AWS Cloud Final

Question 1

Which AWS service provides DNS routing and supports health checks?

1: Amazon EC2
2:Amazon Route 53
3:AWS IAM
4: Amazon S3

Answer 1

2: Amazon Route 53

Amazon Route 53 offers DNS services with health check capabilities.

Question 2

Which AWS service lets you define infrastructure as code using YAML or JSON?

1:AWS CloudFormation 2:AWS CodePipeline 3:Amazon RDS
4: Amazon EC2

Answer 2

1:AWS CloudFormation

AWS CloudFormation allows you to manage infrastructure using code templates.

Question 3

Which load balancer operates at Layer 7 of the OSI model?

1:Network Load Balancer 2:Application Load Balancer
3:Classic Load Balancer 4: Gateway Load Balancer

Answer 3

Application Load Balancer

Application Load Balancer operates at the application layer (Layer 7).

Question 4

Which service automatically scales EC2 instances based on policies?

1:Amazon EC2 Auto Scaling
2:Amazon CloudWatch 3:AWS Lambda
4:Amazon RDS

Answer 4

1:Amazon EC2 Auto

Amazon EC2 Auto Scaling adjusts capacity based on demand.

Question 5

Which Amazon database supports read replicas and vertical scaling?

1:Amazon S3
2: Amazon RDS
3: Amazon CloudFront 4: Amazon EBS

Answer 5

2: Amazon RDS

Amazon RDS supports both vertical scaling and read replicas for horizontal scaling.

Question 6

What AWS service can alert you based on metric thresholds?

1: AWS IAM
2: AWS Lambda
3: Amazon CloudWatch 4: Amazon S3

Answer 6

3: Amazon CloudWatch

Amazon CloudWatch allows alarm-based notifications based on metric thresholds.

Question 7

What AWS service provides a virtual network in the cloud?

1: Amazon EC2 2:Amazon VPC
3: Amazon Route 53 4:AWS CloudTrail

Answer 7

2:Amazon VPC

Amazon VPC allows you to define a logically isolated section of the AWS cloud.

Question 8

Which AWS storage option is object-based?

1: Amazon EBS
2: Amazon EFS
3: Amazon S3
4: Amazon RDS

Answer 8

3: Amazon S3

Amazon S3 is an object storage service.

Question 9

Q: Which service allows routing traffic based on geography?
1. Amazon CloudFront
2. Amazon Route 53
3. AWS Lambda@Edge
4. AWS Global Accelerator

Answer 9

“Answer: 2. Amazon Route 53
Explanation: Amazon Route 53 supports geolocation-based routing.”

Question 10

“Q: Which AWS service helps monitor API activity across your AWS account?
1. Amazon CloudFront
2. AWS IAM
3. AWS CloudTrail
4. AWS Config”

Answer 10

“Answer: 3. AWS CloudTrail
Explanation: AWS CloudTrail logs all API requests in your AWS environment.”

Question 11

“Q: You deployed a web app in EC2, but users report the site is unreachable. What’s the first thing to check?
1. DNS records
2. Security group rules
3. Auto Scaling policy
4. CloudFormation template”

Answer 11

“Answer: 2. Security group rules
Explanation: Security groups may not allow HTTP/HTTPS traffic.”

Question 12

“Q: Your EC2 instance in a public subnet has no internet access. What might be missing?
1. Elastic IP
2. Internet Gateway
3. Security group rule
4. CloudWatch Logs”

Answer 12

“Answer: 2. Internet Gateway
Explanation: A public subnet must be associated with a route table pointing to an Internet Gateway.”

Question 13

“Q: An application in a private subnet cannot access the internet. What should you add?
1. Elastic Load Balancer
2. Public IP
3. NAT Gateway
4. Auto Scaling Group”

Answer 13

“Answer: 3. NAT Gateway
Explanation: A NAT Gateway enables internet access for private subnets.”

Question 14

“Q: A CloudWatch alarm isn’t triggering scaling. What could be wrong?
1. IAM permissions
2. Metric namespace
3. S3 bucket policy
4. SNS topic”

Answer 14

“Answer: 2. Metric namespace
Explanation: Incorrect metric namespace will prevent the alarm from evaluating properly.”

