aws interview questions and answers for solution architect
Following are the aws interview questions and answers for solution architect intended for the technical interview rounds. These aws saa-c02 exam questions are taken from saa-c02 dumps 2019, saa-c02 exam dumps 2020 for practice purpose. We also planning to provide aws mcq pdf and aws saa-c02 exam question bank for free download.
Q.1. A large Philippine-based Business Process Outsourcing company is building a two-tier web application in their VPC to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database but for the web tier, they are still deciding what service they will use.
What AWS services should you leverage to build an elastic and scalable web tier?
A : Amazon RDS with Multi-AZ and Auto Scaling
B : Elastic Load Balancing, Amazon EC2, and Auto Scaling
C : Amazon EC2, Amazon DynamoDB, and Amazon S3
D : Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3
Elastic Load Balancing, Amazon EC2, and Auto Scaling
saa-c02 exam dumps
Q.2. You are working for a computer animation film studio that has a web application running on an Amazon EC2 instance. It uploads 5 GB video objects to an Amazon S3 bucket. Video uploads are taking longer than expected, which impacts the performance of your application.
Which method will help improve the performance of your application?
A : Use Amazon S3 Multipart Upload API.
B : Leverage on Amazon CloudFront and use HTTP POST method to reduce latency.
C : Enable Enhanced Networking with the Elastic Network Adapter (ENA) on your EC2 Instances.
D : Use Amazon Elastic Block Store Provisioned IOPS and an Amazon EBS-optimized instance.
Use Amazon S3 Multipart Upload API.
Q.3. A game development company operates several virtual reality (VR) and augmented reality (AR) games which use various RESTful web APIs hosted on their on-premises data center. Due to the unprecedented growth of their company, they decided to migrate their system to AWS Cloud to scale out their resources as well to minimize costs.
Which of the following should you recommend as the most cost-effective and scalable solution to meet the above requirement?
A : Set up a micro-service architecture with ECS, ECR, and Fargate.
B : Use a Spot Fleet of Amazon EC2 instances, each with an Elastic Fabric Adapter (EFA) for more consistent latency and higher network throughput. Set up an Application Load Balancer to distribute traffic to the instances.
C : Use AWS Lambda and Amazon API Gateway.
D : Host the APIs in a static S3 web hosting bucket behind a CloudFront web distribution.
Use AWS Lambda and Amazon API Gateway.
Q.4. A web application, which is hosted in your on-premises data center and uses a MySQL database, must be migrated to AWS Cloud. You need to ensure that the network traffic to and from your RDS database instance is encrypted using SSL. For improved security, you have to use the profile credentials specific to your EC2 instance to access your database, instead of a password.
Which of the following should you do to meet the above requirement?
A : Launch the mysql client using the –ssl-ca parameter when connecting to the database.
B : Configure your RDS database to enable encryption.
C : Set up an RDS database and enable the IAM DB Authentication.
D : Launch a new RDS database instance with the Backtrack feature enabled.
Set up an RDS database and enable the IAM DB Authentication.
aws saa-c02 exam questions & answers
Q.5. You are working as an AWS Engineer in a major telecommunications company in which you are tasked to make a network monitoring system. You launched an EC2 instance to host the monitoring system and used CloudWatch to monitor, store, and access the log files of your instance.
Which of the following provides an automated way to send log data to CloudWatch Logs from your Amazon EC2 instance?
A : CloudTrail Logs agent
B : CloudWatch Logs agent
C : CloudTrail
D : VPC Flow Logs
CloudWatch Logs agent
Q.6. You are a Solutions Architect of a tech company. You are having an issue whenever you try to connect to your newly created EC2 instance using a Remote Desktop connection from your computer. Upon checking, you have verified that the instance has a public IP and the Internet gateway and route tables are in place.
What else should you do for you to resolve this issue?
A : You should adjust the security group to allow traffic from port 22
B : You should create a new instance since there might be some issue with the instance
C : You should restart the EC2 instance since there might be some issue with the instance
D : You should adjust the security group to allow traffic from port 3389
You should adjust the security group to allow traffic from port 3389
Q.7. A WordPress website hosted in an EC2 instance, which has an additional EBS volume attached, was mistakenly deployed in the us-east-1a Availability Zone due to a misconfiguration in your CloudFormation template. There is a requirement to quickly rectify the issue by moving and attaching the EBS volume to a new EC2 instance in the us-east-1b Availability Zone.
