to avoid interruptions
B.Use EC2 Spot Instances and implement interruption handling with checkpoint-based restarts
C.Buy Reserved Instances for the entire job window because interruptions are acceptable anyway
D.Use Savings Plans but schedule the job only during business hours to reduce the commit cost
AnswerB

Spot Instances are designed for workloads that can handle interruptions. With checkpoint-based restarts, the application can tolerate Spot termination events and still complete the batch, while capturing Spot’s lower compute pricing.

Why this answer

Option B is correct because Spot Instances offer the lowest compute cost (up to 90% discount vs. On-Demand) and the checkpoint-based design ensures that interruptions are handled gracefully without data loss. The job can resume automatically from the last checkpoint, making Spot Instances ideal for fault-tolerant, interruptible batch workloads.

Exam trap

The trap here is that candidates assume Reserved Instances or Savings Plans are always cheaper for predictable workloads, but they overlook that Spot Instances can be even cheaper and are perfectly suited for fault-tolerant, interruptible batch jobs without any upfront commitment.

How to eliminate wrong answers

Option A is wrong because On-Demand instances are significantly more expensive than Spot Instances, and the business explicitly accepts occasional interruptions, so paying a premium for uninterrupted compute is not cost-optimized. Option C is wrong because Reserved Instances require a 1- or 3-year commitment and are designed for steady-state workloads, not for a nightly batch job that can be interrupted; the cost savings are less than Spot and the commitment is unnecessary. Option D is wrong because Savings Plans also require a commitment (1 or 3 years) and scheduling the job only during business hours does not reduce the commit cost; the job runs nightly, so this approach would either waste committed spend or require overprovisioning, making it less cost-effective than Spot.

56
MCQmedium

A data engineering team runs a nightly ETL job on EC2. The job can be checkpointed every 5 minutes and can be retried from the last checkpoint if the instance terminates. The job runtime varies from 2 to 4 hours, and the team has no need for a specific instance type, as long as it completes before 7:00 AM local time. They currently run the job on On-Demand EC2, leading to high monthly compute cost. Which change best reduces cost while maintaining the business deadline?

A.Use Spot Instances for the ETL workload, and configure the job to checkpoint frequently and restart on interruption.
B.Use Reserved Instances with a 1-year term to lower costs, since reservations provide discounts for any usage.
C.Switch to On-Demand but enable Auto Scaling so the job finishes faster during peak hours.
D.Use Spot Instances but disable checkpointing to simplify the application.
AnswerA

Spot can significantly reduce costs, and checkpointing plus retries mitigate interruption risk.

Why this answer

Spot Instances offer significant cost savings (up to 90%) compared to On-Demand, and the ETL job's ability to checkpoint every 5 minutes and restart from the last checkpoint makes it resilient to Spot interruptions. This allows the team to meet the 7:00 AM deadline while drastically reducing compute costs, as the job can be retried on new Spot capacity if interrupted.

Exam trap

The trap here is that candidates may overlook the checkpointing requirement and choose Reserved Instances (B) thinking they always reduce costs, or disable checkpointing (D) assuming simplicity is better, without realizing that Spot Instances require fault tolerance to be cost-effective.

How to eliminate wrong answers

Option B is wrong because Reserved Instances require a 1-year or 3-year commitment and are cost-effective only for steady-state, predictable workloads; the variable 2–4 hour nightly job does not justify the upfront commitment and would still incur high costs for unused reservation hours. Option C is wrong because enabling Auto Scaling on On-Demand instances would increase costs (more instances running) and does not address the core issue of high On-Demand pricing; the job already completes within the deadline, so faster execution is unnecessary. Option D is wrong because disabling checkpointing removes the fault-tolerance mechanism that makes Spot Instances viable; without checkpointing, an interruption would force a full job restart, risking failure to meet the 7:00 AM deadline.

57
Multi-Selecthard

A SaaS vendor has a steady 24/7 control plane on ECS and several small event-driven tasks that currently run on a separate always-on service. Management wants the billing discount that applies across both ECS and Lambda usage without committing to a specific instance family. Which two actions are best? Select two.

