AWS Solutions Architect Professional Free Practice Questions

FREE PRACTICE QUESTIONS

AWS Solutions Architect Professional

Are you ready to sit your AWS Solutions Architect Professional exam? Test your knowledge with these free practice questions. To give you a taste of our popular AWS Solutions Architect PRO practice exams, we have compiled these free AWS quiz questions. No sign-up required. Simply click on the AWS sample questions below to reveal the right answers along with explanations and reference links. If you’re looking for more free AWS practice questions, sign-up for our free AWS practice test for the AWS Certified Solutions Architect Professional.

Click on the AWS SA PRO questions below to reveal the correct answers and explanations with reference links.

The correct answer is C. “Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier, then expire the documents from Amazon S3 Glacier that are more than 7 years old”.

Explanation:

An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. Actions are to either transition objects to another storage class or expire (delete) the objects.

In this case, the lifecycle policy can be created to move the objects to S3 Glacier (lower cost archival) when they are no longer frequently accessed, and then expire the objects when they no longer need to be retained.

The following image shows the waterfall model for support transitions between storage classes:

Free AWS Practice Test Questions

A. “Store the documents in an encrypted EBS volume and create a cron job to delete the documents after 7 years” is incorrect. Amazon EBS volumes must be mounted to EC2 instances and this is not a cost-effective solution.

B. “Store the documents in Amazon EFS. Create a cron job to move the documents that are older than 3 months to Amazon S3 Glacier. Create an AWS Lambda function to delete the documents in S3 Glacier that are older than 7 years” is incorrect. Amazon EFS filesystems must be mounted to EC2 instances and this is not a cost-effective solution.

D. “Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier. Create an AWS Lambda function to delete the documents in S3 Glacier that are older than 7 years” is incorrect. It is not necessary to use a Lambda function to delete the objects, a lifecycle policy can be used instead and is more cost-effective.

References:

https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

https://digitalcloud.training/certification-training/aws-certified-solutions-architect-professional/aws-storage/

The correct answer is D.  “Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use Lambda@Edge to load different resources based on the User-Agent HTTP header”.

Explanation:

The load on the EC2 instances can be reduced by serving the static contents from Amazon CloudFront. This service will cache the content at Edge locations for faster delivery to clients.

To load different content based on the client operating system Lambda@Edge can be used. Lambda@Edge lets you run Node.js and Python Lambda functions to customize the content that CloudFront delivers.

Lambda@Edge can be configured to inspect the viewer request and look for the user-agent HTTP header. This header is a string that can be used to identify the application, operating system, vendor, and/or version of the requesting user agent. Based on the operating system of the client, the function can then return different media assets from the CloudFront cache.

You can use Lambda functions to change CloudFront requests and responses at the following points:

  • After CloudFront receives a request from a viewer (viewer request)
  • Before CloudFront forwards the request to the origin (origin request)
  • After CloudFront receives the response from the origin (origin response)
  • Before CloudFront forwards the response to the viewer (viewer response)

AWS Solutions Architect Professional Free Quiz

A. “Create separate Auto Scaling groups based on client operating systems. Switch to a Network Load Balancer (NLB). Use the User-Agent HTTP header in the NLB to route to a different set of EC2 instances” is incorrect. The user-agent HTTP header cannot be used by an NLB to route to a different target group (set of EC2 instances).

B. “Create a separate ALB for each client operating system. Create one Auto Scaling group behind each ALB. Use Amazon Route 53 to route to different ALBs depending on the User-Agent HTTP header” is incorrect. Route 53 cannot be used to route traffic based on the user-agent HTTP header.

C. “Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use the User-Agent HTTP header to load different content” is incorrect. There is no solution here for how to process the user-agent HTTP header and load different content. This is not a native capability of CloudFront which is why the correct solution uses a Lambda function to perform this processing.

References:

https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html

https://digitalcloud.training/certification-training/aws-certified-solutions-architect-professional/aws-storage/

https://digitalcloud.training/certification-training/aws-certified-solutions-architect-professional/aws-networking-content-delivery/

The correct answer is D. “Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the organization’s deny list SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS DMS are complete”.

Explanation:

A deny list strategy uses an implicit deny and has an SCP named AWSFullAccess applied at the root level (by default) which allows all actions. In this case the company has applied a deny list SCP at the root level which denies access to specific services.

