AWS Cloud Engineer - Advanced Quiz
← Back to Quiz Home
This quiz challenges your ability to troubleshoot complex issues, design fault-tolerant architectures, and optimize for cost and performance.
You cannot SSH into your EC2 instance. You confirmed the Security Group allows port 22 and the Internet Gateway is attached. What is a likely cause?
NACLs are stateless. If you allow inbound port 22 but deny outbound ephemeral ports, the return traffic cannot leave the subnet, dropping the connection.
How do you achieve Cross-Region Disaster Recovery for an RDS database with minimal RTO/RPO?
Cross-Region Read Replicas provide an asynchronously replicated copy of your DB in another region, which can be quickly promoted to standalone for DR.
What is the "Thundering Herd" problem in the context of API services?
AWS recommends using Exponential Backoff and Jitter in client retry logic to spread out the requests and prevent this overload.
You need to migrate an on-premise VM to AWS with minimal downtime and continuous replication. Which service should you use?
MGN (formerly CloudEndure) continuously replicates block-level data to a staging area in AWS, allowing for a cutover with minutes of downtime.
Which cost optimization strategy involves committing to a specific amount of compute usage (e.g., $10/hour) for 1 or 3 years?
Savings Plans offer significant discounts (up to 72%) in exchange for a commitment to a consistent amount of usage, flexible across instance families and regions.
How can you ensure that your Auto Scaling Group launches instances evenly across all available Availability Zones to maximize availability?
ASGs inherently strive for balance. If an AZ becomes unhealthy or unbalanced, it will launch new instances in the AZ with fewer instances to rebalance.
Enabling "Connection Draining" on a Load Balancer prevents which issue?
It ensures active requests complete processing before the instance is fully deregistered.
Which S3 storage class is best for data that is rarely accessed (once a year) but requires rapid access (milliseconds) when needed?
Glacier Instant Retrieval is the lowest-cost storage for long-lived data that is rarely accessed but requires milliseconds retrieval when it is.
You have an Application Load Balancer (ALB) stuck in a "Provisioning" state for a long time. What is a common reason?
ALBs require free IP addresses in the subnets to scale. A subnet with no available IPs (CIDR exhaustion) prevents the ALB from provisioning nodes.
What mechanism allows an improperly configured Lambda function to potentially exhaust all IP addresses in a VPC subnet?
While AWS improved this with Hyperplane ENIs, high concurrency can still strain subnet sizes if not planned, though mainly it's about ENI limits. The classic issue was 1 ENI per execution.
How do you securely SSH into an EC2 instance in a private subnet without a Bastion Host or VPN?
Session Manager allows secure shell access via the AWS console/CLI using IAM permissions, without opening inbound ports or managing SSH keys.
Which architecture pattern helps decouple components to ensure that a failure in one component does not cascade to others?
Queues (SQS) allow one component to push messages and another to process them asynchronously, buffering spikes and preventing overload.
A developer accidentally deleted a critical object in S3. How could this have been prevented retroactively (recovery) or proactively?
Versioning allows you to retrieve previous versions of a deleted object. MFA Delete adds a layer of security preventing deletion without a token.
What is the primary use case for an AWS Transit Gateway?
Transit Gateway solves the complexity of peering relationships in a mesh topology by providing a hub-and-spoke model.
You observe high latency in your DynamoDB table. Which metric should you check to see if requests are being throttled?
Throttling means you are exceeding your provisioned capacity units (RCU/WCU), causing AWS to reject requests.
You have a fleet of Spot Instances processing image rendering. If AWS needs the capacity back, how much warning do you get?
The application must handle the shutdown signal gracefully within this 2-minute window.
Which routing policy allows you to deploy a new version of your application to a small percentage of users (Canary deployment)?
Weighted routing allows you to split traffic (e.g., 90% to V1, 10% to V2) to verify stability before a full rollout.
What is the difference between an Interface Endpoint and a Gateway Endpoint?
Gateway Endpoints are older, free targets for S3/DynamoDB. Interface Endpoints support many more services but cost money per hour key.
How can you analyze traffic flowing in and out of your VPC network interfaces to detect anomalies?
VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC.
What happens to data on an Instance Store volume when the EC2 instance is stopped or terminated?
Instance Store is physically attached to the host hardware. If the instance moves (stop/start) or terminates, that data is wiped.
Quiz Progress
0 / 0 questions answered
(0% )
0 correct
Quiz Complete!
0%
Reset quiz
📚 Study Guides
📬 Weekly DevOps, Cloud & Gen AI quizzes & guides