Solutions Architect Associate

Readiness
Practice Exam Questions

Robert Callaghan
2 July 2021
Format

Sample questions, to aid your learning. Not real exam questions.

A selection of topics – not everything you may see in the exam.

This should help you, but won’t replace study.

Getting things wrong is good! It helps you focus your study.

Question time!
Question

Your web application needs 4 Amazon EC2 instances to support

steady traffic nearly all of the time. On the last day of each month,
the traffic triples.
What is the most cost effective way to handle this traffic pattern?

A. Run 4 On-Demand Instances constantly, then add 8 more On-Demand

Instances on the last day of each month.
B. Run 4 Reserved Instances constantly, then add 8 On-Demand
Instances on the last day of each month.
C. Run 4 On-Demand Instances constantly, then add 8 Reserved
Instances on the last day of each month.
D. Run 12 Reserved Instances all of the time.
Answer

Your web application needs 4 Amazon EC2 instances to support

steady traffic nearly all of the time. On the last day of each month,
the traffic triples.
What is the most cost effective way to handle this traffic pattern?

A. Run 4 On-Demand Instances constantly, then add 8 more On-Demand

Instances on the last day of each month.
B. Run 4 Reserved Instances constantly, then add 8 On-Demand
Instances on the last day of each month.
C. Run 4 On-Demand Instances constantly, then add 8 Reserved
Instances on the last day of each month.
D. Run 12 Reserved Instances all of the time.
Question

When designing a loosely coupled system, which AWS services

provide an intermediate durable storage layer between
components? (Select TWO)

A. Amazon CloudFront
B. Amazon Kinesis
C. Amazon Route53
D. AWS CloudFormation
E. Amazon Simple Queue Service (SQS)
Answer

When designing a loosely coupled system, which AWS services

provide an intermediate durable storage layer between
components? (Select TWO)

A. Amazon CloudFront
B. Amazon Kinesis
C. Amazon Route53
D. AWS CloudFormation
E. Amazon Simple Queue Service (SQS)
Question

Which of the following cache engines are supported by Amazon

ElastiCache? (Select TWO)

A. MySQL
B. Memcached
C. Redis
D. Couchbase (formally Membase)
E. Cassandra
Answer

Which of the following cache engines are supported by Amazon

ElastiCache? (Select TWO)

A. MySQL
B. Memcached
C. Redis
D. Couchbase
E. Cassandra
Question?

You have written an application that needs access to a particular

bucket in S3. The application will run on an EC2 instance.
What should you do to give the application access to the bucket
securely?

A. Store your access key and secret access key on the EC2 instance in a
file called ‘secrets’.
B. Attach an IAM role to the EC2 instance with a policy that grants it
access to the bucket in S3.
C. Store your access key and secret key on the EC2 instance in
‘$HOME/.aws/credentials’.
D. Use S3 bucket policies to make the bucket public.
Answer

You have written an application that needs access to a particular

bucket in S3. The application will run on an EC2 instance.
What should you do to give the application access to the bucket
securely?

A. Store your access key and secret access key on the EC2 instance in a
file called ‘secrets’.
B. Attach an IAM role to the EC2 instance with a policy that grants it
access to the bucket in S3.
C. Store your access key and secret key on the EC2 instance in
‘$HOME/.aws/credentials’.
D. Use S3 bucket policies to make the bucket public.
Question

An application saves its logs to an Amazon S3 bucket. A user

wants to keep the logs for 1 month for troubleshooting purposes,
and then purge the logs.
What feature will enable this?

A. Adding a bucket policy to the S3 bucket.

B. Configuring lifecycle configuration rules for the S3 bucket.
C. Creating an IAM policy for the S3 bucket.
D. Enabling cross-origin resource sharing (CORS) on the S3 bucket.
Answer

An application saves its logs to an Amazon S3 bucket. A user

wants to keep the logs for 1 month for troubleshooting purposes,
and then purge the logs.
What feature will enable this?

A. Adding a bucket policy to the S3 bucket.

B. Configuring lifecycle configuration rules for the S3 bucket.
C. Creating an IAM policy for the S3 bucket.
D. Enabling cross-origin resource sharing (CORS) on the S3 bucket.
Question

Your company provides media content via the Internet to customers

through a paid subscription model. You use Amazon CloudFront to
distribute content from an Amazon S3 bucket. What approach can
you use to serve this private content securely to your paid
subscribers?

