AWS Services Cheat Sheet & Bonus Content

30 questions on AWS Fundamentals Tutorial.

Question 1: What is the difference between an IAM User and an IAM Role in AWS?

A. IAM Users have passwords, while IAM Roles do not support permissions.
B. IAM Users are associated with a single person/application, while IAM Roles are temporary identities that can be assumed by users, applications, or AWS services. — (correct answer)
C. IAM Users are free, while IAM Roles are billed hourly.
D. IAM Users are global, while IAM Roles are region-specific.

Explanation: IAM Roles provide temporary credentials, eliminating the need to distribute long-term static access keys to EC2 instances or services.

Question 2: Which AWS storage service is best suited for sharing a read/write network file system among hundreds of EC2 Linux instances simultaneously?

A. Amazon S3
B. Amazon EBS
C. Amazon EFS — (correct answer)
D. Amazon S3 Glacier

Explanation: Amazon Elastic File System (EFS) provides a managed, scalable network file system (NFS) that can be mounted by multiple instances simultaneously.

Question 3: What is the security risk of placing an Amazon RDS database into a Public Subnet?

A. The database backup speed will decrease.
B. It exposes the database port directly to the public internet, inviting automated brute-force attacks and scans. — (correct answer)
C. It prevents the database from performing transactions.
D. RDS instances in public subnets are billed at double rates.

Explanation: Databases should reside in private subnets, accepting connection queries only from authorized web servers within the VPC.

Question 4: How does AWS Auto Scaling verify when to scale out (add instances) or scale in (terminate instances)?

A. By pinging the server every 10 seconds.
B. By monitoring CPU or memory metrics via Amazon CloudWatch and triggering scaling policies when thresholds are crossed. — (correct answer)
C. By monitoring the financial budget of the AWS account.
D. By requiring manual administrator approval on every request.

Explanation: Auto Scaling integrates with CloudWatch alarms to dynamically adapt instance counts to match traffic demand.

Question 5: What is the difference between AWS Route 53 Simple Routing Policy and Latency Routing Policy?

A. Simple routing does not check DNSSEC, while Latency routing does.
B. Simple routing routes requests randomly, while Latency routing sends users to the closest AWS region with the lowest network latency. — (correct answer)
C. Simple routing is asynchronous, while Latency routing is synchronous.
D. Latency routing charges users based on page load speed.

Explanation: Latency routing helps global applications improve response speeds by directing users to the AWS region that provides the best ping.

Question 6: What is 'Amazon S3'?

A. A virtual machine server hosting service.
B. A scalable object storage service designed to store and retrieve any amount of file data from anywhere on the web. — (correct answer)
C. A relational SQL database.
D. A server configuration wrapper.

Explanation: Simple Storage Service (S3) stores files as objects in buckets, providing 99.999999999% durability.

Question 7: What is the difference between a Security Group and a Network Access Control List (NACL) in AWS?

A. Security Groups are stateless, while NACLs are stateful.
B. Security Groups operate at the instance level (stateful), while NACLs operate at the subnet level (stateless). — (correct answer)
C. NACLs are only used for databases.
D. Security Groups are billed hourly, while NACLs are free.

Explanation: Security groups act as firewalls for EC2 instances. NACLs act as firewalls for subnets.

Question 8: What is the role of an AWS Internet Gateway?

A. It speeds up database query speeds.
B. A VPC component that allows communication between instances in your VPC and the public internet, enabling inbound and outbound traffic. — (correct answer)
C. It encrypts S3 bucket uploads.
D. It pools database connections.

Explanation: Internet Gateways provide NAT targets for public subnets, linking VPCs to the internet.

Question 9: Which AWS compute service runs code snippets serverlessly in response to events?

A. Amazon EC2
B. AWS Lambda — (correct answer)
C. AWS Elastic Beanstalk
D. Amazon ECS

Explanation: AWS Lambda runs backend functions without requiring server provisioning or OS management.

Question 10: What does an Amazon VPC (Virtual Private Cloud) represent?

A. A virtual desktop environment for developers.
B. A logically isolated virtual network dedicated to your AWS account, letting you configure IP ranges, subnets, and route tables. — (correct answer)
C. A database caching cluster.
D. A public domain registration hub.

