Top
Answers to AWS Interview Questions
1.
Compare between AWS and OpenStack.
|
Criteria |
AWS |
OpenStack |
|
License |
Amazon proprietary |
Open source |
|
Operating system |
Whatever the cloud administrator provides |
Whatever AMIs provided by AWS |
|
Performing repeatable operations |
Through templates |
Through text files |
2.
What is AWS?
AWS (Amazon Web Services) is a platform to provide
secure cloud services, database storage, offerings to compute power, content
delivery, and other services to help business level and develop.
3.
What is the importance of buffer in Amazon Web Services?
An Elastic Load Balancer ensures that the incoming
traffic is distributed optimally across various AWS instances. A buffer
will synchronize different components and makes the arrangement additionally
elastic to a burst of load or traffic. The components are prone to work in an
unstable way of receiving and processing requests. The buffer creates an
equilibrium linking various apparatus and crafts them work at an identical rate
to supply more rapid services.
4.
How are Spot Instance, On-demand Instance, and Reserved Instance different from
one another?
Both Spot Instance and On-demand Instance are
models for pricing.
|
Spot Instance |
On-demand Instance |
|
With Spot Instance, customers can purchase compute
capacity with no upfront commitment at all. |
With On-demand Instance, users can launch
instances at any time based on the demand. |
|
Spot Instances are spare Amazon instances that
you can bid for. |
On-demand Instances are suitable for
high-availability needs of applications. |
|
When the bidding price exceeds the spot price,
the instance is automatically launched, and the spot price fluctuates based
on supply and demand for instances. |
On-demand Instances are launched by users only
with the pay-as-you-go model. |
|
When the bidding price is less than the spot
price, the instance is immediately taken away by Amazon. |
On-demand Instances will remain persistent
without any automatic termination from Amazon. |
|
Spot Instances are charged on an hourly basis. |
On-demand Instances are charged on a per-second
basis |
5.
Your organization has decided to have all their workload on the public cloud.
But, due to certain security concerns, your organization decides to distribute
some of the workload on private servers. You are asked to suggest a cloud
architecture for your organization. What will be your suggestion?
A hybrid cloud. The hybrid cloud architecture is
where an organization can use the public cloud for shared resources and the
private cloud for its confidential workloads.
6.
The data on the root volumes of store-backed and EBS-backed instances get
deleted by default when they are terminated. If you want to prevent that from
happening, which instance would you use?
EBS-backed instances. EBS-backed instances use EBS volume
as their root volume. EBS volume consists of virtual drives that can be easily
backed up and duplicated by snapshots. The biggest advantage of EBS-backed
volumes is that the data can be configured to be stored for later retrieval
even if the virtual machine or the instances are shut down.
7.
Which one of the storage solutions offered by AWS would you use if you need
extremely low pricing and data archiving?
Amazon Glacier. AWS Glacier is an extremely
low-cost storage service offered by Amazon that is used for data archiving and
backup purposes. The longer you store data in Glacier, the lesser it will cost
you.
8.
You have connected four instances to ELB. To automatically terminate your
unhealthy instances and replace them with new ones, which functionality would
you use?
Auto-scaling groups
9.
How will you configure an Amazon S3 bucket to serve static assets for your
public web application?
By configuring the bucket policy to provide public
read access to all object
10.
Your organization wants to send and receive compliance emails to its clients
using its own email address and domain. What service would you suggest for
achieving the same in an easy and cost-effective way?
Amazon Simple Email Service (Amazon SES), which is
a cloud-based email sending service, can be used for this purpose.
11.
Can you launch Amazon Elastic Compute Cloud (EC2) instances with predetermined
private IP addresses? If yes, then with which Amazon service it is possible?
Yes. It is possible by using VPC (Virtual Private
Cloud).
12.
Why do we make subnets?
Creating subnets means dividing a large network
into smaller ones. These subnets can be created for several reasons. For
example, creating and using subnets can help reduce congestion by making sure
that the traffic destined for a subnet stays in that subnet. This helps in
efficiently routing the traffic coming to the network that reduces the
network’s load.
13.
If you launched a standby RDS, will it be launched in the same availability
zone as your primary?
No, standby instances are automatically launched in
different availability zones than the primary, making them physically
independent infrastructures. This is because the whole purpose of standby
instances is to prevent infrastructure failure. So, in case the primary goes
down, the standby instance will help recover all of the data.
14.
Which of the following is a global Content Delivery Network service that
securely delivers data to users with low latency and high transfer speed.
Amazon Cloud Front
15.
Which Amazon solution will you use if you want to accelerate moving petabytes
of data in and out of AWS, using storage devices that are designed to be secure
for data transfer?
Amazon Snowball. AWS Snowball is the data transport
solution for large amounts of data that need to be moved into and out of AWS
using physical storage devices.
16.
If you are running your DB instance as Multi-AZ deployment, can you use standby
DB instances along with your primary DB instance?
No, the standby DB instance cannot be used along
with the primary DB instances since the standby DB instances are supposed to be
used only if the primary instance goes down.
17.
Your organization is developing a new multi-tier web application in AWS. Being
a fairly new and small organization, there’s limited staff. But, the
organization requires high availability. This new application comprises complex
queries and table joins. Which Amazon service will be the best solution for
your organization’s requirements?
Dynamo-DB will be the right choice here since it is
designed to be highly scalable, more than RDS or any other relational database
services.
18.
