AWS Certified Solution Architect practice exam questions

Passing the AWS Certified Solutions Architect Associate exam is one of the most powerful ways to demonstrate your ability to design secure, reliable, and cost-effective applications in the AWS Cloud.

The solutions architect designation validates not just your technical skills, but also your capacity to think like an architect, making design choices that balance performance, scalability, and cost.

The AWS Solutions Architect certification proves you can analyze requirements, map them to AWS services, and create solutions that align with best practices for cloud architecture. It tests your ability to design resilient systems, secure workloads, plan cost-optimized architectures, and implement strategies for high availability and fault tolerance.

Is the AWS Solution Architect cert worth it?

And don’t let anyone ever tell you certification isn’t worth it, especially with a widely respected designation like this.

Earning the AWS Solution Architect certification signals to employers and peers that you are prepared for a career in cloud architecture. It shows you can lead projects that involve designing end-to-end AWS solutions, making you an essential part of any team building applications in the cloud.

If you are interested in testing your skills and seeing if you’ve got what it takes to pass the AWS Solution Architect associate level exam, test your mettle on these 10 practice exam questions. If answering them is well within your skillset, you just might be ready to schedule and pass the exam.

Question 1

A cloud engineer at a digital learning startup is preparing a fleet of EC2 instances in a new VPC and needs to know the out-of-the-box behavior of the default security group. Which set of behaviors correctly describes the default security group’s initial rules?

(Choose 1)

⬜ A) Permit no inbound traffic, permit all outbound traffic, and prevent communication between instances that belong to the same security group.

⬜ B) Permit all inbound traffic, block all outbound traffic, and allow instances assigned to the same security group to communicate with one another.

⬜ C) Permit no inbound traffic, permit all outbound traffic, and allow intra-group communication so instances associated with the default security group can reach each other.

⬜ D) Permit unrestricted inbound traffic, permit unrestricted outbound traffic, and disallow traffic between instances that are members of the same security group.

Question 2

A scientific simulation company finds that many of its EC2 instances sit idle during specific processing windows and plans to create multiple Auto Scaling groups to optimize costs. By default, what maximum number of Auto Scaling groups will AWS permit an account to have in a region?

(Choose 1)

⬜ A) Fifty Auto Scaling groups

⬜ B) Two Auto Scaling groups

⬜ C) Twenty Auto Scaling groups by default

⬜ D) No enforced cap; create an unlimited number of Auto Scaling groups

Question 3

A regional food delivery startup hosts its order processing service on AWS. Amazon EC2 instances handle incoming orders and persist order records in an Amazon Aurora PostgreSQL DB cluster. During nightly dinner spikes that last about 90 minutes customers are seeing request timeouts. A solutions architect must redesign the system so it can scale to absorb peak traffic while keeping costs low. Which combination of actions will achieve this most cost-effectively?

(Choose 2)

⬜ A) Buffer incoming orders with an Amazon Kinesis Data Streams stream and run consumer EC2 instances to process the stream.

⬜ B) Modify the application to enqueue order submissions to an Amazon Simple Queue Service queue and provision an Auto Scaling group of EC2 worker instances that pull and process the messages.

⬜ C) Front the application with an Amazon API Gateway REST API and enforce client rate limits with a usage plan.

⬜ D) Deploy an Auto Scaling group of EC2 processors that implement retry logic for orders and reconfigure the application to use Amazon RDS Proxy for database connections.

⬜ E) Switch the processing to AWS Lambda functions that perform retries until each order is completed.

Question 4

A cloud engineer at a logistics firm must document what the Amazon EC2 API tools actually are. Which description most accurately characterizes the Amazon EC2 API tools?

(Choose 1)

⬜ A) AWS Management Console

⬜ B) Command-line utilities that interact with the Amazon EC2 API

⬜ C) EC2 AMI tools

⬜ D) AWS CLI

Question 5

A regional video post-production studio operates an on-premises SMB file server that holds very large media assets. Newly created files are accessed heavily for the first several days after creation, and access drops off sharply after 10 days. The volume of stored media is growing and the server’s disk usage recently exceeded 92% of capacity. A solutions architect must expand the studio’s available storage while preserving low-latency access to recently used files and implement lifecycle management to prevent repeated capacity problems. Which design meets these requirements?

(Choose 1)

⬜ A) Use AWS DataSync to transfer objects older than 10 days from the on-premises SMB server into Amazon S3.

⬜ B) Deploy an Amazon S3 File Gateway at the site to present an SMB share backed by S3 and apply an S3 Lifecycle rule to move objects older than 10 days to S3 Glacier Deep Archive.

⬜ C) Provision an Amazon FSx for NetApp ONTAP file system and enable automated tiering to Amazon S3 to free on-prem capacity.

⬜ D) Install a client on every workstation to access Amazon S3 directly and configure an S3 Lifecycle rule to transition items older than 10 days to S3 Glacier Flexible Retrieval.

Question 6

Your analytics startup has been running T2 instances because CPU load has been light. You are now evaluating larger instance families and comparing the M1 and M3 generations. They appear to have similar CPU-to-memory ratios, but you are unsure how they differ. Which of the following statements is incorrect as a reason to choose one over the other?

(Choose 1)

⬜ A) M3 instance generations were introduced with improved networking and virtualization features compared with the older M1 family.

⬜ B) M3 instance types are provisioned with larger swap memory allocations by default than M1 instances.

⬜ C) For many workloads M3 offers more consistent and higher CPU performance compared to M1 instances.

⬜ D) M3 includes SSD-backed instance store options that deliver better I/O throughput than the magnetic storage used by M1.

Question 7

From a Windows command prompt, which command launches the Remote Desktop Connection client?

(Choose 1)

⬜ A) tscon.exe

⬜ B) desk.cpl (display properties applet)

⬜ C) mstsc.exe

⬜ D) rdpclip.exe

Question 8

A small fintech startup is launching a backend service on Amazon EC2 that needs to call multiple AWS APIs. Which setup best prevents the exposure of AWS Access Key ID and Secret Access Key while allowing the application to access AWS services?

(Choose 1)

⬜ A) Retrieve long-lived credentials from AWS Secrets Manager during application startup.

⬜ B) Attach an IAM role to the EC2 instance through an instance profile.

⬜ C) Enable Multi-Factor Authentication on the AWS account root user.

⬜ D) Embed the Access Key ID and Secret Access Key inside the application source code comments.

Question 9

An academic research group runs servers on-premises managed with Chef cookbooks and wants to migrate workloads to AWS while continuing to reuse their existing Chef recipes. Which AWS service is intended to let them apply those Chef cookbooks directly in the AWS environment?

(Choose 1)

⬜ A) AWS CloudFormation

⬜ B) AWS OpsWorks Stacks

⬜ C) AWS Systems Manager

⬜ D) AWS Elastic Beanstalk

Question 10

A boutique fintech firm plans to turn off automated backups for an Amazon RDS PostgreSQL instance used for analytical workloads. What impact does disabling automated backups have on the database’s ability to perform point-in-time restores?

(Choose 1)

⬜ A) The ability to perform point-in-time restores remains available from retained automated backups forever.

⬜ B) Disabling automated backups automatically converts the instance into a read replica to keep recovery points.

⬜ C) Point-in-time restore is disabled when automated backups are turned off on the DB instance.

⬜ D) Taking manual DB snapshots before disabling automated backups preserves recovery to arbitrary times.