50 aws solutions architect associate practice exam Practice Questions: Question Bank 2025

A company wants to store long-term backups in Amazon S3. The security team requires that the data cannot be deleted or overwritten for 7 years, even by administrators. Which solution meets these requirements?

A Solutions Architect needs to design an application tier that automatically adds or removes EC2 instances based on demand and replaces unhealthy instances. Which solution should be used?

A web application uses Amazon CloudFront in front of an Application Load Balancer. The security team wants to ensure that users can access the application only through CloudFront and not directly through the load balancer. What should a Solutions Architect do?

A company needs a highly available relational database for an online transaction processing (OLTP) application. The solution must automatically fail over to a standby in a different Availability Zone with minimal administrative effort. Which solution meets these requirements?

A serverless API built with Amazon API Gateway and AWS Lambda experiences occasional spikes in traffic. Some Lambda invocations fail due to downstream database throttling. The company wants to absorb traffic bursts and process requests asynchronously without losing data. Which design should be used?

An application runs on Amazon EC2 instances behind an Application Load Balancer. Users in multiple geographic regions report high latency. The company wants to reduce latency by routing users to the nearest AWS edge location while keeping the same application origin. Which solution should be used?

A company has an S3 bucket that contains sensitive documents. Only a specific VPC should be able to access the bucket, and access must not traverse the public internet. Which solution meets these requirements?

A company runs a batch processing workload that can start and stop at any time, and jobs can be interrupted and restarted without impact. The company wants to reduce compute costs. Which solution should a Solutions Architect recommend?

A healthcare company must ensure encryption of data at rest for an Amazon RDS for PostgreSQL database. The security team also requires that AWS cannot access the plaintext data keys and that key usage can be audited. Which solution should be used?

A company runs a multi-tier application in a VPC across two Availability Zones. The application uses NAT gateways for private subnets to access the internet for software updates. During an Availability Zone failure, instances in the remaining AZ lose outbound internet access. How should the architecture be modified to maintain outbound access during an AZ failure while following AWS best practices?

A company stores monthly compliance reports in an S3 bucket. Only the security team should be able to read the objects, and no one (including admins) should be able to delete or overwrite reports for 7 years. Which solution best meets these requirements?

A company runs a public application on Amazon EC2 instances in a VPC. The instances must download operating system updates from the internet, but the instances must not accept inbound connections directly from the internet. Which solution meets these requirements?

A solutions architect needs to encrypt data at rest for an Amazon RDS for MySQL DB instance using a customer managed key. The encryption must be enabled with minimal operational effort. Which solution should the architect choose?

A web application uses Amazon API Gateway (REST) integrated with AWS Lambda. During traffic spikes, users report intermittent 429 (Too Many Requests) responses. The Lambda function concurrency limit is high enough, and no errors appear in function logs. What is the MOST likely cause and the best mitigation?

A company hosts a static website on Amazon S3 with Amazon CloudFront. The site includes sensitive downloadable documents that must be accessible only to authenticated users. The company wants to prevent users from directly accessing the S3 bucket. Which solution should a solutions architect implement?

A company runs a stateful application on EC2 instances in a single Availability Zone. The application stores session state on the instance filesystem. The company needs to increase availability across multiple Availability Zones with minimal code changes. Which approach is BEST?

A data processing workload runs on Amazon ECS on EC2 and writes intermediate results to an NFS file system. During peak hours, the file system becomes a bottleneck with high latency. The workload needs a managed service that provides shared POSIX file storage with scalable throughput. Which solution should be used?

A company uses AWS Organizations with multiple accounts. Security requires that no account can disable or delete AWS CloudTrail logs, and all logs must be centralized. Which solution meets these requirements with the LEAST operational overhead?

A company has an Amazon Aurora MySQL cluster used by an internal reporting application. Most queries are read-only, and the reporting workload causes high CPU utilization on the writer instance, affecting transactional workloads. The company needs to isolate reporting reads without changing the application’s SQL queries. What should a solutions architect do?

A company runs a multi-tier application in two AWS Regions for disaster recovery. The application uses Route 53 for DNS. The company needs automatic failover to the secondary Region only when the primary Region is unhealthy, and the failover decision must consider the health of an HTTP endpoint. Which solution should be implemented?

A company hosts a static marketing website in Amazon S3 and serves it through Amazon CloudFront. The company wants to prevent users from bypassing CloudFront and accessing the S3 bucket directly. What should a solutions architect do?

A company uses AWS Organizations and wants to ensure that no IAM user or role in any account can disable AWS CloudTrail. What should a solutions architect recommend?

An application runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). Users report intermittent 504 errors during deployments when instances are replaced. Which change will most directly reduce these errors?

A company must store backups in Amazon S3 and ensure the backups cannot be deleted or overwritten for 90 days to meet compliance requirements. What should a solutions architect recommend?

A company needs to deploy a second copy of its application stack in another AWS Region for disaster recovery. The company wants the ability to recreate the full environment consistently with minimal manual steps. Which solution best meets these requirements?

A company is building a serverless API using Amazon API Gateway and AWS Lambda. Traffic is unpredictable and can spike significantly. The company wants to protect the backend from abuse and sudden bursts while keeping latency low for valid requests. Which solution should a solutions architect recommend?

