🎯 Domain 4 Practice Quiz

50 exam-style questions covering all 19 topics in Domain 4 β€” Troubleshooting & Optimization. Questions are modeled after actual AWS Developer Associate exam style and difficulty.

50Total Questions
7Topic Sections
⏱️Self-Paced
DVADev Associate Level
1

Amazon CloudWatch

12 Questions Β· Q1–Q12
1
A developer needs to publish custom Lambda memory usage metrics from inside the function code without adding significant latency to function execution. Which approach should they use?
  • A PutMetricData API call on each invocation
  • B CloudWatch Agent installed on Lambda
  • C Embed metrics using CloudWatch Embedded Metric Format (EMF) in structured log output
  • D Create a Kinesis stream to collect and batch metrics
βœ… Answer: C

EMF (Embedded Metric Format) lets you write metrics as structured JSON to stdout, which CloudWatch Logs automatically extracts into metrics. There's zero extra API call latency since it piggybacks on the existing log write. PutMetricData (A) adds network latency per call. CloudWatch Agent (B) cannot be installed on serverless Lambda. Kinesis (D) is overly complex.

2
An API Gateway endpoint shows high overall Latency but low IntegrationLatency metrics. What does this indicate?
  • A The backend Lambda function is running slowly
  • B The database queries are taking too long
  • C The delay is occurring inside API Gateway itself (authorization, request/response mapping, throttling overhead)
  • D The client network connection is slow
βœ… Answer: C

Latency = total end-to-end time at API Gateway. IntegrationLatency = time waiting for the backend response. If Latency is high but IntegrationLatency is low, the overhead = Latency βˆ’ IntegrationLatency is large, meaning API Gateway itself is adding delay. This points to issues like request validation, Lambda authorizer calls, response mapping templates, or caching operations β€” all within API Gateway, not the backend.

3
A developer needs to count how many times the word "ERROR" appears per minute across all Lambda function logs stored in CloudWatch Logs. What is the most efficient approach?
  • A Export logs to S3 and use Athena to query them
  • B Use CloudWatch Logs Insights with a query like: filter @message like /ERROR/ | stats count(*) by bin(1min)
  • C Create a CloudWatch Metric Filter on the log group that counts ERROR occurrences
  • D Stream logs to Kinesis Data Analytics for real-time counting
βœ… Answer: B

CloudWatch Logs Insights is purpose-built for ad-hoc log analysis β€” fast, uses a simple query language, and can aggregate by time bins. Option C (Metric Filter) is better for ongoing continuous monitoring (it creates a metric going forward), not for querying existing historical logs. Logs Insights can query existing historical data immediately. Both B and C are valid approaches; for a one-time or ad-hoc count, Logs Insights (B) is more efficient.

4
A CloudWatch Alarm for an EC2 instance CPU metric was just created. It shows "INSUFFICIENT_DATA" state. What is the most likely reason?
  • A The EC2 instance is stopped
  • B The alarm threshold is set incorrectly
  • C Not enough data points have been collected yet for the alarm to evaluate its state
  • D CloudWatch does not support CPU alarms for EC2
βœ… Answer: C

INSUFFICIENT_DATA is the initial state of a new alarm β€” it transitions to OK or ALARM once enough data points exist to evaluate. It can also occur when a metric stops reporting data (e.g., EC2 stopped, but then it would be explicitly INSUFFICIENT_DATA due to missing data). A newly created alarm always starts in INSUFFICIENT_DATA until its evaluation period completes with actual metric values.

5
A team wants to automatically test their API endpoint availability and response time every 5 minutes and alert when response time exceeds 2 seconds. Which CloudWatch feature should they use?
  • A CloudWatch Metric Filters on API Gateway logs
  • B CloudWatch Synthetics with a canary script
  • C CloudWatch ServiceLens
  • D CloudWatch Contributor Insights
βœ… Answer: B

CloudWatch Synthetics lets you create canaries β€” scripts that run on a schedule to simulate user transactions (like checking a URL). They call your endpoints, measure response time, check availability, and publish metrics to CloudWatch. You can then set alarms on those metrics. This is the purpose-built solution for proactive endpoint monitoring without real user traffic.

6
A developer needs to track "number of orders placed" in their e-commerce application and display it in a CloudWatch Dashboard. This metric does not exist in AWS by default. What should they do?
  • A Parse application logs using Lambda and write to DynamoDB, then display in a custom dashboard
  • B Use PutMetricData API to publish a custom metric with a custom namespace (e.g., "MyApp/Orders") and the metric name "OrdersPlaced"
  • C Enable detailed monitoring on EC2 instances to expose custom application metrics
  • D Create an SNS topic that counts incoming messages and expose as a metric
βœ… Answer: B

The PutMetricData API is how you publish custom application metrics to CloudWatch. You choose a custom namespace (e.g., "MyApp/Orders"), define the metric name ("OrdersPlaced"), and provide a value. Once published, the metric appears in CloudWatch like any built-in metric β€” you can graph it, create alarms on it, and add it to dashboards.

