Question 1:
You are designing a web application hosted on Amazon EC2 that needs to store user-uploaded files. Which of the following is the best way to provide scalable and secure storage for these files?

A. Store the files on Amazon S3
B. Store the files on an EC2 instance
C. Store the files in Amazon DynamoDB
D. Store the files in Amazon RDS

Answer:
A. Store the files on Amazon S3
Explanation: Amazon S3 is designed for scalable and durable storage, making it the best choice for storing user-uploaded files.

Question 2:
You want to prevent accidental deletion of resources in your AWS account. What should you do?

A. Enable multi-factor authentication (MFA)
B. Use AWS Identity and Access Management (IAM) policies
C. Enable resource locking
D. Use AWS Config rules

Answer:
C. Enable resource locking
Explanation: Resource locks prevent the modification or deletion of resources, providing protection against accidental deletions.

Question 3:
Which service would you use to monitor the performance of an EC2 instance and automatically trigger actions based on performance metrics?

A. Amazon CloudWatch
B. Amazon Inspector
C. AWS X-Ray
D. AWS CloudTrail

Answer:
A. Amazon CloudWatch
Explanation: Amazon CloudWatch allows you to monitor performance metrics for your EC2 instances and set up alarms or automatic actions based on those metrics.

Question 4:
You need to securely store an encryption key for your application. Which AWS service should you use?

A. AWS KMS (Key Management Service)
B. Amazon S3
C. AWS Secrets Manager
D. Amazon EC2

Answer:
A. AWS KMS (Key Management Service)
Explanation: AWS KMS is specifically designed for managing encryption keys securely and integrates well with other AWS services.

Question 5:
You are designing a highly available web application using Amazon EC2 instances behind an Elastic Load Balancer (ELB). To ensure that the application remains available in case of failure in one of the Availability Zones, which AWS feature should you use?

A. EC2 Auto Scaling
B. Amazon CloudFront
C. AWS WAF
D. AWS Direct Connect

Answer:
A. EC2 Auto Scaling
Explanation: EC2 Auto Scaling ensures that the appropriate number of EC2 instances are running across multiple Availability Zones, providing high availability and fault tolerance.

Question 6:
You want to ensure that users in your organization can only access AWS resources based on their roles. Which AWS service allows you to implement this?

A. AWS Identity and Access Management (IAM)
B. Amazon VPC
C. AWS CloudTrail
D. AWS Organizations

Answer:
A. AWS Identity and Access Management (IAM)
Explanation: IAM is the primary service for managing user access to AWS resources based on roles and permissions.

Question 7:
Your organization has an application that needs to store log data for compliance purposes. The logs need to be retained for 7 years, and access to the logs must be restricted. Which storage solution should you use?

A. Amazon EFS
B. Amazon S3 with Object Locking
C. Amazon S3
D. Amazon Glacier

Answer:
B. Amazon S3 with Object Locking
Explanation: S3 with Object Locking ensures that the logs cannot be modified or deleted for the specified retention period, meeting compliance requirements.

Question 8:
You are running a database on Amazon RDS, and you want to replicate the database to a secondary region for disaster recovery. Which AWS service should you use?

A. AWS Database Migration Service
B. Amazon RDS Read Replicas
C. Amazon Aurora Global Databases
D. Amazon RDS Multi-AZ

Answer:
C. Amazon Aurora Global Databases
Explanation: Aurora Global Databases allows cross-region replication for disaster recovery in case of a region failure.

Question 9:
Your application stores data in Amazon RDS. To improve database performance during peak usage, which feature should you enable?

A. RDS Auto Scaling
B. RDS Multi-AZ
C. Read Replicas
D. Aurora Serverless

Answer:
C. Read Replicas
Explanation: Read Replicas offload read queries from the primary database, improving performance during peak usage.

Question 10:
You need to automate the deployment of infrastructure and applications using templates. Which AWS service should you use?

