Practice question library
Every practice question has a dedicated URL for search and sharing — with the full stem, answer breakdown, and official documentation links.
AWS Certified AI Practitioner (AIF-C01)
84 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to access foundation models from multiple providers through one API?
- What is the MOST appropriate AWS solution to build a conversational assistant that calls APIs and queries data?
- What is the MOST appropriate AWS solution to chunk documents and store vectors for retrieval?
- What is the MOST appropriate AWS solution to connect private documents to a foundation model for Q&A?
- What is the MOST appropriate AWS solution to customize a foundation model with labeled examples for a specific task?
- What is the MOST appropriate AWS solution to detect bias and explain model predictions?
- What is the MOST appropriate AWS solution to encrypt model artifacts and training data at rest?
- What is the MOST appropriate AWS solution to expose a generative AI feature behind a REST API to web clients?
- What is the MOST appropriate AWS solution to invoke models for text generation with on-demand throughput?
- What is the MOST appropriate AWS solution to label raw data for supervised learning at scale?
- What is the MOST appropriate AWS solution to train and deploy custom ML models with managed infrastructure?
- An audit found gaps: the organization must convert text to lifelike speech. Which option addresses this? convert text…
+ 72 more indexed — see exam overview
AWS Certified Advanced Networking – Specialty (ANS-C01)
83 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to accelerate TCP traffic globally?
- What is the MOST appropriate AWS solution to allocate IP addresses at scale?
- What is the MOST appropriate AWS solution to analyze VPC traffic metadata?
- What is the MOST appropriate AWS solution to connect many VPCs without full mesh peering?
- What is the MOST appropriate AWS solution to create dedicated private link to AWS?
- What is the MOST appropriate AWS solution to deploy SD-WAN integrated with AWS?
- What is the MOST appropriate AWS solution to design IPv6-only workloads in VPC?
- What is the MOST appropriate AWS solution to domain filtering for outbound traffic?
- What is the MOST appropriate AWS solution to encrypt VPN over internet?
- What is the MOST appropriate AWS solution to extend on-prem routing into AWS?
- What is the MOST appropriate AWS solution to mTLS between services?
- What is the MOST appropriate AWS solution to protect L7 APIs from bots?
+ 71 more indexed — see exam overview
AWS Certified Cloud Practitioner (CLF-C02)
148 practice questions with dedicated study pages.
- The AWS Acceptable Use Policy describes:
- Which are advantages of cloud computing? (Select TWO.)
- AWS Amplify helps developers:
- Amazon API Gateway is used to:
- AWS App Runner deploys:
- Amazon Athena allows you to:
- AWS Audit Manager helps:
- Amazon Aurora is:
- What is an Availability Zone?
- AWS Batch runs:
- Which benefit of cloud computing lets you provision resources in minutes instead of waiting weeks for hardware?
- Which benefit describes trading upfront data center costs for pay-as-you-go pricing?
+ 136 more indexed — see exam overview
AWS Certified CloudOps Engineer – Associate (SOA-C02)
85 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to aggregate logs across accounts?
- What is the MOST appropriate AWS solution to automate backups across services?
- What is the MOST appropriate AWS solution to collect metrics and logs from EC2 and AWS services?
- What is the MOST appropriate AWS solution to connect on-premises to AWS privately?
- What is the MOST appropriate AWS solution to use desired state configuration for instances?
- What is the MOST appropriate AWS solution to enforce CIS benchmarks on instances?
- What is the MOST appropriate AWS solution to host private subnets for application tiers?
- What is the MOST appropriate AWS solution to maintain RDS backups and point-in-time recovery?
- What is the MOST appropriate AWS solution to patch Windows and Linux fleets on schedule?
- What is the MOST appropriate AWS solution to provision infrastructure from templates?
- What is the MOST appropriate AWS solution to replicate servers to AWS for DR with minimal downtime?
- What is the MOST appropriate AWS solution to run operational tasks like patching at scale?
+ 73 more indexed — see exam overview
AWS Certified Data Engineer – Associate (DEA-C01)
82 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to archive cold data cheaply?
- What is the MOST appropriate AWS solution to catalog and transform data in a data lake?
- What is the MOST appropriate AWS solution to column-level security in the lake?
- What is the MOST appropriate AWS solution to encrypt data at rest in S3 and Redshift?
- What is the MOST appropriate AWS solution to ingest real-time streaming data?
- What is the MOST appropriate AWS solution to low-latency key-value for metadata?
- What is the MOST appropriate AWS solution to migrate on-premises databases to AWS?
- What is the MOST appropriate AWS solution to monitor ETL job failures and retries?
- What is the MOST appropriate AWS solution to optimize Redshift query performance?
- What is the MOST appropriate AWS solution to orchestrate complex ETL dependencies?
- What is the MOST appropriate AWS solution to partition S3 data for Athena cost savings?
- What is the MOST appropriate AWS solution to petabyte-scale cloud data warehouse?
+ 70 more indexed — see exam overview
AWS Certified Database – Specialty (DBS-C01)
80 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to alarms on replica lag?
- What is the MOST appropriate AWS solution to audit SQL activity on RDS?
- What is the MOST appropriate AWS solution to automate patching for RDS?
- What is the MOST appropriate AWS solution to blue/green database upgrades?
- What is the MOST appropriate AWS solution to cache relational read workloads in memory?
- What is the MOST appropriate AWS solution to export/import large datasets to RDS?
- What is the MOST appropriate AWS solution to global read scaling for Aurora?
- What is the MOST appropriate AWS solution to graph relationships at scale?
- What is the MOST appropriate AWS solution to key-value single-digit ms latency at scale?
- What is the MOST appropriate AWS solution to migrate databases with minimal downtime?
- What is the MOST appropriate AWS solution to monitor DB performance insights?
- What is the MOST appropriate AWS solution to OLTP with MySQL compatibility on Aurora?
+ 68 more indexed — see exam overview
AWS Certified DevOps Engineer – Professional (DOP-C02)
84 practice questions with dedicated study pages.
