Home/Directory/solutions architect associate

solutions architect associate Practice Questions

Page 2 of 3 (240 total questions)

Your data science team needs a fully managed environment to build, train, and deploy custom machine learning models using TensorFlow. Which platform provides these end-to-end MLOps capabilities?
View Question & Answer ➔
A data science team needs a fully managed service to build, train, and deploy machine learning models at scale. Which service is designed for this?
View Question & Answer ➔
What is 'Amazon SageMaker Ground Truth' used for?
View Question & Answer ➔
A team wants to quickly start experimenting with machine learning without configuring their own Jupyter notebooks. Which SageMaker feature provides a web-based IDE for ML?
View Question & Answer ➔
To reduce costs for training large machine learning models, which EC2 instance feature should a solutions architect recommend using with SageMaker?
View Question & Answer ➔
Which SageMaker feature helps an architect automatically find the best version of a machine learning model by running multiple training jobs with different parameters?
View Question & Answer ➔
For low-latency real-time predictions, what is the best deployment option in SageMaker?
View Question & Answer ➔
An architect needs to run a machine learning model on an edge device (like a factory camera) with very limited resources. Which service can optimize the model for specific hardware?
View Question & Answer ➔
What is the purpose of 'SageMaker Model Monitor'?
View Question & Answer ➔
Which SageMaker feature allows business analysts to build ML models and make predictions using a visual interface without writing any code?
View Question & Answer ➔
You are designing a CI/CD pipeline. You need a service to compile source code, run tests, and produce software packages that are ready to deploy. Which service handles the build phase?
View Question & Answer ➔
What is the primary function of AWS CodeBuild in a CI/CD pipeline?
View Question & Answer ➔
Which YAML-formatted file is used to define the build commands and runtime settings for an AWS CodeBuild project?
View Question & Answer ➔
An architect wants to ensure that a CodeBuild project has access to resources inside a private VPC, such as an RDS database for integration testing. How should the project be configured?
View Question & Answer ➔
To speed up subsequent builds, which CodeBuild feature allows for the reuse of dependencies (like Maven or npm packages)?
View Question & Answer ➔
Which AWS security feature allows an architect to grant a CodeBuild project permission to pull an image from a private ECR repository?
View Question & Answer ➔
Does AWS CodeBuild charge you for the time your build project is idle and not running any builds?
View Question & Answer ➔
An architect is designing a multi-account CI/CD pipeline using AWS CodePipeline. CodeBuild is used for the build stage. Where are the resulting build artifacts typically stored so they can be accessed by the deployment stage in another account?
View Question & Answer ➔
Can you use custom Docker images to run your builds in AWS CodeBuild?
View Question & Answer ➔
What is the purpose of the 'Phases' section in a CodeBuild buildspec file?
View Question & Answer ➔
Your team wants to automate the provisioning of infrastructure to ensure consistency across environments. You need to define your infrastructure as code (IaC) using declarative templates. Which service should you use?
View Question & Answer ➔
Which AWS service provides 'Infrastructure as Code' capabilities, allowing you to model and provision AWS resources using JSON or YAML templates?
View Question & Answer ➔
An architect wants to deploy the same CloudFormation template across hundreds of AWS accounts and multiple regions within an organization. Which feature should be used?
View Question & Answer ➔
What is the 'Drift Detection' feature in AWS CloudFormation used for?
View Question & Answer ➔
How can an architect prevent a CloudFormation stack from failing its entire deployment if a single resource fails to create?
View Question & Answer ➔
What is the primary purpose of 'Nested Stacks' in CloudFormation?
View Question & Answer ➔
An architect needs to perform an 'update' to a CloudFormation stack. They want to see exactly which resources will be created, modified, or deleted before applying the change. Which feature should be used?
View Question & Answer ➔
To protect critical resources (like a production database) from accidental deletion during a CloudFormation stack update or deletion, what should the architect use?
View Question & Answer ➔
In a CloudFormation template, which section is used to define the logical relationships between resources (e.g., ensuring a database exists before a web server starts)?
View Question & Answer ➔
What is the 'Condition' section in a CloudFormation template typically used for?
View Question & Answer ➔
Which IAM policy type is used to set the maximum permissions that an identity-based policy can grant to an IAM user or role?
View Question & Answer ➔
Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?
View Question & Answer ➔
A company uses AWS Organizations and wants to ensure that NO user in any account can delete S3 buckets, regardless of their individual IAM permissions. What should be used?
View Question & Answer ➔
