AWS Certified Solutions Architect Exam Sample Questions

Last updated:16-Jan-2019

Check summary page on my experience from actual exam.


Sample Questions & Answers to the best of my knowledge and experience.

  1. Requirement is to process the files from S3 and render the results immediately and the results will no longer be used again once returned. Which is the most effective volume to process these files by an EC2.(Choose-1)
    1. EFS
    2. EBS
    3. Instance Store.
    4. S3.

Ans:

    Instance Store – For Faster access and greater performance. As well data retention is not required here.

2.A Database running on EC2 requires a block storage volume for backup service. Which one of the below is recommended ?(Choose-1)

  1.  EBS Cold HDD.
  2. Provisioned IOPS .
  3. General Purpose.
  4. Throughput Optimized HDD.

Ans:

  1. EBS Cold HDD.

3. Which of the below AWS services support decoupled Architecture ?(Choose-1)

  1. ELB.
  2. SQS.
  3. SNS.
  4. EMR.

Ans:

  1. ELB &  2.SQS (When you see decouple or loosely coupled architecture SQS should be default choice, in this ELB as well we can add to it as it shares the load between servers and if one goes down still other may work.).

4. Your application requires to be Highly available and needs at least 4 servers to meet the performance all time. Which architecture will ensure High availability and cost efficiency ? (this pattern is very commonly seen-(Choose-1))

  1. 2 Server @ AZ1 , 4 Server @ AZ2 , 0 Server @ AZ3.
  2. 4 Server @ AZ1 ,1 Server @ AZ2 , 1 Server @ AZ3.
  3. 2 Server @ AZ1,2 Server @ AZ2, 2 Server @ AZ3.
  4. 4 Server @ AZ1 , 4 Sever @AZ2 , 4 Serve @ AZ3.

Ans:

  3. 2 Server @ AZ1,2 Server @ AZ2, 2 Server @ AZ3. (Here even if one AZ goes down, we will get 4 servers served by other 2 AZ’s.) .  4. As well could be correct if Cost efficiency is not a factor.

5. How to Debug a Lambda Function.(Choose-1)

  1. CloudWatch Logs.
  2. CloudTrail Logs.
  3. Search in S3 for Lambda logs.
  4. Log in as  Admin and open Lambda function to the log.

Ans:

  1.CloudWatch Logs. – A role attached with Lambda service for CloudWatch need to be attached to Lamabda function and the logs will be made available there.

6. Which of the below AWS RDS supports Read replica ?(Choose-1)

  1. MS Sql Server & Oracle.
  2. MySql,PostgreSql & Aurora.
  3. Auroa , DynamoDB & MS Sql.

Ans:

  2.MySql,PostgreSql & Aurora.

7. An e-commerce website runs offer daily at 10 AM and the traffic is excpeted to spike at that time and may lost for another 30mins of max. On an average it requires 2 servers to serve the regular access and to handle the spike period it requires 4 servers. What is the most cost effective architecture to implement this solution ?(Choose-1)

  1. Create an AutoScaling group with 4 servers all time.
  2. Create an AutoScaling group with 2 servers all time.
  3. Create an AustoScaling group with 2 server and scale up another 2 servers based on performance.
  4. Create an AutoScaling group with a minimum capacity of 2 servers and set a schedule to scale up additional 2 servers at 9.50 AM.

Ans:

4.Create an AutoScaling group with a minimum capacity of 2 servers and set a schedule to scale up additional 2 servers at 9.50 AM.As we already know the traffic will spike @ 10,its better we start the servers well before to give bootstrap scripts to complete.

8.  A web tier of an application runs on 4 EC2 instances spread across 2 AZ behind an ELB. The Data tier MySQl db runs on another EC2 instance. what below changes will make the Application highly available ?(Choose-1)

  1. Migrate MySql from EC2 to Multi-AZ MySql RDS.
  2. Take a copy of MySql EC2 instance and have it as backup on daily basis.
  3. Launch Web Tier instance & DB Tier Instance across 4 EC2 instances.

Ans:

  1.Migrate MySql from EC2 to Multi-AZ MySql RDS.

