50 AWS Certified Solutions Architect - Professional Practice Questions: Question Bank 2025

A large enterprise with multiple AWS accounts is experiencing difficulties tracking costs across different business units. Each business unit operates independently with its own AWS account, but the finance team needs consolidated billing and the ability to allocate costs by department, project, and environment. What is the MOST effective solution to meet these requirements?

A company is migrating a three-tier web application to AWS. The application consists of a web tier, an application tier, and a database tier. The company requires high availability across multiple Availability Zones and wants to minimize management overhead. The database tier currently uses MySQL and has a read-heavy workload. Which database solution provides the BEST balance of high availability, scalability, and reduced operational burden?

A financial services company processes sensitive customer data and must comply with regulations requiring encryption at rest and in transit. The company uses Amazon S3 to store documents and needs to ensure that encryption keys are rotated annually, with full audit trails of key usage. Which solution meets these security and compliance requirements?

A media company serves video content to millions of users globally. Users are experiencing slow load times in certain geographic regions. The videos are stored in an S3 bucket in us-east-1, and the company wants to improve performance while minimizing costs. The content is accessed frequently for the first week after upload, then access patterns become sporadic. What is the MOST cost-effective solution to improve global performance?

A company runs a microservices architecture on Amazon ECS with Fargate. The application consists of 20 different services that need to communicate with each other. The operations team is struggling with service discovery as container IP addresses change frequently. Additionally, they need to implement fine-grained traffic routing with weighted targets for canary deployments. Which solution addresses these requirements with minimal operational overhead?

A healthcare organization needs to share specific medical imaging data stored in an S3 bucket with external research partners. The data is highly sensitive and must remain encrypted. Partners should only access data for approved studies for a limited time period, and all access must be logged and auditable. The solution should not require partners to have AWS accounts. What is the MOST secure solution?

A company is experiencing performance issues with their RDS PostgreSQL database that supports a high-transaction e-commerce application. Database CPU utilization frequently reaches 90%, and query response times are increasing. The database is already using the largest available instance type. Application analysis shows that 70% of queries are read operations, and the data is updated in real-time. Which solution would BEST improve performance while maintaining data consistency?

A global company is migrating its on-premises Active Directory to AWS. The company has offices in North America, Europe, and Asia, each with local applications that require Active Directory authentication. They need low-latency authentication for users in all regions, seamless integration with existing on-premises AD during migration, and the ability to extend to 100+ AWS accounts across multiple regions. What solution provides the BEST architecture for these requirements?

A company runs a complex data processing pipeline that ingests data from multiple sources, performs transformations, and loads results into a data warehouse. The pipeline currently uses a combination of AWS Lambda functions, Step Functions, and Glue jobs. Processing times vary significantly (from 2 minutes to 6 hours), and the pipeline must handle failures gracefully with automatic retry logic and notifications. Some steps require results from multiple parallel processes before proceeding. The company needs better visibility into pipeline execution and wants to optimize costs. Which architectural improvement would BEST address these requirements?

A financial trading platform processes millions of transactions per second and stores trade data in DynamoDB. The application requires single-digit millisecond read latency for recent trades (last 24 hours) and must maintain a complete historical record for 7 years for compliance. Historical data is queried infrequently for audit purposes with acceptable latency of several minutes. The current DynamoDB table costs are escalating rapidly. Which solution MOST effectively optimizes costs while meeting all performance and compliance requirements?

A large enterprise is migrating multiple business units to AWS. Each business unit requires its own AWS account with separate billing but centralized security policies and consolidated billing. The security team needs to prevent any account from leaving the organization and enforce specific SCPs across different organizational units. Which solution meets these requirements with the LEAST operational overhead?

A financial services company runs a trading application that processes millions of transactions per second. The application uses Amazon Kinesis Data Streams with 500 shards. During market opening hours, the application experiences hot partition issues where a small number of shards receive disproportionate traffic, causing throttling. The partition key is currently the stock ticker symbol. What is the MOST effective solution to resolve this issue?

