Welcome to the FREE AWS Cloud Certification Practice Exam page.

These exams are provided solely as a courtesy for your learning pleasure.

These exams are updated monthly however we will not provide support on these. Updated 10/24/2019

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

AWS Security Specialization Exam

2

AWS Certified Security Specialty Exam #1

FREE AWS Certified Security Specialty Practice Questions Exam 1

1 / 10

A threat assessment has identified a risk whereby an internal employee could exfiltrate sensitive data from production host running inside AWS (Account 1). The threat was documented as follows:
Threat description: A malicious actor could upload sensitive data from Server X by configuring credentials for an AWS account (Account 2) they control and uploading data to an Amazon S3 bucket
within their control. Server M has outbound internet access configured via a proxy server. Legitimate access to S3 is required so that the application can upload encrypted files to an S3 bucket. Server X is currently using an IAM
instance role. The proxy server is not able to inspect any of the server communication due to TLS
encryption. Which of the following options will mitigate the threat? (Choose two.)

2 / 10

A Systems Engineer has been tasked with configuring outbound mail through Simple Email Service (SES) and requires compliance with current TLS standards.
The mail application should be configured to connect to which of the following endpoints and corresponding ports?

3 / 10

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located
in private subnets. How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose
two.)

4 / 10

The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this? (Select One)

5 / 10

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done
within AWS?

6 / 10

A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?

7 / 10

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports.
The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of
an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should you take as a security expert take to satisfy the security requirements requested by the
CISO?

8 / 10

Your job is as a Solutions Architect that is designing a solution that includes a managed VPN connection. You need to monitor whether the VPN connection is up or down. What would you use to monitor availability?. Select One

9 / 10

Your company is hosting a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the internet.
Which of the following options would achieve these requirements? (Select Two.)

10 / 10

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.
How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

Your score is


2

AWS Certified Security Specialty Exam #2

FREE AWS Certified Security Specialty Practice Questions Exam 2

1 / 2

The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this? (Select One)

2 / 2

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done
within AWS?

Your score is


AWS Associate Cloud Architect Exam

0 votes, 0 avg
12

You have 30 Minutes to complete


Created on By holbrookjp

AWS Certified Solutions Architect – Associate SAA-C01 Practice Exam 1

FREE AWS Certified Solutions Architect – Associate Practice Exam . There are 20 questions per exam.

If you feel you need more questions please go to my Udemy page link below for discount practice exams.

1 / 20

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

2 / 20

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

3 / 20

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?

4 / 20

What is “bootstrapping” in the world of AWS EC2 instances considered? Select One

5 / 20

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

6 / 20

How many tags can an AWS S3 object have assigned to it?

7 / 20

What is the maximum number of security groups we assign to an EC2 instance?

8 / 20

You have been advised your enterprise must now meet strict compliance standards. This means that the company must have encrypted archival data storage and will be audited. Data will be
accessed infrequently and may be recovered. The company requires that the storage be secure, durable and provided at the most cost effective solution on AWS available.
What type of storage should be specified? Select One

9 / 20

What S3 related parameters would you configure on S3 objects to ensure limits on the user base who can access S3 objects?

10 / 20

In the shared security model the customer and the provider (AWS) have responsibilities for securing resources.  What is a requirement that AWS does not handle for the customer? Select One

11 / 20

Your installing a new software and it has a constraint to use a dedicated host in AWS? What type of software would this be?

12 / 20

What object property defines the performance you will get when reading and writing to the object?

13 / 20

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

14 / 20

What are two benefits of using a shared tenancy for you VMs in AWS?  Select Two

15 / 20

Your company is using AWS to host a two-tier application that consists of a publicly accessible web server that communicates with an on premises database.  Your CISO has warned you to only HTTPS port 443 traffic to the web server from the internet. Which twp options will meet these requirements? (Select Two.)

16 / 20

A company has publicly hosted web applications and an internal Intranet protected by a proxy and a firewall.

Which technique will help protect against enumeration?  Select One

17 / 20

Shared tenancy is the default instance hosting method with EC2. True or False?

18 / 20

You just created a new S3 bucket and added objects. Your NAS administrator is a bit confused and cant understand why there is no obvious hierarchy.  What can you do to create a folder like view? Select One.

19 / 20

Which are the follow three items are true about AWS security groups? Select Three

20 / 20

S3 is accessed by Application Programming Interfaces (API) and you are being asked by the developer on the project your consulting about the type of API used.  What API type do you tell them?

Your score is

The average score is 29%

0%


0%
0 votes, 0 avg
3

You have 90 Minutes to complete the exam.


