1,746 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.
This is exactly what you see during practice — question, options, and a full explanation after you answer.
A multinational company is implementing AWS Organizations to manage multiple accounts across business units. The security team requires that all IAM users in member accounts must use a specific password policy and must have MFA enabled. Which combination of actions should the company take to enforce these requirements?
Option C is correct because SCPs can deny changes to the password policy and deny deactivation of MFA devices, preventing users from weakening security controls. AWS Config rules then detect non-compliant users (e.g., those without MFA or with a non-compliant password policy), al…Read full explanation
A company has a centralized networking team that manages a shared VPC with multiple AWS Transit Gateway attachments. Application teams create VPCs in separate AWS accounts and want to connect to the shared VPC. The networking team needs to ensure that only authorized VPCs can connect to the shared VPC. What is the MOST secure and scalable way to manage this?
AWS Resource Access Manager (RAM) allows the centralized networking team to share the Transit Gateway with specific application accounts, enabling authorized VPCs to create attachments without exposing the resource to all accounts. This approach is secure because it uses resource…Read full explanation
A company uses AWS Control Tower to manage a multi-account environment. The security team needs to ensure that all accounts have AWS CloudTrail enabled and that logs are delivered to a central S3 bucket. What is the BEST way to achieve this?
AWS Control Tower provides an integrated CloudTrail setup that automatically creates and manages a central trail for all accounts in the organization. This trail is deployed using AWS CloudFormation StackSets and delivers logs to a centralized S3 bucket, ensuring compliance witho…Read full explanation
Answer at your own pace. Explanation and domain tag shown immediately after each answer.
Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.
Full explanations on every question
Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.
Domain score breakdown
After each session see your score by exam domain so you know exactly where to focus study time.
100% free, forever
No subscription, no trial, no email wall. Start a session in under 10 seconds.
Exam-style questions
Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.