7
A critical service has two independent CloudWatch Alarms: one for CPU > 80% and one for memory > 70%. The ops team only wants to get paged when BOTH conditions are true simultaneously. What should they create?
  • A Two separate alarms, each sending to an SNS topic
  • B A CloudWatch Composite Alarm that uses AND logic on both alarms
  • C A Lambda function that checks both metrics every minute
  • D A CloudWatch Metric Math expression combining both metrics
βœ… Answer: B

CloudWatch Composite Alarms allow you to combine multiple alarms using AND/OR logic. Create: ALARM("CPU-Alarm") AND ALARM("Memory-Alarm") β†’ the composite alarm fires only when both individual alarms are in ALARM state simultaneously. This reduces alert fatigue (no pages when only one condition is true) and is the exact use case Composite Alarms were built for.

8
A developer needs a Lambda function to publish custom metrics to CloudWatch without adding latency to the function's response time. The metrics should be derived from log data. Which is the best approach?
  • A Call PutMetricData synchronously at the end of each Lambda execution
  • B Use the CloudWatch Embedded Metric Format (EMF) β€” print structured JSON with _aws.CloudWatchMetrics to stdout
  • C Create a separate Lambda that polls logs and publishes metrics every minute
  • D Use X-Ray annotations to publish numeric metrics
βœ… Answer: B

EMF writes metric values as structured JSON to CloudWatch Logs (stdout). CloudWatch Logs asynchronously extracts these as real metrics β€” zero added latency to function execution since the log write happens in the background Lambda infrastructure. The function doesn't wait for PutMetricData network round-trips.

9
A team needs to share a CloudWatch Dashboard with business stakeholders who do not have AWS accounts. How can they do this?
  • A Create IAM users with read-only CloudWatch access for each stakeholder
  • B Share the dashboard publicly or via a shared link using CloudWatch Shared Dashboards
  • C Export dashboard data to a PDF and email it
  • D Create an S3 static website that fetches CloudWatch metrics via SDK
βœ… Answer: B

CloudWatch Shared Dashboards generate a public URL (or a URL for specific AWS accounts) that allows people to view dashboard data without needing AWS credentials. The link shows a live, read-only view of the dashboard. This is the proper, low-maintenance solution for sharing metrics with non-technical stakeholders.

10
An API Gateway has caching enabled. A developer needs to measure how effectively the cache is working β€” specifically, how many requests are being served from cache vs going to the backend. Which metric shows requests served from cache?
  • A CacheHitRate (percentage)
  • B IntegrationLatency (lower = cache serving requests)
  • C CacheHitCount (raw number of cache hits)
  • D Count (filtered by cache headers)
βœ… Answer: C

CacheHitCount is the actual CloudWatch metric that counts requests served directly from the API Gateway cache (no backend call made). CacheMissCount counts requests that went through to the backend. Cache Hit Rate % = CacheHitCount / (CacheHitCount + CacheMissCount) Γ— 100 β€” you calculate this using Metric Math, as CacheHitRate itself is not a native metric.

11
A developer wants to create a CloudWatch Alarm that fires when a Lambda function's error rate exceeds 5%. The function has two metrics: "Errors" and "Invocations". How should they configure this?
  • A Create an alarm on the "Errors" metric threshold > 5
  • B Use CloudWatch Metric Math to create expression m1/m2*100 (Errors/Invocations*100) and alarm when this exceeds 5
  • C Create a Lambda function that calculates error rate and calls PutMetricData
  • D Use X-Ray to measure error rates β€” CloudWatch cannot calculate rates
βœ… Answer: B

CloudWatch Metric Math allows creating expressions that combine multiple metrics mathematically. Define m1 = Errors, m2 = Invocations, expression = m1/m2*100 (this is your error rate %). Create the alarm on this expression value > 5. This is cleaner and more accurate than alarming on raw error count, which doesn't account for varying traffic volumes.

12
CloudWatch stores metrics with 1-second resolution (high-resolution metrics). For how long are 1-second resolution data points retained?
  • A 1 minute
  • B 3 hours
  • C 15 days
  • D 63 days
βœ… Answer: B

CloudWatch metric retention by resolution: 1-second (high-res) β†’ 3 hours, 1-minute β†’ 15 days, 5-minute β†’ 63 days, 1-hour β†’ 15 months (455 days). After the retention period, metrics are automatically aggregated into the next coarser resolution. This is why you can see detailed recent data but only hourly data for older periods.

2

AWS X-Ray & Distributed Tracing

10 Questions Β· Q13–Q22
13
What does an X-Ray "Trace" represent?
  • A A single Lambda function invocation's log output
  • B The complete end-to-end journey of a single request through all services in your application
  • C A performance profile of CPU usage during one execution
  • D A list of all API calls made by an IAM user
βœ… Answer: B

An X-Ray Trace collects all the segments and subsegments generated by a single request from entry point (API Gateway) through every downstream service (Lambda, DynamoDB, SNS, etc.) until a final response is returned. It's identified by a unique Trace ID that's propagated via the X-Amzn-Trace-Id HTTP header.