- Amazon API Gateway fronts Lambda for a REST API. Route 53 provides DNS. A new Lambda version is ready; 10% of…
- An application on Amazon EC2 instances in multiple Availability Zones pulls messages from an Amazon SQS queue. During…
- An application runs on EC2 behind an Application Load Balancer in an Auto Scaling group. AWS CodeDeploy performs…
- During a blue/green CodeDeploy cutover, target 5xx rates from the load balancer are not rising, but application log…
- Chaos testing should inject EC2 stop failures in a non-production environment with guardrails. Which AWS service is…
- Two CodePipeline flows build the same Git branch: one deploys to development, one to UAT. UAT shows a defect that does…
- A company needs to alert on Auto Scaling failures. Which option meets the requirement with the LEAST implementation…
- A company needs to auto-remediate non-compliant resources. Which option meets the requirement with the LEAST…
- A company deployed AWS resources with a CloudFormation template that listed only properties required to create each…
- A company needs to immutable infrastructure for EC2. Which option meets the requirement with the LEAST implementation…
- A company needs to manage Ansible/Chef at scale. Which option meets the requirement with the LEAST implementation…
- A company needs to orchestrate CI/CD with manual approvals. Which option meets the requirement with the LEAST…
+ 72 more indexed — see exam overview
AWS Certified Developer – Associate (DVA-C02)
82 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to authorize API callers with signed requests?
- What is the MOST appropriate AWS solution to automate build, test, and release pipelines?
- What is the MOST appropriate AWS solution to compile source and produce artifacts?
- What is the MOST appropriate AWS solution to create REST APIs for microservices?
- What is the MOST appropriate AWS solution to deploy infrastructure consistently?
- What is the MOST appropriate AWS solution to encrypt environment variables for Lambda?
- What is the MOST appropriate AWS solution to fan out events to multiple subscribers?
- What is the MOST appropriate AWS solution to run event-driven functions without servers?
- What is the MOST appropriate AWS solution to search application logs with Insights queries?
- What is the MOST appropriate AWS solution to send asynchronous messages between services?
- What is the MOST appropriate AWS solution to store objects for serverless web assets?
- What is the MOST appropriate AWS solution to store API keys and rotate them automatically?
+ 70 more indexed — see exam overview
AWS Certified Generative AI Developer – Professional (AIP-C01)
81 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to apply least privilege to InvokeModel?
- What is the MOST appropriate AWS solution to block harmful prompts and responses?
- What is the MOST appropriate AWS solution to build tool-using agents that call APIs?
- What is the MOST appropriate AWS solution to choose model by latency vs quality tradeoff?
- What is the MOST appropriate AWS solution to choose chunking strategy for technical docs?
- What is the MOST appropriate AWS solution to encrypt prompts/responses at rest in logs?
- What is the MOST appropriate AWS solution to filter retrieval by tenant metadata?
- What is the MOST appropriate AWS solution to fine-tune models with proprietary data?
- What is the MOST appropriate AWS solution to implement streaming responses in chat UI?
- What is the MOST appropriate AWS solution to ingest PDFs into a knowledge base?
- What is the MOST appropriate AWS solution to invoke multiple FMs through unified APIs?
- What is the MOST appropriate AWS solution to use OpenAPI schemas for agent actions?
+ 69 more indexed — see exam overview
AWS Certified Machine Learning Engineer – Associate (MLA-C01)
82 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to use built-in algorithms for common ML tasks?
- What is the MOST appropriate AWS solution to deploy real-time inference behind an endpoint?
- What is the MOST appropriate AWS solution to deploy multiple models behind one endpoint?
- What is the MOST appropriate AWS solution to detect schema and statistics on S3 data?
- What is the MOST appropriate AWS solution to detect data drift in production features?
- What is the MOST appropriate AWS solution to encrypt training volumes and model artifacts?
- What is the MOST appropriate AWS solution to explain individual predictions to stakeholders?
- What is the MOST appropriate AWS solution to handle class imbalance in training data?
- What is the MOST appropriate AWS solution to label images for object detection?
- What is the MOST appropriate AWS solution to orchestrate ML CI/CD steps?
- What is the MOST appropriate AWS solution to run ETL on large datasets in a data lake?
- What is the MOST appropriate AWS solution to run asynchronous inference for large payloads?
+ 70 more indexed — see exam overview
AWS Certified Machine Learning – Specialty (MLS-C01)
80 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to batch transform for large inference?
- What is the MOST appropriate AWS solution to deploy real-time inference endpoints?
- What is the MOST appropriate AWS solution to detect model drift?
- What is the MOST appropriate AWS solution to distributed training on GPU clusters?
- What is the MOST appropriate AWS solution to ETL for ML datasets?
- What is the MOST appropriate AWS solution to feature store for training and serving?
- What is the MOST appropriate AWS solution to hyperparameter tuning jobs?
- What is the MOST appropriate AWS solution to ingest streaming data for ML?
- What is the MOST appropriate AWS solution to label training data at scale?
- What is the MOST appropriate AWS solution to managed Jupyter for exploration?
- What is the MOST appropriate AWS solution to prepare ML features at scale?
- What is the MOST appropriate AWS solution to profile large tabular datasets?
+ 68 more indexed — see exam overview
AWS Certified Security – Specialty (SCS-C02)
87 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to automate containment playbooks?
- What is the MOST appropriate AWS solution to classify and protect PII in S3?
- What is the MOST appropriate AWS solution to continuous compliance auditing?
- What is the MOST appropriate AWS solution to detect malicious API activity?
- What is the MOST appropriate AWS solution to encrypt S3 with CMKs?
- What is the MOST appropriate AWS solution to enforce MFA for console users?
- What is the MOST appropriate AWS solution to enforce encryption in transit?
- What is the MOST appropriate AWS solution to federate workforce access?
- What is the MOST appropriate AWS solution to find suspicious IAM behavior?
- What is the MOST appropriate AWS solution to mitigate DDoS?
