AWS Cloud Practitioner Exam

Practice Questions - Part 1 of 3

Cloud Concepts

1. Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from various failures and automatically scale resources to meet demand?
  • A) Cost Optimization
  • B) Reliability
  • C) Performance Efficiency
  • D) Security
Correct Answer: B) Reliability
The Reliability pillar focuses on the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
2. Which of the following are not a capability of the AWS Cloud Adoption Framework (CAF)?
  • A) Business perspective
  • B) People perspective
  • C) Governance perspective
  • D) Compliance perspective
Correct Answer: D) Compliance perspective
The AWS CAF has six perspectives: Business, People, Governance, Platform, Security, and Operations. There is no "Compliance perspective" - compliance is addressed within the Security and Governance perspectives.
3. What are the three main cloud computing service models?
  • A) Public, Private, Hybrid
  • B) Compute, Storage, Database
  • C) IaaS, PaaS, SaaS
  • D) Regional, Global, Local
Correct Answer: C) IaaS, PaaS, SaaS
The three main cloud service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These represent different levels of abstraction and management responsibility.
4. Which of the following best describes the concept of elasticity in cloud computing?
  • A) The ability to automatically scale resources up or down based on demand
  • B) The ability to recover from failures quickly
  • C) The ability to distribute workloads across multiple regions
  • D) The ability to secure data in transit and at rest
Correct Answer: A) The ability to automatically scale resources up or down based on demand
Elasticity is the ability to acquire and release resources as needed, allowing applications to scale up during peak demand and scale down during low demand periods.
5. What is the primary benefit of using cloud computing over traditional on-premises infrastructure?
  • A) Better security
  • B) Lower total cost of ownership and faster time to market
  • C) Complete control over hardware
  • D) No need for internet connectivity
Correct Answer: B) Lower total cost of ownership and faster time to market
Cloud computing eliminates the need for upfront capital investments in hardware, reduces operational costs, and allows organizations to deploy applications faster without managing underlying infrastructure.
6. Which AWS Well-Architected Framework pillar focuses on minimizing environmental impact?
  • A) Cost Optimization
  • B) Operational Excellence
  • C) Sustainability
  • D) Performance Efficiency
Correct Answer: C) Sustainability
The Sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads, including energy consumption and carbon footprint reduction.
7. What does "pay-as-you-go" pricing mean in AWS?
  • A) You pay only for the resources you use, when you use them
  • B) You pay a fixed monthly fee regardless of usage
  • C) You pay in advance for reserved capacity
  • D) You pay based on the number of users
Correct Answer: A) You pay only for the resources you use, when you use them
Pay-as-you-go pricing means you pay for cloud services based on actual usage without upfront costs or long-term commitments. You can scale up or down as needed and only pay for what you consume.
8. Which cloud deployment model involves extending an on-premises data center into the cloud?
  • A) Public cloud
  • B) Hybrid cloud
  • C) Private cloud
  • D) Community cloud
Correct Answer: B) Hybrid cloud
Hybrid cloud deployment combines on-premises infrastructure with cloud services, allowing data and applications to be shared between them. This provides greater flexibility and more deployment options.
9. What is the main advantage of using Infrastructure as Code (IaC)?
  • A) It eliminates the need for monitoring
  • B) It makes infrastructure completely secure
  • C) It enables consistent, repeatable, and automated infrastructure deployment
  • D) It reduces the need for documentation
Correct Answer: C) It enables consistent, repeatable, and automated infrastructure deployment
IaC allows infrastructure to be provisioned and managed through code, ensuring consistency across environments, reducing human error, and enabling version control and automation.

