CCNA Design Cost Questions

75 of 202 questions · Page 2/3 · Design Cost topic · Answers revealed

76
MCQeasy

A company stores compliance reports in Amazon S3. Objects are written once and rarely accessed. They need to keep the data for 3 years. When retrieval is needed for an audit, the reports can be restored within hours (not minutes). What storage class should the company use for new objects, assuming minimal operational overhead?

A.S3 Standard
B.S3 Glacier Flexible Retrieval
C.S3 Intelligent-Tiering
D.S3 Glacier Deep Archive
AnswerB

Glacier Flexible Retrieval is designed for infrequent access with retrieval typically on the order of hours.

Why this answer

S3 Glacier Flexible Retrieval is the correct choice because it is designed for long-term archival data that is rarely accessed, with retrieval times ranging from minutes to hours. It offers a lower storage cost than S3 Standard while still meeting the 3-year retention requirement and the acceptable retrieval window of 'within hours'. This minimizes operational overhead as objects are automatically transitioned to the appropriate storage tier without manual lifecycle management.

Exam trap

The trap here is that candidates often confuse S3 Glacier Deep Archive with S3 Glacier Flexible Retrieval, assuming both have similar retrieval times, but Deep Archive requires 12+ hours for standard retrievals, which fails the 'within hours' constraint.

How to eliminate wrong answers

Option A is wrong because S3 Standard is optimized for frequently accessed data with millisecond retrieval, making it unnecessarily expensive for data that is rarely accessed and only needed for audits. Option C is wrong because S3 Intelligent-Tiering is designed for data with unknown or changing access patterns and incurs a monthly monitoring fee per object, which adds operational overhead and cost for a workload where access patterns are known (rare access). Option D is wrong because S3 Glacier Deep Archive has a retrieval time of 12 hours or more, which exceeds the 'within hours' requirement and would not meet the audit retrieval window.

77
MCQmedium

A batch analytics job runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost? The architecture review board prefers a managed AWS-native control.

A.On-Demand Instances only
B.Dedicated Hosts
C.Spot Instances
D.Provisioned IOPS volumes
AnswerC

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances are correct because the batch job is fault-tolerant (can be interrupted and restarted) and runs for several hours each night, making it an ideal candidate for Spot Instances, which offer up to 90% cost savings compared to On-Demand. AWS-managed services like EC2 Auto Scaling or Amazon EMR can automatically handle Spot Instance interruptions by replacing instances or checkpointing the job, aligning with the architecture review board's preference for a managed AWS-native control.

Exam trap

The trap here is that candidates may choose On-Demand Instances (Option A) due to a misconception that Spot Instances are unreliable for any workload, failing to recognize that fault-tolerant, interruptible jobs like batch processing are exactly the use case for which Spot Instances are designed and recommended for cost optimization.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances provide no interruption but are significantly more expensive than Spot Instances for fault-tolerant workloads, failing to minimize cost. Option B is wrong because Dedicated Hosts are designed for licensing or compliance requirements (e.g., per-socket or per-core licensing) and are the most expensive option, not cost-optimal for a batch job that can tolerate interruptions. Option D is wrong because Provisioned IOPS volumes are a storage type (EBS), not an EC2 purchasing option, and thus irrelevant to the question of minimizing compute cost.

78
MCQmedium

An application runs on EC2 in us-east-1 and frequently reads objects from an S3 bucket that is physically located in us-west-2. The finance team reports unexpectedly high inter-Region data transfer charges because the application retrieves objects for many user requests. A constraint: the bucket in us-west-2 must remain the system of record for compliance, but the application can read from a replica in us-east-1. What should the solutions architect do to minimize network spend while meeting the compliance constraint?

A.Enable S3 Cross-Region Replication from the us-west-2 source bucket to a destination bucket in us-east-1, and update the app to read from the us-east-1 bucket.
B.Create an interface VPC endpoint for S3 in us-east-1 and keep all object reads pointing to the us-west-2 bucket.
C.Use VPC peering between two regions and route all requests to the us-west-2 bucket over the peering link.
D.Use Route 53 latency-based routing to send users to a us-west-2 web endpoint and keep the S3 bucket unchanged.
AnswerA

CRR keeps the west bucket as the source of record while creating a near-region copy to reduce inter-Region transfer on reads.

Why this answer

Option A is correct because enabling S3 Cross-Region Replication (CRR) automatically copies objects from the us-west-2 source bucket to a destination bucket in us-east-1, satisfying the compliance requirement that the us-west-2 bucket remains the system of record. By updating the application to read from the us-east-1 replica, all data retrieval traffic stays within the same region, eliminating inter-Region data transfer charges (which are typically $0.02/GB for S3 GET requests across regions). This approach directly addresses the cost issue while preserving the original bucket as the authoritative source.

Exam trap

The trap here is that candidates may assume VPC endpoints or peering can magically route S3 traffic within a region, but S3 is a regional service and inter-Region data transfer charges apply regardless of the network path used.

How to eliminate wrong answers

Option B is wrong because an interface VPC endpoint for S3 in us-east-1 does not change the physical location of the bucket; the application would still read from the us-west-2 bucket, incurring inter-Region data transfer charges for each request. Option C is wrong because VPC peering does not support inter-Region traffic for S3; S3 is a regional service accessed via public endpoints or gateway endpoints, and VPC peering does not route S3 traffic through the peering link—it would still traverse the public internet or require a NAT gateway, incurring the same or higher costs. Option D is wrong because Route 53 latency-based routing only directs user traffic to a web endpoint in us-west-2, but the application still reads from the same us-west-2 bucket, so inter-Region data transfer charges persist; this option does not create a local replica or reduce cross-region traffic.

79
MCQeasy

A web service runs continuously on AWS 24/7. The team expects steady compute usage for the next 12–24 months, but may change instance families/sizes as performance tuning continues. Which purchase option best reduces cost while keeping flexibility to change instance types?

A.Buy EC2 On-Demand instances and rely on future Spot capacity for discounts
B.Use Compute Savings Plans for the expected steady usage
C.Buy Reserved Instances with a fixed instance type and region
D.Buy Spot Instances and stop scaling to avoid interruption risk
AnswerB

Compute Savings Plans provide a discounted hourly rate in exchange for a commitment. They are the most flexible Savings Plans option and can apply across EC2 usage regardless of instance family or size changes, so the team can continue tuning instance types while still receiving discounted pricing for the committed usage.

Why this answer

Compute Savings Plans offer the lowest prices (up to 66% off On-Demand) in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term. Unlike Reserved Instances, they automatically apply to any EC2 instance family, size, OS, or region, giving you the flexibility to change instance types as performance tuning evolves, while still reducing costs for steady-state workloads.

Exam trap

The trap here is that candidates often confuse Reserved Instances (which lock instance family) with Savings Plans (which offer flexibility across families), leading them to choose Option C because they think 'Reserved' is the only way to get a discount for steady usage.

How to eliminate wrong answers

Option A is wrong because On-Demand instances provide no discount for steady 24/7 usage, and Spot capacity is not suitable for continuous workloads due to potential interruptions (Spot instances can be reclaimed with a 2-minute warning). Option C is wrong because Reserved Instances lock you into a specific instance family and region (e.g., m5.large in us-east-1), removing the flexibility to change instance types during performance tuning. Option D is wrong because Spot Instances are designed for fault-tolerant, interruptible workloads; relying on them for a continuous 24/7 service risks abrupt termination, and stopping scaling does not eliminate interruption risk.

80
Multi-Selectmedium

A development team stores application logs in CloudWatch Logs and has enabled detailed EC2 monitoring on every instance. Auditors only require 90 days of logs, and operations only needs 5-minute instance metrics. Which three changes would most directly reduce recurring monitoring costs while still meeting those requirements? Select three.

Select 3 answers
A.Set CloudWatch Logs retention to 90 days.
B.Use standard EC2 monitoring instead of detailed monitoring where 1-minute metrics are unnecessary.
C.Export older logs to Amazon S3 and use an S3 lifecycle policy for long-term archive.
D.Keep CloudWatch Logs retention set to Never Expire.
E.Enable high-resolution custom metrics for every request.
AnswersA, B, C

Applying a retention policy prevents CloudWatch Logs from storing data indefinitely. Because the auditors only require 90 days, this removes unnecessary log-storage charges beyond the compliance window without losing required history.

Why this answer

Option A is correct because setting CloudWatch Logs retention to 90 days ensures logs are automatically deleted after the required period, eliminating storage costs for older data. By default, logs never expire, which would incur ongoing charges for data beyond the audit requirement. This directly reduces recurring costs by limiting the log data stored.

Exam trap

The trap here is that candidates might think 'Never Expire' is safe for compliance, but it actually increases costs by retaining data indefinitely, while the requirement is only 90 days; also, high-resolution metrics sound useful but are an unnecessary expense when only 5-minute metrics are needed.

81
MCQmedium

A startup runs a mix of workloads using both EC2 instances and AWS Lambda functions. Over the next 12 months, the team expects the overall level of compute usage to be fairly steady, but they may change EC2 instance types for performance tuning and they may add or remove Lambda functions. They want the lowest-cost commitment that will discount *both* EC2 and Lambda usage without requiring them to commit to a specific EC2 instance family (or a fixed instance type). Which AWS option best meets this requirement?

A.Purchase an EC2 Instance Reserved Instance for the current instance family only, and rely on On-Demand pricing for Lambda and any future EC2 types.
B.Purchase a Compute Savings Plan with a 1-year term for the expected average hourly spend across both EC2 and Lambda.
C.Purchase a Standard Reserved Instance for a specific Region and use it only to reduce network egress/transfer charges.
D.Use EC2 Spot for EC2 workloads and keep Lambda on-demand, because Spot will automatically discount Lambda too.
AnswerB

Compute Savings Plans provide discounts on eligible compute usage for EC2 and AWS Lambda (among other services) based on a committed $/hour amount. They do not require committing to a specific instance family/type, and they allow the team to change EC2 instance types and adjust which Lambda functions run while still receiving the discount.

Why this answer

B is correct because a Compute Savings Plan offers the lowest cost commitment that covers both EC2 and Lambda usage, with flexibility to change instance families, sizes, regions (within the same AWS organization), and even switch between EC2 and Fargate. It applies a consistent hourly discount to compute usage up to the committed amount, regardless of instance type or compute service, meeting the startup's need for a steady workload with potential changes.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with EC2 Instance Savings Plans or Reserved Instances, assuming any 'Savings Plan' requires a specific instance family, when in fact Compute Savings Plans offer the broadest flexibility across EC2, Lambda, and Fargate.

How to eliminate wrong answers

Option A is wrong because purchasing an EC2 Instance Reserved Instance locks the discount to a specific instance family and size, and does not cover Lambda usage, forcing the startup to pay On-Demand for Lambda and any new EC2 types. Option C is wrong because Standard Reserved Instances are for EC2 compute capacity, not network egress/transfer charges, and they still require a specific instance family commitment. Option D is wrong because EC2 Spot Instances provide discounts only for EC2, not Lambda, and they are interruptible, making them unsuitable for steady workloads; they also do not offer a committed discount across both services.

82
MCQmedium

An S3 bucket stores user-uploaded media. Most objects are never read again, but compliance requires keeping them for at least 18 months. Retrieval is rare and typically only needed during investigations. The current design keeps everything in S3 Standard, increasing storage cost. Which configuration best optimizes cost while meeting the retention and rare-access requirements?

A.Move all objects to S3 Glacier Instant Retrieval immediately upon upload and disable lifecycle policies.
B.Use an S3 lifecycle policy to transition objects to S3 Glacier Deep Archive after 30 days, and expire them after 18 months.
C.Keep objects in S3 Standard but compress them with a custom process to reduce storage size.
D.Enable S3 Intelligent-Tiering for all objects and delete any object not accessed within 24 hours.
AnswerB

Lifecycle policies can automatically move data to lower-cost storage classes after it becomes infrequently accessed. Because reads are rare and required only during investigations, Glacier Deep Archive is a strong cost-optimization choice. Setting expiration after 18 months ensures compliance retention is met.

Why this answer

Option B is correct because S3 Glacier Deep Archive offers the lowest storage cost for data that is rarely accessed and has a flexible retrieval time (12 hours for standard retrievals). The lifecycle policy transitions objects after 30 days to minimize Standard costs, and expiration after 18 months ensures compliance by deleting objects exactly when the retention period ends, avoiding manual cleanup.

Exam trap

The trap here is that candidates often choose S3 Glacier Instant Retrieval (Option A) thinking it balances cost and retrieval speed, but they overlook that Deep Archive is far cheaper for data that is almost never accessed, and that disabling lifecycle policies removes the ability to automate retention management.

How to eliminate wrong answers

Option A is wrong because moving all objects to S3 Glacier Instant Retrieval immediately increases cost unnecessarily (Instant Retrieval is more expensive than Deep Archive for data that is rarely accessed) and disabling lifecycle policies prevents automated cost optimization. Option C is wrong because compressing objects in S3 Standard does not reduce the storage cost enough to match the savings of transitioning to a cold storage class, and it adds custom processing overhead without addressing the rare-access requirement. Option D is wrong because S3 Intelligent-Tiering is designed for unpredictable access patterns, not for data that is almost never read, and deleting objects not accessed within 24 hours violates the 18-month compliance retention requirement.

83
MCQmedium

A production internal reporting portal runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy? The architecture review board prefers a managed AWS-native control.

A.Spot Instances only
B.Dedicated Instances
C.Compute Savings Plan
D.S3 Intelligent-Tiering
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

The Compute Savings Plan offers the largest discount (up to 66%) in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term, while retaining flexibility across instance families, regions, and compute services (EC2, Fargate, Lambda). This matches the requirement for a discount on predictable three-year usage with instance-family flexibility, and it is a managed AWS-native purchasing option.

Exam trap

The trap here is that candidates often confuse Savings Plans with Reserved Instances, assuming that Reserved Instances (which lock to a specific instance family) are the only way to get a discount, but the question explicitly requires instance-family flexibility, making the Compute Savings Plan the correct choice.

How to eliminate wrong answers

Option A is wrong because Spot Instances provide no discount commitment and can be interrupted with a 2-minute notice, making them unsuitable for a continuously running production portal. Option B is wrong because Dedicated Instances are a physical isolation model that incurs additional costs (per instance or per region) and does not inherently provide a discount; they are for compliance or licensing needs, not cost savings. Option D is wrong because S3 Intelligent-Tiering is a storage class for data with changing access patterns, not a compute pricing model, and it does not apply to EC2 instances or provide a discount on compute usage.

84
Multi-Selectmedium

An application team sees that a fleet of EC2 instances averages 15% CPU utilization and has no memory pressure. The service must keep running continuously, but the team wants to lower cost with minimal risk. Which two actions should they take first? Select two.