Explanation: VPCs establish the network boundary within which EC2 instances and RDS databases are deployed.

Question 11: How do you allow instances in a private subnet to download updates from the internet while blocking inbound connections?

A. By attaching an Internet Gateway directly to the instances.
B. By deploying a NAT Gateway in a public subnet and routing outbound private traffic through it. — (correct answer)
C. By placing instances in a database subnet group.
D. By assigning public IP addresses to the private instances.

Explanation: NAT Gateways translate private requests to public IPs, forwarding traffic without exposing internal hosts.

Question 12: What is 'Amazon EC2'?

A. A serverless database service.
B. Elastic Compute Cloud, providing scalable virtual machine servers in the AWS cloud. — (correct answer)
C. A caching service.
D. A network firewall.

Explanation: EC2 represents Infrastructure as Service (IaaS), offering configurable virtual servers.

Question 13: Which database service is standard for fully managed, serverless NoSQL key-value datasets?

A. Amazon RDS
B. Amazon DynamoDB — (correct answer)
C. Amazon Aurora
D. Amazon Redshift

Explanation: DynamoDB is a serverless NoSQL database yielding single-digit millisecond responses at scale.

Question 14: What is the difference between AWS CloudWatch and AWS CloudTrail?

A. CloudWatch logs database transactions, while CloudTrail logs S3 file uploads.
B. CloudWatch monitors performance metrics and resource logs, while CloudTrail records API calls and account user activity history. — (correct answer)
C. CloudTrail is slower and deprecated.
D. CloudWatch is strictly client-side.

Explanation: CloudWatch checks application health/stats. CloudTrail checks audit logs and API command logs.

Question 15: What is the purpose of an IAM Policy?

A. Defining the billing limits of the account.
B. A JSON document that defines permissions, specifying which actions are allowed or denied on target AWS resources. — (correct answer)
C. Creating backup configurations.
D. Defining subnet ranges.

Explanation: IAM policies bind rules to users or roles, mapping resource access permissions.

Question 16: What does an Amazon Route 53 failover routing policy do?

A. Deletes bad database connection listings.
B. Routes traffic to a primary resource if active, and redirects users to a secondary backup site if the primary fails health checks. — (correct answer)
C. Caches static files at Edge Locations.
D. Restarts EC2 instances automatically.

Explanation: Failover routing provides high availability, shifting traffic to backup resources during outages.

Question 17: What is the difference between Amazon SQS and Amazon SNS?

A. SQS is push-based, while SNS is pull-based.
B. SQS is a message queue (pull-based) for decoupling microservices, while SNS is a pub/sub messaging service (push-based) for broadcasting alerts. — (correct answer)
C. SNS is only used for sending SMS text messages.
D. SQS is deprecated in modern architectures.

Explanation: SQS buffers requests in queues; SNS broadcasts messages instantly to all active subscribers.

Question 18: What is 'Amazon CloudFront'?

A. A serverless code execution runner.
B. A fast Content Delivery Network (CDN) service that securely delivers data, videos, and APIs to users globally with low latency. — (correct answer)
C. A virtual desktop interface.
D. A database replication tool.

Explanation: CloudFront caches assets at global Edge Locations, bypassing slow core servers.

Question 19: What does the 'Estimated Hours' metric help estimate?

A. The time needed to complete a course certification. — (correct answer)
B. The estimated execution duration of Lambda functions.
C. The estimated monthly billing costs.
D. The network database latency.

Explanation: Roadmaps display estimated hours to help users budget learning schedules.

Question 20: What is the benefit of using AWS KMS (Key Management Service)?

A. It generates SSH passwords.
B. It provides centralized creation and management of cryptographical keys used to encrypt data across AWS services. — (correct answer)
C. It routes traffic through virtual private gateways.
D. It compiles model files in cloud grids.

Explanation: KMS handles key generation and envelopes, enforcing role-based key access policies.

Question 21: Which storage option is best suited as a local virtual hard drive for a single EC2 instance requiring high-speed block storage?

