This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

  • AWS Certified Solutions Architect Associate
  • AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

  • Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
  • Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

2. AWS Certified Solutions Architect Associate (SAA) – Exam Mode

4 votes, 4.8 avg

Click Start button to start exam !

Time Out !

1 / 65

You are leading a design meeting in your company to create an autoscaling group of EC2 instances behind an Application Load Balancer in your VPC. There are very specific requirements coming about based on traffic and cost. Your management wants to scale out when necessary and scale in when instances are no longer needed to save on cost and maintain optimum system performance based on CPU utilization.

What step can most effectively meet these requirements?

2 / 65

A user is implementing resources for a group of separate batch processes to be completed during non-business hours. The process is predicted to take 6 hours to complete. This group of batch processing will require a compute-optimized instance, which is a different instance family than any deployed within your production environment. Which option is the right instance type and purchase option in this case, assuming the user performs the same task for the next twelve months?

3 / 65

A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?

4 / 65

You want to configure DNS failover in Route 53 so that all of your resources are available for the majority of the time. Which of the following failover configurations would be most suited for this?

5 / 65

A user has enabled versioning on an S3 bucket. The user applies server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), which of the below mentioned statements is true?

6 / 65

A secured web application running on an EC2 instance needs to perform PUT and GET operations on objects within an S3 bucket. The EC2 instance and S3 bucket are owned by the same AWS account. Of the policies listed below, which two grant the necessary permissions for this web application? (Choose 2 answers)

7 / 65

You have 4 Direct Connect (DX) connections to your VPC from your Chicago, Boston, Houston, and Orlando offices. Your VPC’s address range is You are using BGP routing. You would like to ensure AWS uses the Chicago connection to reach the IP addresses ranging from on your network. The other three locations are currently advertising the following routes:

Boston: AS 65000

Houston: AS 65000 65000

Orlando: AS 65000 65000  65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from

8 / 65

Your new client is a federal agency utilizing a hybrid cloud environment. The agency distributes large amounts of sensitive data throughout the world. Your task is to ensure that the data is secure using various encryption techniques as well as security groups and access control lists.

One of the requirements is to distribute content utilizing CloudFront for optimal performance but to completely restrict access from within certain blacklisted countries. What service can you use with CloudFront to fulfill this requirement?

9 / 65

You wish to perform detailed monitoring on servers that are marked as unhealthy before they are terminated. After researching the issue, you find that lifecycle hooks can be deployed as necessary. Which strategies could you use to perform detailed monitoring? (Choose 2 answers)

10 / 65

You have been asked to create a new S3 Bucket that will be used by the financial auditing team to store and share some files. There are a lot of different permissions between listing only, read-only and read-write access. You have decided to use resource-based permissions for the flexibility of it. Which statements below are correct with regards to resource-based permissions on your S3 bucket? (Choose 2 answers)

11 / 65

What features of VPC security groups are correct? (Choose 2 answers)

12 / 65

_____ is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend.

13 / 65

You need to provide a small group of users in one AWS account access to another AWS account. How would you enable this access to a second AWS account?

14 / 65

Which use cases would be best served by an S3 bucket ACL? (Choose 2 answers)

15 / 65

You are reviewing an application’s compute resources in an effort to optimize cost and performance. Your application’s compute layer currently general-purpose on-demand instances. Now you want are considering launching multiple instance types that use various purchase options, including On-Demand Instances, Reserved Instances, and Spot Instances.

What considerations regarding AWS EC2 Auto Scaling should you bear in mind while optimizing your compute layer?

16 / 65

You’re tasked to set up an AWS media sharing framework for a new start up company. It will need a huge amount of persistent data storage for this framework, and data will be regularly uploaded, transferred and downloaded by customers. Which of the following storage options would be appropriate and cost effective for persistent storage in this case?

17 / 65

In which circumstance would a bucket owner pay for the data transfers instead of the Requester Pays bucket?

18 / 65

You are deploying a two-tiered web application with web servers in a public subnet of your VPC and your database isolated in a private subnet. Your requirements call for the web tier to be highly available. Which services listed will be needed to make the web-tier highly available? (Choose 3 answers)

19 / 65

An organization has launched five instances: two for production and three for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often be deleted and replaced, especially in the testing group.  This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production, and testing will not change in the foreseeable future.

Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy? (Choose 2 answers)

20 / 65

Select a true statement about Amazon EC2 Security Groups (EC2-Classic).