A company wants to migrate a 500 TB on-premises Oracle database to AWS. The migration must complete within 2 weeks with minimal downtime (less than 1 hour). The company has a 1 Gbps internet connection and wants to continue using Oracle on AWS. Network utilization should be optimized for business operations during the migration. What migration strategy should the Solutions Architect recommend?

An e-commerce company uses Amazon ECS with Fargate to run microservices. The application consists of 15 services that need to communicate with each other. Currently, services discover each other using Application Load Balancer DNS names stored in environment variables, requiring container redeployment when endpoints change. The company wants to implement a more dynamic service discovery mechanism. What solution provides the MOST flexibility and requires the LEAST operational overhead?

A media company stores millions of video files in Amazon S3 Standard. Analytics show that 90% of videos are only accessed within the first 30 days, 8% are accessed occasionally between 30-180 days, and 2% are rarely accessed after 180 days but must be retained for 7 years for compliance. The company wants to optimize storage costs while maintaining immediate access when needed. Which solution provides the MOST cost-effective approach?

A healthcare organization must implement a solution to encrypt data at rest for all AWS services across multiple accounts. The solution must use customer-managed keys with automatic rotation, centralized key management, and the ability to immediately revoke access to encrypted data across all accounts. Compliance requirements mandate that no single individual can access both the keys and the encrypted data. What architecture should be implemented?

A SaaS company provides a multi-tenant application where each tenant's data is isolated in separate databases. The company currently has 500 tenants with databases running on Amazon RDS for PostgreSQL. Most tenants have small databases (under 50 GB) with low utilization, but a few enterprise tenants have databases over 1 TB with high transaction volumes. The company wants to optimize costs while maintaining performance and isolation. What is the MOST cost-effective architecture?

A company runs a legacy monolithic application on EC2 instances behind an Application Load Balancer. The application stores session state in memory on the EC2 instances. The company wants to modernize the application by containerizing it and running it on Amazon ECS, but cannot immediately refactor the session management. The solution must maintain session persistence and support blue/green deployments. What approach should be taken?

A global company operates in 15 AWS regions with a hub-and-spoke network topology using AWS Transit Gateway in each region. Regional Transit Gateways are peered to enable inter-region communication. The company has experienced significant data transfer costs and latency issues for traffic between regions. They need to optimize both costs and performance for inter-region communication. What solution would MOST effectively address both concerns?

A company's application uses Amazon DynamoDB with on-demand capacity mode. During monthly batch processing jobs, the application performs large scans across a 2 TB table, causing throttling for the real-time application users. The batch jobs are not time-sensitive and can run over several hours. What is the MOST cost-effective solution to prevent throttling of real-time traffic?

A healthcare company is migrating a legacy application to AWS that processes sensitive patient data. The application currently uses a commercial database that costs $500,000 annually in licensing fees. The database uses proprietary stored procedures and triggers. The company wants to reduce costs while maintaining HIPAA compliance and minimizing application code changes. What migration strategy should a Solutions Architect recommend?

A financial services company operates a multi-account AWS environment with 150 accounts organized using AWS Organizations. The security team needs to ensure that all S3 buckets across all accounts are encrypted at rest and that public access is blocked. Additionally, they need to detect and remediate any non-compliant resources automatically. What solution provides the MOST operationally efficient approach?

A media streaming company uses Amazon CloudFront to deliver video content globally. Users in a specific geographic region report that video playback frequently buffers and performance is poor, while users in other regions have no issues. The origin is an Application Load Balancer in us-east-1 backed by EC2 instances. What should a Solutions Architect investigate FIRST to identify the root cause?

A company wants to implement a disaster recovery solution for their mission-critical application running on AWS. The application uses Amazon RDS MySQL, Amazon EFS for shared storage, and EC2 instances in an Auto Scaling group behind an Application Load Balancer. The RTO is 4 hours and RPO is 1 hour. The DR region should be at least 1000 miles away from the primary region. What is the MOST cost-effective solution that meets these requirements?