As the Solutions Architect of the company, which of the following should you do to solve this issue?
A : First, create a snapshot of the EBS volume. Afterwards, create a volume using the snapshot in the other Availability Zone.
B : First, create a new volume in the other Availability Zone. Next, perform a disk copy of the contents from the source volume to the new volume that you have created.
C : Detach the EBS volume and attach it to an EC2 instance residing in another Availability Zone.
D : Create a new EBS volume in another Availability Zone and then specify the current EBS volume as the source.
First, create a snapshot of the EBS volume. Afterwards, create a volume using the snapshot in the other Availability Zone.
Q.8. In a tech company that you are working for, there is a requirement to allow one IAM user to modify the configuration of one of your Elastic Load Balancers (ELB) which is used in a specific project. Each developer in your company has an individual IAM user and they usually move from one project to another.
Which of the following would be the best way to allow this access?
A : Create a new IAM Role which will be assumed by the IAM user. Attach a policy allowing access to modify the ELB and once it is done, remove the IAM role from the user.
B : Create a new IAM user that has access to modify the ELB. Delete that user when the work is completed.
C : Provide the user temporary access to the root account for 8 hours only. Afterwards, change the password once the activity is completed.
D : Open the port that ELB uses in a security group and then give the user access to that security group via a policy.
Create a new IAM Role which will be assumed by the IAM user. Attach a policy allowing access to modify the ELB and once it is done, remove the IAM role from the user.
Q.9. You are working as a Senior Solutions Architect in a digital media services startup. Your current project is about a movie streaming app where you are required to launch several EC2 instances on multiple availability zones.
Which of the following will configure your load balancer to distribute incoming requests evenly to all EC2 instances across multiple Availability Zones?
A : An Amazon Route 53 latency routing policy
B : An Amazon Route 53 weighted routing policy
C : Elastic Load Balancing request routing
D : Cross-zone load balancing
Cross-zone load balancing
Q.10. A Solutions Architect designed a real-time data analytics system based on Kinesis Data Stream and Lambda. A week after the system has been deployed, the users noticed that it performed slowly as the data rate increases. The Architect identified that the performance of the Kinesis Data Streams is causing this problem.
Which of the following should the Architect do to improve performance?
A : Improve the performance of the stream by decreasing the number of its shards using the MergeShard command.
B : Implement Step Scaling to the Kinesis Data Stream.
C : Increase the number of shards of the Kinesis stream by using the UpdateShardCount command.
D : Replace the data stream with Amazon Kinesis Data Firehose instead.
Increase the number of shards of the Kinesis stream by using the UpdateShardCount command.
aws mcq questions and answers
Q.11. An application is hosted in an On-Demand EC2 instance and is using Amazon SDK to communicate to other AWS services such as S3, DynamoDB, and many others. As part of the upcoming IT audit, you need to ensure that all API calls to your AWS resources are logged and durably stored.
Which is the most suitable service that you should use to meet this requirement?
A : AWS CloudTrail
B : Amazon API Gateway
C : Amazon CloudWatch
D : AWS X-Ray
Q.12. The social media company that you are working for needs to capture the detailed information of all HTTP requests that went through their public-facing application load balancer every five minutes. They want to use this data for analyzing traffic patterns and for troubleshooting their web applications in AWS.
Which of the following options meet the customer requirements?
A : Enable access logs on the application load balancer.
B : Add an Amazon CloudWatch Logs agent on the application load balancer.
C : Enable Amazon CloudWatch metrics on the application load balancer.
D : Enable AWS CloudTrail for their application load balancer.
Enable access logs on the application load balancer.
Q.13. A website is running on an Auto Scaling group of On-Demand EC2 instances which are abruptly getting terminated from time to time. To automate the monitoring process, you started to create a simple script which uses the AWS CLI to find the root cause of this issue.