Created on By holbrookjp

AWS Certified Solutions Architect – Associate SAA-C01 Practice Exam 2

FREE AWS Certified Solutions Architect – Associate Practice Exam . There is 50 questions in this exam

If you feel you need more questions please go to my Udemy page link below for discount practice exams.

1 / 50

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

2 / 50

You customer has a heavy load on an RDS data instance. You want to avoid the overhead and cost of upgrading the instance to a larger instance size. What other options should you consider? (Choose two.)

3 / 50

Which instance type is ideal for an application that suffers numerous spikes in usage at unpredictable times?

4 / 50

How does the cost of standard reserved instances compare with the cost of on-demand instances?

5 / 50

What is the default visibility of a newly created S3 bucket?

6 / 50

Which of the following protocols is not commonly used in VPNs? Select One

7 / 50

Which of the following statements are true about RDS? Select Two

8 / 50

How long does a typical Glacier data retrieval take?

9 / 50

Which of the following statements regarding EBS volumes and EC2 instances would not be correct?

10 / 50

An internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are
deployed evenly across two Availably Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the Internet. These
instances are not assigned with public IP addresses.
Which component poses a potential single point of failure in this architecture?

11 / 50

A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when the database is under load.
How should the database environment be re-designed to resolve the IOPS fluctuation?

12 / 50

By default, how long do edge locations cache objects?

13 / 50

Which of the following does a Multi-AZ RDS setup address? (Choose two.)

14 / 50

Which of the following are valid reasons for using Multipart Upload for uploading objects to S3? (Choose two.)

15 / 50

Which of the following routing policies chooses a route for a user based on the latency of the available region to which traffic can be directed?

16 / 50

Which of the following are available to use as an EBS boot volume? (Choose two.)

17 / 50

There appears to be an issue an RDS. You would like to access an RDS instance to troubleshoot operating system problems? What do you use?

18 / 50

Which of the following selections will provide performance improvements in an RDS instance that is currently overloaded? (Choose two.)

19 / 50

Your customer has stated they need to transfer 30 TB of data into S3 and want to avoid lengthy network exchanges and network saturation. What option would provide your customer with inexpensive data transfer at a large scale?

20 / 50

How can you control access to S3 buckets and objects?  Select Three

21 / 50

You have decided to create peering configuration for two VPCs.  What are the two terms used to describe both the initiator and the receiver of the request in AWS?

22 / 50

You are working on increasing performance for an application that routinely sees traffic spikes between 8am and 10am every day.  However, even with Auto Scaling policies, load increases so quickly that response times impact the user experience. Without knowing anything more than this about what the traffic surge represents, how could you most easily and efficiently ensure that your application can respond to these surges?

23 / 50

Which of the following are SQL-based options in RDS? (Choose two.)

24 / 50

You would like to understand why your AWS monthly spending is continuing to grow so you can explain where the money is being wasted to your CIO.  What tool would provide insight into this challenge?

25 / 50

A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key
drivers for this system include high availability is not required. What is the MOST cost-effective way to purchase compute for this platform?

26 / 50

You are an architect working on adding scalability to an application based on EC2 instances within a public-facing VPC. You want the maximum amount of flexibility in weighting and load balancing options, as you plan to experiment with various routing types to see which handles load most evenly. Which type of load balancer should you use?

27 / 50

You are deploying this new application in AWS and would like to ensure the workload can perform extremely well and consistently? What EBS volume would you select?

28 / 50

You would like to more features in Trusted Adviser. Currently, you have developer support and need to upgrade to the next level of support to unlock more features of Trusted Adviser.  What level is above Developer?

29 / 50

Which of the following need to be considered across all regions in your account? (Choose two.)

30 / 50

Your CTO has asked about how AWS charges for use of it services.  He would like to understand actions that incur costs within AWS. (Choose two.)

31 / 50

Each EC2 instance in the VPC has an interface.  What is this interface called?

32 / 50

Your currently designing a new AWS configuration and would like to interconnect your VPCs and your on premises You want to connect multiple VPC and want to manage as one connection.  What would be the AWS service you could select that would meet these requirements?

33 / 50

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

34 / 50

Which of the following S3 storage classes has the highest availability?

35 / 50

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

36 / 50

Your company needs a storage solution that can support millions of customers accessing billing data. The data should be instantly accessible for users, but individual bills are not accessed that often. What is the most cost-efficient storage for this use case?

37 / 50

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

38 / 50

Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence.
The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance, you recently added a single-node Memcached ElastiCache Cluster to cache
frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application
with the anticipated additional load? Why?