Select 2 answers
A.Use Compute Optimizer recommendations to identify a smaller instance type.
B.Update the launch template or Auto Scaling group to the smaller instance type after testing.
C.Move the workload to Dedicated Hosts.
D.Add a second NAT Gateway.
E.Enable Provisioned Concurrency for the EC2 workload.
AnswersA, B

Compute Optimizer analyzes historical utilization and suggests instance sizes that better match actual demand. That makes it a low-risk first step for finding a cheaper right-sized option before changing production capacity.

Why this answer

AWS Compute Optimizer analyzes historical utilization metrics (CPU, memory, network) and provides rightsizing recommendations. Since the fleet averages only 15% CPU with no memory pressure, downsizing to a smaller instance type reduces cost without impacting performance. This is the first step to identify the optimal instance family and size.

Exam trap

The trap here is that candidates may confuse Provisioned Concurrency (Lambda-only) with EC2 features, or assume Dedicated Hosts are cost-saving when they actually increase cost for most workloads.

85
Multi-Selectmedium

A media company stores application logs in S3. The logs must be kept for 400 days. They are read heavily for the first 30 days, occasionally for the next 90 days, and almost never after that. Retrieval after the first 3 months can wait a few hours. Which three lifecycle actions should they use to minimize storage cost? Select three.

Select 3 answers
A.Transition objects to S3 Standard-IA after 30 days.
B.Transition objects to S3 Glacier Flexible Retrieval after 90 days.
C.Expire objects after 400 days.
D.Keep all objects in S3 Standard for the full retention period.
E.Transition objects to S3 One Zone-IA after 30 days.
AnswersA, B, C

Standard-IA is appropriate once logs are no longer read frequently but still need fast retrieval. Moving after the heavy-access period lowers storage cost while keeping objects available for occasional reads.

Why this answer

Option A is correct because after the initial 30-day period of heavy reads, transitioning objects to S3 Standard-IA reduces storage costs while still providing low-latency retrieval for the occasional access needed over the next 90 days. S3 Standard-IA is designed for data accessed infrequently but requires rapid access when needed, making it cost-effective for this usage pattern.

Exam trap

The trap here is that candidates may confuse S3 One Zone-IA with Standard-IA, not realizing that One Zone-IA lacks the multi-AZ resilience and is not appropriate for logs that must be retained for compliance or occasional retrieval.

86
MCQmedium

A SaaS company uses an S3 bucket for database backups created daily. Backups are rarely restored; the company’s documented RTO is 24 hours, and the compliance policy requires backups be kept for 90 days. The team currently stores all backups in S3 Standard, which is costly. Which single lifecycle policy change is most cost-optimized while still meeting the 24-hour RTO and 90-day retention?

A.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Flexible Retrieval, and keep them until day 90.
B.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Instant Retrieval, and keep them until day 90.
C.Add a lifecycle rule to transition backups older than 1 day to S3 Glacier Deep Archive, and keep them until day 90 with no restore configuration.
D.Add a lifecycle rule to transition backups older than 1 day to S3 One Zone-IA, and delete them after 7 days.
AnswerA

Glacier Flexible Retrieval is intended for backups with infrequent access and supports restores within an RTO measured in hours.

Why this answer

Option A is correct because S3 Glacier Flexible Retrieval provides retrieval times from minutes to hours, which meets the 24-hour RTO, and offers significant cost savings over S3 Standard for data that is rarely accessed. Transitioning backups older than 1 day to this storage class reduces costs while retaining them for the required 90-day compliance period.

Exam trap

The trap here is that candidates may choose S3 Glacier Deep Archive for maximum cost savings without verifying that its retrieval time (12–48 hours) can exceed the 24-hour RTO, or they may overlook that S3 Glacier Instant Retrieval is not the most cost-effective option for data that is restored only rarely.

How to eliminate wrong answers

Option B is wrong because S3 Glacier Instant Retrieval is designed for data accessed once a quarter with millisecond retrieval, but it is more expensive than S3 Glacier Flexible Retrieval and not the most cost-optimized choice for backups restored only rarely within a 24-hour RTO. Option C is wrong because S3 Glacier Deep Archive has a retrieval time of 12–48 hours, which may exceed the 24-hour RTO, and the option lacks a restore configuration, making it non-compliant with the RTO requirement. Option D is wrong because S3 One Zone-IA does not provide the durability or availability needed for critical backups, and deleting backups after 7 days violates the 90-day retention policy.

87
Matchinghard

Match each workload to the AWS pricing option that most directly minimizes cost while still meeting the stated flexibility requirements. Use each option once.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Compute Savings Plan

Standard Reserved Instance

Spot Instances

On-Demand Instances

Why these pairings

Spot Instances are cheapest for fault-tolerant workloads; Reserved Instances offer discounts for steady usage; On-Demand is flexible for short tests; Savings Plans provide lower rates for committed use; Dedicated Hosts meet compliance for strict workloads.

88
MCQmedium

A dev sandbox runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost? The architecture review board prefers a managed AWS-native control.

A.On-Demand Instances only
B.Spot Instances
C.Dedicated Hosts
D.Provisioned IOPS volumes
AnswerB

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances are ideal for fault-tolerant, interruptible workloads like a nightly dev sandbox because they offer up to 90% cost savings over On-Demand. Since the job can be interrupted and restarted, Spot Instances provide the lowest cost while still being a fully managed AWS-native option.

Exam trap

The trap here is that candidates may choose On-Demand Instances assuming they are the simplest managed option, overlooking that Spot Instances are also fully managed and significantly cheaper for interruptible workloads.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are not the most cost-effective choice for an interruptible workload; they charge a fixed hourly rate with no discount, leading to higher costs than Spot Instances. Option C is wrong because Dedicated Hosts are a physical server dedicated to your use, incurring significant additional costs and are intended for licensing or compliance needs, not cost minimization for a transient dev sandbox. Option D is wrong because Provisioned IOPS volumes are a storage type (EBS), not an EC2 purchasing option, and they do not directly address compute cost optimization.

89
Multi-Selecthard

A internal reporting portal has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances? The design must avoid adding custom operational scripts.

Select 2 answers
A.Disable CloudTrail logging
B.Stop all EC2 instances in the account
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Option C is correct because deleting unattached EBS volumes directly reduces storage costs without impacting running instances, as these volumes are not in use. Option D is correct because snapshot lifecycle policies automate the deletion of obsolete snapshots, eliminating manual cleanup and reducing storage costs without custom scripts.

Exam trap

The trap here is that candidates might think stopping instances or disabling CloudTrail saves costs, but these actions either disrupt operations or target unrelated services, while the real savings come from cleaning up orphaned storage resources.

90
MCQeasy

A team stores application logs in Amazon S3. They need access to the logs only occasionally for troubleshooting (infrequent access), and they want to reduce storage cost automatically over time without manually moving objects. What should they implement?

A.An S3 lifecycle policy that transitions objects to a lower-cost storage class after a set number of days
B.An S3 lifecycle policy that deletes objects after 1 day to eliminate storage costs
C.An S3 lifecycle policy that keeps all objects in S3 Standard and only applies compression at read time
D.A policy that changes bucket encryption from SSE-S3 to SSE-KMS to reduce storage cost
AnswerA

S3 lifecycle policies can automatically transition objects based on age to storage classes priced for infrequent access (for example, Standard-IA or Glacier-based classes). This preserves the data for later troubleshooting while lowering storage cost as objects become older.

Why this answer

Option A is correct because an S3 lifecycle policy can automatically transition objects from S3 Standard to lower-cost storage classes (e.g., S3 Standard-IA, S3 One Zone-IA, or S3 Glacier Instant Retrieval) after a specified number of days. This meets the requirement of reducing storage costs over time for infrequently accessed logs without manual intervention, as the policy automates the movement based on object age.

Exam trap

The trap here is that candidates may confuse lifecycle policies with deletion policies, thinking that deleting objects after a short period (Option B) is a valid cost-saving strategy, but the question explicitly requires retaining logs for occasional troubleshooting, so deletion is not appropriate.

How to eliminate wrong answers

Option B is wrong because deleting objects after 1 day would permanently remove logs needed for occasional troubleshooting, eliminating the data entirely rather than reducing storage cost while retaining access. Option C is wrong because S3 does not apply compression at read time; compression must be applied before upload or via a separate process, and keeping all objects in S3 Standard would not reduce costs for infrequent access. Option D is wrong because changing bucket encryption from SSE-S3 to SSE-KMS does not reduce storage cost; SSE-KMS incurs additional per-request charges and does not affect storage class pricing.

91
MCQmedium

A internal reporting portal serves infrequently accessed user documents that must be available immediately when requested. Which S3 storage class is likely the best cost fit?

A.Instance store volumes
B.S3 Glacier Deep Archive
C.S3 Standard for all objects
D.S3 Standard-IA or S3 One Zone-IA depending on resilience requirements
AnswerD

Infrequent Access classes reduce storage cost while keeping millisecond retrieval.

Why this answer

S3 Standard-IA or S3 One Zone-IA is the best cost fit because the data is infrequently accessed but must be available immediately when requested. These storage classes offer low-latency retrieval (milliseconds) at a lower storage cost than S3 Standard, with the trade-off of a retrieval fee. The choice between Standard-IA and One Zone-IA depends on whether the application requires resilience against Availability Zone failures.

Exam trap

The trap here is that candidates may choose S3 Standard for all objects because they assume 'immediately available' requires the highest performance tier, overlooking that Standard-IA and One Zone-IA offer identical retrieval latency at a lower storage cost for infrequently accessed data.

How to eliminate wrong answers

Option A is wrong because instance store volumes are ephemeral block storage attached to EC2 instances, not an S3 storage class, and data is lost if the instance is stopped or terminated. Option B is wrong because S3 Glacier Deep Archive has retrieval times of 12–48 hours, which does not meet the 'immediately available' requirement. Option C is wrong because S3 Standard is designed for frequently accessed data and would incur higher storage costs for infrequently accessed objects, making it less cost-optimal than Standard-IA or One Zone-IA.

92
MCQeasy

Your global users access static images stored in S3. Origin bandwidth costs are higher than expected because CloudFront is not caching effectively. What change most directly reduces origin fetches (and typically lowers data transfer costs) without changing application logic?

A.Configure CloudFront caching by setting appropriate cache-control headers and/or CloudFront cache policy/TTL values for the static objects
B.Disable CloudFront caching so every request goes back to S3 for the latest image
C.Route users directly to the S3 website endpoint to bypass CloudFront
D.Turn on a NAT Gateway for the CloudFront origin to reduce bandwidth charges
AnswerA

CloudFront reduces origin fetches when responses are cacheable and allowed to remain in the edge cache for a meaningful duration. Ensuring the objects include correct cache-control headers (or configuring CloudFront cache policy TTLs) increases cache hit rate, so fewer requests require fetching from S3 origin. This directly reduces origin bandwidth and related data transfer costs.

Why this answer

The high origin bandwidth costs are caused by CloudFront not caching effectively, meaning too many requests reach the S3 origin. By configuring appropriate Cache-Control headers or a CloudFront cache policy with optimal TTL values, you ensure that CloudFront caches the static images at edge locations for longer periods. This directly reduces the number of origin fetches, lowering data transfer costs without any changes to the application logic.

Exam trap

The trap here is that candidates may think disabling caching or bypassing CloudFront entirely will reduce costs, when in fact the opposite is true—effective caching is the key to reducing origin fetches and lowering data transfer costs.

How to eliminate wrong answers

Option B is wrong because disabling CloudFront caching would force every request to go back to the S3 origin, increasing origin fetches and bandwidth costs, which is the opposite of the desired outcome. Option C is wrong because routing users directly to the S3 website endpoint bypasses CloudFront entirely, eliminating caching benefits and likely increasing costs due to direct S3 data transfer and request pricing. Option D is wrong because a NAT Gateway is used for outbound internet access from private subnets in a VPC, not for reducing bandwidth charges between CloudFront and an S3 origin; it would add unnecessary cost and complexity.

93
MCQmedium

A team runs an EC2-based service and ships logs to Amazon CloudWatch Logs. They enabled long log retention and turned on detailed monitoring to improve troubleshooting. Their monthly CloudWatch costs have grown unexpectedly. Compliance requires that the logs remain available in CloudWatch Logs (for querying and audits) for 90 days, and alerts/alarms do not require detailed EC2 monitoring. What change best reduces cost while meeting requirements?

A.Keep the current long retention and detailed monitoring; reduce the log volume by sampling 10% of events
B.Set the CloudWatch Logs retention to 90 days and disable detailed EC2 monitoring (use standard monitoring) for the instances
C.Move all logs to S3 immediately and delete the CloudWatch log groups to reduce costs
D.Increase CloudWatch alarm thresholds to reduce the number of metric datapoints
AnswerB

CloudWatch Logs storage costs are driven primarily by retention period. Setting retention to exactly 90 days reduces storage cost while meeting compliance. Disabling detailed EC2 monitoring reduces the number/granularity of metrics (detailed is billed more than standard), lowering monitoring cost without impacting alarms that don’t require high-resolution metrics.

Why this answer

Option B reduces costs by setting CloudWatch Logs retention to exactly 90 days (meeting compliance) and disabling detailed monitoring (which incurs per-minute metrics charges) in favor of standard 5-minute monitoring. This directly addresses the two main cost drivers—long retention and detailed EC2 monitoring—while preserving the required 90-day log availability for queries and audits.

Exam trap

The trap here is that candidates may think sampling logs or moving them to S3 is acceptable, but the requirement explicitly states logs must remain available in CloudWatch Logs for querying and audits, making those options non-compliant.

How to eliminate wrong answers

Option A is wrong because sampling only 10% of log events would lose critical data for troubleshooting and audits, violating the compliance requirement that logs remain available for 90 days. Option C is wrong because moving logs to S3 immediately and deleting CloudWatch log groups would remove the ability to query logs in CloudWatch Logs Insights, breaking the requirement that logs remain available in CloudWatch Logs for querying. Option D is wrong because increasing alarm thresholds does not reduce the number of metric datapoints collected; detailed monitoring still sends per-minute metrics, and thresholds only affect when alarms trigger, not the volume of data ingested or stored.

94
Multi-Selecthard

A product catalog system uses a relational database for orders and a simple key-value profile store for shopping carts. Traffic is unpredictable, and the company wants to avoid paying for large idle database instances. Which two choices are best? Select two.

Select 2 answers
A.Use Aurora Serverless v2 for the relational order system.
B.Use DynamoDB on-demand capacity for the shopping-cart profile store.
C.Keep both workloads on large provisioned RDS instances and add read replicas for the cart store.
D.Use DynamoDB provisioned capacity with a fixed minimum despite the unpredictable traffic.
E.Replace the relational order system with a wide-column table to reduce SQL licensing.
AnswersA, B

Correct. Aurora Serverless v2 is designed for variable relational workloads because capacity can scale without constantly paying for a large fixed instance. It preserves SQL features while reducing idle overprovisioning.