Which of the following is the most suitable command to use?
A : aws ec2 get-console-screenshot
B : aws ec2 describe-images
C : aws ec2 describe-instances
D : aws ec2 describe-volume-status
aws ec2 describe-instances
Q.14. You created a new CloudFormation template that creates 4 EC2 instances and are connected to one Elastic Load Balancer (ELB).
Which section of the template should you configure to get the Domain Name Server hostname of the ELB upon the creation of the AWS stack?
A : Parameters
B : Outputs
C : Resources
D : Mappings
Q.15. You are setting up a cost-effective architecture for a log processing application which has frequently accessed, throughput-intensive workloads with large, sequential I/O operations. The application should be hosted in an already existing On-Demand EC2 instance in your VPC. You must attach a new EBS volume that will be used by the application.
Which of the following is the most suitable EBS volume type that you should use in this scenario?
A : EBS Throughput Optimized HDD (st1)
B : EBS Provisioned IOPS SSD (io1)
C : EBS Cold HDD (sc1)
D : EBS General Purpose SSD (gp2)
EBS Throughput Optimized HDD (st1)
Google Cloud Platform mcq with answers
Q.16. You have just launched a new API Gateway service which uses AWS Lambda as a serverless computing service.
In what type of protocol will your API endpoint be exposed?
A : HTTP
B : HTTPS
C : WebSocket
D : HTTP/2
Architect Associate saa-c02 exam questions
Q.17. You are working for a top IT Consultancy that has a VPC with two On-Demand EC2 instances with Elastic IP addresses. You were notified that your EC2 instances are currently under SSH brute force attacks over the Internet. Their IT Security team has identified the IP addresses where these attacks originated. You must immediately implement a temporary fix to stop these attacks while the team is setting up AWS WAF, GuardDuty, and AWS Shield Advanced to permanently fix the security vulnerability.
Which of the following provides the quickest way to stop the attacks to your instances?
A : Place the EC2 instances into private subnets
B : Block the IP addresses in the Network Access Control List
C : Remove the Internet Gateway from the VPC
D : Assign a static Anycast IP address to each EC2 instance
Block the IP addresses in the Network Access Control List
Q.18. A company has 10 TB of infrequently accessed financial data files that would need to be stored in AWS. These data would be accessed infrequently during specific weeks when they are retrieved for auditing purposes. The retrieval time is not strict as long as it does not exceed 24 hours.
Which of the following would be a secure, durable, and cost-effective solution for this scenario?
A : Upload the data to S3 then use a lifecycle policy to transfer data to S3-IA.
B : Upload the data to S3 then use a lifecycle policy to transfer data to S3 One Zone-IA.
C : Upload the data to Amazon FSx for Windows File Server using the Server Message Block (SMB) protocol.
D : Upload the data to S3 and set a lifecycle policy to transition data to Glacier after 0 days.
Upload the data to S3 and set a lifecycle policy to transition data to Glacier after 0 days.
Q.19. You are working as a Solutions Architect for a leading technology company where you are instructed to troubleshoot the operational issues of your cloud architecture by logging the AWS API call history of your AWS resources. You need to quickly identify the most recent changes made to resources in your environment, including creation, modification, and deletion of AWS resources. One of the requirements is that the generated log files should be encrypted to avoid any security issues.
Which of the following is the most suitable approach to implement the encryption?
A : Use CloudTrail and configure the destination S3 bucket to use Server-Side Encryption (SSE).
B : Use CloudTrail and configure the destination Amazon Glacier archive to use Server-Side Encryption (SSE).
C : Use CloudTrail and configure the destination S3 bucket to use Server Side Encryption (SSE) with AES-128 encryption algorithm.
D : Use CloudTrail with its default settings
Use CloudTrail with its default settings
Q.20. A data analytics company keeps a massive volume of data which they store in their on-premises data center. To scale their storage systems, they are looking for cloud-backed storage volumes that they can mount using Internet Small Computer System Interface (iSCSI) devices from their on-premises application servers. They have an on-site data analytics application which frequently access the latest data subsets locally while the older data are rarely accessed. You are required to minimize the need to scale the on-premises storage infrastructure while still providing their web application with low-latency access to the data.