A. AWS CloudFormation
B. AWS Lambda
C. AWS CodeDeploy
D. Amazon EC2 Auto Scaling

Answer:
A. AWS CloudFormation
Explanation: AWS CloudFormation allows you to define infrastructure as code and automate the provisioning and deployment of AWS resources.

Question 11:
Which AWS service would you use to create a highly available, scalable content delivery network (CDN) for your website?

A. Amazon S3
B. AWS Direct Connect
C. Amazon CloudFront
D. Amazon Route 53

Answer:
C. Amazon CloudFront
Explanation: Amazon CloudFront is a global CDN service that caches content at edge locations, improving content delivery performance and availability.

Question 12:
You need to ensure that an Amazon EC2 instance is automatically terminated after a specified period. Which feature would you use?

A. EC2 Auto Scaling
B. AWS Lambda
C. EC2 Spot Instances
D. EC2 Instance Lifecycle Policies

Answer:
B. AWS Lambda
Explanation: You can use AWS Lambda to automate the termination of an EC2 instance after a specific time using scheduled events.

Question 13:
Which AWS service helps you manage and monitor security compliance and auditing for your AWS environment?

A. AWS CloudTrail
B. AWS Config
C. AWS IAM
D. AWS KMS

Answer:
B. AWS Config
Explanation: AWS Config allows you to track resource configurations, monitor changes, and evaluate compliance with security standards.

Question 14:
You are using Amazon RDS for a production database. To protect your database from data loss, you want to create daily backups of the database. What should you do?

A. Enable Multi-AZ deployments
B. Create automated snapshots
C. Create manual backups every day
D. Enable RDS Read Replicas

Answer:
B. Create automated snapshots
Explanation: Amazon RDS provides automated snapshots to back up your database at regular intervals, providing data protection and recovery.

Question 15:
You need to create an isolated network environment in AWS to host your web application and database. Which service would you use?

A. Amazon VPC
B. AWS VPN
C. AWS Direct Connect
D. AWS CloudFormation

Answer:
A. Amazon VPC
Explanation: Amazon Virtual Private Cloud (VPC) allows you to create a logically isolated network environment where you can host your AWS resources.

Question 16:
Which of the following is the best option for a cost-effective storage solution for infrequently accessed data?

A. Amazon S3 Standard
B. Amazon EBS
C. Amazon S3 Glacier
D. Amazon S3 Intelligent-Tiering

Answer:
C. Amazon S3 Glacier
Explanation: Amazon S3 Glacier is a low-cost storage option designed for infrequently accessed data with retrieval times of several hours.

Question 17:
You are building a web application that requires low-latency access to data stored in Amazon S3. Which storage class should you use?

A. Amazon S3 Glacier
B. Amazon S3 Standard-IA
C. Amazon S3 Standard
D. Amazon S3 One Zone-IA

Answer:
C. Amazon S3 Standard
Explanation: The S3 Standard storage class is designed for frequently accessed data and offers low-latency access.

Question 18:
Which AWS service should you use to store and retrieve sensitive data such as API keys and database credentials?

A. Amazon S3
B. AWS Key Management Service
C. AWS Secrets Manager
D. Amazon EC2

Answer:
C. AWS Secrets Manager
Explanation: AWS Secrets Manager securely stores and manages sensitive information, such as API keys, database credentials, and other secrets.

Question 19:
You need to implement a solution that automatically distributes traffic to multiple EC2 instances running an application. Which service should you use?

A. AWS Lambda
B. Amazon CloudFront
C. Elastic Load Balancer (ELB)
D. AWS WAF

Answer:
C. Elastic Load Balancer (ELB)
Explanation: ELB automatically distributes incoming traffic across multiple EC2 instances to ensure high availability and fault tolerance.

Question 20:
Your company requires that all AWS resources be tagged with specific metadata. Which AWS service can enforce this requirement?

A. AWS CloudTrail
B. AWS Config
C. AWS Organizations
D. AWS Resource Groups

Answer:
B. AWS Config
Explanation: AWS Config allows you to track and enforce tagging rules across resources, ensuring compliance with tagging requirements.