Why this answer

Aurora Serverless v2 automatically scales compute and memory capacity based on application demand, making it ideal for unpredictable traffic. It eliminates the need to provision for peak load, reducing costs by scaling to zero when idle. This matches the requirement to avoid paying for large idle database instances.

Exam trap

The trap here is that candidates may choose provisioned capacity (Option D) thinking it is cheaper, but for unpredictable traffic, on-demand avoids over-provisioning costs, and Aurora Serverless v2 is the relational equivalent of this elastic model.

95
MCQmedium

A dev sandbox has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity? The architecture review board prefers a managed AWS-native control.

A.Reserved capacity for maximum daily traffic
B.Provisioned capacity set for peak traffic
C.DynamoDB on-demand capacity mode
D.Global tables in every Region
AnswerC

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode (Option C) is ideal for unpredictable traffic with long idle periods and spikes because it automatically scales to handle workload demands without requiring any capacity planning. You pay only for the reads and writes you perform, eliminating the cost of idle provisioned capacity and the operational overhead of managing scaling thresholds.

Exam trap

The trap here is that candidates may confuse 'Reserved capacity' (an EC2/RDS concept) with DynamoDB pricing, or assume Provisioned capacity is always cheaper without considering the cost of idle resources in unpredictable workloads.

How to eliminate wrong answers

Option A is wrong because Reserved capacity is not a DynamoDB pricing model; it applies to Amazon RDS and EC2, not DynamoDB, and would lock you into a fixed cost regardless of usage. Option B is wrong because Provisioned capacity set for peak traffic would require you to pay for the peak capacity even during idle periods, leading to wasted cost and manual scaling adjustments. Option D is wrong because Global tables are a replication feature for multi-Region active-active setups, not a capacity mode; they add complexity and cost without addressing the need to avoid paying for idle provisioned capacity.

96
MCQmedium

A marketing site runs on x86 EC2 instances and uses open-source software with no architecture-specific licensing restriction. What should be evaluated to reduce compute cost? The design must avoid adding custom operational scripts.

A.Cross-Region data replication for all data
B.io2 Block Express volumes for all instances
C.AWS Graviton-based instances after performance testing
D.Dedicated Hosts by default
AnswerC

Graviton instances often provide better price performance for compatible workloads.

Why this answer

Option C is correct because AWS Graviton-based instances (ARM architecture) offer up to 40% better price-performance compared to comparable x86 instances for many workloads. Since the marketing site uses open-source software with no architecture-specific licensing restrictions, migrating to Graviton after performance testing can significantly reduce compute costs without requiring custom operational scripts, as the OS and software can be recompiled for ARM natively.

Exam trap

The trap here is that candidates may assume Dedicated Hosts (Option D) are a cost-saving measure, but they actually increase costs unless you have specific licensing needs, and they violate the 'no custom operational scripts' constraint by requiring manual host management.

How to eliminate wrong answers

Option A is wrong because Cross-Region data replication increases data transfer and storage costs, and it does not reduce compute costs; it is a disaster recovery or latency optimization strategy, not a cost-saving measure for compute. Option B is wrong because io2 Block Express volumes are high-performance, high-cost SSD volumes designed for latency-sensitive workloads like databases, not for reducing compute costs; they would increase storage costs without affecting compute efficiency. Option D is wrong because Dedicated Hosts are a licensing option that incurs additional per-host charges and are only cost-effective for specific scenarios like bring-your-own-license (BYOL) software with socket/core restrictions; they do not reduce compute costs for open-source software and would increase operational overhead.

97
Matchinghard

Match each workload to the most cost-effective compute model or service choice. Focus on how often the workload runs, whether it is interruption-tolerant, and how much administration the team wants to avoid.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

AWS Lambda

Amazon ECS on AWS Fargate

EC2 Spot Instances

EC2 On-Demand Instances

Why these pairings

Lambda is ideal for short, frequent tasks; Batch on Fargate for nightly jobs; Spot Instances for fault-tolerant workloads; On-Demand for stateful; ECS Fargate reduces management; Auto Scaling for variable traffic.

98
MCQhard

Based on the exhibit, the team wants to minimize compute cost for a workload with a steady 24/7 baseline and a separate nightly batch job that can be interrupted and resumed from checkpoints. They also expect to change EC2 instance families during the year as performance needs evolve. Which approach is the best fit?

A.Buy EC2 Instance Savings Plans for the baseline and run the nightly batch on On-Demand instances.
B.Use a Compute Savings Plan to cover the steady baseline and run the nightly batch on Spot Instances.
C.Purchase Standard Reserved Instances for all 12 instances and keep the current families fixed.
D.Run both tiers entirely on Spot Instances and rely on automatic restarts for the baseline web tier.
AnswerB

A Compute Savings Plan provides discount coverage while preserving flexibility across EC2 families and even other compute services. That makes it ideal for the steady baseline when future family changes are expected. Spot Instances are the lowest-cost choice for the restartable batch tier because interruptions are acceptable and checkpointing is already in place.

Why this answer

Option B is correct because a Compute Savings Plan covers any EC2 instance family (or even container/Fargate usage) at a discounted rate, making it ideal for the steady 24/7 baseline. The nightly batch job can be interrupted and resumed from checkpoints, which is a perfect use case for Spot Instances, offering up to 90% cost savings. This combination minimizes compute cost while maintaining flexibility to change instance families during the year.

Exam trap

The trap here is that candidates often assume Reserved Instances or Instance Savings Plans are always cheaper, but they fail to recognize that the requirement to change instance families during the year makes Compute Savings Plans the only flexible discount option, and they overlook that Spot Instances are ideal for interruptible batch jobs.

How to eliminate wrong answers

Option A is wrong because EC2 Instance Savings Plans lock you into a specific instance family within a region, which conflicts with the requirement to change instance families during the year; also, running the nightly batch on On-Demand instances is more expensive than using Spot Instances. Option C is wrong because Standard Reserved Instances require a 1- or 3-year commitment and lock you into a specific instance family, which prevents the flexibility to change families and does not leverage Spot Instances for the interruptible batch job. Option D is wrong because running the steady baseline entirely on Spot Instances risks interruption (Spot Instances can be reclaimed with a 2-minute warning), which is unsuitable for a 24/7 workload that must remain stable and available.

99
MCQmedium

A data engineering team runs a nightly ETL job on EC2. The job can be checkpointed every 5 minutes and can be retried from the last checkpoint if the instance terminates. The job runtime varies from 2 to 4 hours, and the team has no need for a specific instance type, as long as it completes before 7:00 AM local time. They currently run the job on On-Demand EC2, leading to high monthly compute cost. Which change best reduces cost while maintaining the business deadline?

A.Use Spot Instances for the ETL workload, and configure the job to checkpoint frequently and restart on interruption.
B.Use Reserved Instances with a 1-year term to lower costs, since reservations provide discounts for any usage.
C.Switch to On-Demand but enable Auto Scaling so the job finishes faster during peak hours.
D.Use Spot Instances but disable checkpointing to simplify the application.
AnswerA

Spot can significantly reduce costs, and checkpointing plus retries mitigate interruption risk.

Why this answer

Option A is correct because Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, checkpointable workloads. The job's ability to checkpoint every 5 minutes and retry from the last checkpoint means it can gracefully handle Spot Instance interruptions, ensuring it still completes before the 7:00 AM deadline without incurring the high cost of On-Demand instances.

Exam trap

The trap here is that candidates may think Reserved Instances are always cheaper, but they fail to consider the low utilization of a nightly job, making Spot Instances with checkpointing the true cost-optimized solution for fault-tolerant workloads.

How to eliminate wrong answers

Option B is wrong because Reserved Instances require a 1-year or 3-year commitment and are best suited for steady-state, predictable workloads, not for a nightly ETL job that runs only 2–4 hours per day, leading to underutilization and higher effective cost. Option C is wrong because enabling Auto Scaling on On-Demand instances does not reduce cost; it may increase cost by launching additional instances, and the job already completes within the required window without needing faster execution. Option D is wrong because disabling checkpointing on Spot Instances removes fault tolerance, making the job vulnerable to interruption failures and risking the 7:00 AM deadline, as the job would have to restart from scratch.

100
Multi-Selectmedium

A service in private subnets downloads product images from Amazon S3 and stores job state in DynamoDB. A NAT Gateway is currently the only route to AWS services, and the monthly bill is dominated by NAT data processing charges. Which two changes will most directly reduce that cost? Select two.

Select 2 answers
A.Create a gateway VPC endpoint for Amazon S3.
B.Create a gateway VPC endpoint for Amazon DynamoDB.
C.Add an internet gateway and move the instances into public subnets.
D.Replace the NAT Gateway with a Site-to-Site VPN connection.
E.Create an interface endpoint for S3 instead of a gateway endpoint.
AnswersA, B

An S3 gateway endpoint routes S3 traffic over the AWS private network instead of through the NAT Gateway. That removes NAT data processing charges for the S3 downloads and is one of the most direct cost optimizations for private-subnet workloads.

Why this answer

A is correct because a gateway VPC endpoint for Amazon S3 allows instances in private subnets to access S3 directly over the AWS network without traversing the internet or a NAT Gateway. This eliminates NAT data processing charges for S3 traffic, which is the dominant cost driver in this scenario.

Exam trap

The trap here is that candidates may think interface endpoints are always better for security or performance, but for S3 and DynamoDB, gateway endpoints are free and more cost-effective, while interface endpoints incur additional charges.

101
MCQhard

A media processing workflow generates analytics files that are accessed unpredictably. Some files become hot again months later. The team wants automatic storage cost optimisation without retrieval delays. What should be used?

A.S3 Intelligent-Tiering
B.Manual monthly review and object copying
C.S3 Glacier Flexible Retrieval for all files
D.EFS One Zone for analytics files
AnswerA

Intelligent-Tiering automatically moves objects between access tiers based on usage while preserving low-latency access.

Why this answer

S3 Intelligent-Tiering automatically moves objects between access tiers (frequent, infrequent, and archive instant access) based on changing access patterns, with no retrieval delays for hot objects. This is ideal for unpredictable access where some files become hot again months later, as it optimizes storage costs without manual intervention or retrieval latency.

Exam trap

The trap here is that candidates may choose S3 Glacier Flexible Retrieval (Option C) thinking it is the cheapest archival option, but they overlook the requirement for 'no retrieval delays' and the unpredictable access pattern that makes Intelligent-Tiering's automatic tiering the correct choice.

How to eliminate wrong answers

Option B is wrong because manual monthly review and object copying is labor-intensive, error-prone, and cannot react to unpredictable access patterns in real time, leading to either higher costs or retrieval delays. Option C is wrong because S3 Glacier Flexible Retrieval has retrieval delays (minutes to hours) and is not suitable for files that may become hot again unpredictably, as it would introduce unacceptable latency. Option D is wrong because EFS One Zone is a file system, not an object storage service, and is designed for low-latency shared access within a single AZ, not for cost-optimized archival of analytics files with unpredictable retrieval.

102
MCQmedium

A test environment has EC2 instances that are oversized based on CPU, memory, and network utilisation. Which AWS service should identify rightsizing recommendations? The design must avoid adding custom operational scripts.

A.AWS DataSync
B.AWS Shield
C.AWS Artifact
D.AWS Compute Optimizer
AnswerD

Compute Optimizer analyses utilisation metrics and recommends rightsizing for supported resources.

Why this answer

AWS Compute Optimizer uses machine learning to analyze historical utilization metrics (CPU, memory, network) and generates rightsizing recommendations for EC2 instances, including instance type changes and downsizing opportunities. It operates without requiring custom scripts, as it leverages existing CloudWatch metrics and optionally the Compute Optimizer agent for enhanced memory and disk metrics.

Exam trap

The trap here is that candidates may confuse AWS Compute Optimizer with AWS Trusted Advisor, which also provides cost optimization checks but does not offer the same granular, ML-driven rightsizing recommendations for EC2 instance types.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS services (e.g., S3, EFS), not for analyzing EC2 utilization or generating rightsizing recommendations. Option B is wrong because AWS Shield is a managed DDoS protection service that safeguards applications against distributed denial-of-service attacks, unrelated to cost optimization or instance sizing. Option C is wrong because AWS Artifact is a self-service portal for downloading AWS compliance reports and agreements (e.g., SOC, PCI), not a tool for resource optimization or rightsizing.

103
MCQmedium

A batch analytics job has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity? The design must avoid adding custom operational scripts.

A.DynamoDB on-demand capacity mode
B.Reserved capacity for maximum daily traffic
C.Provisioned capacity set for peak traffic
D.Global tables in every Region
AnswerA

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode automatically scales to handle unpredictable traffic spikes and idle periods without requiring any capacity planning or management. It charges only for the reads and writes you perform, eliminating the cost of idle provisioned capacity and avoiding the need for custom scripts to adjust capacity.

Exam trap

The trap here is that candidates may confuse 'reserved capacity' (a pricing discount for provisioned capacity) with a capacity mode, or assume that provisioned capacity set for peak traffic is cost-effective, ignoring the cost of idle periods.

How to eliminate wrong answers

Option B is wrong because reserved capacity is a pricing model for provisioned capacity, not a capacity mode; it requires you to commit to a specific throughput level and does not eliminate idle costs. Option C is wrong because setting provisioned capacity for peak traffic would result in paying for unused capacity during long idle periods, increasing costs and requiring manual or scripted adjustments. Option D is wrong because global tables replicate data across Regions for disaster recovery or low-latency access, not for managing capacity or cost optimization; they add complexity and cost without addressing idle capacity.

104
MCQmedium

A test environment stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost? The architecture review board prefers a managed AWS-native control.

A.Keep all logs in S3 Standard indefinitely
B.Move all logs immediately to S3 Glacier Deep Archive
C.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
D.Use EBS snapshots for the logs
AnswerC

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

Option C is correct because S3 Lifecycle policies allow you to automate the transition of objects from S3 Standard to lower-cost storage classes like S3 Standard-IA (after 30 days) and then to S3 Glacier Deep Archive (after one year) for long-term compliance. This matches the access pattern of frequent queries for 30 days, rare access for a year, and then retention-only, minimizing storage costs without manual intervention.

Exam trap

The trap here is that candidates may choose Option B (immediate move to Glacier Deep Archive) thinking it maximizes cost savings, but they overlook the requirement for 30 days of queryable access, which Glacier Deep Archive cannot support due to its multi-hour retrieval times.

How to eliminate wrong answers

Option A is wrong because keeping all logs in S3 Standard indefinitely incurs the highest storage cost, ignoring the infrequent access and long-term retention requirements. Option B is wrong because moving all logs immediately to S3 Glacier Deep Archive eliminates the ability to query them for 30 days, as retrieval times are hours and not suitable for active queries. Option D is wrong because EBS snapshots are designed for block-level backups of EC2 instances, not for storing log files; they are not a cost-effective or managed-native solution for S3 log storage and would introduce unnecessary complexity and cost.

105
MCQmedium

A risk simulation workload uses CloudWatch Logs heavily. Retaining all debug logs forever is increasing costs. What should be configured?

