top of page

AWS Certification Sample Questions

If you are looking for the AWS certifications and don't know what kind of questions will be there in Exam, I have picked up 15 AWS sample questions with answers which were asked in AWS Certification (AWS Solution Architect - Professional) exam:


Question No: 1

You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process.

If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way?

A. Reserved instances

B. Spot instances

C. Dedicated instances

D. On-demand instances

Answer: B



Question No: 2

What does the "Server Side Encryption" option on Amazon S3 provide?

A. It provides an encrypted virtual disk in the Cloud.

B. It doesn't exist for Amazon S3, but only for Amazon EC2.

C. It encrypts the files that you send to Amazon S3, on the server side.

D. It allows to upload files using an SSL endpoint, for a secure transfer.

Answer: A


Question No: 3

Which of the following statements are true about Amazon Route 53 resource records?

Choose 2 answers

A. An Alias record can map one DNS name to another Amazon Route 53 DNS name.

B. A CNAME record can be created for your zone apex.

C. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.

D. TTL can be set for an Alias record in Amazon Route 53.

E. An Amazon Route 53 Alias record can point to any DNS record hosted anywhere.

Answer: A,C



Question No: 4

What is a Security Group?

A. None of these.

B. A list of users that can access Amazon EC2 instances.

C. An Access Control List (ACL) for AWS resources.

D. A firewall for inbound traffic, built-in around every Amazon EC2 instance.

Answer: D


Question No: 5

Is there a limit to the number of groups you can have?

A. Yes for all users except root

B. No

C. Yes unless special permission granted

D. Yes for all users

Answer: D


Question No: 6

A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?

A. Enable AWS CloudTrail for the load balancer.

B. Enable access logs on the load balancer.

C. Install the Amazon CloudWatch Logs agent on the load balancer.

D. Enable Amazon CloudWatch metrics on the load balancer.

Answer: A


Question No: 7

When using consolidated billing there are two account types. What are they?

A. Paying account and Linked account

B. Parent account and Child account

C. Main account and Sub account.

D. Main account and Secondary account.

Answer: A


Question No: 8

Can I attach more than one policy to a particular entity?

A. Yes always

B. Only if within GovCloud

C. No

D. Only if within VPC

Answer: A


Question No: 9

What is the maximum key length of a tag?

A. 512 Unicode characters

B. 64 Unicode characters

C. 256 Unicode characters

D. 128 Unicode characters

Answer: D


Question No: 10

Amazon RDS DB snapshots and automated backups are stored in

A. Amazon S3

B. Amazon ECS Volume

C. Amazon RDS

D. Amazon EMR

Answer: A


Question No: 11

You've been hired to enhance the overall security posture for a very large e-commerce site. They have a well architected multi-tier application running in a VPC that uses ELBs in front of both the web and the app tier with static assets served directly from S3 They are using a combination of RDS and DynamoOB for their dynamic data and then archiving nightly into S3 for further processing with EMR They are concerned because they found questionable log entries and suspect someone is attempting to gain unauthorized access.

Which approach provides a cost effective scalable mitigation to this kind of attack?

A. Recommend mat they lease space at a DirectConnect partner location and establish

a 1G DirectConnect connection to their vPC they would then establish Internet connectivity into their space, filter the traffic in hardware Web Application Firewall (WAF). And then pass the traffic through the DirectConnect connection into their application running in their VPC.

B. Add previously identified hostile source IPs as an explicit INBOUND DENY NACL to

the web tier subnet.

C. Add a WAF tier by creating a new ELB and an AutoScalmg group of EC2 Instances

running a host-based WAF They would redirect Route 53 to resolve to the new WAF tier

ELB The WAF tier would thier pass the traffic to the current web tier The web tier Security Groups would be updated to only allow traffic from the WAF tier Security Group

D. Remove all but TLS 1 2 from the web tier ELB and enable Advanced Protocol Filtering This will enable the ELB itself to perform WAF functionality.

Answer: C


Question No: 12

A startup company hired you to help them build a mobile application that will ultimately

Store billions of images and videos in Amazon Simple Storage Service (S3). The company is lean on funding, and wants to minimize operational costs; however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application? What other information must you gather from this customer in order to determine whether S3 is the right option?

A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years.

B. You must find out the total number of requests per second at peak usage.

C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace.

D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.

Answer: D


Question No: 13

You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

A. 2

B. 3

C. 4

D. 6

Answer: D


Question No: 14

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1?

Choose 2 answers

A. Establish a hardware VPN over the internet between VPC-2 ana the on-premises


B. Establish a hardware VPN over the internet between VPC-1 and the on-premises


C. Establish a new AWS Direct Connect connection and private virtual interface in the

same region as VPC-2.

D. Establish a new AWS Direct Connect connection and private virtual interface in a

different AWS region than VPC-1.

E. Establish a new AWS Direct Connect connection and private virtual interface in the

same AWS region as VPC-1

Answer: B,C


Question No: 15

Amazon RDS supports SOAP only through __________.





Answer: D

I hope these question will help you to get an idea on certification question for AWS.


17 views0 comments

Recent Posts

See All
bottom of page