CCNA Design Cost Questions

52 of 202 questions · Page 3/3 · Design Cost topic · Answers revealed

151
MCQmedium

A log archive serves infrequently accessed user documents that must be available immediately when requested. Which S3 storage class is likely the best cost fit? The design must avoid adding custom operational scripts.

A.Instance store volumes
B.S3 Standard-IA or S3 One Zone-IA depending on resilience requirements
C.S3 Standard for all objects
D.S3 Glacier Deep Archive
AnswerB

Infrequent Access classes reduce storage cost while keeping millisecond retrieval.

Why this answer

S3 Standard-IA or S3 One Zone-IA is the best cost fit because the workload involves infrequently accessed documents that require immediate retrieval. These storage classes offer lower storage costs than S3 Standard while maintaining low-latency access (milliseconds), and they avoid custom operational scripts since retrieval is automatic via standard S3 GET requests. The choice between Standard-IA and One Zone-IA depends on whether the data requires multi-AZ resilience or can tolerate a single-AZ failure.

Exam trap

AWS often tests the misconception that 'infrequently accessed' automatically means Glacier or Deep Archive, but the key differentiator is the 'immediate availability' requirement, which eliminates any cold storage class with retrieval delays.

How to eliminate wrong answers

Option A is wrong because instance store volumes are ephemeral block storage attached to EC2 instances, not a durable S3 storage class, and they lose data on instance stop/termination, making them unsuitable for long-term log archives. Option C is wrong because S3 Standard is designed for frequently accessed data with higher storage costs, making it cost-inefficient for infrequently accessed documents, even though it provides immediate availability. Option D is wrong because S3 Glacier Deep Archive has retrieval times of 12-48 hours (not immediate), which violates the requirement for documents to be available immediately when requested.

152
Multi-Selecthard

A startup has three sandbox accounts and one production account. The CTO wants lower cost and operational overhead while keeping central purchasing and spend visibility. Which two actions are best? Select two.

Select 2 answers
A.Enable consolidated billing under AWS Organizations so discounts and shared purchasing apply across accounts.
B.Move each sandbox to its own payer account to isolate spend from the rest.
C.Use managed services such as Amazon RDS or Amazon S3 instead of self-managed EC2-based databases and file servers where practical.
D.Buy Dedicated Hosts for sandbox workloads to get a lower blended rate.
E.Disable AWS Budgets because consolidated billing already solves visibility.
AnswersA, C

Correct. Consolidated billing centralizes purchasing and can improve discount usage across linked accounts. It also gives the company one payer view, which simplifies governance and visibility.

Why this answer

Option A is correct because enabling consolidated billing under AWS Organizations aggregates usage across all accounts, allowing the startup to benefit from volume discounts, Reserved Instance sharing, and Savings Plans across the sandbox and production accounts. This reduces operational overhead by centralizing payment and provides a single view of spend, meeting the CTO's requirements for cost and visibility.

Exam trap

The trap here is that candidates might think Dedicated Hosts (Option D) reduce costs for sandbox workloads, but they actually increase costs due to per-host billing and are intended for specific licensing scenarios, not general cost optimization.

153
MCQmedium

A internal reporting portal serves infrequently accessed user documents that must be available immediately when requested. Which S3 storage class is likely the best cost fit? The architecture review board prefers a managed AWS-native control.

A.Instance store volumes
B.S3 Glacier Deep Archive
C.S3 Standard for all objects
D.S3 Standard-IA or S3 One Zone-IA depending on resilience requirements
AnswerD

Infrequent Access classes reduce storage cost while keeping millisecond retrieval.

Why this answer

S3 Standard-IA or S3 One Zone-IA is the best cost fit because the data is infrequently accessed but requires immediate availability when requested. These storage classes offer lower storage costs than S3 Standard while providing millisecond first-byte latency, meeting the 'immediately available' requirement. The choice between Standard-IA and One Zone-IA depends on the resilience needs (e.g., multi-AZ vs. single-AZ durability).

Exam trap

The trap here is that candidates often confuse 'infrequently accessed' with 'archival' and incorrectly choose S3 Glacier Deep Archive, overlooking the critical requirement for immediate availability on request.

How to eliminate wrong answers

Option A is wrong because instance store volumes are ephemeral, tied to a specific EC2 instance, and not a managed AWS-native control for object storage; they lose data on instance stop/termination and are not suitable for durable document storage. Option B is wrong because S3 Glacier Deep Archive has retrieval times of 12 hours or more (expedited retrieval is not available), which violates the 'immediately available when requested' requirement. Option C is wrong because S3 Standard is designed for frequently accessed data and would incur higher storage costs than necessary for infrequently accessed documents, making it not cost-optimal.

154
MCQmedium

An Auto Scaling group for a background worker runs EC2 instances continuously. Over the last 30 days, CloudWatch shows sustained CPU utilization around 6% with no memory pressure, and queue processing latency meets all SLAs. The team wants to lower monthly cost with minimal risk. What is the best next action?

A.Increase the instance size to reduce CPU throttling risk
B.Perform right sizing by downsizing to a smaller instance family/size and validate SLAs
C.Switch the group to Spot Instances to reduce cost without changing instance sizing
D.Buy Reserved Instances with a long term commitment before making any sizing changes
AnswerB

Right sizing uses actual utilization to remove overprovisioning. With low CPU and no memory pressure and SLAs already met, downsizing (while validating under load and during a controlled rollout) is the safest way to reduce waste.

Why this answer

The current instance type is over-provisioned, as sustained CPU utilization is only 6% with no memory pressure and all SLAs are met. Right-sizing to a smaller instance family or size directly reduces compute cost while maintaining performance, making it the lowest-risk, cost-optimization action. This aligns with the AWS Well-Architected Framework's cost optimization pillar, which recommends matching instance capacity to actual workload requirements.

Exam trap

The trap here is that candidates may assume Spot Instances are always the cheapest option, but they ignore the risk of interruption for a continuously running workload where SLAs must be met, making right-sizing the safer and more appropriate first step.

How to eliminate wrong answers

Option A is wrong because increasing instance size would raise costs and is unnecessary given the low CPU utilization and no performance issues. Option C is wrong because switching to Spot Instances introduces the risk of interruption, which is not minimal risk for a continuously running background worker that must meet SLAs. Option D is wrong because buying Reserved Instances before right-sizing locks in a commitment for an over-provisioned instance type, increasing cost without addressing the root cause of waste.

155
MCQmedium

A test environment has EC2 instances that are oversized based on CPU, memory, and network utilisation. Which AWS service should identify rightsizing recommendations? The architecture review board prefers a managed AWS-native control.

A.AWS DataSync
B.AWS Shield
C.AWS Artifact
D.AWS Compute Optimizer
AnswerD

Compute Optimizer analyses utilisation metrics and recommends rightsizing for supported resources.

Why this answer

AWS Compute Optimizer is a managed service that uses machine learning to analyze historical utilization metrics (CPU, memory, network, and storage) and provides rightsizing recommendations for EC2 instances. It identifies over-provisioned resources and suggests instance types that better match workload requirements, directly addressing the oversized EC2 instances in the test environment.

Exam trap

The trap here is that candidates may confuse AWS Compute Optimizer with other monitoring or cost tools (like AWS Trusted Advisor or Cost Explorer), but the question specifically asks for a managed AWS-native service that identifies rightsizing recommendations, which is Compute Optimizer's primary function.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is a data transfer service for moving large datasets between on-premises storage and AWS services (e.g., S3, EFS), not a tool for analyzing EC2 utilization or providing rightsizing recommendations. Option B is wrong because AWS Shield is a managed DDoS protection service that safeguards applications against distributed denial-of-service attacks, unrelated to cost optimization or instance sizing. Option C is wrong because AWS Artifact is a self-service portal for downloading AWS compliance reports and agreements (e.g., SOC, PCI), not a service for monitoring or recommending EC2 instance changes.

156
MCQeasy

An internal team runs a report-generation job once per day. It typically finishes in a few minutes, and even on its slowest days it still completes in under 15 minutes. The team wants to reduce operational overhead and pay primarily for actual runtime instead of keeping servers running 24/7. Which AWS approach best matches these goals?

A.Deploy the job on EC2 instances and keep them running continuously for the daily schedule.
B.Use AWS Lambda triggered by a schedule (for example, EventBridge) to run the report at the required time.
C.Run the job in an RDS database using stored procedures scheduled by the database engine.
D.Use an Auto Scaling group with a fixed minimum size of one instance and disable scaling.
AnswerB

Lambda runs on demand and charges for execution time, aligning spend with actual job runtime and reducing ops.

Why this answer

AWS Lambda, triggered by Amazon EventBridge (CloudWatch Events), is ideal for short-lived, infrequent jobs like this daily report. It eliminates idle server costs by running only when invoked, and the 15-minute execution timeout comfortably covers the job's maximum runtime. This serverless approach directly reduces operational overhead and aligns with a pay-per-use cost model.

Exam trap

The trap here is that candidates may assume EC2 or Auto Scaling is needed for any scheduled job, overlooking that Lambda's 15-minute timeout and serverless pricing perfectly suit short, infrequent tasks, while the 'pay primarily for actual runtime' requirement explicitly points away from always-on compute.

How to eliminate wrong answers

Option A is wrong because keeping EC2 instances running 24/7 for a job that completes in under 15 minutes daily incurs significant idle costs and unnecessary operational overhead. Option C is wrong because RDS stored procedures are designed for database logic, not for running external report-generation jobs; they lack the compute and runtime environment for such tasks and would incur persistent database instance costs. Option D is wrong because an Auto Scaling group with a fixed minimum of one instance still keeps a server running 24/7, failing to reduce idle costs and operational overhead.

157
MCQmedium

A internal reporting portal serves infrequently accessed user documents that must be available immediately when requested. Which S3 storage class is likely the best cost fit? The design must avoid adding custom operational scripts.

A.Instance store volumes
B.S3 Glacier Deep Archive
C.S3 Standard for all objects
D.S3 Standard-IA or S3 One Zone-IA depending on resilience requirements
AnswerD

Infrequent Access classes reduce storage cost while keeping millisecond retrieval.

Why this answer

S3 Standard-IA or S3 One Zone-IA is the best cost fit because the data is infrequently accessed but requires immediate availability when requested. These storage classes offer lower storage costs than S3 Standard while providing low-latency retrieval (milliseconds), avoiding the retrieval delays or operational overhead of archival tiers. The choice between Standard-IA and One Zone-IA depends on resilience needs: Standard-IA stores data across multiple AZs, while One Zone-IA stores data in a single AZ at a lower cost.

