3 Mins Read

Sample Questions for Amazon Web Services Certified Solution Architect Certification (AWS Architect Certification) – Part II

Voiced by Amazon Polly

Here are some more Sample Questions* for AWS Certification for AWS Certified Solution Architect. Answers with explanations are at the bottom. If you have not yet attempted part-1 of sample questions, there are available here.

Here are some more questions:

  1. An instance is launched into the public subnet of a VPC. Which of the following must be done in order for it to be accessible FROM the Internet?
    1. Attach an Elastic IP to the instance
    2. Nothing. The instance is accessible from the Internet
    3. Launch a NAT instance and route all traffic to it
    4. Make an entry in the route table passing all traffic going outside the VPC to the NAT instance
  2. In VPCs with private and public subnets, database servers should ideally be launched into:

    1. The public subnet
    2. The private subnet
    3. Either of them
    4. Not recommended, they should ideally be launched outside VPC
  3. An instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this instance?
    1. The instance follows the rules of the older subnet
    2. The instance follows the rules of both the subnets
    3. The instance follows the rules of the newer subnet
    4. Not possible cannot be connected to 2 ENIs
  4. You want to use Route53 to direct your www sub-domain to an elastic load balancer fronting your web servers. What kind of record set should you create?
    1. A.
    2. AAAA
    3. NS
    4. CNAME
  5. You have created 4 weighted resource record sets with weights 1, 2, 3 and 4. the 3rd record set is selected by Route53:
    1. 1/7th of the  time
    2. 3/10th of the time
    3. 3/7th of the time
    4. 1/4th of the time
  6. You have created a Route 53 latency record set from your domain to a machine in Singapore and a similar record to a machine in Oregon. When a user located in India visits your domain he will be routed to:
    1. Singapore
    2. Oregon
    3. Depends on the load on each machine
    4. Both, because 2 requests are made, 1 to each machine
  7. Which of the following can be used as an origin server in CloudFront?(Choose 3)
    1. A webserver running on EC2
    2. A webserver running in your own datacenter
    3. A RDS instance
    4. An Amazon S3 bucket
  8. In CloudFront what happens when content is NOT present at an Edge location and a request is made to it?
    1. An Error 404 not found is returned
    2. CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
    3. The request is kept on hold till content is delivered to the edge location
    4. The request is routed to the next closest edge location
  9. Which of the following is true with respect to serving private content through CloudFront?
    1. Signed URLs can be created to access objects from CloudFront edge locations
    2. Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs
    3. Mark the S3 bucket private and allow access to CloudFront by means of Roles
    4. Mark the S3 bucket private and and create an Origin Access Identity to access the objects
  10. You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack.
    1. Resources
    2. Parameters
    3. Outputs
    4. Mappings

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More


1) a

2) b

3) b

4) d

5) b

6) a

7) a, b, d

8) b

9) a, b, d

10) c

I am conducting a bootcamp for this certification in Bangalore, UK, and online. If you are interested to join, please click here and fill out the form.

Also more sample questions are coming, so keep checking.. Please share if you liked the post by using the social buttons below.

Disclaimer: These questions are NOT what were in my certification exam. I personally or CloudThat do not have any official tie-up with Amazon regarding the certification or the kind of questions asked. These are my best guesses for the kind of questions to expect, given my vast experience with AWS in general and with the examination.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

WRITTEN BY Bhavesh Goswami

Bhavesh Goswami is the Founder & CEO of CloudThat Technologies. He is a leading expert in the Cloud Computing space with over a decade of experience. He was in the initial development team of Amazon Simple Storage Service (S3) at Amazon Web Services (AWS) in Seattle. and has been working in the Cloud Computing and Big Data fields for over 12 years now. He is a public speaker and has been the Keynote Speaker at the ‘International Conference on Computer Communication and Informatics’. He also has authored numerous research papers and patents in various fields.



  1. Kumar Aneesh

    Apr 21, 2019


    It will be CNAME not A

  2. Raquel Nutter

    Aug 2, 2018


    Very interesting blog!