Question 21:
You are setting up a highly available architecture for your application. You want to ensure that the application remains available even if one of your Availability Zones experiences an outage. Which of the following services should you use to distribute traffic across multiple Availability Zones?

A. AWS Direct Connect
B. Elastic Load Balancer (ELB)
C. AWS WAF
D. Amazon CloudFront

Answer:
B. Elastic Load Balancer (ELB)
Explanation: ELB automatically distributes incoming traffic across multiple Availability Zones, ensuring high availability and fault tolerance.

Question 22:
You are designing a web application that stores large files in Amazon S3. You want to ensure that the data is encrypted at rest. Which encryption method should you use?

A. Server-Side Encryption with S3-Managed Keys (SSE-S3)
B. Client-Side Encryption with your own keys
C. Server-Side Encryption with AWS Key Management Service (SSE-KMS)
D. None of the above

Answer:
C. Server-Side Encryption with AWS Key Management Service (SSE-KMS)
Explanation: SSE-KMS provides more control over encryption keys and is recommended for sensitive data encryption.

Question 23:
You need to deploy a multi-tier application in AWS and want to ensure that each tier is isolated from the others. Which AWS feature would allow you to create this isolated environment?

A. Amazon VPC
B. AWS Direct Connect
C. AWS CloudFormation
D. AWS Config

Answer:
A. Amazon VPC
Explanation: Amazon Virtual Private Cloud (VPC) allows you to create isolated network environments within AWS for different application tiers.

Question 24:
Which AWS service can be used to automatically scale the number of EC2 instances based on real-time demand?

A. AWS Auto Scaling
B. AWS Lambda
C. Amazon RDS
D. Amazon EC2 Spot Instances

Answer:
A. AWS Auto Scaling
Explanation: AWS Auto Scaling automatically adjusts the number of EC2 instances based on real-time metrics like CPU utilization or network traffic.

Question 25:
You are working with an Amazon RDS database, and you want to automatically back up your database. Which feature should you enable?

A. RDS Backup Manager
B. Automated backups
C. Snapshots
D. Multi-AZ deployments

Answer:
B. Automated backups
Explanation: Amazon RDS offers automated backups that allow you to restore your database to any point in time within the retention period.

Question 26:
Your company needs to store large amounts of historical data that is infrequently accessed. Which AWS storage service is best suited for this use case?

A. Amazon S3 Standard
B. Amazon S3 Glacier
C. Amazon EFS
D. Amazon RDS

Answer:
B. Amazon S3 Glacier
Explanation: Amazon S3 Glacier is a low-cost storage solution optimized for infrequent access and long-term archival storage.

Question 27:
Which of the following Amazon EC2 instance types is best suited for compute-intensive applications such as scientific simulations?

A. T3 Instances
B. M5 Instances
C. C5 Instances
D. R5 Instances

Answer:
C. C5 Instances
Explanation: C5 instances are designed for compute-intensive workloads and provide high-performance processors suitable for scientific simulations and similar tasks.

Question 28:
You need to ensure that traffic to your application is only allowed over HTTPS. Which AWS service should you use to enforce this?

A. Amazon VPC
B. AWS WAF
C. Elastic Load Balancer (ELB)
D. AWS Shield

Answer:
C. Elastic Load Balancer (ELB)
Explanation: You can configure an Application Load Balancer (ALB) to only accept HTTPS traffic by configuring an HTTPS listener and redirecting HTTP traffic to HTTPS.

Question 29:
You are hosting a website on Amazon EC2 instances behind an Elastic Load Balancer (ELB). Which of the following should you use to automatically redirect HTTP traffic to HTTPS?

A. Amazon Route 53
B. Amazon CloudFront
C. Elastic Load Balancer (ELB)
D. AWS WAF

Answer:
C. Elastic Load Balancer (ELB)
Explanation: You can configure the Application Load Balancer (ALB) to redirect HTTP traffic to HTTPS, ensuring secure connections to your website.