Question 15

“Q: A user can’t SSH into an EC2 instance. Which is the most likely issue?
1. Key pair mismatch
2. Wrong AMI
3. Missing DNS
4. IAM role not attached”

Answer 15

“Answer: 1. Key pair mismatch
Explanation: Without the correct key pair, SSH access is not possible.”

Question 16

“Q: An EC2 instance can’t connect to an RDS instance. What’s likely missing?
1. Elastic IP
2. Correct route table
3. RDS security group rule
4. Auto Scaling”

Answer 16

“Answer: 3. RDS security group rule
Explanation: The RDS security group must allow access from the EC2 instance’s security group.”

Question 17

“Q: Your team needs to deploy the same infrastructure repeatedly. Which AWS service helps?
1. Amazon S3
2. AWS CloudFormation
3. Amazon RDS
4. AWS IAM”

Answer 17

“Answer: 2. AWS CloudFormation
Explanation: CloudFormation allows repeatable deployments via code.”

Question 18

“Q: You want to route 70% of users to version A and 30% to version B. Which policy applies?
1. Failover
2. Simple
3. Weighted
4. Latency”

Answer 18

“Answer: 3. Weighted
Explanation: Weighted routing distributes traffic in a specified ratio.”

Question 19

“Q: A developer manually changed a CloudFormation-deployed resource. How can you detect this?
1. Change Set
2. CloudWatch Logs
3. Drift Detection
4. Auto Scaling”

Answer 19

“Answer: 3. Drift Detection
Explanation: Drift Detection shows resources that have changed outside the template.”

Question 20

“Q: Which AWS service helps build and deploy serverless apps using IaC?
1. AWS SAM
2. Amazon ECS
3. AWS Lambda
4. Amazon EC2”

Answer 20

“Answer: 1. AWS SAM
Explanation: AWS SAM is an extension of CloudFormation for serverless apps.”

Question 21

“Q: Which best practice increases availability in your architecture?
1. Single AZ deployments
2. Manual backups
3. Multi-AZ deployments
4. Using EC2 Spot Instances”

Answer 21

“Answer: 3. Multi-AZ deployments
Explanation: Multi-AZ deployment provides failover capabilities.”

Question 22

“Q: Which tool lets you preview changes before applying them to a stack?
1. Update Stack
2. Drift Detection
3. Change Sets
4. Stack Policies”

Answer 22

“Answer: 3. Change Sets
Explanation: Change Sets allow previewing proposed stack changes.”

Question 23

“Q: You need to notify admin teams when CPU usage spikes. What should you use?
1. CloudTrail
2. SNS + CloudWatch Alarm
3. Auto Scaling
4. VPC Flow Logs”

Answer 23

“Answer: 2. SNS + CloudWatch Alarm
Explanation: CloudWatch alarms can trigger notifications via SNS.”

Question 24

“Q: Which service lets you host static websites with high durability?
1. Amazon RDS
2. Amazon EFS
3. Amazon S3
4. Amazon EC2”

Answer 24

“Answer: 3. Amazon S3
Explanation: Amazon S3 supports static website hosting with 99.999999999% durability.”

Question 25

"Q: Which scaling policy uses past trends to adjust capacity? 1. Manual 2. Step scaling 3. Predictive scaling 4. Scheduled"

Answer 25

"Answer: 3. Predictive scaling Explanation: Predictive scaling forecasts demand based on historical patterns."

Question 26

"Q: What AWS service is used to collect metrics and logs across AWS services? 1. Amazon CloudWatch 2. Amazon Route 53 3. Amazon EC2 4. AWS IAM"

Answer 26

"Answer: 1. Amazon CloudWatch Explanation: Amazon CloudWatch collects metrics and logs to help monitor AWS environments."

Question 27

"Q: Which scaling strategy involves adding more instances instead of upgrading existing ones? 1. Vertical scaling 2. Horizontal scaling 3. Static scaling 4. Dynamic scaling"

Answer 27

"Answer: 2. Horizontal scaling Explanation: Horizontal scaling adds resources instead of upgrading existing ones."

