1. Requirement is to process the files from S3 and render the results
immediately and the results will no longer be used again once returned. Which is the most
effective volume to process these files by an EC2. (Choose-1)
1. EFS
2. EBS
3. Instance Store.
4. S3.
Ans:
Instance Store - For Faster access and greater performance. As well data
retention is not required here.
2.A Database running on EC2 requires a block storage volume for backup
service. Which one of the below is recommended ?(Choose-1)
1. EBS Cold HDD.
2. Provisioned IOPS .
3. General Purpose.
4. Throughput Optimized HDD.
Ans: 1. EBS Cold HDD.
3. Which of the below AWS services support decoupled Architecture ?(Choose-1)
1. ELB.
2. SQS.
3. SNS.
4. EMR.
Ans: 1. ELB & 2.SQS (When you see decouple or loosely coupled
architecture SQS should be default choice, in this ELB as well we can add to it as it shares the
load between servers and if one goes down still other may work.)..
4. Your application requires to be Highly available and needs at least 4
servers to meet the performance all time. Which architecture will ensure High availability and
cost efficiency ? (this pattern is very commonly seen-(Choose-1))
1. 2 Server @ AZ1 , 4 Server @ AZ2 , 0 Server @ AZ3.
2. 4 Server @ AZ1 ,1 Server @ AZ2 , 1 Server @ AZ3.
3. 2 Server @ AZ1,2 Server @ AZ2, 2 Server @ AZ3.
4. 4 Server @ AZ1 , 4 Sever @AZ2 , 4 Serve @ AZ3.
Ans: 3. 2 Server @ AZ1,2 Server @ AZ2, 2 Server @ AZ3. (Here even if
one AZ goes down, we will get 4 servers served by other 2 AZ's.) . 4. As well could be correct
if Cost efficiency is not a factor.
5. How to Debug a Lambda Function.(Choose-1)
1. CloudWatch Logs.
2. CloudTrail Logs.
3. Search in S3 for Lambda logs.
4. Log in as Admin and open Lambda function to the log.
Ans: 1.CloudWatch Logs. - A role attached with Lambda service for CloudWatch need to be attached
to Lamabda function and the logs will be made available there...
6. Which of the below AWS RDS supports Read replica ?(Choose-1)
1. MS Sql Server & Oracle.
2. MySql,PostgreSql & Aurora.
3. Auroa , DynamoDB & MS Sql.
Ans: 2.MySql,PostgreSql & Aurora.
7. An e-commerce website runs offer daily at 10 AM and the traffic is excpeted to spike at that
time and may lost for another 30mins of max. On an average it requires 2 servers to serve the
regular access and to handle the spike period it requires 4 servers. What is the most cost
effective architecture to implement this solution ?(Choose-1)
1. Create an AutoScaling group with 4 servers all time.
2. Create an AutoScaling group with 2 servers all time.
3. Create an AustoScaling group with 2 server and scale up another 2 servers based on
performance.
4. Create an AutoScaling group with a minimum capacity of 2 servers and set a schedule to scale up
additional 2 servers at 9.50 AM.
Ans: 4.Create an AutoScaling group with a minimum capacity of 2 servers and set a schedule to
scale up additional 2 servers at 9.50 AM.As we already know the traffic will spike @ 10,its
better we start the servers well before to give bootstrap scripts to complete.
8. A web tier of an application runs on 4 EC2 instances spread across 2 AZ behind an ELB. The
Data tier MySQl db runs on another EC2 instance. what below changes will make the Application
highly available ?(Choose-1)
1. Migrate MySql from EC2 to Multi-AZ MySql RDS.
2. Take a copy of MySql EC2 instance and have it as backup on daily basis.
3. Launch Web Tier instance & DB Tier Instance across 4 EC2 instances.
Ans: 1.Migrate MySql from EC2 to Multi-AZ MySql RDS.
9. AWS admin left the organization, while he was Admin he had access to root user and his
account as IAM Admin. With these privileges he generated other IAM users and keys. What action
should be taken today to protect your AWS infrastructure.(Choose-3)
1. Change the Root password and add MFA.
2. Rotate Keys and change passwords for all IAM users.
3. Delete all IAM user and generate new user logins.
4. Delete the Old Admins user name.
Ans: 1,2 & 4.