Exam trap

The trap here is that candidates often choose S3 Glacier Deep Archive for infrequently accessed data without considering the immediate availability requirement, or they default to S3 Standard assuming all infrequent access needs archival storage, missing the cost-optimized middle ground of Standard-IA or One Zone-IA.

How to eliminate wrong answers

Option A is wrong because instance store volumes are ephemeral block storage attached to EC2 instances, not a durable S3 storage class, and they lose data when the instance stops or terminates, making them unsuitable for long-term document storage. Option B is wrong because S3 Glacier Deep Archive has retrieval times of 12-48 hours, which violates the requirement that documents must be available immediately when requested. Option C is wrong because S3 Standard is designed for frequently accessed data and would incur higher storage costs than necessary for infrequently accessed documents, making it not the best cost fit.

158
MCQhard

A dev sandbox currently uses two NAT gateways in each of three Availability Zones, but only one private subnet per AZ needs outbound internet access. What should the architect review first? The design must avoid adding custom operational scripts.

A.Disabling route tables
B.Replacing every NAT gateway with an internet gateway attached to private subnets
C.Moving all workloads to public subnets
D.Whether one NAT gateway per AZ is sufficient for the required private subnets
AnswerD

NAT gateways are normally deployed per AZ for resilience; duplicate NAT gateways in the same AZ may be unnecessary.

Why this answer

Option D is correct because the question asks what the architect should review first to optimize costs while maintaining functionality. Using two NAT gateways per AZ when only one private subnet per AZ needs outbound internet access is redundant; a single NAT gateway per AZ can handle the traffic for all private subnets in that AZ. The design must avoid custom operational scripts, so the simplest review is to check if one NAT gateway per AZ is sufficient, which would reduce costs without breaking connectivity.

Exam trap

The trap here is that candidates may assume more NAT gateways are always better for high availability, but the question asks for a cost-optimization review first, and the current setup is over-provisioned for the stated requirement.

How to eliminate wrong answers

Option A is wrong because disabling route tables would break all routing, not just optimize NAT gateway usage, and it would require custom scripts to restore functionality, violating the design constraint. Option B is wrong because internet gateways cannot be attached to private subnets; they are used for public subnets and would expose instances directly to the internet, breaking the private subnet isolation requirement. Option C is wrong because moving all workloads to public subnets would expose them to the internet, which is not suitable for a dev sandbox that likely requires private subnets for security, and it does not address the NAT gateway cost issue.

159
Multi-Selectmedium

A startup runs two EC2-based workloads in the same AWS Region. Its customer-facing API is always on, and its nightly video transcoding fleet can restart jobs from checkpoints if an instance is interrupted. The finance team wants the lowest monthly compute cost without changing the application design. Which two actions should the team take? Select two.

Select 2 answers
A.Purchase an All Upfront Reserved Instance for the transcoding fleet only.
B.Buy a Compute Savings Plan to cover the always-on API baseline usage.
C.Run the transcoding fleet on Spot Instances because interrupted jobs can resume from checkpoints.
D.Increase the API instance size so CPU utilization stays below 30 percent.
E.Move the API tier to Dedicated Hosts to improve isolation and lower spend.
AnswersB, C

Savings Plans reduce cost for consistent compute usage and are well suited to the always-on API.

Why this answer

Option B is correct because a Compute Savings Plan offers the lowest cost for steady-state workloads like the always-on API, providing up to 66% savings over On-Demand in exchange for a 1- or 3-year commitment. It applies to any EC2 instance family within a Region, making it flexible and cost-effective for the baseline usage. Option C is correct because Spot Instances can be up to 90% cheaper than On-Demand and are ideal for fault-tolerant workloads like the transcoding fleet, which can resume from checkpoints if interrupted.

Exam trap

The trap here is that candidates often assume Reserved Instances are always the cheapest option, but for interruptible workloads like transcoding, Spot Instances provide far greater savings, and a Savings Plan better covers the steady-state API usage without locking into a specific instance family.

160
Multi-Selecthard

A retailer runs a reporting-heavy relational app on Amazon RDS MySQL. Peak dashboard traffic lasts only three hours each day, but the database is sized for the peak all day. The business wants lower cost without rewriting the application. Which three actions are best? Select three.

Select 3 answers
A.Right-size the writer based on actual utilization instead of peak guesses.
B.Add read replicas and direct dashboard traffic away from the writer.
C.Evaluate Aurora MySQL if the current replica-heavy design would be cheaper there.
D.Migrate to DynamoDB immediately because every relational workload is more expensive.
E.Increase provisioned IOPS permanently so the monthly bill drops.
AnswersA, B, C

Correct. Right-sizing removes waste from the always-on primary instance. If the writer is sized for real load rather than a worst-case assumption, the company pays for less unused compute.

Why this answer

Option A is correct because right-sizing the RDS instance based on actual utilization metrics (e.g., CPU, memory, connections) directly reduces cost by eliminating over-provisioning for the 3-hour peak. This is a fundamental cost-optimization practice that avoids paying for idle capacity during the remaining 21 hours.

Exam trap

The trap here is that candidates assume 'sizing for peak' is always necessary, but AWS cost optimization emphasizes matching capacity to actual average utilization, not peak, and using services like read replicas or Aurora to handle spikes without over-provisioning the writer.

161
MCQmedium

A marketing site runs on x86 EC2 instances and uses open-source software with no architecture-specific licensing restriction. What should be evaluated to reduce compute cost? The architecture review board prefers a managed AWS-native control.

A.Cross-Region data replication for all data
B.io2 Block Express volumes for all instances
C.AWS Graviton-based instances after performance testing
D.Dedicated Hosts by default
AnswerC

Graviton instances often provide better price performance for compatible workloads.

Why this answer

Option C is correct because AWS Graviton-based instances use ARM-based custom processors that offer up to 40% better price-performance compared to comparable x86 instances for many workloads. Since the marketing site runs open-source software with no architecture-specific licensing restrictions, migrating to Graviton after performance testing can significantly reduce compute costs while leveraging a managed AWS-native control (e.g., EC2 Auto Scaling groups with Graviton instance types).

Exam trap

The trap here is that candidates may assume Dedicated Hosts (Option D) are cost-effective for all workloads, but they actually increase costs due to per-host billing and are only justified for specific licensing or compliance needs, not general compute cost reduction.

How to eliminate wrong answers

Option A is wrong because cross-Region data replication increases data transfer and storage costs, and it does not directly reduce compute costs; it is a data durability and disaster recovery feature, not a compute optimization. Option B is wrong because io2 Block Express volumes are high-performance EBS volumes designed for latency-sensitive workloads, not for reducing compute costs; they increase storage costs and do not address compute instance pricing. Option D is wrong because Dedicated Hosts incur additional hourly charges for physical server isolation and are typically used for licensing or compliance requirements, not for cost reduction; they increase costs compared to shared tenancy instances.

162
MCQeasy

An EC2 workload runs in one region on a single instance type. For the last month, CloudWatch metrics show average CPU utilization of 12% and no sustained memory pressure. The team wants to reduce cost while maintaining the current performance level. What is the best first step?

A.Use AWS Compute Optimizer to get recommendations for instance type and size changes.
B.Increase the instance size to reduce the risk of performance regression.
C.Switch to Spot Instances immediately to reduce cost regardless of utilization.
D.Disable detailed monitoring to lower CloudWatch charges.
AnswerA

AWS Compute Optimizer analyzes historical metrics (such as CPU and memory utilization) and recommends instance type and size changes to improve cost-effectiveness while targeting performance. Given sustained low CPU and no sustained memory pressure, this is the most direct first step to identify a smaller/fewer-overprovisioned instance configuration that can maintain performance.

Why this answer

AWS Compute Optimizer analyzes historical utilization metrics (CPU, memory, I/O) and provides actionable recommendations for right-sizing instances. Given the average CPU utilization of only 12% and no memory pressure, Compute Optimizer will likely recommend a smaller instance type or family that matches the workload's actual resource needs, reducing cost without affecting performance.

Exam trap

The trap here is that candidates may think increasing instance size (Option B) is a safe 'performance buffer' move, but the question explicitly asks to reduce cost while maintaining current performance, making right-sizing via Compute Optimizer the logical first step.

How to eliminate wrong answers

Option B is wrong because increasing instance size would raise costs unnecessarily when utilization is already low, and it does not address the goal of cost reduction. Option C is wrong because switching to Spot Instances without first analyzing workload suitability risks interruption and potential performance degradation; Spot Instances are not a guaranteed cost-reduction strategy for all workloads. Option D is wrong because disabling detailed monitoring (1-minute metrics) saves only a trivial amount and does not address the primary cost driver—compute instance charges—while losing granular visibility needed for right-sizing decisions.

163
MCQeasy

A media company runs a batch job that processes image thumbnails. The job can be restarted from checkpoints and does not have user-facing SLAs. The batch capacity can tolerate interruptions. Which EC2 purchasing option is the best cost optimization choice?

A.Use On-Demand Instances because interruptions are not allowed for production workloads.
B.Use EC2 Spot Instances, accepting the possibility of interruptions and using checkpoints to resume.
C.Purchase Reserved Instances because they provide a discount regardless of the workload timing.
D.Buy Savings Plans because they guarantee capacity and remove the risk of interruptions entirely.
AnswerB

Spot Instances are typically the cheapest option for workloads that can tolerate interruptions with recovery.

Why this answer

Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, stateless, or checkpointable workloads like batch image thumbnail processing. Since the job can resume from checkpoints and tolerates interruptions, Spot Instances provide the best cost optimization without compromising functionality.

Exam trap

The trap here is that candidates may assume production workloads require On-Demand or Reserved Instances, but the question explicitly states the job has no user-facing SLAs and tolerates interruptions, making Spot Instances the correct cost-optimized choice despite the 'production' label.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are not cost-optimized for workloads that can tolerate interruptions; they are priced higher and provide no interruption risk, which is unnecessary here. Option C is wrong because Reserved Instances require a 1- or 3-year commitment and are designed for steady-state, predictable workloads, not for batch jobs that can be interrupted and resumed. Option D is wrong because Savings Plans offer discounted rates in exchange for a commitment to a consistent amount of compute usage (measured in $/hour), but they do not guarantee capacity or remove interruption risk; Spot Instances can still be interrupted under Savings Plans, and the question asks for the best cost optimization choice, not a capacity guarantee.

164
MCQeasy

A startup expects steady compute usage around the clock for the next year. They want to reduce costs compared to On-Demand pricing, without tightly planning specific instance types. Which option best matches their goal?