Question 30:
You are migrating a legacy application to AWS, and the application requires a relational database. Which AWS service is best suited for this application?

A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift

Answer:
A. Amazon RDS
Explanation: Amazon RDS is a managed relational database service that supports multiple database engines like MySQL, PostgreSQL, and Oracle, making it suitable for legacy applications.

Question 31:
Which AWS service should you use to monitor and collect log data from AWS resources in near real-time?

A. AWS CloudTrail
B. Amazon CloudWatch Logs
C. AWS Config
D. Amazon CloudFront

Answer:
B. Amazon CloudWatch Logs
Explanation: CloudWatch Logs allows you to monitor and collect log data from your AWS resources in real time.

Question 32:
You need to implement a disaster recovery solution that ensures a copy of your Amazon RDS database is available in another region. Which solution should you implement?

A. Amazon RDS Multi-AZ
B. Amazon Aurora Global Databases
C. Amazon RDS Read Replicas in another region
D. AWS Database Migration Service (DMS)

Answer:
C. Amazon RDS Read Replicas in another region
Explanation: RDS Read Replicas can be used across regions for disaster recovery and to improve read performance.

Question 33:
You need to design an application that scales dynamically to meet traffic demands. Which AWS service will automatically scale your resources based on traffic patterns?

A. Amazon EC2
B. AWS Lambda
C. AWS Auto Scaling
D. Amazon S3

Answer:
C. AWS Auto Scaling
Explanation: AWS Auto Scaling automatically adjusts the number of EC2 instances or resources in other AWS services based on traffic demands.

Question 34:
Your organization requires that all AWS resources be encrypted in transit. Which feature should you enable to ensure encryption in transit for data between Amazon EC2 instances?

A. AWS Direct Connect
B. VPC Peering
C. TLS/SSL
D. Amazon S3 Transfer Acceleration

Answer:
C. TLS/SSL
Explanation: Transport Layer Security (TLS) or Secure Sockets Layer (SSL) can be used to encrypt data in transit between EC2 instances, ensuring secure communication.

Question 35:
You want to create a private subnet within your Amazon VPC that does not have direct internet access. How can you achieve this?

A. Create a VPC with no internet gateway and assign private IP addresses
B. Create a VPC with a NAT gateway and associate it with the subnet
C. Create a VPC with a direct connection to AWS Direct Connect
D. Create a VPC and use AWS Lambda to handle all internet traffic

Answer:
A. Create a VPC with no internet gateway and assign private IP addresses
Explanation: A private subnet does not have access to the internet unless you configure a NAT gateway or internet gateway.

Question 36:
Which AWS service can help you prevent DDoS attacks and protect your resources from malicious traffic?

A. AWS WAF
B. AWS Shield
C. AWS Direct Connect
D. Amazon VPC

Answer:
B. AWS Shield
Explanation: AWS Shield provides protection against Distributed Denial of Service (DDoS) attacks and helps protect AWS resources from malicious traffic.

Question 37:
You need to store data that must be readily accessible, but you want to minimize costs. Which storage class would be most appropriate for this data?

A. Amazon S3 Glacier
B. Amazon S3 Standard
C. Amazon S3 One Zone-IA
D. Amazon S3 Intelligent-Tiering

Answer:
B. Amazon S3 Standard
Explanation: S3 Standard is the most cost-effective storage class for frequently accessed data and provides low-latency access.

Question 38:
Your application runs on multiple EC2 instances in an Auto Scaling group behind an Elastic Load Balancer (ELB). You want to ensure that traffic is distributed evenly across the instances. What should you configure?

A. ELB Health Checks
B. EC2 Auto Scaling policies
C. Elastic IPs
D. Load Balancer Listener Rules

Answer:
A. ELB Health Checks
Explanation: ELB health checks ensure that traffic is only sent to healthy EC2 instances, improving application performance and availability.