What is the recommended way to grant an EC2 instance permission to call other AWS services (like S3 or DynamoDB)?
View Question & Answer ➔
Which IAM feature allows an architect to verify which permissions in a policy are actually being used by an entity, helping to implement the 'principle of least privilege'?
View Question & Answer ➔
A company wants to allow employees to log into the AWS Management Console using their existing corporate credentials from Microsoft Active Directory. Which service is required?
View Question & Answer ➔
When multiple policies are applied to a user (e.g., an SCP, a Permissions Boundary, and an Identity-based Policy), when is a request finally allowed?
View Question & Answer ➔
What is 'IAM Access Analyzer' used for?
View Question & Answer ➔
An architect needs to create a temporary link that allows an external consultant to download a specific file from S3 without creating an IAM user for them. Which feature is best?
View Question & Answer ➔
Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?
View Question & Answer ➔
Your application requires high CPU performance for compute-intensive workloads like video encoding. Which Amazon EC2 instance type is optimized for this?
View Question & Answer ➔
An application consists of an Auto Scaling group of EC2 instances behind an ALB. During a traffic spike, the instances are reaching 100% CPU, but the Auto Scaling group is not adding more instances quickly enough. Which configuration change would improve responsiveness?
View Question & Answer ➔
A company wants to run a legacy application that requires a fixed physical server for licensing reasons and must be able to withstand the failure of an entire Availability Zone. Which EC2 feature meets the licensing need?
View Question & Answer ➔
Which EC2 Hibernate feature is most valuable for an application with a very long initialization phase?
View Question & Answer ➔
An architect is selecting an EC2 instance for a memory-intensive SAP HANA database. Which instance family should be preferred?
View Question & Answer ➔
A solutions architect needs to cost-effectively run a batch processing workload that can be interrupted at any time and resumed later. Which purchasing option provides the highest savings?
View Question & Answer ➔
What is the purpose of an EC2 'Placement Group' with the 'Spread' strategy?
View Question & Answer ➔
An architect needs to perform an emergency patch on a fleet of EC2 instances without allowing any new connections during the process. How can this be achieved with an ALB?
View Question & Answer ➔
What integrated feature of EC2 allows an architect to run a custom script when an instance is launched for the first time (e.g., to install a web server)?
View Question & Answer ➔
A company wants to ensure they have enough EC2 capacity during a specific holiday weekend for their e-commerce app. Which option guarantees capacity without a long-term commitment to a specific instance family?
View Question & Answer ➔
Your application requires persistent block storage that survives Amazon EC2 instance termination. Which service should you use?
View Question & Answer ➔
You need to create a backup of your Amazon EBS volume for disaster recovery. What feature should you use?
View Question & Answer ➔
A company needs an EBS volume with the highest possible performance for a high-intensity database workload. They require consistent sub-millisecond latency and 50,000 IOPS. Which volume type is best?
View Question & Answer ➔
In an architecture requiring high availability, can a single EBS volume be attached to two EC2 instances in different Availability Zones at the same time?
View Question & Answer ➔
A solutions architect wants to create a backup of an EBS volume that is stored redundantly across multiple Availability Zones. Which feature should be used?
View Question & Answer ➔
What is the primary benefit of the 'gp3' EBS volume type over the older 'gp2' type?
View Question & Answer ➔
A database server is reaching its EBS volume storage limit. Which feature of EBS allows for increasing the size of a volume without any downtime or detaching the volume?
View Question & Answer ➔
Is it possible to encrypt an existing unencrypted EBS volume while it is attached to a running EC2 instance?
View Question & Answer ➔
Which EBS feature should be enabled to significantly speed up the 'first-read' performance of an EBS volume restored from a large snapshot?
View Question & Answer ➔
A big data application performs massive sequential reads and writes. Which EBS volume type provides the best price-per-throughput for this use case?
View Question & Answer ➔
You need to create a logically isolated section of your cloud environment where you can launch resources in a virtual network that you define. Which service provides this?
View Question & Answer ➔
A company wants to connect 50 different VPCs across multiple AWS accounts in a single region to a central VPC that contains shared services. The architecture must be scalable and minimize the complexity of manageability. Which service is best?
View Question & Answer ➔
An architect is designing a VPC with a public subnet for web servers and a private subnet for databases. The database instances need to download security updates from the internet without being reachable from the internet. How should this be implemented?
View Question & Answer ➔