- What is the MOST appropriate AWS solution to use permission boundaries for delegated admins?
- What is the MOST appropriate AWS solution to protect web apps from OWASP Top 10?
+ 75 more indexed — see exam overview
AWS Certified Solutions Architect – Associate (SAA-C03)
82 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to automatically replace unhealthy EC2 instances in a group?
- What is the MOST appropriate AWS solution to commit to consistent compute usage for lower hourly rates?
- What is the MOST appropriate AWS solution to distribute incoming application traffic across multiple targets?
- What is the MOST appropriate AWS solution to encrypt data at rest in S3 with customer-managed keys?
- What is the MOST appropriate AWS solution to enforce MFA and least privilege for human access?
- What is the MOST appropriate AWS solution to filter HTTP requests for SQL injection and XSS?
- What is the MOST appropriate AWS solution to process streaming data in real time?
- What is the MOST appropriate AWS solution to use a purpose-built NoSQL database with single-digit ms latency at any…
- What is the MOST appropriate AWS solution to replicate a relational database to a standby in another AZ?
- What is the MOST appropriate AWS solution to route DNS traffic based on latency, geolocation, or failover?
- What is the MOST appropriate AWS solution to run code without managing servers for spiky traffic?
- What is the MOST appropriate AWS solution to serve content from edge locations close to users?
+ 70 more indexed — see exam overview
AWS Certified Solutions Architect – Professional (SAP-C02)
87 practice questions with dedicated study pages.
- What is the MOST appropriate AWS solution to build data mesh with domain ownership?
- What is the MOST appropriate AWS solution to use cell-based architecture for blast-radius control?
- What is the MOST appropriate AWS solution to centralize DNS and hybrid resolution?
- What is the MOST appropriate AWS solution to choose storage for millions of small objects?
- What is the MOST appropriate AWS solution to design event-driven microservices across accounts?
- What is the MOST appropriate AWS solution to discover on-premises servers for migration planning?
- What is the MOST appropriate AWS solution to establish landing zones with guardrails?
- What is the MOST appropriate AWS solution to govern hundreds of accounts with SCPs and OU structure?
- What is the MOST appropriate AWS solution to implement network hub-and-spoke at scale?
- What is the MOST appropriate AWS solution to implement active-active multi-Region front end?
- What is the MOST appropriate AWS solution to migrate databases with minimal downtime?
- What is the MOST appropriate AWS solution to modernize Windows .NET apps with containers?
+ 75 more indexed — see exam overview
CompTIA A+ (220-1101 / 1102)
102 practice questions with dedicated study pages.
- Which accessory extends laptop ports when the mobile device has limited I/O?
- Which address range is private RFC 1918 space?
- Which Android permission category controls access to the device camera?
- Which Azure service category is IaaS?
- Which TWO are benefits of virtualization? (Select TWO.)
- Which biometric method maps facial geometry on supported devices?
- Which BIOS/UEFI setting boots from USB for OS installation?
- Blue screen after new RAM install. First action?
- Which cable category supports 1 Gbps to 100 meters on copper?
- Cannot join domain — time skew error. Fix?
- Which cellular generation introduced LTE-Advanced with higher throughput?
- Clicking hard drive and slow access. Likely issue?
+ 90 more indexed — see exam overview
CompTIA Cloud+ (CV0-004)
76 practice questions with dedicated study pages.
- An audit found gaps: the organization must apply IAM least privilege in cloud. Which option addresses this?
- An audit found gaps: the organization must right-size resources for cost. Which option addresses this?
- An audit found gaps: the organization must monitor SLA and SLO metrics. Which option addresses this?
- A company needs to automate infrastructure provisioning. Which option meets the requirement with the LEAST…
- A company needs to use CI/CD for cloud releases. Which option meets the requirement with the LEAST implementation…
- A company needs to compare IaaS PaaS SaaS. Which option meets the requirement with the LEAST implementation effort?
- A company needs to implement capacity planning. Which option meets the requirement with the LEAST implementation effort?
- A company needs to monitor SLA and SLO metrics. Which option meets the requirement with the LEAST implementation effort?
- A company needs to restore service after outage. Which option meets the requirement with the LEAST implementation…
- A company needs to right-size resources for cost. Which option meets the requirement with the LEAST implementation…
- For cost and security, the team must compare IaaS PaaS SaaS. What is the recommended approach?
- For cost and security, the team must segment workloads in cloud networks. What is the recommended approach?
+ 64 more indexed — see exam overview
CompTIA CySA+ (CS0-003)
86 practice questions with dedicated study pages.
- Which artifact preserves volatile memory?
- Which asset discovery finds shadow IT cloud?
- Which ATT&CK tactic is initial access?
- Which audience needs executive summary with business impact?
- Which baseline deviation triggers anomaly alert?
- Which TWO belong in executive dashboard? (Select TWO.)
- Which briefing covers lessons for engineers?
- Which bug bounty provides external testing?
- Which chart shows vuln trend over quarters?
- Which TWO are common scan limitations? (Select TWO.)
- Which communication avoids sensitive IOC details publicly?
- Which communication channel is out-of-band during IR?
+ 74 more indexed — see exam overview
CompTIA Data+ (DA0-001)
63 practice questions with dedicated study pages.
- An audit found gaps: the organization must communicate analytical limitations. Which option addresses this?
- A company needs to apply basic statistics to samples. Which option meets the requirement with the LEAST implementation…
- A company needs to apply GDPR-style erasure requests. Which option meets the requirement with the LEAST implementation…
- A company needs to compare relational and dimensional models. Which option meets the requirement with the LEAST…
- A company needs to define primary keys in datasets. Which option meets the requirement with the LEAST implementation…
- A company needs to find correlations between metrics. Which option meets the requirement with the LEAST implementation…
- A company needs to summarize datasets with aggregates. Which option meets the requirement with the LEAST…
- A company needs to visualize trends for stakeholders. Which option meets the requirement with the LEAST implementation…
- For cost and security, the team must visualize trends for stakeholders. What is the recommended approach?