AWS Services

Compute Services

1. What is the primary purpose of Amazon Elastic Compute Cloud (EC2)?
  • A) To provide managed database services
  • B) To provide scalable computing capacity in the cloud
  • C) To store and retrieve data from the internet
  • D) To distribute content globally
Correct Answer: B) To provide scalable computing capacity in the cloud
Amazon EC2 provides secure, resizable compute capacity in the cloud. It allows you to launch virtual servers (instances) as needed and scale capacity up or down as requirements change.
2. What does the AWS Lambda service provide?
  • A) Serverless computing that runs code in response to events
  • B) Virtual private cloud networking
  • C) Managed database services
  • D) Content delivery network
Correct Answer: A) Serverless computing that runs code in response to events
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume, and Lambda automatically scales your application by running code in response to each trigger.
3. What does AWS Elastic Beanstalk provide?
  • A) Raw computing power
  • B) Database management
  • C) Easy deployment and management of web applications
  • D) Content delivery services
Correct Answer: C) Easy deployment and management of web applications
AWS Elastic Beanstalk is a service for deploying and scaling web applications and services. You simply upload your code, and Beanstalk handles the deployment, capacity provisioning, load balancing, and health monitoring.
4. Which AWS service can be used to automatically scale resources based on application load?
  • A) AWS CloudFormation
  • B) AWS Auto Scaling
  • C) AWS Lambda
  • D) AWS CodeDeploy
Correct Answer: B) AWS Auto Scaling
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. It can scale EC2 instances, ECS services, and other resources.
5. Which AWS service monitors the CPU load metrics for EC2 instances?
  • A) Amazon CloudWatch
  • B) AWS CloudTrail
  • C) AWS Config
  • D) AWS Inspector
Correct Answer: A) Amazon CloudWatch
Amazon CloudWatch is a monitoring service that collects and tracks metrics, logs, and events from AWS resources and applications. It provides detailed monitoring of EC2 instances including CPU utilization.

Storage Services

1. What is the maximum file size for an object stored in Amazon S3?
  • A) 5 GB
  • B) 100 GB
  • C) 5 TB
  • D) 1 TB
Correct Answer: C) 5 TB
The maximum size for a single object in Amazon S3 is 5 TB (5,000 GB). Objects larger than 100 MB should use multipart upload for better performance and reliability.
2. A company wants to reliably archive a large number of video files that are between 50MB to 5GB into Amazon S3. They expect to only access the files no more than once a year, but when they do, they need the files to be available right away. What would be the lowest cost S3 storage class that meets these needs?
  • A) S3 Standard
  • B) S3 Standard-Infrequent Access (IA)
  • C) S3 Glacier
  • D) S3 Deep Archive
Correct Answer: B) S3 Standard-Infrequent Access (IA)
S3 Standard-IA is designed for data that is accessed less frequently but requires rapid access when needed. It provides immediate availability while being more cost-effective than S3 Standard for infrequently accessed data.
3. Which AWS service provides block-level storage that can be attached to EC2 instances?
  • A) Amazon EBS
  • B) Amazon S3
  • C) Amazon EFS
  • D) Amazon FSx
Correct Answer: A) Amazon EBS
Amazon Elastic Block Store (EBS) provides persistent block storage volumes for use with EC2 instances. EBS volumes can be attached to and detached from instances as needed.
4. What is the difference between Amazon S3 and Amazon EBS?
  • A) S3 is for compute, EBS is for storage
  • B) S3 is more expensive than EBS
  • C) S3 is object storage, EBS is block storage
  • D) S3 is faster than EBS
Correct Answer: C) S3 is object storage, EBS is block storage
Amazon S3 is an object storage service for storing and retrieving data over the internet, while Amazon EBS provides block-level storage volumes that attach to EC2 instances like traditional hard drives.
5. Which S3 storage class is designed for data that is accessed less frequently but requires rapid access when needed?
  • A) S3 Standard
  • B) S3 Standard-Infrequent Access (IA)
  • C) S3 One Zone-IA
  • D) S3 Glacier Instant Retrieval
Correct Answer: B) S3 Standard-Infrequent Access (IA)
S3 Standard-IA is designed for data that is accessed less frequently but requires rapid access when needed. It offers lower storage costs than S3 Standard with millisecond access times.
6. What is the purpose of Amazon S3 Transfer Acceleration?
  • A) To speed up uploads to S3 using CloudFront edge locations
  • B) To compress files automatically
  • C) To encrypt data in transit
  • D) To reduce storage costs
Correct Answer: A) To speed up uploads to S3 using CloudFront edge locations
S3 Transfer Acceleration enables faster uploads to S3 by using Amazon CloudFront's globally distributed edge locations. Data is uploaded to the nearest edge location and then transferred to S3 over optimized network paths.
7. Which AWS service provides a hybrid cloud storage service that connects on-premises environments to AWS?
  • A) AWS Direct Connect
  • B) AWS VPN
  • C) AWS Storage Gateway
  • D) AWS DataSync
Correct Answer: C) AWS Storage Gateway
AWS Storage Gateway is a hybrid cloud storage service that connects on-premises software appliances with cloud-based storage to provide seamless integration between on-premises and AWS storage services.
8. What is the maximum size of an Amazon EBS volume?
  • A) 1 TB
  • B) 16 TB
  • C) 32 TB
  • D) 64 TB
Correct Answer: D) 64 TB
The maximum size for an Amazon EBS volume is 64 TB (65,536 GB). This applies to most EBS volume types including gp2, gp3, io1, io2, st1, and sc1.