21 / 65

You have been assigned to a client for whom your company designed and implemented an AWS cloud environment. The client is a government contracting firm and handles sensitive data. They have identified a set of IP addresses in a foreign country that has attempted to access their servers. You have been asked to implement a solution which will deny access to the IP address range from which these addresses originate. Which AWS service will best handle denial of a defined set of IP addresses without adding considerable cost?

22 / 65

You are designing your company’s new RDS database environment. Your design include multi-AZ for high availability and you have intentions of reviewing scalability options. But first, you need to determine which storage option meets your performance and cost requirements. You expect to have a small database that could grow to medium sized over time. You also want to have burst performance to meet short term spikes. Which storage option is best for you?

23 / 65

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances.  An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

24 / 65

A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

25 / 65

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

  1. You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
  2. During local business hours, you require between 12-16 instances.
  3. Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

26 / 65

You have implemented multipart uploading in your company’s AWS cloud storage environment. The overall performance has been good but there is some concern about network utilization. Your CFO has also raised concerns about greater than expected storage costs. What steps can you take to address each of these issues with cost as a primary concern? (Choose 2 answers)

27 / 65

You have successfully created your first WordPress blog that is hosted on an Amazon EC2 instance. You’ve noticed that when the public DNS address for your instance changes, it breaks your installation. What could you do to prevent this? (Choose 3 answers)

28 / 65

You are designing an AWS cloud environment for a new client. You will be responsible for designing and implementing the solution while also training their IT personnel to eventually take over administration of the environment. a major part of your task will be educating them on IAM and how to administer IAM moving forward. Which action can be authorized by IAM and is something for which you will have to prepare training material?

29 / 65

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

30 / 65

You are very concerned about security on your network because you have multiple programmers testing APIs and SDKs and you have no idea what is happening. You think CloudTrail may help but are not sure what it does. Which of the following statements best describes the AWS service CloudTrail?

31 / 65

You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this?

32 / 65

You configured a VPC with web servers hosted on EC2 instances in an EC2 Auto Scaling group in a public subnet. You then create a private subnet and deploy your Amazon RDS database servers in it.

You grant a database administrator access to the RDS database instance, but she is unable to connect to it.

What steps can you take to resolve the issue?

33 / 65

Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement?

34 / 65

You are assisting an IT administrator for a client company over the phone. The administrator has created a public subnet and had added two EC2 instances to this subnet. But he is unable to access the Internet from these new EC2 instances and is asking for your assistance. What general checks can he make to ensure proper configuration and Internet access? (Choose 3 answers)

35 / 65

You are configuring your application’s compute layer using AWS EC2 Auto Scaling. When configuring the group’s capacity, you have set the auto scaling group’s minimum capacity to four, the desired capacity to 8, and the maximum capacity to 16. When you deploy your auto scaling group, and the instances have completely deployed, how many instances will there be within your group?

36 / 65

A user has suspended the Auto Scaling process and updates the desired capacity of the Auto Scaling group. Which statements below is correct regarding this update?

37 / 65

What is one security benefit of utilizing the Elastic Load Balancer?

38 / 65

Making use of a(n) ____ when creating instances in Amazon EC2 is your best solution for providing the lowest latency network communication between multiple instances in EC2.

39 / 65

You have been placed in charge of your company’s existing AWS cloud environment. Your company is very large and you have a team of 5 engineers. You are managing IAM with one of your team members as a backup. You will assign two team members to manage the RDS databases and will need two team members managing the VPC and the EC2 instances within it. How can you give your team members the ability to administer the EC2 instances? (Choose 2 answers)

40 / 65

As the lead architect managing the migration from an on-premises data center to the AWS cloud, you are currently considering the most effective network configuration to meet your requirements.

You want your application servers, which will be hosted within Amazon VPC on multiple EC2 instances in a private subnet, to be able to send read and write requests to specific DynamoDB tables without sending HTTP requests over the public internet or VPN.

How can you allow EC2 to connect with your DynamoDB tables given these requirements?

41 / 65

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components come automatically upon creation of a default VPC? (Choose 3 answers)

42 / 65

Which of the following are IAM best practices (Choose 3 answers)

43 / 65

You have been asked to perform some penetration testing on your company’s AWS infrastructure. However, you are not sure who is responsible for this. Which statement describing the AWS policy regarding penetration testing is correct?

44 / 65

A client has contracted you to review their existing AWS cloud environment and recommend and implement best practice changes. You begin by reviewing existing users and Identity Access Management. You immediately notice improvements that can be made with the use of the root account and Identity Access Management. What are the best practice guidelines for use of the root account?

