AWS Cloud Practitioner Questions and Answers Nov 2021

Question 1

Exit Quiz

Domain: Security

Which AWS service provides infrastructure security optimization recommendations?

A.AWS Application Programming Interface(API)

B.Reserved Instances

C.AWS Trusted Advisor

D.Amazon Elastic Compute Cloud (Amazon EC2) SpotFleet


Answer – C

The AWS documentation mentions the following:

An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices

For more information on the AWS Trusted Advisor, please refer to the below URL:a

Question 2

Exit Quiz

Domain: Technology

A file-sharing service uses Amazon S3 to store files uploaded by users. Files are accessed with random frequency. Popular ones are downloaded every day whilst others not so often and some rarely. What is the most cost-effective Amazon S3 object storage class to implement?

A.Amazon S3 Standard

B.Amazon S3 Glacier

C.Amazon S3 One Zone-Infrequently Accessed

D.Amazon S3 Intelligent-Tiering


Correct Answer – D

S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers — frequent access and infrequent access — when access patterns change, and is ideal for data with unknown or changing access patterns.

S3 Intelligent-Tiering stores objects in two access tiers: one tier optimized for frequent access and another lower-cost tier optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier. There are no retrieval fees in S3 Intelligent-Tiering. If an object in the infrequent access tier is accessed later, it is automatically moved back to the frequent access tier. No additional tiering fees apply when objects are moved between access tiers within the S3 Intelligent-Tiering storage class. S3 Intelligent-Tiering is designed for 99.9% availability and 99.999999999% durability, and offers the same low latency and high throughput performance of S3 Standard.

  • Option A is incorrect because Amazon S3 Standard would be an inefficient class for storing those objects that will be accessed rarely.

  • Option B is incorrect because storing objects that are frequently accessed in Amazon S3 Glacier would present operational bottlenecks since these objects would not be available instantly.


  • Option C is incorrect because storing those objects that are rarely accessed and those that would be accessed frequently in Amazon S3 One Zone-Infrequently Accessed would be inefficient.

Question 3

Exit Quiz

Domain: Technology

Which AWS service can be deployed to enhance read performance for applications while reading data from NoSQL database?

A.Amazon Route 53

B.Amazon DynamoDB Accelerator

C.Amazon CloudFront

D.AWS Greengrass


Correct Answer – B

Amazon DynamoDB Accelerator (DAX) is a caching service for DynamoDB which can be deployed in VPC in a region where DynamoDB is deployed. For read-heavy applications, DAX can be deployed to increase throughput by providing in-memory caching.

  • Option A is incorrect because Amazon Route 53 is an AWS DNS service and cannot improve the performance of DynamoDB.

  • Option C is incorrect because Amazon CloudFront is a global content delivery network that cannot be applied to a DynamoDB table.

  • Option D is incorrect because AWS Greengrass is data caching software for connected devices.

For more information on caching solutions with AWS, refer to the following URL:

Question 4

Exit Quiz

Domain: Technology

An organization utilizes a software suite that consists of a multitude of underlying microservices hosted on the cloud. The application is frequently giving runtime errors. Which service will help in the troubleshooting process?

A.AWS CloudTrail

B.AWS CloudWatch


D.Amazon OpenSearch Service


Correct Answer – C

AWS X-Ray is a service that collects data about requests that your application serves and provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization. AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.

Option A is INCORRECT because AWS CloudTrail primarily records user or API activity, ‘who has done what.’ It logs, continuously monitors, and retains account activity related to actions across AWS infrastructure. CloudTrail provides event history in the AWS account activity but NOT that of the interaction of software microservices within a suite.

Option B is INCORRECT because AWS CloudWatch does the primary function of monitoring and NOT debugging. It collates data and actionable insights to monitor applications. It also responds to system-wide performance changes, optimizes resource utilization, and gets a unified view of operational health. However, the service does neither debug nor logs errors that occur amongst software microservices within a suite.

Option D is INCORRECT because Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. It automatically detects and replaces failed OpenSearch Service nodes, reducing the overhead associated with self-managed infrastructures.

Question 5

Exit Quiz

Domain: Cloud Concepts

According to the AWS, what is the benefit of Elasticity?

A.Minimize storage requirements by reducing logging and auditing activities

B.Create systems that scale to the required capacity based on changes in demand

C.Enable AWS to automatically select the most cost-effective services.

D.Accelerate the design process because recovery from failure is automated, reducing the need for testing


Answer – B

The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service

For more information on AWS Autoscaling service, please refer to the below URL:

A, C and D are incorrect. Elasticity will not have positive effects on storage, cost or design agility.

