Module 3: Designing a hybrid solution for container based workloads on AWS
Looking for ‘Architecting Solutions on AWS module 3 answers’?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Designing a hybrid solution for container based workloads on AWS of Course 2: Architecting Solutions on AWS
Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!
Week 3 Assessment
Graded Assignment
1. Which of the following options includes true statements for both Amazon Simple Storage Service (Amazon S3) cross-Region replication and AWS Key Management Service (AWS KMS)?
- To configure Amazon S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is possible for replicated objects.
- To configure Amazon S3 cross-Region replication, both the source and destination buckets must belong to the same AWS account. Server-side encryption (SSE) is not possible for replicated objects.
- To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption (SSE) is possible for replicated objects. ✅
- To configure Amazon S3 cross-Region replication, the source and destination buckets can belong to different AWS accounts. Server-side encryption is not possible for replicated objects.
Explanation:
- Cross-Region replication can occur across different AWS accounts.
- SSE (Server-Side Encryption) is supported when replicating objects between buckets.
- Permissions and KMS key policies must be set correctly if using SSE-KMS.
2. A solutions architect is designing a hybrid solution. The solution uses Amazon Virtual Private Cloud (Amazon VPC) resources, such Amazon Relational Database Service (Amazon RDS) and Amazon Elastic Compute Cloud (Amazon EC2). It also uses services that are not in a VPC, such as Amazon Simple Storage Service (Amazon S3) and AWS Systems Manager. Which statements about Amazon VPC and the scope of AWS services are correct? (Choose THREE.)
- Amazon VPC gives the user full control over their virtual networking environment. Therefore, the solutions architect can define firewall rules on the networking level for VPC-based resources. ✅
- Because S3 buckets do not reside inside a VPC, the customer can rely on AWS to configure security mechanisms, such as permissions and bucket policies. Thus, security is automatically applied on the data level because this level of security is the responsibility of AWS.
- VPC-based services that reside in a private subnet require specific configurations to enable internet access, such as a NAT gateway and route tables. ✅
- When possible, customers should avoid having services reside in VPCs because a networking misconfiguration can accidentally leave the infrastructure in an unsafe state.
- Using AWS resources like Amazon S3 is less secure because they are public resources by default.
- AWS VPN solutions can be configured to establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network. ✅
Explanation:
- Amazon VPC provides full control over network configuration including firewalls (via security groups and NACLs).
- Private subnets require a NAT gateway or NAT instance + route tables for internet access.
- AWS VPN enables secure hybrid connectivity between on-premises and AWS.
3. Which statements about AWS Storage Gateway are correct? (Choose THREE.)
- AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage. ✅
- AWS Storage Gateway offers virtually unlimited cloud storage to users and applications, at the cost of new storage hardware.
- AWS Storage Gateway delivers data access to on-premises applications while taking advantage of the agility, economics, and security capabilities of the AWS Cloud. ✅
- AWS Storage Gateway is limited to only on-premises applications, which means that it cannot be used from cloud to cloud.
- AWS Storage Gateway helps support compliance requirements through integration with AWS Backup to manage the backup and recovery of Volume Gateway volumes, which simplifies backup management. ✅
- AWS Storage Gateway can only work as an Amazon S3 File Gateway.
Explanation:
- Storage Gateway offers hybrid storage, bridging on-prem and AWS.
- Supports Tape Gateway, File Gateway, and Volume Gateway.
- Works with AWS Backup for centralized backup management.
4. Which set of AWS services is the BEST fit for the “Object, file, and block storage” category (which means that the services are dedicated to storing data in a durable way)?
- AWS DataSync, AWS Snow Family Amazon Simple Storage Service (Amazon S3),
- Amazon Elastic File System (Amazon EFS), Amazon Elastic Block Store (Amazon EBS), Amazon FSx ✅
- AWS Storage Gateway, AWS Snow Family
- AWS Elastic Disaster Recovery, AWS Backup
Explanation:
- S3 = Object storage
- EFS, FSx = File storage
- EBS = Block storage
These services are designed for durable, scalable data storage.
5. True or False: Amazon Simple Storage Service (Amazon S3) is better than Amazon Elastic Block Store (Amazon EBS) because it is designed to provide a higher level of data durability.
- True
- False ✅
Explanation:
- Amazon S3 does offer higher durability (99.999999999%), but it’s designed for object storage, not block storage.
- Amazon EBS is designed for block storage used by EC2 instances.
- So, neither service is universally “better” — it depends on the use case:
- Choose S3 for storing files, backups, logs, and media.
- Choose EBS for low-latency storage attached to running EC2 instances (e.g., databases, apps).
Related contents:
You might also like:
Course 1: AWS Cloud Technical Essentials
Course 3: Building Data Lakes on AWS
Course 4: Exam Prep: AWS Certified Solutions Architect – Associate