Question 28

"Q: Which service helps distribute incoming application traffic across multiple targets? 1. Amazon CloudWatch 2. Elastic Load Balancing 3. Amazon EC2 4. Amazon S3"

Answer 28

"Answer: 2. Elastic Load Balancing Explanation: Elastic Load Balancing distributes traffic across targets in multiple Availability Zones."

Question 29

"Q: What DNS service is used for routing and health checking in AWS? 1. Amazon CloudWatch 2. Amazon Route 53 3. AWS Budgets 4. AWS Direct Connect"

Answer 29

"Answer: 2. Amazon Route 53 Explanation: Amazon Route 53 is used for DNS routing and supports health checks."

Question 30

"Q: What AWS service allows for infrastructure deployment via templates? 1. AWS CloudFormation 2. AWS IAM 3. Amazon EC2 4. Amazon RDS"

Answer 30

"Answer: 1. AWS CloudFormation Explanation: AWS CloudFormation is used for infrastructure as code deployment."

Question 31

"Q: Which CloudFormation template format is known for readability and supports comments? 1. JSON 2. YAML 3. XML 4. CSV"

Answer 31

"Answer: 2. YAML Explanation: YAML is optimized for readability and supports comments."

Question 32

"Q: Which AWS tool provides version-controlled, reproducible infrastructure setups? 1. AWS Elastic Beanstalk 2. AWS CloudFormation 3. Amazon RDS 4. Amazon S3"

Answer 32

"Answer: 2. AWS CloudFormation Explanation: AWS CloudFormation allows version-controlled, repeatable infrastructure deployments."

Question 33

"Q: Which feature of CloudFormation identifies resources changed outside of the stack? 1. Update Stack 2. Drift Detection 3. Stack Output 4. Stack Policy"

Answer 33

"Answer: 2. Drift Detection Explanation: Drift Detection checks for manual changes outside of CloudFormation templates."

Question 34

"Q: Which load balancer type works at OSI layer 7 and is used for web applications? 1. Network Load Balancer 2. Classic Load Balancer 3. Application Load Balancer 4. Gateway Load Balancer"

Answer 34

"Answer: 3. Application Load Balancer Explanation: Application Load Balancer operates at layer 7, the application layer."

Question 35

"Q: What type of scaling uses scheduled actions and predictive policies? 1. Manual scaling 2. Amazon EC2 Auto Scaling 3. AWS Lambda scaling 4. CloudFront scaling"

Answer 35

"Answer: 2. Amazon EC2 Auto Scaling Explanation: Amazon EC2 Auto Scaling uses scheduled actions, dynamic and predictive policies."

Question 36

"Q: Your application must automatically scale EC2 instances during traffic surges. What should you use? 1. Amazon RDS 2. Amazon EC2 Auto Scaling 3. AWS IAM 4. Amazon S3"

Answer 36

"Answer: 2. Amazon EC2 Auto Scaling Explanation: Amazon EC2 Auto Scaling automatically adjusts the number of instances based on demand."

Question 37

"Q: A company wants to distribute HTTP traffic to only healthy targets across multiple zones. What service should they use? 1. Amazon S3 2. Amazon Route 53 3. Elastic Load Balancing 4. Amazon EC2"

Answer 37

"Answer: 3. Elastic Load Balancing Explanation: Elastic Load Balancing checks target health and distributes traffic accordingly."

Question 38

"Q: An app needs to detect and report cost anomalies in AWS usage. Which tools are most appropriate? 1. CloudWatch Logs 2. AWS Budgets and Cost Explorer 3. Amazon EC2 4. AWS Lambda"

Answer 38

"Answer: 2. AWS Budgets and Cost Explorer Explanation: AWS Budgets and Cost Explorer help monitor and report cost anomalies."

Question 39

"Q: A template must deploy both a 2-AZ prod and 1-AZ dev environment. Which CloudFormation feature should be used? 1. Transform 2. Conditions 3. Mappings 4. Parameters"

Answer 39

"Answer: 2. Conditions Explanation: Conditions allow you to define logic for resources created under certain scenarios."

Question 40

"Q: A developer needs real-time assistance while writing a CloudFormation template. What tool can help? 1. AWS Cloud9 2. Amazon Q Developer 3. AWS Lambda 4. Amazon Polly"

Answer 40

"Answer: 2. Amazon Q Developer Explanation: Amazon Q Developer provides code suggestions and template help in real time."