Database Services

1. Which AWS service provides a highly scalable, fully managed database?
  • A) Amazon RDS
  • B) Amazon EC2
  • C) Amazon S3
  • D) Amazon CloudFront
Correct Answer: A) Amazon RDS
Amazon Relational Database Service (RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks.
2. What is the purpose of Amazon RDS?
  • A) To provide object storage
  • B) To provide compute capacity
  • C) To provide managed relational database services
  • D) To provide content delivery
Correct Answer: C) To provide managed relational database services
Amazon RDS provides managed relational database services that handle routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
3. Which AWS database service is designed for NoSQL workloads?
  • A) Amazon RDS
  • B) Amazon DynamoDB
  • C) Amazon Aurora
  • D) Amazon Redshift
Correct Answer: B) Amazon DynamoDB
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both document and key-value data models.
4. What is Amazon Aurora?
  • A) A NoSQL database service
  • B) A data warehouse service
  • C) A MySQL and PostgreSQL-compatible relational database
  • D) An in-memory database service
Correct Answer: C) A MySQL and PostgreSQL-compatible relational database
Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
5. Which AWS service provides a managed data warehouse solution?
  • A) Amazon RDS
  • B) Amazon Redshift
  • C) Amazon DynamoDB
  • D) Amazon Aurora
Correct Answer: B) Amazon Redshift
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It's designed for online analytic processing (OLAP) and business intelligence applications.
6. What is the key difference between Amazon RDS and Amazon DynamoDB?
  • A) RDS is for relational databases, DynamoDB is for NoSQL databases
  • B) RDS is faster than DynamoDB
  • C) RDS is cheaper than DynamoDB
  • D) RDS supports more programming languages
Correct Answer: A) RDS is for relational databases, DynamoDB is for NoSQL databases
Amazon RDS is a managed service for relational databases (MySQL, PostgreSQL, Oracle, SQL Server, etc.) with ACID properties, while DynamoDB is a managed NoSQL database service for applications that need consistent, single-digit millisecond latency.
7. Which AWS service can be used for in-memory caching to improve application performance?
  • A) Amazon RDS
  • B) Amazon S3
  • C) Amazon ElastiCache
  • D) Amazon Redshift
Correct Answer: C) Amazon ElastiCache
Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. It supports Redis and Memcached engines to improve application performance.
8. What is Amazon DocumentDB designed for?
  • A) MongoDB-compatible document database workloads
  • B) Relational database workloads
  • C) Data warehousing
  • D) In-memory caching
Correct Answer: A) MongoDB-compatible document database workloads
Amazon DocumentDB is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. It's designed to be compatible with MongoDB applications and tools.
© Bright Mind Tech 2025
AWS Cloud Practitioner Exam Practice - Part 2