A.Purchase a Compute Savings Plan to receive discounted rates for a usage amount over a 1-year term.
B.Purchase a Reserved Instance that must be tied to exactly one specific instance size (no flexibility to switch instance families).
C.Only use Spot Instances and set the workload to stop immediately if capacity is interrupted.
D.Rely on On-Demand pricing and add more alarms to detect when costs spike.
AnswerA

Compute Savings Plans provide discounted EC2 usage (and related compute usage) versus On-Demand for a committed amount per hour. They are not limited to a single instance type, so the team can change instance families while staying within the committed usage.

Why this answer

A Compute Savings Plan offers the lowest prices on EC2 compute usage (including Fargate and Lambda) in exchange for a commitment to a consistent amount of compute (measured in $/hour) over a 1-year or 3-year term. This matches the startup's steady, predictable usage and provides up to 66% savings over On-Demand, while allowing flexibility to change instance families, sizes, regions, or even switch to containers without renegotiating the plan.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with Reserved Instances, assuming both lock you to a specific instance type, but Compute Savings Plans provide full flexibility across instance families, sizes, and even compute services.

How to eliminate wrong answers

Option B is wrong because a Reserved Instance (Standard or Convertible) is tied to a specific instance family and often a specific size within that family, which contradicts the requirement for flexibility across instance types. Option C is wrong because Spot Instances can be interrupted with only a 2-minute warning, making them unsuitable for steady, around-the-clock compute workloads that cannot tolerate interruptions. Option D is wrong because relying solely on On-Demand pricing with alarms does not reduce costs; alarms only notify of cost spikes but do not provide any discount mechanism.

165
MCQmedium

A batch analytics job has unpredictable DynamoDB traffic with long idle periods and occasional spikes. Which capacity mode should minimize operational overhead and avoid paying for idle provisioned capacity? The architecture review board prefers a managed AWS-native control.

A.DynamoDB on-demand capacity mode
B.Reserved capacity for maximum daily traffic
C.Provisioned capacity set for peak traffic
D.Global tables in every Region
AnswerA

On-demand capacity is suitable for unpredictable workloads and charges per request without capacity planning.

Why this answer

DynamoDB on-demand capacity mode automatically scales to handle unpredictable traffic spikes and idle periods, charging only for the reads/writes you perform. This eliminates the need to provision capacity, reducing operational overhead and avoiding costs for idle provisioned capacity, aligning with the architecture review board's preference for a managed AWS-native control.

Exam trap

The trap here is that candidates may confuse 'reserved capacity' or 'provisioned capacity' as cost-effective for spikes, but they fail to recognize that on-demand is the only mode that eliminates idle cost and operational overhead for unpredictable workloads.

How to eliminate wrong answers

Option B is wrong because reserved capacity requires upfront commitment to a specific traffic level, which doesn't suit unpredictable spikes and idle periods, and would still incur costs for unused capacity. Option C is wrong because provisioned capacity set for peak traffic would over-provision during idle periods, leading to paying for unused capacity and increased operational overhead to manage scaling. Option D is wrong because global tables are a replication feature for multi-Region data access, not a capacity mode, and they do not address cost optimization for unpredictable traffic or idle periods.

166
MCQeasy

A team runs an Amazon NLB in a VPC with targets registered in multiple Availability Zones (AZs). Their bill shows high inter-AZ data transfer charges. They want to reduce unnecessary cross-AZ traffic costs while still maintaining healthy targets per AZ. What change is most likely to reduce inter-AZ charges?

A.Disable cross-zone load balancing on the NLB so each client is routed to targets in the same AZ when possible.
B.Enable cross-zone load balancing so all targets receive traffic from every AZ.
C.Move the NLB to a different Region so traffic is always kept local.
D.Replace the NLB with a NAT gateway to reduce data charges between AZs.
AnswerA

Disabling cross-zone load balancing helps keep traffic within the same AZ, reducing inter-AZ data transfer charges.

Why this answer

Option A is correct because disabling cross-zone load balancing on an NLB ensures that each client is routed only to targets within the same Availability Zone as the NLB node that receives the traffic. This eliminates inter-AZ data transfer charges because traffic never leaves the AZ boundary. The NLB still maintains healthy targets per AZ by distributing traffic only among healthy targets within that AZ.

Exam trap

The trap here is that candidates often assume enabling cross-zone load balancing always reduces costs or improves performance, but for NLB it actually increases inter-AZ data transfer charges, and the question specifically asks for cost reduction, not high availability.

How to eliminate wrong answers

Option B is wrong because enabling cross-zone load balancing would cause traffic to be distributed across all AZs, increasing inter-AZ data transfer charges, not reducing them. Option C is wrong because moving the NLB to a different Region does not address inter-AZ traffic within the current VPC; it would introduce cross-Region data transfer costs and latency. Option D is wrong because a NAT gateway is used for outbound internet traffic from private subnets, not for load balancing inbound traffic, and it would not reduce inter-AZ data charges; in fact, NAT gateway charges include per-GB data processing fees and inter-AZ traffic costs if deployed across AZs.

167
MCQmedium

A test environment stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost? The design must avoid adding custom operational scripts.

A.Keep all logs in S3 Standard indefinitely
B.Move all logs immediately to S3 Glacier Deep Archive
C.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
D.Use EBS snapshots for the logs
AnswerC

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

Option C is correct because S3 lifecycle policies automate the transition of objects between storage classes based on age, allowing logs to move from S3 Standard (for frequent querying) to S3 Standard-IA or S3 One Zone-IA (for rare access), and eventually to S3 Glacier Deep Archive (for long-term compliance retention). This reduces storage cost without custom scripts, aligning with the requirement to avoid operational overhead.

Exam trap

The trap here is that candidates may choose Option B (immediate move to Glacier Deep Archive) thinking it minimizes cost, but they overlook the 30-day query requirement, which makes S3 Standard necessary for fast retrieval, and fail to recognize that lifecycle policies provide a graduated, automated approach.

How to eliminate wrong answers

Option A is wrong because keeping all logs in S3 Standard indefinitely incurs the highest storage cost, ignoring the cost savings from transitioning to lower-cost classes for rarely accessed and compliance-retained data. Option B is wrong because moving all logs immediately to S3 Glacier Deep Archive prevents the 30-day querying requirement, as retrieval times are hours and costs are high for frequent access, violating the design need for queryability. Option D is wrong because EBS snapshots are block-level backups for EC2 instances, not designed for log storage in S3, and would introduce unnecessary complexity and cost without addressing the tiered access pattern.

168
Multi-Selecthard

A log archive has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances? The design must avoid adding custom operational scripts.

Select 2 answers
A.Stop all EC2 instances in the account
B.Disable CloudTrail logging
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Option C is correct because deleting unattached EBS volumes eliminates storage costs for volumes that are not in use, and since they are not attached to any running instance, this action does not affect running instances. Option D is correct because applying snapshot lifecycle policies automates the deletion of obsolete snapshots, reducing storage costs without requiring custom scripts or impacting running instances.

Exam trap

The trap here is that candidates may confuse stopping instances (which does not delete volumes or snapshots) with deleting resources, or think disabling CloudTrail reduces storage costs, when in fact CloudTrail logs are stored in S3, not EBS, and have separate cost implications.

169
MCQmedium

A media company uploads raw video thumbnails to an S3 bucket every hour. The application needs these thumbnails for active browsing for the first 7 days. After day 7, access becomes rare. Requirements: - Objects must remain available in S3 for at least 180 days total. - After day 7, the team can tolerate retrieval latency in the range of minutes to hours. - They want to minimize storage cost while keeping the ability to read objects (no application changes required). Which storage strategy is the most cost-optimized fit?

A.Use a bucket-level lifecycle rule to transition objects to S3 Standard-IA on day 7 and then expire them after day 180.
B.Use a lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after day 7 and expire them after day 180.
C.Keep all objects in S3 Standard for 180 days, and enable S3 Intelligent-Tiering only if the bucket’s access frequency is above a threshold.
D.Use a lifecycle rule to transition objects to S3 Glacier Instant Retrieval after day 7 and expire them after day 180.
AnswerB

Glacier Flexible Retrieval is designed for infrequent access and supports restore times compatible with minutes to hours. Transitioning after day 7 reduces storage cost for the long period where access is rare, while expiring at day 180 satisfies the 180-day retention requirement. The application can still use S3 GetObject; retrieval simply takes longer due to the archival tier.

Why this answer

Option B is correct because S3 Glacier Flexible Retrieval provides retrieval times from minutes to hours, which matches the tolerance for rare access after day 7, and offers the lowest storage cost among the options for data that is rarely accessed. A lifecycle rule transitions objects from S3 Standard (used for the first 7 days of active browsing) to Glacier Flexible Retrieval on day 7, then expires them after day 180, meeting the 180-day retention requirement without application changes.

Exam trap

The trap here is that candidates often choose S3 Glacier Instant Retrieval (Option D) because of the word 'Instant,' overlooking that the requirement explicitly tolerates minutes-to-hours latency, making the cheaper Glacier Flexible Retrieval the better cost-optimized choice.

How to eliminate wrong answers

Option A is wrong because S3 Standard-IA is designed for infrequent access but still incurs higher storage costs than Glacier Flexible Retrieval for data that is accessed rarely (minutes-to-hours latency is acceptable), and it does not provide the lowest cost for this use case. Option C is wrong because keeping all objects in S3 Standard for 180 days is significantly more expensive than transitioning to a colder storage class, and S3 Intelligent-Tiering is not cost-optimized for a predictable access pattern (active for 7 days, then rarely accessed) as it adds monitoring costs and may not move objects to the cheapest tier quickly enough. Option D is wrong because S3 Glacier Instant Retrieval is designed for millisecond retrieval, which is unnecessary and more expensive than Glacier Flexible Retrieval when minutes-to-hours latency is acceptable, thus not the most cost-optimized choice.

170
Multi-Selecthard

Multiple teams share one AWS Organization. Finance wants chargeback by project, alerts before overspend, and monthly views by account without manually opening each account. Which three actions best fit? Select three.

Select 3 answers
A.Enforce cost allocation tags on resources and activate them for billing reports.
B.Use AWS Budgets to create alerts and budget actions for each project.
C.Use Cost Explorer or Cost and Usage Reports to analyze spend by account, tag, and service.
D.Put every team in a separate AWS account and ignore tagging.
E.Use CloudTrail trails to estimate spend by resource because it records API calls.
AnswersA, B, C

Correct. Cost allocation tags are the foundation for project-level chargeback. Once activated for billing, they let finance group spend by business unit, application, or environment.

