Practice Questions

Question 1

A multinational gym franchise issues app-based QR visit passes that are scanned at turnstiles worldwide. The turnstile scanner calls a backend API to validate the QR data against a single database table and, after a successful scan, atomically marks the pass as redeemed. The company must deploy on AWS under the DNS name api.fitpass.example.org and host the database in three AWS Regions: us-east-1, eu-west-1, and ap-southeast-1. Peak traffic is 75,000 validations per minute globally with payloads under 20 KB, and the business requires the lowest possible end-to-end validation latency with p95 under 120 ms from users’ nearest AWS edge location. Which solution will meet these requirements with the lowest latency?

Question Analysis

Core concept: This question is about choosing the lowest-latency global architecture for a dynamic API that performs a database lookup and an atomic redemption update. For globally distributed API traffic, the AWS service specifically designed to route users to the nearest healthy regional application endpoint with optimal network performance is AWS Global Accelerator. The database must exist in three Regions, but the application still needs a practical request-routing layer for dynamic, non-cacheable API calls. Why correct: Option A is the best answer because it uses AWS Global Accelerator to direct clients to the nearest regional ECS-based API endpoint over the AWS global backbone, minimizing network latency for dynamic requests. ECS services in us-east-1, eu-west-1, and ap-southeast-1 provide regional processing close to users, and Route 53 can map the required DNS name to the accelerator. Among the provided options, this is the most appropriate architecture for a globally distributed low-latency API. Key features: - AWS Global Accelerator provides anycast static IPs and routes traffic to the nearest healthy regional endpoint with fast failover. - ECS is a valid regional compute platform for API services that need to perform database reads and writes. - Aurora Global Database supports cross-Region replication and multi-Region database presence, satisfying the requirement to host the database in three Regions. - Route 53 can alias the custom DNS name api.fitpass.example.org to the Global Accelerator endpoint. Common misconceptions: CloudFront is often mistaken as the best choice for all global APIs, but it is primarily a CDN and edge proxy, not the default best option for dynamic write-heavy API routing across multiple regional application stacks. CloudFront Functions cannot call databases at all, and Lambda@Edge is not the intended mechanism for implementing a write-heavy transactional backend against DynamoDB. DynamoDB global tables are excellent for active-active data, but the surrounding compute and routing pattern in options C and D is flawed. Exam tips: For globally distributed dynamic APIs that must reach the nearest regional backend with the lowest latency, look first at AWS Global Accelerator rather than CloudFront. Use CloudFront when caching, static content delivery, or edge request manipulation is central to the design. Be cautious when an option suggests CloudFront Functions or Lambda@Edge performing full backend business logic with direct database transactions, because those services have important capability and architectural limitations.

Question 2

A digital education platform runs its enrollment service on AWS. The service exposes a REST endpoint through Amazon API Gateway that invokes an AWS Lambda function, which performs transactional reads and writes against an Amazon RDS for PostgreSQL DB instance. During a 2-hour “Early Access” promotion, Amazon CloudWatch showed concurrent Lambda executions spiking from a baseline of 80 to 3,200, active database connections climbing to 470 out of a 500-connection limit, and DB CPU utilization sustained above 85%, resulting in intermittent 502 errors and p95 API latencies over 2.5 seconds. What should a solutions architect recommend to optimize the application’s performance under these burst conditions?

Question Analysis

Core Concept: This question tests burst scaling behavior of AWS Lambda calling Amazon RDS and the resulting “connection storm” problem. The key service is Amazon RDS Proxy, which provides connection pooling and manages database connections for serverless and highly concurrent clients. Why the Answer is Correct: During the promotion, Lambda concurrency jumped to 3,200 while the database hit 470/500 connections and sustained >85% CPU, causing 502s and high p95 latency. This pattern strongly indicates that the database is overwhelmed by too many concurrent client connections and connection churn (frequent opens/closes, TLS/auth overhead), not just slow queries. RDS Proxy sits between Lambda and RDS, maintains a warm pool of established connections to PostgreSQL, and multiplexes many Lambda invocations over fewer DB connections. This reduces connection spikes, lowers CPU spent on connection management, improves resilience during bursts, and stabilizes latency. Key AWS Features: RDS Proxy supports PostgreSQL, integrates with IAM and AWS Secrets Manager for credential management, provides connection pooling, and can improve failover handling by reducing application-side reconnection logic. For Lambda, the best practice is to point the function to the proxy endpoint and keep application connections open (the proxy manages backend pooling). This aligns with AWS Well-Architected Reliability and Performance Efficiency pillars by smoothing burst load and protecting the database. Common Misconceptions: Caching (ElastiCache) can help read-heavy workloads, but the question states transactional reads/writes and shows connection saturation; caching won’t fix write pressure or connection storms. Reusing connections in Lambda (initializing outside the handler) helps, but it is not sufficient under extreme concurrency because each concurrent execution environment can still create its own connection(s), quickly exhausting DB limits. Increasing Lambda memory may speed compute, but it does not address DB connection limits and can even increase parallelism against the DB. Exam Tips: When you see Lambda/API Gateway + RDS with sudden concurrency spikes, high DB connections near the limit, and elevated CPU with intermittent 502s/timeouts, think “RDS Proxy/connection pooling.” Choose RDS Proxy over “close connections” guidance; in serverless, closing per request often worsens churn. Use caching only when the bottleneck is repeated reads and you can tolerate eventual consistency.