14
A developer wants to search X-Ray traces for all requests made by a specific user (userId). The userId is in the request payload. What must they do to enable filtering by userId in X-Ray?
  • A Store userId in CloudWatch Logs and join with X-Ray traces
  • B Add userId as an X-Ray Annotation and use Filter Expressions to search by annotation value
  • C Add userId as X-Ray Metadata and use the search API
  • D Pass userId in an HTTP header and configure X-Ray to index it automatically
βœ… Answer: B

Annotations are key-value pairs added to X-Ray segments that are indexed and therefore searchable via Filter Expressions. To filter by userId, add it as an annotation: putAnnotation("userId", userId). Then use a Filter Expression: annotation.userId = "user123" to find all traces for that user. Metadata (C) is NOT indexed and cannot be searched.

15
What is the critical functional difference between X-Ray Annotations and Metadata?
  • A Annotations are for strings only; Metadata supports all data types
  • B Annotations are indexed and searchable via Filter Expressions; Metadata is stored but not indexed
  • C Annotations appear on Service Maps; Metadata appears in trace details
  • D Annotations are limited to 10 per segment; Metadata has no limit
βœ… Answer: B

The key distinction: Annotations = indexed key-value pairs (searchable). Metadata = non-indexed key-value pairs (not searchable, but visible in trace detail). Use Annotations when you need to search/filter traces. Use Metadata for rich contextual data you want to see when inspecting a specific trace but don't need to search across traces (e.g., full request body, user preferences object).

16
A developer is debugging why a request is slow across a microservices architecture with 8 services. They want to see the call relationships and identify which service has the highest latency. Which X-Ray feature gives the best overview?
  • A X-Ray Trace Timeline (Gantt chart view)
  • B CloudWatch Logs Insights query
  • C X-Ray Service Map β€” shows all services as nodes with latency/error metrics on each connection
  • D CloudWatch ServiceLens (which wraps X-Ray data)
βœ… Answer: C

The X-Ray Service Map is a visual diagram showing all services as nodes connected by edges. Each node shows average latency, request rate, and error/fault/throttle rates. It gives an instant visual overview of the entire system health and where bottlenecks are. The Trace Timeline (A) shows one specific trace, not the overall system.

17
What does "Active Tracing" mean when enabled for a Lambda function in X-Ray?
  • A X-Ray captures every single invocation with 100% sampling rate
  • B Lambda automatically runs the X-Ray daemon and passes the trace context to the function β€” no manual setup needed
  • C Lambda proactively calls X-Ray to check for trace propagation headers
  • D X-Ray actively monitors Lambda and restarts it if it becomes slow
βœ… Answer: B

When Active Tracing is enabled on a Lambda function, Lambda automatically: (1) runs the X-Ray daemon as a sidecar, (2) sends a segment for the Lambda service itself, and (3) injects the trace context so the function code can instrument subsegments. This eliminates the need to manually deploy and configure the X-Ray daemon. Without it, you would need to run the daemon yourself and set up trace propagation manually.

18
In an X-Ray trace, an "Inferred Segment" appears for an S3 service even though S3 is not instrumented with the X-Ray SDK. What is an Inferred Segment?
  • A A segment created by X-Ray from AWS SDK call timing data β€” X-Ray creates it for services that don't send their own segments
  • B A segment created by guessing what the service probably did based on logs
  • C A placeholder segment for services that weren't reached during the request
  • D A segment from a service that failed to send its segment due to network error
βœ… Answer: A

An Inferred Segment is automatically created by X-Ray when your code (instrumented with the X-Ray SDK) makes calls to AWS services like S3, DynamoDB, or SNS via the AWS SDK. X-Ray captures the timing of that outbound call and creates a segment representing the downstream service β€” even though that service never sent its own segment. This gives visibility into downstream service calls without requiring those services to be instrumented.

19
An application sends thousands of requests per second to X-Ray. The team wants to reduce X-Ray costs while still maintaining visibility. What should they configure?
  • A Disable X-Ray on non-production environments only
  • B Configure X-Ray Sampling Rules to trace only a percentage of requests (e.g., 5% of requests at 10 req/sec reservoir)
  • C Use CloudWatch Synthetics instead of X-Ray to reduce volume
  • D Delete old X-Ray traces using the BatchDeleteTraces API
βœ… Answer: B

X-Ray Sampling Rules control what percentage of requests are traced. The default rule captures 5% of requests with a reservoir of 1 req/sec. You can create custom rules by service, URL path, or HTTP method to fine-tune sampling rates. This significantly reduces data ingestion costs while maintaining statistical visibility. You can trace 100% of error responses even while sampling normal traffic.