Select 2 answers
A.Buy a Compute Savings Plan for the predictable baseline usage.
B.Move the event-driven tasks to AWS Lambda instead of keeping a separate always-on service.
C.Buy an EC2 Instance Savings Plan tied to one instance family for all workloads.
D.Use Spot Instances for the control plane because it is the largest bill.
E.Increase the ECS desired count so Lambda can be removed.
AnswersA, B

Correct. A Compute Savings Plan discounts predictable compute spend across ECS and Lambda without binding the team to one instance family. That flexibility matches a mixed compute estate and avoids overcommitting.

Why this answer

A Compute Savings Plan offers the largest discount (up to 66%) across both ECS and Lambda usage without committing to a specific instance family, which matches the requirement for a flexible discount. It applies to any EC2 instance, including those used by ECS, and also covers AWS Lambda compute usage, making it ideal for mixed workloads with predictable baseline usage.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with EC2 Instance Savings Plans, assuming any Savings Plan covers Lambda, or they overlook that Compute Savings Plans are the only option that spans both ECS and Lambda without instance family restrictions.

58
MCQeasy

A company has a steady, predictable workload that must run continuously (24/7) in a single AWS Region. The team wants the lowest cost option available for this steady usage, but also expects they may choose different EC2 instance families in the future (without re-buying compute discounts). Which AWS purchase option best meets these goals?

A.On-Demand Instances only, because they automatically adjust to future needs
B.Compute Savings Plans, committed for a 1- to 3-year term in the Region
C.Standard Reserved Instances tied to a single instance type and Availability Zone
D.EC2 Spot Instances, because they are always cheaper than savings programs
AnswerB

Compute Savings Plans provide discounted pricing in exchange for committing to a consistent hourly spend (scoped to a Region). They apply to EC2 usage and are flexible enough that you can change EC2 instance families over time while still receiving the Savings Plans discount within the commitment scope.

Why this answer

Compute Savings Plans offer the lowest cost for steady, predictable workloads while providing instance family flexibility within a Region. Unlike Reserved Instances, they automatically apply discounts to any EC2 instance family (and even Fargate/Lambda) in the chosen Region, so the company can switch instance families in the future without losing the discount. A 1- or 3-year commitment yields significant savings (up to 66%) compared to On-Demand, making it the optimal choice for this scenario.

Exam trap

The trap here is that candidates often confuse Reserved Instances (which lock instance family and AZ) with Savings Plans (which offer regional flexibility), leading them to choose Standard Reserved Instances despite the stated requirement for future instance family changes.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances have no upfront commitment and are the most expensive pricing model, failing the 'lowest cost' requirement for a steady 24/7 workload. Option C is wrong because Standard Reserved Instances are tied to a specific instance type and Availability Zone, so changing instance families would forfeit the discount, directly contradicting the requirement for future flexibility. Option D is wrong because Spot Instances can be interrupted with a 2-minute warning and are not suitable for a continuous 24/7 workload; they are also not always cheaper than savings programs when considering the risk of interruption and potential need for fallback capacity.

59
MCQmedium

A production log archive runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy? The architecture review board prefers a managed AWS-native control.

A.S3 Intelligent-Tiering
B.Dedicated Instances
C.Compute Savings Plan
D.Spot Instances only
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

A Compute Savings Plan offers the lowest prices on EC2 compute usage (up to 66% off On-Demand) in exchange for a 1- or 3-year commitment, while allowing instance-family flexibility across any region, OS, or tenancy. This matches the predictable three-year workload and the team's requirement for instance-family flexibility, and it is a managed AWS-native offering (no manual reservation management).

Exam trap

The trap here is confusing Savings Plans (which offer flexibility across instance families) with Reserved Instances (which lock to a specific instance family), or assuming Spot Instances can be used for a continuous production workload despite their interruption risk.

How to eliminate wrong answers

Option A is wrong because S3 Intelligent-Tiering is an object storage class for data with changing access patterns, not a compute discount mechanism for EC2 instances. Option B is wrong because Dedicated Instances provide physical isolation but do not offer any discount; they are a billing configuration, not a savings plan. Option D is wrong because Spot Instances are designed for fault-tolerant, interruptible workloads and cannot guarantee continuous availability for a production log archive that must run continuously.

