Cloud Stuff - Sheet1

Question 1

What are the different storage classes available in S3 and when would you use each one?

Answer 1

The different storage classes in S3 are Standard, Intelligent-Tiering, Standard-IA (Infrequent Access), One Zone-IA, Glacier, and Glacier Deep Archive.

Question 2

How can you control access to objects stored in S3?

Answer 2

Access to objects stored in S3 can be controlled through bucket policies, access control lists (ACLs), and IAM (Identity and Access Management) policies. You can grant or deny permissions to users, groups, or AWS services based on specific criteria.

Question 3

What are the benefits of using CloudFront for content delivery?

Answer 3

CloudFront improves website performance by reducing latency, increasing data transfer speeds, and offloading traffic from the origin server. It also provides enhanced security through features like DDoS protection and HTTPS support.

Question 4

How does CloudFront help improve website performance?

Answer 4

CloudFront improves website performance by caching content at edge locations. When a user requests content, CloudFront serves it from the nearest edge location rather than the origin server, reducing the time it takes to load the content.

Question 5

What are the key components of CloudFront?

Answer 5

Distribution, origin, edge locations, cache behavior

Question 6

How do you invalidate objects in CloudFront?

Answer 6

You can invalidate objects in CloudFront to remove them from cache before they expire. This can be done through the AWS Management Console, AWS CLI, or CloudFront API.

Question 7

What is Route53 and what are its main functions?

Answer 7

Route53 is a scalable DNS (Domain Name System) web service provided by AWS. Its main functions include domain registration, DNS routing, health checking, and traffic management.

Question 8

How do you create a new domain in Route53?

Answer 8

You can create a new domain in Route53 by logging into the AWS Management Console, navigating to Route53, selecting “Hosted zones”, and then clicking “Create Hosted Zone”. Enter the domain name and configure the required settings.

Question 9

What is the difference between Route53’s Alias and CNAME records?

Answer 9

Alias records are used to map your domain name to AWS resources, like ELB, CloudFront distributions, or S3 buckets. They work like a CNAME record but provide additional functionality. CNAME records are used to map your domain name to another domain name.

Question 10

How does Route53 handle DNS failover?

Answer 10

Route53 can monitor the health of your resources and automatically route traffic away from unhealthy resources to healthy ones. This is achieved using health checks, which periodically evaluate the health of your endpoints.

Question 11

Can Route53 be used for routing traffic to resources outside of AWS?

Answer 11

Yes, Route53 can be used to route traffic to resources outside of AWS. You can create records that point to non-AWS resources by specifying their IP addresses or domain names.

Question 12

What is AWS Certificate Manager (ACM) and what is it used for?

Answer 12

AWS Certificate Manager is a service that manages SSL/TLS certificates for use with AWS services. It simplifies the process of provisioning, managing, and deploying public and private SSL/TLS certificates.

Question 13

How do you request and manage SSL/TLS certificates with ACM?

Answer 13

You can request SSL/TLS certificates in ACM by navigating to the ACM console, clicking “Request a certificate”, and following the wizard to verify domain ownership. Once issued, you can manage certificates by renewing, deleting, or modifying them.

Question 14

What types of SSL/TLS certificates does ACM support?

Answer 14

ACM supports both public and private SSL/TLS certificates. Public certificates can be used with external-facing websites and services, while private certificates are used for internal communications within an organization.

Question 15

Can ACM certificates be used outside of AWS services like CloudFront and Elastic Load Balancing?

Answer 15

No, ACM certificates can only be used with AWS services that are integrated with ACM, such as CloudFront, ELB, API Gateway, and Elastic Beanstalk.

Question 16

What is API Gateway and what are its main features?

Answer 16

API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Its main features include API creation, management, versioning, monitoring, and security.

Question 17

How do you create an API in API Gateway?

Answer 17

To create an API in API Gateway, you can use the API Gateway console or API Gateway REST API. You define the API’s resources, methods, request/response models, and integration points with backend services.

Question 18

What is the purpose of API Gateway stages?

Answer 18

API Gateway stages are used to manage different versions or environments of your API (e.g., development, testing, production). Each stage has its own configuration and can be associated with different backend endpoints.

Question 19

How does API Gateway handle authentication and authorization?

Answer 19

API Gateway supports various methods for authentication and authorization, including IAM (Identity and Access Management), Lambda authorizers, Cognito user pools, and custom authorizers. These methods allow you to control access to your APIs based on user identity and permissions.

Question 20

Can API Gateway integrate with Lambda functions?

Answer 20

Yes, API Gateway can integrate directly with Lambda functions. This allows you to create serverless APIs where each endpoint is backed by a Lambda function. API Gateway automatically handles the invocation of the Lambda function based on incoming requests.

Question 21

What is AWS Lambda and what is it used for?

Answer 21

AWS Lambda is a serverless computing service that allows you to run code without provisioning or managing servers. It’s used for executing code in response to events, such as HTTP requests, changes in data, or triggers from other AWS services.

Question 22

How do you create a Lambda function?

Answer 22

You create a Lambda function by writing your code in the supported programming languages (e.g., Python, Node.js, Java), configuring the function’s triggers and permissions, and uploading the code to Lambda using the AWS Management Console, CLI, or SDK.

