Week 3 Assessment : Architecting Solutions on AWS (AWS Fundamentals Specialization) Answers 2025

Question 1

Which of the following options includes true statements for both Amazon S3 cross-Region replication and AWS Key Management Service (AWS KMS)?

✅ To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption (SSE) is possible for replicated objects.
❌ To configure Amazon S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is possible for replicated objects.
❌ To configure Amazon S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is not possible for replicated objects.
❌ To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption is not possible for replicated objects.

Explanation:
S3 cross-Region replication (CRR) allows replication across accounts and Regions.
It also supports SSE (server-side encryption), including AWS KMS-managed keys.

Question 2

Which statements about Amazon VPC and the scope of AWS services are correct?

✅ Amazon VPC gives the user full control over their virtual networking environment. Therefore, the solutions architect can define firewall rules on the networking level for VPC-based resources.
✅ VPC-based services that reside in a private subnet require specific configurations to enable internet access, such as a NAT gateway and route tables.
✅ AWS VPN solutions can be configured to establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network.
❌ Because S3 buckets do not reside inside a VPC, the customer can rely on AWS to configure security mechanisms.
❌ When possible, customers should avoid having services reside in VPCs.
❌ Using AWS resources like S3 is less secure because they are public by default.

Explanation:

• VPC = complete control over network (subnets, gateways, routing).

• Private subnets need NAT gateways to reach the internet.

• AWS VPN securely connects on-premises to the AWS network.

Question 3

Which statements about AWS Storage Gateway are correct?

✅ AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.
✅ AWS Storage Gateway delivers data access to on-premises applications while taking advantage of the agility, economics, and security of the AWS Cloud.
✅ AWS Storage Gateway helps support compliance requirements through integration with AWS Backup to manage the backup and recovery of Volume Gateway volumes.
❌ AWS Storage Gateway offers unlimited storage at the cost of new hardware.
❌ AWS Storage Gateway is limited to on-premises only.
❌ AWS Storage Gateway can only work as an S3 File Gateway.

Explanation:
AWS Storage Gateway bridges on-premises environments with AWS Cloud storage and integrates with AWS Backup and S3 for compliance and durability.

Question 4

Which set of AWS services best fit the “Object, File, and Block storage” category?

✅ Amazon S3, Amazon EFS, Amazon EBS, Amazon FSx
❌ AWS DataSync, AWS Snow Family
❌ AWS Storage Gateway, AWS Snow Family
❌ AWS Elastic Disaster Recovery, AWS Backup

Explanation:

• Amazon S3 → Object storage

• Amazon EFS → File storage

• Amazon EBS → Block storage

• Amazon FSx → Managed file systems (like Windows FSx, Lustre)

Question 5

True or False: Amazon S3 is better than Amazon EBS because it is designed to provide a higher level of data durability.

✅ True
❌ False

Explanation:
Amazon S3 is designed for 99.999999999% (11 nines) durability, higher than EBS (99.999%).
S3 automatically replicates data across multiple Availability Zones, while EBS volumes are stored within a single AZ.

🧾 Summary Table