Why this answer

Option A is correct because cost allocation tags, when activated for billing reports, allow you to tag resources with project-specific metadata (e.g., 'Project:Alpha'). AWS then includes these tags in the Cost and Usage Reports (CUR) and Cost Explorer, enabling Finance to filter and allocate costs by project without manual account inspection. This directly supports chargeback by project and monthly views by account and tag.

Exam trap

The trap here is that candidates may confuse CloudTrail (which records API calls) with AWS Cost Explorer or CUR (which provide actual cost data), leading them to incorrectly select option E for cost estimation.

171
Multi-Selecthard

A retailer runs a reporting-heavy relational app on Amazon RDS MySQL. Peak dashboard traffic lasts only three hours each day, but the database is sized for the peak all day. The business wants lower cost without rewriting the application. Which three actions are best? Select three.

Select 3 answers
A.Right-size the writer based on actual utilization instead of peak guesses.
B.Add read replicas and direct dashboard traffic away from the writer.
C.Evaluate Aurora MySQL if the current replica-heavy design would be cheaper there.
D.Migrate to DynamoDB immediately because every relational workload is more expensive.
E.Increase provisioned IOPS permanently so the monthly bill drops.
AnswersA, B, C

Correct. Right-sizing removes waste from the always-on primary instance. If the writer is sized for real load rather than a worst-case assumption, the company pays for less unused compute.

Why this answer

Option A is correct because right-sizing the RDS instance based on actual utilization metrics (e.g., CPU, memory, connections) rather than peak guesses directly reduces compute and memory costs. Since the peak dashboard traffic lasts only three hours, the database can be scaled down for the remaining 21 hours, avoiding over-provisioning. This is a fundamental cost-optimization strategy for RDS without requiring application changes.

Exam trap

The trap here is that candidates assume DynamoDB is always cheaper for any workload, ignoring the need for application rewrites and the relational reporting requirements, while also overlooking that increasing IOPS always raises costs rather than lowering them.

172
MCQeasy

A team stores application logs in Amazon CloudWatch Logs. They enabled long retention and detailed dashboards, resulting in higher-than-expected monthly spend. Compliance requires retaining logs for 90 days, but operations only needs aggregated views. Which change most directly reduces CloudWatch Logs cost while meeting the requirement?

A.Set the CloudWatch Logs log group retention period to 90 days for the relevant log groups.
B.Disable VPC flow logs so the applications stop producing logs automatically.
C.Increase the logging level to DEBUG to reduce the number of log events by batching them.
D.Turn off CloudWatch alarms so logs stop being ingested into CloudWatch Logs.
AnswerA

CloudWatch Logs storage charges are driven primarily by how much data you store and for how long. Reducing retention to the required 90 days decreases stored log volume over time.

Why this answer

Setting the CloudWatch Logs log group retention period to 90 days directly reduces storage costs by automatically expiring logs after the compliance-required duration. This eliminates the cost of storing logs beyond 90 days, which was the primary driver of the higher-than-expected spend, while still retaining the data for the mandated period and allowing aggregated views via dashboards.

Exam trap

The trap here is that candidates may confuse log retention settings with log ingestion controls, mistakenly thinking that disabling alarms or changing log levels will reduce costs, when in fact the most direct and compliant cost-saving measure is to adjust the retention period.

How to eliminate wrong answers

Option B is wrong because disabling VPC Flow Logs stops the production of network-level logs, but the question states the team stores 'application logs' in CloudWatch Logs, not VPC Flow Logs; this action would not address the cost of existing application log ingestion and retention, and it would break compliance if those logs are required. Option C is wrong because increasing the logging level to DEBUG actually generates more log events per operation, not fewer, and batching does not reduce the number of events; it would increase costs due to higher ingestion volume. Option D is wrong because turning off CloudWatch alarms does not stop log ingestion; alarms are separate from log data ingestion and retention, so logs would continue to be ingested and stored, incurring the same costs.

173
Multi-Selectmedium

A marketing site serves versioned JavaScript and CSS files from an Amazon S3 origin through Amazon CloudFront. After a frontend release, the CloudFront cache hit ratio dropped because browsers now send an Authorization header on every static asset request even though the assets are public and do not require authentication. The team wants to lower origin load and improve cache efficiency. Which two actions should it take? Select two.

Select 2 answers
A.Create a separate CloudFront behavior for static assets with a cache policy and origin request policy that exclude the Authorization header.
B.Use hashed or versioned object names and long Cache-Control max-age values for immutable assets.
C.Forward the Authorization header to the origin for all static asset requests.
D.Set the cache TTL to zero so browsers always revalidate content.
E.Store the static assets in Amazon EFS so CloudFront can cache them more effectively.
AnswersA, B

CloudFront cache efficiency depends on the cache key. If Authorization is included in the cache key or forwarded unnecessarily to the origin, each request can be treated as unique and the cache hit ratio drops. A dedicated behavior for immutable static content should use a cache policy that does not include Authorization and an origin request policy that does not forward it, so the same object can be reused across many viewers.

Why this answer

Option A is correct because creating a separate CloudFront behavior for static assets allows you to attach a cache policy and an origin request policy that explicitly exclude the Authorization header. By not forwarding the Authorization header to the S3 origin, CloudFront can treat all requests for the same asset as cache hits, regardless of the header value, which restores the cache hit ratio and reduces origin load.

Exam trap

The trap here is that candidates may think forwarding the Authorization header is necessary for security or that setting TTL to zero is a safe fallback, but both actions actually increase origin load and degrade cache performance for public static assets.

174
Multi-Selectmedium

A line-of-business application runs on EC2 instances 24/7 with predictable usage for the next year. The application will stay in the same Region, and the team does not want to manage capacity interruptions. Which two purchase options can reduce cost compared with pure On-Demand pricing? Select two.

Select 2 answers
A.Buy Compute Savings Plans for the expected steady usage.
B.Purchase Standard Reserved Instances for the EC2 fleet.
C.Move the fleet to Spot Instances.
D.Use Dedicated Hosts to reserve physical servers for the application.
E.Stay entirely on On-Demand Instances because they are already the cheapest option.
AnswersA, B

Compute Savings Plans reduce the hourly cost of predictable usage while preserving flexibility across supported compute services. They are a strong fit when the workload is steady and the team wants savings without interruption risk.

Why this answer

Compute Savings Plans (A) offer a flexible discount (up to 66%) in exchange for a 1- or 3-year commitment to a consistent amount of compute usage (measured in $/hour), automatically applying to any EC2 instance family, region, or even AWS Fargate/Lambda. This reduces cost compared to On-Demand while avoiding capacity interruptions, as the commitment covers the predictable steady-state usage. Standard Reserved Instances (B) provide a similar discount (up to 72%) for a specific instance family in a specific region, also with a 1- or 3-year term, and guarantee capacity for the specified AZ if you choose a zonal reservation, ensuring no interruptions.

Exam trap

The trap here is that candidates may think Spot Instances are always cheaper and safe for steady workloads, but they forget the interruption risk, or they may confuse Dedicated Hosts with Reserved Instances as a cost-saving measure, when Dedicated Hosts actually increase cost for physical isolation.

175
Multi-Selectmedium

A public API currently uses API Gateway REST APIs and Lambda. Traffic is low most of the day, but marketing runs a predictable traffic spike every weekday at 09:00 UTC. Users complain about cold starts during the first few minutes of the spike, and the team wants to avoid paying for provisioned concurrency all day. Which two changes should they make? Select two.

Select 2 answers
A.Switch from REST APIs to HTTP APIs if the feature set is sufficient.
B.Schedule Lambda provisioned concurrency shortly before the spike and scale it back afterward.
C.Keep provisioned concurrency at the maximum level 24/7.
D.Move the API to a single t3.nano EC2 instance.
E.Add an S3 gateway endpoint to reduce cold starts.
AnswersA, B

HTTP APIs are generally lower cost and lower latency than REST APIs for many simple API use cases. They reduce the recurring API Gateway cost without requiring a redesign.

Why this answer

Option A is correct because HTTP APIs are designed to be faster and more cost-effective than REST APIs, with up to 71% lower latency and 60% lower cost per request. This reduces the impact of cold starts by minimizing the overhead of request processing, and the cost savings align with the team's goal of avoiding all-day provisioned concurrency costs.

Exam trap

The trap here is that candidates may think provisioned concurrency must be always-on to be effective, or that adding infrastructure like EC2 or S3 endpoints can solve cold starts, when in fact the correct approach is to combine a cheaper API type with time-based provisioned concurrency scheduling.

176
Multi-Selecthard

A log archive has old unattached EBS volumes and many stale snapshots. Which two actions reduce storage cost without affecting running instances? The architecture review board prefers a managed AWS-native control.

Select 2 answers
A.Stop all EC2 instances in the account
B.Disable CloudTrail logging
C.Delete unattached EBS volumes after verifying they are no longer needed
D.Apply snapshot lifecycle policies to expire obsolete snapshots
AnswersC, D

Unattached volumes continue to incur charges until deleted.

Why this answer

Option C is correct because deleting unattached EBS volumes eliminates storage costs for volumes that are not in use, and since they are not attached to any running instance, this action does not affect running instances. Option D is correct because applying snapshot lifecycle policies (e.g., using Amazon Data Lifecycle Manager) automates the expiration of obsolete snapshots, reducing storage costs without impacting running instances. Both actions are managed AWS-native controls, aligning with the architecture review board's preference.

Exam trap

The trap here is that candidates may confuse stopping instances (which does not delete volumes) with deleting unattached volumes, or they may think disabling CloudTrail reduces storage costs, but CloudTrail logs are stored in S3 and are unrelated to EBS volume or snapshot storage charges.

177
MCQmedium

A production log archive runs continuously on EC2 with predictable usage for the next three years. The team wants a discount while retaining some instance-family flexibility. What should they buy?

A.S3 Intelligent-Tiering
B.Dedicated Instances
C.Compute Savings Plan
D.Spot Instances only
AnswerC

Compute Savings Plans provide discounts for a committed spend while allowing flexibility across instance families, sizes, Regions, and compute services.

Why this answer

The Compute Savings Plan (C) is correct because it offers a discount (up to 66%) in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term, while allowing flexibility to change instance families, sizes, OS, tenancy, and even regions within EC2, Fargate, and Lambda. This matches the requirement of predictable usage for three years with instance-family flexibility, unlike Reserved Instances which lock to a specific instance family.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with Reserved Instances, assuming that any long-term discount requires locking into a specific instance family, but Compute Savings Plans provide both the discount and the flexibility to change instance families, which is the key differentiator tested in this question.