- After a design review, leadership requires the team to describe data life cycle stages. Which approach is MOST reliable?
- After a design review, leadership requires the team to find correlations between metrics. Which approach is MOST…
- After a design review, leadership requires the team to summarize datasets with aggregates. Which approach is MOST…
+ 51 more indexed — see exam overview
CompTIA Linux+ (XK0-005)
87 practice questions with dedicated study pages.
- Which access control uses MAC labels on RHEL?
- Which Ansible file defines tasks against hosts?
- Which audit framework logs syscalls on Linux?
- Cannot sudo despite group membership. Cause?
- Which command adds user with home directory on Linux?
- Which command changes file owner?
- Which command checks listening TCP ports?
- Which command installs packages on RHEL-family systems?
- Which command lists block devices and filesystems?
- Which command lists SELinux context of file?
- Which command sets SELinux mode enforcing temporarily?
- Which command shows current kernel version?
+ 75 more indexed — see exam overview
CompTIA Network+ (N10-009)
90 practice questions with dedicated study pages.
- Which attack captures DHCP offers to become default gateway?
- Which attack floods a target with traffic to deny service?
- Which authentication factor is a hardware token?
- Which authentication protocol is used with WPA2-Enterprise?
- Which backup type copies only changed blocks since last full?
- BGP session down after firewall change. Likely?
- Which cable management aids airflow in racks?
- Which cable tester result indicates split pair wiring fault?
- Which cable type is immune to EMI for long campus runs?
- Captive portal auth works on Android not iOS. Check?
- Which certificate problem breaks HTTPS trust?
- Which change management step validates rollback?
+ 78 more indexed — see exam overview
CompTIA PenTest+ (PT0-002)
63 practice questions with dedicated study pages.
- An audit found gaps: the organization must obtain written authorization. Which option addresses this?
- An audit found gaps: the organization must include reproduction steps. Which option addresses this?
- A company needs to communicate findings to leadership. Which option meets the requirement with the LEAST…
- A company needs to define rules of engagement. Which option meets the requirement with the LEAST implementation effort?
- A company needs to enumerate external attack surface. Which option meets the requirement with the LEAST implementation…
- A company needs to exploit misconfigured cloud storage. Which option meets the requirement with the LEAST…
- A company needs to include reproduction steps. Which option meets the requirement with the LEAST implementation effort?
- A company needs to map findings to remediation owners. Which option meets the requirement with the LEAST…
- A company needs to test API authentication. Which option meets the requirement with the LEAST implementation effort?
- For cost and security, the team must obtain written authorization. What is the recommended approach?
- For cost and security, the team must map findings to remediation owners. What is the recommended approach?
- After a design review, leadership requires the team to validate SQL injection risk. Which approach is MOST reliable?
+ 51 more indexed — see exam overview
CompTIA Project+ (PK0-005)
76 practice questions with dedicated study pages.
- Which option is MOST appropriate to balance scope time cost quality?
- Which option is MOST appropriate to balance scope time cost quality (variant 3)?
- Which option is MOST appropriate to define requirements before build?
- Which option is MOST appropriate to escalate blockers with options?
- Which option is MOST appropriate to use Gantt charts for schedule?
- Which option is MOST appropriate to use Gantt charts for schedule (variant 3)?
- Which option is MOST appropriate to identify stakeholders early?
- Which option is MOST appropriate to identify stakeholders early (variant 1)?
- Which option is MOST appropriate to manage project risks?
- Which option is MOST appropriate to manage vendor contracts?
- Which option is MOST appropriate to manage vendor contracts (variant 1)?
- Which option is MOST appropriate to run retrospectives after phases?
+ 64 more indexed — see exam overview
CompTIA Security+ (SY0-701)
50 practice questions with dedicated study pages.
- In the AAA security architecture, the process of granting or denying access to resources is known as:
- In the AAA security architecture, the process of tracking accessed services and logging resource consumption is called:
- An access control vestibule (a.k.a. mantrap) is a physical security access control system used to prevent unauthorized…
- Which of the following best applies to the concept of non-repudiation?
- In the context of the AAA framework, common methods for authenticating people include: (Select 3 answers)
- Which of the following answers can be used to describe technical security controls? (Select 3 answers)
- Examples of deterrent security controls include: (Select 3 answers)
- Which of the following examples fall into the category of operational security controls? (Select 3 answers)
- Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)
- Examples of managerial security controls include: (Select 3 answers)
- What are the examples of preventive security controls? (Select 3 answers)
- A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is…
+ 38 more indexed — see exam overview
CompTIA Server+ (SK0-005)
79 practice questions with dedicated study pages.
- An audit found gaps: the organization must automate Linux package updates. Which option addresses this?
- A company needs to apply firmware updates safely. Which option meets the requirement with the LEAST implementation…
- A company needs to choose RAID level for performance and redundancy. Which option meets the requirement with the LEAST…
- A company needs to connect SAN storage. Which option meets the requirement with the LEAST implementation effort?
- A company needs to diagnose boot failures. Which option meets the requirement with the LEAST implementation effort?
- A company needs to expand volumes online. Which option meets the requirement with the LEAST implementation effort?
- A company needs to harden default services. Which option meets the requirement with the LEAST implementation effort?
- A company needs to monitor server health. Which option meets the requirement with the LEAST implementation effort?
- A company needs to plan rack power and cooling. Which option meets the requirement with the LEAST implementation effort?
- A company needs to remotely manage Windows servers. Which option meets the requirement with the LEAST implementation…
- A company needs to resolve high CPU on database server. Which option meets the requirement with the LEAST…
- A company needs to virtualize physical servers. Which option meets the requirement with the LEAST implementation effort?
+ 67 more indexed — see exam overview
Google Associate Cloud Engineer (ACE)
70 practice questions with dedicated study pages.
- An audit found gaps: the organization must object storage for applications. Which option addresses this?
