Home Guides Blogs Your Exams Certifications

    Exam: AWS Certified Solutions Architect - Associate

    Total Questions: 414
    Page of

    A DevOps engineer is planning to deploy a Ruby-based application to production. The application needs to interact with an Amazon RDS for MySQL database and should have automatic scaling and high availability. The stored data in the database is critical and should persist regardless of the state of the application stack.
    The DevOps engineer needs to set up an automated deployment strategy for the application with automatic rollbacks.

    The solution also must alert the application team when a deployment fails.
    Which combination of steps will meet these requirements? (Choose three.)

    A. Deploy the application on AWS Elastic Beanstalk. Deploy an Amazon RDS for MySQL DB instance as part of the Elastic Beanstalk configuration.
    B. Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk.
    C. Configure a notification email address that alerts the application team in the AWS Elastic Beanstalk
    configuration.
    D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor AWS Health events. Use an Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team.
    E. Use the immutable deployment method to deploy new application versions.
    F. Use the rolling deployment method to deploy new application versions.
    Answer: BCE ✅ Explanation ✅ B. Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk. -Why: Deploying the RDS instance outside of the Elastic Beanstalk environment ensures database persistence, even if the Elastic Beanstalk environment is deleted or re-provisioned. This separation protects critical data and aligns with best practices. ✅ D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor AWS Health events. Use an Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team. -Why: This allows automatic alerting to the application team in the event of deployment failure or other -AWS Health-related events. Using EventBridge + SNS provides a robust and scalable alerting mechanism. ✅ E. Use the immutable deployment method to deploy new application versions. -Why: Immutable deployments reduce the risk of downtime by provisioning a new set of instances for the new version. If deployment fails, AWS can automatically roll back to the previous version, making this method ideal for production environments requiring high availability and rollback support.

    A company has a legacy application running on AWS. The application can only run on one Amazon EC2 instance at a time. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance should be automatically restarted or relaunched if performance degrades.
    Which solution will satisfy these requirements?

    A. Create an Amazon CloudWatch alarm to monitor the EC2 instance. When the StatusCheckFailed system alarm is triggered, use the recover action to stop and start the instance. Use a trigger in Amazon S3 to push the metadata to the instance when it is back up and running.

    B. Use the auto healing feature in AWS OpsWorks to stop and start the EC2 instance. Use a lifecycle event in OpsWorks to pull the data from Amazon S3 and update it on the instance.

    C. Use the Auto Recovery feature in Amazon EC2 to automatically stop and start the EC2 instance in case of a failure. Use a trigger in Amazon S3 to push the metadata to the instance when it is back up and running.

    D. Use AWS CloudFormation to create an EC2 instance that includes the user-data property for the EC2
    resource. Add a command in user-data to retrieve the application metadata from Amazon S3.
    Answer: C ✅ Explanation ✅ C. Use the Auto Recovery feature in Amazon EC2 to automatically stop and start the EC2 instance in case of a failure. Use a trigger in Amazon S3 to push the metadata to the instance when it is back up and running. 🔍 Here's why C is correct: ❗ Requirements: Only one EC2 instance should be running. -It should automatically restart or relaunch if there's performance degradation. -On restart, the instance must retrieve metadata from Amazon S3. ✅ Why Option C fits: Auto Recovery in EC2 monitors the instance using CloudWatch alarms (based on StatusCheckFailed) and will automatically recover the instance (relaunch it on new hardware if needed). -Once restarted, you can use an S3 event trigger or a script in user-data to retrieve metadata from Amazon S3. -It ensures availability and data consistency without launching multiple instances (which is key for legacy apps limited to one instance).

    A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.

    Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

    A. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
    B. Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
    C. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
    D. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
    E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team’s group email address to the topic.
    F. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.
    Answer: ACE ✅Explanation: A. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail. This step detects when a new IAM user is created — which is the triggering event. ✅ C. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user. This ensures the IAM user's credentials are immediately disabled. You need both: Disabling access keys (if any were created) Deleting the login profile (prevents password-based access) ✅ E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team’s group email address to the topic. This ensures the security team is notified whenever a new IAM user is created. ✅

    You are doing a load testing exercise on your application hosted on AWS. While testing your Amazon RDS MySQL DB instance, you notice that when you hit 100% CPU utilization on it, your application becomes non- responsive. Your application is read-heavy.

    What are methods to scale your data tier to meet the application's needs? (Choose three.)

    A. Add Amazon RDS DB read replicas, and have your application direct read queries to them.
    B. Add your Amazon RDS DB instance to an Auto Scaling group and configure your CloudWatch metric based on CPU utilization.
    C. Use an Amazon SQS queue to throttle data going to the Amazon RDS DB instance.
    D. Use ElastiCache in front of your Amazon RDS DB to cache common queries.
    E. Shard your data set among multiple Amazon RDS DB instances.
    F. Enable Multi-AZ for your Amazon RDS DB instance.
    Answer: ADE ✅ Correct Answers: A. Add Amazon RDS DB read replicas, and have your application direct read queries to them. D. Use ElastiCache in front of your Amazon RDS DB to cache common queries. E. Shard your data set among multiple Amazon RDS DB instances. ✅Explanation of Correct Choices: A. Add Amazon RDS DB read replicas, and have your application direct read queries to them. Read replicas offload read traffic from the primary DB. Ideal for read-heavy workloads. -Helps reduce CPU usage on the primary instance. D. Use ElastiCache in front of your Amazon RDS DB to cache common queries. Reduces the need for repeated queries to the database. -Very effective for frequent, read-heavy queries (e.g., product catalogs, profiles). -Low latency and decreases DB CPU load. E. Shard your data set among multiple Amazon RDS DB instances. Distributes data across multiple DBs. -Allows horizontal scaling and reduces load on a single instance. -More complex to implement, but scalable.

    You are creating an application which stores extremely sensitive financial information. All information in the
    system must be encrypted at rest and in transit.
    Which of these is a violation of this policy?
    A. ELB SSL termination.
    B. ELB Using Proxy Protocol v1.
    C. CloudFront Viewer Protocol Policy set to HTTPS redirection.
    D. Telling S3 to use AES256 on the server-side.
    Answer: A ✅ Explanation A. ELB SSL termination. ❌ (Violation) -Why it's a violation: -With SSL termination at the ELB (Elastic Load Balancer), the connection between the client and the ELB is encrypted, but the traffic between the ELB and your backend instances is typically unencrypted unless you explicitly re-encrypt it. -This breaks encryption in transit, violating the policy unless you implement end-to-end encryption, which requires SSL between ELB and backend as well. So, by default, this is a violation unless re-encryption is in place. B. ELB Using Proxy Protocol v1. -Not a violation: -Proxy Protocol v1 just adds connection information (like client IP) to the headers. It doesn’t affect encryption and works with encrypted or unencrypted connections. -It's compatible with encrypted data paths and not inherently a security violation. C. CloudFront Viewer Protocol Policy set to HTTPS redirection. Not a violation: -This enforces clients to use HTTPS by redirecting HTTP to HTTPS. It ensures encryption in transit from the viewer to CloudFront. -It strengthens encryption compliance. D. Telling S3 to use AES256 on the server-side. Not a violation: This is Server-Side Encryption with S3-managed keys (SSE-S3) using AES-256. It ensures data at rest in S3 is encrypted. -Complies with encryption at rest requirements. ✅ Correct Answer (Violation of policy): A. ELB SSL termination

    A solutions architect is designing a solution where users will be directed to a backup static error page if the primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB).

    Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

    A. Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins. Then, create custom error pages for the distribution.
    B. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
    C. Update the Route 53 record to use a latency-based routing policy. Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints.
    D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints. Route 53 will only send requests to the instance if the health checks fail for the ALB.
    Correct Answer: B ✅ Explanation -A solutions architect is designing a solution where users will be directed to a backup static error page if the primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB). -Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead? A. Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins. -Then, create custom error pages for the distribution. B. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy. C. Update the Route 53 record to use a latency-based routing policy. Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints. D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints. Route 53 will only send requests to the instance if the health checks fail for the ALB.

    A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2. The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput.

    Which EC2 configuration meets these requirements?

    A. Launch the EC2 instances in a cluster placement group in one Availability Zone.
    B. Launch the EC2 instances in a spread placement group in one Availability Zone.
    C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs.
    D. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones.
    Answer: A ✅ Explanation ✅ Correct Answer: A. Launch the EC2 instances in a cluster placement group in one Availability Zone. 🧠 Explanation: -For High Performance Computing (HPC) workloads that require frequent inter-node communication with low latency and high network throughput, the best practice is to place EC2 instances: -Physically close together (to reduce latency). -On high-bandwidth, low-latency networks. -This is exactly what a Cluster Placement Group provides. ✅ Why A is correct: -Cluster Placement Groups pack instances close together in the same Availability Zone. -Designed for high-performance networks, often using Elastic Network Adapter (ENA). -Ideal for tightly coupled HPC workloads, like scientific modeling, genomics, simulations, and analytics.

    A company is migrating from an on-premises infrastructure to the AWS Cloud. One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.

    Which service should the solutions architect use?

    A. Amazon EFS
    B. Amazon FSx
    C. Amazon S3
    D. AWS Storage Gateway
    Answer: B ✅ Explanation: The existing system is a Windows file server farm that uses Distributed File System Replication (DFSR) — this clearly points to a Windows-based file system architecture. ✅ Amazon FSx for Windows File Server: Is a fully managed native Windows file system. -Supports SMB protocol, NTFS, and Windows ACLs. -Can be joined to Active Directory. Is ideal for replacing on-prem Windows file servers, especially when DFS namespaces and DFS replication (DFSR) are involved.

    A company has a legacy application that processes data in two parts. The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.

    How should a solutions architect integrate the microservices?

    A. Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2.
    B. Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic.
    C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose.
    D. Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.
    Answer: D ✅ Correct Answer: D. Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue. ✅ Explanation: -You are building two ECS-based microservices where: -Microservice 1 performs the first, faster step. -Microservice 2 performs a slower, second step. Both need to scale independently. -To meet these needs, you want: -Decoupling (so each microservice runs independently). -Asynchronous communication (because processing times differ). -Scalable architecture (each service scales based on its own workload). -Why Amazon SQS is the best fit: -Fully managed message queue that decouples microservices. -Microservice 1 sends messages (i.e., tasks) to the queue quickly and continues processing. -Microservice 2 reads messages from the queue and processes them at its own pace. -ECS tasks for microservice 2 can scale based on queue depth using CloudWatch alarms and Application Auto Scaling. Provides durability, reliability, and fault tolerance.

    A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates.

    Which architecture should the solutions architect implement? (Choose two.)

    A. Add AWS Shield.
    B. Add Aurora Replica.
    C. Add AWS Direct Connect.
    D. Add AWS Global Accelerator.
    E. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
    Answer: BE ✅ Explanation ✅ Correct Answers: B. Add Aurora Replica. E. Add an Amazon CloudFront distribution in front of the Application Load Balancer. 🔍 Explanation of Correct Choices: ✅ B. Add Aurora Replica Aurora Replicas offload read traffic from the primary instance. -Helps during traffic spikes by handling more concurrent reads. -Supports auto-scaling of read capacity, improving performance and fault tolerance. ✅ E. Add an Amazon CloudFront distribution in front of the Application Load Balancer CloudFront caches static and dynamic content at edge locations. -Reduces direct load on your EC2 instances and Application Load Balancer. -Improves latency and absorbs traffic spikes globally. -Especially helpful for news content, which typically includes static assets (images, articles).
    Back View All Questions