20
A developer wants to enable X-Ray tracing for an Elastic Beanstalk web application. What is the correct approach?
  • A Manually install the X-Ray daemon on each EC2 instance in the Beanstalk environment
  • B Enable X-Ray in the Elastic Beanstalk console (or via .ebextensions config) β€” Beanstalk automatically installs and runs the X-Ray daemon
  • C Deploy X-Ray as a Docker sidecar container alongside the application container
  • D Use environment variables to pass X-Ray daemon IP address to the application
βœ… Answer: B

Elastic Beanstalk has native X-Ray integration. In the console, under "Software Configuration", enable X-Ray Daemon. Alternatively, set XRayEnabled: true in the Beanstalk configuration. Beanstalk will automatically install, configure, and run the X-Ray daemon on the underlying EC2 instances. No manual installation required β€” this is the managed Beanstalk way.

21
An X-Ray Segment contains multiple Subsegments. What does a Subsegment represent?
  • A A separate microservice that was called during the request
  • B A granular unit of work WITHIN a segment β€” like a specific DynamoDB query, HTTP call, or custom code block within a service
  • C A retry attempt after a failed operation
  • D A trace from a previous request used for comparison
βœ… Answer: B

Hierarchy: Trace β†’ contains Segments (one per service) β†’ contains Subsegments (granular breakdown within a service). Example: a Lambda function's Segment might contain subsegments for: DynamoDB GetItem call (20ms), S3 PutObject call (45ms), and a custom code block (5ms). Subsegments let you pinpoint exactly which operation within a service is slow.

22
A developer wants to find all X-Ray traces for the /api/orders endpoint that took longer than 2 seconds. What should they use?
  • A CloudWatch Logs Insights to query X-Ray data
  • B X-Ray Analytics with a duration filter
  • C X-Ray Filter Expressions: http.url CONTAINS "/api/orders" AND duration > 2
  • D CloudWatch Contributor Insights with X-Ray as data source
βœ… Answer: C

X-Ray Filter Expressions are queries that filter the list of traces. You can filter by URL, duration, HTTP status code, response time, annotations, service name, and more. The expression syntax: http.url CONTAINS "/api/orders" AND duration > 2 would return only traces matching that URL that exceeded 2 seconds. Use this in the X-Ray console or via the GetTraceSummaries API.

3

Logging & Observability

5 Questions Β· Q23–Q27
23
Observability is built on three pillars. What are they?
  • A Logs, Alarms, and Dashboards
  • B Metrics, Logs, and Traces
  • C CloudWatch, X-Ray, and CloudTrail
  • D Performance, Availability, and Security
βœ… Answer: B

The three pillars of observability are: Metrics (numerical time-series data β€” what is happening), Logs (timestamped event records β€” what happened in detail), and Traces (request journey across services β€” where is it slow). AWS: CloudWatch = Metrics + Logs, X-Ray = Traces, CloudTrail = API audit log (a special form of Logs).

24
A developer wants to add structured logging, custom metrics, and distributed tracing to a Lambda function with minimal boilerplate code. What should they use?
  • A AWS SDK for Python (boto3) with manual CloudWatch API calls
  • B AWS Lambda Powertools β€” provides Logger, Metrics, and Tracer utilities
  • C CloudWatch Agent installed as a Lambda Layer
  • D Custom logging library built on top of Python's logging module
βœ… Answer: B

AWS Lambda Powertools (available for Python, TypeScript, Java, .NET) provides three utilities: Logger (structured JSON logging with correlation IDs), Metrics (EMF-based custom metrics), and Tracer (X-Ray tracing with decorators). It's the standard "batteries-included" toolkit for Lambda observability β€” reduces dozens of lines of instrumentation code to a few decorator annotations.

25
What is "structured logging" and why is it preferred over unstructured log messages?
  • A Logging only error messages instead of all events
  • B Writing logs in a consistent machine-parseable format (like JSON) with defined fields, making them easily queryable and filterable
  • C Organizing log files into folder structures by date and service
  • D Using log levels (INFO, WARN, ERROR) consistently
βœ… Answer: B

Structured logging writes logs as JSON with consistent, defined fields: timestamp, level, service, correlationId, userId, message, etc. Unlike unstructured logs ("Error processing order 123 for user abc"), structured logs let you easily filter, aggregate, and search β€” e.g., find all logs where userId = "abc" AND level = "ERROR" using CloudWatch Logs Insights or Athena.

26
A microservices application has 10 services, each writing logs to separate CloudWatch Log Groups. A developer needs to search across all service logs to find all events related to a specific customer's failed request. What approach best solves this?
  • A Use CloudWatch Logs Insights with a cross-log-group query
  • B Log into each service's log group separately and search
  • C Implement centralized logging β€” all services include a correlationId; aggregate logs into a central log group or OpenSearch; search by correlationId
  • D Use AWS Config to aggregate logs across services
βœ… Answer: C

Centralized logging with correlation IDs is the proper pattern. Each service includes the same correlationId (generated at API Gateway entry, propagated via headers) in its log messages. When searching for a failed request, filter all logs by that correlationId β€” instantly see the complete timeline across all 10 services. CloudWatch Logs Insights can also query multiple log groups: fields @timestamp | filter correlationId = "abc-123".