Question 3

A genomics research consortium provides a regulated data-annotation service to regional laboratories across North America and Europe. The service runs entirely on AWS across more than 30 member accounts that are centrally managed in a single AWS Organizations organization; workloads are deployed in all enabled Regions, and new accounts are added monthly. For audit and regulatory requirements, every API call to AWS resources across all current and future accounts and Regions must be recorded, tracked for changes, and stored durably and securely for 7 years with encryption at rest; logs must be immutable (recoverable from accidental deletions), and the solution must minimize ongoing operational effort without introducing third-party tooling. Which solution meets these requirements with the least operational overhead?

Question 4

(Select 2)

An education technology company is preparing to host a week-long global virtual hackathon this quarter; the platform uses an Application Load Balancer in front of web and application tiers on Amazon EC2 and an Amazon Aurora PostgreSQL database, about 70% of payload is static assets and approximately 95% of requests are read-only, and the company expects a 15x surge in traffic from North America, Europe, and APAC during the event while aiming to minimize p95 response times for a worldwide audience; which combination of steps should a solutions architect take to reduce system response times globally? (Choose two.)

Question Analysis

Core concept: This question tests global performance optimization for a read-heavy, static-heavy web application: using edge caching (Amazon CloudFront), global traffic steering (Route 53 latency-based routing), multi-Region application deployment, and low-latency cross-Region database reads (Aurora Global Database). Why the answer is correct: With a 15x global surge and a worldwide audience, the biggest p95 latency drivers are network distance and origin load. Option E reduces latency immediately by caching ~70% static assets at edge locations via CloudFront and by sending users to the closest healthy Region using Route 53 latency-based routing. Auto Scaling groups handle the surge for dynamic compute. Option D addresses the remaining bottleneck: database reads (95% read-only). Aurora Global Database provides physical replication with low-latency cross-Region read capability, allowing each Region’s application tier to read locally (or near-locally) instead of traversing oceans to a single writer Region. Storing static assets in S3 and replicating them cross-Region supports multi-Region origins and resilience, while multi-Region web/app tiers reduce RTT for dynamic requests. Key AWS features / best practices: - CloudFront: cache static content, reduce origin load, improve p95 globally; can also cache some dynamic content with appropriate cache keys. - Route 53 latency-based routing: directs users to the Region with lowest latency; typically combined with health checks. - Aurora Global Database: one primary writer Region, up to 5 secondary Regions with fast physical replication; use reader endpoints in secondary Regions for read scaling. - Multi-Region active/active (for web/app) with Auto Scaling: absorbs spikes and reduces user-to-origin latency. Common misconceptions: - “Just add Direct Connect” (Option B) doesn’t help internet users; it’s for private connectivity from on-premises. - “Cross-Region replication for S3 alone” (Option A) helps durability/DR but doesn’t provide edge caching; also “replace the web tier with S3” only works for static websites and doesn’t address dynamic app/API needs. - “Move to RDS PostgreSQL/private subnets” (Option C) doesn’t improve global latency and can reduce flexibility. Exam tips: When you see global users + static-heavy content, think CloudFront first. When you see read-heavy databases + multi-Region needs, think Aurora Global Database (or read replicas) and route users to the nearest Region with Route 53 latency-based routing. Combine caching + multi-Region compute + cross-Region read strategy for best p95 improvements.

Question 5

(Select 2)

A fintech company is moving a legacy reporting platform from a third-party hosting facility to AWS; the platform consists of a single Linux application server VM (Nginx and a Java service) and a PostgreSQL 12 database on a separate VM, and each VM uses multiple attached volumes totaling 420 TB; the company has a dedicated 10 Gbps AWS Direct Connect link to the nearest AWS Region that is currently unused by other workloads; the business requires the migration cutover downtime to be under 30 minutes and wants the database to run on Amazon RDS for PostgreSQL after migration; which combination of steps should a solutions architect take to migrate the workload with the least amount of downtime? (Choose two.)

Want to practice all questions on the go?

Download Cloud Pass for free — includes practice tests, progress tracking & more.