AWS Cloud Practitioner Exam

Practice Questions - Part 2 of 3

AWS Services (Continued)

Networking & Content Delivery

1. Which AWS service can be used to distribute content globally and accelerate website performance?
  • A) Amazon CloudFront
  • B) Amazon S3
  • C) Amazon EC2
  • D) Amazon RDS
Correct Answer: A) Amazon CloudFront
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.
2. What is the purpose of Amazon CloudFront?
  • A) To cache and deliver content from edge locations worldwide
  • B) To provide virtual private cloud networking
  • C) To store files in the cloud
  • D) To provide serverless computing
Correct Answer: A) To cache and deliver content from edge locations worldwide
CloudFront caches content at edge locations around the world, reducing latency by serving content from the location closest to the user, improving website performance and user experience.
3. What is Amazon VPC?
  • A) A content delivery network
  • B) A virtual private cloud that provides isolated network environment
  • C) A database service
  • D) A monitoring service
Correct Answer: B) A virtual private cloud that provides isolated network environment
Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define, with complete control over your virtual networking environment.
4. Which AWS service provides a dedicated network connection between your premises and AWS?
  • A) Amazon VPC
  • B) AWS VPN
  • C) AWS Direct Connect
  • D) Amazon CloudFront
Correct Answer: C) AWS Direct Connect
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS, which can reduce network costs, increase bandwidth throughput, and provide more consistent network experience.
5. What is the purpose of an Internet Gateway in AWS?
  • A) To allow communication between VPC and the internet
  • B) To provide DNS resolution
  • C) To monitor network traffic
  • D) To encrypt network communications
Correct Answer: A) To allow communication between VPC and the internet
An Internet Gateway is a VPC component that allows communication between instances in your VPC and the internet. It serves as a bridge between your VPC and the public internet.
6. Which AWS service can be used to create a secure connection between two VPCs?
  • A) Internet Gateway
  • B) VPC Peering
  • C) NAT Gateway
  • D) Elastic Load Balancer
Correct Answer: B) VPC Peering
VPC Peering allows you to route traffic between two VPCs using private IPv4 or IPv6 addresses, enabling resources in different VPCs to communicate with each other as if they were within the same network.
7. What is Amazon Route 53?
  • A) A load balancing service
  • B) A content delivery network
  • C) A scalable DNS web service
  • D) A virtual private cloud service
Correct Answer: C) A scalable DNS web service
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service designed to route end users to internet applications by translating domain names to IP addresses.
8. Which AWS service provides distributed denial of service (DDoS) protection?
  • A) AWS WAF
  • B) Amazon CloudFront
  • C) AWS Config
  • D) AWS Shield
Correct Answer: D) AWS Shield
AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. Shield Standard provides protection against common DDoS attacks, while Shield Advanced offers enhanced protection.