Question 39:
You need to migrate a large amount of data from on-premises storage to Amazon S3. Which AWS service should you use to simplify and accelerate the data transfer?

A. AWS DataSync
B. AWS Snowball
C. Amazon Kinesis
D. AWS Glue

Answer:
B. AWS Snowball
Explanation: AWS Snowball is a physical data transport solution that allows for fast and secure data transfer to AWS when dealing with large amounts of data.

Question 40:
You are designing a system that will automatically back up data stored in Amazon S3. Which AWS service can be used to schedule the backups?

A. AWS Lambda
B. Amazon S3 Lifecycle Policies
C. Amazon RDS Backup Scheduler
D. AWS CloudFormation

Answer:
B. Amazon S3 Lifecycle Policies
Explanation: Amazon S3 Lifecycle Policies allow you to automatically manage backups and data transitions based on predefined rules.

Question 41:
You need to create a solution to centrally manage multiple AWS accounts with consolidated billing. What AWS feature should you use?

A. AWS Control Tower
B. AWS Organizations
C. AWS IAM
D. AWS Billing Dashboard

Answer:
B. AWS Organizations
Explanation: AWS Organizations lets you centrally manage multiple AWS accounts, apply service control policies, and consolidate billing.

Question 42:
Which service allows you to run containerized applications without managing the underlying EC2 instances?

A. Amazon ECS with EC2 launch type
B. Amazon EC2
C. AWS Lambda
D. Amazon ECS with Fargate

Answer:
D. Amazon ECS with Fargate
Explanation: AWS Fargate allows you to run containers without managing EC2 instances, simplifying container management.

Question 43:
You need to set up an automatic notification when an EC2 instance state changes. Which service should you use?

A. AWS Lambda
B. Amazon SNS
C. Amazon CloudWatch Events
D. AWS Config

Answer:
C. Amazon CloudWatch Events
Explanation: CloudWatch Events can monitor EC2 state changes and trigger actions like sending notifications via SNS.

Question 44:
Which AWS service helps you analyze and debug distributed applications in production?

A. Amazon CloudWatch Logs
B. AWS X-Ray
C. AWS CloudTrail
D. AWS Inspector

Answer:
B. AWS X-Ray
Explanation: AWS X-Ray helps you analyze and debug distributed applications by tracking requests through services.

Question 45:
What feature of Amazon S3 helps prevent accidental deletion of objects?

A. S3 Replication
B. S3 Lifecycle
C. S3 Versioning
D. S3 Intelligent-Tiering

Answer:
C. S3 Versioning
Explanation: S3 Versioning protects objects by preserving, storing, and allowing rollback to previous versions.

Question 46:
A customer wants to optimize costs and run non-critical workloads at a lower price. Which EC2 instance type is most suitable?

A. On-Demand
B. Reserved
C. Spot
D. Dedicated Host

Answer:
C. Spot
Explanation: Spot Instances allow you to bid on unused EC2 capacity at significantly reduced prices, ideal for non-critical workloads.

Question 47:
You are building a highly available application. What should you deploy across multiple Availability Zones?

A. S3 Buckets
B. VPC Peering Connections
C. EC2 Instances behind an ELB
D. IAM Policies

Answer:
C. EC2 Instances behind an ELB
Explanation: Deploying EC2 instances behind an ELB across multiple Availability Zones ensures high availability and fault tolerance.

Question 48:
Which AWS service provides DNS and domain name registration?

A. Amazon EC2
B. Amazon Route 53
C. Amazon CloudFront
D. AWS Directory Service

Answer:
B. Amazon Route 53
Explanation: Amazon Route 53 is a scalable DNS and domain name registration service.

Question 49:
Which AWS service allows you to define infrastructure as code?

A. Amazon CloudWatch
B. AWS Lambda
C. AWS CloudFormation
D. Amazon S3

Answer:
C. AWS CloudFormation
Explanation: AWS CloudFormation lets you model and set up your AWS resources using code (YAML/JSON templates).