10. After deploying an Web Application inside a VPC, the application is not available via a
HTTP, what could be the reasonable fix?(choose 3)
1. VPC must have a Internet Gateway attached to it for external user to access the application via
Internet and attached to a Route table with routes = 0.0.0.0/0.
2. VPC must have a Nat Gateway attached to it for external user to access the application via
Internet and attached to a Route table with routes = 0.0.0.0/0.
3. Check the Security Groups allows access via port 80.
4. Check NACL allows inbound access via port 80.
Ans: 1,3&4. If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be
accessed from the Internet .A NAT Instance is an Amazon EC2 instance configured to forward
traffic to the Internet
11. There is requirement to run jobs only on Friday,Saturday & Sunday and job completes in the
same day, what type of EC2 instance you should sugges ?(Choose-1)
1. On Demand.
2. Spot.
3. Reserved for 1 year
4. Scheduled instance.
Ans: 4. Scheduled instance.
12.What will be choice of EBS volume for RDS, if the IOPS is more than 10,000.(Choose-1)
1. Provisioned IOPS SSD.
2. General Purpose SSD.
3. Throughput Optimized HDD.
4. Cold Storage HDD.
Ans: 1.Provisioned IOPS SSD. AWS recommends Provisioned IOPS SSD for any IOPS more than 10K.
1. CloudWatch Logs.
2. CloudTrail Logs.
3. Search in S3 for Lambda logs.
4. Log in as Admin and open Lambda function to the log.
Ans:
13. Online e-commerce store is hosting a Flash sale, for the same it has added 2 new web servers
in addition to existing 2 servers to handle the sudden spike of traffic at web tier behind a
ALB. All these servers are connected to a single MySql RDS on the DB Tier.Due to sudden spike in
traffic some message is not interfaced to DB. As a solution architect what will be your solution
to handle this sudden spike ?(Choose-1)
1. Use ElastiCache.
2. Use SQS.
3. Use SNS.
4. Convert RDS into Multe-AZ.
Ans: 2.Use SQS. It is always recommended to use SQS to decouple the applications. SQS ensure
delivery of message at least once.
14. How to make a S3 bucket available in another Region?(Choose-1)
1. Enable Cross Region Replication with versioning.
2. Enable Cross Region Replication without versioning.
3. Take a copy of the bucket and create it in another Region.
4. Enable life cycle policy to move the bucket to another Region.
Ans: 2.Enable Cross Region Replication with versioning.
15. A Highly available & scalable application is the requirement and regular patches need to be
download from internet for an EC2 instance at Private Subnet. As per below which one is a single
point of failure.(Choose 2)
1. VPC,EC2,ELB,Autosys,Internet Gateway & Nat Instance.
2. VPC,EC2,Internet Gateway & Nat Instance.
3. VPC,EC2,ELB,Autosys,Internet Gateway & Nat Gateway.
4. VPC,EC2,Internet Gateway & Nat Gateway.
Ans: 1 & 2. As Nat Instance is a single point of failure. Always prefer Nat Gateway over Nat
Instance, as Nat Gateway is highly available.
16. During a CloudTrail analysis, it was found out that a particular IP is connecting to
application number of time and seems to be suspicious. How can this be addressed ?(Choose-1)
1. Remove Internet Gateway.
2. Restrict that Particular IP through Security Group.
3. Restrict that Particular IP through Network Access Control.
4. Restrict with Route table entry.
Ans: 3.Restrict that Particular IP through Network Access Control.
17. In a VPC there are 2 subnets - A & B and each have 1 EC2 instance. Instance in Subnet-A
having Security Group-A should be able to communicate with Instance in Subnet-B having Security
Group-B. But Instance in Subnet -B should be able to accept inbound only from Subnet-A instance.