27
Why is AWS Lambda Powertools Metrics (EMF-based) preferred over calling PutMetricData directly for Lambda functions?
  • A Lambda Powertools is free; PutMetricData is charged per API call
  • B PutMetricData doesn't work inside Lambda
  • C Lambda Powertools automatically groups metrics by service name
  • D EMF writes metrics asynchronously via logs (no added execution latency), while PutMetricData is a synchronous API call that adds network round-trip time to function duration and cost
βœ… Answer: D

EMF (Embedded Metric Format) writes structured JSON to stdout. CloudWatch picks up metrics from logs asynchronously after the function returns β€” zero added latency. PutMetricData makes a synchronous HTTPS call to CloudWatch during function execution β€” this adds network latency (typically 5-50ms) to every invocation, increasing both function duration and cost. For high-volume Lambda functions, this difference is significant.

4

Root Cause Analysis

3 Questions Β· Q28–Q30
28
An application has a 10-service chain: API Gateway β†’ Lambda A β†’ Lambda B β†’ DynamoDB. Users report slow responses. CloudWatch shows all Lambdas have normal latency. Where should you look next and with which tool?
  • A Check EC2 instance metrics in CloudWatch
  • B Run a CloudTrail query to find recent configuration changes
  • C Use the X-Ray Service Map to visualize end-to-end latency across all services, including DynamoDB calls
  • D Enable VPC Flow Logs to check network traffic
βœ… Answer: C

When individual service metrics look normal but the end-to-end request is slow, the bottleneck is often in the communication between services or in a downstream service not instrumented with basic metrics (like DynamoDB read latency, network hops). The X-Ray Service Map shows the complete trace timeline with latency at each hop, revealing DynamoDB throttling, slow table reads, or high serialization overhead that wouldn't show up in Lambda duration metrics alone.

29
A team needs to analyze 3 TB of historical application logs stored in S3 (Apache Combined Log Format) to find error patterns. The analysis is needed once a week. What is the most cost-effective approach?
  • A Load all logs into OpenSearch Service for analysis
  • B Write a Lambda function to parse and aggregate logs
  • C Use Amazon Athena to run SQL queries directly on the S3 logs with no data loading required β€” pay per query
  • D Spin up an EMR Spark cluster to process the logs
βœ… Answer: C

Amazon Athena is serverless SQL directly on S3 β€” no cluster, no data loading, no ongoing infrastructure cost. You pay only for the bytes scanned. For weekly ad-hoc queries on 3TB of logs, Athena is far more cost-effective than OpenSearch (which requires persistent cluster costs) or EMR (cluster provisioning time + cost). Define a table schema over the S3 location and query with standard SQL.

30
What is a "Correlation ID" and why is it essential for root cause analysis in microservices?
  • A A unique ID used to identify a correlation between two related databases
  • B The X-Ray trace ID used to connect spans
  • C A unique identifier generated at request entry that is propagated through all service calls and included in every log message β€” enabling you to trace a single request across all services
  • D A CloudWatch metric that correlates CPU and memory usage
βœ… Answer: C

A Correlation ID (also called request ID or trace ID) is generated when a request enters your system (at API Gateway or the first service), then passed as an HTTP header (X-Correlation-ID) to every downstream service, and included in every log line. When debugging, search for the correlationId across all log groups to see the complete request history across 10 services in chronological order. Without it, connecting related log entries across services is nearly impossible.

5

AWS CloudTrail

5 Questions Β· Q31–Q35
31
A security team needs to determine which IAM user deleted a production S3 bucket 45 days ago. Where should they look?
  • A CloudWatch Logs for S3 access logs
  • B X-Ray traces for the S3 deletion event
  • C AWS CloudTrail β€” search for the DeleteBucket API call with the bucket name to find who made the call
  • D S3 Server Access Logs for the specific bucket
βœ… Answer: C

CloudTrail records all AWS API calls, including who (IAM ARN), when (timestamp), from where (source IP), and what was called (DeleteBucket on which bucket). The default 90-day trail in Event History is searchable. For 45 days ago, the event would still be within the 90-day retention window. Search by event name "DeleteBucket" and resource name to find the exact API call with the caller's identity.

32
A new CloudTrail trail is created with default settings. Which event types are recorded by default?
  • A All events: Management Events AND Data Events
  • B Management Events only (create/modify/delete operations on AWS resources)
  • C Data Events only (S3 object access, Lambda invocations)
  • D Insights Events only (anomaly detection)
βœ… Answer: B

By default, CloudTrail records Management Events only β€” control plane operations like CreateBucket, TerminateInstances, CreateRole, DeleteTable. Data Events (S3 GetObject, PutObject, Lambda InvokeFunction) are NOT enabled by default due to high volume and additional cost. You must explicitly enable them. Insights Events (anomaly detection) are also optional and cost extra.

