Free AWS Certified Solutions Architect Associate Exam Practice

The free AWS Certified Solutions Architect practice exam helps you evaluate your ability to design secure, resilient, high-performance, and cost-optimized AWS architectures. It covers security best practices, fault-tolerant and scalable system design, performance optimization, and cost-efficient solutions across compute, storage, networking, and workloads.

Question 1

A company uses AWS Organizations and wants to ensure that no IAM principal in any member account can make an Amazon S3 bucket public, either through bucket policies or public ACLs. The security team requires a solution that is preventative and centrally enforced across all accounts.

Which solution should a solutions architect implement to meet these requirements?

A. Enable S3 Block Public Access on each bucket and require developers to keep it enabled.

B. Enable AWS Config managed rules to detect public buckets and run remediation.

C. Use a Service Control Policy (SCP) to deny s3:PutBucketPolicy and s3:PutBucketAcl for all principals in member accounts.

D. Use Amazon GuardDuty to alert on public bucket activity.

Question 2

A company runs workloads in private subnets, and an application needs to read objects from a sensitive S3 bucket. The security team requires that access must only occur from within the VPC and must not traverse the public internet, while also avoiding NAT Gateway costs.

A. Create an S3 Interface VPC endpoint (AWS PrivateLink) and configure the application to send S3 traffic through the endpoint.
B. Create a Gateway VPC endpoint for S3 and add a bucket policy that allows access only when aws:SourceVpce matches the endpoint ID.
C. Keep the NAT Gateway and add a bucket policy that denies access unless requests come from the VPC CIDR.
D. Enable S3 Transfer Acceleration.

Question 3

A company centralizes CloudTrail logs in an S3 bucket in a logging account. Security requires tamper resistance, ensuring that administrators in member accounts cannot alter or delete logs. The company also needs the ability to prove log integrity during audits.

Which action will meet these requirements?

A. Enable versioning on the central S3 bucket.
B. Use CloudTrail log file validation and configure the S3 bucket policy to allow writes only from the CloudTrail service principal, denying deletes to everyone.
C. Store logs in CloudWatch Logs only and set retention to 10 years.
D. Encrypt the logs with SSE-S3.

Ask

Understanding Cloud Computing Essentials— From Zero to Hero

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS Identity and Access Management Access Analyzer

Understanding AWS Compute Services — From Zero to Hero

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Understanding AWS Storage Options—From Zero to Hero

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

Getting Started with Amazon FSx for Windows File Server

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Use of AWS Database Migration Service from Aurora MySQL to S3

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Mastering AWS Deployment Services—From Zero to Hero

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena

Building a Logs Processing Pipeline with Amazon Kinesis

Getting Started with Amazon Managed Streaming for Apache Kafka

Monitoring EC2 Instances Using AWS CloudWatch

Getting Started with AWS Config

Getting Started with AWS Systems Manager Parameter Store

Practice Exam - 1: AWS Certified Solutions Architect Associate

Practice Exam - 2: AWS Certified Solutions Architect Associate

Practice Exam - 3: AWS Certified Solutions Architect Associate

Free AWS Certified Solutions Architect Associate Exam Practice

Question 1

Question 2

Question 3

Question 4