Question 23

What are the event sources for Lambda functions?

Answer 23

Event sources for Lambda functions include AWS services like S3, DynamoDB, SNS, SQS, API Gateway, and CloudWatch Events. You can also use custom events and triggers.

Question 24

How does Lambda pricing work?

Answer 24

Lambda pricing is based on the number of requests and the compute time consumed by your functions. You pay only for the compute time you use, rounded up to the nearest 100 milliseconds. There is also a free tier available.

Question 25

What is the maximum execution time for a Lambda function?

Answer 25

15 minutes

Question 26

What is DynamoDB and how does it differ from traditional relational databases?

Answer 26

DynamoDB is a fully managed NoSQL database service provided by AWS. It differs from traditional relational databases in that it is schema-less, horizontally scalable, and designed for high performance and scalability at any scale.

Question 27

What are the key features of DynamoDB?

Answer 27

Key features of DynamoDB include single-digit millisecond latency, automatic scaling, built-in security, backup and restore capabilities, and support for JSON and document data models.

Question 28

How does DynamoDB achieve scalability and high availability?

Answer 28

DynamoDB achieves scalability and high availability through partitioning and replication. Data is automatically partitioned across multiple servers to handle large workloads, and replicas are maintained across multiple Availability Zones for fault tolerance.

Question 29

What is the difference between provisioned and on-demand capacity modes in DynamoDB?

Answer 29

In provisioned capacity mode, you specify the read and write capacity units (RCUs and WCUs) for your tables in advance, and DynamoDB automatically scales to accommodate your workload. In on-demand mode, DynamoDB automatically scales capacity based on the workload, and you pay per request.

Question 30

How do you query data in DynamoDB?

Answer 30

You can query data in DynamoDB using the Query operation for items with the same partition key, or the Scan operation for filtering based on non-key attributes. You can also use global secondary indexes (GSIs) for querying data with different access patterns.

Question 31

What is Kubernetes and what is its role in container orchestration?

Answer 31

Kubernetes is an open-source container orchestration platform used for automating deployment, scaling, and management of containerized applications.

Question 32

How does Kubernetes manage containerized applications?

Answer 32

Kubernetes manages containerized applications by scheduling containers onto clusters of servers, maintaining desired state, scaling applications, and handling failovers and updates.

Question 33

What is the difference between a StatefulSet and a Deployment?

Answer 33

A Deployment manages stateless applications, whereas a StatefulSet manages stateful applications by providing stable, unique identifiers for each Pod.

Question 34

How does Kubernetes handle scaling and load balancing?

Answer 34

Kubernetes automatically scales applications by adjusting the number of Pods based on resource utilization and defined metrics. It performs load balancing by distributing traffic across Pods within a Service.

Question 35

How do you create a new Kubernetes cluster in Google Kubernetes Engine (GKE)?

Answer 35

You can create a new Kubernetes cluster in GKE using the Google Cloud Console or the gcloud command-line tool by specifying cluster configurations such as machine type, number of nodes, and version.

Question 36

What are Kubernetes namespaces and why are they used?

Answer 36

Kubernetes namespaces provide a way to organize and isolate resources within a cluster. They are used to divide cluster resources between multiple users, teams, or applications.

Question 37

What is a Kubernetes Deployment and how do you create one?

Answer 37

A Kubernetes Deployment manages a set of identical Pods, ensuring they are running and handling updates and rollbacks. You can create a Deployment by defining a YAML manifest with specifications for the Pod template and desired replicas.

Question 38

How do you expose a Kubernetes service externally?

Answer 38

You can expose a Kubernetes service externally by creating a Service of type LoadBalancer or NodePort, which will assign an external IP address to the Service to allow access from outside the cluster.

Question 39

How does Kubernetes handle rolling updates and rollbacks?

Answer 39

Kubernetes handles rolling updates by gradually updating Pods in a Deployment, ensuring zero downtime. Rollbacks are achieved by reverting to a previous version of the Deployment configuration, which triggers a new rolling update.

Question 40

What is Google Cloud Shell and how is it used?

Answer 40

Google Cloud Shell is a browser-based command-line interface provided by Google Cloud Platform. It provides access to a Linux shell with preinstalled tools and resources for managing GCP services.

Question 41

How do you access Cloud Shell?

Answer 41

Cloud Shell can be accessed directly from the Google Cloud Console by clicking on the Cloud Shell icon in the top right corner.

Question 42

What are some common use cases for Cloud Shell?

Answer 42

Common use cases for Cloud Shell include managing GCP resources, running scripts, interacting with APIs, and performing development tasks.

Question 43

Can you install additional software in Cloud Shell?

Answer 43

Yes, you can install additional software in Cloud Shell using package managers like apt-get or by downloading and compiling from source. However, changes made to the environment are temporary and will be lost when the session ends.

Question 44

How does Cloud Shell handle persistent storage?

Answer 44

Cloud Shell provides a home directory (/home) with 5GB of persistent storage per user. Files stored in this directory persist across sessions and are accessible from any Cloud Shell instance.