AWS

Question 1

What is auto-scaling?

Answer 1

Auto-scaling is a function that allows you to provision and launch new instances whenever there is a demand. It allows you to automatically increase or decrease resource capacity in relation to the demand.

Question 2

What is geo-targeting in CloudFront?

Answer 2

Geo-Targeting is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps you create customized content for the audience of a specific geographical area, keeping their needs in the forefront.

Question 3

How do you upgrade or downgrade a system with near-zero downtime?

Answer 3

You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:

• Open EC2 console
• Choose Operating System AMI
• Launch an instance with the new instance type
• Install all the updates
• Install applications
• Test the instance to see if it’s working
• If working, deploy the new instance and replace the older instance
• Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.
  Take home these interview Q&As and get much more. Download the complete AWS Interview Guide here:

Question 4

What are the tools and techniques that you can use in AWS to identify if you are paying more than you should be, and how to correct it?

Answer 4

You can know that you are paying the correct amount for the resources that you are using by employing the following resources:

• Check the Top Services Table
  It is a dashboard in the cost management console that shows you the top five most used services. This will let you know how much money you are spending on the resources in question.
• Cost Explorer
  There are cost explorer services available that will help you to view and analyze your usage costs for the last 13 months. You can also get a cost forecast for the upcoming three months.
• AWS Budgets
  This allows you to plan a budget for the services. Also, it will enable you to check if the current plan meets your budget and the details of how you use the services.
• Cost Allocation Tags
  This helps in identifying the resource that has cost more in a particular month. It lets you organize your resources and cost allocation tags to keep track of your AWS costs.

Question 5

Is there any other alternative tool to log into the cloud environment other than console?

Answer 5

The that can help you log into the AWS resources are:

• Putty
• AWS CLI for Linux
• AWS CLI for Windows
• AWS CLI for Windows CMD
• AWS SDK
• Eclipse

Question 6

What services can be used to create a centralized logging solution?

Answer 6

The essential services that you can use are Amazon CloudWatch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon ElasticSearch.

Question 7

What are the native AWS Security logging capabilities?

Answer 7

Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS CloudTrail, AWS Config, and others. Let’s take a look at two services in specific:

AWS CloudTrail
This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.

**AWS Config **
This helps you understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.

Question 8

What is a DDoS attack, and what services can minimize them?

Answer 8

DDoS is a cyber-attack in which the perpetrator accesses a website and creates multiple sessions so that the other legitimate users cannot access the service. The native tools that can help you deny the DDoS attacks on your AWS services are:

• AWS Shield
• AWS WAF
• Amazon Route53
• Amazon CloudFront
• ELB
• VPC

Question 9

You are trying to provide a service in a particular region, but you do not see the service in that region. Why is this happening, and how do you fix it?

Answer 9

Not all Amazon AWS services are available in all regions. When Amazon initially launches a new service, it doesn’t get immediately published in all the regions. They start small and then slowly expand to other regions. So, if you don’t see a specific service in your region, chances are the service hasn’t been published in your region yet. However, if you want to get the service that is not available, you can switch to the nearest region that provides the services.

Question 10

How do you set up a system to monitor website metrics in real-time in AWS?

Answer 10

Amazon CloudWatch helps you to monitor the application status of various AWS services and custom events. It helps you to monitor:

State changes in Amazon EC2
Auto-scaling lifecycle events
Scheduled events
AWS API calls
Console sign-in events

Question 11

What are the different types of virtualization in AWS, and what are the differences between them?

Answer 11

The three major types of virtualization in AWS are:

Hardware Virtual Machine (HVM)
It is a fully virtualized hardware, where all the virtual machines act separate from each other. These virtual machines boot by executing a master boot record in the root block device of your image.
Paravirtualization (PV)
Paravirtualization-GRUB is the bootloader that boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
Paravirtualization on HVM
PV on HVM helps operating systems take advantage of storage and network I/O available through the host.

Question 12

Name some of the AWS services that are not region-specific

Answer 12

AWS services that are not region-specific are:

• IAM
• Route 53
• Web Application Firewall
• CloudFront

Question 13

What are the differences between NAT Gateways and NAT Instances?

Answer 13

NAT Gateway and NAT Instance are both used in Amazon Web Services (AWS) to allow instances in private subnets to communicate with the internet while still maintaining a secure network environment. However, they have some differences in terms of features, management, and performance:

NAT Gateway:

• Managed Service: NAT Gateway is a fully managed service provided by AWS. It is easy to set up and does not require much configuration or maintenance from the user.
• Performance: NAT Gateway offers higher performance compared to NAT Instance. It is designed to automatically scale as per demand and can handle higher levels of network traffic.
• Availability: NAT Gateway is highly available within an Availability Zone (AZ) and can be associated with multiple subnets in the same AZ for redundancy.
• Elastic IP: A NAT Gateway requires an Elastic IP (EIP) to be associated with it.

NAT Instance:
User-Managed: NAT Instance is a regular EC2 instance that you set up and configure as a NAT device. This means you need to manage its configuration, updates, and scaling manually.

Performance: NAT Instances may have limited performance based on the instance type chosen, and they may become a bottleneck for network traffic if not sized properly.