Question 6

Exit Quiz

Domain: Billing and Pricing

Which tool can you use to forecast your AWS spending?

A.AWS Organizations

B.Amazon Dev Pay

C.AWS Trusted Advisor

D.AWS Cost Explorer


Answer – D

The AWS Documentation mentions the following.

Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 12 months. You can forecast how much you are likely to spend for the next 12 months and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You also can specify time ranges for the data and view time data by day or by month.

For more information on the AWS Cost Explorer, please refer to the below URL:

A, B and C are incorrect. These services do not relate to billing and cost.

Question 7

Exit Quiz

Domain: Security

Which of the following is an optional Security layer attached to a subnet within a VPC for controlling traffic in & out of the VPC?

A.VPC Flow Logs

B.Web Application Firewall

C.Security Group

D.Network ACL

hide Answer


Correct Answer – D

Network ACL can be additionally configured on subnet level to control traffic in & out of the VPC.

  • Option A is incorrect. VPC Flow Logs will capture information about IP traffic in & out of VPC. This will not be used for controlling purposes.

  • Option B is incorrect. Web Application Firewall (WAF) can be configured to protect web applications from common security threats. It can be deployed on devices such as Amazon CloudFront, Application Load Balancer and Amazon API Gateway.

  • Option C is incorrect. Security Groups are attached at instance level & not at the subnet level.

For more information on security within VPC, refer to the following URL:

Question 8

Exit Quiz

Domain: Security

Which of the following is a customer responsibility under AWS Shared Responsibility Model?

A.Patching of host OS deployed on Amazon S3.

B.Logical Access controls for underlying infrastructure.

C.Physical security of the facilities.

D.Patching of guest OS deployed on Amazon EC2 instance.


Correct Answer – D

Under the AWS shared responsibility model, AWS takes care of infrastructure configuration & management while customers must take care of the resources they launched within AWS.

  • Option A is incorrect. Amazon S3 is part of the infrastructure layer & Patching of host OS/Configuration for Amazon S3 is responsibility of AWS.

  • Option B is incorrect. AWS has the responsibility for the Logical Access controls for the underlying infrastructure.

  • Option C is incorrect. Physical Security of the facilities is AWS responsibility.

For more information on Shared responsibility model, refer to the following URL:

Question 9

Exit Quiz

Domain: Technology

What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?

A.File Transfer

B.HTTP Transfer

C.Amazon S3 Transfer Acceleration

D.S3 Acceleration


Answer – C

The AWS Documentation mentions the following.

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

For more information on S3 transfer acceleration, please visit the Link:

Options A, B and D are incorrect. These features deal with transferring data but not between clients and an S3 bucket.

Question 10

Exit Quiz

Domain: Technology

Which of the following services can be used to optimize performance for global users to transfer large-sized data objects to a centralized Amazon S3 bucket in us-west-1 region?

A.Enable S3 Transfer Acceleration on Amazon S3 bucket.

B.Use Amazon CloudFront Put/Post commands

C.Use Multipart upload

D.Use Amazon ElastiCache


Correct Answer – A

S3 Transfer Acceleration can optimise performance for data transfer between users & objects in Amazon S3 bucket. Transfer acceleration uses CloudFront edge location to provide accelerated data transfer to users.

  • Option B is incorrect as Amazon CloudFront Put/Post commands can be used for small-sized objects but for large-sized data objects, S3 Transfer Acceleration provides better performance.

  • Option C is incorrect as users should use Multipart uploads for all data objects exceeding 100 megabytes. But for better performance, S3 transfer acceleration should be enabled.

  • Option D is incorrect as for global users accessing S3 bucket, S3 Transfer Acceleration is a better choice..

For more information on Amazon S3 Transfer Acceleration, refer to the following URLs:

Question 11

Exit Quiz

Domain: Technology

There is a requirement to store objects. The objects must be downloadable via a URL. Which storage option would you choose?

A.Amazon S3

B.Amazon Glacier

C.Amazon Storage Gateway

D.Amazon EBS


Answer - A

Amazon S3 is the perfect storage option. It also provides the facility of assigning a URL to each object which can be used to download the object.

  • For more information on AWS S3, please visit the Link:


  • B is incorrect. Glacier is for archival and long-term storage.

This question is to check the user understanding of AWS S3 service terminology and use cases. Objects are stored in S3 and should be downloadable via a URL. It's not possible with EBS.

Question 12

Exit Quiz

Domain: Billing and Pricing

There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?

