HomeExamsCloudTETACLDPRFIC3100
TETACLDPRFIC3100

Infosys Certified AWS Professional Practitioner

Practice with real exam-pattern questions for Infosys Certified AWS Professional Practitioner. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.

AdvancedCloud90 min
Free questions

10 Infosys Certified AWS Professional Practitioner practice questions with answers

Real Lex exam-pattern multiple-choice questions for the Infosys Certified AWS Professional Practitioner certification. Each question includes the correct answer. The full question bank is available to Premium members.

  1. Question 1

    You have multiple AWS accounts in your enterprise based on the project and geographical region. You want to set up a centralized control for all user permissions. How do you manage to limit the permission boundary such as restricting the IAM Principals in accounts from modifying the administrative IAM role except the role itself?

    • Bring all your AWS accounts under AWS Organizations. Create a service control policy(SCP) attached to the root, that defines the permission guardrails across the accounts in your organization. The SCP denies all principals in the accounts from updating or deleting the AdminRole, except the administrative IAM role itself.

      Correct
    • B

      Setup an IAM role that defines the permission guardrails across the accounts in your organization. It denies all principals in the account from updating or deleting the AdminRole, except the administrative IAM role itself.

    • C

      Bring all your AWS accounts under AWS Organizations. Create a service control policy(SCP) at an organization unit(OU), that defines the permission guardrails across the accounts in your organization. The SCP denies all principals in the accounts from updating or deleting the AdminRole, except the administrative IAM role itself.

    • D

      Bring all your AWS accounts under AWS Organizations. Create a service control policy(SCP) at a member account, that defines the permission guardrails across the accounts in your organization. The SCP denies all principals in the accounts from updating or deleting the AdminRole, except the administrative IAM role itself.

  2. Question 2

    A retail company uses AWS Cloud to manage its IT infrastructure. The company has set up "AWS Organizations" to manage several departments running their AWS accounts and using resources such as EC2 instances and RDS databases. The company wants to provide shared and centrally managed VPCs to all departments using applications that need a high degree of interconnectivity. As a Solutions Architect, which of the following options would you choose to facilitate this use-case?

    • Use VPC sharing to share a VPC with other AWS accounts belonging to same parent organization from AWS organization

      Correct
    • B

      Use VPC peering to share one or more subnets with other AWS accounts belonging to same parent organization from AWS organization

    • C

      Use VPC sharing to share one or more subnets with other AWS accounts belonging to same parent organization from AWS organizations

    • D

      Use VPC peering to share VPC with other AWS accounts belonging to same parent organization from AWS organization

  3. Question 3

    A retail organization migrated to AWS and with more growth in business, they wanted a better governance for Service accounts. They started creating an auditor and admin group for every account and was finding it difficult to manage permissions. Which of the following can be the best solution for resolving above problem?

    • Allows management of resources across AWS accounts using single user ID and password

      Correct
    • B

      Granting appropriate permissions for each role and allowing cross-account access

    • C

      Retain admin groups for each account and continue managing new user access through IAM roles

    • D

      Retain Audit for each account and continue managing new user access through IAM roles

  4. Question 4

    Your company is using Microsoft AD to manage all employee accounts and devices. IT department has instructed you to implement SSO feature to ensure employees use their existing Windows account to connect and use AWS resources.

    Identify the best suitable way to extend AD domain to AWS?

    • Create users, groups with AWS SSO along with AWS Organization to help you manage SSO access and user permissions across AWS accounts.

      Correct
    • B

      Use AWS Congnito to authorize users to your applications using Direct Signin or through third party apps and access apps using backend resources of AWS.

    • C

      Use AWS Directory service to integrate AWS resources with existing AD using trust relationship. Enable SSO using managed Microsoft AD.

    • D

      Use IAM roles to setup cross account access and delegate access to resources in AWS account.