60
Multi-Selecthard

Multiple teams share one AWS Organization. Finance wants chargeback by project, alerts before overspend, and monthly views by account without manually opening each account. Which three actions best fit? Select three.

Select 3 answers
A.Enforce cost allocation tags on resources and activate them for billing reports.
B.Use AWS Budgets to create alerts and budget actions for each project.
C.Use Cost Explorer or Cost and Usage Reports to analyze spend by account, tag, and service.
D.Put every team in a separate AWS account and ignore tagging.
E.Use CloudTrail trails to estimate spend by resource because it records API calls.
AnswersA, B, C

Correct. Cost allocation tags are the foundation for project-level chargeback. Once activated for billing, they let finance group spend by business unit, application, or environment.

Why this answer

Option A is correct because cost allocation tags allow you to tag resources with project-specific metadata (e.g., 'Project: Alpha'), and activating them for billing reports ensures that AWS Cost Explorer and Cost and Usage Reports can group and filter costs by those tags. This directly enables chargeback by project without manual account inspection, as the tags are propagated into the billing data.

Exam trap

The trap here is that candidates may confuse CloudTrail (an API auditing service) with cost tracking tools, or assume that separate accounts alone solve chargeback without needing tags for project-level granularity.

61
MCQhard

Based on the exhibit, the company wants to lower CloudWatch and EC2 monitoring costs. Auditors require logs to be retained for 90 days, but operations only uses detailed per-instance metrics during rare troubleshooting events. Which change best reduces recurring cost while preserving the required visibility?

A.Disable CloudWatch Logs entirely and rely on application local files for 90 days.
B.Increase the number of CloudWatch alarms so that metrics are collected less expensively.
C.Set CloudWatch Logs retention to 90 days for all log groups, and switch EC2 monitoring from detailed to basic except during incidents.
D.Export all logs to Amazon S3 immediately and keep detailed monitoring enabled on every instance.
AnswerC

This directly addresses the two visible recurring cost drivers. Applying a 90-day retention policy stops indefinite log storage growth while still meeting the audit requirement. Basic monitoring is sufficient when 1-minute metrics are not required all the time, and detailed monitoring can be enabled selectively during incidents instead of paying for it across all 200 instances continuously.

Why this answer

Option C is correct because it directly addresses the two cost drivers: CloudWatch Logs storage costs are minimized by setting a 90-day retention policy (matching the audit requirement), and EC2 detailed monitoring (1-minute metrics) is replaced with basic monitoring (5-minute metrics) during normal operations, with the ability to switch back to detailed only when needed for troubleshooting. This preserves the required log retention and the ability to obtain high-resolution metrics on demand, while eliminating the recurring cost of storing logs indefinitely and paying for detailed monitoring on every instance.

Exam trap

The trap here is that candidates may think increasing alarms or exporting logs to S3 reduces costs, but they fail to recognize that detailed monitoring is a per-instance hourly charge independent of alarms, and that S3 storage and API costs can exceed CloudWatch Logs costs if not managed carefully.

How to eliminate wrong answers

Option A is wrong because disabling CloudWatch Logs entirely and relying on application local files violates the auditor's requirement for centralized, durable log retention and makes logs inaccessible if the instance fails or is terminated. Option B is wrong because increasing the number of CloudWatch alarms does not reduce metric collection costs; alarms are billed separately and do not change the underlying cost of detailed monitoring (per-instance per-minute charges). Option D is wrong because exporting logs to S3 immediately does not reduce costs—it adds S3 storage and PUT request costs—and keeping detailed monitoring enabled on every instance continues to incur the higher per-instance monitoring fee.

62
Matchinghard

Match each data-retention scenario to the most cost-effective Amazon S3 storage class. Assume the retrieval pattern and access-latency requirement are the most important constraints.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Amazon S3 Standard

Amazon S3 Standard-IA

Amazon S3 Glacier Instant Retrieval

Amazon S3 Glacier Deep Archive

Why these pairings

S3 Standard is for frequent access; Intelligent-Tiering optimizes cost for unknown patterns; Standard-IA for infrequent but rapid access; Glacier Flexible Retrieval for minutes; Glacier Deep Archive for hours.