- A company needs to managed Kubernetes control plane. Which option meets the requirement with the LEAST implementation…
- For cost and security, the team must use service accounts for workloads. What is the recommended approach?
- For cost and security, the team must run containers without managing nodes. What is the recommended approach?
- A data team must grant roles to principals.
- After a design review, leadership requires the team to host static assets globally. Which approach is MOST reliable?
- After a design review, leadership requires the team to private networking in GCP. Which approach is MOST reliable?
- After a design review, leadership requires the team to private Google API access. Which approach is MOST reliable?
- The DevOps team is automating releases and must organize projects with labels. Which design fits best?
- Which Google Cloud service should you use to organize projects and folders?
- Which Google Cloud service should you use to organize projects with labels?
- Which Google Cloud service should you use to set org policies on resources?
+ 58 more indexed — see exam overview
Google Cloud Digital Leader (CDL)
68 practice questions with dedicated study pages.
- An audit found gaps: the organization must analyze petabytes with SQL. Which option addresses this?
- A cloud engineer needs to build ML models on managed AI platform.
- A cloud engineer needs to describe Google Cloud regions.
- A cloud engineer needs to run containers on managed Kubernetes.
- A cloud engineer needs to stream analytics in real time.
- A company needs to encrypt data with customer-managed keys. Which option meets the requirement with the LEAST…
- A company needs to serverless request-driven compute. Which option meets the requirement with the LEAST implementation…
- For cost-aware operations, you should explain why organizations adopt cloud.
- For cost-aware operations, you should analyze petabytes with SQL.
- For cost-aware operations, you should build ML models on managed AI platform.
- For cost-aware operations, you should run VMs on Google infrastructure.
- For cost-aware operations, you should run containers on managed Kubernetes.
+ 56 more indexed — see exam overview
Google Professional Cloud Architect (PCA)
70 practice questions with dedicated study pages.
- An audit found gaps: the organization must centralize org security findings. Which option addresses this?
- A cloud engineer needs to choose region for data residency.
- A cloud engineer needs to design hybrid connectivity.
- A cloud engineer needs to design multi-region failover.
- A cloud engineer needs to encrypt data with customer-managed keys.
- A cloud engineer needs to infrastructure as code on GCP.
- A company needs to design hybrid connectivity. Which option meets the requirement with the LEAST implementation effort?
- For cost-aware operations, you should design hybrid connectivity.
- For cost-aware operations, you should design reliable systems on GCP.
- For cost-aware operations, you should preview infrastructure changes.
- For cost-aware operations, you should centralize org security findings.
- For cost-aware operations, you should design for failure domains.
+ 58 more indexed — see exam overview
Google Professional Cloud DevOps Engineer (PCDO)
68 practice questions with dedicated study pages.
- A cloud engineer needs to build containers in CI.
- A cloud engineer needs to promote releases with Cloud Deploy.
- A cloud engineer needs to right-size Compute Engine VMs.
- A cloud engineer needs to SLO-based alerting.
- A cloud engineer needs to store build artifacts.
- A company needs to optimize service cost on GCP. Which option meets the requirement with the LEAST implementation…
- For cost-aware operations, you should scan artifacts in Cloud Build.
- For cost-aware operations, you should promote releases with Cloud Deploy.
- For cost-aware operations, you should store build artifacts securely.
- For cost-aware operations, you should define SLOs in Cloud Monitoring.
- For cost-aware operations, you should error budgets and toil reduction.
- For cost-aware operations, you should optimize service cost on GCP.
+ 56 more indexed — see exam overview
Google Professional Cloud Security Engineer (PCSE)
68 practice questions with dedicated study pages.
- An audit found gaps: the organization must rotate encryption keys automatically. Which option addresses this?
- A cloud engineer needs to DDoS protection at edge.
- A cloud engineer needs to investigate threats with Chronicle.
- A cloud engineer needs to restrict resource locations.
- A cloud engineer needs to service perimeter for data exfiltration.
- A cloud engineer needs to store API keys securely.
- For cost-aware operations, you should restrict resource locations.
- For cost-aware operations, you should service perimeter for data exfiltration.
- For cost-aware operations, you should rotate encryption keys automatically.
- For cost-aware operations, you should centralize security findings.
- For cost and security, the team must store API keys securely. What is the recommended approach?
- For cost and security, the team must centralize security findings. What is the recommended approach?
+ 56 more indexed — see exam overview
Google Professional Data Engineer (PDE)
68 practice questions with dedicated study pages.
- An audit found gaps: the organization must warehouse analytics. Which option addresses this?
- A cloud engineer needs to govern data lakes.
- A cloud engineer needs to orchestrate batch pipelines.
- A cloud engineer needs to real-time messaging.
- A cloud engineer needs to train models on structured data.
- For cost-aware operations, you should batch and stream with Apache Beam.
- For cost-aware operations, you should stream into BigQuery.
- For cost-aware operations, you should wide-column low-latency store.
- For cost-aware operations, you should monitor pipeline SLAs.
- For cost and security, the team must govern data lakes. What is the recommended approach?
- A data team must monitor pipeline SLAs.
- A data team must orchestrate batch pipelines.
+ 56 more indexed — see exam overview
KeyTrain's Key Training — Application Security (KT-APP)
16 practice questions with dedicated study pages.
- Browser zero-day is announced; no patch for 48 hours. Mitigation?
- Bug bounty reports IDOR on an API returning other users' orders by changing ?userId=. Fix?
- Code review finds user input concatenated into OS commands. Fix?
- Dependency scan shows log4j vulnerable library in three microservices. FIRST step?
- Developers complain SAST has 10,000 findings. Prioritization approach?
- JWTs are accepted with alg=none in a mobile API. Severity?
- Legacy PHP 5.6 internet app cannot be retired yet. Control?
- A Node service builds SQL with template literals including user search terms. Risk?
- Pen test achieves domain admin via PrintNightmare-style vuln. Lesson?
- SAST flags deserialization of untrusted data in a Java admin servlet. Why critical?