  5. Question 5

    An online food services startup has recently migrated to AWS to reduce the cost of ownership in the on-premises environment and to provide efficient services to its clients across countries. The architecture of the three tier application includes Amazon EC2 instances created using an Autoscaling group behind a load balancer, Multi-AZ RDS instance to store user information, DynamoDB for transactional operations and Redshift for preliminary analytics. They have also deployed WAF for preventing attacks from malicious requests. Of late the users find that the application is offline. The architects of the enterprise found "Internal Server Error" during their initial trial. Which of the following addresses this challenge?

    • The load balancer is unable to communicate with the IdP token endpoint or the IdP user info endpoint. Verify that the security groups for your load balancer and the network ACLs for your VPC allow outbound access to these endpoints. Verify that your VPC has internet access.

      Correct
    • B

      You configured an AWS WAF web access control list (web ACL) and there was an error executing the web ACL rules. Please fix the web ACL to resume the application services.

    • C

      The Load balancer received a request from a client, but the client closed the connection with the load balancer before the idle timeout period elapsed. Check whether the client timeout period is greater than the idle timeout period for the load balancer. Ensure that your target provides a response to the client before the client timeout period elapses.

    • D

      You configured an AWS WAF web access control list (web ACL) to monitor requests to your Application Load Balancer and it blocked the requests. Update the Web ACL accordingly and the application resumes.

  6. Question 6

    A supermarket application is deployed in AWS. They want to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC). What criterion must be met for this to be possible?

    • The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public AWS CodeDeploy endpoint.

      Correct
    • B

      The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public Amazon S3 service endpoint.

    • C

      The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.

    • D

      It is not currently possible to use AWS CodeDeploy to deploy an application to Amazon EC2 instances

  7. Question 7

    Analog.in, a fashion apparel site is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL.

    Which are the best approaches to meet these requirements? (Choose 2 options)

    • Deploy ElastiCache in-memory cache running in each availability zone

      Correct
    • B

      Implement sharding to distribute load to multiple RDS MySQL instances

    • C

      Increase the RDS MySQL Instance size and Implement provisioned IOPS

    • D

      Add an RDS MySQL read replica in each availability zone

  8. Question 8

    Your company has migrated to AWS cloud with two departments having several EC2 instances. Department A has a requirement to backup EBS volumes every 12 hours and the administrator set up a Data LifeCycle Policy in DLM for their instances. Department B requires a similar Data LifeCycle Policy as well for their instances. However, they prefer the schedule to run every 24 hours. The administrator has noticed that 2 EC2 EBS volumes have been owned by two departments at the same time. How can the administrator set up the Data LifeCycle Policy for Department B?

    • Add a tag for EBS volumes that Department B has owned. Set up a Data LifeCycle Policy based on the tag. For the EBS volumes owned by two departments, snapshots will be taken every 12 hours and 24 hours.

      Correct
    • B

      Add a tag for EBS volumes that Department B has owned. Set up a Data LifeCycle Policy based on the tag. For the EBS volumes owned by two departments, snapshots will not be taken as there is a schedule conflict between two policies. However other EBS volumes are not affected.

    • C

      Add a tag for EBS volumes that Department B has owned. Set up a Data LifeCycle Policy based on the tag. For the EBS volumes owned by two departments, snapshots will be taken every 12 hours as 12 hours schedule takes priority.

    • D

      Add a tag for EBS volumes that Department B has owned except the EBS volumes owned by two departments. Set up a Data LifeCycle Policy based on this tag. For the EBS volumes owned by two departments, snapshots are taken every 12 hours due to the policy of Department A.

  9. Question 9

    A famous online travel company has hosted its application in a multi-tier architecture. The application is hosted in organization’s premises. The organization had faced a huge traffic request recently due to the sudden announcement on offers, which resulted in downtime. Your organization is likely to experience a similar burst due to the same offer announcement. Being part of administrator team, you are asked to improve the infrastructure rapidly such that it can handle the huge traffic request.

    Your application architecture currently uses several Linux Apache web servers placed behind the load balancer and Linux based MYSQL Database server.