A.CloudWatch Logs retention policies per log group
B.AWS Config aggregation
C.CloudWatch detailed monitoring on all instances
D.Route 53 health checks
AnswerA

Retention policies automatically delete older logs after the required period.

Why this answer

CloudWatch Logs retention policies allow you to set per-log-group expiration rules (e.g., 30 days, 90 days) to automatically delete old log events, directly reducing storage costs for debug logs that are no longer needed. This is the most cost-effective and targeted solution for managing log lifecycle without affecting other monitoring or configuration services.

Exam trap

The trap here is that candidates may confuse log retention with monitoring frequency or configuration management, mistakenly thinking that reducing metric collection (detailed monitoring) or using Config aggregation will lower log storage costs.

How to eliminate wrong answers

Option B is wrong because AWS Config aggregation is used to collect and centrally view configuration and compliance data from multiple accounts/regions, not to manage log retention or storage costs. Option C is wrong because CloudWatch detailed monitoring on all instances increases metric frequency (1-minute intervals) and incurs additional costs, doing nothing to control log retention or delete old debug logs. Option D is wrong because Route 53 health checks monitor endpoint availability and DNS routing, not log storage or retention policies.

106
MCQmedium

A team stores application logs in an S3 bucket. They keep logs for 18 months for compliance. Access patterns: logs are heavily accessed during the first 30 days, rarely accessed between days 31 and 180, and almost never accessed after day 180. They currently store everything in S3 Standard and want to reduce storage cost without violating the 18-month retention requirement. What should they implement?

A.Leave logs in S3 Standard for 18 months and add a tag for internal reporting
B.Create an S3 lifecycle policy to transition logs to Standard-IA after 30 days and to Glacier Deep Archive after 180 days
C.Immediately move all logs to Glacier Instant Retrieval and expire after 18 months
D.Enable versioning and rely on object lifecycle expiration to reduce costs; do not change storage classes
AnswerB

Storage class transitions align cost with access frequency while still keeping objects for the full compliance period.

Why this answer

Option B is correct because an S3 lifecycle policy can automatically transition objects from S3 Standard to S3 Standard-IA after 30 days (matching the heavy-access period) and then to S3 Glacier Deep Archive after 180 days (matching the near-zero-access period). This minimizes storage costs while retaining logs for the required 18 months, as Glacier Deep Archive offers the lowest storage cost for long-term archival data.

Exam trap

The trap here is that candidates may choose Option C, mistakenly thinking Glacier Instant Retrieval is the cheapest archival class, but it is actually more expensive than Glacier Deep Archive for data that is almost never accessed, and the immediate transition ignores the cost savings from using Standard-IA during the first 30 days.

How to eliminate wrong answers

Option A is wrong because leaving logs in S3 Standard for 18 months incurs the highest storage cost, and adding a tag does not reduce cost or change the storage class. Option C is wrong because immediately moving all logs to S3 Glacier Instant Retrieval is more expensive than using Standard-IA for the first 30 days and does not align with the access pattern; also, Glacier Instant Retrieval is designed for data accessed quarterly, not for data that is almost never accessed after 180 days. Option D is wrong because enabling versioning increases storage costs by retaining multiple versions of objects, and object lifecycle expiration alone does not change storage classes to lower-cost tiers; it only deletes objects, which would violate the 18-month retention requirement if set to expire earlier.

107
Multi-Selectmedium

A data analytics company stores large datasets in Amazon S3. The data is accessed frequently for the first 30 days, then accessed rarely but needs to be retrievable within 1 hour for compliance purposes for up to 3 years. After 3 years, the data must be archived for 7 years with retrieval times acceptable up to 12 hours. Which three of the following strategies would optimize storage costs? (Choose three.)

Select 4 answers
.Use S3 Intelligent-Tiering for automatic cost savings based on access patterns.
.Transition data to S3 Glacier Deep Archive immediately after upload.
.Transition data to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
.Use S3 Lifecycle policies to move objects from S3 Standard to S3 Glacier Flexible Retrieval after 3 years.
.Store all data in S3 One Zone-IA for the first 30 days to save on storage costs.
.Transition data to S3 Glacier Deep Retrieval for the final 7-year archive.

Why this answer

S3 Intelligent-Tiering is correct because it automatically moves objects between access tiers based on changing access patterns, optimizing costs without manual lifecycle rules. For data that is frequently accessed for 30 days and then rarely accessed, Intelligent-Tiering can cost-effectively handle the transition without upfront lifecycle configuration.

Exam trap

AWS often tests the distinction between S3 Glacier Flexible Retrieval and S3 Glacier Deep Archive, where candidates mistakenly choose Deep Archive for the 3-year compliance period, ignoring the 1-hour retrieval requirement that only Flexible Retrieval can meet.

108
Multi-Selectmedium

A company is migrating its on-premises workloads to AWS and wants to optimize costs. Which three strategies should the company implement to achieve a cost-optimized architecture? (Choose three.)

Select 3 answers
.Use Reserved Instances or Savings Plans for predictable workloads to reduce costs compared to On-Demand pricing.
.Provision additional EC2 instances to handle peak load at all times, ensuring maximum performance.
.Implement auto scaling to match capacity with demand, avoiding over-provisioning and reducing waste.
.Use Spot Instances for fault-tolerant, flexible workloads to achieve significant cost savings.
.Store all data in Amazon S3 Standard storage class to avoid any data retrieval costs.
.Deploy all resources in a single Availability Zone to minimize data transfer costs.

Why this answer

Reserved Instances or Savings Plans provide significant discounts (up to 72%) over On-Demand pricing for predictable workloads by committing to a specific usage term (1 or 3 years). This directly reduces compute costs for steady-state applications, making it a core cost-optimization strategy.

Exam trap

The trap here is that candidates often confuse 'maximizing performance' with 'cost optimization' and select the option to provision extra instances for peak load, failing to recognize that auto scaling and right-sizing are the correct approaches to balance cost and performance.

109
MCQmedium

A media processing workflow uses CloudWatch Logs heavily. Retaining all debug logs forever is increasing costs. What should be configured?

A.Route 53 health checks
B.CloudWatch Logs retention policies per log group
C.CloudWatch detailed monitoring on all instances
D.AWS Config aggregation
AnswerB

Retention policies automatically delete older logs after the required period.

Why this answer

CloudWatch Logs retention policies per log group allow you to set an expiration time (e.g., 30 days) after which log events are automatically deleted. This directly reduces storage costs by preventing debug logs from accumulating indefinitely, without affecting other monitoring or routing functions.

Exam trap

The trap here is that candidates may confuse cost optimization with monitoring frequency or compliance aggregation, but the question specifically targets log storage costs, which only retention policies directly address.

How to eliminate wrong answers

Option A is wrong because Route 53 health checks are used for DNS failover and endpoint monitoring, not for managing log retention or cost optimization. Option C is wrong because CloudWatch detailed monitoring increases metric frequency (1-minute intervals) and incurs additional costs, which does not address log retention or cost reduction. Option D is wrong because AWS Config aggregation centralizes configuration snapshots and compliance rules across accounts/regions, but it does not control log group retention or deletion.

110
Matchinghard

Match each private-networking or content-delivery scenario to the AWS feature that most directly reduces cost while meeting the connectivity requirement.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Gateway VPC endpoint

Interface VPC endpoint (AWS PrivateLink)

CloudFront with versioned objects and a long cache TTL

CloudFront Origin Shield

Why these pairings

Each AWS feature directly reduces cost for the given scenario: CloudFront for latency, VPC Peering for intra-region, Direct Connect for hybrid, Transit Gateway for inter-region, Shield+CloudFront for security, and Global Accelerator for inter-region data transfer costs.

111
MCQmedium

A company runs an application on EC2 instances in private subnets. The instances must access Amazon S3, and the team currently routes all outbound traffic to the internet through a NAT Gateway. Monthly NAT Gateway charges increased significantly, even though the application only needs to call S3 (not access other public internet services). Which change will most directly reduce NAT Gateway charges while keeping S3 access working?

A.Create a gateway VPC endpoint for S3 and update the private route tables so S3 traffic uses the endpoint instead of the NAT Gateway.
B.Enable S3 Transfer Acceleration on the bucket to reduce the number of S3 calls that go through the NAT Gateway.
C.Switch the EC2 instances to public subnets so S3 calls can use direct internet routing without NAT.
D.Increase the NAT Gateway TCP idle timeout so fewer connections are billed separately for S3 traffic.
AnswerA

A gateway VPC endpoint for S3 keeps S3 traffic within the AWS network. After you add the S3 gateway endpoint and update the private subnet route tables for the S3 prefix list to target the endpoint, S3 API calls from the private subnets no longer traverse the NAT Gateway. This directly reduces both NAT Gateway per-hour charges and NAT data-processing charges associated with S3 traffic. If the application truly only needs S3, you can remove the NAT route for those S3 destinations and rely on the endpoint for S3 connectivity.

Why this answer

A gateway VPC endpoint for S3 allows instances in private subnets to access S3 over the AWS network without traversing the internet. By updating the private route tables to direct S3 traffic to the endpoint, the NAT Gateway is bypassed, eliminating the per-GB data processing charges and hourly NAT Gateway fees for that traffic. This directly reduces costs while maintaining secure, private access to S3.

Exam trap

The trap here is that candidates may think S3 Transfer Acceleration or increasing NAT Gateway timeouts will reduce costs, but they fail to recognize that a gateway VPC endpoint eliminates the NAT Gateway entirely for S3 traffic, directly addressing the cost issue without compromising security.

How to eliminate wrong answers

Option B is wrong because S3 Transfer Acceleration speeds up uploads over long distances using AWS edge locations, but it does not reduce the amount of traffic going through the NAT Gateway; it actually adds additional costs per GB transferred and still requires internet routing. Option C is wrong because moving EC2 instances to public subnets exposes them directly to the internet, violating the requirement for private subnets and introducing security risks; it also does not reduce NAT Gateway charges since the NAT Gateway is no longer used, but the question asks for a change that reduces NAT Gateway charges while keeping S3 access working, not for a security redesign. Option D is wrong because increasing the TCP idle timeout does not reduce NAT Gateway charges; it may actually increase costs by keeping connections open longer, and NAT Gateway billing is based on data processing and hourly usage, not per-connection billing.

112
MCQmedium

A company stores application logs in an S3 bucket. They retain logs for 180 days. Compliance requires that the logs be immutable once written, but the business only reviews logs about once per month. Currently, the team stores everything in S3 Standard, and their monthly S3 bill is too high. They want to reduce storage cost without changing the requirement to keep logs for 180 days. Which lifecycle approach best meets the goal?

A.Use a lifecycle policy to transition objects older than 30 days to S3 Standard-IA, and keep them there until day 180.
B.Use a lifecycle policy to transition objects older than 30 days to S3 Glacier Deep Archive and delete after 30 days.
C.Use a lifecycle policy to transition objects older than 30 days to S3 Intelligent-Tiering with no minimum storage duration.
D.Disable lifecycle management and instead lower costs by deleting objects immediately after they are written.
AnswerA

Logs accessed about monthly match Standard-IA economics and still provide fast retrieval.

Why this answer

Option A is correct because it transitions logs to S3 Standard-IA after 30 days, which reduces storage costs while still meeting the 180-day retention requirement. S3 Standard-IA is designed for data accessed less frequently but requires rapid access when needed, aligning with the monthly review pattern. The lifecycle policy keeps objects in S3 Standard-IA until day 180, ensuring immutability (via S3 Object Lock or bucket policies) and compliance without premature deletion.

Exam trap

The trap here is that candidates may choose S3 Intelligent-Tiering (Option C) thinking it automatically optimizes costs, but it does not guarantee savings for monthly access patterns and has a 30-day minimum duration per tier, making it less cost-effective than a direct transition to S3 Standard-IA.

How to eliminate wrong answers

Option B is wrong because transitioning to S3 Glacier Deep Archive and deleting after 30 days violates the 180-day retention requirement, as objects would be removed far too early. Option C is wrong because S3 Intelligent-Tiering has a minimum storage duration of 30 days per tier transition, and it does not guarantee cost savings for logs accessed only once per month; it also may incur monitoring and automation costs. Option D is wrong because deleting objects immediately after they are written violates the 180-day retention requirement and compliance needs, and it does not address cost optimization through lifecycle transitions.

113
MCQmedium

A marketing site stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost?

A.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
B.Keep all logs in S3 Standard indefinitely
C.Use EBS snapshots for the logs
D.Move all logs immediately to S3 Glacier Deep Archive
AnswerA

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

An S3 Lifecycle policy automates the transition of objects from S3 Standard (frequently accessed) to lower-cost storage classes like S3 Standard-IA (infrequent access) after 30 days, then to S3 Glacier Deep Archive for long-term compliance retention. This matches the access pattern: frequent queries for 30 days, rare access for a year, then archival storage, minimizing cost without manual intervention.

Exam trap

The trap here is that candidates might choose immediate archiving (Option D) to minimize storage cost, overlooking the 30-day query requirement and the retrieval latency/cost of Glacier Deep Archive, or mistakenly think EBS snapshots (Option C) are a valid alternative for log storage.

How to eliminate wrong answers

Option B is wrong because keeping all logs in S3 Standard indefinitely incurs the highest per-GB storage cost, ignoring the significant cost savings from transitioning to lower-cost tiers for rarely accessed and archived data. Option C is wrong because EBS snapshots are block-level backups for EC2 volumes, not designed for object storage of logs; using them would require an EC2 instance to manage the logs, adding compute and management overhead. Option D is wrong because immediately moving all logs to S3 Glacier Deep Archive would incur retrieval costs and delays (hours) for the 30-day query period, violating the requirement for frequent queries during that time.

114
MCQmedium

A marketing team runs a report-generation process that must execute once per day at 02:00 UTC. It usually completes in 10315 minutes, but sometimes takes up to 45 minutes due to varying data volumes. They currently run the workload on an EC2 instance that is always on, which wastes money during off-hours. The team wants to minimize operational overhead and pay mainly for actual execution time. What is the best architecture choice?

A.Use a scheduled Amazon EC2 Auto Scaling group that keeps a minimum of one instance running at all times.
B.Use an EventBridge schedule to run the report as an Amazon ECS task on AWS Fargate and write results to S3.
C.Use AWS Lambda triggered by an EventBridge schedule at 02:00 UTC and write results to S3.
D.Use an EMR cluster provisioned daily with manual teardown to ensure the instance is always available before 02:00.
AnswerB

Fargate allows the containerized job to run only when scheduled, so the team pays for task runtime instead of keeping an EC2 instance always on.

Why this answer

Amazon ECS on AWS Fargate is the best choice because it eliminates the need to manage servers, scales automatically, and charges only for the vCPU and memory resources consumed during task execution. The EventBridge schedule triggers the Fargate task at 02:00 UTC, and the report is written to S3, which provides durable, cost-effective storage. This architecture minimizes operational overhead and cost by avoiding an always-on EC2 instance.