How to eliminate wrong answers

Option A is wrong because S3 Intelligent-Tiering is a storage class for objects in Amazon S3 that optimizes costs by moving data between access tiers based on changing access patterns; it has nothing to do with EC2 compute discounts or instance-family flexibility. Option B is wrong because Dedicated Instances are EC2 instances that run on hardware dedicated to a single customer, providing physical isolation but no discount or flexibility benefit; they are a billing/tenancy option, not a discount program. Option D is wrong because Spot Instances only offer significant discounts but are interruptible with a 2-minute termination notice, making them unsuitable for a production log archive that must run continuously for three years without interruption.

178
MCQmedium

A media company runs a fleet of EC2 instances using Auto Scaling across multiple instance families (for example, m-series and c-series) in a single region. The business wants to commit to steady usage for one year to reduce cost, but the application team must retain flexibility to switch instance families and scale up/down as demand changes. They need the cost-reduction approach that best matches this flexibility. Which option is the best fit?

A.Purchase Standard Reserved Instances tied to a specific instance family and region, so the application can only run on the selected family.
B.Purchase Compute Savings Plans so the commitment applies regardless of instance family changes within the selected scope.
C.Purchase Spot Instances for all capacity and disable On-Demand fallback to guarantee the lowest cost.
D.Rely only on On-Demand and reduce cost by using a CloudFront-only approach for all dynamic content.
AnswerB

Compute Savings Plans provide discounted pricing in exchange for a 1-year or 3-year commitment, while allowing flexibility across instance families/attributes within the scope (for example, region/account and covered usage). This aligns with Auto Scaling that may shift between instance families while maintaining steady overall compute usage.

Why this answer

Compute Savings Plans provide the most flexibility because they apply to any EC2 instance family (including m-series and c-series) within a region, automatically adjusting to instance family changes and scaling. This matches the requirement to commit to steady usage for one year while retaining the ability to switch families and scale up/down, offering up to 66% savings over On-Demand without locking the application to a specific instance type.

Exam trap

The trap here is that candidates often confuse Reserved Instances (which lock to a specific family) with Savings Plans (which offer family flexibility), leading them to choose Option A despite the requirement for instance family switching.

How to eliminate wrong answers

Option A is wrong because Standard Reserved Instances are tied to a specific instance family (e.g., m5.large) and region, which would prevent the application from switching to a different instance family (e.g., c-series) without incurring additional On-Demand costs or modification fees. Option C is wrong because Spot Instances can be interrupted with a 2-minute warning, making them unsuitable as the sole capacity source for a production workload that requires reliability; disabling On-Demand fallback would risk application downtime during Spot reclaimations. Option D is wrong because CloudFront is a content delivery network that caches static and dynamic content at edge locations, but it does not reduce the cost of running EC2 instances for compute workloads; relying solely on On-Demand without a commitment discount would not achieve the desired cost reduction.

179
MCQmedium

A dev sandbox runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost? The design must avoid adding custom operational scripts.

A.On-Demand Instances only
B.Spot Instances
C.Dedicated Hosts
D.Provisioned IOPS volumes
AnswerB

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances (B) are ideal for fault-tolerant, interruptible workloads like a nightly dev sandbox because they offer significant cost savings (up to 90% off On-Demand) in exchange for being reclaimable by AWS with a 2-minute warning. Since the sandbox can be interrupted and restarted, and the design avoids custom scripts, Spot Instances can leverage native AWS features like hibernation or automatic recovery to resume work without manual intervention.

Exam trap

The trap here is that candidates may confuse Spot Instances with On-Demand or Reserved Instances, overlooking that Spot Instances are specifically designed for fault-tolerant, interruptible workloads and offer the lowest cost, while On-Demand is for steady-state workloads and Reserved Instances require a 1- or 3-year commitment.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are billed per second with no interruption risk, but they are the most expensive option and do not minimize cost for a workload that can tolerate interruptions. Option C is wrong because Dedicated Hosts provide physical server isolation for licensing or compliance needs, which is unnecessary and costly for a simple dev sandbox; they incur a per-host fee regardless of usage. Option D is wrong because Provisioned IOPS volumes are a storage type (EBS), not an EC2 purchasing option, and they add cost without addressing compute pricing; the question asks for an EC2 purchasing option to minimize cost.

180
Multi-Selectmedium

A serverless checkout API has predictable traffic spikes every weekday at 09:00 UTC and low traffic the rest of the day. The team wants to reduce cost while keeping response times fast during the recurring spike. Which two actions should they take? Select two.

Select 2 answers
A.Use provisioned concurrency for the Lambda function during the expected spike window.
B.Use Application Auto Scaling or scheduled actions to reduce provisioned concurrency after the spike ends.
C.Replace the API with a single always-on EC2 instance.
D.Keep provisioned concurrency permanently high all day and all week.
E.Disable API Gateway and use direct public internet access to Lambda.
AnswersA, B

Provisioned concurrency keeps Lambda execution environments initialized before traffic arrives, which reduces cold starts during the predictable busy period. Because the spike is scheduled, the team can pay for the performance benefit only when it is actually needed.

Why this answer

Provisioned concurrency initializes a specified number of Lambda execution environments in advance, ensuring no cold starts during traffic spikes. By scheduling provisioned concurrency to activate only during the 09:00 UTC window, the team keeps response times fast without paying for idle capacity the rest of the day.

Exam trap

The trap here is that candidates might think provisioned concurrency must be always-on to be effective, missing the cost-saving strategy of scheduling it only during predictable spikes.

181
MCQmedium

A video processing pipeline runs batch jobs that are safe to interrupt and restart. The jobs checkpoint progress to durable storage every few minutes, and the team can automatically resubmit from the last checkpoint. They want to minimize compute cost while accepting that capacity can be interrupted. Which launch configuration for the processing workers is the best cost-optimized choice?

A.Launch the worker nodes as Spot Instances, and configure the job resubmission logic to restart from checkpoints upon interruption.
B.Launch the worker nodes as On-Demand Instances with no interruption handling so the pipeline never needs resubmission.
C.Launch the worker nodes as Reserved Instances to guarantee capacity and reduce cost, ignoring interruptions.
D.Use Savings Plans and also set the job scheduler to never start new jobs unless previous jobs finish without interruption.
AnswerA

Spot provides significantly lower pricing than On-Demand for EC2 capacity. Because the workload is designed to tolerate interruption (checkpointing + resubmission from the last checkpoint), the team can safely accept Spot interruptions. Resubmission from durable checkpoints preserves correctness while still capturing the cost advantage of Spot.

Why this answer

Spot Instances offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, interruptible workloads. Since the pipeline checkpoints progress to durable storage and can automatically resume from the last checkpoint, using Spot Instances minimizes compute cost while accepting interruptions.

Exam trap

The trap here is that candidates may choose On-Demand or Reserved Instances because they assume interruptions are unacceptable, but the question explicitly states the workload is safe to interrupt and restart, making Spot Instances the correct cost-optimized choice.

How to eliminate wrong answers

Option B is wrong because On-Demand Instances are more expensive and provide no cost optimization benefit for a workload that can tolerate interruptions. Option C is wrong because Reserved Instances require a 1- or 3-year commitment and are not designed for workloads that can be interrupted; they also do not inherently handle interruption recovery. Option D is wrong because Savings Plans still incur costs for unused capacity if jobs are delayed, and the suggestion to never start new jobs unless previous jobs finish without interruption contradicts the goal of minimizing cost by accepting interruptions.

182
MCQhard

A batch analytics job currently uses two NAT gateways in each of three Availability Zones, but only one private subnet per AZ needs outbound internet access. What should the architect review first?

A.Replacing every NAT gateway with an internet gateway attached to private subnets
B.Whether one NAT gateway per AZ is sufficient for the required private subnets
C.Disabling route tables
D.Moving all workloads to public subnets
AnswerB

NAT gateways are normally deployed per AZ for resilience; duplicate NAT gateways in the same AZ may be unnecessary.

Why this answer

Option B is correct because the question asks what the architect should review first. Using two NAT gateways per Availability Zone (AZ) when only one private subnet per AZ needs outbound internet access is likely over-provisioned and costly. The architect should first verify if a single NAT gateway per AZ can handle the traffic load, as NAT gateways are highly available within an AZ and can support up to 45 Gbps of bandwidth.

This review directly addresses cost optimization without sacrificing functionality.

Exam trap

The trap here is that candidates may assume more NAT gateways always improve reliability, but the question emphasizes cost optimization, so the first review should be whether the existing number of gateways is necessary rather than immediately adding or removing resources.

How to eliminate wrong answers

Option A is wrong because replacing NAT gateways with an internet gateway attached to private subnets is technically invalid; internet gateways can only be attached to VPCs and provide outbound access only to resources with public IPs in public subnets, not private subnets. Option C is wrong because disabling route tables would break all network connectivity, not just outbound internet access, and is not a valid cost-optimization review step. Option D is wrong because moving all workloads to public subnets would expose them directly to the internet, violating security best practices and potentially incurring higher data transfer costs, and does not address the cost of NAT gateways.

183
Multi-Selecthard

A fleet of test servers is rebuilt every week from AMIs. EBS volumes are often left behind after termination, and the team creates daily snapshots of every volume even when nothing changes. Which three actions most reduce storage cost while preserving recovery options? Select three.

Select 3 answers
A.Use gp3 for new EBS volumes instead of gp2 when similar performance is enough.
B.Automate snapshot creation and deletion with Amazon Data Lifecycle Manager.
C.Move old snapshots to the EBS Snapshot Archive tier once they are rarely restored.
D.Keep unattached volumes around for troubleshooting after instance termination.
E.Raise provisioned IOPS on every volume so snapshot restore time feels faster.
AnswersA, B, C

Correct. gp3 decouples baseline performance from volume size, which commonly lowers cost for workloads that do not need gp2's hidden throughput coupling. It is a practical right-sizing move for many general-purpose volumes.

Why this answer

Option A is correct because gp3 volumes offer a baseline performance that is often sufficient for test servers, and they are typically more cost-effective than gp2 volumes for the same amount of storage. By using gp3, you avoid paying for the additional IOPS that gp2 includes by default, which can reduce costs when the workload does not require high performance. This directly addresses the goal of reducing storage costs while maintaining adequate performance for recovery purposes.

Exam trap

The trap here is that candidates may think keeping unattached volumes is useful for troubleshooting, but snapshots already provide the same data recovery capability without ongoing storage costs, and raising IOPS is mistakenly believed to speed up snapshot restore, when in fact it does not affect restore performance.

184
MCQmedium

A SaaS company runs a production API on an EC2 Auto Scaling group with steady demand 24/7. The team uses multiple instance types over time (they switch types during tuning) but the overall compute hours are stable. They want a cost reduction without committing to a specific instance type or size. Which AWS pricing option best meets the requirement?