A.Spot Instances


C.No Upfront costs Reserved

D.Partial Upfront costs Reserved


Answer - D

If the database is going to be used for a minimum of one year at least, it is better to get Reserved Instances. You can save on costs if you use partial upfront options.

  • A is incorrect. Spot instances can be terminated with fluctuations in market prices. Unless the question specifies a use case where high availability is not a requirement, this cannot be assumed.

  • B is incorrect. On-Demand is not the most cost-efficient solution.

  • C is incorrect. No upfront payment is required. However, it's a costlier option than Partial/All upfront payment.


  • Reserved Instances do not renew automatically. When they expire, you can continue using the EC2 instance without interruption. But you are charged On-Demand rates. In the above example, when the Reserved Instances that cover the T2 and C4 instances expire, you go back to paying the On-Demand rates until you terminate the instances or purchase new Reserved Instances that match the instance attributes.


Question 13

Exit Quiz

Domain: Security

During an organization’s information systems audit, the administrator is requested to provide a dossier of security and compliance reports and online service agreements between the organization and AWS. Which service can they utilize to acquire this information?

A.AWS Artifact

B.AWS Resource Center

C.AWS Service Catalog

D.AWS Directory Service


Correct Answer – A

AWS Artifact is a comprehensive resource center to have access to the AWS’ auditor-issued reports and security and compliance documentation from several renowned independent standard organizations.

  • Option B is INCORRECT. AWS Resource Center is a repository of tutorials, whitepapers, digital training, and project use cases that aid in learning the core concepts of Amazon Web Services.

  • Option C is INCORRECT. AWS Service Catalog allows organizations to create and save their own IT service catalogs for further use. But they have to be approved by AWS. IT service catalogs can be multi-tiered application architectures.

  • Option D is INCORRECT. AWS Directory Service is an AWS tool that provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory with other AWS services.

Question 14

Exit Quiz

Domain: Security

A new department has recently joined the organization and the administrator needs to compose access permissions for the group of users. Given that they have various roles and access needs, what is the best-practice approach when granting access?

A.After gathering information on their access needs, the administrator should allow every user to access the most common resources and privileges on the system.

B.The administrator should grant all users the same permissions and then grant more upon request.

C.The administrator should grant all users the least privilege and add more privileges to only to those who need it.

D.Users should have no access and be granted temporary access on the occasions that they need to execute a task.


Correct Answer – C

The best-practice for AWS Identity Access Management (IAM) is to grant the least amount of permissions on the system only to execute the required tasks of the user’s role. Additional permissions can be granted per user according to the tasks they wish to perform on the system.

  • Option A is incorrect because granting users access to the most common resources presents security vulnerabilities, especially from those who have access to resources they do not need.

  • Option B is incorrect because granting users the same privileges on the system means other users might get access to resources they do not need to carry out their job functions. This presents a security risk.

  • Option D is incorrect because the users are part of the organisation; it will be cumbersome for the administrator to create temporal access passes for internal staff constantly.

Question 15

Exit Quiz

Domain: Security

There is an external audit being carried out on your company. The IT auditor needs to have a log of 'who made the requests' to the AWS resources in the company’s account. Which of the below services can assist in providing these details?

A.AWS Cloudwatch

B.AWS CloudTrail




Answer - B

Using CloudTrail, one can monitor all the API activity conducted on all AWS services.

The AWS Documentation additionally mentions the following.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

For more information on AWS Cloudtrail, please refer to the below URL:

Question 16

Exit Quiz

Domain: Technology

Which of the following features can be used to preview changes to be made to an AWS resource which will be deployed using the AWS CloudFormation template?

A.AWS CloudFormation Drift Detection

B.AWS CloudFormation Change Sets

C.AWS CloudFormation Stack Sets

D.AWS CloudFormation Intrinsic Functions


Correct Answer – B

AWS CloudFormation Change Set can be used to preview changes to AWS resources when a stack is executed.

  • Option A is incorrect as AWS CloudFormation Drift Detection is used to detect any changes made to resources outside of CloudFormation templates. It would not be able to preview changes that will be made by CloudFormation Templates.

  • Option C is incorrect as these are groups of stacks that are managed together.

  • Option D is incorrect as these Intrinsic Functions are used for assigning values to properties in CloudFormation templates.

For more information on AWS CloudFormation, refer to the following URL:

Question 17

Exit Quiz

Domain: Security

Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?

A.Delete the data and create a new EBS volume.

B.Create EBS snapshots.

C.Attach new volumes to EC2 Instances.

D.Create copies of EBS Volumes.


Answer – B

Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately.

Option A is incorrect because there is no need for backup of the volumes if data is already deleted.