Exam trap

The trap here is that candidates may choose AWS Lambda without considering its 15-minute execution timeout, which cannot handle the 45-minute maximum runtime of this report-generation process.

How to eliminate wrong answers

Option A is wrong because an Auto Scaling group with a minimum of one instance still keeps an EC2 instance running 24/7, incurring costs during off-hours and not paying mainly for actual execution time. Option C is wrong because AWS Lambda has a maximum execution timeout of 15 minutes (900 seconds), which cannot accommodate the report-generation process that sometimes takes up to 45 minutes. Option D is wrong because provisioning an EMR cluster daily with manual teardown introduces significant operational overhead and does not minimize costs, as EMR clusters incur charges for underlying EC2 instances even when idle.

115
MCQeasy

You need to run batch jobs on EC2. The jobs can tolerate interruptions: if an instance is terminated, the job can restart from checkpoints. To reduce compute cost as much as possible, what is the best choice?

A.EC2 On-Demand Instances to avoid interruptions
B.EC2 Spot Instances with checkpoint-based interruption handling
C.Savings Plans to guarantee capacity for the entire year
D.Reserved Instances with no interruption handling
AnswerB

Spot Instances are priced lower because AWS can reclaim capacity. When your workload can be interrupted and later restarted from checkpoints, the interruption model is compatible with Spot, making it the most cost-optimized option among the choices.

Why this answer

Spot Instances offer significant cost savings (up to 90% compared to On-Demand) but can be reclaimed by AWS with a two-minute warning. Since the batch jobs can tolerate interruptions and restart from checkpoints, Spot Instances are the most cost-effective choice. This aligns with the requirement to reduce compute cost as much as possible while handling interruptions gracefully.

Exam trap

The trap here is that candidates often choose On-Demand or Reserved Instances because they fear interruptions, but the question explicitly states the jobs can tolerate interruptions, so the most cost-effective option is Spot Instances, not a more expensive but stable alternative.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are fully priced and do not provide cost savings; the question explicitly asks to reduce cost as much as possible, and the jobs can tolerate interruptions, so paying full price is unnecessary. Option C is wrong because Savings Plans provide a discount in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) over a 1- or 3-year term, but they do not inherently reduce cost for interruptible batch workloads as much as Spot Instances, and they still require paying for the committed usage even if the job is not running. Option D is wrong because Reserved Instances require a 1- or 3-year commitment and provide a discount over On-Demand, but they are still more expensive than Spot Instances and do not leverage the interruptible nature of the workload; additionally, they lock in capacity that may not be needed continuously.

116
MCQhard

A risk simulation workload in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost? The architecture review board prefers a managed AWS-native control.

A.A larger NAT gateway
B.Gateway VPC endpoint for Amazon S3
C.S3 Object Lambda
D.AWS Shield Advanced
AnswerB

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC Endpoint for Amazon S3 allows instances in private subnets to access S3 directly over the AWS network without traversing a NAT gateway, eliminating NAT data processing charges. This is a managed AWS-native control that meets the architecture review board's preference, as it uses AWS PrivateLink to route traffic to S3 without requiring an internet gateway or NAT.

Exam trap

The trap here is that candidates often confuse Gateway VPC Endpoints with Interface Endpoints, thinking both reduce costs equally, but Gateway Endpoints are free to use and specifically designed for S3 and DynamoDB, while Interface Endpoints incur hourly charges and per-GB data processing fees.

How to eliminate wrong answers

Option A is wrong because a larger NAT gateway would increase, not reduce, costs; it offers higher throughput but still incurs per-GB data processing charges for all traffic through it. Option C is wrong because S3 Object Lambda is used to transform data on the fly during retrieval from S3, not to reduce data transfer costs from S3 to a VPC; it does not address NAT gateway charges. Option D is wrong because AWS Shield Advanced is a DDoS protection service that does not reduce data transfer costs or NAT gateway charges; it adds cost for enhanced security.

117
Multi-Selectmedium

A company runs an order system on EC2 with a self-managed PostgreSQL database, a self-managed RabbitMQ broker, and a shared file server for attachments. The team wants to reduce patching, backups, and cluster administration while keeping the architecture simple and using managed services where possible. Which three changes should they make? Select three.

Select 3 answers
A.Replace the database with Amazon RDS for PostgreSQL.
B.Replace the broker with Amazon MQ for RabbitMQ.
C.Store attachments in Amazon S3 instead of the shared file server.
D.Keep the database on EC2 and add more EBS volumes.
E.Move RabbitMQ to Dedicated Hosts for better isolation.
AnswersA, B, C

Amazon RDS handles routine database operations such as backups, patching, and maintenance windows, which reduces administrative overhead. It is the managed-service replacement for a self-managed PostgreSQL database.

Why this answer

Amazon RDS for PostgreSQL is a managed database service that automates patching, backups, and replication, eliminating the need for self-managing PostgreSQL on EC2. This directly reduces the operational overhead of cluster administration and aligns with the goal of using managed services.

Exam trap

The trap here is that candidates may think adding more EBS volumes or using Dedicated Hosts reduces administrative overhead, but these options actually increase complexity or cost without moving to a managed service, which is the core requirement of the question.

118
Multi-Selecthard

A SaaS vendor has a steady 24/7 control plane on ECS and several small event-driven tasks that currently run on a separate always-on service. Management wants the billing discount that applies across both ECS and Lambda usage without committing to a specific instance family. Which two actions are best? Select two.

Select 2 answers
A.Buy a Compute Savings Plan for the predictable baseline usage.
B.Move the event-driven tasks to AWS Lambda instead of keeping a separate always-on service.
C.Buy an EC2 Instance Savings Plan tied to one instance family for all workloads.
D.Use Spot Instances for the control plane because it is the largest bill.
E.Increase the ECS desired count so Lambda can be removed.
AnswersA, B

Correct. A Compute Savings Plan discounts predictable compute spend across ECS and Lambda without binding the team to one instance family. That flexibility matches a mixed compute estate and avoids overcommitting.

Why this answer

A Compute Savings Plan offers the largest discount (up to 66%) across both ECS and Lambda usage without committing to a specific instance family, which matches the requirement to cover both services flexibly. It applies to any EC2 instance, including those used by ECS, and to AWS Lambda compute, making it ideal for a mixed workload with a predictable baseline.

Exam trap

The trap here is that candidates confuse Savings Plans with Reserved Instances or Spot Instances, assuming a specific instance family commitment is required, or they think Spot Instances can replace a billing discount mechanism for a steady workload.

119
MCQmedium

A test environment runs on x86 EC2 instances and uses open-source software with no architecture-specific licensing restriction. What should be evaluated to reduce compute cost? The design must avoid adding custom operational scripts.

A.Cross-Region data replication for all data
B.AWS Graviton-based instances after performance testing
C.io2 Block Express volumes for all instances
D.Dedicated Hosts by default
AnswerB

Graviton instances often provide better price performance for compatible workloads.

Why this answer

Option B is correct because AWS Graviton-based instances (ARM architecture) offer up to 40% better price-performance compared to x86 instances for many workloads. Since the environment uses open-source software with no architecture-specific licensing restrictions, migrating to Graviton after performance testing can significantly reduce compute costs without requiring custom operational scripts, as AWS provides native support for ARM-based instances.

Exam trap

The trap here is that candidates may confuse cost optimization with performance improvement or licensing requirements, leading them to select Dedicated Hosts or high-performance storage options that actually increase costs.

How to eliminate wrong answers

Option A is wrong because cross-region data replication increases data transfer and storage costs, and it does not directly address compute cost reduction. Option C is wrong because io2 Block Express volumes are high-performance, high-cost EBS volumes designed for I/O-intensive workloads, not for reducing compute costs, and they would increase storage costs unnecessarily. Option D is wrong because Dedicated Hosts incur additional per-host charges and are used for licensing or compliance requirements, not for cost optimization; they would increase compute costs rather than reduce them.

120
Multi-Selectmedium

A company is using AWS for big data analytics and wants to optimize costs for its data processing pipeline. Which three design choices will help achieve this goal? (Choose three.)

Select 3 answers
.Use Amazon EMR with Spot Instances for task nodes to reduce compute costs for fault-tolerant jobs.
.Store all intermediate data on Amazon EBS io2 Block Express volumes for high performance.
.Use Amazon S3 for input and output data, and enable S3 Select to reduce the amount of data transferred to processing.
.Provision a fixed number of EC2 instances for processing to avoid scaling delays.
.Use AWS Glue with a scheduled crawler to catalog data, and choose a lower number of Data Processing Units (DPUs) for smaller jobs.
.Store all data in Amazon Redshift Spectrum external tables to avoid loading data into Redshift clusters.

Why this answer

Using Amazon EMR with Spot Instances for task nodes is correct because task nodes are typically used for fault-tolerant, stateless processing in EMR clusters. Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and can be interrupted, but since task nodes can be replaced without affecting job completion, this is a cost-optimized design for big data pipelines. Amazon S3 Select is correct because it allows you to retrieve only a subset of data from an object (e.g., specific columns or rows) using SQL expressions, reducing the amount of data transferred to your processing application and lowering data transfer and processing costs.

Using AWS Glue with a scheduled crawler and choosing a lower number of DPUs for smaller jobs is correct because DPUs (Data Processing Units) are the billing unit for AWS Glue jobs; selecting a lower DPU count for jobs that do not require high parallelism directly reduces costs.

Exam trap

The trap here is that candidates often confuse high-performance storage (like io2 Block Express) with cost optimization, or assume that fixed provisioning avoids scaling costs, when in reality both increase costs in a variable-load big data pipeline.

121
MCQeasy

An S3 bucket stores application logs. After 30 days, the team rarely accesses the logs, but compliance requires keeping them for 18 months. Which setup most directly reduces storage cost while maintaining compliance?

A.Configure an S3 Lifecycle policy to transition objects to a colder storage class after 30 days and expire (delete) them after 18 months.
B.Enable S3 Versioning and rely on deleting old versions after 30 days to reduce storage costs while keeping the latest data.
C.Move the bucket to a different AWS region farther from the users to reduce the likelihood of accidental reads and thereby lower storage costs.
D.Switch all objects to S3 Glacier Instant Retrieval immediately, regardless of object age, to minimize storage charges.
AnswerA

Lifecycle transitions lower the storage cost for older objects, and the expiration at 18 months enforces the compliance retention requirement.

Why this answer

Option A is correct because S3 Lifecycle policies allow you to automatically transition objects to cheaper storage classes (e.g., S3 Standard-IA or S3 Glacier Deep Archive) after 30 days, reducing storage costs for rarely accessed logs. The policy also sets an expiration action to delete objects after 18 months, meeting the compliance requirement without manual intervention.

Exam trap

The trap here is that candidates may think moving to a different region or using versioning reduces costs, but the core concept is that S3 Lifecycle policies directly automate cost optimization by transitioning to colder storage classes and expiring data, which is the most direct and compliant approach.

How to eliminate wrong answers

Option B is wrong because enabling S3 Versioning and deleting old versions does not address the need to keep logs for 18 months; it only manages versions, not the primary objects, and can increase costs due to storing multiple versions. Option C is wrong because moving the bucket to a different region does not reduce storage costs; it may increase data transfer costs and does not change the storage class or lifecycle management. Option D is wrong because switching all objects to S3 Glacier Instant Retrieval immediately, regardless of age, would likely increase costs for frequently accessed logs in the first 30 days, as this storage class has higher retrieval costs and is not optimal for data that is still being accessed.

122
Multi-Selectmedium

A company is running a production web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The workload has predictable traffic spikes during business hours and low traffic at night. The current architecture uses On-Demand EC2 instances, leading to high costs. The company wants to reduce costs without sacrificing availability or performance. Which three of the following strategies would help achieve this goal? (Choose three.)

Select 3 answers
.Purchase Reserved Instances for the baseline capacity that runs 24/7.
.Add Spot Instances for the entire workload during peak hours.
.Use Auto Scaling with a mixed instances policy that includes On-Demand and Spot Instances.
.Migrate to AWS Lambda for all web application traffic.
.Implement a scheduled scaling action to increase capacity before business hours and decrease after.
.Consolidate all instances into a single larger instance to reduce overhead.

Why this answer

Purchasing Reserved Instances for the baseline 24/7 capacity provides a significant discount (up to 72%) compared to On-Demand pricing, directly reducing costs for the always-running portion of the workload. This strategy is correct because it matches the predictable, steady-state traffic component without sacrificing availability or performance.

Exam trap

The trap here is that candidates may think Spot Instances can be used for the entire workload during peak hours, but they overlook the interruption risk and the requirement for the workload to be fault-tolerant, which a production web application behind an ALB typically is not without careful design.

123
MCQhard

A media processing workflow in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost? The design must avoid adding custom operational scripts.

A.S3 Object Lambda
B.AWS Shield Advanced
C.Gateway VPC endpoint for Amazon S3
D.A larger NAT gateway
AnswerC

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC endpoint for Amazon S3 allows instances in private subnets to access S3 directly over the AWS network without traversing a NAT gateway. This eliminates NAT data processing charges because traffic stays within the AWS backbone, reducing costs significantly for large data downloads.

Exam trap

The trap here is that candidates often confuse Gateway VPC endpoints with Interface VPC endpoints, assuming both incur costs, or mistakenly think NAT gateways are required for all private subnet outbound traffic, missing the S3-specific optimization.

How to eliminate wrong answers

Option A is wrong because S3 Object Lambda is used to transform data on the fly during retrieval, not to reduce data transfer costs or bypass NAT gateways. Option B is wrong because AWS Shield Advanced provides DDoS protection, not cost optimization for S3 data transfer. Option D is wrong because a larger NAT gateway would increase, not reduce, costs due to higher hourly and data processing charges.

124
MCQhard

A media processing workflow generates analytics files that are accessed unpredictably. Some files become hot again months later. The team wants automatic storage cost optimisation without retrieval delays. What should be used? The design must avoid adding custom operational scripts.

A.S3 Intelligent-Tiering
B.Manual monthly review and object copying
C.S3 Glacier Flexible Retrieval for all files
D.EFS One Zone for analytics files
AnswerA

Intelligent-Tiering automatically moves objects between access tiers based on usage while preserving low-latency access.

Why this answer

S3 Intelligent-Tiering automatically moves objects between access tiers (frequent, infrequent, and archive instant access) based on changing access patterns, with no retrieval delays for hot objects and no operational overhead. This matches the unpredictable access pattern where files become hot again months later, as the service monitors access and adjusts storage class without custom scripts.

Exam trap

The trap here is that candidates may choose S3 Glacier Flexible Retrieval thinking it is the cheapest option, overlooking the retrieval delay requirement and the fact that Intelligent-Tiering provides automatic cost optimisation without latency penalties for unpredictable access patterns.