Application Integration

1. Which AWS service is used to send and receive messages between distributed systems?
  • A) Amazon SNS
  • B) Amazon SQS
  • C) Amazon CloudWatch
  • D) AWS Lambda
Correct Answer: B) Amazon SQS
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
2. What is the purpose of Amazon Simple Notification Service (SNS)?
  • A) To send notifications to multiple subscribers
  • B) To queue messages between applications
  • C) To store files in the cloud
  • D) To provide compute capacity
Correct Answer: A) To send notifications to multiple subscribers
Amazon SNS is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication, enabling you to send notifications to multiple subscribers.
3. What is the difference between Amazon SQS and Amazon SNS?
  • A) SQS is faster than SNS
  • B) SQS is more expensive than SNS
  • C) SQS is for queuing messages, SNS is for publishing notifications
  • D) SQS supports more protocols than SNS
Correct Answer: C) SQS is for queuing messages, SNS is for publishing notifications
SQS is a message queuing service for point-to-point communication, while SNS is a notification service for publish-subscribe (pub/sub) messaging to multiple subscribers simultaneously.
4. Which AWS service can be used to coordinate distributed applications using visual workflows?
  • A) AWS Lambda
  • B) AWS Step Functions
  • C) Amazon SQS
  • D) Amazon SNS
Correct Answer: B) AWS Step Functions
AWS Step Functions is a visual workflow service that helps developers use AWS services to build distributed applications, automate processes, orchestrate microservices, and create data and machine learning pipelines.
5. What is Amazon EventBridge used for?
  • A) File storage
  • B) Database management
  • C) Event-driven architecture and application integration
  • D) Content delivery
Correct Answer: C) Event-driven architecture and application integration
Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications by connecting application data from your own applications, integrated SaaS applications, and AWS services.
6. Which AWS service provides a fully managed Apache Kafka service?
  • A) Amazon MSK (Managed Streaming for Apache Kafka)
  • B) Amazon SQS
  • C) Amazon SNS
  • D) Amazon Kinesis
Correct Answer: A) Amazon MSK (Managed Streaming for Apache Kafka)
Amazon Managed Streaming for Apache Kafka (MSK) is a fully managed service that makes it easy to build and run applications that use Apache Kafka to process streaming data.

Developer Tools

1. What is the purpose of AWS CloudFormation?
  • A) To monitor application performance
  • B) To provision and manage AWS resources using templates
  • C) To store and manage source code
  • D) To deploy applications automatically
Correct Answer: B) To provision and manage AWS resources using templates
AWS CloudFormation provides a common language for describing and provisioning all the infrastructure resources in your cloud environment using JSON or YAML templates, enabling Infrastructure as Code.
2. Which AWS service can a company leverage to manage Docker images created by their development teams?
  • A) AWS CodeCommit
  • B) AWS CodeBuild
  • C) Amazon ECR
  • D) AWS CodeDeploy
Correct Answer: C) Amazon ECR
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images. It integrates with Amazon ECS and EKS.
3. What is AWS CodeCommit?
  • A) A fully managed source control service that hosts Git repositories
  • B) A continuous integration service
  • C) A deployment automation service
  • D) A container registry service
Correct Answer: A) A fully managed source control service that hosts Git repositories
AWS CodeCommit is a fully managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.
4. Which AWS service provides continuous integration and continuous deployment (CI/CD) capabilities?
  • A) AWS CodeCommit
  • B) AWS CodePipeline
  • C) AWS CloudFormation
  • D) Amazon ECR
Correct Answer: B) AWS CodePipeline
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
5. What is AWS CodeDeploy used for?
  • A) Source code management
  • B) Building applications
  • C) Automating application deployments to various compute services
  • D) Monitoring application performance
Correct Answer: C) Automating application deployments to various compute services
AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises servers, serverless Lambda functions, and Amazon ECS services.
6. Which AWS service can be used to analyze application performance and troubleshoot issues?
  • A) AWS X-Ray
  • B) AWS CodeBuild
  • C) AWS CodeCommit
  • D) AWS CodeDeploy
Correct Answer: A) AWS X-Ray
AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. It provides an end-to-end view of requests as they travel through your application.
7. What is AWS Systems Manager?
  • A) A database management service
  • B) A service for managing and configuring AWS resources at scale
  • C) A content delivery network
  • D) A serverless computing service
Correct Answer: B) A service for managing and configuring AWS resources at scale
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. It provides a unified user interface to view operational data from multiple AWS services and automate operational tasks.