Availability: NAT Instances are less fault-tolerant as they are tied to a single EC2 instance. To ensure high availability, you need to set up multiple instances across different AZs and manage failover manually.
Elastic IP: Like NAT Gateway, a NAT Instance also requires an Elastic IP (EIP) to be associated with it.

In summary, NAT Gateway is a managed service with better performance and higher availability, while NAT Instance requires more manual configuration and management but may be a suitable choice in specific scenarios where more control is needed or for cost optimization. For most use cases, NAT Gateway is the recommended choice due to its ease of use, scalability, and high availability.

Question 14

What is CloudWatch?

Answer 14

The Amazon CloudWatch has the following features:

Depending on multiple metrics, it participates in triggering alarms.
Helps in monitoring the AWS environments like CPU utilization, EC2, Amazon RDS instances, Amazon SQS, S3, Load Balancer, SNS, etc.

Question 15

With specified private IP addresses, can an Amazon Elastic Compute Cloud (EC2) instance be launched? If so, which Amazon service makes it possible?

Answer 15

Yes. Utilizing VPC makes it possible (Virtual Private Cloud).

Question 16

Define Amazon EC2 regions and availability zones?

Answer 16

Availability zones are geographically separate locations. As a result, failure in one zone has no effect on EC2 instances in other zones. When it comes to regions, they may have one or more availability zones. This configuration also helps to reduce latency and costs.

Question 17

Explain Amazon EC2 root device volume?

Answer 17

The image that will be used to boot an EC2 instance is stored on the root device drive. This occurs when an Amazon AMI runs a new EC2 instance. And this root device volume is supported by EBS or an instance store. In general, the root device data on Amazon EBS is not affected by the lifespan of an EC2 instance.

Question 18

Mention the different types of instances in Amazon EC2 and explain its features.

Answer 18

1. General Purpose Instances: They are used to compute a range of workloads and aid in the allocation of processing, memory, and networking resources.
2. Compute Optimized Instances: These are ideal for compute-intensive applications. They can handle batch processing workloads, high-performance web servers, machine learning inference, and various other tasks.
3. Memory Optimized: They process workloads that handle massive datasets in memory and deliver them quickly.
4. Accelerated Computing: It aids in the execution of floating-point number calculations, data pattern matching, and graphics processing. These functions are carried out using hardware accelerators.
5. Storage Optimised: They handle tasks that require sequential read and write access to big data sets on local storage.

Question 19

Will your standby RDS be launched in the same availability zone as your primary?

Answer 19

No, standby instances are launched in different availability zones than the primary, resulting in physically separate infrastructures. This is because the entire purpose of standby instances is to prevent infrastructure failure. As a result, if the primary instance fails, the backup instance will assist in recovering all of the data.

Question 20

Will your standby RDS be launched in the same availability zone as your primary?

Answer 20

No, standby instances are launched in different availability zones than the primary, resulting in physically separate infrastructures. This is because the entire purpose of standby instances is to prevent infrastructure failure. As a result, if the primary instance fails, the backup instance will assist in recovering all of the data.

Question 21

How would you address a situation in which the relational database engine frequently collapses when traffic to your RDS instances increases, given that the RDS instance replica is not promoted as the master instance?

Answer 21

A larger RDS instance type is required for handling significant quantities of traffic, as well as producing manual or automated snapshots to recover data if the RDS instance fails.

Question 22

Define Snapshots in Amazon Lightsail?

Answer 22

The point-in-time backups of EC2 instances, block storage drives, and databases are known as snapshots. They can be produced manually or automatically at any moment. Your resources can always be restored using snapshots, even after they have been created. These resources will also perform the same tasks as the original ones from which the snapshots were made.

Question 23

On an EC2 instance, an application of yours is active. Once the CPU usage on your instance hits 80%, you must reduce the load on it. What strategy do you use to complete the task?

Answer 23

It can be accomplished by setting up an autoscaling group to deploy additional instances, when an EC2 instance’s CPU use surpasses 80% and by allocating traffic across instances via the creation of an application load balancer and the designation of EC2 instances as target instances.

Question 24

Your business prefers to use its email address and domain to send and receive compliance emails. What service do you recommend to implement it easily and budget-friendly?

Answer 24

This can be accomplished by using Amazon Simple Email Service (Amazon SES), a cloud-based email-sending service.

Question 25

What are Key-Pairs in AWS?

Answer 25

The Key-Pairs are password-protected login credentials for the Virtual Machines that are used to prove our identity while connecting the Amazon EC2 instances. The Key-Pairs are made up of a Private Key and a Public Key which lets us connect to the instances.

Question 26

How do you allow a user to gain access to a specific bucket?

Answer 26

You need to follow the four steps provided below to allow access. They are:

1. Categorize your instances
2. Define how authorized users can manage specific servers.
3. Lockdown your tags
4. Attach your policies to IAM users

Question 27

What Is Amazon Virtual Private Cloud (VPC) and Why Is It Used?

Answer 27

A VPC is the best way to connect to your cloud resources from your data center. Once you connect your data center to the VPC in which your instances are present, each instance is assigned a private IP address that can be accessed from your data center. That way, you can access your public cloud resources as if they were on your own private network.