How can this be Achieved.(Choose-1)
1. Create a new entry in Security Group 'A' with Allow all.
2. Create a new entry in Security Group 'A' with Source as Security Group - B.
3. Create a new Entry in Security Group 'B' with source as Security Group-A.
4. Create a new entry in Security Group 'B' with Allow all.
Ans: 3.Create a new Entry in Security Group 'B' with source as Security Group-A
18. From a VPC, how can the data can be extracted from a S3 bucket and transferred to a EC2
instance for processing further?(Choose-1)
1. Create a NACL and provide access to all.
2. Create a Internet Gateway and attach it to the VPC.
3. Create a VPC endpoint to S3 and configure it VPC.
4. Create a Security Gateway with Allow all and attach it to the EC2 instance.
Ans: 3. Create a VPC endpoint to S3 and configure it to the VPC.
19. Which is best option for url based load balancing?(Choose-1)
1. Route 53 .
2. Network Load balancer.
3. Application Load Balancer.
4. Classic Load Balancer.
Ans: 1.Route53, should be the preferred load balancer, health check services for websites or url
based service. It is a fully managed service with multiple routing policies.
20. User needs to be provided with a temporary access, to access the AWS services through third
party tokens like (Google,FB, Amazon), which AWS service is best suited for providing this
limited access.(Choose-1)
1. AWS STS.
2. AWS Cognito.
3. AWS KMS.
4. AWS IAM User.
Ans: 2.AWS Cognito - With Amazon Cognito, your users can sign in through social identity
providers such as Google, Facebook, and Amazon, and through enterprise identity providers such
as Microsoft Active Directory via SAML.
21. There is requirement to give write access to a few sets of users on an S3 bucket for a short
period of time.Within the period, the external users should upload their files into a S3 bucket.
What is the best way to provide this access ?(Choose-1)
1. Create IAM user and assign to the external users.
2. Create STS and give full access on S3.
3. Create Role and assign to External users group with Full access to S3.
4. Create a Pre-signed URL with expiry dates and provide to the external users.
Ans: 4.Create a Pre-signed URL with expiry dates and provide to the external users."All objects
and buckets by default are private. The presigned URLs are useful if you want your user/customer
to be able to upload a specific object to your bucket, but you don't require them to have AWS
security credentials or permissions"
22. Customer have a requirement to upload huge data into S3 bucket from multiple locations. Data
size ranges from 1 GB to 10 GB per file, but the network bandwidth is very limited. Which of the
below AWS services will help in fast and secure upload of files?(Choose-1)
1. S3 Cross Region Replication.
2. S3 Pre-Signed URL for the particular customer.
3. Enable S3 Transfer Acceleration.
4. Place S3 bucket in front of CloudFront distribution.
Ans: Ans:3.Enable S3 Transfer Acceleration."Amazon S3 Transfer Acceleration enables fast, easy,
and secure transfers of files over long distances between your client and an S3 bucket. Transfer
Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations".
23.Customers were accessing S3 bucket from one particular Geo location.But now the due to
increase in business, the customers are spread across multiple Geo location and customers
started complaining about slow response of files from S3 bucket. What is the most cost effective
way to address this issue?(Choose-1)
1. S3 Cross Region Replication.
2. S3 Pre-Signed URL for the particular customer.
3. Enable S3 Transfer Acceleration.
4. Place S3 bucket in front of CloudFront distribution.
Ans: 4.Place S3 bucket in front of CloudFront distribution."CloudFront can speed up the delivery
of your static content (for example, images, style sheets, JavaScript, and so on) to viewers
across the globe".
24. A company is migrating the Application services from On-Prem to AWS. Web tier & Application
tier decided to be moved into a EC2 backed RHEL environment. But a decision is yet to be made on
DB migration, they are currently on a MySQl RDMS, but the expect the business to grow in multi
fold and the requirement of DB is it needs to be highly available and replicas to be near
realtime. Which RDBMS will be be best suited ?(Choose-1)
1. Install MySQl on EC2 and take regular snapshots for readreplica replication.
2. Oracle RDBMS.
3. AWS Aurora.
4. MS SQLServer.
Ans:
25.There is a flash sale going to happen in a e-commerce site. Below is the architecture of
services on which the site is built upon,
a.Application Tier back of ELB.
b.Autoscaling for Application Tier.
c. RDBMS - MySql.