Your organization is using Dynamo-DB for its application. This application
collects data from its users every 10 minutes and stores it in DynamoDB. Then
every day, after a particular time interval, the data (respective to each user)
is extracted from Dynamo DB and sent to S3. Then, the application visualizes
this data to the users. You are asked to propose a solution to help optimize
the backend of the application for latency at lower cost. What would you
recommend?
ElastiCache. Amazon ElastiCache is a caching
solution offered by Amazon. It can be used to store a cached version of the
application in a region closer to users so that when requests are made by the
users the cached version of the application can respond, and hence latency will
be reduced.
19.
You accidently stopped an EC2 instance in a VPC with an associated Elastic IP.
If you start the instance again, what will be the result?
The data stored on the instance will be lost.
Elastic IP is disassociated from the instance only if the instance is
terminated.
20.
Your organization has around 50 IAM users. Now, it wants to introduce a new
policy that will affect the access permissions of an IAM user. How can it
implement this without having to apply the policy at the individual user level?
It is possible using IAM groups, by adding users in
the groups as per their roles and by simply applying the policy to the groups.
21. I
created a web application with auto scaling. I observed that the traffic on my
application is the highest on Wednesdays and Fridays between 9 AM and 7 PM.
What would be the best solution for me to handle the scaling?
Configure a policy in auto scaling to scale as per
the predictable traffic patterns.
22.
How would you handle a situation where the relational database engine crashes
often whenever the traffic to your RDS instances increases, given that the
replica of RDS instance is not promoted as the master instance?
A bigger RDS instance type needs to be opted for
handling large amounts of traffic, creating manual or automated snapshots to
recover data in case the RDS instance goes down.
23.
Is there a way to upload a file that is greater than 100 megabytes in Amazon
S3?
Yes, it is possible by using multipart upload
utility from AWS. With multipart upload utility, larger files can be uploaded
in multiple parts that are uploaded independently. You can also decrease upload
time by uploading these parts in parallel. After the upload is done, the parts
will be merged into a single object or file to create the original file from
which the parts were created.
24.
Suppose, you hosted an application on AWS that lets the users render images and
do some general computing. Which of the below listed services can you use to
route the incoming user traffic?
·
Classic Load Balancer
·
Application Load Balancer
·
Network Load balancer
Application Load Balancer: It
supports path-based routing of the traffic and hence helps in enhancing the
performance of the application structured as smaller services. Using
application load balancer, the traffic can be routed based on the requests
made. In this case scenario, the traffic where requests are made for rendering
images can be directed to the servers only deployed for rendering images and
the traffic where the requests are made for computing can be directed to the
servers deployed only for general computing purposes.
25.
You have an application running on your Amazon EC2 instance. You want to reduce
the load on your instance as soon as the CPU utilization reaches 100 percent.
How will you do that?
It can be done by creating an auto scaling group to
deploy more instances when the CPU utilization exceeds 100 percent and
distributing traffic among instances by creating a load balancer and
registering the Amazon EC2 instances with it.
26.
What would I have to do if I want to access Amazon Simple Storage buckets and
use the information for access audits?
AWS Cloud Trail can be used in this case as it is
designed for logging and tracking API calls, and it has also been made
available for storage solutions.
27. I
created a key in North Virginia region to encrypt my data in Oregon region. I
also added three users to the key and an external AWS account. Then, to encrypt
an object in S3, when I tried to use the same key, it was not listed. Where did
I go wrong?
The data and the key should be in the same region.
That is, the data that has to be encrypted should be in the same region as the
one in which the key was created. In this case, the data is in Oregon region,
whereas the key is created in North Virginia region.
28.
Suppose, I created a subnet and launched an EC2 instance in the subnet with
default settings. Which of the following options will be ready to use on the
EC2 instance as soon as it is launched?
·
Elastic IP
·
Private IP
·
Public IP
·
Internet Gateway
Private IP. Private IP is automatically assigned to
the instance as soon as it is launched. While elastic IP has to be set
manually, Public IP needs an Internet Gateway which again has to be created
since it’s a new VPC.
29.
Your organization has four instances for production and another four for
testing. You are asked to set up a group of IAM users that can only access the
four production instances and not the other four testing instances. How will
you achieve this?
We can achieve this by defining tags on the test
and production instances and then adding a condition to the IAM policy that
allows access to specific tags.
30.
What is the maximum number of S3 buckets you can create?
·
50
·
20
·
70
·
100
100
31.
Your organization wants to monitor the read and write IOPS for its AWS MySQL
RDS instance and then send real-time alerts to its internal operations team.
Which service offered by Amazon can help your organization achieve this
scenario?
Amazon Cloud Watch would help us achieve this.
Since Amazon Cloud Watch is a monitoring tool offered by Amazon, it’s the right
service to use in the above-mentioned scenario.
32.
Which of the following services can be used if you want to capture client
connection information from your load balancer at a particular time interval?
·
Enabling access logs on your load balancer
·
Enabling Cloud Trail for your load balancer
·
Enabling Cloud Watch metrics for your load balancer
Enabling Cloud Trail for your load balancer. AWS
Cloud Trail is an inexpensive log monitoring solution provided by Amazon. It
can provide logging information for load balancer or any other AWS resources.
The provided information can further be used for analysis.
33.
You have created a VPC with private and public subnets. In what kind of subnet
would you launch the database servers?
Database servers should be ideally launched in
private subnets. Private subnets are ideal for the backend services and
databases of all applications since they are not meant to be accessed by the
users of the applications, and private subnets are not routable from the
Internet.
34.
Is it possible to switch from an Instance-backed root volume to an EBS-backed
root volume at any time?
No, it is not possible.
35.
How can you save the data on root volume on an EBS-backed machine?
By overriding the terminate option
36.
When should you use the classic load balancer and the application load
balancer?
The classic load balancer is used for simple load
balancing of traffic across multiple EC2 instances. While, the application load
balancing is used for more intelligent load balancing, based on the multi-tier
architecture or container-based architecture of the application. Application
load balancing is mostly used when there is a need to route traffic to multiple
services.
37.
Can you change the instance type of the instances that are running in your
application tier and are also using auto scaling? If yes, then how? (Choose one
of the following)
·
Yes, by modifying auto scaling launch configuration
·
Yes, by modifying auto scaling tags configuration
·
Yes, by modifying auto scaling policy configuration
·
No, it cannot be changed
Yes, the instance type of such instances can be
changed by modifying auto scaling launch configuration. The tags configuration
is used to add metadata to the instances.
38.
Can you name the additional network interface that can be created and attached
to your Amazon EC2 instance launched in your VPC?
Elastic Network Interface
39.
Out of the following options, where does the user specify the maximum number of
instances with the auto scaling commands?
·
Auto scaling policy configuration
·
Auto scaling group
·
Auto scaling tags configuration
·
Auto scaling launch configuration
Auto scaling launch configuration
40.
Which service provided by AWS can you use to transfer objects from your data
center, when you are using Amazon Cloud Front?
Amazon Direct Connect. It is a network service that
acts as an alternative to using the Internet to connect customers in on premise
sites with AWS.
41.
You have deployed multiple EC2 instances across multiple availability zones to
run your website. You have also deployed a Multi-AZ RDS MySQL Extra Large DB
Instance. The site performs a high number of small read and write operations
per second. After some time, you observed that there is read contention on RDS
MySQL. What would be your approach to resolve the contention and optimize your
website?
We can deploy ElastiCache in memory cache running
in every availability zone. This will help in creating a cached version of the
website for faster access in each availability zone. We can also add RDS MySQL
read replica in each availability zone that can help in efficient and better
performance for read operations. So, there will not be any increased workload
on RDS MySQL instance, hence resolving the contention issue.
42.
Your company wants you to propose a solution so that the company’s data center
can be connected to Amazon cloud network. What would be your proposal?
The data center can be connected to Amazon cloud
network by establishing a virtual private network (VPN) between the VPC and the
data center. Virtual private network lets you establish a secure pathway or
tunnel from your premise or device to AWS global network.
43.
Which of the following Amazon Services would you choose if you want complex
querying capabilities but not a whole data warehouse?
·
RDS
·
Redshift
·
ElastiCache
·
Dynamo DB
Amazon RDS
44.
You want to modify the security group rules while it is being used by multiple
EC2 instances. Will you be able to do that? If yes, will the new rules be
implemented on all previously running EC2 instances that were using that
security group?
Yes, the security group that is being used by
multiple EC2 instances can be modified. The changes will be implemented
immediately and be applied to all the previously running EC2 instances without
restarting the instances
45.
Which one of the following is a structured data store that supports indexing
and data queries to both EC2 and S3?
·
Dynamo DB
·
MySQL
·
Aurora
·
Simple DB
Simple DB
46.
How many total VPCs per account/region and subnets per VPC can you have?
·
4, 100
·
7, 40
·
5, 200
·
3, 150
5, 200
47.
Which service offered by Amazon will you choose if you want to collect and
process e-commerce data for near real-time analysis? (Choose any two)
·
Dynamo DB
·
Redshift
·
Aurora
·
Simple DB
Dynamo DB. Dynamo DB is a fully managed NoSQL
database service that can be fed any type of unstructured data. Hence, Dynamo
DB is the most apt choice for collecting data from e-commerce websites.
For near real-time analysis, we can use Amazon
Redshift.
48.
If in Cloud Front the content is not present at an edge location, what will
happen when a request is made for that content?
Cloud Front will deliver the content directly from
the origin server. It will also store the content in the cache of the edge
location where the content was missing.
49.
Can you change the private IP address of an EC2 instance while it is in running
or in a stopped state?
No, it cannot be changed. When an EC2 instance is
launched, a private IP address is assigned to that instance at the boot time.
This private IP address is attached to the instance for its entire lifetime and
can never be changed.
50.
Which of the following options will you use if you have to move data over long
distances using the Internet, from instances that are spread across countries
to your Amazon S3 bucket?
·
Amazon Cloud Front
·
Amazon Transfer Acceleration
·
Amazon Snowball
·
Amazon Glacier
Amazon Transfer Acceleration. It throttles the data
transfer up to 300 percent using optimized network paths and Amazon Content
Delivery Network. Snowball cannot be used here as this service does not support
cross-region data transfer.
51.
Which of the following services is a data storage system that also has REST API
interface and uses secure HMAC-SHA1 authentication keys?
·
Amazon Elastic Block Store
·
Amazon Snapshot
·
Amazon S3
Amazon S3. It gets various requests from
applications, and it has to identify which requests are to be allowed and which
to be denied. Amazon S3 REST API uses a custom HTTP scheme based on a keyed
HMAC for authentication of requests.
52.
What kind of IP address can you use for your customer gateway (CGW) address?
We can use the Internet routable IP address, which
is a public IP address of your NAT device.
53.
Which of the following is not an option in security groups?
·
List of users
·
Posts
·
IP addresses
·
List of protocols
List of users
1. Define and explain the
three basic types of cloud services and the AWS products that are built based
on them?
The three basic types of cloud services are:
·
Computing
·
Storage
·
Networking
Here are some of the AWS products that are built
based on the three cloud service types:
Computing - These include EC2, Elastic Beanstalk, Lambda,
Auto-Scaling, and light sat.
Storage - These include S3, Glacier, Elastic Block Storage, and Elastic
File System.
Networking - These include VPC, Amazon Cloud Front, Route53
2. What is the relation
between the Availability Zone and Region?
AWS regions are separate geographical areas, like
the US-West 1 (North California) and Asia South (Mumbai). On the other hand,
availability zones are the areas that are present inside the regions. These are
generally isolated zones that can replicate themselves whenever required.
3. What is auto-scaling?
Auto-scaling is a function that allows you to
provision and launch new instances whenever there is a demand. It allows you to
automatically increase or decrease resource capacity in relation to the demand.
4. What is geo-targeting in
Cloud Front?
Geo-Targeting is a concept where businesses can show
personalized content to their audience based on their geographic location
without changing the URL. This helps you create customized content for the
audience of a specific geographical area, keeping their needs in the forefront.
5. What are the steps
involved in a Cloud Formation Solution?
Here are the steps involved in a Cloud Formation
solution:
1.
Create or use an existing Cloud
Formation template using JSON or YAML format.
2.
Save the code in an S3 bucket,
which serves as a repository for the code.
3.
Use AWS Cloud Formation to call
the bucket and create a stack on your template.
4.
Cloud Formation reads the file
and understands the services that are called, their order, the relationship
between the services, and provisions the services one after the other.
6. How do you upgrade or
downgrade a system with near-zero downtime?
You can upgrade or downgrade a system with near-zero
downtime using the following steps of migration:
·
Open EC2 console
·
Choose Operating System AMI
·
Launch an instance with the new
instance type
·
Install all the updates
·
Install applications
·
Test the instance to see if it’s
working
·
If working, deploy the new
instance and replace the older instance
·
Once it’s deployed, you can
upgrade or downgrade the system with near-zero downtime.
7. What are the tools and
techniques that you can use in AWS to identify if you are paying more than you
should be, and how to correct it?
You can know that you are paying the correct amount
for the resources that you are using by employing the following resources:
·
Check the Top Services Table
It is a dashboard in the cost management console
that shows you the top five most used services. This will let you know how much
money you are spending on the resources in question.
·
Cost Explorer
There are cost explorer services available which
will help you to view and analyse your usage costs for the last 13 months. You
can also get a cost forecast for the upcoming three months.
·
AWS Budgets
This allows you to plan a budget for the services.
Also, it will enable you to check if the current plan meets your budget and the
details of how you use the services.
·
Cost Allocation Tags
This helps in identifying the resource that has cost
more in a particular month. It lets you organize your resources and cost
allocation tags to keep track of your AWS costs.
8. Is there any other
alternative tool to log into the cloud environment other than console?
These can help you log into the AWS resources are:
·
Putty
·
AWS CLI for Linux
·
AWS CLI for Windows
·
AWS CLI for Windows CMD
·
AWS SDK
·
Eclipse
9. What services can be
used to create a centralized logging solution?
The essential services that you can use are Amazon Cloud
Watch Logs, store them in Amazon S3, and then use Amazon Elastic Search to
visualize them. You can use Amazon Kinesis Firehose to move the data from
Amazon S3 to Amazon Elastic Search.
10. What are the native AWS
Security logging capabilities?
Most of the AWS services have their logging options.
Also, some of them have an account level logging, like in AWS Cloud Trail, AWS
Config, and others. Let’s take a look at two services in specific:
AWS Cloud Trail
This is a service that provides a history of the AWS
API calls for every account. It lets you perform security analysis, resource
change tracking, and compliance auditing of your AWS environment as well. The
best part about this service is that it enables you to configure it to send
notifications via AWS SNS when new logs are delivered.
AWS Config
This helps you understand the configuration changes
that happen in your environment. This service provides an AWS inventory that
includes configuration history, configuration change notification, and
relationships between AWS resources. It can also be configured to send information
via AWS SNS when new logs are delivered.
11. What is a DDoS attack,
and what services can minimize them?
DDoS is a cyber-attack in which the perpetrator
accesses a website and creates multiple sessions so that the other legitimate
users cannot access the service. The native tools that can help you deny the
DDoS attacks on your AWS services are:
·
AWS Shield
·
AWS WAF
·
Amazon Route53
·
Amazon Cloud Front
·
ELB
·
VPC
12. You are trying to
provide a service in a particular region, but you do not see the service in
that region. Why is this happening, and how do you fix it?
Not all Amazon AWS services are available in all
regions. When Amazon initially launches a new service, it doesn’t get
immediately published in all the regions. They start small and then slowly
expand to other regions. So, if you don’t see a specific service in your
region, chances are the service hasn’t been published in your region yet.
However, if you want to get the service that is not available, you can switch
to the nearest region that provides the services.
13. How do you set up a
system to monitor website metrics in real-time in AWS?
Amazon Cloud Watch helps you to monitor the
application status of various AWS services and custom events. It helps you to
monitor:
·
State changes in Amazon EC2
·
Auto-scaling lifecycle events
·
Scheduled events
·
AWS API calls
·
Console sign-in events
14. What are the different
types of virtualization in AWS, and what are the differences between them?
The three major types of virtualization in AWS
are:
·
Hardware Virtual Machine (HVM)
It is a fully virtualized hardware, where all the
virtual machines act separate from each other. These virtual machines boot by
executing a master boot record in the root block device of your image.
·
Para virtualization (PV)
Para virtualization-GRUB is the bootloader that
boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
·
Para virtualization on HVM
PV on HVM helps operating systems take advantage of
storage and network I/O available through the host.
15. Name some of the AWS
services that are not region-specific
AWS services that are not region-specific are:
·
IAM
·
Route 53
·
Web Application Firewall
·
Cloud Front
16. What are the
differences between NAT Gateways and NAT Instances?
While both NAT Gateways and NAT Instances serve the
same function, they still have some key differences.
AWS Interview Questions for
Amazon EC2
17. What is the difference
between stopping and terminating an EC2 instance?
While you may think that both stopping and
terminating are the same, there is a difference. When you stop an EC2 instance,
it performs a normal shutdown on the instance and moves to a stopped state.
However, when you terminate the instance, it is transferred to a stopped state,
and the EBS volumes attached to it are deleted and can never be
recovered.
18. What are the different
types of EC2 instances based on their costs?
The three types of EC2 instances are:
·
On-demand Instance
It is cheap for a short time but not when taken for
the long term
·
Spot Instance
It is less expensive than the on-demand instance and
can be bought through bidding.
·
Reserved Instance
If you are planning to use an instance for a year or
more, then this is the right one for you.
19. How do you set up SSH
agent forwarding so that you do not have to copy the key every time you log in?
Here’s how you accomplish this:
1.
Go to your Putty Configuration
2.
Go to the category SSH ->
Auth
3.
Enable SSH agent forwarding to
your instance
20. What are Solaris and
AIX operating systems? Are they available with AWS?
Solaris is an operating system that uses SPARC
processor architecture, which is not supported by the public cloud
currently.
AIX is an operating system that runs only on Power
CPU and not on Intel, which means that you cannot create AIX instances in EC2.
Since both the operating systems have their
limitations, they are not currently available with AWS.
21. How do you configure Cloud
Watch to recover an EC2 instance?
Here’s how you can configure them:
·
Create an Alarm using Amazon Cloud
Watch
·
In the Alarm, go to Define Alarm
-> Actions tab
·
Choose Recover this instance
option
22. What are the common
types of AMI designs?
There are many types of AMIs, but some of the common
AMIs are:
·
Fully Baked AMI
·
Just Enough Baked AMI (JeOS AMI)
·
Hybrid AMI
23. How can you recover/login
to an EC2 instance for which you have lost the key?
Follow the steps provided below to recover an EC2
instance if you have lost the key:
1.
Verify that the EC2Config
service is running
2.
Detach the root volume for the
instance
3.
Attach the volume to a temporary
instance
4.
Modify the configuration file
5.
Restart the original instance
24. What are some critical
differences between AWS S3 and EBS?
Here are some differences between AWS S3 and EBS
25. How do you allow a user
to gain access to a specific bucket?
You need to follow the four steps provided below to
allow access. They are:
1.
Categorize your instances
2.
Define how authorized users can
manage specific servers.
3.
Lockdown your tags
4.
Attach your policies to IAM
users
26. How can you monitor S3
cross-region replication to ensure consistency without actually checking the
bucket?
Follow the flow diagram provided below to monitor S3
cross-region replication:
AWS Interview Questions for
VPC
27. VPC is not resolving
the server through DNS. What might be the issue, and how can you fix it?
To fix this problem, you need to enable the DNS
hostname resolution, so that the problem resolves itself.
28. How do you connect
multiple sites to a VPC?
If you have multiple VPN connections, you can
provide secure communication between sites using the AWS VPN Cloud Hub. Here’s
a diagram that will show you how to connect various sites to a VPC:
29. Name and explain some
security products and features available in VPC?
Here is a selection of security products and
features:
·
Security groups -
This acts as a firewall for the EC2 instances, controlling inbound and outbound
traffic at the instance level.
·
Network access control lists -
It acts as a firewall for the subnets, controlling inbound and outbound traffic
at the subnet level.
·
Flow logs - These capture
the inbound and outbound traffic from the network interfaces in your VPC.
30. How do you monitor
Amazon VPC?
You can monitor VPC by using:
·
Cloud Watch and Cloud Watch logs
·
VPC Flow Logs
31. How can you add an
existing instance to a new Auto Scaling group?
Here’s how you can add an existing instance to a new
Auto Scaling group:
·
Open EC2 console
·
Select your instance under
Instances
·
Choose Actions -> Instance
Settings -> Attach to Auto Scaling Group
·
Select a new Auto Scaling group
·
Attach this group to the
Instance
·
Edit the Instance if needed
·
Once done, you can successfully
add the instance to a new Auto Scaling group
32. What are the factors to
consider while migrating to Amazon Web Services?
Here are the factors to consider during AWS
migration:
·
Operational Costs - These
include the cost of infrastructure, ability to match demand and supply,
transparency, and others.
·
Workforce Productivity
·
Cost avoidance
·
Operational resilience
·
Business agility
33. What is RTO and RPO in
AWS?
RTO or Recovery Time Objective is the maximum time
your business or organization is willing to wait for a recovery to complete in
the wake of an outage. On the other hand, RPO or Recovery Point Objective is
the maximum amount of data loss your company is willing to accept as measured
in time.
34. If you would like to
transfer vast amounts of data, which is the best option among Snowball,
Snowball Edge, and Snowmobile?
AWS Snowball is basically a data transport solution
for moving high volumes of data into and out of a specified AWS region. On the
other hand, AWS Snowball Edge adds additional computing functions apart from
providing a data transport solution. The snowmobile is an Exabyte-scale
migration service that allows you to transfer data up to 100 PB.
35. How is AWS Cloud
Formation different from AWS Elastic Beanstalk?
Here are some differences between AWS Cloud
Formation and AWS Elastic Beanstalk:
·
AWS Cloud Formation helps you
provision and describe all of the infrastructure resources that are present in
your cloud environment. On the other hand, AWS Elastic Beanstalk provides an
environment that makes it easy to deploy and run applications in the cloud.
·
AWS Cloud Formation supports the
infrastructure needs of various types of applications, like legacy applications
and existing enterprise applications. On the other hand, AWS Elastic Beanstalk
is combined with the developer tools to help you manage the lifecycle of your
applications.
36. What are the elements
of an AWS Cloud Formation template?
AWS Cloud Formation templates are YAML or JSON
formatted text files that are comprised of five essential elements, they are:
·
Template parameters
·
Output values
·
Data tables
·
Resources
·
File format version
37. What happens when one
of the resources in a stack cannot be created successfully?
If the resource in the stack cannot be created, then
the Cloud Formation automatically rolls back and terminates all the resources
that were created in the Cloud Formation template. This is a handy feature when
you accidentally exceed your limit of Elastic IP addresses or don’t have access
to an EC2 AMI.
38. How can you automate
EC2 backup using EBS?
Use the following steps in order to automate EC2 backup
using EBS:
1.
Get the list of instances and
connect to AWS through API to list the Amazon EBS volumes that are attached
locally to the instance.
2.
List the snapshots of each
volume, and assign a retention period of the snapshot. Later on, create a snapshot
of each volume.
3.
Make sure to remove the snapshot
if it is older than the retention period.
39. What is the difference
between EBS and Instance Store?
EBS is a kind of permanent storage in which the data
can be restored at a later point. When you save data in the EBS, it stays even
after the lifetime of the EC2 instance. On the other hand, Instance Store is
temporary storage that is physically attached to a host machine. With an
Instance Store, you cannot detach one instance and attach it to another. Unlike
in EBS, data in an Instance Store is lost if any instance is stopped or
terminated.
40. Can you take a backup
of EFS like EBS, and if yes, how?
Yes, you can use the EFS-to-EFS backup solution to
recover from unintended changes or deletion in Amazon EFS. Follow these steps:
1.
Sign in to the AWS Management
Console
2.
Click the launch
EFS-to-EFS-restore button
3.
Use the region selector in the
console navigation bar to select region
4.
Verify if you have chosen the
right template on the Select Template page
5.
Assign a name to your solution
stack
6.
Review the parameters for the
template and modify them if necessary
41. How do you auto-delete
old snapshots?
Here’s the procedure for auto-deleting old
snapshots:
·
As per procedure and best
practices, take snapshots of the EBS volumes on Amazon S3.
·
Use AWS Ops Automaton to handle
all the snapshots automatically.
·
This allows you to create, copy,
and delete Amazon EBS snapshots.
42. What are the different
types of load balancers in AWS?
There are three types of load balancers that are
supported by Elastic Load Balancing:
1.
Application Load Balancer
2.
Network Load Balancer
3.
Classic Load Balancer
43. What are the different
uses of the various load balancers in AWS Elastic Load Balancing?
Application Load Balancer
Used if you need flexible application management and
TLS termination.
Network Load Balancer
Used if you require extreme performance and static
IPs for your applications.
Classic Load Balancer
Used if your application is built within the EC2
Classic network
44. How can you use AWS WAF
in monitoring your AWS applications?
AWS WAF or AWS Web Application Firewall protects
your web applications from web exploitations. It helps you control the traffic
flow to your applications. With WAF, you can also create custom rules that block
common attack patterns. It can be used for three cases: allow all requests,
prevent all requests, and count all requests for a new policy.
45. What are the different
AWS IAM categories that you can control?
Using AWS IAM, you can do the following:
·
Create and manage IAM users
·
Create and manage IAM groups
·
Manage the security credentials
of the users
·
Create and manage policies to
grant access to AWS services and resources
46. What are the policies
that you can set for your users’ passwords?
Here are some of the policies that you can set:
·
You can set a minimum length of
the password, or you can ask the users to add at least one number or special
characters in it.
·
You can assign requirements of
particular character types, including uppercase letters, lowercase letters,
numbers, and non-alphanumeric characters.
·
You can enforce automatic
password expiration, prevent reuse of old passwords, and request for a password
reset upon their next AWS sign in.
·
You can have the AWS users
contact an account administrator when the user has allowed the password to
expire.
47. What is the difference
between an IAM role and an IAM user?
The two key differences between the IAM role and IAM
user are:
·
An IAM role is an IAM entity
that defines a set of permissions for making AWS service requests, while an IAM
user has permanent long-term credentials and is used to interact with the AWS
services directly.
·
In the IAM role, trusted
entities, like IAM users, applications, or an AWS service, assume roles whereas
the IAM user has full access to all the AWS IAM functionalities.
48. What are the managed
policies in AWS IAM?
There are two types of managed policies; one that is
managed by you and one that is managed by AWS. They are IAM resources that
express permissions using IAM policy language. You can create, edit, and manage
them separately from the IAM users, groups, and roles to which they are
attached.
49. Can you give an example
of an IAM policy and a policy summary?
Here’s an example of an IAM policy to grant access
to add, update, and delete objects from a specific folder.
Here’s the example of a policy summary:
50. How does AWS IAM help
your business?
IAM enables to:
·
Manage IAM users and their access -
AWS IAM provides secure resource access to multiple users
·
Manage access for federated users –
AWS allows you to provide secure access to resources in your AWS account to
your employees and applications without creating IAM roles
51. What is the difference
between Latency Based Routing and Geo DNS?
The Geo Based DNS routing takes decisions based on
the geographic location of the request. Whereas, the Latency Based Routing
utilizes latency measurements between networks and AWS data centers. Latency
Based Routing is used when you want to give your customers the lowest latency
possible. On the other hand, Geo Based routing is used when you want to direct
the customer to different websites based on the country or region they are
browsing from.
52. What is the difference
between a Domain and a Hosted Zone?
Domain
A domain is a collection of data describing a
self-contained administrative and technical unit. For
example, www.simplilearn.com is a domain and a general DNS concept.
Hosted zone
A hosted zone is a container that holds information
about how you want to route traffic on the internet for a specific domain. For
example, lms.simplilearn.com is a hosted zone.
53. How does Amazon Route
53 provide high availability and low latency?
Here’s how Amazon Route 53 provides the resources in
question:
Globally Distributed Servers
Amazon is a global service and consequently has DNS
services globally. Any customer creating a query from any part of the world
gets to reach a DNS server local to them that provides low latency.
Dependency
Route 53 provides a high level of dependability
required by critical applications
Optimal Locations
Route 53 uses a global any cast network to answer
queries from the optimal position automatically.
54. How does AWS Config
work with AWS Cloud Trail?
AWS Cloud Trail records user API activity on your
account and allows you to access information about the activity. Using Cloud
Trail, you can get full details about API actions such as the identity of the
caller, time of the call, request parameters, and response elements. On the
other hand, AWS Config records point-in-time configuration details for your AWS
resources as Configuration Items (CIs).
You can use a CI to ascertain what your AWS resource
looks like at any given point in time. Whereas, by using Cloud Trail, you can
quickly answer who made an API call to modify the resource. You can also use
Cloud Trail to detect if a security group was incorrectly configured.
55. Can AWS Config
aggregate data across different AWS accounts?
Yes, you can set up AWS Config to deliver
configuration updates from different accounts to one S3 bucket, once the
appropriate IAM policies are applied to the S3 bucket.
Check out the video given below for a detailed
explanation of the most frequently asked AWS Interview Questions and Answers -
AWS Interview Questions
for Database
56. How are reserved
instances different from on-demand DB instances?
Reserved instances and on-demand instances are the
same when it comes to function. They only differ in how they are billed.
Reserved instances are purchased as one-year or
three-year reservations, and in return, you get very low hourly based pricing
when compared to the on-demand cases that are billed on an hourly basis.
57. Which type of scaling
would you recommend for RDS and why?
There are two types of scaling - vertical scaling
and horizontal scaling. Vertical scaling lets you vertically scale up your
master database with the press of a button. A database can only be scaled
vertically, and there are 18 different instances in which you can resize the
RDS. On the other hand, horizontal scaling is good for replicas. These are
read-only replicas that can only be done through Amazon Aurora.
58. What is a maintenance
window in Amazon RDS? Will your DB instance be available during maintenance
events?
RDS maintenance window lets you decide when DB
instance modifications, database engine version upgrades, and software patching
have to occur. The automatic scheduling is done only for patches that are
related to security and durability. By default, there is a 30-minute value
assigned as the maintenance window and the DB instance will still be available
during these events though you might observe a minimal effect on performance.
59. What are the
consistency models in Dynamo DB?
There are two consistency models In Dynamo DB.
First, there is the Eventual Consistency Model, which maximizes your read
throughput. However, it might not reflect the results of a recently completed
write. Fortunately, all the copies of data usually reach consistency within a
second. The second model is called the Strong Consistency Model. This model has
a delay in writing the data, but it guarantees that you will always see the
updated data every time you read it.
60. What type of query
functionality does Dynamo DB support?
Dynamo DB supports GET/PUT operations by using a
user-defined primary key. It provides flexible querying by letting you query on
non-primary vital attributes using global secondary indexes and local secondary
indexes.
1. Suppose you are a game
designer and want to develop a game with single-digit millisecond latency,
which of the following database services would you use?
Amazon Dynamo DB
2. If you need to perform
real-time monitoring of AWS services and get actionable insights, which
services would you use?
Amazon Cloud Watch
3. As a web developer, you
are developing an app, targeted primarily for the mobile platform. Which of the
following lets you add user sign-up, sign-in, and access control to your web
and mobile apps quickly and easily?
Amazon Cognito
4. You are a Machine
Learning Engineer who is on the lookout for a solution that will discover
sensitive information that your enterprise stores in AWS and then use NLP to
classify the data and provide business-related insights. Which among the
services would you choose?
AWS Macie
5. You are the system
administrator in your company, which is running most of its infrastructure on
AWS. You are required to track your users and keep tabs on how they are being
authenticated. You wish to create and manage AWS users and use permissions to
allow and deny their access to AWS resources. Which of the following services
suits you best?
AWS IAM
6. Which service do you use
if you want to allocate various private and public IP addresses to make them
communicate with the internet and other instances?
Amazon VPC
7. This service provides
you with cost-efficient and resizable capacity while automating time-consuming
administration tasks
Amazon Relational Database Service
8. Which of the following
is a means for accessing human researchers or consultants to help solve
problems on a contractual or temporary basis?
Amazon Mechanical Turk
9. This service is used to
make it easy to deploy, manage, and scale containerized applications using
Kubernetes on AWS. Which of the following is this AWS service?
Amazon Elastic Container Service
10. This service lets you
run code without provisioning or managing servers. Select the correct service
from the below options
AWS Lambda
11. As an AWS Developer,
using this pay-per-use service, you can send, store, and receive messages
between software components. Which of the following is it?