39 / 50

Which of the following provide ways to automate the backup of your RDS database? (Choose two.)

40 / 50

Your company is storing data on Amazon Simple Storage Service (S3) and your CIO is mandating that data is encrypted at rest. How can this be achieved? Select Three

41 / 50

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must
be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

42 / 50

What are the two types of VPNs that would be used in AWS? (Select Two)

43 / 50

A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand end the company is considering a move to the cloud.
Which solution should a Solutions Architect recommend as me MOST scalable and cost- effective solution to meet these needs?

44 / 50

Which of the following statements are true about edge and region locations? (Choose two.)

45 / 50

Your CIO has summoned you into the office on a Friday afternoon since he received the AWS cloud spend bill for last month. He wants to setup an alert that goes to him when a threshold has been exceeded.   What tool could you use to enable this request?

46 / 50

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. (Choose Two)

47 / 50

Which of the following are valid domain names for S3 buckets? (Choose two.)

48 / 50

Your customer has compared prices between spot instances and reserved instances. The customer would like to know why they should NOT use spot instances. What are two reasons. (Select Two)

49 / 50

What type of replication occurs in a read replica RDS setup?

50 / 50

What is the smallest file size that can be stored on standard class S3?

Your score is

The average score is 46%

0%


AWS Class Final Practice Exam

0%
2

You have two hours to complete the exam. Good Luck


Created on By holbrookjp

AWS Certified Solutions Architect – Associate SAA-C01 Course Final Practice Exam

FREE AWS Certified Solutions Architect – Associate Practice Exam . There are 65 questions in this exam

If you feel you need more questions please go to my Udemy page link below for discount practice exams.

1 / 65

Which of the following routing policies chooses a route for a user based on the latency of the available region to which traffic can be directed?

2 / 65

Your company is using AWS to host a two-tier application that consists of a publicly accessible web server that communicates with an on premises database.  Your CISO has warned you to only HTTPS port 443 traffic to the web server from the internet. Which twp options will meet these requirements? (Select Two.)

3 / 65

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

4 / 65

Which of the following need to be considered across all regions in your account? (Choose two.)

5 / 65

Which of the following is a valid routing policies for Route 53?

6 / 65

Which of the following selections will provide performance improvements in an RDS instance that is currently overloaded? (Choose two.)

7 / 65

Which of the following statements are true about edge and region locations? (Choose two.)

8 / 65

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

9 / 65

Which of the following are valid S3 request headers? (Choose two.)

10 / 65

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

11 / 65

Which of the following statements are true about RDS? Select Two

12 / 65

Which of the following are valid reasons to use read replication in RDS? (Choose two.)

13 / 65

What type of media distribution on CloudFront should you use for video media streaming?

14 / 65

Which of the following AWS-defined IAM policies offer read and write access to the S3 and EC2 services? (Select Two)

15 / 65

Reffering to the graphic…… If all of the following inbound rules existed on a custom NACL, would SSH traffic be allowed?

 

Question Image

16 / 65

You have been advised your enterprise must now meet strict compliance standards. This means that the company must have encrypted archival data storage and will be audited. Data will be
accessed infrequently and may be recovered. The company requires that the storage be secure, durable and provided at the most cost effective solution on AWS available.
What type of storage should be specified? Select One

17 / 65

Which of the following are a collection of permissions in IAM?

18 / 65

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must
be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

19 / 65

Your currently considering using CloudFormation for templating your resources in AWS.   What are the two supported formats for templates?

20 / 65

You would like deploy a centralized management of users in AWS for your companies cloud resources in AWS.  What are the two options to accomplish this?

21 / 65

By default, how long do edge locations cache objects?

22 / 65

How many domain names can you manage using Route53?

23 / 65

You have decided to create peering configuration for two VPCs.  What are the two terms used to describe both the initiator and the receiver of the request in AWS?

24 / 65

What technology can you use to provide single sign-on to the AWS management console?

25 / 65

Reference the graphic for this question.

You just showed up a new cloud job and your being asked to evaluate the spreadsheet from the user. What report is this?

Question Image

26 / 65

Which of the following are valid domain names for S3 buckets? (Choose two.)

27 / 65

Which of the following take the place of a traditional firewall appliance in AWS? (Select Two)

28 / 65

What is the default visibility of a newly created S3 bucket?

29 / 65

What are two benefits of using a shared tenancy for you VMs in AWS?  Select Two

30 / 65

You are deploying this new application in AWS and would like to ensure the workload can perform extremely well and consistently? What EBS volume would you select?