33
What is the purpose of CloudTrail Insights?
  • A Provides AI-generated summaries of CloudTrail events
  • B Detects unusual patterns of API activity β€” like a sudden spike in IAM user creation or abnormal EC2 instance launches compared to your baseline
  • C Enables cross-account CloudTrail log aggregation
  • D Shows which IAM policies are most frequently used
βœ… Answer: B

CloudTrail Insights analyzes your normal write API call patterns (your "baseline") and generates Insights Events when it detects anomalies. Examples: "S3 DeleteObject calls spiked from 5/min to 500/min" (possible data deletion attack), "IAM CreateUser called 50 times in 1 minute" (possible account compromise). Insights events are additional and help detect security incidents automatically.

34
By default, how long does CloudTrail retain events in its Event History without configuring a custom trail?
  • A 30 days
  • B 7 days
  • C 90 days
  • D 1 year (365 days)
βœ… Answer: C

CloudTrail's Event History retains management events for 90 days at no additional charge. This is searchable in the AWS Console. For longer retention (compliance requirements often demand 1-7 years), you must create a Trail that delivers logs to an S3 bucket β€” S3 then provides indefinite storage with lifecycle rules for cost management.

35
A compliance requirement mandates logging every S3 object download (GetObject) from a specific bucket. By default, CloudTrail doesn't capture these. What must be configured?
  • A Enable S3 server access logging for the bucket
  • B Configure CloudTrail to enable Data Events for the specific S3 bucket (write event selectors to include S3 object-level API operations: GetObject, PutObject, DeleteObject)
  • C Create a Lambda function triggered by S3 events to log to CloudTrail
  • D Use Amazon Macie to track data access patterns
βœ… Answer: B

S3 Data Events in CloudTrail specifically capture object-level operations (GetObject, PutObject, DeleteObject, etc.) that are NOT captured by management events. You configure this by creating a Trail and enabling Data Events with an Event Selector pointing to the specific S3 bucket ARN. Note: this increases CloudTrail cost significantly for high-traffic buckets due to high event volume.

6

Lambda Optimization & Concurrency

7 Questions Β· Q36–Q42
36
What does Provisioned Concurrency do for a Lambda function?
  • A Limits the number of concurrent executions to prevent overload
  • B Pre-initializes a specified number of function execution environments so they are always warm β€” eliminating cold starts for those executions
  • C Distributes Lambda invocations across multiple AWS regions
  • D Allocates dedicated CPU resources to the Lambda function
βœ… Answer: B

Provisioned Concurrency pre-warms N execution environments β€” Lambda runs the init code (module imports, DB connections) for each environment in advance. When a request arrives, it's handled by an already-warm environment with no cold start delay. Billing includes the provisioned capacity even when idle. Use it for latency-sensitive applications with predictable traffic patterns.

37
What does Reserved Concurrency do for a Lambda function?
  • A Pre-warms execution environments for fast startup
  • B Reduces cold start time by reserving memory resources
  • C Sets the MAXIMUM number of concurrent executions for a function AND guarantees that many executions are always available (subtracted from account pool)
  • D Ensures the function always runs on the same underlying hardware
βœ… Answer: C

Reserved Concurrency does two things simultaneously: (1) Caps the function at N concurrent executions (throttles beyond that). (2) Guarantees those N slots are always available for this function (the account's other functions can't use those slots). Example: reserve 100 concurrency for Function A β†’ A can have at most 100 concurrent executions, and always has 100 slots available.

38
A critical payment Lambda function is being throttled because a high-traffic, non-critical report Lambda in the same account is using all 1000 available concurrent executions. What is the correct fix?
  • A Add Provisioned Concurrency to the payment function
  • B Increase the account concurrent execution limit via AWS Support
  • C Set Reserved Concurrency on the report Lambda to cap its maximum concurrent executions β€” this protects the payment function by limiting report Lambda's usage of the shared pool
  • D Move the payment function to a different AWS region
βœ… Answer: C

By setting Reserved Concurrency on the report Lambda (e.g., cap at 200), you prevent it from consuming the entire 1000-execution account pool. This leaves enough concurrency available for the payment function from the shared unreserved pool. You could also set Reserved Concurrency on the payment function to guarantee it always has a dedicated slice of concurrency, but capping the greedy function (C) is the cleaner fix.

39
A team wants to find the optimal memory configuration for a Lambda function that balances execution speed and cost. What tool automates this process?
  • A AWS Compute Optimizer (analyzes existing CloudWatch data)
  • B AWS Lambda Power Tuning (open-source Step Functions workflow that tests multiple memory configurations and generates a cost/performance analysis)
  • C AWS Trusted Advisor Lambda recommendations
  • D Manually test each memory setting and check CloudWatch duration metrics
βœ… Answer: B

AWS Lambda Power Tuning is a Step Functions state machine that automatically invokes your function at multiple memory settings (e.g., 128MB, 256MB, 512MB, 1024MB, 2048MB), measures real execution time and cost for each, then outputs a visualization. You choose the "strategy" (cheapest, fastest, or balanced). This is the standard community tool for Lambda right-sizing (installed via SAR β€” Serverless Application Repository).