A. Amazon S3
B. Amazon EBS (Elastic Block Store) — (correct answer)
C. Amazon EFS
D. Amazon Glacier

Explanation: EBS volumes are block-level storage devices designed for high-performance EC2 hard drives.

Question 22: What is an 'AWS Region'?

A. A specific database index.
B. A physical geographic location containing multiple isolated, redundant data centers (Availability Zones). — (correct answer)
C. A network connection port range.
D. A cloud user group.

Explanation: Regions isolate infrastructure geographically, allowing developers to deploy close to users.

Question 23: What is the difference between an AWS Availability Zone (AZ) and an AWS Edge Location?

A. AZs are serverless, while Edge Locations run virtual machines.
B. AZs are full data centers where you deploy resources (EC2/RDS), while Edge Locations cache content for CloudFront CDN. — (correct answer)
C. Edge Locations are slower and host databases.
D. AZs do not support private subnets.

Explanation: AZs run active workloads. Edge locations cache static files close to users.

Question 24: What does an Amazon RDS Multi-AZ deployment guarantee?

A. Lower monthly cloud billing rates.
B. High availability and automated failover by replicating database data synchronously to a standby instance in a different AZ. — (correct answer)
C. Zero database read latency.
D. Automatic column indexing.

Explanation: Multi-AZ RDS automatically promotes standby instances during primary data center failures.

Question 25: What is the purpose of AWS CloudFormation?

A. Monitoring server temperatures in data centers.
B. An Infrastructure as Code (IaC) tool letting you model, provision, and update AWS resources using declarative template files. — (correct answer)
C. Setting up database replication tables.
D. Compiling local files.

Explanation: CloudFormation automates environment deployments, creating resource stacks from YAML configurations.

Question 26: Which tool helps visualize and budget AWS accounts costs and usage?

A. Amazon CloudWatch
B. AWS Cost Explorer — (correct answer)
C. AWS CloudTrail
D. Amazon Route 53

Explanation: Cost Explorer displays spending charts, helping teams manage cloud resources.

Question 27: What does 'IAM' stand for?

A. Internal Access Manager
B. Identity and Access Management — (correct answer)
C. Internet Authorization Mode
D. Instance Allocation Model

Explanation: IAM administers authentication and authorization variables inside the AWS console.

Question 28: What is the purpose of a VPC NAT Gateway?

A. To block public database ports.
B. To allow private subnet hosts outbound internet access for updates while blocking inbound traffic. — (correct answer)
C. To cache images at Edge Locations.
D. To run serverless backend scripts.

Explanation: NAT Gateways translate private IPs, sending traffic out without exposing servers.

Question 29: What is the difference between Amazon S3 Standard and Amazon S3 Glacier storage classes?

A. Standard is for files, Glacier is for databases.
B. Standard is designed for active, high-frequency access; Glacier is cheap archival storage with retrieval times of hours. — (correct answer)
C. Glacier is faster and more expensive.
D. Standard does not support lifecycle rules.

Explanation: Glacier saves costs on compliance or backup data that is rarely queried.

Question 30: What is an 'Availability Zone' (AZ) in AWS?

A. A public IP range.
B. One or more discrete data centers with redundant power, networking, and connectivity within an AWS Region. — (correct answer)
C. A user role permission level.
D. A caching node.

Explanation: AZs shield workloads from single data center outages, providing local redundancy.

AWS Services Cheat Sheet & Bonus Content

Test your knowledge with interactive questions.

Ready to test your skills?

You are about to start a comprehensive quiz containing questions covering AWS Fundamentals Tutorial. You have 30 minutes to complete it.

Discussion (0)

Comments are reviewed before appearing.

No comments yet — be the first!

Featured

Browse All 21+ Subject Areas

Popular Topics

More Topics

Quick Links

Featured

Visual Algorithm Labs

Sorting Algorithms

Data Structures

Featured

Frontend Dev

Career Paths

Skill Tracks

Featured

The Future of Web Architecture in 2026

Categories

Community

Practice Quizzes

AWS Services Cheat Sheet & Bonus Content

Ready to test your skills?

Correct!

Incorrect

Explanation

Quiz Navigator /

Current Score

Discussion (0)

Send Feedback / Bug

Feedback Submitted!