Which type of AWS Storage Gateway service will you use to meet the above requirements?
A : Cached Volume Gateway
B : Tape Gateway
C : Stored Volume Gateway
D : File Gateway
Cached Volume Gateway
Cloud Computing mcq questions
Q.21. The start-up company that you are working for has a batch job application that is currently hosted on an EC2 instance. It is set to process messages from a queue created in SQS with default settings. You configured the application to process the messages once a week. After 2 weeks, you noticed that not all messages are being processed by the application.
What is the root cause of this issue?
A : Missing permissions in SQS.
B : The SQS queue is set to short-polling.
C : The batch job application is configured to long polling.
D : Amazon SQS has automatically deleted the messages that have been in a queue for more than the maximum message retention period.
Amazon SQS has automatically deleted the messages that have been in a queue for more than the maximum message retention period.
Q.22. An On-Demand EC2 instance is launched into a VPC subnet with the Network ACL configured to allow all inbound traffic and deny all outbound traffic. The instances security group has an inbound rule to allow SSH from any IP address and does not have any outbound rules.
In this scenario, what are the changes needed to allow SSH connection to the instance?
A : The outbound network ACL needs to be modified to allow outbound traffic.
B : No action needed. It can already be accessed from any IP address using SSH.
C : The outbound security group needs to be modified to allow outbound traffic.
D : Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.
The outbound network ACL needs to be modified to allow outbound traffic.
Q.23. You are planning to migrate a MySQL database from your on-premises data center to your AWS Cloud. This database will be used by a legacy batch application which has steady-state workloads in the morning but has its peak load at night for the end-of-day processing. You need to choose an EBS volume which can handle a maximum of 450 GB of data and can also be used as the system boot volume for your EC2 instance.
Which of the following is the most cost-effective storage type to use in this scenario?
A : Amazon EBS Throughput Optimized HDD (st1)
B : Amazon EBS Cold HDD (sc1)
C : Amazon EBS Provisioned IOPS SSD (io1)
D : Amazon EBS General Purpose SSD (gp2)
Amazon EBS General Purpose SSD (gp2)
Q.24. You have a web application hosted on a fleet of EC2 instances located in two Availability Zones that are all placed behind an Application Load Balancer. As a Solutions Architect, you must add a health check configuration to ensure your application is highly-available.
Which health checks will you implement?
A : TCP health check
B : FTP health check
C : HTTP or HTTPS health check
D : ICMP health check
HTTP or HTTPS health check
Q.25. A news company is planning to use a Hardware Security Module (CloudHSM) in AWS for secure key storage of their web applications. You have launched the CloudHSM cluster but after just a few hours, a support staff mistakenly attempted to log in as the administrator three times using an invalid password in the Hardware Security Module. This has caused the HSM to be zeroized, which means that the encryption keys on it have been wiped. Unfortunately, you did not have a copy of the keys stored anywhere else.
How can you obtain a new copy of the keys that you have stored on Hardware Security Module?
A : Restore a snapshot of the Hardware Security Module.
B : Contact AWS Support and they will provide you a copy of the keys.
C : Use the Amazon CLI to get a copy of the keys.
D : The keys are lost permanently if you did not have a copy.
The keys are lost permanently if you did not have a copy.
Q.26. Your IT Director instructed you to ensure that all the AWS resources in your VPC dont go beyond their respective service limits. You should prepare a system that provides you real-time guidance in provisioning your resources that adheres to the AWS best practices.
Which of the following is the MOST appropriate service to use to satisfy this task?
A : AWS Cost Explorer
B : Amazon Inspector
C : AWS Budgets
D : AWS Trusted Advisor
AWS Trusted Advisor
Q.27. You have EC2 instances running on your VPC. You have both UAT and production EC2 instances running. You want to ensure that employees who are responsible for the UAT instances don’t have the access to work on the production instances to minimize security risks.
Which of the following would be the best way to achieve this?
A : Launch the UAT and production instances in different Availability Zones and use Multi Factor Authentication.
B : Define the tags on the UAT and production servers and add a condition to the IAM policy which allows access to specific tags.