A large enterprise has acquired several smaller companies and needs to consolidate their AWS accounts. Each acquired company has its own AWS Organization with multiple member accounts. The parent company wants to maintain existing account structures, centralize billing, and apply consistent security policies across all accounts. What is the correct approach?

A SaaS company provides analytics services to customers, with each customer's data isolated in separate DynamoDB tables. The application has grown to support 500 customers, resulting in 500 DynamoDB tables. The company is experiencing increased operational overhead managing tables and wants to improve scalability. Customer data must remain logically isolated for compliance reasons. What solution should the architect recommend?

A company runs a batch processing application that processes files uploaded to an S3 bucket. The processing takes 2-5 minutes per file using AWS Lambda. Recently, files have been arriving faster than they can be processed, causing Lambda to throttle. The company needs to ensure all files are processed in the order they arrive without data loss. What solution should be implemented?

A company has an on-premises application that stores customer records in a file server with a hierarchical directory structure organized by region, customer, and year. They want to migrate this to AWS while maintaining the ability to browse the directory structure and access files using SMB protocol. The solution must support concurrent access from both Windows and Linux servers in AWS. What storage solution should be used?

A financial trading platform running on AWS processes millions of transactions per second using Amazon Kinesis Data Streams. The security team requires that all data in Kinesis be encrypted using customer-managed KMS keys with automatic key rotation. The operations team reports that during peak trading hours, they are experiencing KMS throttling errors affecting stream write operations. What is the MOST effective solution to resolve this issue while maintaining security requirements?

A company wants to provide temporary AWS console access to external auditors who need to review CloudTrail logs, S3 bucket configurations, and IAM policies across multiple accounts in their AWS Organization. The auditors should have read-only access for exactly 7 days, after which access must automatically expire. The company wants to avoid creating long-term credentials. What is the MOST secure solution?

A financial services company is migrating a legacy mainframe application to AWS. The application processes batch jobs that run for 8-12 hours and require consistent performance with minimal interruptions. The jobs are scheduled to run twice daily during off-peak hours. The company wants to optimize costs while ensuring job completion. What compute solution should the Solutions Architect recommend?

A global media company stores user-generated video content in Amazon S3. Videos are uploaded to a single S3 bucket in us-east-1, and users worldwide experience slow download speeds. The company wants to improve download performance for global users while minimizing operational overhead. Videos are frequently accessed for 30 days after upload, then access patterns become unpredictable. What solution provides the BEST performance improvement?

A healthcare organization operates multiple AWS accounts for different departments. They need to centrally manage AWS Config rules across all accounts to ensure compliance with HIPAA requirements. New accounts are frequently created using AWS Organizations. The solution must automatically apply Config rules to new accounts and provide centralized compliance reporting. What approach should be implemented?

A SaaS company runs a multi-tenant application on AWS using separate VPCs for each customer to ensure network isolation. Each customer VPC contains EC2 instances that need to access a centralized AWS PrivateLink service hosted in a shared services VPC. The company has 50 customer VPCs currently and expects to grow to 200. What is the MOST scalable architecture to provide connectivity?

An e-commerce company experiences extreme traffic spikes during flash sales, reaching 10x normal load within minutes. The application uses Application Load Balancer, EC2 Auto Scaling, and Aurora MySQL. During recent flash sales, customers experienced timeouts and errors despite Auto Scaling adding instances. Database CPU remained below 50%. What is the MOST likely cause and solution?

A company is designing a data lake architecture on AWS to store and analyze petabytes of IoT sensor data. Data scientists need to query data using SQL, data engineers need to run Spark jobs for ETL, and business analysts need to create visualizations. The solution must optimize costs for infrequently accessed historical data while maintaining query performance. What architecture should be implemented?

A financial institution must retain audit logs from CloudTrail, VPC Flow Logs, and application logs for 7 years to meet regulatory requirements. Logs must be tamper-proof and provable in court. After 90 days, logs are rarely accessed but must remain queryable. The current solution stores logs in S3 Standard, costing $500,000 annually. What solution reduces costs while meeting all requirements?