In AWS Organizations any account has only those permissions permitted by every parent above it. If a permission is blocked at any level above the account, either implicitly (by not being included in an Allow policy statement) or explicitly (by being included in a Deny policy statement), a user or role in the affected account can’t use that permission.

Therefore, it will not be possible to allow services in an OU that have been denied at the root level. The only solution is to move the deny list from the root level to the Production OU (which means it is still effective for all other accounts) and then create a temporary OU with an SCP that allows AWS DMS (the AWSFullAccess would do this if it has not been removed).

The diagram below depicts the temporary configuration after the DenyList SCP has been moved to the Production OU:

Free AWS Quiz

 

A. “Remove the organization’s root SCPs that limit access to AWS DMS. Create an SCP that allows AWS DMS actions and apply the SCP to the Production OU” is incorrect. This would enabled AWS DMS for all member accounts which is more permissions than is required so this is not the best option.

B. “Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the new account to the Production OU when the migration project is complete” is incorrect. The deny list SCP at the root level will not allow the restricted actions to be allowed at any level beneath so this will not work.

C. “Convert the organization’s root SCPs from deny list SCPs to allow list SCPs to allow the required services only. Temporarily apply an SCP to the organization’s root that allows AWS DMS actions for principals only in the new account” is incorrect. There is considerably more work involved with converting the SCPs, it would be much simpler to move the deny list SCP from the root to the Production OU to remove restrictions from higher in the hierarchy.

References:

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

https://digitalcloud.training/certification-training/aws-certified-solutions-architect-professional/aws-management-governance/

Free AWS Solutions Architect Professional Practice Exam

Access free practice questions for the AWS Solutions Architect Professional with detailed answers and explanations

20
questions

Test your AWS knowledge with these 20 sample test questions that reflect the difficulty of the real AWS exam

Pass mark
75%

You need to get 15 out of the 20 Practice Questions right to pass this sample practice test. Good luck!

Exam
Coverage

This sample exam includes a mix of questions on core AWS services covering multiple knowledge areas

This free AWS practice exam for the AWS Solutions Architect Professional consists of 20 questions with a mix of questions on core AWS services, including Amazon EC2, AWS Lambda, DynamoDB and Amazon S3.

Please note that unlike our online exam simulator, this free AWS Solutions Architect PRO practice test is not timed – so you can take as much time as required to answer each question. At the end of the AWS practice exam, you get to review your answers. You’ll also find detailed explanations why each answer is wrong or right along with reference links for each question. This will help you identify your strength and weaknesses.

Practice makes perfect! To maximize your chances of success, enroll in our training courses for the AWS Solutions Architect Professional that include a video course, practice exams / online exam simulator and training notes (PDF). 

The AWS Solutions Architect Professional practice exam course consists of 6 practice tests with 25 questions each.

Our Practice Exams are delivered in 4 different modes:

  • Exam Mode: 6 sets of practice exams with 25 questions each. Pass mark is 75%, time limit 60 mins. Shorter than the real exam to make it more manageable when studying.
  • Training Mode (no time limit): Check answers and explanations after every question.
  • Knowledge reviews: Collection of practice questions for a specific knowledge area that allows you to focus your efforts where they’re needed most.
  • Final exam simulator: Full-length exam with 75 questions pulled randomly from our pool of questions. Delivered in training mode so you get to immediately reveal answers and explanations for every question.

Sign up for our monthly or yearly plans to access our popular AWS Solutions Architect PRO training – simply the best way to ensure you pass your exam the first time with a great score.

Everything you need to know about the AWS Certified Solutions Architect Professional Exam (SAP-C02)

Exam Name:AWS Certified Solutions Architect Professional
Exam Duration:180 Minutes
Exam Level:Professional
Passing Score:75%
Eligibility/Pre-requisite:None
Validity:3 years
Exam Code:SAP-C02
Exam Format:Multiple choice or multiple response
Number of Questions:75 Questions
Exam Fee:$300
Exam Language:English, Japanese, Korean, Simplified Chinese
Exam Delivery Format:Pearson VUE and PSI, testing center or online proctored exam
Official Exam GuideDownload the Offical Exam Guide