SAP-C02 · topic practice

Cloudfront practice questions

Practise AWS Certified Solutions Architect Professional SAP-C02 Cloudfront practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Cloudfront

What the exam tests

What to know about Cloudfront

Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.

IaaS, PaaS and SaaS responsibilities and examples.

Public, private, hybrid and community cloud deployment models.

On-premises vs cloud trade-offs: cost, control, scalability.

How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.

Watch out for

Common Cloudfront exam traps

  • IaaS gives you infrastructure control; SaaS gives you only the application.
  • Hybrid cloud combines on-premises and public cloud — not two public clouds.
  • Cloud does not automatically mean cheaper or more secure.
  • Management responsibility shifts with each service model (IaaSPaaSSaaS).

Practice set

Cloudfront questions

20 questions · select your answer, then reveal the explanation

Question 1mediummulti select
Read the full Cloudfront explanation →

A company is designing a new application that will process sensitive financial data. They need to ensure encryption at rest and in transit. Which of the following should they use? (Select TWO.)

Question 2hardmultiple choice
Read the full Cloudfront explanation →

A financial services company is designing a multi-account strategy using AWS Control Tower. The company has strict data residency requirements: customer data must remain in the country of origin. The company operates in three countries: US, UK, and Germany. Each country has a set of accounts for production, development, and testing. The company needs to ensure that IAM roles in UK accounts cannot access resources in German accounts, and vice versa. Which architecture should be used?

Question 3easymultiple choice
Read the full Cloudfront explanation →

A company is designing a serverless application using AWS Lambda for business logic and Amazon API Gateway for REST APIs. The application needs to store and retrieve user session data. Which service should they use for session state?

Question 4hardmultiple choice
Read the full Cloudfront explanation →

A company wants to design a highly available, stateless web application using Amazon ECS with Fargate. They need to distribute traffic across multiple AWS Regions for low latency. Which approach should they use?

Question 5hardmultiple choice
Read the full Cloudfront explanation →

A company is running a stateful web application on EC2 instances in an Auto Scaling group behind an ALB. The application stores session data locally on the instance. The company notices that users are frequently logged out and lose session data during scaling events. What is the MOST operationally efficient way to preserve session state?

Question 6hardmultiple choice
Read the full Cloudfront explanation →

A company is migrating a large-scale, stateful application to AWS. The application maintains session state in memory on the current on-premises servers. The company needs a solution that preserves session state during migration and minimizes latency for users worldwide. Which strategy should the company use?

Question 7hardmultiple choice
Read the full Cloudfront explanation →

A company is migrating a 10 TB Oracle database to Amazon Aurora PostgreSQL. The database is business-critical and must have minimal downtime. The company has set up AWS DMS with ongoing replication from the source. During the migration, the company notices that DMS is failing with an error indicating insufficient memory. What should the company do to resolve this issue and complete the migration?

A company is migrating a large e-commerce platform to AWS using a lift-and-shift approach. The application consists of a web tier, application tier, and a MySQL database. After migration, users report intermittent slow page loads. The operations team notices high CPU utilization on the application tier instances. Which THREE steps should the team take to address the performance issues?

Question 9hardmulti select
Read the full NAT/PAT explanation →

A company has a data lake on Amazon S3 that is accessed by multiple business units via VPC endpoints. The security policy mandates that all access to the data lake must be encrypted in transit and originate from approved VPCs. The company has a central security account that manages AWS Network Firewall. Which combination of controls should be implemented to enforce this policy? (Choose TWO.)

Question 10hardmultiple choice
Read the full NAT/PAT explanation →

A company uses AWS Organizations and wants to implement a data perimeter across all accounts to ensure that data can only be accessed from approved networks. Which combination of controls should be used to enforce this perimeter?

Question 11easymultiple choice
Read the full Cloudfront explanation →

A company has a centralized logging account that receives VPC Flow Logs from all accounts in the organization. The logs are stored in an S3 bucket. The security team needs to allow a third-party SIEM tool to read these logs from the S3 bucket, but only from a specific VPCE (VPC Endpoint). Which policy should be applied to the S3 bucket?

Question 12mediummultiple choice
Read the full Cloudfront explanation →

A company is designing a microservices architecture on AWS ECS with Fargate. Each service needs to store and retrieve session state. The solution must be highly available and low latency. Which AWS service should be used for session state storage?

Question 13easymultiple choice
Read the full Cloudfront explanation →

A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer. The application needs to store session state. Which AWS service provides a fully managed, highly scalable solution for session state management?

Question 14mediummultiple choice
Read the full Cloudfront explanation →

A company is designing a multi-tier web application on AWS. They want to ensure that the web tier can scale automatically based on CPU utilization. Which AWS service should they use?

Question 15easymultiple choice
Read the full Cloudfront explanation →

A company needs to provide a global content delivery solution with low latency. Which AWS service should they use?

Question 16easymultiple choice
Read the full Cloudfront explanation →

A company wants to serve static content (images and videos) to users worldwide with low latency. The content is stored in an Amazon S3 bucket. What is the most cost-effective solution?

Question 17hardmultiple choice
Read the full Cloudfront explanation →

A company runs a high-traffic web application on Amazon EC2 instances behind an Application Load Balancer. The application experiences intermittent latency spikes during peak hours. Analysis shows that the latency spikes correlate with high CPU utilization on the EC2 instances. The company wants to reduce latency without over-provisioning. Which solution is MOST cost-effective and scalable?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

A company is migrating a monolithic application to microservices on Amazon ECS. The application needs to communicate with external partners via HTTPS. The company wants to use mTLS for mutual authentication. Which AWS service should be used to handle the mTLS termination?

Question 19easymultiple choice
Read the full Cloudfront explanation →

A startup is building a serverless application using AWS Lambda for business logic and Amazon DynamoDB for data storage. The application must process a high volume of writes to a single DynamoDB table. The development team is concerned about throttling due to hot partitions. Which design should the team implement to avoid throttling?

Question 20hardmultiple choice
Read the full Cloudfront explanation →

A company is designing a multi-region active-active application using Amazon DynamoDB global tables. The application requires strong consistency reads. However, global tables only support eventual consistency. What should the solutions architect do to meet the requirement?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cloudfront sessions

Start a Cloudfront only practice session

Every question in these sessions is drawn from the Cloudfront domain — nothing else.

Related practice questions

Related SAP-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SAP-C02 exam test about Cloudfront?
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cloudfront questions in a focused session?
Yes — the session launcher on this page draws every question from the Cloudfront domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SAP-C02 topics?
Use the topic links above to move to related areas, or go back to the SAP-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SAP-C02 exam covers. They are not copied from any real exam or dump site.