A company operates a legacy three-tier application with a Microsoft SQL Server database that uses Windows Authentication. The application is being migrated to AWS using EC2 instances in a VPC. The company wants to maintain Windows Authentication and centralized user management without deploying domain controllers in AWS. Database backups must be encrypted and automated. What solution meets these requirements?

A gaming company runs a global multiplayer game with players in North America, Europe, and Asia. The game uses WebSockets for real-time communication and REST APIs for game state management. Players are routed to the nearest regional deployment (us-east-1, eu-west-1, ap-southeast-1) using Route 53 geolocation routing. Players frequently travel and complain about losing game progress when connecting from different regions. What solution provides the BEST player experience?

A company has deployed a three-tier web application across multiple Availability Zones using Auto Scaling groups behind an Application Load Balancer. The application tier instances must retrieve credentials to access an RDS database. Security requirements mandate that credentials never be stored in code, configuration files, or AMIs, and must be automatically rotated every 30 days. What solution meets these requirements with the LEAST operational overhead?

A global media company is migrating their on-premises video rendering farm to AWS. The rendering jobs are compute-intensive, can run for several hours, and must complete within specific deadlines. The workload is highly variable with predictable seasonal peaks. The company wants to minimize costs while ensuring jobs complete on time. Which solution provides the MOST cost-effective approach?

A financial services company has multiple AWS accounts organized under AWS Organizations. They need to implement a centralized logging solution that collects CloudTrail logs, VPC Flow Logs, and application logs from all accounts. The logs must be immutable, encrypted, and retained for 7 years for compliance. Security team members from different accounts need read-only access to logs from their respective accounts only. What is the MOST secure and operationally efficient solution?

A company runs a microservices application on Amazon ECS with Fargate. The application experiences intermittent latency spikes that affect user experience. The DevOps team needs to implement comprehensive distributed tracing to identify bottlenecks across services, database calls, and external API calls. Which solution provides the MOST complete observability with minimal code changes?

An enterprise is designing a multi-Region disaster recovery strategy for a critical application. The application uses Amazon Aurora PostgreSQL, Amazon S3, and Amazon DynamoDB. The RTO is 1 hour and RPO is 15 minutes. The solution must minimize costs during normal operations while ensuring rapid failover. Which architecture BEST meets these requirements?

A healthcare company needs to deploy a HIPAA-compliant application that processes patient data. The application must enforce encryption at rest and in transit, maintain detailed audit logs of all data access, and ensure data residency within a specific AWS Region. What combination of AWS services and configurations ensures compliance? (Choose the MOST complete solution)

A company is modernizing a monolithic legacy application currently running on-premises. The application has a tightly coupled architecture with batch processing jobs that run overnight. The company wants to migrate to AWS using a phased approach, beginning with the least risky components, while maintaining integration with on-premises systems during the transition. What migration strategy and sequence would be MOST appropriate?

A SaaS company operates a multi-tenant application where each customer's data must be isolated. The application uses Amazon RDS PostgreSQL. As the customer base grows, some large customers are experiencing performance degradation. The company needs to implement a scaling strategy that maintains data isolation, optimizes performance for large customers, and minimizes operational complexity. What approach should the solutions architect recommend?

A company's application running on Amazon EC2 instances needs to access objects in an S3 bucket. The security team requires that credentials never be stored on the EC2 instances and that access can be audited. What is the MOST secure method to grant the EC2 instances access to S3?

An online gaming company runs game servers on EC2 instances behind an Application Load Balancer. Players experience sudden disconnections when backend instances are replaced during deployment or scaling events. Game sessions can last 2-3 hours and should not be interrupted. How can the architect minimize disruptions during instance replacement?

A company needs to share a subset of data from their Amazon S3 data lake with a partner company that also uses AWS. The data is highly sensitive and must be encrypted in transit and at rest. The partner should only access data shared with them and access should be auditable. The company wants to avoid managing cross-account access keys. What is the MOST secure approach?