40
An API-backed Lambda function has strict p99 latency SLA of 200ms. Cold starts are causing p99 latency to spike to 800ms. What is the best solution?
  • A Increase Lambda memory to maximum (10GB)
  • B Set Reserved Concurrency of 100
  • C Enable Provisioned Concurrency β€” pre-initialize execution environments so requests are always handled by warm instances
  • D Use Lambda SnapStart (Java only)
βœ… Answer: C

For latency-critical APIs where cold starts violate SLAs, Provisioned Concurrency is the correct solution β€” it guarantees pre-warmed execution environments with zero cold start time. More memory (A) reduces cold start duration but doesn't eliminate it. Reserved Concurrency (B) doesn't prevent cold starts. SnapStart (D) is only for Java runtimes and works differently.

41
A Lambda function is increased from 128MB to 512MB (4x memory). Execution time drops from 800ms to 200ms (4x faster). Considering Lambda pricing (cost = memory Γ— duration), what happened to the cost per invocation?
  • A Cost increased 4x (more memory)
  • B Cost stayed the same (proportional)
  • C Cost stayed approximately the same: 4x memory Γ— ΒΌ duration = same total GB-seconds
  • D Cost doubled because AWS charges extra for faster execution
βœ… Answer: C

Lambda cost = memory (GB) Γ— duration (seconds) = GB-seconds. Original: 0.128 GB Γ— 0.8s = 0.1024 GB-s. New: 0.512 GB Γ— 0.2s = 0.1024 GB-s. Same cost! Often, increasing memory proportionally reduces duration (CPU scales with memory), keeping cost neutral while improving performance. Sometimes you can increase memory significantly, get much better performance, AND reduce cost if duration drops more than proportionally.

42
What is Lambda "burst concurrency" and what is the initial burst limit in most AWS regions?
  • A Lambda can scale to unlimited concurrency immediately β€” there is no burst limit
  • B Lambda can burst to 3,000 concurrent executions immediately, then scales by +500 per minute after that, up to the account limit
  • C Lambda increases concurrency by 100 executions per minute from 0
  • D Burst concurrency allows one function to temporarily exceed its Reserved Concurrency limit
βœ… Answer: B

Lambda burst concurrency: When traffic suddenly spikes, Lambda can immediately scale to 3,000 concurrent executions (in us-east-1, us-west-2, eu-west-1 β€” smaller in other regions). After that initial burst, Lambda scales at +500 executions per minute until reaching the account limit (default 1,000). If traffic spikes faster than scaling, requests are throttled (429 error). Design with SQS or retry logic for bursty workloads.

7

Performance & Mixed Services

8 Questions Β· Q43–Q50
43
What is the primary function of Amazon CodeGuru Profiler (as distinct from CodeGuru Reviewer)?
  • A Review pull requests for code quality issues and security vulnerabilities
  • B Identify performance bottlenecks in RUNNING applications by analyzing CPU usage and latency through sampling-based profiling (flame graphs)
  • C Profile Lambda cold start times and recommend memory settings
  • D Monitor EC2 instance CPU profiles and recommend instance type changes
βœ… Answer: B

CodeGuru Profiler continuously samples your application's CPU usage at runtime (using agents for Java, Python, Node.js) and builds flame graphs showing which methods consume the most CPU time. It identifies expensive methods, wasteful code paths, and latency bottlenecks in live production or staging environments. CodeGuru Reviewer is for static code analysis of source code in PRs (security, best practices). They are complementary tools.

44
An SNS topic has three SQS queue subscribers. Each queue is for a different service: Orders service (only wants purchase events), Fraud service (only wants high-value transactions >$1000), and Analytics service (wants all events). How should this be implemented?
  • A Create three separate SNS topics, one per service
  • B Have the publisher send different messages to each queue directly (SQS)
  • C Configure SNS Subscription Filter Policies on each SQS subscription β€” each queue receives only matching messages based on message attributes
  • D Create a Lambda that reads from SNS and routes to appropriate queues
βœ… Answer: C

SNS Subscription Filter Policies are JSON policies attached to each individual SQS queue subscription. When a message is published to SNS with message attributes (e.g., eventType="purchase", amount=1500), SNS evaluates each subscription's filter policy and only delivers the message to matching subscribers. No Lambda routing needed β€” this is native SNS functionality for the Fanout + Filter pattern.