Adding which of below services will make the application fault tolerant and isolate the
failure in writing into DB ?(Choose-1)
1. SQS.
2. SNS.
3. RDBMS - Read Readreplica.
4. Multi AZ RDBMS.
Ans: 1.SQS.Whenever decoupling or isolation between services/ server is needed, it is always
recommended to use SQS.
26. A Lambda function need to connect to a Database and execture a procedure.But this Lambda
function can be called from will be same across different environments.
Which is the secure way
to pass the DB connection parameters(like user id, pwd) ?(Choose-1)
1. Code inside the Lambda function.
2. Use Lambda Environment Variables to pass the credentials.
3. Use User Data section of EC2 to store initiate the db connection.
4. Use IAM to give access to DB service for Lambda
Ans: 2.Use Lambda Environment Variables to pass the credentials.Lambda Environment Variables
will allows us to dynamically pass variables to Lambda code.
27. There is a business requirement to have a Shared Mount point. Which should be accessible by
multiple applications which are hosted on different EC2 instances for read & write purpose.
Which the best Storage service to serve this requirement ?(Choose-1)
1. AWS EFS.
2. AWS EBS
3. AWS S3.
4. EC2 Instance Store.
Ans: 1.AWS EFS. All we need to do is Install NFS client on each of these EC2 instance and mount
the EFS. EFS mount point can be shared by multiple EC2 instances(up to thousands of Amazon EC2
instances).
28. There is a business requirement to run batch programs only during weekends for a year.
Programs will start on Friday night and last till Sunday night. Which instance type is cost
effective for running these batch programs.(Choose-1)
1. Ec2 On-Demand.
2. Scheduled Reserved Instance.
3. Reserved Instance.
4. Spot Instance.
Ans: 2.Scheduled Reserved Instance.Scheduled Reserved Instances enable you to purchase capacity
reservations that recur on a daily, weekly, or monthly basis, with a specified start time and
duration, for a one-year term.
29. Customer wants to replace/break his monolith applications into Microservice supported
architecture. Which are the services will provide a reliable architecture. (Choose-3)
1. ECS
2. Lamdba
3. SQS
4. EC2
Ans: 1,2&3(ECS,Lambda,SQS).
30. Which service can be used to integrate with Microsoft Active Directory service and provide
SSO seamlessly.(Choose-1)
1. AWS IAM
2. AWS Congnito.
3. AWS Directory Service.
4. AWS SSO.
Ans: 3.AWS Directory Service.By configuring a trust from AWS Managed Microsoft AD to your
existing Active Directory, AWS Managed Microsoft AD can serve as a resource domain. This enables
your users to sign in with SSO using their existing corporate credentials.
31. How will you ensure, whenever a new launched via Autoscaling is preinstalled with required
software and fully updated with latest OS patches,(Choose-1)
1. Admin to run yum update and install patches once the instance is launched.
2. Create a custom AMI and have that AMI updated with latest patches and required software.
3. Use user data section to do update and install required software.
4. User to run and install required software & update patches.
Ans: 3.Use user data section to do update and install required software. Scripts entered in user
data section are executed as the root user while it is launched.
32.Which service will need to used for allowing users to Log into a scalable mobile app using
their existing facebook or google id to log into the application for temporary access.
(Choose-1)
1. AWS Cognito
2. AWS IAM
3. AWS Single Sign-on
4. AWS Trusted Advisor
Ans: 1.AWS Cognito.Amazon Cognito lets you add user sign-up, sign-in, and access control to your
web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports
sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise
identity providers via SAML 2.0.
33.What kind of encryption features for data on clusters running Redis will you suggest for
having a secured Redis cluster?(Choose-2)
1. ElastiCache for Redis In-Transit Encryption (TLS)
2. ElastiCache for Redis At-Rest Encryption
3. Encrypt the Data @ rest within RDS.
4. Having both EC2 Application Server & Redis inside a private Subnet.
Ans: 1 &2 (ElastiCache for Redis TLS & At Rest) . (In-transit encryption encrypts your data
whenever it is moving from one place to another, such as between nodes in your cluster or
between your cluster and your application.At-rest encryption encrypts your on-disk data during
sync and backup operations.).