1. Question 1

Best managed service to migrate Kubernetes with minimal effort + keep native K8s + reduce overhead

• ❌ AWS Fargate with ECS

• ❌ AWS Fargate with EKS

• ❌ Amazon ECS

• ✅ Amazon EKS

Explanation:
EKS = fully managed Kubernetes, preserves all K8s features, reduces cluster management overhead, ideal for hybrid migrations.

---

2. Question 2

Process API events with multiple concurrent consumers, cost-effective

• ✅ Amazon SNS with fan-out strategy

• ❌ SQS FIFO

• ❌ EventBridge

• ❌ EC2 Spot Instances

Explanation:
SNS → fan-out → multiple SQS queues → each consumer processes concurrently → highly cost-effective.

---

3. Question 3

RDS = relational, DynamoDB = NoSQL

• ✅ True

• ❌ False

Explanation:
RDS supports joins, transactions; DynamoDB supports key-value, flexible-schema data.

---

4. Question 4 — Choose THREE

Correct statements about DynamoDB DAX

• ✅ DAX reduces complexity; API-compatible with DynamoDB.

• ✅ DAX reduces table read capacity usage and cost for read-intensive workloads.

• ❌ DAX doesn’t support SSE — Incorrect (it supports encryption at rest).

• ✅ DAX is not suitable for write-heavy workloads and may add cost for low-read use cases.

• ❌ DAX doesn’t support encryption in transit — Incorrect (TLS supported).

Correct answers: 1, 2, 4

---

5. Question 5

AWS Lambda is serverless, auto-scaling, no server management

• ✅ True

• ❌ False

---

6. Question 6

S3 durability vs EBS durability

• ✅ True

• ❌ False

Explanation:
S3 durability = 11 nines (99.999999999%)
EBS durability is much lower.

---

7. Question 7

Best “object, file, block” storage services

• ❌ DataSync, Snow

• ✅ S3, EFS, EBS, FSx

• ❌ Storage Gateway, Snow

• ❌ Elastic Disaster Recovery, Backup

---

8. Question 8

S3 is preferred for data lakes

• ✅ True

• ❌ False

---

9. Question 9 — Choose THREE

Correct AWS Storage Gateway statements

• ✅ Hybrid storage service providing on-prem access to cloud storage

• ❌ Requires buying new storage hardware

• ✅ Provides on-prem access using AWS scale/security

• ❌ Limited to on-prem only

• ✅ Integrates with AWS Backup for compliance & recovery

• ❌ Only S3 File Gateway

Correct: 1, 3, 5

---

10. Question 10 — Choose THREE

Benefits of multiple AWS accounts with Organizations

• ✅ Grouping workloads by business purpose/ownership

• ❌ Different payment methods per account

• ✅ Limiting scope of impact from adverse events

• ✅ Distributing service quotas and API rate limits

• ❌ Multiple unrestricted root users

Correct: 1, 3, 4

---

11. Question 11

SCP explicit deny affects root user?

• ✅ True

• ❌ False

---

12. Question 12

SSO federation for AWS Organizations accounts

• ❌ IAM users

• ❌ CloudWatch

• ✅ AWS IAM Identity Center (AWS SSO successor)

• ❌ CloudTrail

---

13. Question 13 — Choose THREE

Best practices for multi-account environment

• ❌ Billing alarms per account + tagging policies (not wrong, but not one of the AWS-recommended top practices here)

• ❌ Give devs admin access

• ✅ Prevent CloudTrail from being disabled

• ✅ Use MFA in centralized authentication (IAM Identity Center)

• ❌ Reuse passwords

• ✅ Provide broad roles only to CCoE members (AdminAccess for CCoE is normal)

Correct: 3, 4, 6

---

14. Question 14

Best architecture: centralized logging + circuit breaker for EC2

• ✅ Enable CloudTrail for all accounts, centralize logs in S3 via Organizations, use SCPs with explicit deny for EC2 API as circuit breaker.

• ❌ MFA for all users

• ❌ Enable only for production

• ❌ Use IAM policies for circuit breaker (not effective across accounts; SCP is correct tool)

---

🧾 Summary Table

---