A.Buy EC2 Spot Instances for the Auto Scaling group to maximize savings
B.Purchase a Compute Savings Plan for the region and commit to a dollar-per-hour amount
C.Purchase Reserved Instances that are limited to a single specific instance type in the Auto Scaling group
D.Use on-demand only, and rely on Auto Scaling to reduce cost during low utilization
AnswerB

A Compute Savings Plan reduces cost for steady compute usage and supports flexibility across instance families and sizes.

Why this answer

B is correct because a Compute Savings Plan provides the flexibility to change instance types, sizes, and even compute services (e.g., EC2, Fargate, Lambda) within a region while still receiving discounted rates (up to 66% vs. on-demand). This matches the requirement of reducing costs without committing to a specific instance type or size, as the plan is based on a dollar-per-hour commitment rather than instance family or tenancy.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with Reserved Instances, assuming that any savings plan requires a specific instance type, but Compute Savings Plans offer full flexibility across instance families and sizes within a region.

How to eliminate wrong answers

Option A is wrong because Spot Instances can be interrupted with a 2-minute warning, making them unsuitable for a production API with steady demand 24/7 where availability and reliability are critical. Option C is wrong because Reserved Instances are tied to a specific instance type (e.g., m5.large) and tenancy, which contradicts the requirement to avoid committing to a specific instance type or size. Option D is wrong because relying solely on on-demand instances with Auto Scaling does not reduce cost; Auto Scaling only adjusts capacity based on demand, but on-demand pricing is the highest, so no cost savings are achieved.

185
MCQmedium

A batch analytics job runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost?

A.On-Demand Instances only
B.Dedicated Hosts
C.Spot Instances
D.Provisioned IOPS volumes
AnswerC

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances are the correct choice because they offer significant cost savings (up to 90% compared to On-Demand) and are ideal for fault-tolerant, interruptible workloads like batch processing. Since the job can be interrupted and restarted, it can handle Spot Instance terminations gracefully, making this the most cost-effective option.

Exam trap

The trap here is that candidates may choose On-Demand Instances thinking they need guaranteed uptime, overlooking the fact that the workload is explicitly described as interruptible and restartable, which makes Spot Instances the optimal cost-saving choice.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances provide no interruption but are priced higher, which is unnecessary for a workload that can tolerate interruptions. Option B is wrong because Dedicated Hosts are designed for licensing or compliance requirements and are billed per host, making them far more expensive and unsuitable for cost minimization. Option D is wrong because Provisioned IOPS volumes (EBS) relate to storage performance, not compute pricing, and do not address the cost of EC2 instances.

186
MCQmedium

A batch analytics job runs for several hours each night and can be interrupted and restarted. Which EC2 purchasing option should minimize cost? The design must avoid adding custom operational scripts.

A.On-Demand Instances only
B.Dedicated Hosts
C.Spot Instances
D.Provisioned IOPS volumes
AnswerC

Spot Instances offer deep discounts for interruptible workloads.

Why this answer

Spot Instances are ideal for fault-tolerant, interruptible batch workloads because they offer significant cost savings (up to 90% off On-Demand pricing) by using spare EC2 capacity. Since the job can be interrupted and restarted, it can handle Spot Instance reclaimations without requiring custom operational scripts—AWS handles the interruption notification and automatic instance termination, and the job's restart logic can be built into the application or orchestration layer (e.g., AWS Batch).

Exam trap

The trap here is that candidates may confuse Spot Instances with On-Demand Instances for cost savings, or incorrectly assume that Spot Instances require custom scripting to handle interruptions, when in fact AWS provides built-in mechanisms (e.g., lifecycle hooks, rebalance notifications) that can be leveraged without custom scripts.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances provide no cost savings for interruptible workloads; they are priced at the standard rate and are intended for steady-state or unpredictable workloads that cannot tolerate interruptions. Option B is wrong because Dedicated Hosts are a physical server dedicated to your use, which is significantly more expensive and unnecessary for a batch job that can tolerate interruptions; they are used for licensing or compliance requirements, not cost optimization. Option D is wrong because Provisioned IOPS volumes (EBS) are a storage type, not an EC2 purchasing option; they affect storage performance and cost but do not address compute cost optimization for interruptible workloads.

187
MCQmedium

A company stores application logs in an S3 bucket. They retain logs for 180 days. Compliance requires that the logs be immutable once written, but the business only reviews logs about once per month. Currently, the team stores everything in S3 Standard, and their monthly S3 bill is too high. They want to reduce storage cost without changing the requirement to keep logs for 180 days. Which lifecycle approach best meets the goal?

A.Use a lifecycle policy to transition objects older than 30 days to S3 Standard-IA, and keep them there until day 180.
B.Use a lifecycle policy to transition objects older than 30 days to S3 Glacier Deep Archive and delete after 30 days.
C.Use a lifecycle policy to transition objects older than 30 days to S3 Intelligent-Tiering with no minimum storage duration.
D.Disable lifecycle management and instead lower costs by deleting objects immediately after they are written.
AnswerA

Logs accessed about monthly match Standard-IA economics and still provide fast retrieval.

Why this answer

Option A is correct because it transitions logs older than 30 days to S3 Standard-IA, which offers lower storage costs than S3 Standard while still providing low-latency access for monthly reviews. The lifecycle policy keeps the objects in S3 Standard-IA until day 180, meeting the 180-day retention requirement without incurring the higher cost of S3 Standard for the entire period. S3 Standard-IA has a minimum storage duration of 30 days, which is satisfied by the 30-day transition threshold, and the objects remain immutable as S3 Object Lock is not affected by lifecycle transitions.

Exam trap

The trap here is that candidates may choose S3 Intelligent-Tiering (Option C) thinking it automatically optimizes cost for all access patterns, but for logs accessed only once per month, S3 Standard-IA is more cost-effective because Intelligent-Tiering incurs monitoring and automation overhead and may not move objects to the cheapest tier quickly enough for this specific use case.

How to eliminate wrong answers

Option B is wrong because transitioning objects to S3 Glacier Deep Archive after 30 days and deleting them after 30 days would delete the logs after 60 days total, violating the 180-day retention requirement. Option C is wrong because S3 Intelligent-Tiering has a minimum storage duration of 30 days per tier transition, and while it can reduce costs, it does not guarantee the lowest cost for logs accessed only once per month; S3 Standard-IA is more cost-effective for predictable monthly access patterns. Option D is wrong because deleting objects immediately after they are written violates the 180-day retention requirement and eliminates the logs entirely, which fails compliance.

188
MCQmedium

A media processing pipeline runs batch jobs on EC2. The jobs can tolerate interruptions because they checkpoint progress to durable storage and can restart. The total workload is variable week-to-week, and there is no need to guarantee capacity at specific times. To reduce compute cost while maintaining correctness, what EC2 purchase option and approach is the best fit?

A.Use EC2 Spot Instances with interruption handling and restart from checkpoints.
B.Use All Upfront Reserved Instances sized for the average weekly workload to minimize cost.
C.Use On-Demand Instances and scale only during business hours to reduce idle time.
D.Use Savings Plans with a fixed hourly commitment to ensure capacity for the entire year.
AnswerA

Spot capacity is typically the lowest-cost EC2 option and can be reclaimed by AWS with interruption notices. Because the workload is explicitly restartable and checkpoints to durable storage, interruptions do not break correctness. Since there is no requirement to reserve capacity, the variable workload aligns well with Spot’s spare-capacity model.

Why this answer

Spot Instances offer up to 90% cost savings compared to On-Demand and are ideal for fault-tolerant, stateless workloads that can checkpoint progress to durable storage. Since the batch jobs can tolerate interruptions and restart from checkpoints, Spot Instances provide the lowest compute cost while maintaining correctness. No other purchase option achieves the same level of cost reduction for this variable, interruption-tolerant workload.

Exam trap

The trap here is that candidates often choose Reserved Instances or Savings Plans thinking they always provide the best cost savings, but they fail to recognize that Spot Instances are significantly cheaper and perfectly suited for fault-tolerant, checkpointed batch workloads that do not require guaranteed capacity.

How to eliminate wrong answers

Option B is wrong because All Upfront Reserved Instances require a 1- or 3-year commitment and are sized for a fixed capacity, which does not match the variable week-to-week workload and would lead to over-provisioning or under-utilization, increasing cost. Option C is wrong because On-Demand Instances are the most expensive per-hour option and scaling only during business hours ignores the fact that the workload can run at any time; this approach does not minimize cost compared to Spot. Option D is wrong because Savings Plans with a fixed hourly commitment lock in a baseline spend and do not provide the deep discounts of Spot Instances; they also guarantee capacity only up to the committed amount, which is unnecessary for a workload that does not need guaranteed capacity.

189
Multi-Selectmedium

A compliance archive writes one log file per day to Amazon S3. The logs are almost never accessed after day 30, but if they are needed they must still be retrievable in milliseconds. They must be deleted automatically after one year. Which two lifecycle settings should you apply? Select two.

Select 2 answers
A.Transition the objects to S3 Glacier Instant Retrieval after 30 days.
B.Expire the objects after 365 days.
C.Transition the objects to S3 Standard-IA after 30 days.
D.Keep the logs in S3 Standard indefinitely and delete them manually when needed.
E.Replicate the logs to another Region for cheaper archival storage.
AnswersA, B

Glacier Instant Retrieval is designed for data that is rarely accessed but still needs millisecond retrieval. Because the logs remain in the archive for 11 more months, the 90-day minimum storage duration is not a problem, and the storage cost is lower than keeping them in a hotter class.

Why this answer

Option A is correct because S3 Glacier Instant Retrieval provides millisecond retrieval times for archived data, meeting the requirement that logs must be retrievable in milliseconds after 30 days. This storage class is designed for long-lived, rarely accessed data that still needs immediate access, making it ideal for compliance archives that are almost never accessed but must be available instantly when needed.

Exam trap

The trap here is that candidates often confuse S3 Standard-IA with S3 Glacier Instant Retrieval, assuming Standard-IA is the cheapest option for infrequent access, but they overlook that Glacier Instant Retrieval offers lower storage costs for data that is almost never accessed while still providing millisecond retrieval, and they may forget that lifecycle expiration must be explicitly set for automatic deletion.

190
MCQmedium

A marketing site stores logs in S3. Logs are queried for 30 days, rarely accessed for one year, and then retained for compliance. What should reduce storage cost? The design must avoid adding custom operational scripts.

A.S3 lifecycle policy that transitions objects to lower-cost storage classes over time
B.Keep all logs in S3 Standard indefinitely
C.Use EBS snapshots for the logs
D.Move all logs immediately to S3 Glacier Deep Archive
AnswerA

Lifecycle rules automate transitions based on age, matching storage cost to access patterns.