Customer Engagement

1. A company wants to offer customer support through phone and chat. The company needs a solution that remote customer service staff can use to manage these customer support interactions. What AWS service could the company consider?
  • A) Amazon SES
  • B) Amazon Pinpoint
  • C) Amazon Connect
  • D) Amazon Chime
Correct Answer: C) Amazon Connect
Amazon Connect is a cloud-based contact center service that makes it easy to set up and manage a customer contact center and provide reliable customer engagement at scale.
2. What is Amazon Pinpoint used for?
  • A) Customer engagement and multichannel messaging
  • B) Database management
  • C) File storage
  • D) Network security
Correct Answer: A) Customer engagement and multichannel messaging
Amazon Pinpoint is a flexible and scalable outbound and inbound marketing communications service that connects you with customers over channels like email, SMS, push notifications, and voice.
3. Which AWS service provides customer relationship management (CRM) capabilities?
  • A) Amazon Connect
  • B) Amazon Pinpoint
  • C) Amazon SES
  • D) None - AWS does not provide a native CRM service
Correct Answer: D) None - AWS does not provide a native CRM service
AWS does not offer a native CRM service. However, customers can run CRM applications like Salesforce on AWS infrastructure or integrate AWS services with third-party CRM solutions.
4. What is Amazon Connect?
  • A) A networking service
  • B) A database service
  • C) A cloud-based contact center service
  • D) A content delivery network
Correct Answer: C) A cloud-based contact center service
Amazon Connect is an easy-to-use omnichannel cloud contact center that helps companies provide superior customer service at a lower cost. It's based on the same contact center technology used by Amazon customer service associates.

Analytics & Machine Learning

1. Which AWS service is used for business intelligence and data visualization?
  • A) Amazon QuickSight
  • B) Amazon Athena
  • C) Amazon Kinesis
  • D) AWS Glue
Correct Answer: A) Amazon QuickSight
Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in your organization through interactive dashboards and visualizations.
2. What is Amazon Kinesis used for?
  • A) Static website hosting
  • B) Real-time data streaming and analytics
  • C) Database management
  • D) Content delivery
Correct Answer: B) Real-time data streaming and analytics
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.
3. Which AWS service provides pre-built machine learning models for common use cases?
  • A) Amazon SageMaker
  • B) AWS DeepLens
  • C) Amazon Rekognition
  • D) AWS Batch
Correct Answer: C) Amazon Rekognition
Amazon Rekognition is one of several AWS AI services that provides pre-built machine learning models. It offers image and video analysis capabilities, along with other AI services like Amazon Comprehend, Polly, and Translate.
4. What is Amazon SageMaker?
  • A) A fully managed platform for building, training, and deploying machine learning models
  • B) A data warehouse service
  • C) A content delivery network
  • D) A database migration service
Correct Answer: A) A fully managed platform for building, training, and deploying machine learning models
Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly.
5. Which AWS service can be used to search and analyze log data?
  • A) Amazon S3
  • B) Amazon OpenSearch Service
  • C) Amazon RDS
  • D) Amazon DynamoDB
Correct Answer: B) Amazon OpenSearch Service
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) makes it easy to deploy, secure, and run OpenSearch cost-effectively at scale for log analytics, full-text search, and more.
6. What is AWS Glue used for?
  • A) Database hosting
  • B) Content delivery
  • C) Data preparation and ETL (Extract, Transform, Load) operations
  • D) Network security
Correct Answer: C) Data preparation and ETL (Extract, Transform, Load) operations
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.
© Bright Mind Tech 2025
AWS Cloud Practitioner Exam Practice - Part 3