Question 50:
Your EC2 instance needs to access an S3 bucket. What’s the best way to grant permissions?

A. Use Access Keys and Secret
B. Attach an IAM Role to the EC2 instance
C. Add permissions to the S3 bucket policy only
D. Create an IAM user for EC2

Answer:
B. Attach an IAM Role to the EC2 instance
Explanation: IAM roles are the secure and recommended way for granting permissions to EC2 instances to access AWS resources.

Question 51:
Which AWS service can provide a caching layer to improve application performance?

A. Amazon DynamoDB
B. Amazon RDS
C. Amazon ElastiCache
D. Amazon Redshift

Answer:
C. Amazon ElastiCache
Explanation: ElastiCache provides in-memory caching using Redis or Memcached to reduce database load and latency.

Question 52:
Which service helps automatically recover EC2 instances if they fail a status check?

A. AWS Auto Scaling
B. Elastic Load Balancer
C. Amazon CloudWatch Alarm with EC2 Recovery
D. AWS Lambda

Answer:
C. Amazon CloudWatch Alarm with EC2 Recovery
Explanation: You can use CloudWatch Alarms to trigger EC2 recovery actions when an instance fails status checks.

Question 53:
Which type of Elastic Load Balancer works at the application layer (HTTP/HTTPS)?

A. Network Load Balancer
B. Application Load Balancer
C. Classic Load Balancer
D. TCP Load Balancer

Answer:
B. Application Load Balancer
Explanation: ALB operates at Layer 7 (HTTP/HTTPS) and provides advanced routing capabilities for web applications.

Question 54:
What service helps you determine whether AWS resources comply with your organization’s policies?

A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Config
D. AWS Inspector

Answer:
C. AWS Config
Explanation: AWS Config continuously monitors and records your AWS resource configurations and evaluates compliance.

Question 55:
How can you make sure a database in RDS is highly available?

A. Deploy in a single AZ
B. Use Multi-AZ deployments
C. Enable Auto Scaling
D. Attach an IAM role

Answer:
B. Use Multi-AZ deployments
Explanation: Multi-AZ deployments in RDS provide high availability and automatic failover in case of instance failure.

Question 56:
What is the purpose of a NAT Gateway?

A. To route internal traffic within a VPC
B. To allow private subnets to access the internet
C. To allow external users to connect to EC2 instances
D. To log network activity

Answer:
B. To allow private subnets to access the internet
Explanation: NAT Gateways enable instances in private subnets to initiate outbound internet traffic while remaining inaccessible from the internet.

Question 57:
You want to schedule regular tasks without managing servers. What service should you use?

A. Amazon EC2
B. AWS Lambda
C. Amazon CloudWatch Events + Lambda
D. AWS Batch

Answer:
C. Amazon CloudWatch Events + Lambda
Explanation: Use CloudWatch Events to schedule tasks and trigger Lambda functions without managing infrastructure.

Question 58:
What is the default maximum number of VPCs per region?

A. 2
B. 5
C. 10
D. 20

Answer:
B. 5
Explanation: AWS allows up to 5 VPCs per region by default, but you can request a limit increase.

Question 59:
Which storage option is best for a file system that multiple EC2 instances must access at the same time?

A. Amazon S3
B. Amazon EBS
C. Amazon Glacier
D. Amazon EFS

Answer:
D. Amazon EFS
Explanation: EFS provides a shared file system that can be mounted on multiple EC2 instances simultaneously.

Question 60:
Which feature of AWS CloudTrail allows you to detect unusual API activity?

A. Event history
B. Insights
C. Metrics
D. Logs

Answer:
B. Insights
Explanation: CloudTrail Insights helps detect unusual operational activity in your AWS environment.

Question 61:
Which AWS service allows you to decouple microservices?

A. Amazon SNS
B. Amazon SQS
C. AWS Step Functions
D. Amazon RDS

Answer:
B. Amazon SQS
Explanation: SQS is a message queue service that allows microservices to communicate asynchronously, promoting loose coupling.