Why this answer

Option A is correct because S3 Lifecycle policies allow you to automatically transition objects from S3 Standard to lower-cost storage classes like S3 Standard-IA (Infrequent Access) after 30 days, then to S3 Glacier Deep Archive after one year, without custom scripts. This matches the access pattern: frequent queries for 30 days, rare access for a year, then long-term retention for compliance. The policy automates cost reduction by moving data to progressively cheaper storage as access frequency decreases.

Exam trap

The trap here is that candidates might choose Option D, thinking immediate archiving is cheapest, but they overlook the 30-day query requirement and the fact that S3 Glacier Deep Archive has retrieval times of 12+ hours, making it unsuitable for frequent access.

How to eliminate wrong answers

Option B is wrong because keeping all logs in S3 Standard indefinitely incurs the highest storage cost, ignoring the infrequent access and long-term retention requirements. Option C is wrong because EBS snapshots are designed for block-level backups of EC2 volumes, not for storing S3 log data, and would require custom scripts to move logs from S3 to EBS, violating the 'no custom operational scripts' constraint. Option D is wrong because moving all logs immediately to S3 Glacier Deep Archive would make them inaccessible for the first 30 days of frequent queries (retrieval takes 12 hours or more), and the cost of early deletion fees or retrieval requests would outweigh savings.

191
MCQhard

A media processing workflow in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost?

A.S3 Object Lambda
B.AWS Shield Advanced
C.Gateway VPC endpoint for Amazon S3
D.A larger NAT gateway
AnswerC

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC endpoint for Amazon S3 allows instances in private subnets to access S3 directly via the AWS network without traversing a NAT gateway, eliminating NAT data processing charges. This is the most cost-effective solution because NAT gateway costs are incurred per GB of data processed, and using a gateway endpoint avoids those charges entirely.

Exam trap

The trap here is that candidates may think a larger NAT gateway would improve throughput and lower costs, but in reality, it only increases both hourly and per-GB charges, while a gateway VPC endpoint eliminates the data processing cost entirely.

How to eliminate wrong answers

Option A is wrong because S3 Object Lambda is used to transform data as it is retrieved from S3, not to reduce data transfer costs from private subnets. Option B is wrong because AWS Shield Advanced is a DDoS protection service that does not address NAT gateway data processing charges. Option D is wrong because a larger NAT gateway would increase, not reduce, costs due to higher hourly and data processing fees.

192
MCQmedium

A company runs a SaaS application with highly unpredictable database load — it may receive zero queries for hours, then spike to thousands of queries per second briefly. The company wants to minimize database costs while handling all load levels without manual scaling. Which solution is MOST cost-effective?

A.Amazon Aurora Serverless v2 — scales automatically from minimum capacity during idle to maximum during spikes
B.Amazon Aurora Provisioned with Auto Scaling to add and remove read replicas
C.Amazon RDS MySQL with scheduled stop/start to save costs during predictable off-hours
D.Amazon DynamoDB with on-demand capacity mode — scales to any traffic level with no minimum cost
AnswerA

Aurora Serverless v2 scales in sub-second increments based on actual load. You pay only for ACUs consumed — idle periods cost near-minimum. No manual scaling required.

Why this answer

Amazon Aurora Serverless v2 automatically scales database capacity based on actual load. It scales from a minimum of 0.5 ACUs during quiet periods to up to 128 ACUs during spikes within seconds. You pay only for the ACUs consumed — idle periods cost near-minimum.

Aurora Provisioned requires pre-provisioning capacity for peak load, incurring full instance costs regardless of actual utilization. Even with Auto Scaling, the primary instance has a minimum provisioned capacity that runs at full cost during idle periods.

Exam trap

Aurora Serverless v1 and v2 are different products. v1 supports true pause-to-zero but has a cold-start delay (~25 seconds) and fewer supported features. v2 scales much faster (sub-second), supports more Aurora features including Global Database and Multi-AZ, and scales to 0.5 ACU minimum. For modern architectures, Aurora Serverless v2 is the correct recommendation.

Why the other options are wrong

B

Aurora Provisioned with Auto Scaling adds/removes read replicas based on CPU or connections but does not scale write capacity. The primary instance remains at a fixed provisioned size, incurring full cost during idle periods.

C

RDS scheduled stop/start stops the database entirely during off-hours — no queries can be served. SaaS applications may receive queries at any time. Manual scheduling cannot handle unpredictable spikes.

D

DynamoDB on-demand scales automatically and costs nothing when idle. However, migrating a relational workload to DynamoDB requires significant application refactoring. Aurora Serverless v2 provides cost savings without architectural changes.

193
Multi-Selecthard

A fleet of test servers is rebuilt every week from AMIs. EBS volumes are often left behind after termination, and the team creates daily snapshots of every volume even when nothing changes. Which three actions most reduce storage cost while preserving recovery options? Select three.

Select 3 answers
A.Use gp3 for new EBS volumes instead of gp2 when similar performance is enough.
B.Automate snapshot creation and deletion with Amazon Data Lifecycle Manager.
C.Move old snapshots to the EBS Snapshot Archive tier once they are rarely restored.
D.Keep unattached volumes around for troubleshooting after instance termination.
E.Raise provisioned IOPS on every volume so snapshot restore time feels faster.
AnswersA, B, C

Correct. gp3 decouples baseline performance from volume size, which commonly lowers cost for workloads that do not need gp2's hidden throughput coupling. It is a practical right-sizing move for many general-purpose volumes.

Why this answer

Option A is correct because gp3 volumes offer a baseline performance that is often sufficient for test server workloads, and they are typically more cost-effective than gp2 volumes when similar performance is adequate. By using gp3, you avoid paying for provisioned IOPS that you do not need, directly reducing storage costs without sacrificing recovery options.

Exam trap

The trap here is that candidates may think keeping unattached volumes is a valid recovery option, but it is more cost-effective to snapshot and delete them, and they may overlook that raising IOPS does not accelerate snapshot restore times.

194
MCQeasy

An internal team runs a report-generation job once per day. It typically finishes in a few minutes, and even on its slowest days it still completes in under 15 minutes. The team wants to reduce operational overhead and pay primarily for actual runtime instead of keeping servers running 24/7. Which AWS approach best matches these goals?

A.Deploy the job on EC2 instances and keep them running continuously for the daily schedule.
B.Use AWS Lambda triggered by a schedule (for example, EventBridge) to run the report at the required time.
C.Run the job in an RDS database using stored procedures scheduled by the database engine.
D.Use an Auto Scaling group with a fixed minimum size of one instance and disable scaling.
AnswerB

Lambda runs on demand and charges for execution time, aligning spend with actual job runtime and reducing ops.

Why this answer

AWS Lambda is the ideal choice because it is a serverless compute service that runs code only when triggered, aligning with the requirement to pay primarily for actual runtime. By using Amazon EventBridge (CloudWatch Events) to invoke the Lambda function on a daily schedule, the team eliminates the need to provision or manage servers, and the job's typical runtime of a few minutes (under 15 minutes, Lambda's maximum execution timeout) fits perfectly within Lambda's constraints.

Exam trap

The trap here is that candidates may overlook Lambda's 15-minute timeout limit and assume any short-duration job is suitable, or they may mistakenly think that RDS stored procedures (Option C) are a cost-effective compute alternative, when in fact they are not designed for general-purpose application logic and still require a running database instance.

How to eliminate wrong answers

Option A is wrong because keeping EC2 instances running continuously incurs costs for idle time, which directly contradicts the goal of paying primarily for actual runtime and reducing operational overhead. Option C is wrong because RDS stored procedures are designed for database-level logic and are not a general-purpose compute solution for running report-generation jobs; they also incur costs for the RDS instance running 24/7 and lack the flexibility of a dedicated compute service. Option D is wrong because an Auto Scaling group with a fixed minimum size of one instance still keeps a server running 24/7, resulting in the same cost and operational overhead as Option A, and does not achieve the goal of paying only for runtime.

195
MCQhard

A batch analytics job currently uses two NAT gateways in each of three Availability Zones, but only one private subnet per AZ needs outbound internet access. What should the architect review first? The design must avoid adding custom operational scripts.

A.Replacing every NAT gateway with an internet gateway attached to private subnets
B.Whether one NAT gateway per AZ is sufficient for the required private subnets
C.Disabling route tables
D.Moving all workloads to public subnets
AnswerB

NAT gateways are normally deployed per AZ for resilience; duplicate NAT gateways in the same AZ may be unnecessary.

Why this answer

Option B is correct because the current setup uses two NAT gateways per AZ, which is likely over-provisioned and incurs unnecessary costs. Since only one private subnet per AZ requires outbound internet access, a single NAT gateway per AZ is typically sufficient to handle the traffic, and this is the first cost-optimization step to review before making other changes.

Exam trap

The trap here is that candidates may assume more NAT gateways are always better for high availability, but the question explicitly states only one private subnet per AZ needs outbound access, making a single NAT gateway per AZ the cost-optimized starting point.

How to eliminate wrong answers

Option A is wrong because internet gateways cannot be attached to private subnets; they are attached to VPCs and only work with public subnets that have a route to the IGW. Option C is wrong because disabling route tables would break all network connectivity, not just outbound internet access, and is not a valid optimization strategy. Option D is wrong because moving all workloads to public subnets would expose them directly to the internet, violating security best practices and the requirement to avoid custom operational scripts.

196
MCQmedium

A static marketing site is served through CloudFront from an S3 origin. After a product update, customers report a drop in CloudFront cache hit ratio and the CloudFront bill increases because the origin is receiving many more requests for the same JS/CSS assets. Asset URLs are versioned, but requests now include an Authorization header even though these assets are public. Which CloudFront change most directly improves the cache hit ratio for these assets?

A.Increase the origin's max connections to handle more origin fetches
B.Configure the CloudFront cache policy so Authorization is not included in the cache key, and use an origin request policy that does not forward Authorization to the S3 origin for this behavior
C.Set CloudFront minimum TTL to 0 seconds so caches expire faster and origin fetches start again
D.Disable CloudFront compression because Authorization headers are not cacheable when compression is enabled
AnswerB

For public assets, Authorization should not vary the cache key. Removing it from the cache key allows CloudFront to reuse cached objects across requests, and not forwarding it to the origin avoids unnecessary origin variation and request overhead.

Why this answer

The drop in cache hit ratio is caused by the Authorization header being included in the cache key, which makes CloudFront treat each request as unique even when the asset URL is the same. By configuring the cache policy to exclude Authorization from the cache key and using an origin request policy that does not forward it to S3, CloudFront can serve cached responses for all users regardless of their Authorization header, restoring the cache hit ratio.

