APPIAN CERTIFIED ASSOCIATE DEVELOPER
EXAM SCRIPT 2026 FULL QUESTIONS AND
CORRECT ANSWERS
◉ Name an example of CNAME Answer: newName.example.com. ->
oldName.example.com.
◉ Name an example of A Record Answer: oldName.example.com. ->
192.0.2.23. It just maps a domain to an IP V4. AAAA does the same
but for IP v6 addresses.
◉ Which Route 53 Policy allows you to divide traffic among targets?
Answer: Weighted Routing Policy (it is a record type)
◉ You updated a DNS record but the requests against it are still
delivered against the old value, what could be happening? Answer:
Remember that there is the TTL. It takes time to update in the
network the registers. There is a trade off between caching vs how
many requests go to the DNS resolver.
◉ Is there any Route 53 Policy that ensures the best time to deliver
in regard of requests time? Answer: Yes, the Latency Routing Policy.
It evaluates the latency between the users and the AWS regions and
chooses from which region should come back the response.
,◉ Can you use domains bought on another marketplaces and route
them to Route 53? Answer: Yes, by creating a Public Hosted Zone
and updating in the marketplace the NS record (nameserver). I did
something similar with nic.cl and route53.
◉ What can Route 53 Health Checks monitor? Answer: Other health
checks, endpoints and Cloudwatch Alarms.
◉ Is a Security Group Stateful or Stateless in terms of Firewall?
Answer: Stateful, if traffic can go out then it can come in as response,
regardless of the inbound rules.
◉ Why are S3 and DynamoDB special in terms of VPC? Answer: They
use a VPC Gateway Endpoint, all the other services use an Interface
Endpoint (Private Link - private ip)
◉ Is VPC peering connection transitive? Answer: No
◉ What are Flow Logs for? Answer: They are a way to monitor IP
traffic coming into your VPC.
◉ What is AWS Direct Connect? Answer: A private connection
between your on premises installations and AWS Cloud which does
not travel through Internet.
,◉ Are S3 buckets globally unique? Answer: Yes
◉ What is an advantage of SSE-KMS in S3? Answer: You have control
over the rotation policy of the keys.
◉ Which S3 encryption method mandates using HTTPS? Answer:
SSE-C
◉ Which is the default URL where EC2 instances expose locally
metadata about the instance? Answer:
169.254.169.254/latest/meta-data
◉ How to test aws cli commands without actually executing them
Answer: --dry-run or policy simulator
◉ api call of sts to decode auth exceptions Answer: sts decode-
authorization-call
◉ sts api call to get mfa temporary credentials Answer: sts
GetSessionToken
◉ precedence order on which aws cli looks for credentials Answer:
command line, env vars, instance profile
, ◉ how can you sign api requests when writing custom code?
Answer: Using Signature V4
◉ How to add extra security when deleting objects in S3 Answer:
mfa delete
◉ How to log activity from S3 Answer: Enable S3 access logs
◉ Can you have expedite retrieval in Glacier Deep Archive Answer:
No
◉ How can you allow federated users upload files in S3? Answer:
With S3 pre signed Url which are temporary
◉ How to automate the deletion of old data in S3? Answer: S3
Lifecycle Rules expiration actions
◉ How to automate transition of S3 objects between their different
tiers? Answer: S3 Lifecycle Rules
◉ How to create an index out of S3 using an RDS as the index?
Answer: One can create an app to traverse the S3 bucket and issue a
EXAM SCRIPT 2026 FULL QUESTIONS AND
CORRECT ANSWERS
◉ Name an example of CNAME Answer: newName.example.com. ->
oldName.example.com.
◉ Name an example of A Record Answer: oldName.example.com. ->
192.0.2.23. It just maps a domain to an IP V4. AAAA does the same
but for IP v6 addresses.
◉ Which Route 53 Policy allows you to divide traffic among targets?
Answer: Weighted Routing Policy (it is a record type)
◉ You updated a DNS record but the requests against it are still
delivered against the old value, what could be happening? Answer:
Remember that there is the TTL. It takes time to update in the
network the registers. There is a trade off between caching vs how
many requests go to the DNS resolver.
◉ Is there any Route 53 Policy that ensures the best time to deliver
in regard of requests time? Answer: Yes, the Latency Routing Policy.
It evaluates the latency between the users and the AWS regions and
chooses from which region should come back the response.
,◉ Can you use domains bought on another marketplaces and route
them to Route 53? Answer: Yes, by creating a Public Hosted Zone
and updating in the marketplace the NS record (nameserver). I did
something similar with nic.cl and route53.
◉ What can Route 53 Health Checks monitor? Answer: Other health
checks, endpoints and Cloudwatch Alarms.
◉ Is a Security Group Stateful or Stateless in terms of Firewall?
Answer: Stateful, if traffic can go out then it can come in as response,
regardless of the inbound rules.
◉ Why are S3 and DynamoDB special in terms of VPC? Answer: They
use a VPC Gateway Endpoint, all the other services use an Interface
Endpoint (Private Link - private ip)
◉ Is VPC peering connection transitive? Answer: No
◉ What are Flow Logs for? Answer: They are a way to monitor IP
traffic coming into your VPC.
◉ What is AWS Direct Connect? Answer: A private connection
between your on premises installations and AWS Cloud which does
not travel through Internet.
,◉ Are S3 buckets globally unique? Answer: Yes
◉ What is an advantage of SSE-KMS in S3? Answer: You have control
over the rotation policy of the keys.
◉ Which S3 encryption method mandates using HTTPS? Answer:
SSE-C
◉ Which is the default URL where EC2 instances expose locally
metadata about the instance? Answer:
169.254.169.254/latest/meta-data
◉ How to test aws cli commands without actually executing them
Answer: --dry-run or policy simulator
◉ api call of sts to decode auth exceptions Answer: sts decode-
authorization-call
◉ sts api call to get mfa temporary credentials Answer: sts
GetSessionToken
◉ precedence order on which aws cli looks for credentials Answer:
command line, env vars, instance profile
, ◉ how can you sign api requests when writing custom code?
Answer: Using Signature V4
◉ How to add extra security when deleting objects in S3 Answer:
mfa delete
◉ How to log activity from S3 Answer: Enable S3 access logs
◉ Can you have expedite retrieval in Glacier Deep Archive Answer:
No
◉ How can you allow federated users upload files in S3? Answer:
With S3 pre signed Url which are temporary
◉ How to automate the deletion of old data in S3? Answer: S3
Lifecycle Rules expiration actions
◉ How to automate transition of S3 objects between their different
tiers? Answer: S3 Lifecycle Rules
◉ How to create an index out of S3 using an RDS as the index?
Answer: One can create an app to traverse the S3 bucket and issue a