A. Provide signed CloudFront URLs to authenticated users.

B. Add subscriber IP addresses to the CloudFront security group.
C. Use the geo restriction feature to restrict access to all of the paid
subscription media at the country level.
D. Provide subscribers with an Origin Access Identity to grant them
access to the CloudFront distribution.
Answer

Your company provides media content via the Internet to customers

through a paid subscription model. You use Amazon CloudFront to
distribute content from an Amazon S3 bucket. What approach can
you use to serve this private content securely to your paid
subscribers?

A. Provide signed CloudFront URLs to authenticated users.

B. Add subscriber IP addresses to the CloudFront security group.
C. Use the geo restriction feature to restrict access to all of the paid
subscription media at the country level.
D. Provide subscribers with an Origin Access Identity to grant them
access to the CloudFront distribution.
Question

What is an efficient way to fan-out a single Amazon SNS message

to multiple Amazon SQS queues?

A. Create one SQS queue that subscribes to multiple SNS topics.

B. Create multiple SQS queues that subscribe to the SNS topic.
C. Create an AWS Lambda function that subscribes to the SNS topic
and sends copies to multiple SQS queues.
D. Use a custom attribute on the SNS message to define which SQS
queues should receive the message.
Answer

What is an efficient way to fan-out a single Amazon SNS message

to multiple Amazon SQS queues?

A. Create one SQS queue that subscribes to multiple SNS topics.

B. Create multiple SQS queues that subscribe to the SNS topic.
C. Create an AWS Lambda function that subscribes to the SNS topic
and sends copies to multiple SQS queues.
D. Use a custom attribute on the SNS message to define which SQS
queues should receive the message.
Question

A company is developing a highly available web application using

stateless web servers.
Which AWS services or features are suitable for storing session
state data? (Select TWO.)

A. Amazon CloudWatch
B. Amazon DynamoDB
C. Elastic Load Balancing
D. Amazon ElastiCache
E. AWS Storage Gateway
Answer

A company is developing a highly available web application using

stateless web servers.
Which AWS services or features are suitable for storing session
state data? (Select TWO.)

A. Amazon CloudWatch
B. Amazon DynamoDB
C. Elastic Load Balancing
D. Amazon ElastiCache
E. AWS Storage Gateway
Question

An application runs on multiple Amazon EC2 instances, in a

single Availability Zone. The application calls a third-party API,
via the Internet.
How can you provide the third-party a single IP address to add to
an access allow-list?

A. Assign an Elastic IP address to the instances.

B. Assigned a Public IP address to the instances.
C. Put the instances behind a NAT Gateway.
D. Put the instances behind a Network Load Balancer.
Answer

An application runs on multiple Amazon EC2 instances, in a

single Availability Zone. The application calls a third-party API,
via the Internet.
How can you provide the third-party a single IP address to add to
an access allow-list?

A. Assign an Elastic IP address to the instances.

B. Assigned a Public IP address to the instances.
C. Put the instances behind a NAT Gateway.
D. Put the instances behind a Network Load Balancer.
Question

Two teams in your company are using separate AWS accounts,

that were allocated using AWS Organisations.
How can both teams launch Amazon EC2 instances in the same
VPC?

A. Use VPC Peering to join the two VPCs together.

B. Use VPC sharing to share a subnet between the accounts.
C. Use Transit Gateway to provide access to a shared VPC.
D. Use a Transit VPC to link the two VPCs together.
Answer

Two teams in your company are using separate AWS accounts,

that were allocated using AWS Organisations.
How can both teams launch Amazon EC2 instances in the same
VPC?

A. Use VPC Peering to join the two VPCs together.

B. Use VPC sharing to share a subnet between the accounts.
C. Use Transit Gateway to provide access to a shared VPC.
D. Use a Transit VPC to link the two VPCs together.
Questions

Your company needs to store 200TB of product videos. The videos were
created over the last several years, with the most recent videos being
accessed the most often. The data must be access locally, but there is
insufficient space in the data centre to install sufficient local storage
devices to store this data.
What service will meet these requirements?