    The organization has planned to leverage AWS services to handle the burst. Which of the below solutions from AWS will help in resolving the issue in less amount of time?

    • Create a static website in S3 bucket. Create a hosted zone in Route 53, opt for failover routing policy and map the S3 url to it.

      Correct
    • B

      Create an AMI, which can be used to launch web servers in EC2 and place them in-front of the Elastic Load Balancing. Ensure that the load balancers balance the traffic between on-premises server and AWS servers. Create Auto Scaling group, which uses the AMI to scale the web tier based on the incoming traffic.

    • C

      Setup a CIoudFront distribution and configure CloudFront to cache objects from your on-premises environment using the custom origin option. Customize your object cache behavior and TTL so that the data will be present in the cache for the defined TTL.

    • D

      Use VM Import/Export to quickly convert an on-premises web server to an AMI. Create Auto Scaling group, which uses the AMI to scale the web tier based on incoming traffic.

  10. Question 10

    An organization wants to move a legacy client-server application to AWS. The app responds to a particular DNS domain, myapp.com and has a 2-tier architecture - with multiple app servers and a DB server. Remote clients use TCP to connect to the app servers. The app servers need to know the IP address of the clients in order to function properly and are currently taking from the TCP socket. A multi-AZ RDS MySQL instance is used for the database. During the migration you can change the application code but you have to file a change request. How would you implement the architecture on AWS in order to maximize the scalability and high availability?

    • File a change request to implement Proxy Protocol support in the application. Use an ELB with a TCP Listener and Proxy protocol enabled to distribute loan on two application servers in different AZs

      Correct
    • B

      File a change request to implement Cross Zone support in the application. Use an ELB with a TCP Listener and Cross Zone Load Balancing enabled to distribute load on two application servers in different AZs

    • C

      File a change request to implement Latency Based Routing support in the application. Use Route53 with Latency based routing to distribute load on two application servers in different AZs

    • D

      File a change request to implement alias Resource support in the application. Use Route53 Alias Resource Record to distribute load on two application servers in different AZs

Related

More in Cloud

All exams
TETAGCPPSEIC3001Free preview

Infosys Certified Google Professional Cloud Security Engineer

AdvancedCloud
View exam · Try 10 free
TETAAWSCBCIC1001Free preview

Infosys Certified AWS Cloud Beginner

BeginnerCloud
View exam · Try 10 free
TETACLDGCDIC1001Free preview

Infosys Certified Google Cloud Digital Leader

BeginnerCloud
View exam · Try 10 free
Pricing

Pay once. Clear every cert this year.

One subscription, full Telegram channel access, every PDF posted during your membership.

Monthly
50% OFF
₹1,300₹2,600
Per month · cancel anytime
  • Full access to all 1,357+ certifications
  • Monthly updated question banks
  • Telegram private channel access
  • Cancel anytime
Get Monthly
POPULAR
Quarterly
44% OFF
₹1,800₹3,200
That's ₹600/mo · billed for 3 months
  • Everything in Monthly
  • Save ₹2,100 vs monthly billing
  • Priority answer key requests
  • Best for increasing DQ score fast
Get Quarterly
BEST VALUE
Lifetime
52% OFF
₹2,400₹5,000
One-time · lifetime access
  • Everything in Quarterly
  • Lifetime channel access — no renewals
  • All future certifications included
  • Priority response from admin team
Get Lifetime
FAQ

Common questions, straight answers.

A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.

Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.

We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.

Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.

Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.

i
InfyLexDumps

Independent exam preparation platform for Infosys Lex certifications. Real exam-pattern question banks, monthly updates, 180K+ community members.

Join Premium Telegram
Contact
  • @prepflixadmin
  • admin@prepflix.net
This platform is an independent educational resource and is not affiliated with or endorsed by Infosys Ltd. All certification names referenced are property of their respective owners.
© 2026 InfyLexDumps
Join Premium Telegram