AWS SAA Mock Exam 1

📋 Exam Instructions

• Time Limit: 40 minutes (20 questions)
• Passing Score: 14/20 (70%)
• Question Types: Multiple choice và multiple response
• Calculator: Not permitted
• Notes: Not permitted

---

Question 1

Domain: Design Resilient Architectures

Một company đang migrate ứng dụng web 3-tier lên AWS. Họ muốn đảm bảo high availability và fault tolerance. Database layer cần được protected khỏi direct internet access nhưng vẫn accessible từ application layer.

Kiến trúc nào BEST meets requirements này?

A) Place all components trong public subnets với restrictive security groups B) Place web tier trong public subnets, application và database tiers trong private subnets C) Place all components trong private subnets với NAT Gateway cho internet access D) Place web và application tiers trong public subnets, database tier trong private subnet

Correct Answer: B Explanation: Web tier cần public access cho users, application tier có thể ở private subnet và access internet qua NAT Gateway khi cần, database tier phải ở private subnet cho security.

---

Question 2

Domain: Design High-Performing Architectures

Một e-commerce website experiences traffic spikes trong holiday seasons. Hiện tại application chạy trên single EC2 instance và performance degraded during peak times.

Solution nào sẽ BEST address issue này?

A) Upgrade to larger EC2 instance type B) Implement Auto Scaling Group với Application Load Balancer C) Add read replicas cho database D) Use CloudFront cho static content delivery

Correct Answer: B Explanation: Auto Scaling Group với ALB sẽ automatically scale capacity based on demand, providing better performance và cost optimization compared to vertical scaling.

---

Question 3

Domain: Design Secure Applications and Architectures

Một company cần store sensitive financial documents trên S3. Documents phải được encrypted và chỉ specific users mới có thể access. Company muốn control encryption keys và audit key usage.

Encryption option nào BEST meets requirements?

A) SSE-S3 với default encryption B) SSE-KMS với Customer Managed Keys C) SSE-C với customer-provided keys D) Client-side encryption với AWS SDK

Correct Answer: B Explanation: SSE-KMS với Customer Managed Keys provides key control, rotation capabilities, và comprehensive audit trails through CloudTrail.

---

Question 4

Domain: Design Cost-Optimized Architectures

Một startup has predictable compute workload chạy 24/7 for next 3 years. Họ đang sử dụng On-Demand instances và muốn reduce costs.

Cost optimization strategy nào MOST appropriate?

A) Switch to Spot Instances B) Purchase Standard Reserved Instances cho 3 years, All Upfront C) Use Savings Plans với 3-year commitment D) Implement scheduled scaling để turn off instances overnight

Correct Answer: B Explanation: Với predictable 24/7 workload for 3 years, Standard RI với All Upfront payment provides maximum cost savings (up to 75% discount).

---

Question 5

Domain: Design Resilient Architectures

Một application requires RTO of 1 hour và RPO of 15 minutes. Current setup has database trong single AZ. Company wants implement disaster recovery strategy.

DR strategy nào BEST meets requirements?

A) Backup và Restore B) Pilot Light C) Warm Standby D) Multi-Site Active/Active

Correct Answer: C Explanation: Warm Standby có thể achieve RTO of ~1 hour và RPO of minutes, balancing cost và recovery requirements.

---

Question 6

Domain: Design High-Performing Architectures

Một global application serves users worldwide. Users complain về slow loading times cho static assets như images và CSS files.

Solution nào sẽ MOST effectively improve performance?

A) Use larger EC2 instances B) Implement ElastiCache C) Deploy CloudFront CDN D) Use multiple Application Load Balancers

Correct Answer: C Explanation: CloudFront CDN sẽ cache static content tại edge locations worldwide, significantly reducing latency cho global users.

---

Question 7

Domain: Design Secure Applications and Architectures

Một company cần provide temporary access cho third-party contractor để access specific S3 bucket for 2 weeks. Access should automatically expire.

Security approach nào MOST appropriate?

A) Create IAM user với programmatic access và manually delete after 2 weeks B) Use IAM role với AssumeRole và time-based condition C) Generate pre-signed URLs với 2-week expiration D) Create bucket policy với IP address restriction

Correct Answer: B Explanation: IAM role với time-based condition trong policy sẽ automatically expire access, providing better security than manual management.