How to eliminate wrong answers

Option B is wrong because manual monthly review and object copying introduces operational overhead and potential delays, violating the requirement to avoid custom operational scripts and automatic cost optimisation. Option C is wrong because S3 Glacier Flexible Retrieval has retrieval delays (minutes to hours) for files that become hot again, which violates the 'no retrieval delays' requirement. Option D is wrong because EFS One Zone is a file system, not an object storage class, and does not provide automatic tiering or cost optimisation for unpredictable access patterns; it also incurs costs for all data stored regardless of access frequency.

125
MCQmedium

A dev sandbox has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity?

A.Reserved capacity for maximum daily traffic
B.Provisioned capacity set for peak traffic
C.DynamoDB on-demand capacity mode
D.Global tables in every Region
AnswerC

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode (Option C) is ideal for unpredictable workloads with long idle periods and occasional spikes because it automatically scales to handle traffic without requiring any capacity planning. You pay only for the reads and writes you actually perform, eliminating the cost of idle provisioned capacity and the operational overhead of managing scaling.

Exam trap

The trap here is that candidates confuse 'reserved capacity' (an EC2/RDS concept) with DynamoDB capacity modes, or think that provisioned capacity with auto-scaling is always cheaper, ignoring the cost of idle capacity during long idle periods.

How to eliminate wrong answers

Option A is wrong because Reserved capacity is not a DynamoDB capacity mode; it is a pricing model for EC2 or RDS, and DynamoDB does not offer reserved capacity. Option B is wrong because Provisioned capacity set for peak traffic would incur costs for idle capacity during long idle periods, and you would still need to manually adjust or use auto-scaling to handle spikes, increasing operational overhead. Option D is wrong because Global tables are a replication feature for multi-Region active-active setups, not a capacity mode, and they do not address cost or overhead from idle capacity or traffic spikes.

126
MCQmedium

A production internal reporting portal runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy? The design must avoid adding custom operational scripts.

A.Spot Instances only
B.Dedicated Instances
C.Compute Savings Plan
D.S3 Intelligent-Tiering
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

Compute Savings Plans offer the lowest prices on EC2 instance usage (up to 66% off On-Demand) in exchange for a 1- or 3-year commitment, while allowing flexibility across instance families, sizes, OS, and regions. This matches the requirement for a discount on predictable, continuous usage without locking into a specific instance type, and requires no custom scripts.

Exam trap

The trap here is that candidates confuse Savings Plans with Reserved Instances, assuming they require instance-family lock-in, or they incorrectly apply storage services (S3 Intelligent-Tiering) to compute cost optimization.

How to eliminate wrong answers

Option A is wrong because Spot Instances are not suitable for a continuously running production portal; they can be interrupted with a 2-minute warning, making them unreliable for steady-state workloads. Option B is wrong because Dedicated Instances provide physical isolation at a higher cost and do not offer a discount mechanism; they are for compliance or licensing needs, not cost savings. Option D is wrong because S3 Intelligent-Tiering is an object storage class for data with changing access patterns, not applicable to EC2 compute instances.

127
MCQmedium

A latency-sensitive API is implemented with AWS Lambda. The team enabled provisioned concurrency to avoid cold starts, setting provisioned concurrency to 50 because marketing campaigns occasionally cause spikes. However, during most weekdays the API receives little traffic (near zero), and the team is seeing high monthly Lambda costs from idle provisioned capacity. What is the best cost-optimized strategy that still meets the requirement of fast initial responses during traffic spikes?

A.Increase provisioned concurrency to 100 so that cold starts never occur, regardless of traffic patterns.
B.Use Application Auto Scaling scheduled actions to increase provisioned concurrency on the Lambda alias before campaign windows and reduce it to a minimal baseline afterward.
C.Turn provisioned concurrency off permanently and rely on retries at the client side to mask cold starts.
D.Replace Lambda with a single always-on EC2 instance sized for peak demand to eliminate cold starts.
AnswerB

Provisioned concurrency is billed while allocated, even when idle. Scheduling higher provisioned concurrency only during known spike windows reduces idle cost while preserving fast startup behavior during campaigns.

Why this answer

Option B is correct because it uses Application Auto Scaling scheduled actions to dynamically adjust provisioned concurrency, scaling up to 50 before marketing campaigns and reducing to a minimal baseline (e.g., 1-5) during low-traffic weekdays. This eliminates idle capacity costs while ensuring fast initial responses during spikes, as provisioned concurrency keeps Lambda environments warm and ready to handle requests without cold starts.

Exam trap

The trap here is that candidates may assume provisioned concurrency must be set to a static high value to handle spikes, ignoring AWS's native Auto Scaling capabilities that can dynamically adjust capacity based on schedule or metrics, thus missing the cost-optimization aspect of the question.

How to eliminate wrong answers

Option A is wrong because increasing provisioned concurrency to 100 would double the idle capacity cost during low-traffic periods, exacerbating the cost issue without addressing the root problem of over-provisioning. Option C is wrong because turning off provisioned concurrency permanently would cause cold starts on every invocation during traffic spikes, violating the latency-sensitive requirement; client-side retries do not mask the initial latency of a cold start (typically 1-5 seconds for Lambda). Option D is wrong because replacing Lambda with a single always-on EC2 instance sized for peak demand would incur higher costs (24/7 compute) and eliminate the serverless benefits of automatic scaling and pay-per-use, while still risking performance degradation if the single instance is overwhelmed.

128
Multi-Selectmedium

A containerized service runs in private subnets and retrieves secrets from AWS Secrets Manager and configuration parameters from AWS Systems Manager Parameter Store on startup. A NAT Gateway is currently used only for these AWS API calls, and the security team wants to eliminate that recurring charge. Which two endpoints should be added? Select two.

Select 2 answers
A.Create an interface VPC endpoint for AWS Secrets Manager.
B.Create an interface VPC endpoint for AWS Systems Manager.
C.Create a gateway VPC endpoint for Amazon S3 instead.
D.Add an Internet Gateway and send the traffic through public subnets.
E.Replace the NAT Gateway with a NAT instance.
AnswersA, B

Secrets Manager uses an interface endpoint in a private-subnet design. That keeps startup traffic off the NAT Gateway while still letting the service retrieve secrets privately over the AWS network.

Why this answer

Option A is correct because AWS Secrets Manager is accessed via API calls over HTTPS, and an interface VPC endpoint (powered by AWS PrivateLink) allows private connectivity to the service without traversing the internet or a NAT Gateway. This eliminates the need for the NAT Gateway for Secrets Manager traffic, reducing costs and improving security by keeping traffic within the AWS network.

Exam trap

The trap here is that candidates often confuse gateway VPC endpoints (for S3/DynamoDB) with interface VPC endpoints (for most other AWS services), leading them to incorrectly select option C instead of recognizing that both Secrets Manager and Systems Manager require interface endpoints.

129
Multi-Selecthard

A product catalog system uses a relational database for orders and a simple key-value profile store for shopping carts. Traffic is unpredictable, and the company wants to avoid paying for large idle database instances. Which two choices are best? Select two.

Select 2 answers
A.Use Aurora Serverless v2 for the relational order system.
B.Use DynamoDB on-demand capacity for the shopping-cart profile store.
C.Keep both workloads on large provisioned RDS instances and add read replicas for the cart store.
D.Use DynamoDB provisioned capacity with a fixed minimum despite the unpredictable traffic.
E.Replace the relational order system with a wide-column table to reduce SQL licensing.
AnswersA, B

Correct. Aurora Serverless v2 is designed for variable relational workloads because capacity can scale without constantly paying for a large fixed instance. It preserves SQL features while reducing idle overprovisioning.

Why this answer

Aurora Serverless v2 automatically scales compute capacity up and down based on demand, so you only pay for the resources you use. This eliminates the need to provision for peak traffic and avoids paying for large idle database instances, making it cost-optimized for unpredictable workloads.

Exam trap

The trap here is that candidates may think provisioned capacity with a minimum is acceptable for unpredictable traffic, but the question explicitly requires avoiding paying for idle capacity, so on-demand or serverless options are the only correct choices.

130
MCQmedium

A static web application uses CloudFront with an S3 origin for assets (JavaScript, CSS, images). After deploying a new frontend build, the CloudFront cache hit ratio dropped significantly because the S3 origin receives many repeated requests for the same assets. The team notices that requests now include the Authorization header in asset requests. Which change is most likely to restore cache efficiency and reduce origin request costs?

A.Keep the Authorization header but increase the cache TTL to 1 year to reduce revalidation frequency.
B.Update the CloudFront cache policy so that Authorization is excluded from the cache key for static asset paths.
C.Remove CloudFront and serve assets directly from the S3 website endpoint to reduce CloudFront charges.
D.Switch the S3 origin from private access to public access so CloudFront can cache assets more effectively.
AnswerB

When Authorization is part of the cache key, each unique token can create separate cache entries, lowering the cache hit ratio and increasing origin requests. Excluding Authorization from the cache key (and typically from the origin request policy for static assets) allows caching to be based on the URL path/query string, improving hit ratio and reducing S3 origin load.

Why this answer

The drop in cache hit ratio is caused by the Authorization header being included in asset requests, which makes each request unique from CloudFront's perspective, preventing cache reuse. By updating the CloudFront cache policy to exclude the Authorization header from the cache key for static asset paths, CloudFront can treat identical asset requests as cache hits, restoring cache efficiency and reducing origin load.

Exam trap

The trap here is that candidates may assume increasing TTL or making the origin public solves caching issues, but the real problem is the cache key variation caused by the Authorization header, which must be explicitly excluded from the cache policy for static content.

How to eliminate wrong answers

Option A is wrong because increasing the TTL to 1 year does not address the root cause—the Authorization header still varies the cache key, so requests will continue to miss cache and revalidate unnecessarily. Option C is wrong because removing CloudFront and serving assets directly from the S3 website endpoint would eliminate caching entirely, increasing origin request costs and latency, not reducing them. Option D is wrong because switching the S3 origin from private to public access does not affect CloudFront's ability to cache; the cache key issue with the Authorization header remains, and public access introduces security risks without solving the problem.

131
MCQmedium

A dev sandbox has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity? The design must avoid adding custom operational scripts.

A.Reserved capacity for maximum daily traffic
B.Provisioned capacity set for peak traffic
C.DynamoDB on-demand capacity mode
D.Global tables in every Region
AnswerC

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode is ideal for unpredictable workloads with long idle periods and occasional spikes because it automatically scales to handle traffic without requiring any capacity planning or provisioning. You pay only for the reads and writes you actually perform, eliminating the cost of idle provisioned capacity and the operational overhead of managing scaling scripts or alarms.

Exam trap

The trap here is that candidates may confuse 'reserved capacity' with DynamoDB's reserved capacity pricing model (which is actually a commitment discount for provisioned mode) or assume that provisioned capacity with auto-scaling is sufficient, but auto-scaling still requires setting minimum and maximum values and can incur costs for idle provisioned capacity during low-traffic periods.

How to eliminate wrong answers

Option A is wrong because Reserved capacity is not a DynamoDB pricing model; it applies to services like EC2 RIs or Aurora, and even if interpreted as provisioned capacity, it would require estimating peak traffic and paying for idle time. Option B is wrong because Provisioned capacity set for peak traffic would incur costs for unused capacity during idle periods and would require manual scaling or custom scripts to adjust capacity, violating the requirement to avoid custom operational scripts. Option D is wrong because Global tables replicate data across multiple Regions for disaster recovery or low-latency global access, which adds complexity and cost without addressing the core issue of unpredictable traffic and idle capacity waste.

132
Multi-Selecthard

An application stores user-uploaded binaries in S3. Access is unpredictable for the first month, then most objects become cold. The team wants the cheapest approach that avoids manually guessing access patterns. Which two actions are best? Select two.

Select 2 answers
A.Enable S3 Intelligent-Tiering on the bucket.
B.Keep all objects in S3 Standard because lifecycle transitions add too much management.
C.Add a lifecycle rule to move very old objects to S3 Glacier Deep Archive when minute-level retrieval is no longer required.
D.Copy all binaries to Amazon EFS so retrieval is faster.
E.Disable versioning because S3 Intelligent-Tiering needs it to work.
AnswersA, C

Correct. Intelligent-Tiering is designed for objects with uncertain or changing access patterns. It automatically moves data between access tiers, reducing the need for manual guessing and avoiding overpaying for standard storage.

Why this answer

A is correct because S3 Intelligent-Tiering automatically moves objects between access tiers based on changing access patterns, eliminating the need to manually guess or configure lifecycle rules. It charges a small monthly monitoring fee per object but avoids the higher cost of keeping cold data in S3 Standard, making it the cheapest hands-off approach for unpredictable access followed by cold storage.

Exam trap

The trap here is assuming that lifecycle rules require manual guessing of access patterns, when S3 Intelligent-Tiering automates this without upfront configuration, and that versioning is a prerequisite for Intelligent-Tiering, which it is not.

133
MCQmedium

A company serves versioned images from S3 through CloudFront. After a release, CloudFront origin fetches increased sharply and the monthly CloudFront bill went up. They reviewed CloudFront logs and found that many requests include a query string parameter `reqId` that is unique per request (for example, `...?v=2026-04-01&reqId=...`). The team currently forwards all query strings to the cache key. What change is most likely to reduce origin fetches and cost while keeping the versioned images correct?

A.Update the CloudFront cache policy to ignore `reqId` and include only the stable `v` query string parameter in the cache key.
B.Lower the CloudFront minimum TTL to 0 seconds so cached objects revalidate more often, reducing origin fetch volume.
C.Set the S3 bucket to use compression and enable S3 Transfer Acceleration to reduce origin fetch charges.
D.Disable forwarding of the query string to the origin, but keep using the full query string (including `reqId`) in the cache key.
AnswerA

Because `reqId` is unique per request, including it in the cache key prevents cache reuse (each request maps to a different cache entry), resulting in frequent origin fetches. Excluding `reqId` and keeping only `v` allows many requests for the same version to share cached objects, reducing origin traffic and cost while preserving correct version behavior.

Why this answer

Option A is correct because the `reqId` query string parameter is unique per request, which forces CloudFront to treat each request as a distinct cache object when all query strings are forwarded to the cache key. By configuring the cache policy to include only the stable `v` parameter (the version identifier) and ignore `reqId`, CloudFront can serve cached responses for all requests with the same `v` value, drastically reducing origin fetches and lowering costs. This approach preserves correct versioned image delivery because the `v` parameter still differentiates between image versions.

Exam trap

The trap here is that candidates may think forwarding all query strings is harmless or that lowering TTL helps reduce origin fetches, but the real issue is cache key fragmentation caused by unique parameters like `reqId`.

How to eliminate wrong answers

Option B is wrong because lowering the minimum TTL to 0 seconds would cause CloudFront to revalidate cached objects more frequently, increasing origin fetches and costs, which is the opposite of the desired outcome. Option C is wrong because enabling S3 Transfer Acceleration and compression reduces data transfer latency and size but does not address the root cause of excessive origin fetches caused by unique query strings in the cache key. Option D is wrong because disabling forwarding of the query string to the origin while keeping the full query string (including `reqId`) in the cache key would still create unique cache objects for each `reqId`, failing to reduce origin fetches.

