aws cloud practitioner practice exam Practice Exam 2025: Latest Questions

A startup wants to deploy a simple web application without managing servers. The application should automatically scale based on traffic and only charge for the compute time used. Which AWS service best meets these requirements?

A security team needs to ensure that an Amazon S3 bucket is not publicly accessible. Which AWS capability provides an account-level control to help prevent public access to S3 buckets?

A company wants to quickly understand and categorize its AWS costs by project and environment (for example, ProjectA-Dev, ProjectA-Prod). What is the recommended approach?

A company wants higher availability for its application by running resources in more than one physical location within the same AWS Region. Which AWS concept describes this design?

A company stores sensitive data in Amazon S3 and must ensure the data is encrypted at rest. They also want AWS to manage the encryption keys automatically. Which solution should they choose?

A company runs a web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). Users report intermittent 5xx errors. Which AWS service is best suited to help identify whether the errors are coming from the load balancer or the application instances?

A company wants to enforce that all new Amazon EBS volumes and Amazon RDS databases are encrypted. Which AWS service helps implement this type of preventative control across accounts using managed rules and policies?

A company wants to design workloads following AWS best practices to improve reliability, security, performance efficiency, cost optimization, and operational excellence. Which AWS resource provides structured guidance for these areas?

A company needs to allow an EC2 instance to read objects from a specific S3 bucket. The company wants to avoid storing long-term access keys on the instance. What is the MOST secure approach?

A company wants to centralize governance for multiple AWS accounts, apply service control policies (SCPs), and simplify consolidated billing. Which AWS service should the company use?

A startup wants to grant an external auditor read-only access to specific Amazon S3 buckets for two weeks. The auditor already has an identity provider (IdP) that supports SAML 2.0. Which approach follows AWS best practices for temporary access without creating long-term IAM users?

A company wants to be alerted when their AWS usage is forecasted to exceed their monthly budget threshold. Which AWS service should they use?

A developer needs to quickly deploy a static website with global low-latency access and HTTPS support. The website content is stored in an S3 bucket. Which solution best meets these requirements?

A security team needs to centrally manage and enforce encryption and key rotation for data used by multiple AWS services (such as S3 and EBS). Which AWS service should they use to create and manage encryption keys?

A company wants to detect publicly accessible Amazon S3 buckets and overly permissive security group rules across multiple AWS accounts. Which AWS service is designed to continuously evaluate these security findings?

A team is troubleshooting an issue where an IAM user cannot delete objects from an S3 bucket, even though the user's IAM policy allows s3:DeleteObject. What is a likely cause?

A company wants a managed way to run containers without provisioning or managing servers. They also want the ability to run containers as tasks and scale based on demand. Which AWS service best fits this need?

A company wants to organize resources and apply consistent access controls across multiple teams in a single AWS account. They also want to allocate costs by team for chargeback reporting. Which combination is MOST appropriate?

A company must ensure that all API activity across its AWS accounts is recorded and retained for compliance investigations. The security team also wants to detect if someone disables logging. Which setup BEST meets these requirements?

An application requires a highly available relational database with automatic failover across multiple Availability Zones, and the company wants AWS to manage backups and patching. Which solution should they choose?

A company wants to enforce that all newly created Amazon S3 buckets must block public access. The company also wants to detect and remediate any bucket that becomes public over time. Which AWS service is BEST suited to implement this at scale?

A developer needs temporary access to a production AWS account to troubleshoot an issue. The company policy requires that long-term access keys are not shared and that access can be granted and revoked quickly. Which approach follows AWS best practices?

A company wants to migrate an application to AWS. The application runs on multiple servers and should automatically increase or decrease capacity based on demand without manual intervention. Which AWS services combination BEST meets this requirement?

A security engineer wants to reduce the blast radius of a potential data exposure. The engineer needs to ensure that an application running on Amazon EC2 can retrieve secrets without embedding credentials in code and that the secrets can be rotated regularly. Which AWS service should be used?

A company needs to ensure that a mission-critical workload can continue operating if an entire AWS Availability Zone becomes unavailable. Which design choice BEST supports this requirement?