What is the primary benefit of using a 'VPC Endpoint' (Gateway or Interface) for services like S3 or DynamoDB?
View Question & Answer ➔
A company has two VPCs in different AWS regions and needs them to communicate using private IP addresses. Which solution provides the lowest latency and uses the AWS backbone network?
View Question & Answer ➔
An architect needs to capture information about the IP traffic going to and from network interfaces in a VPC for security analysis. Which feature should be enabled?
View Question & Answer ➔
Which VPC component is responsible for translating human-friendly domain names (e.g., example.com) to IP addresses within the VPC?
View Question & Answer ➔
What does 'Egress-Only Internet Gateway' provide in a VPC architecture?
View Question & Answer ➔
A company wants to expose a specific application running in their VPC to a customer's VPC without using VPC Peering or a VPN, and without exposing it to the public internet. Which technology should they choose?
View Question & Answer ➔
What happens if a VPC has two subnets with overlapping IP address ranges?
View Question & Answer ➔
You need stateful firewall rules at the Amazon EC2 instance level. What should you configure?
View Question & Answer ➔
Which statement correctly describes the nature of Security Groups in AWS?
View Question & Answer ➔
How do Network ACLs differ from Security Groups in terms of rule evaluation?
View Question & Answer ➔
An architect needs to block a specific IP address that is launching a DDoS attack on the web servers. Where should this block be implemented?
View Question & Answer ➔
A security group is associated with an EC2 instance. The group has an inbound rule allowing port 80 (HTTP) from 0.0.0.0/0. What happens to the outbound traffic from the instance on port 80?
View Question & Answer ➔
In a sophisticated tiered architecture, how should a database security group be configured to be most secure?
View Question & Answer ➔
A solutions architect is troubleshooting a connection issue to an EC2 instance. The security group has an inbound rule allowing SSH on port 22. What else must be checked regarding the security group to ensure the response can reach the client?
View Question & Answer ➔
To allow a fleet of web servers to communicate with a database cluster securely, which source should be used in the database security group's inbound rule?
View Question & Answer ➔
What is the maximum number of security groups that can be associated with a single network interface (ENI) by default?
View Question & Answer ➔
You need stateful firewall rules at the Amazon EC2 instance level. What should you configure?
View Question & Answer ➔
You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?
View Question & Answer ➔
You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?
View Question & Answer ➔
What is the 'Default' behavior of a Network ACL created by a user (not the VPC default NACL)?
View Question & Answer ➔
When configuring a Network ACL to allow web traffic (port 80) to a subnet, what else must be configured for the connection to work correctly?
View Question & Answer ➔
Can a Network ACL be associated with multiple subnets in the same VPC?
View Question & Answer ➔
Which security layer acts as a 'second line of defense' at the subnet level in an AWS VPC?
View Question & Answer ➔
When a network packet enters a subnet, which security layer is evaluated first?
View Question & Answer ➔
A network security team wants to prevent all traffic from a specific malicious subnet (192.168.1.0/24) from reaching the entire web subnet. How should this be implemented?
View Question & Answer ➔
A developer reports that their EC2 instance can receive web traffic but cannot download updates from the internet. The security group allows all outbound traffic. What could be the issue in the Network ACL?
View Question & Answer ➔
You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?
View Question & Answer ➔
You need to monitor CPU utilization of your Amazon EC2 instances and set up alarms for automated actions. Which service should you use?
View Question & Answer ➔
Your application running on Amazon EC2 needs a central location for log aggregation and real-time analysis. Which Amazon CloudWatch capability should you use?
View Question & Answer ➔
An architect needs to be alerted if the average CPU utilization of an Auto Scaling group exceeds 70% for more than 5 minutes. Which CloudWatch component should be used?
View Question & Answer ➔
What is the difference between 'Standard' and 'High-Resolution' metrics in Amazon CloudWatch?
View Question & Answer ➔
A company wants to collect system-level metrics (such as RAM usage and disk space) from their EC2 instances that are not available by default in CloudWatch. How can this be achieved?
View Question & Answer ➔
An architect needs to search and analyze log data from thousands of EC2 instances to find the source of an application error. Which tool is most effective?
View Question & Answer ➔
What is 'CloudWatch Container Insights' used for?
View Question & Answer ➔
A solutions architect wants to automatically trigger a Lambda function whenever an EC2 instance state changes to 'terminated'. Which service should be used to route this event?
View Question & Answer ➔
What does 'Anomalies Detection' in CloudWatch do?
View Question & Answer ➔
How long does CloudWatch keep metric data by default?
View Question & Answer ➔

