Module 3: Topical Customer Scenarios

Looking for ‘Providing Technical Support for AWS Workloads Module 3 Answers’?

In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Topical Customer Scenarios of Course 3: Providing Technical Support for AWS Workloads Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!

Knowledge check

Practice Assignment

1. Which statement about AWS Identity and Access Management (IAM) best practices for the AWS account root user is TRUE?

  • The account root user should not be used for everyday tasks. ✅
  • Credentials for the account root user include email address, user name, and password.
  • The account root user has access only to the IAM service, and all other access must be granted to an IAM user.
  • The recommended way to provide administrator-level access is to share the email address and password of the account root user

The account root user should not be used for everyday tasks. Credentials for the account root user include email address, user name, and password. The account root user has access only to the IAM service, and all other access must be granted to an IAM user. The recommended way to provide administrator-level access is to share the email address and password of the account root user

Final asessment

Graded Assignment

2. AWS Basic support provides the ability to open cases for account and billing questions, and access to AWS documentation, technical papers, and support forums. Which other benefit is included with AWS Basic support?

  • Use-case guidance on what AWS products, features, and services to use
  • White-glove case routing
  • Access to service health checks ✅
  • Access to all AWS Trusted Advisor checks

Explanation:
AWS Basic Support includes access to the AWS Personal Health Dashboard, which provides service health checks. Other advanced support features, such as full Trusted Advisor checks or technical guidance, require higher-tier plans.

3. Which main factors should a company consider when choosing an AWS Support plan? (Select TWO.)

  • Availability Zone
  • Cloud budget ✅
  • AWS Region
  • Business requirements ✅
  • The number of employees

Explanation:
When choosing an AWS Support plan, it’s important to consider your business needs (such as uptime, SLAs, and guidance) and your budget, since higher-tier plans offer more features but come at additional cost.

4. Which Amazon VPC Flow Log record fields are part of a log record with a default format? (Select TWO.)

  • The source address for incoming traffic ✅
  • AWS Identity and Access Management (IAM) user name of the user sending or receiving data
  • The AWS account ID of the owner of the source network interface ✅
  • Source operating system (OS) of the system where the requests originated

Explanation:
The default VPC Flow Logs format includes key metadata like source/destination IPs and the account ID of the network interface owner. Details like OS or IAM user name are not included in default fields.

5. A company is hosting a web application on Amazon Elastic Compute Cloud (Amazon EC2). The application resides in a public subnet that’s inside a custom virtual private cloud (VPC), and it connects to the internet by using a public IPv4 address. When users try to open the application, they receive a connection timeout error. Which option should the support team investigate so the application can communicate with the internet?

  • Internet gateway ✅
  • VPC peering AWS Lambda
  • AWS Identity and
  • Access Management (IAM) permissions

Explanation:
For an EC2 instance in a public subnet to communicate with the internet, a properly configured Internet Gateway (IGW) is essential. A missing or misconfigured IGW can cause timeout errors.

6. When a company deploys an application on an Amazon Elastic Compute Cloud (Amazon EC2) instance, the operations team notices that the instance does not pass instance status checks. What should the support team look at to investigate the issue?

  • Network connectivity and operating system configurations ✅
  • Network connectivity and hardware issues
  • Software problems on the physical host machines
  • Underlying infrastructure, including Regions, Availability Zones, and edge locations

Explanation:
When EC2 instance status checks fail, it typically means there’s a problem inside the instance, like OS misconfigurations, startup script failures, or networking issues.

7. Which statement about AWS Identity and Access Management (IAM) best practices for the AWS account root user is TRUE?

  • The root user should not be used for everyday tasks. ✅
  • Credentials for the account root user include email address, user name, and password.
  • The account root user has access only to the IAM service, and all other access must be granted to an IAM user.
  • The recommended way to provide administrator-level access is to share the email address and password of the account root user.

Explanation:
AWS recommends using the root user only for initial setup or rare account-level changes. Instead, create IAM users for regular activities and enforce least-privilege policies.

8. Which option follows best practices when looking to control access to a specific Amazon Simple Storage Service (Amazon S3) bucket for all users within a specific IP address range?

  • AWS Identity and Access Management (IAM) user policy
  • AWS Identity and Access Management (IAM) group policy
  • Amazon S3 bucket policy ✅
  • Cross-origin resource sharing (CORS)

Explanation:
To control access to an S3 bucket for users from a specific IP range, a bucket policy is the best solution. It allows fine-grained control based on IP conditions.

9. An Amazon Elastic Compute Cloud (Amazon EC2) instance is unable to connect to a newly created Amazon Relational Database Service (Amazon RDS) DB instance within the same virtual private cloud (VPC). Which option should be checked to determine the cause of the issue?

  • Public accessibility
  • Internet gateway
  • Table size
  • Availability ✅

Explanation:

Since both the EC2 instance and the RDS DB instance are within the same VPC, Public accessibility is not the issue — that only applies when trying to access the RDS instance from outside the VPC (e.g., over the public internet).

In this scenario, if an EC2 instance within the same VPC can’t connect to an RDS instance, one of the first things to check is whether the RDS instance is in the available state. If it’s not “available,” it won’t accept any connections — even from inside the VPC.

Also worth checking (though not in this question):

  • Security groups (ensure EC2 is allowed to connect to the RDS port)
  • Subnet routing
  • Network ACLs

10. True or False: AWS Organizations uses bucket policies to offer centralized control over the permissions for all of the accounts in an organization.

  • True
  • False ✅

Explanation:
AWS Organizations does not use S3 bucket policies for account-level control. It uses Service Control Policies (SCPs) to manage permissions across member accounts centrally.

11. An account administrator adjusted an AWS Identity and Access Management (IAM) user policy for a user account managed in AWS Organizations. The policy change grants the user access to a new service. However, the administrator sees that access is denied when the user attempts to work with the new service. What is one of the first troubleshooting steps the administrator can follow to progress towards a solution?

  • Verify that the access is permitted in the service control policy (SCP) for the organizational unit (OU) for the account. ✅
  • Check that multi-factor authentication (MFA) is enabled for the user and the account.
  • Look at the flow logs to see if a connection is being made to the instance.
  • Verify that the correct ports are open.

Explanation:
Even if an IAM policy grants access, the SCP can override or restrict permissions. It’s a best practice to check SCPs first when troubleshooting access issues in AWS Organizations.

Related contents:

Module 1: Troubleshoot Cloud-Related Issues
Module 2: Troubleshooting AWS Services

You might also like:

Course 1: Introduction to Information Technology and AWS Cloud
Course 2: AWS Cloud Technical Essentials
Course 4: Developing Applications in Python on AWS
Course 5: Skills for Working as an AWS Cloud Consultant
Course 6: DevOps on AWS and Project Management
Course 7: Automation in the AWS Cloud
Course 8: Data Analytics and Databases on AWS
Course 9: Capstone: Following the AWS Well Architected Framework

Leave a Reply