AWS Certified Solutions Architect – Associate Exam 1

✔️ Correct Answer: B

🔍 Explanation

• A. ❌
  Amazon SNS does not guarantee message ordering, so this won’t fulfill the requirement that orders be processed in the exact order they are received.

• B. ✅
  Amazon SQS FIFO (First-In-First-Out) queues guarantee exact ordering of messages. Combined with Lambda, this ensures messages (orders) are processed in the same sequence they arrive.

• C. ❌
  An API Gateway authorizer is meant for auth and access control, not message sequencing or queuing. This approach won’t help in processing order-sensitive data.

• D. ❌
  SQS standard queues provide at-least-once delivery and do not guarantee order, which violates the ordering requirement.

✔️ Correct Answer: B

🔍 Explanation

• A. ❌
  AWS DataSync can move data, but it doesn’t provide a persistent or scalable extension to the existing SMB system nor lifecycle management natively. It’s a one-time or scheduled sync.

• B. ✅
  Amazon S3 File Gateway allows seamless integration with the existing on-prem SMB file server while extending storage capacity using S3.
  Lifecycle policies to move older files to S3 Glacier Deep Archive after 7 days solve the cost and space issue, meeting both storage and lifecycle needs.

• C. ❌
  Amazon FSx for Windows can extend storage, but it doesn’t provide lifecycle management or cost-efficient archival storage like S3 + Glacier does.

• D. ❌
  Involves manual changes to every user’s machine and lacks seamless integration with existing file server workflows. Also, it doesn’t scale well or solve the original problem effectively.

✔️ Correct Answer: B

🔍 Explanation

• A. ❌
  Uses scheduled scaling, which is not dynamic and doesn’t respond to changing workloads. Not ideal for variable job loads.

• B. ✅
  Uses Amazon SQS for job queueing — this decouples the application, improving resiliency and scalability.
  Scaling is based on queue size, which directly reflects workload, making it efficient and responsive.

• C. ❌
  Still relies on a primary server, which introduces a single point of failure. CloudTrail is not meant for job coordination.

• D. ❌
  EventBridge/CloudWatch Events are not optimal for managing high-volume, asynchronous job queues. SQS is a better fit for decoupled, scalable task processing.

✔️ Correct Answer: D

🔍 Explanation

• A. ❌
  Amazon Kinesis Data Analytics is primarily for real-time analytics, not for decoupling or queue-based processing.
  It doesn’t efficiently support multiple consumers.

• B. ❌
  EC2-based ingestion is not the best for sudden large-scale spikes (like 100,000 msgs/sec), and managing auto-scaling based on CPU isn’t an optimal decoupling strategy.

• C. ❌
  Single shard in Kinesis would become a bottleneck at high throughput.
  Also, DynamoDB adds extra complexity and isn’t ideal for decoupled stream processing.

• D. ✅
  SNS + SQS is a highly scalable, decoupled architecture.

  • SNS fan-outs messages to multiple SQS queues.

  • SQS queues can be consumed independently and asynchronously by microservices.

  • Easily handles message bursts and offers high reliability and scalability.

✔️ Correct Answer: B

🔍 Explanation

• A. ❌
  This would consume significant network bandwidth over the public internet — not ideal for 70 TB of data.

• B. ✅
  AWS Snowball Edge is designed for large-scale data transfers using minimal network bandwidth.
  Data is transferred offline and securely imported into Amazon S3 once the device is shipped back.

• C. ❌
  Using an S3 File Gateway still requires moving the data over the network — not optimal for minimal bandwidth usage.

• D. ❌
  AWS Direct Connect is expensive and takes time to provision. It still requires significant bandwidth and is less efficient than Snowball Edge for this scenario.

✔️ Correct Answer: C

🔍 Explanation

• A. ❌
  Manually copying data across EBS volumes is not scalable and does not guarantee real-time consistency.

• B. ❌
  Routing users to a specific instance does not solve the inconsistency problem across AZs.

• C. ✅
  Using Amazon EFS provides a shared file system accessible by both EC2 instances across AZs. This ensures data consistency, real-time access, and scalability.

• D. ❌
  Having the load balancer hit both servers and consolidate results introduces unnecessary complexity and still does not guarantee consistent state.

✔️ Correct Answer: D

🔍 Explanations

A. ❌
Creating an instance profile allows the EC2 instance to authenticate to S3 using IAM, but it does not provide private connectivity. You would still need an internet gateway or VPC endpoint for actual network access.

B. ❌
Streaming logs to CloudWatch and exporting to S3 is a workaround for moving logs, but it does not allow the EC2 instance to access the S3 bucket directly. It adds complexity and doesn’t meet the core requirement of private access.

C. ❌
API Gateway is used to expose APIs, not as a private networking layer for S3. Using it for this task would be over-engineered, expensive, and outside its purpose.

D. ✅
Gateway VPC Endpoints allow private access to S3 from within a VPC without requiring internet access. This is the simplest and most cost-effective solution, making it the correct answer.

✔️ Correct Answer: A

🔍 Explanation

✅ A. Add aws:PrincipalOrgID condition (Correct – now shuffled as A)

• This is the simplest and most efficient way to restrict access to S3 within an AWS Organization.

• Requires no tagging, scripting, or monitoring tools.

• Low operational overhead.

❌ B. Use PrincipalTag

• Requires tagging all users, which increases management effort.

• Not the most efficient for org-wide restriction.

❌ C. Use CloudTrail

• Detects org changes but does not enforce access.

• Requires scripting and is reactive.

❌ D. Use Org Paths

• Granular, but higher complexity than needed.

• Best when targeting specific departments, not the whole org.

✔️ Correct Answer: C

🔍 Explanation

✅ C. Use Amazon Athena directly with Amazon S3

• Athena allows direct querying of data stored in S3 using standard SQL.

• Works out-of-the-box with JSON format, minimal setup needed.

• Serverless, so no infrastructure to manage.

• Lowest operational overhead and most cost-effective for simple, ad-hoc queries.

❌ A. AWS Glue + Amazon EMR

• Glue is used for data cataloging, and EMR is for large-scale processing.

• This setup is overkill for simple queries and adds unnecessary complexity and cost.

❌ B. CloudWatch Logs

• Logs are already in S3, not CloudWatch.

• Moving logs to CloudWatch introduces additional steps and cost.

• Also, SQL query capabilities in CloudWatch are limited.

❌ D. Amazon Redshift

• Redshift requires loading and transforming data into a data warehouse.

• High setup and management overhead for occasional queries.

• Not ideal for on-demand querying of S3 logs.

✔️ Correct Answer: B

🔍 Explanation

✅ B. Turn on S3 Transfer Acceleration…

This is the most efficient and simplest method for fast data uploads from global locations directly to a centralized S3 bucket.

• S3 Transfer Acceleration uses Amazon CloudFront edge locations for fast uploads.

• Reduces latency significantly across regions.

• Multipart uploads support large files like 500GB efficiently.

• Meets all requirements: fast, simple, cost-effective, centralized.

❌ A. S3 Cross-Region Replication from closest region

• Adds operational complexity: managing multiple S3 buckets per region, configuring and monitoring replication.

• Also delays delivery since data goes to one region first, then gets replicated.

❌ C. EC2 + EBS snapshot approach

• Very complex: requires EC2 and EBS management, snapshot creation, transfer, and restoration.

• Not suitable for daily 500GB uploads from each site.

• Expensive and operationally heavy.

❌ D. Snowball Edge devices daily

• Snowball is designed for offline data migration when internet is not reliable.

• Here, the sites already have high-speed internet.

• Daily physical transfers would be slower and add heavy logistics and cost.