Mock Test — Week 1 Compute & IAM (15 questions)

• Date: 2026-05-25
• Topics: IAM, EC2, EBS, EFS, Instance Store, FSx
• Difficulty: exam-realistic
• Suggested time: ~25 min

Write your answers under "Your answers" below. Don't open the answer-key block until done.

Q1.

A company runs a Linux web application on multiple EC2 instances in three Availability Zones behind an Application Load Balancer. The instances must share a common writable file system. Which AWS service provides the most cost-effective solution?

• A) Amazon EBS Multi-Attach with an io2 volume
• B) Amazon EFS in the Standard storage class with a mount target per AZ
• C) Amazon S3 mounted via s3fs on each instance
• D) Amazon FSx for Lustre Scratch deployment

Q2.

A developer team wants to grant a new IAM role permission to read from an S3 bucket. The team lead, however, wants to ensure that no role created by developers can ever have more than read-only access to any service. Which feature enforces this maximum?

• A) Resource-based bucket policy
• B) Service Control Policy at the OU level
• C) IAM permissions boundary attached to the role
• D) Session policy passed during AssumeRole

Q3.

An EC2 instance running a Cassandra node requires the highest possible IOPS and lowest latency at the lowest cost. Data is replicated across three nodes. Which storage option fits best?

• A) gp3 EBS volume sized for needed IOPS
• B) io2 Block Express EBS volume
• C) Instance Store on an i4i instance type
• D) Amazon EFS Provisioned Throughput

Q4.

A Windows file server workload is being migrated to AWS. The application requires SMB protocol, integration with on-prem Active Directory, and multi-AZ high availability. Which solution fits?

• A) Amazon EFS with EFS Replication
• B) Amazon FSx for Windows File Server, Multi-AZ, joined to AD
• C) Amazon FSx for Lustre Persistent
• D) Amazon S3 + File Gateway with SMB

Q5.

An EC2 instance must be granted read access to an S3 bucket. What is the most secure way to provide credentials to an application running on the instance?

• A) Embed an IAM user access key in the application config
• B) Store keys in AWS Secrets Manager and call it on startup
• C) Attach an IAM role to the instance profile
• D) Place keys in the EC2 user-data script

Q6.

You need to keep EBS snapshots for regulatory retention of 3 years, but they are almost never accessed. Which option minimizes cost?

• A) Standard EBS snapshots in S3
• B) EBS Snapshot Archive tier
• C) Copy snapshots to Glacier Deep Archive manually
• D) Convert snapshots to AMIs and store as gp3 volumes

Q7.

A company runs a fault-tolerant batch processing pipeline that can resume from checkpoints. They want to minimize compute cost. Which EC2 purchase option is best?

• A) Reserved Instances (1-year, all upfront)
• B) On-Demand Instances
• C) Spot Instances in an Auto Scaling group with mixed instances policy
• D) Dedicated Hosts

Q8.

Which EBS volume type supports Multi-Attach to multiple EC2 instances at the same time?

• A) gp3
• B) st1
• C) io2 (and io1)
• D) sc1

Q9.

A workload uses an EC2 instance with both an EBS root volume and a local Instance Store volume. The instance is stopped and started. What happens to the data?

• A) Both EBS and Instance Store data are preserved
• B) EBS data is preserved; Instance Store data is lost
• C) Instance Store data is preserved; EBS data is lost
• D) Both are lost

Q10.

A SAP HANA in-memory database needs sub-millisecond latency, more than 100,000 IOPS, and 99.999 % durability. Which storage choice fits best?

• A) Multiple gp3 volumes striped with RAID 0
• B) io2 Block Express
• C) Instance Store on an i4i instance
• D) FSx for Lustre Persistent

Q11.

A solutions architect needs to allow an external SaaS vendor's AWS account to read objects from a specific S3 bucket in the company's account. Which is the most common and direct way?

• A) Create an IAM user in the company account and share its access keys
• B) Add a bucket policy that allows the vendor's account ARN access; the vendor calls S3 from their own role
• C) Replicate the bucket cross-account
• D) Move the bucket to AWS Organizations master

Q12.

A machine-learning training job will read 150 TB of data from S3 at multi-GB/s throughput across hundreds of GPU instances. Which storage choice minimizes training time?

• A) Mount the S3 bucket via s3fs on each instance
• B) Stage data to gp3 EBS on each instance
• C) FSx for Lustre Scratch linked to the S3 bucket
• D) EFS Max I/O mode

Q13.

Which statement about IAM roles is TRUE?

• A) Roles have long-lived access keys like IAM users
• B) An EC2 instance can assume only one role at a time via an instance profile
• C) Resource-based policies cannot grant access to roles
• D) Roles can be assigned to IAM groups

Q14.

You need to encrypt an existing unencrypted EBS volume with minimal downtime. Which procedure works?

• A) Use the AWS CLI modify-volume with --encrypted
• B) Detach, encrypt in place via AWS Backup
• C) Snapshot the volume → copy snapshot with encryption enabled → create new encrypted volume → swap
• D) Enable account-level "encrypt by default" — existing volumes are encrypted automatically

Q15.

A company runs 50 EC2 instances of the same type 24×7 in production. They want to maximize discount while keeping the flexibility to change instance family within the same compute category in the future. Which option fits best?

• A) Standard Reserved Instances locked to current family
• B) Compute Savings Plan
• C) Spot Instances
• D) Dedicated Host reservation

Your answers

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.