63
Multi-Selecthard

A media company runs a 24/7 ingestion API on EC2 behind an Application Load Balancer and a nightly transcoding job that can resume from checkpoints. The API fleet runs at roughly 65 percent CPU all day, while the batch workers sit idle most of the time. The company wants to cut compute cost without risking the API. Which two changes should they make? Select two.

Select 2 answers
A.Purchase a Compute Savings Plan for the always-on API fleet.
B.Move the transcoding workers to EC2 Spot Instances and checkpoint progress.
C.Replace the API fleet with Dedicated Hosts to lock in lower rates.
D.Buy Standard Reserved Instances for the batch workers and keep them running 24/7.
E.Increase the worker Auto Scaling minimum to prevent Spot interruptions.
AnswersA, B

Correct. Compute Savings Plans discount steady usage across EC2 and other compute services without forcing a specific instance family. The API has predictable 24/7 demand, so a commitment fits the usage pattern and lowers cost safely.

Why this answer

A is correct because a Compute Savings Plan offers the largest discount (up to 66%) in exchange for a 1- or 3-year commitment to a consistent amount of compute usage (measured in $/hour), regardless of instance family, region, or OS. The API fleet runs at a steady 65% CPU 24/7, making it an ideal candidate for this flexible, cost-saving commitment without locking into a specific instance type.

Exam trap

The trap here is that candidates often confuse Dedicated Hosts with cost savings (they are for licensing, not cost reduction) and assume Reserved Instances are always the best choice for any workload, ignoring that Spot Instances are far more cost-effective for interruptible batch jobs.

64
MCQmedium

A test environment stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost?

A.Keep all logs in S3 Standard indefinitely
B.Move all logs immediately to S3 Glacier Deep Archive
C.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
D.Use EBS snapshots for the logs
AnswerC

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

Option C is correct because an S3 Lifecycle policy automates the transition of objects from S3 Standard (for frequent access) to S3 Standard-IA (infrequent access) after 30 days, then to S3 Glacier Deep Archive (for long-term retention) after one year, minimizing storage costs while maintaining data accessibility as needed.

Exam trap

The trap here is that candidates may choose immediate transition to Glacier Deep Archive (Option B) without considering the 30-day query period, failing to match the lifecycle to the access pattern described in the question.

How to eliminate wrong answers

Option A is wrong because keeping all logs in S3 Standard indefinitely incurs the highest storage cost, ignoring the cost savings from transitioning to lower-cost storage classes for data that is rarely accessed or retained for compliance. Option B is wrong because moving all logs immediately to S3 Glacier Deep Archive is impractical for logs queried frequently in the first 30 days, as retrieval times (hours) and costs would be excessive, and it violates the access pattern described. Option D is wrong because EBS snapshots are designed for block-level backups of EC2 instances, not for storing log files; they are more expensive and less suitable for object-based log storage in S3.

65
MCQmedium

A company hosts application servers in private subnets. They must access Amazon S3 and read secrets from AWS Secrets Manager, but they want to avoid internet egress. They currently use a NAT gateway and see high NAT-related costs. What change most directly reduces cost while keeping traffic on the AWS network?

A.Keep the NAT gateway and reduce instance size to lower NAT throughput charges
B.Create a Gateway VPC endpoint for S3 and an Interface VPC endpoint for Secrets Manager, then route requests via those endpoints instead of NAT
C.Switch Secrets Manager to use S3 as a storage backend so both services can use the S3 endpoint only
D.Move the private subnets to public subnets and attach an Internet Gateway to eliminate NAT
AnswerB

VPC endpoints allow private connectivity to specific AWS services without sending traffic through a NAT gateway. S3 uses a Gateway endpoint type, while Secrets Manager uses an Interface endpoint type. This directly targets and reduces NAT gateway costs while meeting the “no internet egress” requirement.

Why this answer

Option B is correct because it replaces the NAT gateway with VPC endpoints, which are free of data processing charges and keep all traffic within the AWS network. A Gateway VPC endpoint for S3 uses prefix lists and route table entries to send S3 traffic directly over the AWS backbone, while an Interface VPC endpoint for Secrets Manager uses AWS PrivateLink to provide private connectivity without internet egress. This eliminates NAT gateway hourly and data processing costs, directly addressing the cost concern.