Question 6

Helios Media operates an on-premises network (10.50.0.0/16) and a VPC named VPC X (172.31.0.0/16) in the Helios Media AWS account; the on-premises network connects to VPC X through an AWS Site-to-Site VPN terminating on a virtual private gateway, and on-premises servers can successfully reach resources in VPC X; Helios Media recently acquired Orion Labs, which runs a separate AWS account with a VPC named VPC Y (10.90.0.0/16), and there is no IP address overlap among the on-premises network, VPC X, and VPC Y; the companies have established a VPC peering connection between VPC X and VPC Y; Helios Media now wants on-premises servers to access workloads in VPC Y and has already configured network ACLs and security groups to allow the traffic; which solution meets this requirement with the least operational effort?

Question 7

A fintech startup operates a mobile wallet API on an Amazon ECS cluster running on EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). Every Friday at 01:00 UTC, there is a surge of failed login attempts that drives the authentication microservice to 90% CPU. The failed attempts originate from about 600 source IP addresses that rotate every 7 days, and many of those IPs exceed 300 login requests within a 5-minute window. A solutions architect must prevent these failed logins from overwhelming the authentication service with the highest operational efficiency; what should be done?

Question 8

A fintech company runs a payment webhook receiver as an AWS Lambda function behind a public Amazon API Gateway HTTP API in ap-southeast-1; calls are handled asynchronously (the API returns HTTP 202 within 200 ms while the Lambda continues processing), the business requires automatic Regional failover within 5 minutes during a full Region outage with no client SDK changes and a single public hostname, normal operations must keep end-to-end latency under 300 ms, and the solution should support failover to ap-southeast-2 while preserving existing IAM authorization; which solution meets these requirements?

Question Analysis

Core Concept: This question tests multi-Region resiliency for an API Gateway + Lambda serverless endpoint with a single stable hostname, fast automatic failover, and preserved authorization behavior. The key pattern is active/passive (or active/active) multi-Region API endpoints fronted by DNS failover using Amazon Route 53 and API Gateway custom domain names. Why the Answer is Correct: Option D deploys the full stack (API Gateway HTTP API and Lambda) in both ap-southeast-1 and ap-southeast-2, then uses an API Gateway custom domain name in each Region and Route 53 failover routing with health checks to move the single public hostname to the healthy Region within minutes. This meets the “no client SDK changes” and “single public hostname” requirements because clients keep calling the same domain. It also meets the 5-minute RTO requirement because Route 53 health checks and failover policies can shift traffic quickly during a Regional outage. Latency stays low in normal operations because clients resolve to the primary Region endpoint directly (no extra proxy hop). Key AWS Features: - API Gateway custom domain names mapped to Regional HTTP APIs in each Region. - Route 53 failover routing policy (PRIMARY/SECONDARY) with health checks against a path that reflects API availability. - Separate Lambda deployments per Region (required because Lambda is Regional). - Preserving IAM authorization: API Gateway IAM auth (SigV4) remains the same model; clients still sign requests for execute-api. If using a custom domain, ensure the API is configured to accept IAM auth and clients sign with the correct service/region expectations; in practice, many webhook senders won’t use IAM, but the requirement explicitly asks to preserve it, which is best achieved by keeping API Gateway + IAM in each Region rather than introducing non-API-Gateway front doors. Common Misconceptions: - “Just point the secondary API to the primary Lambda” fails because Lambda cannot be invoked cross-Region via a native API Gateway Lambda proxy integration. - “Use Global Accelerator for everything” is attractive for fast failover, but it does not front API Gateway endpoints directly as origins the way it does ALB/NLB, and adding ALB in front of API Gateway is not a standard or necessary pattern. Exam Tips: For Regional outages with a single DNS name, think Route 53 failover (or latency/weighted) + health checks. For API Gateway multi-Region, you typically replicate the API and backend per Region and use custom domains to keep the client hostname stable. Avoid designs that rely on cross-Region Lambda integrations or unnecessary extra hops that increase latency.

Question 9

A regional food-delivery startup runs a stateful Node.js web application and a MySQL 5.7 database on a single rack server in a co-location facility; marketing plans expect peak concurrent users to grow from 400 to 4,500 within 30 days, and the CTO requires 99.99% service availability across at least two Availability Zones, session continuity for authenticated users, database RTO under 60 seconds, and elimination of single points of failure when migrating to a single AWS Region with minimal code changes. Which solution should provide the HIGHEST level of reliability?

Question 10

A genomics research lab is planning a one-time migration of a 72 TB on-premises MariaDB database to Amazon Aurora MySQL in the eu-central-1 Region; with only a 150 Mbps internet link that would take approximately 45 days to transfer the data, the lab needs a faster approach and must determine which solution will migrate the database in the LEAST amount of time.

Practice Test #5

Triple AI-Verified Answers & Explanations

Practice Questions

Success Stories(9)

Other Practice Tests

Practice Test #1

Practice Test #2

Practice Test #3

Practice Test #4

Start Practicing Now