Question 62:
Which AWS storage is ideal for data archiving and long-term backup?

A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EFS

Answer:
B. Amazon Glacier
Explanation: Amazon Glacier (now S3 Glacier) is designed for infrequent access and long-term data archiving at low cost.

Question 63:
Which database service is best suited for a serverless architecture?

A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift

Answer:
B. Amazon DynamoDB
Explanation: DynamoDB is a fully managed, serverless NoSQL database that scales automatically.

Question 64:
Which AWS service helps you analyze logs, metrics, and set alarms?

A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Config
D. Amazon Athena

Answer:
B. Amazon CloudWatch
Explanation: CloudWatch collects logs, metrics, and events for real-time monitoring and alerting.

Question 65:
What does AWS use to isolate resources within a region?

A. Edge Locations
B. Availability Zones
C. Regions
D. Subnets

Answer:
B. Availability Zones
Explanation: Availability Zones (AZs) are isolated data centers within a region to ensure fault tolerance.

Question 66:
Which AWS service can help mitigate DDoS attacks?

A. AWS IAM
B. Amazon GuardDuty
C. AWS WAF
D. AWS Shield

Answer:
D. AWS Shield
Explanation: AWS Shield provides automatic DDoS protection for AWS resources.

Question 67:
A company wants to reduce the latency for global users. Which service should they use?

A. Amazon CloudFront
B. Amazon S3 Transfer Acceleration
C. AWS Direct Connect
D. Amazon Route 53

Answer:
A. Amazon CloudFront
Explanation: CloudFront is a CDN that delivers content with low latency using edge locations worldwide.

Question 68:
Which AWS service provides automated security assessments?

A. AWS Inspector
B. AWS Shield
C. AWS Config
D. Amazon Macie

Answer:
A. AWS Inspector
Explanation: Inspector automatically assesses EC2 instances for vulnerabilities and deviations from best practices.

Question 69:
What service provides a virtual firewall for your Amazon VPC?

A. AWS WAF
B. AWS Security Groups
C. AWS Shield
D. Amazon Inspector

Answer:
B. AWS Security Groups
Explanation: Security Groups act as virtual firewalls for your EC2 instances to control inbound and outbound traffic.

Question 70:
Which service allows you to automate the deployment of applications?

A. AWS CodeDeploy
B. AWS CloudTrail
C. Amazon SNS
D. Amazon SQS

Answer:
A. AWS CodeDeploy
Explanation: CodeDeploy automates application deployment to EC2, Lambda, or on-premise servers.

Question 71:
What is the best storage class for data that is accessed once a month?

A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Glacier
D. S3 Standard-IA

Answer:
D. S3 Standard-IA
Explanation: S3 Standard-IA is cost-effective for infrequently accessed data with rapid retrieval.

Question 72:
Which service provides a customizable dashboard for monitoring resources?

A. Amazon CloudWatch
B. AWS Config
C. AWS Trusted Advisor
D. Amazon Inspector

Answer:
A. Amazon CloudWatch
Explanation: CloudWatch provides custom dashboards to monitor AWS resources and applications.

Question 73:
You want to allow users to log into your application using their Facebook credentials. Which AWS service helps with this?

A. Amazon Cognito
B. AWS IAM
C. Amazon GuardDuty
D. AWS SSO

Answer:
A. Amazon Cognito
Explanation: Cognito enables user sign-up, sign-in, and access control, and supports social identity providers.

Question 74:
Which service provides a highly available and scalable Domain Name System?

A. Amazon VPC
B. Amazon Route 53
C. Amazon CloudFront
D. AWS IAM

Answer:
B. Amazon Route 53
Explanation: Route 53 provides DNS service and health checking with high availability.

Question 75:
Which EC2 pricing model is best for steady-state, predictable workloads?

A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Dedicated Hosts

Answer:
C. Reserved Instances
Explanation: Reserved Instances provide a significant discount for workloads with long-term, predictable usage.