Exam trap

The trap here is that candidates may think NAT gateway costs can be reduced by scaling down instances, or that Secrets Manager can be accessed via an S3 endpoint, when in fact VPC endpoints are the only way to eliminate NAT costs while keeping traffic private and on the AWS network.

How to eliminate wrong answers

Option A is wrong because reducing instance size does not lower NAT gateway throughput charges; NAT gateway pricing is based on hourly usage and per-GB data processing, not instance size, and the underlying instances are managed by AWS. Option C is wrong because Secrets Manager cannot use S3 as a storage backend; it is a separate managed service that stores secrets in its own encrypted infrastructure, and there is no supported configuration to route Secrets Manager traffic through an S3 endpoint. Option D is wrong because moving private subnets to public subnets and attaching an Internet Gateway would expose the application servers directly to the internet, violating security best practices and not eliminating egress costs (IGW data processing charges still apply).

66
MCQeasy

A company keeps daily database backups in an S3 bucket. They may restore from backups during the first 30 days if there is an issue. After 30 days, backups are rarely restored, but must be retained for 2 years. Which lifecycle strategy most cost-effectively meets these requirements?

A.Delete backups after 30 days to avoid storage costs, since restores are rare.
B.Keep all backups in S3 Standard for the entire 2-year retention period.
C.Use an S3 lifecycle policy to keep backups in S3 Standard for 30 days, then transition them to S3 Glacier Deep Archive for the remainder of the 2-year retention period.
D.Move backups to S3 Glacier Deep Archive immediately after creation, even for the first 30 days.
AnswerC

A lifecycle transition after the initial restore window reduces cost while still meeting the 2-year retention requirement.

Why this answer

Option C is correct because it uses an S3 lifecycle policy to store backups in S3 Standard for the first 30 days when restores are likely, then transitions them to S3 Glacier Deep Archive for the remaining retention period. S3 Glacier Deep Archive offers the lowest storage cost for long-term, rarely accessed data, making this the most cost-effective strategy while meeting the 2-year retention requirement.

Exam trap

The trap here is that candidates may choose Option A, thinking that deleting old backups saves money, but they overlook the explicit retention requirement, or they may choose Option D, assuming immediate archiving is always cheapest, without considering the need for quick access during the first 30 days.

How to eliminate wrong answers

Option A is wrong because deleting backups after 30 days violates the requirement to retain backups for 2 years. Option B is wrong because keeping all backups in S3 Standard for the entire 2 years incurs unnecessary high storage costs for data that is rarely accessed after 30 days. Option D is wrong because moving backups immediately to S3 Glacier Deep Archive would incur retrieval costs and delays (typically 12-48 hours) during the first 30 days when restores may be needed, and does not optimize for the access pattern.

67
Multi-Selecthard

A media company runs a 24/7 ingestion API on EC2 behind an Application Load Balancer and a nightly transcoding job that can resume from checkpoints. The API fleet runs at roughly 65 percent CPU all day, while the batch workers sit idle most of the time. The company wants to cut compute cost without risking the API. Which two changes should they make? Select two.

Select 2 answers
A.Purchase a Compute Savings Plan for the always-on API fleet.
B.Move the transcoding workers to EC2 Spot Instances and checkpoint progress.
C.Replace the API fleet with Dedicated Hosts to lock in lower rates.
D.Buy Standard Reserved Instances for the batch workers and keep them running 24/7.
E.Increase the worker Auto Scaling minimum to prevent Spot interruptions.
AnswersA, B

Correct. Compute Savings Plans discount steady usage across EC2 and other compute services without forcing a specific instance family. The API has predictable 24/7 demand, so a commitment fits the usage pattern and lowers cost safely.

Why this answer

A is correct because a Compute Savings Plan offers the largest discount (up to 66%) in exchange for a 1- or 3-year commitment to a consistent amount of compute usage (measured in $/hour), which perfectly matches the always-on API fleet that runs at a steady 65% CPU utilization. This plan applies to any EC2 instance family, region, or compute service (including Fargate and Lambda), giving flexibility while reducing costs for the predictable baseline load.