---

Question 8

Domain: Design Cost-Optimized Architectures

Một company has S3 bucket với 10TB data. Most files are accessed frequently trong first 30 days, occasionally trong next 90 days, và rarely after that. Compliance requires 7-year retention.

Storage strategy nào MOST cost-effective?

A) Keep all data trong S3 Standard B) Use S3 Intelligent-Tiering cho automatic optimization C) Manually move data giữa storage classes D) Implement lifecycle policy: Standard → Standard-IA → Glacier → Deep Archive

Correct Answer: D Explanation: Lifecycle policy automatically transitions objects dựa trên access patterns, optimizing costs while meeting retention requirements.

---

Question 9

Domain: Design Resilient Architectures

Một web application uses RDS MySQL database. Database experiences occasional high CPU utilization affecting application performance. Company wants improve database performance without changing application code.

Solution nào BEST addresses issue này?

A) Upgrade to larger RDS instance B) Enable Multi-AZ deployment C) Add Read Replicas và route read traffic D) Migrate to DynamoDB

Correct Answer: C Explanation: Read Replicas can offload read traffic từ primary database, reducing CPU utilization without requiring application code changes.

---

Question 10

Domain: Design High-Performing Architectures

Một data processing application needs process large files uploaded to S3. Processing takes 10-15 minutes per file và should start immediately after upload.

Architecture nào MOST efficient?

A) EC2 instance polling S3 bucket every minute B) S3 event notification → Lambda → SQS → EC2 C) S3 event notification → SQS → Lambda D) CloudWatch Events scheduled every 5 minutes

Correct Answer: B Explanation: S3 event notifications provide immediate trigger, SQS ensures reliable delivery, và EC2 can handle long-running processing tasks better than Lambda's 15-minute limit.

---

Question 11

Domain: Design Secure Applications and Architectures

Một company wants ensure all data transfers to/from S3 are encrypted in transit. Some legacy applications cannot be modified to use HTTPS.

Policy configuration nào will enforce encryption in transit?

A) Enable default encryption on S3 bucket B) Use bucket policy to deny requests without SSL C) Configure VPC endpoint cho S3 D) Enable S3 Transfer Acceleration

Correct Answer: B Explanation: Bucket policy có thể explicitly deny requests that don't use SSL/HTTPS, enforcing encryption in transit requirement.

---

Question 12

Domain: Design Cost-Optimized Architectures

Một development team needs EC2 instances cho testing during business hours (8 AM - 6 PM, Monday-Friday). Instances are not needed outside these hours.

Cost optimization approach nào MOST effective?

A) Use Spot Instances B) Purchase Reserved Instances C) Implement scheduled Auto Scaling D) Use Lambda instead of EC2

Correct Answer: C Explanation: Scheduled Auto Scaling có thể automatically start/stop instances based on predictable schedule, eliminating costs during non-business hours.

---

Question 13

Domain: Design Resilient Architectures

Một application stores session data trong memory trên EC2 instances. When instances terminate, users lose their sessions. Company wants implement persistent session storage.

Solution nào BEST addresses requirement này?

A) Use sticky sessions trên Application Load Balancer B) Store session data trong RDS database C) Use ElastiCache Redis cluster D) Store session data trong S3

Correct Answer: C Explanation: ElastiCache Redis provides fast, persistent session storage với high availability và low latency, ideal cho session management.

---

Question 14

Domain: Design High-Performing Architectures

Một database-intensive application experiences slow query performance. Database metrics show high IOPS utilization. Application cannot be modified to optimize queries.

Storage optimization nào MOST effective?

A) Increase EBS volume size B) Switch to Provisioned IOPS SSD (io2) C) Use instance store volumes D) Enable EBS optimization

Correct Answer: B Explanation: Provisioned IOPS SSD (io2) provides guaranteed high IOPS performance, directly addressing the IOPS bottleneck.

---

Question 15

Domain: Design Secure Applications and Architectures

Một company wants monitor và alert on unusual API activity trong AWS account. They need comprehensive auditing của all API calls và automated threat detection.

Solution combination nào BEST meets requirements?

A) CloudTrail + CloudWatch Logs B) CloudTrail + GuardDuty + CloudWatch Alarms C) VPC Flow Logs + CloudWatch D) AWS Config + CloudWatch Events

Correct Answer: B Explanation: CloudTrail logs all API calls, GuardDuty provides automated threat detection, và CloudWatch Alarms enable automated responses.