← PreviousPage 2 of 3Next →

solutions architect associate Practice Questions

Your data science team needs a fully managed environment to build, train, and deploy custom machine learning models using TensorFlow. Which platform provides these end-to-end MLOps capabilities?

A data science team needs a fully managed service to build, train, and deploy machine learning models at scale. Which service is designed for this?

What is 'Amazon SageMaker Ground Truth' used for?

A team wants to quickly start experimenting with machine learning without configuring their own Jupyter notebooks. Which SageMaker feature provides a web-based IDE for ML?

To reduce costs for training large machine learning models, which EC2 instance feature should a solutions architect recommend using with SageMaker?

Which SageMaker feature helps an architect automatically find the best version of a machine learning model by running multiple training jobs with different parameters?

For low-latency real-time predictions, what is the best deployment option in SageMaker?

An architect needs to run a machine learning model on an edge device (like a factory camera) with very limited resources. Which service can optimize the model for specific hardware?

What is the purpose of 'SageMaker Model Monitor'?

Which SageMaker feature allows business analysts to build ML models and make predictions using a visual interface without writing any code?

You are designing a CI/CD pipeline. You need a service to compile source code, run tests, and produce software packages that are ready to deploy. Which service handles the build phase?

What is the primary function of AWS CodeBuild in a CI/CD pipeline?

Which YAML-formatted file is used to define the build commands and runtime settings for an AWS CodeBuild project?

An architect wants to ensure that a CodeBuild project has access to resources inside a private VPC, such as an RDS database for integration testing. How should the project be configured?

To speed up subsequent builds, which CodeBuild feature allows for the reuse of dependencies (like Maven or npm packages)?

Which AWS security feature allows an architect to grant a CodeBuild project permission to pull an image from a private ECR repository?

Does AWS CodeBuild charge you for the time your build project is idle and not running any builds?

An architect is designing a multi-account CI/CD pipeline using AWS CodePipeline. CodeBuild is used for the build stage. Where are the resulting build artifacts typically stored so they can be accessed by the deployment stage in another account?

Can you use custom Docker images to run your builds in AWS CodeBuild?

What is the purpose of the 'Phases' section in a CodeBuild buildspec file?

Your team wants to automate the provisioning of infrastructure to ensure consistency across environments. You need to define your infrastructure as code (IaC) using declarative templates. Which service should you use?

Which AWS service provides 'Infrastructure as Code' capabilities, allowing you to model and provision AWS resources using JSON or YAML templates?

An architect wants to deploy the same CloudFormation template across hundreds of AWS accounts and multiple regions within an organization. Which feature should be used?

What is the 'Drift Detection' feature in AWS CloudFormation used for?

How can an architect prevent a CloudFormation stack from failing its entire deployment if a single resource fails to create?

What is the primary purpose of 'Nested Stacks' in CloudFormation?

An architect needs to perform an 'update' to a CloudFormation stack. They want to see exactly which resources will be created, modified, or deleted before applying the change. Which feature should be used?

To protect critical resources (like a production database) from accidental deletion during a CloudFormation stack update or deletion, what should the architect use?

In a CloudFormation template, which section is used to define the logical relationships between resources (e.g., ensuring a database exists before a web server starts)?

What is the 'Condition' section in a CloudFormation template typically used for?

Which IAM policy type is used to set the maximum permissions that an identity-based policy can grant to an IAM user or role?

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?

A company uses AWS Organizations and wants to ensure that NO user in any account can delete S3 buckets, regardless of their individual IAM permissions. What should be used?

What is the recommended way to grant an EC2 instance permission to call other AWS services (like S3 or DynamoDB)?

Which IAM feature allows an architect to verify which permissions in a policy are actually being used by an entity, helping to implement the 'principle of least privilege'?

A company wants to allow employees to log into the AWS Management Console using their existing corporate credentials from Microsoft Active Directory. Which service is required?

When multiple policies are applied to a user (e.g., an SCP, a Permissions Boundary, and an Identity-based Policy), when is a request finally allowed?

What is 'IAM Access Analyzer' used for?

An architect needs to create a temporary link that allows an external consultant to download a specific file from S3 without creating an IAM user for them. Which feature is best?

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?

Your application requires high CPU performance for compute-intensive workloads like video encoding. Which Amazon EC2 instance type is optimized for this?