- SAST flags SSRF in a webhook feature. Why is this high risk?
- SAST pipeline fails build on hard-coded AWS keys in a feature branch. Correct outcome?
+ 4 more indexed — see exam overview
KeyTrain's Key Training — Compliance & Governance (KT-CG)
20 practice questions with dedicated study pages.
- Annual risk register omits cloud misconfiguration threats. Update?
- Audit finds developers pushing code without peer review despite policy. Gap?
- Auditors request proof of privileged access reviews; team has screenshots but no tickets. Gap?
- Auditors request sample of privileged access reviews; team has ad hoc emails only. Improvement?
- Business associate agreement missing for cloud backup vendor storing ePHI. Risk?
- Change records missing for emergency firewall rule during incident. Fix for next time?
- A clinic texts patient results via personal SMS. Violation concern?
- Data flow diagrams for PHI are missing for a new SaaS tool. Why needed?
- Developers bypass code review using emergency break-glass accounts weekly. Issue?
- Employees use personal cloud storage for work files against AUP. Response?
- A high-risk finding is accepted without expiration date. Problem?
- Incident response fails because network diagrams are six years out of date. Improvement?
+ 8 more indexed — see exam overview
KeyTrain's Key Training — Data Protection (KT-DP)
20 practice questions with dedicated study pages.
- A cloud admin can delete production and backup vaults with one role. Best fix?
- A conference hands out branded USB drives at your booth. Security recommendation?
- A contractor pastes customer PII into a public ChatGPT session. Which combined control helps MOST?
- Database backups are copied to tape unencrypted for 'speed.' What risk should leadership accept if continuing?
- Developers store TLS private keys in the application Git repo for 'deployment speed.' Fix?
- DLP alerts on a spreadsheet labeled 'Internal' leaving via personal webmail. Best FIRST step?
- DLP blocks a nurse emailing treatment notes to a personal account for 'convenience.' Which outcome is correct?
- Endpoint DLP generates many false positives on source code zips. What tuning is BEST?
- Engineers paste production database connection strings into a public Slack channel. Response?
- A found USB drive is plugged into a SOC analyst machine 'to see who lost it.' What is the SAFE procedure?
- Git history contains AWS keys for a retired project. What reduces future sensitive exposure?
- Immutable backups are enabled, but backup admin can delete vault locks. Best improvement?
+ 8 more indexed — see exam overview
KeyTrain's Key Training — Email Security (KT-EMS)
16 practice questions with dedicated study pages.
- An attachment is a .html file claiming to be an invoice preview. Safest handling?
- An attacker registers a domain one character off from your vendor. Which control reduces payment fraud?
- DMARC aggregate reports show 12% of mail using your domain fails alignment from unknown IPs. Action?
- Email filter quarantined a PDF with embedded JavaScript. Why is this noteworthy?
- An executive receives a QR code poster 'for IT Wi-Fi' in the parking garage. Which category does this BEST fit?
- Finance receives wire instructions changing bank details via email right before quarter close. What verification is…
- An invoice attachment is a password-protected ZIP containing a .lnk file. What is the SAFEST handling step?
- Legal notices a forged CEO email approving acquisition NDA sharing. Besides legal, who must be engaged FIRST?
- Macro-enabled Excel arrives from an unknown vendor address. Which policy is BEST?
- Mail headers show SPF pass, DKIM fail, and DMARC none for a message impersonating the CEO. What improvement is MOST…
- Your phishing simulation click rate dropped to zero after blocking all external links. What risk remains?
- AP receives email changing ACH details for a top vendor; phone number in signature is new. Step?
+ 4 more indexed — see exam overview
KeyTrain's Key Training — Endpoint Security (KT-EPS)
20 practice questions with dedicated study pages.
- An analyst sees powershell.exe spawning rundll32 with no window. What should they collect FIRST?
- Which artifact BEST helps determine persistence via scheduled task creation?
- Autoruns shows an unknown scheduled task calling a binary in %ProgramData%. Action?
- Backups are immutable; leadership asks about paying ransom. Security recommendation?
- EDR detects a living-off-the-land script spawning rundll32 from WinWord. Next step?
- EDR quarantines a signed driver loading from a temp folder. Next BEST step?
- EDR shows 'protected' but Windows Defender is disabled via GPO conflict. What should you do?
- 20% of endpoints report outdated definitions for 14 days. BEST prioritized action?
- File servers show mass .encrypted extensions and a ransom note. FIRST action?
- GPO audit shows 18% of laptops with Defender disabled by local admin tools. Fix?
- Ransomware group threatens leak of stolen data. What does 'double extortion' imply?
- Registry Run keys point to a random AppData executable after an email attachment. BEST remediation?
+ 8 more indexed — see exam overview
KeyTrain's Key Training — Financial Security (KT-FIN)
16 practice questions with dedicated study pages.
- Accounting sees duplicate vendor invoices with slightly different bank info. Indicator?
- An admin can post and approve journal entries alone. Issue?
- Attacker inserts a fake line item via compromised AP mailbox rules. Detection?
- Auditors find journal entries posted after close without approval workflow. Issue?
- Automated ACH file generation has no integrity check before upload. Add?
- AP clerks can create vendors and pay them. BEST SoD change?
- Expense reports spike for gift cards before holidays. Control?
- GL export to Excel for 'analysis' bypasses ERP controls. Mitigation?
- Month-end adjustments lack supporting documentation in the share. Risk?
- Payroll adds a new bank account for an employee who did not request a change. Indicator?
- PDF invoice metadata shows different authoring software than prior invoices from the vendor. Action?
- PDF invoice totals do not match ERP line items but bank account matches a new vendor. Suspicion?
+ 4 more indexed — see exam overview
KeyTrain's Key Training — Identity & Access Security (KT-IAS)
20 practice questions with dedicated study pages.
- Audit finds contractors using former employees' accounts. What policy enforcement MOST directly stops this?