Question 41

"Q: A business wants to reduce risks from manual infrastructure deployment. What should they adopt? 1. Manual provisioning 2. Infrastructure as Code 3. Elastic Load Balancing 4. Amazon EC2 Auto Scaling"

Answer 41

"Answer: 2. Infrastructure as Code Explanation: Infrastructure as Code minimizes human error and increases deployment reliability."

Question 42

"Q: You want to preview stack changes before deployment. What CloudFormation feature allows this? 1. Stack Drift 2. Change Sets 3. Template Validator 4. Stack Output"

Answer 42

"Answer: 2. Change Sets Explanation: Change Sets allow you to see the impact of changes before applying them."

Question 43

"Q: A service needs to serve global DNS traffic with failover capability. What Route 53 policy should be used? 1. Weighted routing 2. Failover routing 3. Simple routing 4. Geolocation routing"

Answer 43

"Answer: 2. Failover routing Explanation: Failover routing allows traffic to shift based on health checks to backup endpoints."

Question 44

"Q: How does AWS ensure high availability in databases with automatic failover? 1. RDS Single-AZ 2. Amazon S3 3. RDS Multi-AZ 4. Route 53 Failover"

Answer 44

"Answer: 3. RDS Multi-AZ Explanation: RDS Multi-AZ ensures availability through synchronous standby replication."

Question 45

"Q: A developer notices unauthorized config changes in AWS resources. What should they use to investigate? 1. CloudWatch 2. CloudTrail 3. Drift Detection 4. AWS Config"

Answer 45

"Answer: 3. Drift Detection Explanation: Drift Detection identifies differences between template and deployed resources."

Question 46

"Q: What AWS service automatically adjusts EC2 capacity to maintain desired performance? 1. Elastic Load Balancing 2. EC2 Auto Scaling 3. Amazon RDS 4. Amazon CloudFront"

Answer 46

"Answer: 2. EC2 Auto Scaling Explanation: EC2 Auto Scaling adjusts the number of EC2 instances automatically."

Question 47

"Q: Which AWS service distributes incoming traffic across multiple resources? 1. AWS VPN 2. Amazon Route 53 3. Elastic Load Balancing 4. Amazon S3"

Answer 47

"Answer: 3. Elastic Load Balancing Explanation: Elastic Load Balancing distributes traffic across targets like EC2 instances."

Question 48

"Q: What database service allows automatic scaling based on application needs? 1. Amazon RDS 2. Amazon Aurora Serverless 3. Amazon DynamoDB Streams 4. AWS Glue"

Answer 48

"Answer: 2. Amazon Aurora Serverless Explanation: Aurora Serverless automatically adjusts database capacity based on load."

Question 49

"Q: What is the maximum number of Aurora read replicas supported? 1. 5 2. 10 3. 15 4. 20"

Answer 49

"Answer: 3. 15 Explanation: Aurora supports up to 15 read replicas."

Question 50

"Q: Which service monitors AWS resources and applications in real time? 1. AWS IAM 2. AWS Systems Manager 3. Amazon CloudWatch 4. Amazon Macie"

Answer 50

"Answer: 3. Amazon CloudWatch Explanation: Amazon CloudWatch provides metrics and real-time monitoring."

Question 51

"Q: Which DNS service supports health checking and failover routing? 1. Amazon S3 2. Amazon Route 53 3. AWS Direct Connect 4. Amazon Inspector"

Answer 51

"Answer: 2. Amazon Route 53 Explanation: Amazon Route 53 supports DNS-based health checks and failover routing."

Question 52

"Q: Which service uses Events and Rules to automate resource actions? 1. AWS Lambda 2. Amazon EventBridge 3. Amazon SQS 4. Amazon EC2 Auto Recovery"

Answer 52

"Answer: 2. Amazon EventBridge Explanation: EventBridge routes events to services based on defined rules."