Option C is incorrect because attaching more EBS volumes doesn't ensure availability, if there is no snapshot then the volume cannot be available to a different availability zone.

Option D is incorrect EBS volumes cannot be copied, they can only be replicated using snapshots.

For more information on EBS Snapshots, please refer to the below URL:

Question 18

Exit Quiz

Domain: Cloud Concepts

When designing a highly available architecture, what is the difference between vertical scaling (scaling-up) and horizontal scaling (scaling-out)?

A.Scaling up provides for high availability whilst scaling out brings fault-tolerance.

B.Scaling out is not cost-effective compared to scaling up.

C.Scaling up adds more resources to an instance, scaling out adds more instances.

D.Autoscaling groups require scaling up whilst launch configurations use scaling out.


Correct Answer – C

In high availability architectures, Autoscaling is used to give elasticity to the design. Horizontal scaling (scaling-out) uses Autoscaling groups to increase processing capacity in response to changes in preset threshold parameters. It could involve adding more EC2 instances of a web server. Vertical scaling (scaling-up), which can create a single point of failure, involves adding more resources to a particular instance to meet demand.


  • Option A is INCORRECT. Scaling-up does not provide high availability. Adding more resources to one instance is often not a best-practice in architecture design.

  • Option B is INCORRECT. Scaling-out is cost-effective since it involves adding more resources in response to demand and reducing resources (scaling down) when demand is low.

  • Option D is INCORRECT. All Autoscaling groups require a launch configuration based on what resources would be provisioned or deprovisioned to meet predefined parameters.

Question 19

Exit Quiz

Domain: Billing and Pricing

Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. Considering Amazon EC2, which of the following is an advantage from the cost perspective?

A.Having the ability of automated backups of the EC2 instance, so that you don’t need to worry about the maintenance costs.

B.The ability to choose low cost AMI’s to prepare the EC2 Instances.

C.The ability to only pay for what you use.

D.Ability to tag instances to reduce the overall cost.


Answer - C

One of the advantages of EC2 Instances is the per-second billing concept. This is also given in the AWS documentation.

With per-second billing, you pay for only what you use. It takes the cost of unused minutes and seconds in an hour off of the bill. So, you can focus on improving your applications instead of maximizing usage to the hour especially if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications.

For more information on EC2 Pricing, please refer to the below URL:

Question 20

Exit Quiz

Domain: Cloud Concepts

When designing a system, you use the principle of “design for failure and nothing will fail”. Which of the following services/features of AWS can assist in supporting this design principle? Choose 3 answers from the options given below.

A.Availability Zones


C.Elastic Load Balancer

D.Pay as you go


Answer – A, B and C

Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple Availability zones, you are designing with failure in mind. So if one AZ were to go down, the other AZ’s would still be up and running. Hence your application would be more fault-tolerant.

For disaster recovery scenarios, one can move or make resources run in other regions.

And finally, one can use the Elastic Load Balancer to distribute load to multiple backend instances within a particular region.

For more information on AWS Regions and AZ’s, please refer to the below URL:

Question 21

Exit Quiz

Domain: Cloud Concepts

Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below:

  • Reduce inter-dependencies so failures do not impact other components.

Which of the following concepts does this requirement relate to?






Answer – B

The entire concept of decoupling components ensures that the different components of applications can be managed and maintained separately. If all components are tightly coupled, the entire application would go down when one component goes down. Hence it is always a better practice to decouple application components.

For more information on a decoupled architecture, please refer to the below URL:

Question 22

Exit Quiz

Domain: Security

Which of the following security requirements are managed by AWS? Select 3 answers from the options given below.

A.Password Policies

B.User permissions

C.Physical security

D.Disk disposal

E.Hardware patching


Answer – C, D and E

As per the Shared Responsibility Model, the Patching of the underlying hardware and physical security of AWS resources is the responsibility of AWS.

For more information on AWS Shared Responsibility Model, please refer to the below URL-

Disk disposal-

Storage Device Decommissioning: When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

For more information on Disk disposal, please refer to the below URL-

Question 23

Exit Quiz

Domain: Technology

You are planning on deploying a video-based application onto the AWS Cloud. Users across the world will access these videos. Which of the below services can help efficiently stream the content to the users across the globe?

A.Amazon SES

B.Amazon Cloudtrail

C.Amazon CloudFront

D.Amazon S3


Answer – C

The AWS Documentation mentions the following:

Amazon CloudFront is a web service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations.

For more information on CloudFront, please visit the link:

Question 24

Exit Quiz

Domain: Security

Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?

A.Amazon Inspector

B.AWS CloudFormation