AWS Cloud Practitioner Exam

Practice Questions - Part 3 of 3

Security, Identity & Compliance

1. What is the purpose of AWS Identity and Access Management (IAM)?
  • A) To provide compute capacity
  • B) To store files in the cloud
  • C) To manage access to AWS services and resources securely
  • D) To monitor application performance
Correct Answer: C) To manage access to AWS services and resources securely
AWS IAM enables you to manage access to AWS services and resources securely by creating and managing AWS users and groups, and using permissions to allow and deny their access to AWS resources.
2. What can be used to generate a report of all the IAM users and their MFA device status with the least amount of effort?
  • A) AWS CloudTrail
  • B) IAM credential report
  • C) AWS Config
  • D) Amazon CloudWatch
Correct Answer: B) IAM credential report
The IAM credential report is a downloadable report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices.
3. What AWS service or feature acts as a firewall for Amazon EC2 instances?
  • A) Security Groups
  • B) AWS WAF
  • C) AWS Shield
  • D) Network ACLs
Correct Answer: A) Security Groups
Security Groups act as virtual firewalls for EC2 instances to control inbound and outbound traffic. They operate at the instance level and evaluate all rules before deciding whether to allow traffic.
4. What AWS service or feature can help protect applications running on AWS from DDoS attacks?
  • A) AWS WAF
  • B) Security Groups
  • C) AWS Shield
  • D) AWS Config
Correct Answer: C) AWS Shield
AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. Shield Standard provides automatic protection against common DDoS attacks at no additional charge.
5. A company wants to find out if a security group configuration was changed, and by who. What two AWS services could be used to determine this? (Choose two)
  • A) AWS CloudTrail and AWS Config
  • B) Amazon CloudWatch and AWS X-Ray
  • C) AWS WAF and AWS Shield
  • D) Amazon GuardDuty and AWS Inspector
Correct Answer: A) AWS CloudTrail and AWS Config
AWS CloudTrail records API calls and provides information about who made changes, while AWS Config tracks configuration changes over time. Together, they provide comprehensive auditing capabilities.
6. Which AWS service uses machine learning to help discover sensitive data that is stored in Amazon S3 buckets?
  • A) Amazon Inspector
  • B) Amazon Macie
  • C) AWS GuardDuty
  • D) AWS Security Hub
Correct Answer: B) Amazon Macie
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS, particularly in S3 buckets.
7. What is AWS KMS used for?
  • A) Network monitoring
  • B) Database management
  • C) Encryption key management
  • D) Load balancing
Correct Answer: C) Encryption key management
AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt your data across AWS services and in your applications.
8. Which AWS service provides threat detection using machine learning?
  • A) Amazon GuardDuty
  • B) AWS Config
  • C) AWS CloudTrail
  • D) Amazon Inspector
Correct Answer: A) Amazon GuardDuty
Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence to identify threats like malicious activity and unauthorized behavior.

AWS Global Infrastructure

1. Which component of the AWS Global Infrastructure is made up of one or more discrete data centers that have redundant power, networking, and connectivity?
  • A) AWS Region
  • B) Edge Location
  • C) Availability Zone
  • D) Local Zone
Correct Answer: C) Availability Zone
An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs are isolated from each other to protect against failures.
2. What is an AWS Region?
  • A) A geographical area with multiple isolated Availability Zones
  • B) A single data center
  • C) A content delivery network location
  • D) A virtual private cloud
Correct Answer: A) A geographical area with multiple isolated Availability Zones
An AWS Region is a physical location around the world where AWS clusters data centers. Each Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area.
3. How many Availability Zones are typically found in each AWS Region?
  • A) 1-2
  • B) 2-6
  • C) 10-15
  • D) 20-30
Correct Answer: B) 2-6
Each AWS Region typically consists of a minimum of two and a maximum of six Availability Zones, with most Regions having three or more AZs to provide high availability and fault tolerance.
4. What is the purpose of AWS Edge Locations?
  • A) To host EC2 instances
  • B) To store databases
  • C) To cache content for faster delivery to users
  • D) To provide backup storage
Correct Answer: C) To cache content for faster delivery to users
Edge Locations are sites that Amazon CloudFront uses to cache copies of your content closer to your users for faster delivery. They are part of the AWS content delivery network.
5. Which AWS service can be used to extend AWS infrastructure to on-premises locations?
  • A) AWS Direct Connect
  • B) AWS Outposts
  • C) AWS Local Zones
  • D) AWS Wavelength
Correct Answer: B) AWS Outposts
AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility, extending AWS infrastructure to your premises.
6. What is the difference between an AWS Region and an Availability Zone?
  • A) A Region contains multiple Availability Zones
  • B) An Availability Zone contains multiple Regions
  • C) They are the same thing
  • D) Regions are for compute, AZs are for storage
Correct Answer: A) A Region contains multiple Availability Zones
A Region is a geographical area that contains multiple Availability Zones. Each AZ is an isolated location within a Region, designed to be independent of failures in other AZs.
7. Which factors should be considered when selecting an AWS Region?
  • A) Only cost
  • B) Only compliance requirements
  • C) Latency, compliance, cost, and service availability
  • D) Only the number of Availability Zones
Correct Answer: C) Latency, compliance, cost, and service availability
When selecting a Region, consider: latency to users, compliance with data governance requirements, cost differences between Regions, and availability of required AWS services in the Region.