45
An S3 bucket serving product images is getting throttled (HTTP 503) because thousands of users are directly accessing objects during a sale event. What is the recommended solution?
  • A Enable S3 Transfer Acceleration
  • B Put Amazon CloudFront in front of S3 β€” CloudFront distributes requests to edge locations, dramatically reducing load on the S3 origin
  • C Upgrade the S3 bucket to "Intelligent-Tiering" storage class
  • D Increase S3 bucket throughput in the console settings
βœ… Answer: B

Amazon CloudFront caches S3 objects at 450+ edge locations worldwide. During a sale event, CloudFront serves cached images from the nearest edge location β€” most requests never reach the S3 origin. This eliminates S3 throttling (S3 limit is 5,500 GET requests/second per prefix; CloudFront serves millions from cache). CloudFront also reduces latency (users connect to nearby edge) and S3 data transfer costs (only cache misses hit S3).

46
What does a DynamoDB Stream capture?
  • A Real-time streaming of DynamoDB table metrics to CloudWatch
  • B A time-ordered, 24-hour changelog of all item-level changes (insert, update, delete) to a DynamoDB table
  • C A replication stream that copies DynamoDB data to another region
  • D A Kinesis stream that captures DynamoDB query logs
βœ… Answer: B

DynamoDB Streams captures a time-ordered sequence of item-level modifications (writes, updates, deletes) in near-real-time. Each stream record contains: what happened (INSERT/MODIFY/REMOVE) and optionally the old image, new image, or both (configured via StreamViewType). Records are retained for 24 hours. Lambda can be configured to trigger on new stream records for event-driven processing (replication, notifications, search indexing).

47
Which AWS resources does AWS Compute Optimizer provide right-sizing recommendations for?
  • A EC2, RDS, S3, Lambda, CloudFront
  • B EC2 instances, Lambda functions, EBS volumes, Auto Scaling Groups, and ECS on Fargate
  • C Lambda, DynamoDB, S3, and SQS only
  • D All AWS services that have configurable compute sizes
βœ… Answer: B

Compute Optimizer supports exactly 5 resource types: EC2 instances (instance type), EC2 Auto Scaling Groups (instance type), EBS volumes (volume type, IOPS, throughput), Lambda functions (memory setting), and ECS services on Fargate (CPU/memory). Note: RDS is NOT supported by Compute Optimizer β€” use Performance Insights for RDS right-sizing.

48
An RDS MySQL database is experiencing high read latency due to many concurrent read queries from an application. The data being read is mostly static reference data that rarely changes. What is the most effective solution?
  • A Enable Multi-AZ deployment on RDS
  • B Upgrade to a larger RDS instance class
  • C Add Amazon ElastiCache (Redis or Memcached) as a caching layer using the Lazy Loading pattern
  • D Enable RDS Read Replicas
βœ… Answer: C

ElastiCache is the canonical answer for "improve RDS read performance". For static reference data (rarely changes), Lazy Loading works well: first read goes to RDS, result cached in ElastiCache with a long TTL. Subsequent reads (which are the majority) return in sub-millisecond from memory without hitting the database. Read Replicas (D) also help but only shift reads to replica DB β€” still slower than in-memory cache.

49
An application needs to ingest 50,000 sensor readings per second in real-time, process them with a Lambda consumer, and retain raw data for 7 days. Which AWS service is most appropriate?
  • A Amazon SQS Standard Queue
  • B Amazon SNS
  • C Amazon Kinesis Data Streams β€” designed for high-throughput real-time streaming data, supports multiple consumers, and retains data up to 365 days
  • D Amazon DynamoDB with Streams enabled
βœ… Answer: C

Kinesis Data Streams is built for high-throughput, real-time data ingestion at massive scale. Key advantages over SQS: data is ordered within shards, retained for up to 365 days (vs SQS max 14 days), multiple consumers can read the same records independently (replay capability), and designed for streaming data patterns. At 50,000 records/sec, Kinesis with appropriate shard count handles this natively.

50
A developer is troubleshooting why an EC2 instance in a private subnet cannot communicate with another EC2 instance in a different subnet. The security groups are correctly configured. What should they check next?
  • A Check CloudTrail logs for recent security group changes
  • B Enable X-Ray on both EC2 instances to trace the connection
  • C Enable and examine VPC Flow Logs β€” look for REJECT records between the two IP addresses to identify if a NACL or routing issue is blocking traffic at the network layer
  • D Check CloudWatch Logs for network error messages from the application
βœ… Answer: C

VPC Flow Logs capture ACCEPT/REJECT decisions at the network interface level. If security groups are fine, the next suspects are: Network ACLs (NACLs β€” stateless, can block return traffic), routing tables (missing route between subnets), or misconfigured VPC peering. VPC Flow Logs will show REJECT records if traffic is being blocked by NACLs. Check for asymmetric NACL rules (NACLs are stateless; both inbound and outbound rules must be configured).

πŸŽ‰ You've Completed All 50 Questions!

Review any answers you're uncertain about by re-reading the topic pages. Focus extra time on ⭐⭐⭐⭐⭐ topics: CloudWatch, X-Ray, Logging, CloudTrail, and Lambda Optimization.

← Back to Domain 4 Overview