Question 76:
How can you protect sensitive data stored in Amazon S3?

A. Enable CloudTrail
B. Encrypt using S3 Default Encryption
C. Use NAT Gateway
D. Enable Multi-AZ replication

Answer:
B. Encrypt using S3 Default Encryption
Explanation: S3 Default Encryption ensures that all new objects are automatically encrypted.

Question 77:
Which service automatically distributes incoming application traffic across multiple targets?

A. Amazon EC2
B. AWS Auto Scaling
C. Elastic Load Balancer
D. AWS Route 53

Answer:
C. Elastic Load Balancer
Explanation: ELB distributes incoming traffic across multiple targets (e.g., EC2 instances) in one or more AZs.

Question 78:
Which AWS service helps migrate databases to AWS easily?

A. AWS Migration Hub
B. AWS Database Migration Service (DMS)
C. AWS Data Pipeline
D. AWS Glue

Answer:
B. AWS Database Migration Service (DMS)
Explanation: DMS helps migrate databases from on-premises or between AWS services with minimal downtime.

Question 79:
How do you securely connect your on-premises network to AWS?

A. VPC Peering
B. AWS Direct Connect
C. Internet Gateway
D. NAT Gateway

Answer:
B. AWS Direct Connect
Explanation: Direct Connect establishes a dedicated, secure network connection between your data center and AWS.

Question 80:
What is the purpose of a subnet in a VPC?

A. Store data
B. Segment the VPC network
C. Route internet traffic
D. Protect from DDoS

Answer:
B. Segment the VPC network
Explanation: Subnets divide the VPC network into smaller segments and define public/private zones.

Question 81:
Which AWS service helps to enforce tagging policies across accounts?

A. AWS IAM
B. AWS Resource Groups
C. AWS Organizations
D. AWS Config

Answer:
D. AWS Config
Explanation: AWS Config allows you to audit and evaluate configurations, including compliance with tagging policies.

Question 82:
Which EC2 instance type is optimized for memory-intensive applications?

A. M series
B. T series
C. C series
D. R series

Answer:
D. R series
Explanation: R-series EC2 instances are memory-optimized, ideal for large-scale memory-intensive applications.

Question 83:
You need to host a static website. What service is best suited?

A. Amazon EC2
B. Amazon S3
C. Amazon RDS
D. Amazon EFS

Answer:
B. Amazon S3
Explanation: S3 supports static website hosting with high durability and low cost.

Question 84:
Which service detects threats using ML and anomaly detection?

A. Amazon Macie
B. AWS Shield
C. AWS GuardDuty
D. AWS WAF

Answer:
C. AWS GuardDuty
Explanation: GuardDuty uses ML to identify threats like reconnaissance, credential misuse, and anomalous behavior.

Question 85:
Which AWS service helps implement Blue/Green deployments?

A. AWS CloudFormation
B. AWS CodeDeploy
C. AWS CodeCommit
D. AWS CodePipeline

Answer:
B. AWS CodeDeploy
Explanation: CodeDeploy supports Blue/Green deployments, reducing downtime and risk.

Question 86:
A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data
that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.
The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must
minimize operational complexity.
Which solution meets these requirements?
A. Turn on S3 Transfer Acceleration on the destination S3 bucket. Use multipart uploads to directly upload site data to the destination S3
bucket.
B. Upload the data from each site to an S3 bucket in the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3
bucket. Then remove the data from the origin S3 bucket.
C. Schedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region. Use S3 Cross-
Region Replication to copy objects to the destination S3 bucket.
D. Upload the data from each site to an Amazon EC2 instance in the closest Region. Store the data in an Amazon Elastic Block Store (Amazon
EBS) volume. At regular intervals, take an EBS snapshot and copy it to the Region that contains the destination S3 bucket. Restore the EBS
volume in that Region.

Answer:
A. Turn on S3 Transfer Acceleration on the destination S3 bucket. Use multipart uploads to directly upload site data to the destination S3 bucket.