- Authentication logs show 40,000 failed logins against one legacy IMAP service from one ASN. Which attack type is MOST…
- Cloud audit shows a Lambda role with iam:PassRole and sts:AssumeRole on admin roles. Risk?
- Dark web monitoring shows corporate emails in a breach dump. What is the FIRST technical action aligned to credential…
- Developers store API keys in public GitHub repos. Which practice BEST reduces credential abuse long term?
- Endpoint EDR flags PowerShell downloading a script that modifies local admin group membership. Which indicator BEST…
- An executive refuses hardware tokens but approves SMS codes for banking-style apps. Which risk should you document in…
- A help desk ticket reports repeated lockouts for one user after they traveled. Logs show failed logins from two…
- IdP logs show successful logins for a disabled contractor account. What is the BEST remediation?
- A junior analyst discovers they can add themselves to a cloud admin group via a misconfigured automation role. What is…
- Okta ThreatInsight flags cred-stuffing against your customer portal. FIRST technical response?
- Your org is rolling out passwordless sign-in for contractors. Which control MOST directly reduces phishing of static…
+ 8 more indexed — see exam overview
KeyTrain's Key Training — Network Security (KT-NET)
24 practice questions with dedicated study pages.
- An attacker on guest Wi-Fi intercepts traffic. BEST network segmentation fix?
- Which control detects DNS tunneling without full TLS break?
- A database server suddenly listens on port 3389 internally. BEST response?
- Which dataset BEST confirms beaconing vs user streaming video?
- DNS analytics show long random subdomains to a newly registered domain from one server. Action?
- Encrypted traffic to a newly registered domain spikes after a phishing click. BEST correlation?
- Exfil over DNS encodes data in TXT queries. BEST mitigation layer?
- Firewall logs show outbound TCP 4444 from a workstation to an unknown IP. What is this commonly associated with?
- A host contacts one IP every 60 seconds with 200-byte HTTPS posts. Likely behavior?
- IDS alerts on TLS encrypted traffic show 'possible C2' with no payload. Next action?
- IPS blocks legitimate ERP traffic after a signature update. BEST immediate step?
- IPS blocks a SQL injection attempt against a legacy app, but app logs show no WAF upstream. Concern?
+ 12 more indexed — see exam overview
KeyTrain's Key Training — Physical Security (KT-PHY)
16 practice questions with dedicated study pages.
- Access control system uses default vendor password on the controller. Risk?
- Camera covers ATM area but blinds spot hides safe access. Issue?
- CCTV retention is 7 days but incident discovered on day 10. Impact?
- An employee's encrypted laptop is stolen from a car; BitLocker was on but the session unlocked. Risk?
- Employees lend badges to coworkers. Policy fix?
- After-hours badge swipes in a data center from a terminated contractor badge. Action?
- Laptop stolen from a car; drive encrypted, device not managed. Concern?
- Legal asks whether lobby cameras can use facial recognition for 'security.' Concern?
- NVR firmware is three years old on the security VLAN. Recommendation?
- A propped-open fire door alarm is muted for 'convenience.' Risk?
- Spare phones disappear from a stock room without inventory updates. Process fix?
- Stolen tablet had clinical app logged in. Immediate steps?
+ 4 more indexed — see exam overview
KeyTrain's Key Training — System Hygiene (KT-SYS)
20 practice questions with dedicated study pages.
- Browser extensions with broad permissions haven't updated in two years. Risk?
- CIS benchmark scan: SSH PermitRootLogin yes on new cloud VMs. Fix?
- CISA adds a VPN vendor CVE to KEV; your appliance is two versions behind. Priority?
- A critical app requires Java 8 with no vendor roadmap; server sits in the DMZ. Mitigation?
- Critical CVE has exploit in the wild; patch available. Servers are 30 days behind. FIRST priority?
- CSPM reports public SSH open on a prod instance that Terraform should manage privately. Fix?
- AD GPO reports different password policy on one OU. Likely impact?
- Inventory finds Java 8 on 400 endpoints for one legacy app. BEST approach?
- Only 62% of laptops meet the 14-day critical patch SLA. Best program improvement?
- MDM shows 15% iOS devices below minimum OS. Enforcement action?
- Medical devices run embedded OS with no vendor patches. BEST documentation?
- Medical devices run Windows 7 embedded with no vendor patch path. Control?
+ 8 more indexed — see exam overview
Microsoft Azure AI Fundamentals (AI-900)
68 practice questions with dedicated study pages.
- An Azure architect must use automated ML for tabular data.
- An Azure architect must document model limitations.
- An Azure architect must use large language models on Azure.
- An Azure architect must read text in images.
- Which Azure offering should you use to use automated ML for tabular data?
- Which Azure offering should you use to use automated ML for tabular data (variant 2)?
- Which Azure offering should you use to build conversational bots?
- Which Azure offering should you use to detect objects in images?
- Which Azure offering should you use to document model limitations?
- Which Azure offering should you use to document model limitations (variant 2)?
- Which Azure offering should you use to fairness and transparency in ML?
- Which Azure offering should you use to fairness and transparency in ML (variant 1)?
+ 56 more indexed — see exam overview
Microsoft Azure Administrator (AZ-104)
70 practice questions with dedicated study pages.
- An audit found gaps: the organization must federate on-premises AD with cloud. Which option addresses this?
- An audit found gaps: the organization must publish services with private IPs only. Which option addresses this?
- Which Azure offering should you use to alert on metric thresholds?
- Which Azure offering should you use to apply policies across subscriptions?
- Which Azure offering should you use to assign permissions at resource scope?
- Which Azure offering should you use to backup VMs and workloads?
- Which Azure offering should you use to collect metrics and logs centrally?
- Which Azure offering should you use to connect on-premises to Azure privately?
- Which Azure offering should you use to control east-west traffic in VNet?
- Which Azure offering should you use to federate on-premises AD with cloud?
- Which Azure offering should you use to host SMB file shares in Azure?
- Which Azure offering should you use to host web apps without managing VMs?