Question 53

"Q: Which service allows defining infrastructure as code in YAML or JSON? 1. AWS Systems Manager 2. AWS CloudFormation 3. AWS Config 4. AWS Organizations"

Answer 53

"Answer: 2. AWS CloudFormation Explanation: AWS CloudFormation templates allow defining AWS resources in code."

Question 54

"Q: Which AWS service is used for automating OS patch management across EC2? 1. AWS OpsWorks 2. AWS Systems Manager 3. AWS CloudTrail 4. Amazon SNS"

Answer 54

"Answer: 2. AWS Systems Manager Explanation: AWS Systems Manager automates patching, inventory, and configuration tasks."

Question 55

"Q: Which managed service allows easy deployment of web apps without managing infrastructure? 1. AWS CodePipeline 2. AWS Elastic Beanstalk 3. AWS AppConfig 4. AWS Amplify"

Answer 55

"Answer: 2. AWS Elastic Beanstalk Explanation: Elastic Beanstalk manages infrastructure for web applications automatically."

Question 56

"Q: A retail company's mobile app has unpredictable usage. They require a database that can automatically scale up and down and minimize costs during off-peak hours. Which service should they choose? 1. Amazon Aurora with provisioned instances 2. Amazon Aurora Serverless 3. Amazon DynamoDB with reserved capacity 4. Amazon RDS MySQL Multi-AZ"

Answer 56

"Answer: 2. Amazon Aurora Serverless Explanation: Aurora Serverless scales compute capacity automatically based on application load."

Question 56

"Q: Your website experiences unpredictable surges every evening. You need to maintain a consistent average CPU utilization across EC2 instances without manual intervention. Which Auto Scaling policy should you configure? 1. Simple scaling policy 2. Step scaling policy 3. Target tracking policy 4. Scheduled scaling policy"

Answer 56

"Answer: 3. Target tracking policy Explanation: Target tracking policies automatically adjust instance counts to maintain a target metric like CPU utilization."

Question 57

"Q: An application must stay highly available even if an entire AWS Availability Zone becomes unavailable. How should you design the application environment? 1. Use Auto Scaling across multiple AZs with Elastic Load Balancing 2. Deploy instances in a single large AZ 3. Set up EC2 Spot Instances without Load Balancing 4. Use an Internet Gateway with NAT"

Answer 57

"Answer: 1. Use Auto Scaling across multiple AZs with Elastic Load Balancing Explanation: Using Auto Scaling groups spanning multiple AZs with an ELB ensures high availability."

Question 58

"Q: You want to automatically scale your EC2 instances when CPU utilization crosses 80% and send a notification to the Ops team. What two services would you configure together? 1. CloudWatch Alarms and SNS 2. CloudTrail and Lambda 3. VPC Flow Logs and SQS 4. Trusted Advisor and Auto Scaling"

Answer 58

"Answer: 1. CloudWatch Alarms and SNS Explanation: CloudWatch Alarms monitor metrics and can trigger SNS notifications."

Question 59

"Q: You must automate and replicate an environment setup across multiple AWS accounts and regions. Which service and method combination should you use? 1. AWS Elastic Beanstalk environments 2. AWS CloudFormation with cross-account templates 3. AWS Systems Manager Inventory 4. Amazon EC2 User Data"

Answer 59

"Answer: 2. AWS CloudFormation with cross-account templates Explanation: CloudFormation supports multi-account, multi-region deployments using StackSets."

Question 60

"Q: After deployment, your team modifies EC2 security groups manually. How can you ensure future changes align with the infrastructure-as-code approach? 1. Use drift detection in CloudFormation and enforce template updates 2. Enable resource locking in AWS IAM 3. Delete the manual changes and restart the instance 4. Enable AWS Config recording only"

Answer 60

"Answer: 1. Use drift detection in CloudFormation and enforce template updates Explanation: Drift detection detects resource deviations, and corrections should be made through template updates."

Question 61

"Q: An enterprise requires a patch management system to update thousands of EC2 instances across multiple Regions automatically, while maintaining compliance reports. Which AWS service combination is best? 1. AWS Systems Manager Patch Manager with Resource Groups 2. AWS Lambda and Amazon S3 3. AWS Config and Elastic Beanstalk 4. AWS CloudFormation and EC2 Auto Scaling"

Answer 61

"Answer: 1. AWS Systems Manager Patch Manager with Resource Groups Explanation: Systems Manager Patch Manager can patch instances across multiple Regions and maintain patch compliance reporting."