Billing & Pricing

1. Which AWS service provides detailed billing information and cost analysis?
  • A) AWS Cost and Usage Reports
  • B) Amazon CloudWatch
  • C) AWS CloudTrail
  • D) AWS Config
Correct Answer: A) AWS Cost and Usage Reports
AWS Cost and Usage Reports provide the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations.
2. What is the AWS Free Tier?
  • A) A paid support plan
  • B) Free usage of certain AWS services within specified limits
  • C) A discount program for enterprises
  • D) A training program
Correct Answer: B) Free usage of certain AWS services within specified limits
The AWS Free Tier provides customers the ability to explore and try out AWS services free of charge up to specified limits for each service, helping new users get started with AWS.
3. Which AWS service can help optimize costs by providing recommendations?
  • A) AWS Cost and Usage Reports
  • B) AWS Budgets
  • C) AWS Trusted Advisor
  • D) AWS CloudWatch
Correct Answer: C) AWS Trusted Advisor
AWS Trusted Advisor provides recommendations that help you follow AWS best practices, including cost optimization recommendations like identifying idle resources and underutilized instances.
4. What is AWS Reserved Instances?
  • A) A pricing model that provides significant discounts for committing to use EC2 instances
  • B) A backup service for EC2 instances
  • C) A monitoring service for EC2 instances
  • D) A security feature for EC2 instances
Correct Answer: A) A pricing model that provides significant discounts for committing to use EC2 instances
Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone.
5. Which pricing model allows you to bid on unused EC2 capacity?
  • A) On-Demand Instances
  • B) Spot Instances
  • C) Reserved Instances
  • D) Dedicated Hosts
Correct Answer: B) Spot Instances
Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud at up to 90% discount compared to On-Demand prices, but they can be interrupted by AWS when capacity is needed.
6. What is the purpose of AWS Cost Explorer?
  • A) To deploy applications
  • B) To monitor network traffic
  • C) To visualize and analyze AWS costs and usage patterns
  • D) To manage user permissions
Correct Answer: C) To visualize and analyze AWS costs and usage patterns
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. You can create custom reports and analyze cost trends.
7. Which AWS service provides cost anomaly detection?
  • A) AWS Cost Anomaly Detection
  • B) AWS Trusted Advisor
  • C) AWS Cost Explorer
  • D) AWS Budgets
Correct Answer: A) AWS Cost Anomaly Detection
AWS Cost Anomaly Detection is an AWS Cost Management feature that uses machine learning to identify unusual spends and root causes, helping you avoid billing surprises.
8. What are AWS Savings Plans?
  • A) A free tier offering
  • B) A flexible pricing model offering lower prices in exchange for usage commitment
  • C) A support plan
  • D) A backup service
Correct Answer: B) A flexible pricing model offering lower prices in exchange for usage commitment
AWS Savings Plans offer a flexible pricing model that provides savings of up to 72% on AWS compute usage in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a 1 or 3 year term.
© Bright Mind Tech 2025