9.  AWS admin left the organization, while he was Admin he had access to root user and his account as IAM Admin. With these privileges he generated other IAM users and keys. What action should be taken today to protect your AWS infrastructure.(Choose-3)

  1. Change the Root password and add MFA.
  2. Rotate Keys and change passwords for all IAM users.
  3. Delete all IAM user and generate new user logins.
  4. Delete the Old Admins user name.

Ans:

  1,2 & 4.

10. After deploying an Web Application inside a VPC, the application is not available via a HTTP, what could be the reasonable fix?(choose 3)

  1. VPC must have a Internet Gateway attached to it for external user to access the application via Internet and attached to a Route table with routes = 0.0.0.0/0.
  2. VPC must have a Nat Gateway attached to it for external user to access the application via Internet and attached to a Route table with routes = 0.0.0.0/0.
  3. Check the Security Groups allows access via port 80.
  4. Check NACL allows inbound access via port 80.

Ans:

1,3&4. If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be accessed from the Internet .A NAT Instance is an Amazon EC2 instance configured to forward traffic to the Internet

11. There is requirement to run jobs only on Friday,Saturday & Sunday and job completes in the same day, what type of EC2 instance you should sugges ?(Choose-1)

  1. On Demand.
  2. Spot.
  3. Reserved for 1 year
  4. Scheduled instance.

Ans:

4. Scheduled instance.

12.What will be choice of EBS volume for RDS, if the IOPS is more than 10,000.(Choose-1)

  1. Provisioned IOPS SSD.
  2. General Purpose SSD.
  3. Throughput Optimized HDD.
  4. Cold Storage HDD.

Ans:

1.Provisioned IOPS SSD. AWS recommends Provisioned IOPS SSD for any IOPS more than 10K.

13. Online e-commerce store is hosting a Flash sale, for the same it has added 2 new web servers in addition to existing 2 servers to handle the sudden spike of traffic at web tier behind a ALB. All these servers are connected to a single MySql RDS on the DB Tier.Due to sudden spike in traffic some message is not interfaced to DB. As a solution architect what will be your solution to handle this sudden spike ?(Choose-1)

  1. Use ElastiCache.
  2. Use SQS.
  3. Use SNS.
  4. Convert RDS into Multe-AZ.

Ans:

  2.Use SQS. It is always recommended to use SQS to decouple the applications. SQS ensure delivery of message at least once.

14. How to make a S3 bucket available in another Region?(Choose-1)

  1. Enable Cross Region Replication with versioning.
  2. Enable Cross Region Replication without versioning.
  3. Take a copy of the bucket and create it in another Region.
  4. Enable life cycle policy to move the bucket to another Region.

Ans:

  1.Enable Cross Region Replication with versioning. As per AWS ,

  •  Both source and destination buckets must have versioning enabled.
  •  The source and destination buckets must be in different AWS Regions.
  •  Amazon S3 must have permissions to replicate objects from the source bucket to the destination bucket on your behalf.
  • If the owner of the source bucket doesn’t own the object in the bucket, the object owner must grant the bucket owner READ and READ_ACP permissions with the object ACL. For more information

15. A Highly available & scalable application is the requirement and regular patches need to be download from internet for an EC2 instance at Private Subnet. As per below which one is a single point of failure.(Choose 2)

  1. VPC,EC2,ELB,Autosys,Internet Gateway & Nat Instance.
  2. VPC,EC2,Internet Gateway & Nat Instance.
  3. VPC,EC2,ELB,Autosys,Internet Gateway & Nat Gateway.
  4. VPC,EC2,Internet Gateway & Nat Gateway.

Ans:

  1 & 2. As Nat Instance is a single point of failure. Always prefer Nat Gateway over Nat Instance, as Nat Gateway is highly available.

16. During a CloudTrail analysis, it was found out that a particular IP is connecting to application number of time and seems to be suspicious. How can this be addressed ?(Choose-1)

  1. Remove Internet Gateway.
  2. Restrict that Particular IP through Security Group.
  3. Restrict that Particular IP through Network Access Control.
  4. Restrict with Route table entry.

Ans:

3.Restrict that Particular IP through Network Access Control.