Question 62

"Q: You want to deploy and manage a scalable Node.js web application, while minimizing infrastructure management overhead. What AWS service best fits this use case? 1. AWS Elastic Beanstalk 2. AWS OpsWorks 3. Amazon CloudFront 4. AWS Batch"

Answer 62

"Answer: 1. AWS Elastic Beanstalk Explanation: Elastic Beanstalk abstracts infrastructure tasks, allowing developers to focus on application code."

Question 63

"Q: You want to trigger an automated Lambda function response when an EC2 instance enters a 'stopped' state. What AWS service do you configure? 1. Amazon EventBridge rule with EC2 event pattern 2. CloudTrail with S3 event trigger 3. AWS Config with managed rules 4. AWS Systems Manager Automation Documents"

Answer 63

"Answer: 1. Amazon EventBridge rule with EC2 event pattern Explanation: EventBridge can detect EC2 state changes and trigger Lambda functions based on events."

Question 64

"Q: Before updating a CloudFormation stack in production, you want to simulate the changes and review the impact. Which feature should you use? 1. Stack Drift Detection 2. Stack Set Replication 3. Change Sets 4. Resource Import"

Answer 64

"Answer: 3. Change Sets Explanation: Change Sets allow you to preview changes before applying updates to your live stack."

Question 65

"Q: What protocol does AWS Site-to-Site VPN use to create encrypted tunnels? 1. TLS 2. SSL 3. IPSec 4. SSH"

Answer 65

"Answer: 3. IPSec Explanation: AWS Site-to-Site VPN uses IPSec to create encrypted VPN tunnels."

Question 66

"Q: What is the maximum capacity for AWS Direct Connect? 1. 100 Mbps 2. 500 Mbps 3. 1 Gbps or 10 Gbps 4. 5 Gbps"

Answer 66

"Answer: 3. 1 Gbps or 10 Gbps Explanation: AWS Direct Connect supports 1 Gbps and 10 Gbps connections."

Question 67

"Q: Which AWS service enables VPC-to-VPC connections across different accounts and regions? 1. AWS Direct Connect 2. VPC Peering 3. AWS VPN 4. Transit Gateway"

Answer 67

"Answer: 2. VPC Peering Explanation: VPC Peering supports connections across AWS accounts and Regions."

Question 68

"Q: Which of the following supports only one peering connection between two VPCs? 1. AWS Direct Connect 2. VPC Peering 3. Transit Gateway 4. VPN"

Answer 68

"Answer: 2. VPC Peering Explanation: VPC Peering allows only one connection between any two VPCs."

Question 69

"Q: Which service uses a hub-and-spoke model to manage connectivity between multiple VPCs? 1. AWS VPN 2. VPC Peering 3. Transit Gateway 4. Direct Connect"

Answer 69

"Answer: 3. Transit Gateway Explanation: AWS Transit Gateway uses a hub-and-spoke model."

Question 70

"Q: Which IAM entity can be used to delegate temporary access to AWS resources? 1. IAM Group 2. IAM Role 3. IAM User 4. IAM Policy"

Answer 70

"Answer: 2. IAM Role Explanation: IAM Roles allow temporary access and can be assumed by users, services, or apps."

Question 71

"Q: Which of the following is a characteristic of AWS Identity and Access Management (IAM) policies? 1. Written in YAML 2. Used only for root users 3. Formatted in JSON 4. Only work with EC2"

Answer 71

"Answer: 3. Formatted in JSON Explanation: IAM policies are JSON documents."

Question 72

"Q: What tool provides temporary credentials for federated users? 1. Amazon Cognito 2. IAM Roles 3. AWS STS 4. AWS KMS"

Answer 72

"Answer: 3. AWS STS Explanation: AWS STS provides temporary, limited-privilege credentials."

Question 73

"Q: Which feature of IAM helps organize users by job function? 1. IAM Roles 2. IAM Groups 3. Resource-based policies 4. MFA"

Answer 73

"Answer: 2. IAM Groups Explanation: IAM Groups simplify user permission management by job role."