A. AWS Import/Export
B. Amazon EC2 instances with attached Amazon EBS volumes
C. AWS Snowball Edge
D. AWS Storage Gateway – Cached volumes
Answer

Your company needs to store 200TB of product videos. The videos were
created over the last several years, with the most recent videos being
accessed the most often. The data must be access locally, but there is
insufficient space in the data centre to install sufficient local storage
devices to store this data.
What service will meet these requirements?

A. AWS Import/Export
B. Amazon EC2 instances with attached Amazon EBS volumes
C. AWS Snowball Edge
D. AWS Storage Gateway – Cached volumes
Question

Which type of Elastic Load Balancer allows path-based routing for

selecting the target group?

A. Classic Load Balancer

B. Application Load Balancer
C. Network Load Balancer
D. Target Load Balancer
Answer

Which type of Elastic Load Balancer allows path-based routing for

selecting the target group?

A. Classic Load Balancer

B. Application Load Balancer
C. Network Load Balancer
D. Target Load Balancer
Question

Who can create objects in an Amazon S3 bucket with this bucket policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Deny”,
“Principal”: “*”,
“Action”: “s3:PutObject”,
“Resource”: “arn:aws:s3:::my-bucket/*”
}
]
}

A. Any IAM User.

B. Nobody.
C. Only IAM Users with “AdminAccess” Permissions.
D. Only the user who created the bucket.
Question

Who can create objects in an Amazon S3 bucket with this bucket policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Deny”,
“Principal”: “*”,
“Action”: “s3:PutObject”,
“Resource”: “arn:aws:s3:::my-bucket/*”
}
]
}

A. Any IAM User.

B. Nobody.
C. Only IAM Users with “AdminAccess” Permissions.
D. Only the user who created the bucket.
Question

You notice all messages in an Amazon SQS queue are being

redirected to the Dead Letter Queue, even though they have been
correctly processed by the your application. What could be
causing this?

A. The Retention Period of the queue is set too low.

B. The ‘maxReceiveCount’ setting on the queue is too low.
C. The application is not deleting the message after processing it.
D. The Dead Letter Queue redrive policy has not been activated.
Answer

You notice all messages in an Amazon SQS queue are being

redirected to the Dead Letter Queue, even though they have been
correctly processed by the your application. What could be
causing this?

A. The Retention Period of the queue is set too low.

B. The ‘maxReceiveCount’ setting on the queue is too low.
C. The application is not deleting the message after processing it.
D. The Dead Letter Queue redrive policy has not been activated.
Resources
Resources

PartnerCast: Exam Prep Workshop (June 2021)

https://partnercentral.awspartner.com/LmsSsoRedirect?RelayState=/le
arningobject/video?id=77121

PartnerCast: SAA Study Hall (May 2021)

https://partnercentral.awspartner.com/LmsSsoRedirect?RelayState=/le
arningobject/video?id=75565

* APN logon required to access these resources

Resources

AWS SA Associate Exam Guide

https://d1.awsstatic.com/training-and-certification/docs-sa-assoc/AWS-
Certified-Solutions-Architect-Associate_Exam-Guide.pdf

Certification Prep
https://aws.amazon.com/certification/certification-prep/
Schedule Your Exam

Schedule your exam

https://www.aws.training/certification

Remember
• If English is not your first language
you can request an additional 30
mins of time during the exam
• French, German Spanish, Italian,
Portuguese exam languages
coming soon!
Linking Your Certification to Company Account

AWS Certifications will be automatically added to your company's APN Partner Scorecard you have either:

Passed the AWS Certification exam using your current APN Profile (work) email address OR
Added your personal AWS Certification (CertMetrics) Account email address (ie. gmail) to your APN Partner Central Profile Page
as shown below:

Please select Yes to share your AWS certification to enable your company APN lead to identify you as certified!

Please note: You will need to be registered with your Partner Central firm for the Certification information to be reflected in the APN
Partner Scorecard.
This can be completed using our self-registration form here.

Please allow 5 business days for newly completed or updated Certification information to reflect on your APN Partner Scorecard.
Thank You!
Please join us again for another PartnerCast session

https://aws.amazon.com/partners/training/partnercast/