17. In a VPC there are 2 subnets – A & B and each have 1 EC2 instance. Instance in Subnet-A having Security Group-A should be able to communicate with Instance in Subnet-B having Security Group-B. But Instance in Subnet -B should be able to accept inbound only from Subnet-A instance. How can this be Achieved.(Choose-1)

  1. Create a new entry in Security Group ‘A’ with Allow all.
  2. Create a new entry in Security Group ‘A’ with Source as Security Group  – B.
  3. Create a new Entry in Security Group ‘B’ with source as Security Group-A.
  4. Create a new entry in Security Group ‘B’ with Allow all.

Ans:

3.Create a new Entry in Security Group ‘B’ with source as Security Group-A

18. From a VPC, how can the data can be extracted from a S3 bucket and transferred to a EC2 instance for processing further?(Choose-1)

  1. Create a NACL and provide access to all.
  2. Create a Internet Gateway and attach it to the VPC.
  3. Create a VPC endpoint to S3 and configure it VPC.
  4. Create a Security Gateway with Allow all and attach it to the EC2 instance.

Ans:

3. Create a VPC endpoint to S3 and configure it to the VPC.

19.  Which is best option for url based load balancing?(Choose-1)

  1. Route 53 .
  2. Network Load balancer.
  3. Application Load Balancer.
  4. Classic Load Balancer.

Ans:

1.Route53, should be the preferred load balancer, health check services for websites or url based service. It is a fully managed service with multiple routing policies.

 

20. User needs to be provided with a temporary access, to access the AWS services through third party tokens like (Google,FB, Amazon), which AWS service is best suited for providing this limited access.(Choose-1)

  1. AWS STS.
  2. AWS Cognito.
  3. AWS KMS.
  4. AWS IAM User.

Ans:

  2.AWS Cognito – With Amazon Cognito, your users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML.

21. There is requirement to give write access to a few sets of users on an S3 bucket for a short period of time.Within the period, the external users should upload their files into a S3 bucket. What is the best way to provide this access ?(Choose-1)

  1. Create IAM user and assign to the external users.
  2. Create STS and give full access on S3.
  3. Create Role and assign to External users group with Full access to S3.
  4. Create a Pre-signed URL with expiry dates and provide to the external users.

Ans:

  4.Create a Pre-signed URL with expiry dates and provide to the external users.“All objects and buckets by default are private. The presigned URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions”

22. Customer have a requirement to upload huge data into S3 bucket from multiple locations. Data size ranges from 1 GB to 10 GB per file, but the network bandwidth is very limited. Which of the below AWS services will help in fast and secure upload of files?(Choose-1)

  1. S3 Cross Region Replication.
  2. S3 Pre-Signed URL for the particular customer.
  3. Enable S3 Transfer Acceleration.
  4. Place S3 bucket in front of CloudFront distribution.

Ans:3.Enable S3 Transfer Acceleration.“Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations”.

23.Customers were accessing S3 bucket from one particular Geo location.But now the due to increase in business, the customers are spread across multiple Geo location and customers started complaining about slow response of files from S3 bucket. What is the most cost effective way to address this issue?(Choose-1)

  1. S3 Cross Region Replication.
  2. S3 Pre-Signed URL for the particular customer.
  3. Enable S3 Transfer Acceleration.
  4. Place S3 bucket in front of CloudFront distribution.

Ans:

4.Place S3 bucket in front of CloudFront distribution.“CloudFront can speed up the delivery of your static content (for example, images, style sheets, JavaScript, and so on) to viewers across the globe”.

24. A company is migrating the Application services from On-Prem to AWS. Web tier & Application tier decided to be moved into a EC2 backed RHEL environment. But a decision is yet to be made on DB migration, they are currently on a MySQl RDMS, but the expect the business to grow in multi fold and the requirement of DB is it needs to be highly available and replicas to be near realtime. Which RDBMS will be be best suited ?(Choose-1)

  1. Install MySQl on EC2 and take regular snapshots for readreplica replication.
  2. Oracle RDBMS.
  3. AWS Aurora.
  4. MS SQLServer.

Ans:

3.AWS Aurora.“Aurora features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 64TB per database instance. Aurora delivers high performance and availability with up to 15 low-latency read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across three Availability Zones”.

