50 aws cloud practitioner practice exam Practice Questions: Question Bank 2025

A startup wants to quickly deploy a simple web application without managing servers or operating systems. The application should automatically scale based on demand. Which AWS service is the BEST fit?

A security team wants to centrally control and enforce permissions across multiple AWS accounts in an organization. Which service helps meet this requirement?

A company wants to understand how cloud computing differs from traditional on-premises infrastructure. Which cloud benefit is MOST directly associated with paying only for resources that are used?

A finance team wants to receive an alert when monthly AWS costs are forecasted to exceed a defined threshold. Which AWS service should they use?

A company wants to store data in the cloud with high durability and automatically store older objects at a lower cost without changing the application. Which Amazon S3 feature should they use?

An employee accidentally exposed an AWS access key in a public code repository. The security team wants to identify which AWS API calls were made using that key. Which service provides this information?

A company needs to ensure that an Amazon EC2 instance is not directly reachable from the internet, but it must still download software updates from the internet. Which design meets this requirement?

A company wants to improve its security posture by receiving prioritized recommendations for cost optimization, performance, fault tolerance, and security. Which AWS service provides these best-practice checks?

A company must encrypt data at rest in Amazon S3 and wants full control over the lifecycle of encryption keys, including rotation and access policies. Which option BEST meets these requirements?

A company runs workloads in multiple AWS Regions and wants to design for high availability. Which statement BEST describes how Availability Zones (AZs) help achieve this goal?

A startup wants to quickly deploy and manage a simple web application without managing servers, scaling policies, or operating system patching. Which AWS service best fits this requirement?

A company wants to securely store database credentials used by an application running on AWS. The solution must support automatic rotation and fine-grained access control. Which AWS service should the company use?

Which statement best describes the AWS shared responsibility model?

A company wants to detect publicly accessible Amazon S3 buckets and overly permissive security group rules across multiple AWS accounts. Which AWS service can continuously evaluate these configurations against best practices?

A company is designing a highly available application in a single AWS Region. Which approach best improves availability and fault tolerance for the application?

A developer wants to store and query key-value data with single-digit millisecond latency at any scale. Which AWS service is designed for this use case?

A company wants to improve its security posture by ensuring IAM users do not have long-term access keys unless necessary and that multi-factor authentication (MFA) is enabled where appropriate. Which AWS tool provides guided security recommendations related to IAM configurations?

A company needs to provide a one-time report to auditors showing which AWS API calls were made, when they occurred, and which identity performed them. Which AWS service should the company use?

A company wants a cost-effective solution to archive large volumes of data that is rarely accessed and can tolerate retrieval times measured in hours. Which Amazon S3 storage class is the best fit?

A company operates multiple AWS accounts and wants to apply preventive controls so that no account can disable required security services and all accounts must follow a standard baseline. Which AWS capability is best suited to enforce these requirements at scale?

A company wants to improve its security posture by receiving automated findings when resources deviate from common security best practices (for example, publicly accessible storage or overly permissive security groups). Which AWS service is designed to provide these kinds of security findings and recommendations?

A developer accidentally committed an AWS access key to a public code repository. What is the MOST appropriate immediate action to reduce the risk of unauthorized use?

A company is designing an application that should automatically add or remove compute capacity based on demand while minimizing manual intervention. Which AWS service or feature best meets this requirement?

An organization uses AWS Organizations and wants to ensure that no account in a specific organizational unit (OU) can disable AWS CloudTrail. Which approach should be used?

A company wants to encrypt Amazon S3 objects using keys that the company controls and can rotate automatically. The company also wants detailed audit logs of key usage in AWS. Which S3 encryption option best fits these requirements?

An application stores frequently accessed data in memory for low-latency reads. Users report intermittent errors during traffic spikes, and metrics show the in-memory data store reaching its maximum connections. Which AWS service is the MOST likely in use, and what is a common way to address the issue?

A company needs to centrally track and allocate AWS costs by department across multiple accounts. Each department uses a separate account in AWS Organizations. Which combination of actions will BEST support accurate cost allocation reporting?

A security team must detect potentially compromised EC2 instances by identifying suspicious network behavior and unusual API activity across multiple AWS accounts. Which AWS service is MOST appropriate to enable for continuous threat detection?

A company wants to restrict internet access to its EC2 instances while still allowing those instances to download operating system updates from the internet. The instances are in private subnets. Which architecture component should the company add?

A company wants to ensure that employees can sign in to AWS using existing corporate identities and enforce multi-factor authentication (MFA) centrally. The company also wants to reduce the need to manage IAM users in each AWS account. Which solution best meets these requirements?

A company wants to detect and remediate resources that do not comply with internal policies (for example, S3 buckets that allow public access). Which AWS service is designed to continuously evaluate resource configurations against rules?

A developer needs to store database credentials that an application running on Amazon EC2 can retrieve securely at runtime. The company wants automatic rotation capabilities. Which AWS service best meets this requirement?

A company wants an AWS managed service that provides a single view of operational data (for example, metrics, logs, and alarms) and helps engineers respond to incidents. Which service should the company use?

An organization is migrating an on-premises application to AWS. The application has variable traffic with unpredictable spikes. Which cloud concept provides the ability to automatically add or remove capacity to match demand?

A solutions architect wants to reduce the operational overhead of patching and maintaining servers for a web application. Which AWS compute option requires the least server management while still running code in response to events?

A company requires all newly created Amazon EBS volumes to be encrypted to meet compliance requirements. Which approach should the company use to enforce this across accounts?

A finance team wants to receive an alert when estimated monthly AWS charges exceed a defined threshold. Which AWS feature should they use?

A company hosts a static website on Amazon S3 and wants to improve performance for users globally while reducing latency. Which solution should the company use?

A security engineer is investigating whether an IAM user’s access key was used to make unauthorized API calls. Which AWS service provides a record of API calls made in the account, including the caller identity and source IP address?

A company wants to control access to AWS services based on attributes such as department and project without creating and managing many IAM roles for every combination. Which IAM capability best supports this requirement?

A company wants a simple way to visually build and run serverless workflows that coordinate multiple AWS services (for example, invoking Lambda functions and calling other AWS APIs). Which service should the company use?

A user wants to log in to an AWS account with the fewest permissions required to view billing information but not modify account settings. What is the AWS best practice to meet this requirement?

A company wants to deploy identical AWS environments for development and production with consistent configurations and repeatable provisioning. Which AWS service is designed for this purpose?

A company is building a static website and wants to store and serve HTML, CSS, JavaScript, and images with high durability and low operational overhead. Which AWS solution should the company use?

A company wants to automatically encrypt all new objects uploaded to an Amazon S3 bucket without requiring application changes. Which approach meets this requirement?

A company wants to reduce risk by ensuring that only approved AWS services and actions are allowed across all accounts in an AWS Organization, even if an IAM policy would otherwise allow them. Which capability should the company use?

A company needs to collect and search application logs from multiple Amazon EC2 instances in near real time and set alarms based on specific log patterns. Which AWS service is best suited for this requirement?

A finance team wants to track and allocate AWS costs by business unit using metadata applied to resources (for example, cost center and application name). What should the team use?

A company requires that data stored in Amazon S3 cannot be deleted or overwritten for a fixed retention period to meet regulatory requirements. Which S3 capability should the company use?

A company runs workloads across multiple AWS accounts and wants a centralized way to create and manage VPCs, subnets, and shared network services (such as shared internet egress) while keeping application workloads in separate accounts. Which AWS service is designed to help meet this requirement?