A data ingestion workload writes time-series events at very high rates and queries are primarily by deviceId and time range. The company needs single-digit millisecond reads and writes at scale. Which database solution best fits this use case?

A company runs a production VPC with multiple private subnets. A new compliance requirement states that instances in private subnets must not have a route to the public internet, but they still must access Amazon S3 to retrieve software packages. Which architecture change meets the requirement?

A company wants to reduce the cost of an Amazon EC2-based batch processing fleet. Jobs can be interrupted and retried, but they must complete within a 24-hour window. Which approach provides the highest cost savings while meeting the requirement?

A company operates an online transaction processing (OLTP) database on Amazon RDS for PostgreSQL in a Multi-AZ deployment. During a regional disaster, the company must fail over to another Region with minimal data loss and continue accepting writes. Which solution best meets these requirements?

A company needs to store sensitive configuration values (API keys and database passwords) for an application running on Amazon ECS on AWS Fargate. The company must rotate secrets automatically and grant tasks least-privilege access. Which solution meets these requirements with the LEAST operational overhead?

A company is hosting a static website on Amazon S3 and serves it through Amazon CloudFront. The company wants to prevent users from directly accessing the S3 bucket objects and allow access only through CloudFront. Which solution should a solutions architect use?

An application running on Amazon EC2 instances in an Auto Scaling group needs to send messages to decouple a backend processor. The company needs the messages to be delivered at least once and wants the simplest managed service. Which solution should be used?

A company is using AWS Key Management Service (AWS KMS) customer managed keys to encrypt data in Amazon S3. A new security requirement states that key usage should be audited to see which principals are calling KMS and from which services. Which solution meets this requirement?

A company runs an internet-facing application behind an Application Load Balancer (ALB). The company wants to block common web exploits (for example, SQL injection and cross-site scripting) and create rate-based rules to limit abusive clients. Which solution should a solutions architect recommend?

An application writes time-series metrics to an Amazon DynamoDB table with a partition key of customerId and a sort key of timestamp. Some customers generate much more traffic than others, and the table is experiencing throttling for those customers during peak times. Which change will MOST effectively reduce throttling due to hot partitions?

A company runs a 3-tier web application in a VPC across two Availability Zones. The database tier is Amazon RDS for MySQL in Multi-AZ mode. Users report intermittent connectivity errors from the application servers to the database during deployments. The deployment process replaces EC2 instances in the Auto Scaling group. What is the MOST likely cause and the best mitigation?

A company wants to reduce cost for a fleet of Amazon EC2 instances that run a containerized batch workload. Jobs can be interrupted and retried without business impact. The company wants the workload to scale quickly and use the lowest-cost compute capacity available. Which solution should a solutions architect recommend?

A company operates a microservices platform on Amazon EKS. Services communicate internally, and the company must enforce fine-grained controls such that only specific services can call others, with the ability to define policies based on service identity rather than IP addresses. Which approach BEST meets these requirements?

A company uses Amazon S3 to store critical data. Regulatory requirements state that the company must prevent deletion of objects for 7 years, including by administrators, and must be able to prove that objects were not altered. Which solution meets these requirements?

A company uses Amazon S3 to store monthly financial reports. Security policy requires that objects cannot be deleted or overwritten for 7 years, even by administrators. What should a solutions architect do to meet this requirement with the least operational effort?

A web application running on Amazon EC2 in an Auto Scaling group needs a shared file system so that all instances can read and write the same files concurrently. The data must persist independently of instance lifecycle. Which solution meets these requirements?

A company wants to reduce data transfer costs for users who repeatedly download the same static images from its website. Which AWS service should be used to cache content closer to end users?

A company needs to expose a REST API for multiple microservices. Requirements include request throttling, JWT-based authentication, and protection against common web exploits such as SQL injection. Which combination of AWS services best meets these requirements?

An application writes large numbers of small objects to an S3 bucket. A downstream system must process each new object within seconds. The team wants a serverless solution with minimal code and operational overhead. What should the solutions architect recommend?

A company has a business-critical Amazon RDS for PostgreSQL database. The company must ensure fast recovery from an Availability Zone failure without changing the application connection string during failover. Which configuration should a solutions architect choose?

A company wants to reduce costs for an Amazon S3 bucket that stores log files. Access is rare after 30 days, but when access is required it must be immediate. The company wants to keep the data in S3 and automatically transition objects. What is the MOST cost-effective storage class for objects after 30 days while meeting the access requirement?

A company has a VPC with private subnets and uses interface VPC endpoints to access AWS services privately. A security requirement states that workloads must be prevented from calling AWS APIs from the public internet even if a developer accidentally creates a NAT gateway later. Which approach best enforces this requirement?

A streaming analytics application runs on Amazon EC2 instances and performs heavy, random reads and writes to a 5 TB dataset. The application requires consistently low latency and high IOPS, and the storage must be attached to a single instance at a time. Which storage option is MOST appropriate?

A company is troubleshooting intermittent connectivity from an on-premises data center to workloads in a VPC over a site-to-site VPN. The network team needs visibility into whether packets are being accepted or rejected at the VPC level and which security group or NACL rules might be involved. Which AWS feature should be enabled to help diagnose the issue?