Exam trap

The trap here is that candidates may think increasing origin capacity or adjusting TTLs solves the problem, but the real issue is that the Authorization header is unnecessarily varying the cache key, which is a common misconfiguration in CloudFront when public assets are served alongside authenticated content.

How to eliminate wrong answers

Option A is wrong because increasing origin max connections addresses origin load but does not fix the root cause of cache misses caused by the Authorization header in the cache key. Option C is wrong because setting minimum TTL to 0 seconds forces CloudFront to revalidate every request with the origin, which would increase origin fetches and worsen the cache hit ratio and bill. Option D is wrong because CloudFront compression does not affect cacheability of Authorization headers; the header is simply not part of the cache key by default unless explicitly included, and disabling compression would not resolve the cache key issue.

197
MCQeasy

A workload runs in private subnets. It must access AWS services such as Amazon S3, but the company wants to avoid using a NAT Gateway to reduce outbound networking costs. What is the best solution?

A.Create VPC endpoints for the required AWS services and route traffic to them
B.Attach Elastic IP addresses to instances in private subnets
C.Install a NAT Gateway in every subnet to minimize routing hops
D.Open outbound internet access with a security group rule to reach service endpoints directly
AnswerA

VPC endpoints provide private connectivity from your VPC to supported AWS services without traversing the public internet or a NAT Gateway. For example, you can use a gateway endpoint for S3 (and interface endpoints for other services where supported), which avoids NAT Gateway hourly and data-processing charges.

Why this answer

VPC endpoints (Gateway Endpoints for S3 and DynamoDB, or Interface Endpoints for other services) allow instances in private subnets to access AWS services privately without traversing the internet or a NAT Gateway. This eliminates NAT Gateway data processing and hourly charges, directly reducing outbound networking costs while keeping traffic within the AWS network.

Exam trap

The trap here is that candidates often assume private subnets must use a NAT Gateway or internet gateway for any AWS service access, overlooking that VPC endpoints provide direct, cost-free connectivity to supported services within the AWS network.

How to eliminate wrong answers

Option B is wrong because attaching Elastic IP addresses to instances in private subnets does not enable outbound internet access; private subnets lack an internet gateway route, so EIPs alone cannot route traffic to AWS services. Option C is wrong because installing a NAT Gateway in every subnet increases costs unnecessarily (each NAT Gateway incurs hourly and data processing charges) and does not minimize routing hops compared to VPC endpoints. Option D is wrong because security group rules control inbound/outbound traffic based on IP addresses or security groups, but they cannot route traffic to service endpoints directly; instances still need a route to the internet or a VPC endpoint to reach AWS services.

198
MCQhard

A media processing workflow in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost? The architecture review board prefers a managed AWS-native control.

A.S3 Object Lambda
B.AWS Shield Advanced
C.Gateway VPC endpoint for Amazon S3
D.A larger NAT gateway
AnswerC

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC endpoint for Amazon S3 allows instances in private subnets to access S3 directly over the AWS network without traversing a NAT gateway, eliminating NAT data processing charges. This is a managed AWS-native control that meets the architecture review board's preference, as it uses AWS PrivateLink and does not require any changes to the S3 bucket or client configuration beyond route table updates.

Exam trap

The trap here is that candidates may confuse Gateway VPC endpoints with Interface VPC endpoints, assuming both incur hourly charges, when in fact Gateway endpoints are free and only incur standard S3 data transfer costs, making them the optimal choice for reducing NAT-related expenses.

How to eliminate wrong answers

Option A is wrong because S3 Object Lambda is used to transform data on the fly during S3 GET requests, not to reduce data transfer costs from S3 to a VPC; it adds processing overhead and does not address NAT gateway charges. Option B is wrong because AWS Shield Advanced is a DDoS protection service that does not reduce data transfer costs or replace the need for a NAT gateway; it is unrelated to S3 access cost optimization. Option D is wrong because a larger NAT gateway would increase, not decrease, costs, as it still incurs per-GB data processing charges for all traffic through it, and does not eliminate the need for NAT traversal.

199
MCQmedium

A company stores millions of objects in Amazon S3. Access patterns are completely unpredictable — some objects are frequently accessed, others rarely. Objects range from 4 KB to 50 MB. The company wants to minimize storage costs automatically without managing lifecycle rules. Which storage class should a solutions architect recommend?

A.S3 Standard — it is the default and handles all access patterns equally
B.S3 Standard-IA — it automatically detects infrequent access and reduces cost
C.S3 Intelligent-Tiering — it automatically moves objects between tiers based on access patterns
D.S3 One Zone-IA — it is the cheapest option with fast retrieval
AnswerC

Intelligent-Tiering monitors actual access and automatically moves objects between Frequent and Infrequent tiers with no retrieval fees. It eliminates lifecycle management complexity for unknown access patterns.

Why this answer

S3 Intelligent-Tiering monitors access patterns and automatically moves objects between access tiers — Frequent Access, Infrequent Access, and optional Archive tiers — based on actual usage. It requires no management or lifecycle rules.

Important: Intelligent-Tiering charges a small monitoring fee per object per month. For objects under 128 KB, this fee may exceed the storage savings. With objects ranging from 4 KB to 50 MB and unpredictable access patterns, Intelligent-Tiering is the recommended answer — AWS explicitly recommends it for unknown access patterns where object size averages above 128 KB.

Exam trap

For purely small objects (all < 128 KB), Intelligent-Tiering's monitoring cost ($0.0025 per 1,000 objects) can exceed the storage savings — Standard would be cheaper. But for mixed sizes with unpredictable access (as in this question), Intelligent-Tiering is the correct recommendation. The key phrase 'automatically without managing lifecycle rules' points to Intelligent-Tiering.

Why the other options are wrong

A

S3 Standard is the highest cost per-GB storage class and does not automatically reduce cost based on access patterns. For unpredictable access, Intelligent-Tiering is more cost-effective for objects with average size above 128 KB.

B

S3 Standard-IA does NOT automatically detect access patterns. Objects placed in Standard-IA are statically in that class. It also charges a per-GB retrieval fee making it expensive for frequently accessed objects.

D

One Zone-IA stores data in a single AZ (lower durability). It does not automatically adjust to access patterns and charges retrieval fees. It's inappropriate for data requiring standard S3 durability.

200
Multi-Selectmedium

A global software company distributes large installation packages from an Amazon S3 bucket. During release week, many users in the same region download the same file repeatedly, and the origin bill is rising because the same objects are fetched over and over. The team wants to lower origin data transfer and improve delivery cost. Which two actions should it take? Select two.

Select 2 answers
A.Put Amazon CloudFront in front of the S3 origin.
B.Use versioned object names and long cache TTLs for the release artifacts.
C.Disable caching so every user always gets the newest file from S3.
D.Serve the downloads from a self-managed EC2 web server instead of S3.
E.Move the release packages to S3 Glacier Deep Archive for faster downloads.
AnswersA, B

CloudFront caches popular package files at edge locations, so repeated downloads can be served without repeatedly hitting S3. That reduces origin data transfer and improves user download performance, which is exactly what this scenario needs.

Why this answer

Amazon CloudFront acts as a content delivery network (CDN) that caches objects at edge locations close to users. By placing CloudFront in front of the S3 bucket, repeated downloads of the same file are served from the edge cache, drastically reducing the number of requests to the S3 origin and lowering data transfer costs from S3. CloudFront also offers free data transfer to the origin for cached content, further optimizing delivery cost.

Exam trap

The trap here is that candidates may think disabling caching ensures freshness (Option C) or that moving to a cheaper storage class like Glacier Deep Archive (Option E) reduces cost, without realizing that both actions increase origin data transfer or retrieval latency, contradicting the goal of lowering delivery cost for frequently accessed objects.

201
MCQhard

A risk simulation workload in private subnets downloads large amounts of data from S3 through a NAT gateway. NAT data processing charges are high. What should the architect use to reduce cost? The design must avoid adding custom operational scripts.

A.A larger NAT gateway
B.Gateway VPC endpoint for Amazon S3
C.S3 Object Lambda
D.AWS Shield Advanced
AnswerB

A gateway endpoint routes S3 traffic privately without NAT gateway data processing charges.

Why this answer

A Gateway VPC Endpoint for Amazon S3 allows instances in private subnets to access S3 directly over the AWS network without traversing a NAT gateway, eliminating NAT data processing charges. This is the most cost-effective and operationally simple solution because it requires no custom scripts and no changes to routing beyond adding the endpoint.

Exam trap

The trap here is that candidates often confuse Gateway VPC Endpoints with Interface VPC Endpoints, assuming both incur hourly charges, or mistakenly think a larger NAT gateway is a cost-saving measure when it actually increases costs.

How to eliminate wrong answers

Option A is wrong because a larger NAT gateway would increase, not reduce, data processing costs (charged per GB processed) and does not address the root cause of traffic going through the NAT. Option C is wrong because S3 Object Lambda is used to transform data as it is retrieved from S3, not to reduce network egress costs or replace NAT gateway traffic. Option D is wrong because AWS Shield Advanced is a DDoS protection service that does not affect data transfer costs or routing between VPC and S3.

202
Multi-Selecthard

A startup has three sandbox accounts and one production account. The CTO wants lower cost and operational overhead while keeping central purchasing and spend visibility. Which two actions are best? Select two.

Select 2 answers
A.Enable consolidated billing under AWS Organizations so discounts and shared purchasing apply across accounts.
B.Move each sandbox to its own payer account to isolate spend from the rest.
C.Use managed services such as Amazon RDS or Amazon S3 instead of self-managed EC2-based databases and file servers where practical.
D.Buy Dedicated Hosts for sandbox workloads to get a lower blended rate.
E.Disable AWS Budgets because consolidated billing already solves visibility.
AnswersA, C

Correct. Consolidated billing centralizes purchasing and can improve discount usage across linked accounts. It also gives the company one payer view, which simplifies governance and visibility.

Why this answer

Option A is correct because enabling consolidated billing under AWS Organizations aggregates usage across all accounts, allowing the startup to benefit from volume discounts and Reserved Instance sharing, which lowers overall costs. This also provides a single payer account for central purchasing and spend visibility through the consolidated billing console.

Exam trap

The trap here is that candidates may think Dedicated Hosts (Option D) reduce costs due to 'blended rates,' but they actually increase costs for sandbox workloads and are intended for licensing compliance, not general cost optimization.

← PreviousPage 3 of 3 · 202 questions total

Ready to test yourself?

Try a timed practice session using only Design Cost questions.