Exam trap

The trap here is that candidates often confuse Savings Plans with Reserved Instances, or assume Dedicated Hosts are a cost-saving measure, when in fact they are a premium isolation feature; the key is recognizing that Spot Instances are ideal for fault-tolerant, checkpointable batch workloads, while a Compute Savings Plan covers the predictable baseline without locking into a specific instance type.

68
MCQeasy

A startup has a stable production web service that runs continuously (24/7) on AWS. They have consistent compute requirements for the next 1 year, but the instance size and family might change as they optimize performance. To reduce cost while maintaining flexibility across instance types, which purchasing option should they consider?

A.Compute Savings Plans
B.Reserved Instances with a fixed instance type
C.Spot Instances
D.On-Demand Instances
AnswerA

Compute Savings Plans discount compute usage while allowing flexibility across instance families, sizes, and even some services.

Why this answer

Compute Savings Plans offer the lowest prices for EC2 compute usage (up to 66% off On-Demand) while allowing flexibility to change instance family, size, OS, and region (within a region). This matches the startup's need for consistent 1-year compute requirements with potential instance type changes during performance optimization.

Exam trap

The trap here is that candidates often choose Reserved Instances with a fixed instance type because they see a 1-year commitment, but they overlook the requirement for flexibility across instance types, which only Compute Savings Plans provide.

How to eliminate wrong answers

Option B is wrong because Reserved Instances with a fixed instance type lock you into a specific instance family and size, which contradicts the requirement for flexibility across instance types. Option C is wrong because Spot Instances are designed for fault-tolerant, interruptible workloads and are not suitable for a stable production web service that must run continuously 24/7. Option D is wrong because On-Demand Instances provide no cost savings (they are the most expensive option) and do not offer a discount for a 1-year commitment.

69
MCQmedium

A marketing site has EC2 instances that are oversized based on CPU, memory, and network utilisation. Which AWS service should identify rightsizing recommendations?

A.AWS Shield
B.AWS Compute Optimizer
C.AWS DataSync
D.AWS Artifact
AnswerB

Compute Optimizer analyses utilisation metrics and recommends rightsizing for supported resources.

Why this answer

AWS Compute Optimizer analyzes historical utilization metrics (CPU, memory, network, and storage) from CloudWatch and uses machine learning to identify over-provisioned or under-provisioned EC2 instances. It generates actionable rightsizing recommendations, including instance type changes, to optimize cost and performance. This directly addresses the scenario of oversized EC2 instances.

Exam trap

The trap here is confusing AWS Compute Optimizer with AWS Trusted Advisor, which also provides cost optimization checks but does not offer the same ML-driven, granular rightsizing recommendations for EC2 instances.

How to eliminate wrong answers

Option A is wrong because AWS Shield is a managed DDoS protection service, not a resource optimization or rightsizing tool. Option C is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS, not for analyzing instance utilization or making rightsizing recommendations. Option D is wrong because AWS Artifact is a self-service portal for downloading compliance reports and agreements (e.g., SOC, PCI), not a cost optimization or rightsizing service.

70
MCQeasy

A startup has a stable production web service that runs continuously (24/7) on AWS. They have consistent compute requirements for the next 1 year, but the instance size and family might change as they optimize performance. To reduce cost while maintaining flexibility across instance types, which purchasing option should they consider?

A.Compute Savings Plans
B.Reserved Instances with a fixed instance type
C.Spot Instances
D.On-Demand Instances
AnswerA

Compute Savings Plans discount compute usage while allowing flexibility across instance families, sizes, and even some services.

Why this answer

Compute Savings Plans offer the lowest prices (up to 66% off On-Demand) while allowing flexibility to change instance family, size, OS, and region. This matches the startup's need for consistent 1-year compute usage with potential instance type changes during optimization.

Exam trap

The trap here is that candidates often choose Reserved Instances for steady-state workloads, overlooking that Compute Savings Plans offer the same discount level with greater flexibility for instance family changes, which is explicitly required in the scenario.