C : Provide permissions to the users via the AWS Resource Access Manager (RAM) service to only access EC2 instances that are used for production or development.
D : Launch the UAT and production EC2 instances in separate VPC’s connected by VPC peering.
Define the tags on the UAT and production servers and add a condition to the IAM policy which allows access to specific tags.
Q.28. In a startup company you are working for, you are asked to design a web application that requires a NoSQL database that has no limit on the storage size for a given table. The startup is still new in the market and it has very limited human resources who can take care of the database infrastructure.
Which is the most suitable service that you can implement that provides a fully managed, scalable and highly available NoSQL service?
A : DynamoDB
B : Amazon Neptune
C : Amazon Aurora
D : SimpleDB
Q.29. A financial company wants to store their data in Amazon S3 but at the same time, they want to store their frequently accessed data locally on their on-premises server. This is since they do not have the option to extend their on-premises storage, which is why they are looking for a durable and scalable storage service to use in AWS.
What is the best solution for this scenario?
A : Use a fleet of EC2 instance with EBS volumes to store the commonly used data.
B : Use the Amazon Storage Gateway – Cached Volumes.
C : Use both ElastiCache and S3 for frequently accessed data.
D : Use Amazon Glacier.
Use the Amazon Storage Gateway – Cached Volumes.
Q.30. You are working as an IT Consultant for a large media company where you are tasked to design a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this S3 bucket to immediately receive over 2000 PUT requests and 3500 GET requests per second at peak hour.
What should you do to ensure optimal performance?
A : Add a random prefix to the key names.
B : Use Byte-Range Fetches to retrieve multiple ranges of an object data per GET request.
C : Do nothing. Amazon S3 will automatically manage performance at this scale.
D : Use a predictable naming scheme in the key names such as sequential numbers or date time sequences.
Do nothing. Amazon S3 will automatically manage performance at this scale.
Q.31. You are a Solutions Architect working for a startup which is currently migrating their production environment to AWS. Your manager asked you to set up access to the AWS console using Identity Access Management (IAM). Using the AWS CLI, you have created 5 users for your systems administrators.
What further steps do you need to take for your systems administrators to get access to the AWS console?
A : Enable multi-factor authentication on their accounts and define a password policy.
B : Add the administrators to the Security Group.
C : Provide a password for each user created and give these passwords to your system administrators.
D : Provide the system administrators the secret access key and access key id.
Provide a password for each user created and give these passwords to your system administrators.
Q.32. You are setting up a configuration management in your existing cloud architecture where you must deploy and manage your EC2 instances including the other AWS resources using Chef and Puppet.
Which of the following is the most suitable service to use in this scenario?
A : AWS CodeDeploy
B : AWS Elastic Beanstalk
C : AWS CloudFormation
D : AWS OpsWorks
Q.33. You are managing a global news website which has a very high traffic. To improve the performance, you redesigned the application architecture to use a Classic Load Balancer with an Auto Scaling Group in multiple Availability Zones. However, you noticed that one of the Availability Zones is not receiving any traffic.
What is the root cause of this issue?
A : The Availability Zone is not properly added to the load balancer which is why it is not receiving any traffic.
B : The Classic Load Balancer is down
C : Auto Scaling should be disabled for the load balancer to route the traffic to multiple Availability Zones.
D : By default, you are not allowed to use a load balancer with multiple Availability Zones. You must send a request form to AWS in order for this to work.
The Availability Zone is not properly added to the load balancer which is why it is not receiving any traffic.
Q.34. You are consulted by a multimedia company that needs to deploy web services to an AWS region which they have never used before. The company currently has an IAM role for their Amazon EC2 instance which permits the instance to access Amazon DynamoDB. They want their EC2 instances in the new region to have the exact same privileges.
What should you do to accomplish this?
A : Create an Amazon Machine Image (AMI) of the instance and copy it to the new region.
B : In the new Region, create a new IAM role and associated policies then assign it to the new instance.
C : Assign the existing IAM role to instances in the new region.
D : Duplicate the IAM role and associated policies to the new region and attach it to the instances.
Assign the existing IAM role to instances in the new region.