An application consists of an Auto Scaling group of EC2 instances behind an ALB. During a traffic spike, the instances are reaching 100% CPU, but the Auto Scaling group is not adding more instances quickly enough. Which configuration change would improve responsiveness?

A company wants to run a legacy application that requires a fixed physical server for licensing reasons and must be able to withstand the failure of an entire Availability Zone. Which EC2 feature meets the licensing need?

Which EC2 Hibernate feature is most valuable for an application with a very long initialization phase?

An architect is selecting an EC2 instance for a memory-intensive SAP HANA database. Which instance family should be preferred?

A solutions architect needs to cost-effectively run a batch processing workload that can be interrupted at any time and resumed later. Which purchasing option provides the highest savings?

What is the purpose of an EC2 'Placement Group' with the 'Spread' strategy?

An architect needs to perform an emergency patch on a fleet of EC2 instances without allowing any new connections during the process. How can this be achieved with an ALB?

What integrated feature of EC2 allows an architect to run a custom script when an instance is launched for the first time (e.g., to install a web server)?

A company wants to ensure they have enough EC2 capacity during a specific holiday weekend for their e-commerce app. Which option guarantees capacity without a long-term commitment to a specific instance family?

Your application requires persistent block storage that survives Amazon EC2 instance termination. Which service should you use?

You need to create a backup of your Amazon EBS volume for disaster recovery. What feature should you use?

A company needs an EBS volume with the highest possible performance for a high-intensity database workload. They require consistent sub-millisecond latency and 50,000 IOPS. Which volume type is best?

In an architecture requiring high availability, can a single EBS volume be attached to two EC2 instances in different Availability Zones at the same time?

A solutions architect wants to create a backup of an EBS volume that is stored redundantly across multiple Availability Zones. Which feature should be used?

What is the primary benefit of the 'gp3' EBS volume type over the older 'gp2' type?

A database server is reaching its EBS volume storage limit. Which feature of EBS allows for increasing the size of a volume without any downtime or detaching the volume?

Is it possible to encrypt an existing unencrypted EBS volume while it is attached to a running EC2 instance?

Which EBS feature should be enabled to significantly speed up the 'first-read' performance of an EBS volume restored from a large snapshot?

A big data application performs massive sequential reads and writes. Which EBS volume type provides the best price-per-throughput for this use case?

You need to create a logically isolated section of your cloud environment where you can launch resources in a virtual network that you define. Which service provides this?

A company wants to connect 50 different VPCs across multiple AWS accounts in a single region to a central VPC that contains shared services. The architecture must be scalable and minimize the complexity of manageability. Which service is best?

An architect is designing a VPC with a public subnet for web servers and a private subnet for databases. The database instances need to download security updates from the internet without being reachable from the internet. How should this be implemented?

What is the primary benefit of using a 'VPC Endpoint' (Gateway or Interface) for services like S3 or DynamoDB?

A company has two VPCs in different AWS regions and needs them to communicate using private IP addresses. Which solution provides the lowest latency and uses the AWS backbone network?

An architect needs to capture information about the IP traffic going to and from network interfaces in a VPC for security analysis. Which feature should be enabled?

Which VPC component is responsible for translating human-friendly domain names (e.g., example.com) to IP addresses within the VPC?

What does 'Egress-Only Internet Gateway' provide in a VPC architecture?

A company wants to expose a specific application running in their VPC to a customer's VPC without using VPC Peering or a VPN, and without exposing it to the public internet. Which technology should they choose?

What happens if a VPC has two subnets with overlapping IP address ranges?

You need stateful firewall rules at the Amazon EC2 instance level. What should you configure?

Which statement correctly describes the nature of Security Groups in AWS?

How do Network ACLs differ from Security Groups in terms of rule evaluation?

An architect needs to block a specific IP address that is launching a DDoS attack on the web servers. Where should this block be implemented?

A security group is associated with an EC2 instance. The group has an inbound rule allowing port 80 (HTTP) from 0.0.0.0/0. What happens to the outbound traffic from the instance on port 80?

In a sophisticated tiered architecture, how should a database security group be configured to be most secure?

A solutions architect is troubleshooting a connection issue to an EC2 instance. The security group has an inbound rule allowing SSH on port 22. What else must be checked regarding the security group to ensure the response can reach the client?

To allow a fleet of web servers to communicate with a database cluster securely, which source should be used in the database security group's inbound rule?

What is the maximum number of security groups that can be associated with a single network interface (ENI) by default?