45 / 65

You are designing an Amazon RDS database solution for a new medical supply company. This is a brand new company and they do not have an existing on-premises database. They would like to use Oracle for their new database. With a brand new database, which licensing model will you use for Oracle?

46 / 65

Do you need to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?

47 / 65

You are involved in the design of a client’s AWS cloud environment. A requirements meeting regarding storage leads to the need for EBS volumes in the design. Much of the design will require standard storage but there is a critical business application, which requires sustained IOPs performance. Which EBS storage option is best for critical apps that need high performance?

48 / 65

Your engineers are concerned about application availability during in-place updates to a live Elastic Beanstalk stack. You advise them to consider a blue/green deployment and then list the necessary steps to carry out this deployment. Which steps are valid to include? (Choose 3 answers)

49 / 65

You are preparing a proposal for a prospective new client. They would like their cloud application environment to be highly scalable. Your proposal includes the benefits of scalability on AWS. Which statements regarding scaling are correct? (Choose 2 answers)

50 / 65

You are pulled in on a redesign of a client’s AWS VPC. The client was an early adopter of AWS but wants to improve their overall security in the VPC. The budget allocated for this redesign is very limited and you need to optimize your time. You’ve created new security groups for the VPC. What’s the most expedient way to associate these new security groups with the instances in the VPC?

51 / 65

You have begun your migration into Amazon Web Services using the AWS Database Migration Service. You are pleased that there are no errors; however, the migration tasks are running slowly. You review the resources that have been assigned to the AWS DMS replication instance, and they seem to be adequate. Which other task could you perform to help speed up the initial migration tasks?

52 / 65

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components are optional and should be created at the discretion of the customer? (Choose 3 answers)

53 / 65

A gaming company comes to you and asks you to build infrastructure for their site. They are not sure how big they will be because, as with all startups, they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second.  After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability and persistent storage. Which of the following databases do you think would best fit their needs?

54 / 65

You are helping a client design a static website which will potentially grow exponentially in the first few years of existence. You outline the benefits of using S3 to host this Website. What characteristics of S3 elasticity and scalability can you feature? (Choose 2 answers)

55 / 65

Your company is in the process of designing an Amazon cloud environment. You have been placed in charge of the design and begin reviewing the design artifacts. You notice that the proposed route table has two routes in it: and What do you know about these routes? (Choose 3 answers)

56 / 65

Which of the following accurately describes Elastic Load Balancing? (Choose 3 answers)

57 / 65

Regarding EC2 instances, when are users billed per-second rather than per-hour? (Choose 2 answers)

58 / 65

A user has launched one EC2 instance in the US East region and one in the US West region. The user has launched an RDS instance in the US East region. ow can the user configure access from both the EC2 instances to RDS?

59 / 65

You need to create a JSON-formatted text file for AWS CloudFormation. This is your first template and the only thing you know is that the templates include several major sections but there is only one that is required for it to work. What is the only section required?

60 / 65

A root account owner has created an S3 bucket named ‘testmycloud’. The account owner wants to allow separate AWS accounts to upload objects, and require the separate accounts to manage permissions for their uploaded objects.

Which choice is the easiest way to achieve this?

61 / 65

Your company has recently discovered a massive security leak in which several users’ access credentials were compromised. As a response, the Senior IT Security Manager has requested you to prevent all high-risk data from being modified or deleted by any users, including the root user.

What if the most efficient way to implement this security measure?

62 / 65

After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective?

63 / 65

What would be the best way to retrieve the public IP address of your EC2 instance using the CLI?

64 / 65

Your team has found that a client’s load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

65 / 65

Your company uses multiple Amazon VPCs and is setting up a new office. The company is deciding on the best way to connect this new, remote office network with the company’s Amazon VPC environment.  Due to the fact it is a new office, no VPN equipment or internet connections exist yet, so this office can design any network connection type it desires. The highest priorities are: A predictable network performance A private connection avoiding the public internet Reduced bandwidth costs Minimal administration required to maintain the high availability of network endpoints Which VPC connection option best fits your requirements to connect your new office to one of your VPCs?

Your score is

The average score is 46%


Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode 

Previous articleQuick video guide to automate testing with Saucelabs platform
Next articleAWS Certified Solutions Architect Professional – Free Practice Tests
Admin of, creates & publishes important and useful articles about Cloud Computing Technology

Leave a Reply