+ 58 more indexed — see exam overview
Microsoft Azure Data Fundamentals (DP-900)
68 practice questions with dedicated study pages.
- An audit found gaps: the organization must structured vs semi-structured data. Which option addresses this?
- An Azure architect must choose Cosmos DB API for MongoDB.
- An Azure architect must describe batch vs streaming data.
- An Azure architect must lakehouse analytics on OneLake.
- An Azure architect must scale reads with readable replicas.
- Which Azure offering should you use to choose Cosmos DB API for MongoDB?
- Which Azure offering should you use to describe batch vs streaming data?
- Which Azure offering should you use to enterprise analytics at scale?
- Which Azure offering should you use to enterprise analytics at scale (variant 1)?
- Which Azure offering should you use to globally distributed document DB?
- Which Azure offering should you use to globally distributed document DB (variant 1)?
- Which Azure offering should you use to lakehouse analytics on OneLake?
+ 56 more indexed — see exam overview
Microsoft Azure DevOps Engineer Expert (AZ-400)
70 practice questions with dedicated study pages.
- An audit found gaps: the organization must monitor pipeline runs. Which option addresses this?
- An Azure architect must build and release pipelines as code.
- An Azure architect must cache dependencies in pipelines.
- An Azure architect must collect pipeline logs centrally.
- An Azure architect must deploy to multiple stages with gates.
- Which Azure offering should you use to branch policies for quality gates?
- Which Azure offering should you use to build and release pipelines as code?
- Which Azure offering should you use to cache dependencies in pipelines?
- Which Azure offering should you use to collect pipeline logs centrally?
- Which Azure offering should you use to define infrastructure environments?
- Which Azure offering should you use to deploy to multiple stages with gates?
- Which Azure offering should you use to manage boards repos pipelines?
+ 58 more indexed — see exam overview
Microsoft Azure Developer Associate (AZ-204)
70 practice questions with dedicated study pages.
- An Azure architect must decouple microservices with queues.
- Which Azure offering should you use to access Microsoft 365 data in apps?
- Which Azure offering should you use to authenticate apps without secrets in code?
- Which Azure offering should you use to containerize APIs on managed Kubernetes?
- Which Azure offering should you use to decouple microservices with queues?
- Which Azure offering should you use to grant limited-time blob access?
- Which Azure offering should you use to host web APIs on Linux containers in Azure?
- Which Azure offering should you use to ingest high-volume streaming events?
- Which Azure offering should you use to orchestrate long-running workflows?
- Which Azure offering should you use to profile live .NET performance?
- Which Azure offering should you use to react to blob uploads with serverless code?
- Which Azure offering should you use to schedule recurring jobs in cloud?
+ 58 more indexed — see exam overview
Microsoft Azure Fundamentals (AZ-900)
66 practice questions with dedicated study pages.
- An audit found gaps: the organization must describe consumption-based pricing. Which option addresses this?
- An Azure architect must run managed relational databases.
- An Azure architect must store unstructured objects at scale.
- Which Azure offering should you use to centralize identity for Azure resources?
- Which Azure offering should you use to compare public vs private cloud?
- Which Azure offering should you use to define elasticity in cloud?
- Which Azure offering should you use to deploy resources as a unit?
- Which Azure offering should you use to describe consumption-based pricing?
- Which Azure offering should you use to explain high availability concepts?
- Which Azure offering should you use to explain shared responsibility?
- Which Azure offering should you use to host managed web applications?
- Which Azure offering should you use to organize subscriptions and management groups?
+ 54 more indexed — see exam overview
Microsoft Azure Security Engineer Associate (AZ-500)
68 practice questions with dedicated study pages.
- An audit found gaps: the organization must prioritize remediations from secure score. Which option addresses this?
- An Azure architect must block legacy authentication.
- An Azure architect must hunt threats with KQL.
- An Azure architect must prioritize remediations from secure score.
- An Azure architect must require MFA based on risk signals.
- An Azure architect must store TLS certificates for apps.
- Which Azure offering should you use to assess regulatory compliance?
- Which Azure offering should you use to automate response with playbooks?
- Which Azure offering should you use to block legacy authentication?
- Which Azure offering should you use to centralize secrets and keys?
- Which Azure offering should you use to filter traffic to Azure resources?
- Which Azure offering should you use to hunt threats with KQL?
+ 56 more indexed — see exam overview
Microsoft Azure Solutions Architect Expert (AZ-305)
68 practice questions with dedicated study pages.
- An Azure architect must design multi-subscription governance.
- An Azure architect must ingress TLS with Web Application Firewall.
- An Azure architect must Layer 7 load balancing for web apps.
- An Azure architect must managed relational PaaS database.
- An Azure architect must private cluster API for Kubernetes.
- Which Azure offering should you use to backup Azure VMs to vault?
- Which Azure offering should you use to cache read-heavy relational workloads?
- Which Azure offering should you use to design multi-subscription governance?
- Which Azure offering should you use to design directory groups for RBAC?
- Which Azure offering should you use to enforce guardrails on new subscriptions?
- Which Azure offering should you use to globally distributed NoSQL?
- Which Azure offering should you use to ingest telemetry at scale?
+ 56 more indexed — see exam overview
Microsoft Security, Compliance, and Identity Fundamentals (SC-900)
68 practice questions with dedicated study pages.
- An Azure architect must enable self-service password reset.
- An Azure architect must explain least privilege access.
- An Azure architect must protect endpoints with EDR.
- An Azure architect must single sign-on for cloud apps.
- An Azure architect must unified XDR across endpoints and cloud.
- Which Azure offering should you use to apply retention labels to files?
- Which Azure offering should you use to data governance and catalog?
- Which Azure offering should you use to describe defense in depth?
- Which Azure offering should you use to enable self-service password reset?
- Which Azure offering should you use to explain least privilege access?
- Which Azure offering should you use to guest access for partners?
- Which Azure offering should you use to protect endpoints with EDR?
+ 56 more indexed — see exam overview