D338 ITCL 3204
Cloud Platform Solutions
Latest Objective Assessment Review
(With Solutions)
2026
1
,Multiple Choice Questions
A financial firm uses AWS Lambda to process transactions, requiring low
latency and high throughput. Which Lambda concurrency feature should
be enabled to avoid throttling during peak transactions?
A) Provisioned Concurrency
B) Reserved Concurrency
C) Auto-scaling Groups
D) Event Source Mapping
Answer: A) Provisioned Concurrency
Rationale: Provisioned Concurrency keeps Lambda instances initialized
and ready to respond immediately, reducing cold start latency critical for
financial transaction processing.
Your company needs to encrypt EBS volumes with customer-managed
keys and ensure that only specific EC2 instances can decrypt them. Which
AWS feature enables this?
A) KMS Customer Master Keys with IAM policies + EC2 roles
B) AWS Secrets Manager with EC2 key pairs
C) EC2 Instance Store Encryption
D) S3 SSE-KMS Encryption
Answer: A) KMS Customer Master Keys with IAM policies + EC2 roles
Rationale: AWS KMS supports customer-managed CMKs to restrict access
through IAM policies associated with EC2 roles, ensuring only authorized
instances can decrypt EBS volumes.
Which storage class is best for archiving data that requires expedited
retrieval within minutes in Amazon S3?
A) S3 Standard
B) S3 Glacier Deep Archive
C) S3 Glacier Flexible Retrieval (formerly Glacier)
D) S3 Intelligent-Tiering
2
, Answer: C) S3 Glacier Flexible Retrieval
Rationale: Glacier Flexible Retrieval offers archival storage with retrieval
options, including expedited retrieval within minutes, suitable for
infrequently accessed but urgent archival data.
In a multi-account AWS setup, how can centralized logging be
implemented to aggregate CloudTrail logs from all accounts?
A) Use AWS Organizations with CloudTrail Trail configured in each
account to send logs to a central S3 bucket in the master account
B) CloudWatch Logs in each account with cross-account subscriptions
C) Use AWS Config in every account to push logs to a central S3 bucket
D) Enable Amazon GuardDuty in the master account only
Answer: A) Use AWS Organizations with CloudTrail Trail configured in
each account to send logs to a central S3 bucket in the master account
Rationale: AWS Organizations allows centralized CloudTrail logging by
configuring trails in member accounts to deliver logs to the master
account’s S3 bucket.
You want to host a containerized application with automatic scaling and
minimal infrastructure management. Which AWS service is most
appropriate?
A) Amazon EC2 Auto Scaling Group
B) AWS Elastic Beanstalk with EC2
C) AWS Fargate with Amazon ECS
D) AWS Lambda
Answer: C) AWS Fargate with Amazon ECS
Rationale: AWS Fargate allows running containers without provisioning
or managing servers, with auto scaling and serverless experience.
Which AWS IAM feature allows temporary permissions to an EC2
instance to access S3, without storing long-term credentials?
3
Cloud Platform Solutions
Latest Objective Assessment Review
(With Solutions)
2026
1
,Multiple Choice Questions
A financial firm uses AWS Lambda to process transactions, requiring low
latency and high throughput. Which Lambda concurrency feature should
be enabled to avoid throttling during peak transactions?
A) Provisioned Concurrency
B) Reserved Concurrency
C) Auto-scaling Groups
D) Event Source Mapping
Answer: A) Provisioned Concurrency
Rationale: Provisioned Concurrency keeps Lambda instances initialized
and ready to respond immediately, reducing cold start latency critical for
financial transaction processing.
Your company needs to encrypt EBS volumes with customer-managed
keys and ensure that only specific EC2 instances can decrypt them. Which
AWS feature enables this?
A) KMS Customer Master Keys with IAM policies + EC2 roles
B) AWS Secrets Manager with EC2 key pairs
C) EC2 Instance Store Encryption
D) S3 SSE-KMS Encryption
Answer: A) KMS Customer Master Keys with IAM policies + EC2 roles
Rationale: AWS KMS supports customer-managed CMKs to restrict access
through IAM policies associated with EC2 roles, ensuring only authorized
instances can decrypt EBS volumes.
Which storage class is best for archiving data that requires expedited
retrieval within minutes in Amazon S3?
A) S3 Standard
B) S3 Glacier Deep Archive
C) S3 Glacier Flexible Retrieval (formerly Glacier)
D) S3 Intelligent-Tiering
2
, Answer: C) S3 Glacier Flexible Retrieval
Rationale: Glacier Flexible Retrieval offers archival storage with retrieval
options, including expedited retrieval within minutes, suitable for
infrequently accessed but urgent archival data.
In a multi-account AWS setup, how can centralized logging be
implemented to aggregate CloudTrail logs from all accounts?
A) Use AWS Organizations with CloudTrail Trail configured in each
account to send logs to a central S3 bucket in the master account
B) CloudWatch Logs in each account with cross-account subscriptions
C) Use AWS Config in every account to push logs to a central S3 bucket
D) Enable Amazon GuardDuty in the master account only
Answer: A) Use AWS Organizations with CloudTrail Trail configured in
each account to send logs to a central S3 bucket in the master account
Rationale: AWS Organizations allows centralized CloudTrail logging by
configuring trails in member accounts to deliver logs to the master
account’s S3 bucket.
You want to host a containerized application with automatic scaling and
minimal infrastructure management. Which AWS service is most
appropriate?
A) Amazon EC2 Auto Scaling Group
B) AWS Elastic Beanstalk with EC2
C) AWS Fargate with Amazon ECS
D) AWS Lambda
Answer: C) AWS Fargate with Amazon ECS
Rationale: AWS Fargate allows running containers without provisioning
or managing servers, with auto scaling and serverless experience.
Which AWS IAM feature allows temporary permissions to an EC2
instance to access S3, without storing long-term credentials?
3