31 / 65

You are currently being asked by your CIO to ensure that his emails can not be deleted. However, he also asks you to ensure that if they are accidentally deleted that there are audits that can identify this.  What are two options you can impose? Select Two

32 / 65

You just created a website called ipassedmyawsexam.com. You also would like to add other domains that are similiar such as ipassedmyawsexam.org as well so you’ve recently purchased the additional domains. What DNS record set would you use to point all the domains to the same domain (forward)?

33 / 65

Your customer has called on a Friday afternoon before you leave for home and is asking how why they can not provision more Elastic IPs in a region.  What do you tell them?

34 / 65

How can you control access to S3 buckets and objects?  Select Three

35 / 65

Which of the following protocols is not commonly used in VPNs? Select One

36 / 65

Shared tenancy is the default instance hosting method with EC2. True or False?

37 / 65

You must improve the performance of your existing DynamoDB database. Currently, you believe that CPU utilization is the biggest concern, although you are attempting to proactively provision additional resources rather than reacting to an existing load problem. Which of the following might be your approach?

38 / 65

Each EC2 instance in the VPC has an interface.  What is this interface called?

39 / 65

Which of the following does a Multi-AZ RDS setup address? (Choose two.)

40 / 65

What are the two types of VPNs that would be used in AWS? (Select Two)

41 / 65

Which of the following are SQL-based options in RDS? (Choose two.)

42 / 65

Your installing a new software and it has a constraint to use a dedicated host in AWS? What type of software would this be?

43 / 65

Your customer launched an EC2 instance that has two volumes attached which are

  1. Root
  2. An additional volume    (Both created with default settings)      What would happen to each volume when terminated?

44 / 65

In the shared security model the customer and the provider (AWS) have responsibilities for securing resources.  What is a requirement that AWS does not handle for the customer? Select One

45 / 65

Where is data stored when placed into S3-IA? (Choose two.)

46 / 65

Referring to the network diagram please specify the result for the customer if the following happened.  (Select Two)

1. Customer added a bastion host

2.  Customer accidentally removed the NAT Gateway

Question Image

47 / 65

Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence.
The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance, you recently added a single-node Memcached ElastiCache Cluster to cache
frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application
with the anticipated additional load? Why?

48 / 65

Your customer has asked about CloudFront and would like to have a short training on the subject. They would also like you to identify the pros and cons of using CloudFront.  What are two main advantages of using CloudFront?

49 / 65

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. (Choose Two)

50 / 65

How many availability zones (AZ) can a subnet span?

51 / 65

Which of the following provide ways to automate the backup of your RDS database? (Choose two.)

52 / 65

Which of the following are valid reasons for using Multipart Upload for uploading objects to S3? (Choose two.)

53 / 65

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?

54 / 65

You are auditing the EBS volumes of a number of EC2 instances running three web-facing data-intensive applications. You notice that a number of the volumes are configured as throughput optimized HDDs rather than general-purpose SSD or provisioned IOPS SSD. Why might this decision be appropriate? (Choose two.)

55 / 65

Which of the following S3 storage classes has the highest availability?

56 / 65

What is the maximum number of security groups we assign to an EC2 instance?

57 / 65

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

58 / 65

How long does a typical Glacier data retrieval take?

59 / 65

You have been tasked with setting up storage for an application that loads large photos from an existing RDS. These photos are then processed by a Lambda function and have metadata added, along with additional filters. The Lambda code is inexpensive and can easily be rerun if needed. You need to decide on where to store the photos once they have been processed. Each photo will likely be accessed between 1 and 5 times over the course of a month and should be quickly accessible. The chief driver for the application and your decision should be cost and user experience. What S3 storage class would you select?

60 / 65

Which are the follow three items are true about AWS security groups? Select Three

61 / 65

What is “bootstrapping” in the world of AWS EC2 instances considered? Select One

62 / 65

Your company is storing data on Amazon Simple Storage Service (S3) and your CIO is mandating that data is encrypted at rest. How can this be achieved? Select Three

63 / 65

You are responsible for building out an application that serves user bases in the USA, Canada, Brazil, Singapore and India.  You want to ensure that the company users receive localized content in their own area. Which of the following routing policies should you consider for this application in Route53?

64 / 65

Which of the following are available to use as an EBS boot volume? (Choose two.)

65 / 65

What type of replication occurs in a read replica RDS setup?

Your score is

The average score is 40%

0%


AWS Related Blog Posts

AWS Cloud Practitioner Exam Coming Soon

AWS Cloud Practitioner Exam Coming Soon

AWS Cloud Practitioner Exam

%d bloggers like this: