200+ Free Elastic Certified Engineer Practice Questions

Pass your Elastic Certified Engineer exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

200+ Questions

100% Free

1 / 200

Question 1

Score: 0/0

An index needs to support full-text search on `title` and also support sorting and terms aggregations on the same field. Which mapping is the best fit?

Map `title` as `text` only

Map `title` as `keyword` only

Map `title` as `text` with a `keyword` multi-field

Map `title` as `wildcard`

to track

2026 Statistics

Key Facts: Elastic Certified Engineer Exam

3 hours

Official Time Limit

Elastic

$500

Exam Fee

Elastic

8.15

Current Exam Version

Elastic FAQ

14 days

Retake Wait

Elastic FAQ

1 year

Attempt Validity

Elastic FAQ

2 years

Credential Validity

Elastic FAQ

As of March 11, 2026, Elastic's public certification materials still present Elastic Certified Engineer as a 3-hour performance-based exam on Elasticsearch 8.15 with $500 USD pricing, remote delivery through TrueAbility and Honorlock, a 14-day retake wait, and 2-year credential validity. Elastic does not publish a public passing score, fixed task count, or classic percentage-weighted blueprint, so the topic weights below are inferred from the official Elasticsearch Engineer course topics and the emphasis used in this 200-question practice bank. I did not find a separate 2026 regulatory or policy overhaul beyond the current remote-testing, system-requirement, and scheduling rules already reflected in Elastic's FAQ.

Sample Elastic Certified Engineer Practice Questions

Try these sample questions to test your Elastic Certified Engineer exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 200+ question experience with AI tutoring.

1An index needs to support full-text search on `title` and also support sorting and terms aggregations on the same field. Which mapping is the best fit?

A.Map `title` as `text` only

B.Map `title` as `keyword` only

C.Map `title` as `text` with a `keyword` multi-field

D.Map `title` as `wildcard`

Explanation: A `text` field is analyzed for full-text queries, while a `keyword` subfield preserves the exact value for sorting and aggregations. This multi-field pattern is the standard Elasticsearch approach when one logical field needs both behaviors.

2Which API lets you test an ingest pipeline against sample documents without indexing anything?

A.`_bulk`

B.`_ingest/pipeline/_simulate`

C.`_tasks`

D.`_cluster/state`

Explanation: The simulate API runs documents through a pipeline and returns the transformed results without writing to an index. It is the safest way to validate processor behavior before production use.

3Which query is the standard choice for an exact lookup on a `keyword` field such as `status`?

A.`match`

B.`term`

C.`multi_match`

D.`match_phrase`

Explanation: A `term` query looks for the exact indexed value and is the usual choice for `keyword` fields. `match` queries are analyzed and are intended for full-text search on `text` fields.

4Which aggregation groups documents by exact values such as `service.name` or `host.name`?

A.`terms`

B.`avg`

C.`range`

D.`derivative`

Explanation: A `terms` aggregation builds buckets from the exact values of a field. It is one of the most common ways to group documents for top-N style analytics.

5What is the relationship between primary and replica shards?

A.Replica shards accept writes first, then primaries sync later

B.Primary shards handle writes, and replica shards hold copied shard data

C.Replicas are used only for snapshots

D.Primaries and replicas store different field subsets

Explanation: Each primary shard is the authoritative write target, and replica shards maintain copies of that shard's data. Replicas improve fault tolerance and can also help serve search traffic.

6What is the main purpose of a component template?

A.To store reusable mappings, settings, or aliases that multiple index templates can compose

B.To replicate indices across clusters

C.To schedule snapshots automatically

D.To bypass dynamic mapping

Explanation: Component templates package reusable building blocks such as mappings and settings. Index templates can then compose them, which keeps data stream and index designs more consistent and easier to maintain.

7What does green cluster health mean?

A.All primary and replica shards are allocated

B.At least one primary shard is missing

C.The cluster is read-only

D.Snapshots are disabled

Explanation: Green means every primary shard and every configured replica shard is assigned. It is the healthiest state because the cluster has both full availability and full redundancy.

8A team needs exact, case-insensitive matching on an account code such as `ACME-NY-01` without tokenizing it. Which mapping approach is most appropriate?

A.A `text` field with the standard analyzer

B.A `keyword` field with a lowercase normalizer

C.A `date` field with a custom format

D.A `long` field with coercion enabled

Explanation: A `keyword` field keeps the full string as a single term, and a normalizer can lowercase it for case-insensitive exact matching. An analyzer is for `text` fields and would tokenize the value, which is not desired here.

9You need to parse semi-structured log lines with named capture groups and regular expressions. Which processor is designed for that?

A.`dissect`

B.`set`

C.`grok`

D.`append`

Explanation: The `grok` processor uses regular-expression-style patterns to extract structured fields from unstructured text. It is flexible for varied log formats, although it is typically heavier than delimiter-based parsing.

10Which query is the standard choice for full-text search on a `text` field such as `message`?

A.`match`

B.`term`

C.`ids`

D.`exists`

Explanation: A `match` query analyzes the search input and compares it to analyzed terms in the `text` field. That makes it the normal choice for human-language full-text search.

About the Elastic Certified Engineer Exam

Elastic Certified Engineer validates hands-on Elasticsearch skill for indexing, searching, managing data, and operating clusters. Expect performance-based tasks around mappings, ingest pipelines, Query DSL, aggregations, data streams, snapshots, ILM, shard allocation, and troubleshooting on Elasticsearch 8.15.

Assessment

Performance-based hands-on tasks on a live Elasticsearch cluster (Elastic does not publish a fixed task count)

Time Limit

3 hours

Passing Score

Not publicly disclosed by Elastic

Exam Fee

$500 USD per attempt (Elastic)

Elastic Certified Engineer Exam Content Outline

14% (inferred)

Data Modeling

Mappings, field types, multi-fields, analyzers, nested design, dynamic templates, and runtime fields.

18% (inferred)

Query DSL, bool and filter context, sorting, pagination, highlighting, and efficient exact or full-text retrieval.

16% (inferred)

Aggregations

Bucket, metric, and pipeline aggregations used to analyze indexed data and summarize results.

19% (inferred)

Data Processing

Ingest pipelines, grok or dissect processors, enrich policies, transforms, reindexing, and document reshaping.

10% (inferred)

Distributed Datastore

Shards, replicas, routing, refresh behavior, node roles, and allocation decisions in a distributed cluster.

9% (inferred)

Data Management

Index templates, data streams, aliases, rollover, ILM, snapshots, SLM, and restore planning.

14% (inferred)

Cluster Management

Cluster settings, CAT and monitoring APIs, scaling, recovery, rebalancing, and troubleshooting unhealthy clusters.

How to Pass the Elastic Certified Engineer Exam

What You Need to Know

Passing score: Not publicly disclosed by Elastic
Assessment: Performance-based hands-on tasks on a live Elasticsearch cluster (Elastic does not publish a fixed task count)
Time limit: 3 hours
Exam fee: $500 USD per attempt

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

Elastic Certified Engineer Study Tips from Top Performers

1Practice every core workflow in Kibana Dev Tools or curl until index, search, lifecycle, and snapshot APIs feel mechanical.

2Build mappings deliberately before indexing data, because fixing schema mistakes late is slow and often cascades into reindex work.

3Drill ingest pipelines, grok or dissect, enrich, and transforms because Elastic tasks often connect ingestion with search validation.

4Use filter context whenever scoring is unnecessary and verify query behavior by reading raw _search and aggregation responses carefully.

5Rehearse data streams, templates, aliases, rollover, ILM, snapshots, and restore flows so routine administration is fast under time pressure.

6Memorize the first-response triage APIs: _cluster/health, _cat/shards, allocation explain, recovery, and cluster settings should be immediate recall.

Frequently Asked Questions

What is the Elastic Certified Engineer exam format?

Elastic describes Elastic Certified Engineer as a performance-based certification exam. You complete timed, real-world tasks on a live Elasticsearch cluster while a remote proctor watches through the TrueAbility and Honorlock delivery setup.

How many tasks are on the Elastic Certified Engineer exam, and what score do I need to pass?

Elastic does not publicly publish a fixed task count or a public passing score for Elastic Certified Engineer. Plan around completing practical Elasticsearch tasks accurately and efficiently rather than targeting a public item count or cut score.

How long is the Elastic Certified Engineer exam, and how much does it cost?

As of March 11, 2026, Elastic's current public materials list Elastic Certified Engineer as a 3-hour exam that costs $500 USD per attempt. Elastic also states that each purchased exam attempt remains valid for 1 year from the purchase date.

Can I use documentation during the Elastic Certified Engineer exam?

Yes. Elastic says you are allowed to use Elastic's documentation during the exam from the browser inside the exam environment. Other external sites such as Google or Stack Overflow are not allowed during the live exam.

Which Elasticsearch version is used on the exam?

Elastic's current FAQ lists Elasticsearch 8.15 for the Elastic Certified Engineer exam. That means your practice should focus on 8.x APIs and current behaviors around mappings, data streams, ILM, snapshots, and cluster administration.

What are the retake and renewal rules?

If you do not pass, Elastic requires a 14-day wait before you can reattempt the exam, and retakes are not discounted. The certification credential itself is valid for 2 years from the exam date.

What changed for Elastic Certified Engineer in 2026?

As of March 11, 2026, I did not find a separate official 2026 blueprint overhaul or public policy reset for Elastic Certified Engineer. The current public rules still emphasize TrueAbility scheduling, Honorlock proctoring, Elastic-docs-only access during the exam, Linux being unsupported for delivery, and a break of up to 10 minutes that still counts against exam time.