Amazon Simple Queue Service
12. Which service do you
use if you would like to host real-time audio and video conferencing
application on AWS, this service provides you with a secure and easy-to-use
application?
Amazon Chime
1. Suppose you are a game
designer and want to develop a game with single-digit millisecond latency,
which of the following database services would you use?
1.
Amazon RDS
2.
Amazon Neptune
3.
Amazon Snowball
4.
Amazon Dynamo DB
2. If you need to perform
real-time monitoring of AWS services and get actionable insights, which
services would you use?
1.
Amazon Firewall Manager
2.
Amazon Guard Duty
3.
Amazon Cloud Watch
4.
Amazon EBS
3. As a web developer, you
are developing an app, targeted especially for the mobile platform. Which of
the following lets you add user sign-up, sign-in, and access control to your
web and mobile apps quickly and easily?
1.
AWS Shield
2.
AWS Macie
3.
AWS Inspector
4.
Amazon Cognito
4. You are a Machine
Learning Engineer who is on the lookout for a solution that will discover
sensitive information that your enterprise stores in AWS and then use NLP to
classify the data and provide business-related insights. Which among the
services would you choose?
1.
AWS Firewall Manager
2.
AWS IAM
3.
AWS Macie
4.
AWS CloudHSM
5. You are the system
administrator in your company, which is running most of its infrastructure on
AWS. You are required to track your users and keep tabs on how they are being
authenticated. You wish to create and manage AWS users and use permissions to
allow and deny their access to AWS resources. Which of the following services
suits you best?
1.
AWS Firewall Manager
2.
AWS Shield
3.
Amazon API Gateway
4.
AWS IAM
6. Which service do you use
if you want to allocate various private and public IP addresses in order to
make them communicate with the internet and other instances?
1.
Amazon Route 53
2.
Amazon VPC
3.
Amazon API Gateway
4.
Amazon Cloud Front
7. This service provides
you with cost-efficient and resizable capacity while automating time-consuming
administration tasks
1.
Amazon Relational Database Service
2.
Amazon ElastiCache
3.
Amazon VPC
4.
Amazon Glacier
8. Which of the following
is a means for accessing human researchers or consultants to help solve
problems on a contractual or temporary basis?
1.
Amazon Mechanical Turk
2.
Amazon Elastic MapReduce
3.
Amazon DevPay
4.
Multi-Factor Authentication
9. This service is used to
make it easy to deploy, manage, and scale containerized applications using
Kubernetes on AWS. Which of the following is this AWS service?
1.
Amazon Elastic Container Service
2.
AWS Batch
3.
AWS Elastic Beanstalk
4.
Amazon LightSail
10. This service lets you
run code without provisioning or managing servers. Select the correct service
from the below options
1.
Amazon EC2 Auto Scaling
2.
AWS Lambda
3.
AWS Batch
4.
Amazon Inspector
11. As an AWS Developer,
using this pay-per-use service, you can send, store and receive messages
between software components. Which of the following is it?
1.
AWS Step Functions
2.
Amazon MQ
3.
Amazon Simple Queue Service
4.
Amazon Simple Notification
Service
12. Which service do you
use if you would like to host real-time audio and video conferencing
application on AWS, this service provides you with a secure and easy-to-use
application?
1.
Amazon Chime
2.
Amazon Workspaces
3.
Amazon MQ
4.
Amazon AppStream
13. As your company's AWS
Solutions Architect, you are in charge of designing thousands of similar
individual jobs. Which of the following services best meets your requirements?
1.
AWS EC2 Auto Scaling
2.
AWS Snowball
3.
AWS Fargate
4.
AWS Batch
14. You are a Machine
Learning engineer and you are looking for a service that helps you build and
train Machine Learning models in AWS. Which among the following are we
referring to?
1.
Amazon Sage Maker
2.
AWS Deep Lens
3.
Amazon Comprehend
4.
Device Farm
15. Imagine that you are
working for your company's IT team. You are assigned to adjusting the capacity
of AWS resources based on the incoming application and network traffic. How
would you do it?
1.
Amazon VPC
2.
AWS IAM
3.
Amazon Inspector
4.
Amazon Elastic Load Balancing
16. This cross-platform video
game development engine that supports PC, Xbox, PlayStation, iOS, and Android
platforms allows developers to build and host their games on Amazon's servers.
1.
Amazon Game Lift
2.
AWS Green grass
3.
Amazon Lumberyard
4.
Amazon Sumerian
17. You are the Project Manager
of your company's Cloud Architects team. You are required to visualize,
understand and manage your AWS costs and usage over time. Which of the
following services works best?
1.
AWS Budgets
2.
AWS Cost Explorer
3.
Amazon Work Mail
4.
Amazon Connect
18. You are the chief Cloud
Architect at your company. How can you automatically monitor and adjust
computer resources to ensure maximum performance and efficiency of all scalable
resources?
1.
AWS Cloud Formation
2.
AWS Aurora
3.
AWS Auto Scaling
4.
Amazon API Gateway
19. as a database
administrator. You will employ a service that is used to set up and manage
databases such as MySQL, Maria DB, and PostgreSQL. Which service are we
referring to?
1.
Amazon Aurora
2.
AWS RDS
3.
Amazon ElastiCache
4.
AWS Database Migration Service
20. A part of your
marketing work requires you to push messages onto Google, Facebook, Windows,
and Apple through APIs or AWS Management Console. Which of the following
services do you use?
1.
AWS Cloud Trail
2.
AWS Config
3.
Amazon Chime
4.
AWS Simple Notification Service
No comments:
Post a Comment