---

Question 16

Domain: Design Cost-Optimized Architectures

Một company has workload với variable demand throughout the day. Demand is predictable: low from 12 AM - 6 AM, medium from 6 AM - 6 PM, high from 6 PM - 12 AM.

Auto Scaling strategy nào MOST cost-effective?

A) Target tracking scaling only B) Scheduled scaling với target tracking C) Step scaling với detailed CloudWatch metrics D) Manual scaling based on time

Correct Answer: B Explanation: Scheduled scaling anticipates predictable demand changes, while target tracking handles unexpected variations, optimizing both performance và cost.

---

Question 17

Domain: Design Resilient Architectures

Một critical application must maintain 99.99% availability. Application currently runs trên single EC2 instance trong one AZ. Database is RDS Single-AZ MySQL.

Architecture change nào will BEST improve availability?

A) Enable RDS Multi-AZ only B) Use Auto Scaling Group across multiple AZs only C) Both RDS Multi-AZ và Auto Scaling Group across multiple AZs D) Migrate to Lambda và DynamoDB

Correct Answer: C Explanation: Both compute và database layers need multi-AZ deployment để eliminate single points of failure và achieve 99.99% availability target.

---

Question 18

Domain: Design High-Performing Architectures

Một video streaming application needs deliver content globally với low latency. Videos are stored trong S3 và range from 100MB to 2GB.

Content delivery strategy nào MOST effective?

A) Use S3 Transfer Acceleration B) Deploy CloudFront với multiple origin servers C) Use CloudFront với S3 origin và appropriate caching policies D) Replicate S3 buckets to multiple regions

Correct Answer: C Explanation: CloudFront với S3 origin provides global edge caching, reducing latency. Appropriate caching policies optimize performance cho different video sizes.

---

Question 19

Domain: Design Secure Applications and Architectures

Một financial application processes sensitive customer data và must comply với PCI DSS requirements. Data must be encrypted at rest và in transit, với detailed audit trails.

Compliance strategy nào MOST comprehensive?

A) Use S3 với SSE-S3 và CloudTrail B) Use S3 với SSE-KMS, CloudTrail, và VPC Flow Logs C) Use EBS encryption và CloudWatch Logs D) Use database encryption và AWS Config

Correct Answer: B Explanation: SSE-KMS provides key management và detailed encryption audit trails, CloudTrail logs API access, và VPC Flow Logs provide network activity auditing.

---

Question 20

Domain: Design Cost-Optimized Architectures

Một company has batch processing workload that can tolerate interruptions và has flexible timing requirements. Workload typically runs for 4-6 hours once per day.

Instance purchasing strategy nào MOST cost-effective?

A) On-Demand Instances B) Reserved Instances C) Spot Instances D) Dedicated Hosts

Correct Answer: C Explanation: Spot Instances provide up to 90% cost savings và are perfect cho fault-tolerant, flexible batch workloads that can handle interruptions.

---

📊 Answer Key Summary

Question	Answer	Domain
1	B	Resilient
2	B	Performance
3	B	Security
4	B	Cost
5	C	Resilient
6	C	Performance
7	B	Security
8	D	Cost
9	C	Resilient
10	B	Performance
11	B	Security
12	C	Cost
13	C	Resilient
14	B	Performance
15	B	Security
16	B	Cost
17	C	Resilient
18	C	Performance
19	B	Security
20	C	Cost

📈 Score Analysis

By Domain:

• Resilient Architectures (6 questions): 30%
• High-Performing Architectures (6 questions): 30%
• Secure Applications (4 questions): 20%
• Cost-Optimized Architectures (4 questions): 20%

Performance Targets:

• 18-20 correct: Excellent (Ready for exam)
• 15-17 correct: Good (Review weak areas)
• 12-14 correct: Fair (Additional study needed)
• Below 12: Poor (Comprehensive review required)

🎯 Study Recommendations

If you scored 15-17:

• Review incorrect answers carefully
• Focus on specific domain weaknesses
• Practice hands-on labs
• Take additional practice exams

If you scored 12-14:

• Review all 4 domains thoroughly
• Complete hands-on labs
• Study AWS documentation
• Join study groups or courses

If you scored below 12:

• Start với AWS fundamentals
• Complete AWS Cloud Practitioner first
• Extensive hands-on practice
• Consider instructor-led training

📚 Related Study Materials

• Domain 1: Resilient Architectures
• Domain 2: High-Performing Architectures
• Domain 3: Secure Architectures
• Domain 4: Cost-Optimized Architectures