Question 74

"Q: Which AWS service allows policy enforcement across multiple AWS accounts? 1. IAM 2. Amazon Cognito 3. AWS Organizations 4. AWS SSO"

Answer 74

"Answer: 3. AWS Organizations Explanation: AWS Organizations enables policy enforcement via SCPs across accounts."

Question 75

"Q: A business wants a secure, fault-tolerant way to connect its on-premises data center to AWS. Which solution should they use? 1. Use AWS Direct Connect with backup VPN 2. Use EC2 instances with public IPs 3. Use a VPC peering connection 4. Use NAT Gateway"

Answer 75

"Answer: 1. Use AWS Direct Connect with backup VPN Explanation: For fault-tolerance, Direct Connect with VPN backup is recommended."

Question 76

"Q: Your company needs to allow multiple VPCs to communicate without creating multiple peering connections. What service should you use? 1. VPC Peering 2. AWS STS 3. Amazon Cognito 4. AWS Transit Gateway"

Answer 76

"Answer: 4. AWS Transit Gateway Explanation: Transit Gateway is ideal for connecting multiple VPCs efficiently."

Question 77

"Q: A developer needs to read S3 files from an EC2 instance without storing credentials on the instance. What should you do? 1. Use instance metadata to retrieve IAM role credentials 2. Store keys in S3 3. Use root user access 4. Attach policy to EC2 group"

Answer 77

"Answer: 1. Use instance metadata to retrieve IAM role credentials Explanation: IAM roles and instance profiles allow access via instance metadata without storing credentials."

Question 78

"Q: An IAM policy must allow EC2 instance termination but only from IPs in a specific CIDR range. What should you use? 1. Identity-based policy 2. Policy with aws:SourceIp condition 3. Attach policy to EC2 4. Use an IAM Group"

Answer 78

"Answer: 2. Policy with aws:SourceIp condition Explanation: Use a condition in the policy like aws:SourceIp to restrict based on IP range."

Question 79

"Q: A company needs to limit access to DynamoDB for temporary contractors. What’s the best IAM strategy? 1. Use root user access 2. Create IAM group 3. Use IAM roles with STS 4. Use Amazon Cognito"

Answer 79

"Answer: 3. Use IAM roles with STS Explanation: IAM roles combined with STS allow temporary access for limited durations."

Question 80

"Q: You are designing access control for a large number of users and want to manage access based on attributes. What should you implement? 1. Role-based access control 2. Attribute-based access control (ABAC) 3. IAM Groups 4. Instance Profiles"

Answer 80

"Answer: 2. Attribute-based access control (ABAC) Explanation: ABAC scales well by using user/resource tags as access criteria."

Question 81

"Q: An EC2-hosted application must access S3 securely. The best approach is to: 1. Store credentials in user data 2. Use an IAM role assigned to the EC2 instance 3. Use a NAT Gateway 4. Use an S3 bucket policy"

Answer 81

"Answer: 2. Use an IAM role assigned to the EC2 instance Explanation: Using IAM roles via instance profiles is the secure method for granting S3 access."

Question 82

"Q: You need to restrict developers from stopping production EC2 instances while giving full access to dev instances. What should you do? 1. Use one IAM policy with Deny for production ARNs 2. Create two IAM roles 3. Restrict via AWS Organizations 4. Use MFA"

Answer 82

"Answer: 1. Use one IAM policy with Deny for production ARNs Explanation: Explicit Deny statements in IAM policies can prevent access to production resources."

Question 83

"Q: To allow social media login to a mobile app and access AWS resources, which service is best? 1. Amazon Cognito 2. IAM Role 3. AWS STS 4. IAM User"

Answer 83

"Answer: 1. Amazon Cognito Explanation: Amazon Cognito supports social identity federation and temporary AWS credentials."

Question 84

"Q: To prevent users from disabling CloudTrail in any account within the organization, which service should you use? 1. IAM policy 2. Amazon Cognito 3. AWS CloudTrail 4. AWS Organizations SCP"

Answer 84

"Answer: 4. AWS Organizations SCP Explanation: SCPs prevent users in any account from disabling CloudTrail regardless of local permissions."