How to eliminate wrong answers

Option B is wrong because Reserved Instances with a fixed instance type lock you into a specific instance family and size, which prevents the flexibility the startup needs if they change instance types during performance optimization. Option C is wrong because Spot Instances can be interrupted with a 2-minute notice, making them unsuitable for a stable production web service that must run continuously 24/7. Option D is wrong because On-Demand Instances have no upfront commitment and are the most expensive option, failing to reduce cost for predictable, steady-state workloads.

71
Multi-Selecthard

A internal reporting portal has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances? The architecture review board prefers a managed AWS-native control.

Select 2 answers
A.Disable CloudTrail logging
B.Stop all EC2 instances in the account
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Option C is correct because unattached EBS volumes incur storage costs without providing any benefit to running instances. Deleting them after verification directly reduces costs while having zero impact on running workloads. Option D is correct because snapshot lifecycle policies automate the deletion of obsolete snapshots based on age or count, eliminating manual cleanup and reducing storage costs without affecting running instances.

Exam trap

The trap here is that candidates may confuse stopping instances (which stops billing for instance hours but not for EBS storage) with a cost-saving measure, or think disabling logging reduces storage costs, when the actual savings come from removing orphaned storage resources.

72
MCQhard

Based on the exhibit, the company stores application logs in Amazon S3 for 400 days. The logs are read heavily for the first 30 days, occasionally for the next 90 days, and very rarely after that. Retrieval after day 120 can take up to several hours, but the data must remain available until day 400. Which lifecycle policy is the most cost-effective fit?

A.Keep all logs in S3 Standard for 400 days and enable requester pays to reduce the company's bill.
B.Transition logs to S3 Standard-IA after 30 days, then to S3 Glacier Flexible Retrieval after 120 days, and expire them at 400 days.
C.Transition logs directly from S3 Standard to S3 Glacier Deep Archive after 30 days and expire them at 400 days.
D.Move logs to S3 Intelligent-Tiering only and disable lifecycle transitions because access is unpredictable.
AnswerB

This follows the access pattern and the retrieval-time requirement. S3 Standard fits the heavy-read period in the first 30 days. Standard-IA is a lower-cost choice for the next 90 days when access is only occasional, and Glacier Flexible Retrieval is appropriate after day 120 because the logs are rarely read and can tolerate retrieval in hours. Expiration at day 400 satisfies the retention requirement exactly.

Why this answer

Option B is correct because it aligns the storage class transitions with the access patterns: S3 Standard for the first 30 days (heavy reads), S3 Standard-IA for the next 90 days (occasional reads), and S3 Glacier Flexible Retrieval for the remaining period (rare access, with retrieval up to several hours acceptable). This minimizes storage costs while ensuring data availability until day 400, where lifecycle expiration removes the objects.

Exam trap

The trap here is that candidates may choose Option C (S3 Glacier Deep Archive) because it is the cheapest storage class, but they overlook the occasional access requirement between days 30 and 120 and the retrieval time constraints, which make S3 Glacier Flexible Retrieval the correct choice for the final tier.

How to eliminate wrong answers

Option A is wrong because keeping all logs in S3 Standard for 400 days is the most expensive option, and enabling requester pays does not reduce the company's bill for storage costs—it only shifts the cost of data retrieval to the requester, which is irrelevant here as the company owns the data. Option C is wrong because transitioning directly from S3 Standard to S3 Glacier Deep Archive after 30 days ignores the occasional access needs between days 30 and 120; Deep Archive has a retrieval time of 12–48 hours and is not suitable for data that may be accessed occasionally, plus it incurs a minimum storage charge of 180 days. Option D is wrong because S3 Intelligent-Tiering is designed for unpredictable access patterns, but here the access pattern is predictable (heavy, occasional, rare), and disabling lifecycle transitions would prevent automatic cost optimization, leading to higher costs than a tailored lifecycle policy.

73
MCQmedium

A test environment has EC2 instances that are oversized based on CPU, memory, and network utilisation. Which AWS service should identify rightsizing recommendations?

A.AWS DataSync
B.AWS Shield
C.AWS Artifact
D.AWS Compute Optimizer
AnswerD

Compute Optimizer analyses utilisation metrics and recommends rightsizing for supported resources.