134
MCQmedium

A media processing workflow uses CloudWatch Logs heavily. Retaining all debug logs forever is increasing costs. What should be configured? The design must avoid adding custom operational scripts.

A.Route 53 health checks
B.CloudWatch Logs retention policies per log group
C.CloudWatch detailed monitoring on all instances
D.AWS Config aggregation
AnswerB

Retention policies automatically delete older logs after the required period.

Why this answer

Option B is correct because CloudWatch Logs retention policies allow you to set a time-based expiration (e.g., 30 days) on log groups, automatically deleting old log events. This directly reduces storage costs without requiring custom scripts, as the retention policy is a native CloudWatch Logs feature configured per log group.

Exam trap

The trap here is that candidates may confuse CloudWatch Logs retention policies with CloudWatch metrics retention or detailed monitoring, thinking that reducing metric granularity will lower log storage costs, when in fact log retention is a separate, per-log-group setting.

How to eliminate wrong answers

Option A is wrong because Route 53 health checks monitor endpoint availability and DNS routing, not log retention or cost optimization. Option C is wrong because CloudWatch detailed monitoring increases metric frequency (1-minute intervals) and incurs additional costs, but does not manage log retention or deletion. Option D is wrong because AWS Config aggregation centralizes resource configuration snapshots and compliance rules, not log lifecycle management.

135
MCQmedium

A risk simulation workload uses CloudWatch Logs heavily. Retaining all debug logs forever is increasing costs. What should be configured? The design must avoid adding custom operational scripts.

A.CloudWatch Logs retention policies per log group
B.AWS Config aggregation
C.CloudWatch detailed monitoring on all instances
D.Route 53 health checks
AnswerA

Retention policies automatically delete older logs after the required period.

Why this answer

CloudWatch Logs retention policies allow you to set per-log-group expiration rules (e.g., 30 days, 90 days) to automatically delete old log events, directly reducing storage costs without custom scripts. Since the workload uses CloudWatch Logs heavily and retains debug logs forever, configuring a retention policy on each log group is the simplest, most cost-effective solution that requires no operational overhead.

Exam trap

The trap here is that candidates may confuse cost optimization features (like retention policies) with monitoring or compliance tools (like AWS Config or detailed monitoring), assuming that any AWS service that 'monitors' can also reduce log storage costs.

How to eliminate wrong answers

Option B is wrong because AWS Config aggregation is used to consolidate configuration and compliance data from multiple accounts/regions, not to manage log retention or cost. Option C is wrong because CloudWatch detailed monitoring on EC2 instances collects metrics at 1-minute intervals (vs. 5-minute basic), which increases costs and does not affect log retention or deletion. Option D is wrong because Route 53 health checks monitor endpoint availability and DNS routing, not log storage or lifecycle management.

136
MCQmedium

A media company runs a 24/7 recommendation engine on EC2 in one AWS Region. The workload is interruption-intolerant, and the team expects steady usage but may change instance families and sizes during planned optimizations. Compared to the current On-Demand setup, they want the lowest cost while avoiding the rigidity of locking to a specific instance type. What should the solutions architect recommend?

A.Switch the instances to Spot Instances and use interruption handling because it is the largest discount.
B.Purchase a Compute Savings Plan for the expected steady hourly usage in that Region.
C.Purchase a Standard Reserved Instance tied to a single specific instance type for the next 3 years.
D.Keep On-Demand and rely on Auto Scaling to reduce capacity when utilization is low.
AnswerB

Compute Savings Plans discount the usage while allowing flexibility across instance families and sizes in the Region.

Why this answer

A Compute Savings Plan offers the lowest cost for steady-state usage without locking to a specific instance type, providing up to 66% discount over On-Demand while allowing flexibility to change instance families, sizes, OS, or tenancy within a Region. This matches the requirement for cost savings with instance flexibility during planned optimizations.

Exam trap

The trap here is that candidates often confuse Reserved Instances with Savings Plans, assuming a Standard Reserved Instance is the only way to get significant discounts, but the question explicitly requires flexibility to change instance families, which a Compute Savings Plan provides while a Standard Reserved Instance does not.

How to eliminate wrong answers

Option A is wrong because Spot Instances can be interrupted with a 2-minute warning, making them unsuitable for an interruption-intolerant workload that runs 24/7. Option C is wrong because a Standard Reserved Instance locks to a specific instance type in a specific AZ, which contradicts the requirement to avoid rigidity and change instance families during optimizations. Option D is wrong because keeping On-Demand provides no cost savings, and Auto Scaling reduces capacity only when utilization is low, not addressing the need for lowest cost on steady usage.

137
Multi-Selecthard

A log archive has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances?

Select 2 answers
A.Stop all EC2 instances in the account
B.Disable CloudTrail logging
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Unattached EBS volumes incur storage costs even when not in use, as EBS pricing is based on provisioned capacity per GB-month. Deleting them after verifying they are no longer needed eliminates this cost without affecting running instances, since attached volumes are untouched. This directly addresses the question's requirement to reduce storage costs without impacting running workloads.

Exam trap

AWS often tests the misconception that stopping instances or disabling services like CloudTrail reduces storage costs, but the trap here is that only direct actions on the storage resources themselves (deleting volumes and expiring snapshots) affect EBS and snapshot billing.

138
Multi-Selectmedium

A static site is hosted in Amazon S3 and delivered by CloudFront. After a frontend release, the same JavaScript bundles are fetched repeatedly from the origin. Logs show that requests include unneeded query strings and cookies, which prevent cache reuse. Which two changes should the team make to reduce origin traffic and cost? Select two.

Select 2 answers
A.Configure a CloudFront cache policy that forwards only the query strings, headers, and cookies the app actually needs.
B.Use versioned file names for static assets and set a long TTL for immutable objects.
C.Increase the size of the S3 bucket.
D.Place an Application Load Balancer in front of S3.
E.Disable caching so clients always get the latest files.
AnswersA, B

Reducing the cache key to only required values increases cache hit ratio and lowers origin fetches. CloudFront can reuse responses more effectively when unnecessary request data is not forwarded.

Why this answer

Option A is correct because CloudFront cache policies allow you to explicitly control which query strings, headers, and cookies are forwarded to the origin. By forwarding only the parameters the application actually needs, you prevent cache keys from being polluted by unneeded values, which increases the cache hit ratio and reduces requests to the S3 origin. This directly addresses the problem of repeated fetches caused by extraneous query strings and cookies.

Exam trap

The trap here is that candidates may think disabling caching (Option E) or adding an ALB (Option D) would help, but these actions either increase origin load or add unnecessary cost, whereas the correct approach is to refine the cache key and use immutable asset versioning.

139
MCQmedium

A company hosts an application on EC2 instances in private subnets. The instances must (1) read objects from Amazon S3 and (2) retrieve secrets from AWS Secrets Manager. The team currently sends all outbound traffic through a NAT gateway to reach both services. They want to reduce monthly cost while keeping traffic private (no internet egress) and without changing application logic. Which change is the most cost-effective?

A.Create a Gateway VPC endpoint for S3 and an Interface VPC endpoint for Secrets Manager, and ensure the subnet route tables / endpoint routing directs those service calls to the endpoints instead of the NAT gateway.
B.Keep the NAT gateway, but add AWS WAF rules to block non-service outbound requests to reduce NAT usage.
C.Disable IPv4 on the VPC subnets and rely on IPv6-only egress to reduce NAT gateway costs.
D.Replace the NAT gateway with a VPC firewall appliance instance to proxy outbound calls and reduce NAT fees.
AnswerA

This is the most cost-effective change because it removes the need to traverse the NAT gateway for those AWS service calls. S3 uses a Gateway VPC endpoint (route-table-based) for traffic to the S3 prefix list, so requests to S3 stay on the AWS network. Secrets Manager uses an Interface VPC endpoint (ENIs with private DNS), so requests to Secrets Manager stay private within the VPC/VPC endpoint network path. Because the application still calls the same AWS APIs, there is no logic change, and NAT data-processing charges drop to near zero for S3/Secrets Manager traffic.

Why this answer

Option A is correct because Gateway VPC Endpoints for S3 and Interface VPC Endpoints for Secrets Manager allow private connectivity to these AWS services without traversing the internet or a NAT gateway. This eliminates NAT gateway hourly charges and data processing fees, reducing costs while keeping traffic within the AWS network. The application logic remains unchanged as the endpoints are accessed via the same DNS names, with route tables directing traffic to the endpoints instead of the NAT gateway.

Exam trap

The trap here is that candidates may assume NAT gateways are the only way to provide private subnet internet access, overlooking that VPC endpoints can provide private, cost-effective connectivity to specific AWS services without internet egress.

How to eliminate wrong answers

Option B is wrong because AWS WAF is a web application firewall for HTTP/HTTPS traffic, not a mechanism to reduce NAT gateway costs; it does not eliminate the NAT gateway's hourly and per-GB data processing fees. Option C is wrong because disabling IPv4 and relying on IPv6-only egress would require the application to use IPv6 addresses, which changes the application logic and may not be supported by all services; additionally, NAT gateways are not used for IPv6 traffic (egress-only internet gateways are used), so this does not address the cost of the NAT gateway for IPv4 traffic. Option D is wrong because replacing the NAT gateway with a VPC firewall appliance instance still incurs instance costs and management overhead, and it does not eliminate the need for internet egress to reach S3 and Secrets Manager unless endpoints are used; it is not more cost-effective than using VPC endpoints.

140
MCQeasy

A company keeps daily database backups in an S3 bucket. They may restore from backups during the first 30 days if there is an issue. After 30 days, backups are rarely restored, but must be retained for 2 years. Which lifecycle strategy most cost-effectively meets these requirements?

A.Delete backups after 30 days to avoid storage costs, since restores are rare.
B.Keep all backups in S3 Standard for the entire 2-year retention period.
C.Use an S3 lifecycle policy to keep backups in S3 Standard for 30 days, then transition them to S3 Glacier Deep Archive for the remainder of the 2-year retention period.
D.Move backups to S3 Glacier Deep Archive immediately after creation, even for the first 30 days.
AnswerC

A lifecycle transition after the initial restore window reduces cost while still meeting the 2-year retention requirement.

Why this answer

Option C is correct because it balances cost and compliance: backups are kept in S3 Standard for the first 30 days when restores are frequent, ensuring low-latency access, then transitioned to S3 Glacier Deep Archive for the remaining retention period. S3 Glacier Deep Archive offers the lowest storage cost (approximately $0.00099/GB/month) for long-term retention, and the lifecycle policy automates the transition without manual intervention. This approach minimizes storage costs while meeting the 2-year retention requirement.

Exam trap

The trap here is that candidates may assume immediate deletion (Option A) or immediate archiving (Option D) are acceptable, failing to recognize the dual requirement of frequent access in the first 30 days and long-term retention at minimal cost, which the lifecycle policy elegantly addresses.

How to eliminate wrong answers

Option A is wrong because deleting backups after 30 days violates the 2-year retention requirement, even if restores are rare after that period. Option B is wrong because storing all backups in S3 Standard for the full 2 years incurs unnecessary high costs (approximately $0.023/GB/month) for data that is rarely accessed after 30 days, making it cost-inefficient. Option D is wrong because moving backups immediately to S3 Glacier Deep Archive ignores the need for frequent restores during the first 30 days; Glacier Deep Archive has a retrieval time of 12–48 hours and a minimum storage charge of 180 days, making it unsuitable for immediate access needs.

141
MCQmedium

A batch-processing system runs only during business hours (08:00–18:00 UTC). The jobs are restartable, and the architecture can tolerate occasional interruptions. Which approach minimizes cost while meeting the business-hours constraint?

A.Use only On-Demand instances during business hours and scale to zero outside those hours.
B.Use Spot Instances for the batch workload during business hours and scale the capacity down to zero outside that window.
C.Purchase a 3-year Reserved Instance and keep the workload running 24/7 to use the commitment fully.
D.Purchase Reserved Instances and disable scaling so the fleet stays within the commitment regardless of job demand.
AnswerB

Spot is appropriate because the workload is restartable and can tolerate interruptions. Scaling to zero outside business hours prevents paying for unused capacity when jobs are not running.

Why this answer

Option B is correct because Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, restartable batch workloads. The architecture can tolerate interruptions, and scaling to zero outside business hours ensures no compute costs are incurred when the system is not needed.

Exam trap

The trap here is that candidates often choose On-Demand instances (Option A) because they assume reliability is paramount, but the question explicitly states the workload is restartable and can tolerate interruptions, making Spot Instances the lower-cost choice.

How to eliminate wrong answers

Option A is wrong because using only On-Demand instances during business hours incurs higher costs than necessary; Spot Instances are more cost-effective for restartable batch jobs. Option C is wrong because purchasing a 3-year Reserved Instance and running 24/7 wastes money on compute time outside the 10-hour business window, and the commitment does not align with the workload's schedule. Option D is wrong because purchasing Reserved Instances and disabling scaling prevents the fleet from adapting to job demand, leading to either underutilization or inability to handle peak loads, and still incurs costs outside business hours.

142
MCQeasy

An application runs on an EC2 Auto Scaling group. Over the last month, CPU utilization averaged 8% with no sustained memory pressure, and response times are stable. The team wants to lower monthly cost without changing the application. What is the most appropriate next step for cost optimization?

A.Evaluate a smaller EC2 instance type (via the Auto Scaling launch template/configuration) for the group and validate performance metrics after the change.
B.Increase desired capacity to 2x so utilization increases and instances become “more efficient.”
C.Disable Auto Scaling so the group never scales down to preserve baseline performance.
D.Switch the workload to Spot instances immediately to avoid On-Demand charges, regardless of interruption risk.
AnswerA

If utilization is consistently low and performance is stable, the current instances are likely overprovisioned. Moving to a smaller instance type directly reduces compute cost while preserving capacity for normal load.

Why this answer

Option A is correct because the application is over-provisioned: CPU utilization averages only 8% with no memory pressure and stable response times. By selecting a smaller EC2 instance type in the Auto Scaling launch template or configuration, you directly reduce the per-instance cost while maintaining adequate performance. This is the most straightforward cost optimization step without modifying the application code or architecture.

Exam trap

The trap here is that candidates may think increasing capacity (Option B) improves efficiency, but in reality, adding more instances to an already underutilized workload only increases cost without any performance benefit.

How to eliminate wrong answers

Option B is wrong because increasing desired capacity to 2x would add more instances, increasing total cost while utilization per instance would drop even further, making the system less efficient, not more. Option C is wrong because disabling Auto Scaling removes the ability to scale down during low demand, which would lock in higher costs and prevent the group from right-sizing to actual load. Option D is wrong because switching to Spot instances immediately without testing or implementing interruption-handling mechanisms (e.g., graceful shutdown, checkpointing) risks application availability and stability, which is not acceptable when the goal is to lower cost without changing the application.