  3. Vinod

    Dec 5, 2017


    Answer for Q3 is b..reason is for weighted routing policies, 1,2,3 &4, first it will sum up all which is going to be 10 and then distribute by the given weights. So it is going to be like this 1/10,2/10,3/10 and 4/10..So for 3rd record set the traffic is 3/10

  4. Suvir Gupta

    Dec 2, 2017


    I think the answer for question-1 is not correct, the ec2 instance lauched in public vpc can be accessible via default public IP assign to that instance.

  5. Latasha

    Feb 3, 2017


    You’re on top of the game. Thanks for shagrni.

  6. Ashu

    Jun 25, 2015


    Hi Bhavesh,
    Thanks for sample questions. Do you have any similar questions for AWS sysops associate exam

  7. Prem

    Apr 10, 2015


    @Rajesh You are right Man !!

  8. Rajesh

    Dec 15, 2014


    Answer to 1 is wrong. you need to put elastic ip only if it is launched into a non default VPC. Your default VPC comes with an Internet gateway, and instances launched into a default subnet receive a public IP address by default, unless you specify otherwise during launch, or you modify the subnet’s public IP address attribute. Therefore, instances that you launch into a default subnet can automatically communicate with the Internet…

    • rohit

      Mar 13, 2016


      i think rajesh is right

    • Bhavesh Goswami

      Mar 14, 2016


      Hey Rajesh. Unless the questions says “Default VP” you cannot assume Default VPC. Thus the answer is correct. You are correct if the question said “Default VPC”, then we will not need to attach public IP manually. So the answer is correct 🙂

      • Patrick M

        Feb 22, 2018


        I vote for Rajesh on this one. By definition, “Default” would be selected if nothing is specified.

  9. Tim

    Oct 30, 2014


    I’m not sure #6 (a) is correct. It’s most likely that a request from India will be serviced by the Singapore server, but if the Singapore server is always busy or there’s some kind of weird routing (eg a corporate connection via the USA) then it’s possible it will be serviced by the USA server.

    • richard

      Sep 8, 2016


      I agree with Tim, If your application is hosted on Amazon EC2 instances in multiple Amazon EC2 regions, you can reduce latency for your users by serving their requests from the Amazon EC2 region for which network latency is lowest. Amazon Route 53 latency-based routing lets you use DNS to route user requests to the Amazon EC2 region that will give your users the fastest response.

      With Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location from which DNS queries originate.

  10. Ram

    Jul 1, 2014


    Please can you tell these questions will covers Certification program – do we need to refer some books ?other materials

  11. Ram

    Jul 1, 2014


    Thanks for sharing Questions-Bhavesh – could you please tell about Fees ?

  12. sajan

    Apr 13, 2014



    Here is the procedure.
    Forward main domain to www. as subdomain
    and point a CNAME to the subdomain ,use aws elb as CNAME here.
    Aws elb ips are not static…:)

  13. Surge

    Apr 9, 2014


    I don’t see why in question 8 answer C is wrong, even though answer B is correct too. The request is kept on hold till content is delivered to the edge location, even though the delivery happens as soon as the first byte arrives from the origin server

  14. Omar

    Mar 25, 2014


    You cannot create a CNAME for the top level of the domain, thus A record with Alias is correct. AWS will update the alias record when the ELB DNS name changes

  15. Bhavesh Goswami

    Mar 20, 2014


    Shaan, you cannot use A record for ELB. As ELB might change its IP address. Thus only CNAME is the right answer.

  16. Shaan

    Mar 19, 2014


    CNAME and A with alias are both valid answers

  17. Bhavesh Goswami

    Mar 18, 2014


    Daniel, I can understand your confusion, here we are trying to route www subdomain, so Alias will not be useful, we should create CNAME.

  18. Daniel Nunes

    Mar 17, 2014


    The answer of question 4 was wrong.
    The correct is “A”, and set the option “Alias” to “Yes”.

  19. Preparing for AWS Certified Solutions Architect Professional BETA Exam | CloudThat's Blog

    Mar 13, 2014


    […] If you haven’t tried out yet, try out Sample Questions for AWS Solutions Architect Associate Level here. Part II of Sample Questions here. […]

  20. Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!