25.There is a flash sale going to happen in a e-commerce site. Below is the architecture of services on which the site is built upon,

a.Application Tier back of ELB.
b.Autoscaling for Application Tier.
c. RDBMS – MySql.

Adding which of below services will make the application fault tolerant and isolate the failure in writing into DB ?(Choose-1)

  1. SQS.
  2. SNS.
  3. RDBMS – Read Readreplica.
  4. Multi AZ RDBMS.

Ans:

1.SQS.Whenever decoupling or isolation between services/ server is needed, it is always recommended to use SQS.

26. A Lambda function need to connect to a Database and execture a procedure.But this Lambda function can be called from will be same across different environments.
Which is the secure way to pass the DB connection parameters(like user id, pwd) ?(Choose-1)

  1. Code inside the Lambda function.
  2. Use Lambda Environment Variables to pass the credentials.
  3. Use User Data section of EC2 to store initiate the db connection.
  4. Use IAM to give access to DB service for Lambda

Ans:

2.Use Lambda Environment Variables to pass the credentials.Lambda Environment Variables will allows us to dynamically pass variables to Lambda code.

27.  There is a business requirement to have a Shared Mount point. Which should be accessible by multiple applications which are hosted on different EC2 instances for read & write purpose. Which the best Storage service to serve this requirement ?(Choose-1)

  1. AWS EFS.
  2. AWS EBS
  3. AWS S3.
  4. EC2 Instance Store.

Ans:

1.AWS EFS. All we need to do is Install NFS client on each of these EC2 instance and mount the EFS. EFS mount point can be shared by multiple EC2 instances(up to thousands of Amazon EC2 instances).

28. There is a business requirement to run batch programs only during weekends for a year. Programs will start on Friday night and last till Sunday night. Which instance type is cost effective for running these batch programs.(Choose-1)

  1. Ec2 On-Demand.
  2. Scheduled Reserved Instance.
  3. Reserved Instance.
  4. Spot Instance.

Ans:

2.Scheduled Reserved Instance.Scheduled Reserved Instances enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term.

29. Customer wants to replace/break his monolith applications into Microservice supported architecture. Which are the services will provide a reliable architecture. (Choose-3)

  1. ECS
  2. Lamdba
  3. SQS
  4. EC2

Ans:

1,2&3(ECS,Lambda,SQS).

30. Which service can be used to integrate with Microsoft Active  Directory service and provide SSO seamlessly.(Choose-1)

  1. AWS IAM
  2. AWS Congnito.
  3. AWS Directory Service.
  4. AWS SSO.

Ans:

3.AWS Directory Service.By configuring a trust from AWS Managed Microsoft AD to your existing Active Directory, AWS Managed Microsoft AD can serve as a resource domain. This enables your users to sign in with SSO using their existing corporate credentials.

31. How will you ensure, whenever a new launched via Autoscaling is preinstalled with required software and fully updated with latest OS patches,(Choose-1)

  1. Admin to run yum update and install patches once the instance is launched.
  2. Create a custom AMI and have that AMI updated with latest patches and required software.
  3. Use user data section to do update and install required software.
  4. User to run and install required software & update patches.

Ans:

3.Use user data section to do update and install required software. Scripts entered in user data section are executed as the root user while it is launched.

32.Which service will need to used for allowing users to Log into a scalable mobile app using their existing facebook or google id to log into the application for temporary access. (Choose-1)

  1. AWS Cognito
  2. AWS IAM
  3. AWS Single Sign-on
  4. AWS Trusted Advisor

Ans:

1.AWS Cognito.Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

33.What kind of encryption features for data on clusters running Redis will you suggest for having a secured Redis cluster?(Choose-2)

  1. ElastiCache for Redis In-Transit Encryption (TLS)
  2. ElastiCache for Redis At-Rest Encryption
  3. Encrypt the Data @ rest within RDS.
  4. Having both EC2 Application Server & Redis inside a private Subnet.

Ans:

1 &2 (ElastiCache for Redis TLS & At Rest) . (In-transit encryption encrypts your data whenever it is moving from one place to another, such as between nodes in your cluster or between your cluster and your application.At-rest encryption encrypts your on-disk data during sync and backup operations.).