143
MCQmedium

A production log archive runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy? The design must avoid adding custom operational scripts.

A.S3 Intelligent-Tiering
B.Dedicated Instances
C.Compute Savings Plan
D.Spot Instances only
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

The Compute Savings Plan (C) offers the largest discount (up to 66%) in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term, while still allowing flexibility across instance families, sizes, OS, tenancy, and regions. This matches the predictable three-year workload and the requirement for instance-family flexibility without custom scripts.

Exam trap

The trap here is that candidates confuse Savings Plans with Reserved Instances, assuming that any commitment requires locking into a specific instance family, but Compute Savings Plans explicitly provide family flexibility while still delivering a significant discount.

How to eliminate wrong answers

Option A is wrong because S3 Intelligent-Tiering is an object storage class for data with changing access patterns, not a compute pricing model for EC2 instances. Option B is wrong because Dedicated Instances provide physical isolation at a higher cost and do not offer a discount or instance-family flexibility; they are for compliance or licensing needs. Option D is wrong because Spot Instances offer deep discounts but can be interrupted with a 2-minute warning, making them unsuitable for a production log archive that must run continuously without disruption.

144
MCQhard

A media processing workflow generates analytics files that are accessed unpredictably. Some files become hot again months later. The team wants automatic storage cost optimisation without retrieval delays. What should be used? The architecture review board prefers a managed AWS-native control.

A.S3 Intelligent-Tiering
B.Manual monthly review and object copying
C.S3 Glacier Flexible Retrieval for all files
D.EFS One Zone for analytics files
AnswerA

Intelligent-Tiering automatically moves objects between access tiers based on usage while preserving low-latency access.

Why this answer

S3 Intelligent-Tiering is the correct choice because it automatically moves objects between access tiers (frequent, infrequent, and archive instant retrieval) based on changing access patterns, without any retrieval delays for hot objects. This matches the unpredictable access pattern where files may become hot again months later, and it is a fully managed AWS-native solution that optimizes storage costs automatically.

Exam trap

The trap here is that candidates may choose S3 Glacier Flexible Retrieval (Option C) thinking it is the cheapest for all files, but they overlook the retrieval delay requirement and the fact that files may become hot again, which Intelligent-Tiering handles seamlessly without any retrieval latency.

How to eliminate wrong answers

Option B is wrong because manual monthly review and object copying is not automated, introduces operational overhead, and risks human error or delays, failing the 'automatic' and 'managed AWS-native' requirements. Option C is wrong because S3 Glacier Flexible Retrieval has retrieval delays (minutes to hours) for all files, which violates the 'no retrieval delays' requirement for files that become hot again. Option D is wrong because EFS One Zone is a file system, not an object storage service, and it is not designed for cost optimization of unpredictable access patterns; it also lacks the automatic tiering capability and is not the right service for analytics files that are accessed via S3 APIs.

145
MCQmedium

A media company runs a 24/7 recommendation engine on EC2 in one AWS Region. The workload is interruption-intolerant, and the team expects steady usage but may change instance families and sizes during planned optimizations. Compared to the current On-Demand setup, they want the lowest cost while avoiding the rigidity of locking to a specific instance type. What should the solutions architect recommend?

A.Switch the instances to Spot Instances and use interruption handling because it is the largest discount.
B.Purchase a Compute Savings Plan for the expected steady hourly usage in that Region.
C.Purchase a Standard Reserved Instance tied to a single specific instance type for the next 3 years.
D.Keep On-Demand and rely on Auto Scaling to reduce capacity when utilization is low.
AnswerB

Compute Savings Plans discount the usage while allowing flexibility across instance families and sizes in the Region.

Why this answer

B is correct because a Compute Savings Plan offers the lowest cost for steady-state workloads without locking to a specific instance type, providing up to 66% discount compared to On-Demand while allowing flexibility to change instance families, sizes, OS, or tenancy within a Region. This matches the requirement for cost savings and flexibility during planned optimizations.

Exam trap

The trap here is that candidates often choose Spot Instances for cost savings without considering the interruption-intolerant requirement, or they select Standard Reserved Instances for the highest discount without recognizing the rigidity penalty for planned instance family changes.

How to eliminate wrong answers

Option A is wrong because Spot Instances are not suitable for interruption-intolerant workloads; they can be reclaimed with a 2-minute warning, causing service disruption. Option C is wrong because Standard Reserved Instances lock to a specific instance type and size, which contradicts the requirement to avoid rigidity and change instance families during optimizations. Option D is wrong because keeping On-Demand and relying on Auto Scaling does not reduce the per-hour cost; it only adjusts capacity, and the workload expects steady usage, so Auto Scaling would not lower costs significantly.

146
MCQeasy

A website serves versioned JavaScript and CSS files through CloudFront, but origin fetches are still high and the CloudFront bill increased. Developers confirm that URLs include a version in the filename (for example, app.1.4.2.js). What CloudFront behavior/configuration is most likely to reduce origin fetches and associated costs?

A.Set long cache headers (for example, Cache-Control: max-age and immutable) on those versioned assets so CloudFront caches them longer.
B.Disable compression to reduce CPU time spent at the edge and therefore reduce total cost.
C.Lower the cache policy TTLs so clients always get the newest assets quickly.
D.Remove version identifiers from filenames so CloudFront caches fewer unique objects.
AnswerA

Because the filenames are versioned, each URL is effectively immutable. Longer TTL/max-age cache headers increase the cache hit ratio, so CloudFront serves subsequent requests from edge caches instead of re-fetching from the origin.

Why this answer

Setting long cache headers like `Cache-Control: max-age=31536000, immutable` on versioned assets tells CloudFront to cache these objects at edge locations for an extended period. Since the filename changes with each new version, CloudFront treats each version as a unique object and will not re-fetch the old version from the origin, dramatically reducing origin fetches and associated costs.

Exam trap

The trap here is that candidates may think lowering TTLs or removing versioning helps with freshness or cost, but the key insight is that versioned filenames already solve cache invalidation, so extending cache duration is the cost-optimized approach.

How to eliminate wrong answers

Option B is wrong because disabling compression does not reduce CPU time at the edge in a meaningful way for cost reduction; CloudFront charges for data transfer and requests, not CPU, and compression actually reduces data transfer costs. Option C is wrong because lowering cache policy TTLs would cause CloudFront to re-fetch objects from the origin more frequently, increasing origin fetches and costs, which is the opposite of the desired outcome. Option D is wrong because removing version identifiers would cause CloudFront to treat all updates as the same object, leading to cache invalidation issues and potentially higher origin fetches when clients request the latest version without a cache busting mechanism.

147
MCQhard

A company runs EC2 workloads including web servers (m5.large), batch jobs (c5.xlarge), and a data processing service that will migrate from r5 to r6i instances within 6 months. The company wants to commit to 1 year to reduce costs but needs flexibility for the planned instance family migration. Which purchasing option provides the GREATEST savings while accommodating the change?

A.Standard Reserved Instances for each instance type with a 1-year term
B.Compute Savings Plans with a 1-year term commitment
C.EC2 Instance Savings Plans for the r5 instance family with a 1-year term
D.Convertible Reserved Instances for all instance types with a 1-year term
AnswerB

Compute Savings Plans apply automatically to any instance family including both r5 and r6i. The migration from r5 to r6i requires no Savings Plan changes. Up to 66% savings.

Why this answer

Compute Savings Plans automatically apply to any EC2 instance regardless of family, size, region, OS, or tenancy — including both r5 and r6i. When the data processing service migrates from r5 to r6i, the Compute Savings Plan continues to apply without any action required.

EC2 Instance Savings Plans lock to a specific instance family in a specific region. When the workload migrates from r5 to r6i, the EC2 Instance Savings Plan for r5 no longer applies — leaving the r6i workload billed at On-Demand rates.

Exam trap

EC2 Instance Savings Plans offer a deeper discount (up to 72%) but are locked to a specific instance family and region. Compute Savings Plans sacrifice ~2-5% discount compared to EC2 Instance Savings Plans but cover all families, sizes, regions, and Lambda/Fargate. When a family migration is planned, Compute Savings Plans are the correct choice — EC2 Instance Savings Plans would not cover the new r6i family.

Why the other options are wrong

A

Standard RIs are locked to a specific instance type, size, and region. When the r5 workload migrates to r6i, the r5 RI continues billing but no longer matches the running instances — creating waste and uncovered On-Demand charges.

C

EC2 Instance Savings Plans lock to a specific instance family (e.g., r5) in a specific region. When the workload migrates to r6i, the Savings Plan no longer covers the new instances — they are charged at On-Demand rates.

D

Convertible RIs allow exchanging for different families, which could handle the r5→r6i migration. However, the exchange process is manual, requires purchasing new RIs of equal or greater value, and Compute Savings Plans provide the same flexibility automatically.

148
MCQhard

A dev sandbox currently uses two NAT gateways in each of three Availability Zones, but only one private subnet per AZ needs outbound internet access. What should the architect review first?

A.Disabling route tables
B.Replacing every NAT gateway with an internet gateway attached to private subnets
C.Moving all workloads to public subnets
D.Whether one NAT gateway per AZ is sufficient for the required private subnets
AnswerD

NAT gateways are normally deployed per AZ for resilience; duplicate NAT gateways in the same AZ may be unnecessary.

Why this answer

The question states that only one private subnet per AZ needs outbound internet access, so using two NAT gateways per AZ is likely over-provisioned and costly. The architect should first review whether one NAT gateway per AZ is sufficient, as NAT gateways are billed per hour and per gigabyte of data processed, and reducing from two to one per AZ can cut costs without sacrificing availability. This aligns with the cost-optimized design principle of right-sizing resources to actual demand.

Exam trap

The trap here is that candidates may assume more NAT gateways always improve availability or performance, but the question tests cost optimization by recognizing that one per AZ is often enough for low-traffic private subnets, and the first step is to verify sufficiency before making changes.

How to eliminate wrong answers

Option A is wrong because disabling route tables would break all routing for the subnets, not just optimize costs, and is not a valid review step for reducing NAT gateway count. Option B is wrong because internet gateways cannot be attached to private subnets; they are used for public subnets and do not provide outbound-only internet access for private resources. Option C is wrong because moving workloads to public subnets would expose them directly to the internet, violating security best practices and the sandbox's likely need for private, isolated environments.

149
MCQeasy

A company runs Amazon EC2 instances in private subnets. Those instances only need to access Amazon S3 (read/write) and Amazon DynamoDB. The VPC currently routes all outbound traffic through a NAT Gateway, increasing monthly cost. What change most directly reduces NAT Gateway usage for these AWS services?

A.Remove the NAT Gateway path for S3 and DynamoDB by creating S3 Gateway VPC endpoints and DynamoDB Gateway VPC endpoints, and updating the private subnet route tables to route S3/DynamoDB traffic to those endpoints.
B.Keep the NAT Gateway but disable any cross-region routing settings for the route table entries that point to the NAT Gateway.
C.Create interface VPC endpoints for all services (including S3) and route S3 traffic to the interface endpoint network interfaces (ENIs).
D.Add an IAM policy that denies requests unless they originate from the public subnet, so the application sends fewer requests through the NAT Gateway.
AnswerA

S3 and DynamoDB Gateway VPC endpoints keep traffic inside AWS without sending it to the internet, so requests don’t traverse the NAT Gateway (avoiding NAT hourly charges and per-GB NAT data processing).

Why this answer

Option A is correct because S3 Gateway VPC endpoints and DynamoDB Gateway VPC endpoints allow EC2 instances in private subnets to access these services directly over the AWS network without traversing a NAT Gateway. This eliminates NAT Gateway data processing charges for S3 and DynamoDB traffic, directly reducing costs. The route tables in the private subnets are updated to direct S3 and DynamoDB traffic to the gateway endpoints, bypassing the NAT Gateway entirely.

Exam trap

The trap here is that candidates may confuse gateway endpoints with interface endpoints, assuming all AWS services require interface endpoints, or they may overlook that DynamoDB also supports gateway endpoints, leading them to choose the more expensive interface endpoint option for S3.

How to eliminate wrong answers

Option B is wrong because disabling cross-region routing settings does not reduce NAT Gateway usage; the NAT Gateway is still used for all outbound traffic, including S3 and DynamoDB, so costs remain unchanged. Option C is wrong because while interface VPC endpoints can be used for DynamoDB, S3 does not support interface endpoints natively (S3 uses gateway endpoints or interface endpoints via AWS PrivateLink, but the gateway endpoint is more cost-effective and direct for S3 access); additionally, interface endpoints incur hourly charges and data processing fees, which may not reduce costs compared to a NAT Gateway. Option D is wrong because adding an IAM policy that denies requests unless they originate from the public subnet does not change the routing path; traffic from private subnets still goes through the NAT Gateway, and the policy would block legitimate access, not reduce NAT Gateway usage.

150
MCQmedium

A service runs in private subnets. It must call AWS APIs (for example, S3 and Secrets Manager). The team currently sends all outbound traffic through a NAT Gateway, and NAT charges have become a major cost driver. The workload must not traverse the public internet. What change most directly reduces NAT Gateway cost while maintaining private connectivity to those AWS services?

A.Continue using the NAT Gateway but reduce CloudWatch log retention to 1 day.
B.Replace the NAT Gateway route with VPC endpoints: use a Gateway VPC endpoint for S3 and an Interface VPC endpoint for Secrets Manager.
C.Launch a bastion host in a public subnet and force private instances to use SSH tunneling for API calls.
D.Switch to public subnets and attach security groups with the same rules to limit inbound access.
AnswerB

VPC endpoints provide private connectivity to AWS services without sending traffic through the internet or through NAT. A Gateway endpoint is used for S3, and an Interface endpoint is used for services like Secrets Manager. Traffic to those services stays within the AWS network, reducing or eliminating NAT charges for those API calls.

Why this answer

Option B is correct because VPC endpoints allow private connectivity to AWS services without traversing the internet or a NAT Gateway. A Gateway VPC endpoint for S3 uses route table entries to reach S3 privately, and an Interface VPC endpoint for Secrets Manager uses an elastic network interface with a private IP. This eliminates NAT Gateway data processing charges entirely while keeping traffic within the AWS network.

Exam trap

The trap here is that candidates may think NAT Gateway is the only way to provide outbound connectivity, overlooking that VPC endpoints can provide private, cost-effective access to AWS services without internet routing.

How to eliminate wrong answers

Option A is wrong because reducing CloudWatch log retention does not affect NAT Gateway data processing costs, which are based on volume of traffic passing through the gateway, not log storage. Option C is wrong because forcing private instances to use SSH tunneling through a bastion host would still require outbound internet access for API calls, and SSH tunneling adds complexity, latency, and security risks without eliminating NAT costs. Option D is wrong because switching to public subnets would expose instances to the internet, violating the requirement that the workload must not traverse the public internet, and it would not reduce costs related to NAT Gateway.

← PreviousPage 2 of 3 · 202 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Design Cost questions.