AWS Solutions Architect Associate 2025

Question 1

AWS accounts and root users have a one or many to one or many relationship?

Answer 1

One to one. Each AWS account has one root user.

Question 2

True or false, AWS accounts can have multiple users

Answer 2

True, only one root user though

Question 3

How do I restrict the permissions of the root user of an AWS account?

Answer 3

It’s not possible

Question 4

Does creating an IAM policy give/deny permission to something?

Answer 4

No, it must also be attached to a user, group, or role.

Question 5

an IAM user can have up to how many access keys?

Answer 5

two, so that you can move applications from an old key to a new one before deleting the old one

Question 6

How is redshift spectrum different from redshift?

Answer 6

Redshift spectrum can query files directly from S3, as opposed to needing to load it into a cluster

Question 7

Can an NACL rule specify a security group as an inbound source?

Answer 7

No, NACL rules use CIDR ranges. You would need a security group and security group rule.

Question 8

Are security groups stateful?

Answer 8

Yes, they automatically allow return traffic

Question 9

Are NACLs stateful?

Answer 9

No, there must be explicit rules for inbound and outbound. This means that ephemeral outbound ports must be explicitly allowed.

Question 10

What is the difference between an Aurora cluster endpoint and reader endpoint?

Answer 10

Cluster endpoint is the writer endpoint

Question 11

What is a transit gateway

Answer 11

A network transit hub that lets you interconnect VPCs and on-prem networks

Question 12

Can you set a primary and secondary resource in an active-active route 53 failover?

Answer 12

No, because active-active uses all available resources all the time without a primary/secondary resource

Question 13

When an RDS primary DB instance fails, is the failover handled via switching the IP address to the standby instance, or the canonical name record (CNAME) switching?

Answer 13

CNAME

Question 14

What service would you use to extend on-premise storage?

Answer 14

AWS Storage Gateway

Question 15

How can I prevent EBS root volumes from being deleted when instances are terminated in an autoscaling group?

Answer 15

Set DeleteOnTermination to false

Question 16

Can I join an EFS file system to an active directory domain?

Answer 16

No, EFS only supports linux. You should use FSx for Windows File ServerW

Question 17

Which has more operational overhead? Karpenter, or the native Kubernetes Cluster Autoscaler?

Answer 17

Cluster Autoscaler requires more manual configuration and tuning, so it has more operational overhead

Question 18

You want to keep data in S3 Glacier, but need to be able to retrieve some of it in under 15 minutes in all circumstances. How can you do this?

Answer 18

use Expedited Retrieval to access it, and purchase provisioned retrieval capacity to ensure the request succeeds even during rare situations of unusually high demand.

Question 19

What is Athena?

Answer 19

A way to query S3 using standard SQL

Question 20

What service can I use to set up a data lake that stores data in s3?

Answer 20

lake formation

Question 21

I need to share resources across AWS accounts / within an organization

Answer 21

Use AWS resource access manager

Question 22

How do I enable Enhanced Monitoring on an EC2 instance?

Answer 22

You can’t, that’s an RDS feature

Question 23

Which EC2 instance will an autoscaling group terminate first? One which has been running longest, or one launched from the oldest launch template

Answer 23

Oldest launch template. Longest running is never a factor.

Question 24

In s3 can you enable object lock but disable object versioning?

Answer 24

no, object lock forces object versioning on a bucket

Question 25

How do you turn off object lock?

Answer 25

You can't, once you turn on object lock for a bucket it is on forever