Why this answer

AWS Compute Optimizer uses machine learning to analyze historical utilization metrics (CPU, memory, network, and storage) and provides rightsizing recommendations for EC2 instances, including over-provisioned resources. It helps reduce costs by suggesting instance types or sizes that better match actual workload demands.

Exam trap

The trap here is that candidates may confuse AWS Compute Optimizer with AWS Trusted Advisor, but Trusted Advisor provides general cost optimization checks (e.g., idle instances) while Compute Optimizer delivers granular, ML-driven rightsizing recommendations for specific instance types.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS services, not a resource optimization tool. Option B is wrong because AWS Shield is a managed DDoS protection service that safeguards applications from distributed denial-of-service attacks, not a rightsizing advisor. Option C is wrong because AWS Artifact is a self-service portal for accessing AWS compliance reports and agreements, such as SOC and PCI reports, and does not provide compute optimization recommendations.

74
Multi-Selecthard

A company processes product-image uploads in bursts. Each transform takes up to ten minutes, and every job can be retried safely from the beginning. The current EC2 worker fleet is idle most of the day. Which two changes most reduce cost and idle capacity? Select two.

Select 2 answers
A.Buffer jobs in Amazon SQS and let workers scale from queue depth.
B.Run the workers on AWS Fargate Spot, since interruptions are acceptable.
C.Keep a fixed fleet of m6i.large instances in an Auto Scaling group with a higher minimum.
D.Use Reserved Instances for the workers even though demand is highly bursty.
E.Process uploads only during a nightly window so the fleet looks busier.
AnswersA, B

Correct. SQS decouples uploads from processing and smooths bursty demand. Queue depth is a practical scaling signal, so the company avoids paying for idle workers while still absorbing traffic spikes.

Why this answer

Option A is correct because Amazon SQS decouples the bursty upload workload from the worker fleet. By using SQS queue depth as the metric for an Auto Scaling policy, workers scale up only when jobs are waiting and scale down to zero during idle periods, eliminating wasted capacity. This directly reduces cost by matching compute resources to actual demand.

Exam trap

The trap here is that candidates may think a fixed fleet or Reserved Instances are cheaper for predictable workloads, but they overlook that bursty, idle-heavy patterns require elastic scaling and spot pricing to truly minimize cost.

75
MCQeasy

A company stores compliance reports in Amazon S3. Objects are written once and rarely accessed. They need to keep the data for 3 years. When retrieval is needed for an audit, the reports can be restored within hours (not minutes). What storage class should the company use for new objects, assuming minimal operational overhead?

A.S3 Standard
B.S3 Glacier Flexible Retrieval
C.S3 Intelligent-Tiering
D.S3 Glacier Deep Archive
AnswerB

Glacier Flexible Retrieval is designed for infrequent access with retrieval typically on the order of hours.

Why this answer

S3 Glacier Flexible Retrieval is the correct choice because it offers retrieval times of minutes to hours (typically 1–5 minutes for expedited, 3–5 hours for standard), which aligns with the 'within hours' requirement. It is designed for data that is rarely accessed but must be retained for long periods (3 years), and it provides a low-cost storage class with minimal operational overhead since objects can be transitioned via lifecycle policies or stored directly.

Exam trap

The trap here is that candidates often confuse 'Glacier Deep Archive' as the cheapest option for long-term storage, but fail to consider the retrieval time constraint of 12–48 hours, which violates the 'within hours' requirement, making S3 Glacier Flexible Retrieval the correct balance of cost and retrieval speed.

How to eliminate wrong answers

Option A is wrong because S3 Standard is optimized for frequently accessed data with millisecond retrieval, which is unnecessary and cost-inefficient for rarely accessed compliance reports stored for 3 years. Option C is wrong because S3 Intelligent-Tiering automatically moves objects between access tiers based on usage patterns, but it incurs a monthly monitoring fee per object and is not cost-optimal for data that is written once and never accessed again, as it would remain in the infrequent access tier without savings over Glacier Flexible Retrieval. Option D is wrong because S3 Glacier Deep Archive has a retrieval time of 12–48 hours, which exceeds the 'within hours' requirement and would not meet the audit retrieval window.

Page 1 of 3 · 202 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Design Cost-Optimized Architectures questions.