FINAL

Question 1

How do you handle EC2 services,
particularly tasks like attaching volumes and
configuring security groups?

Answer 1

When handling EC2 services, I attach
volumes to instances to provide ADDITIONAL STORAGE as
needed. I also configure security groups to control
inbound and outbound traffic to instances, ensuring that
only authorized connections are allowed.

Question 2

What CI/CD processes have you
implemented using CodeDeploy, CodeCommit, and
CodePipeline?

Answer 2

I have implemented CI/CD pipelines using
CodeDeploy for automating application deployments,
CodeCommit for version control, and CodePipeline for
the release to production. This ensures fast and
reliable delivery of software updates while maintaining
consistency and quality.

Question 3

Can you describe your experience
with CloudFormation templates for setting up
cloud infrastructure?

Answer 3

I have developed CloudFormation
templates to DEFINE/PROVISION AWS resources in a
AUTOMATED manner. These templates capture architecture requirements and enable efficient
deployment and management of cloud infrastructure.

Question 4

How do you manage EC2 instances
using Systems Manager (SSM) and Ansible
configuration scripts?

Answer 4

With Systems Manager (SSM), I automate
tasks such as patch management, software installations,
and configuration management for EC2 instances. I utilize
Ansible configuration scripts to define infrastructure as
code (IaaS) enabling consistent provisioning and configuration
across environments.

Question 5

What role do Elastic Load
Balancers (ELB) play in maintaining application
availability, and how do you configure them for
different use cases?

Answer 5

Elastic Load Balancers distribute incoming
application traffic across multiple TARGETS, such as EC2
instances, to ensure HIGH AVAILABILITY and FAULT TOLERANCE . I
configure Application Load Balancers (ALB) for
HTTP/HTTPS traffic routing at the application layer and
Network Load Balancers (NLB) for TCP/UDP traffic at the
transport layer, based on specific application
requirements

Question 6

How do you utilize CloudWatch to
monitor resources and set up alarms for
automated actions?

Answer 6

I leverage CloudWatch to monitor metrics,
logs, and events for AWS resources, including EC2
instances, RDS databases, and S3 buckets. I configure
CloudWatch alarms to trigger automated actions, such as
scaling EC2 instances or sending notifications, based on
predefined thresholds or anomalies in resource
performance.

Question 7

What type of solution do you
normally give to the solution architect for 3 tiers?

Answer 7

For 3-tier solutions, I typically recommend
an architecture comprising presentation, application, and
data layers. This involves deploying front-end resources
like web servers or static website hosting, middle-tier
resources for business logic processing, and backend
resources such as databases for data storage.

Question 8

What type of help do you give to
the solution architect?

Answer 8

I assist solution architects by providing
insights into infrastructure design and implementation,
suggesting best practices for optimizing performance,
scalability, and security. Additionally, I collaborate on
architecture reviews, contribute to the development of
deployment strategies, and offer guidance on selecting
appropriate AWS services.

Question 9

How do you deploy solutions?

Answer 9

Solutions are deployed using a
combination of AWS services like CloudFormation for
infrastructure as code, Elastic Beanstalk for application
deployment, and CI/CD tools like CodeDeploy,
CodeCommit, and CodePipeline for automated software
delivery. By leveraging these tools, we ensure consistent
and reliable deployment processes.

Question 10

Can we deploy multiple databases
on a single RDS instance?

Answer 10

Yes, multiple databases can be deployed
on a single RDS (Relational Database Service) instance.
RDS allows for the creation of multiple databases within a
single instance, enabling efficient resource utilization and
cost optimization.

Question 11

Can you explain API Gateway?

Answer 11

API Gateway is a fully managed service in
AWS that enables developers to create, publish, maintain,
monitor, and secure APIs at any scale. It acts as a FRONT DOOR for applications to access data, business logic, or
functionality from BACKEND SERVICES, allowing for
seamless integration and management of APIs.

Question 12

Can you explain Cognito service?

Answer 12

Cognito service is an IDENTITY PROVIDER
offered by AWS for web and mobile applications. It allows
developers to easily add user sign-up, sign-in, and access
control capabilities to their applications, handling user
authentication, authorization, and user management
tasks securely.

Question 13

Can you explain RDS service?

Answer 13

RDS (Relational Database Service) is a
managed database SERVICE provided by AWS that
simplifies the SETUP, OPERATION, and SCALING of relational
databases in the cloud. It supports various database
engines such as MySQL, PostgreSQL, Oracle, SQL Server,
and Amazon Aurora, offering features like automated
backups, high availability, and security enhancements.

Question 14

How does RDS work behind the
scenes?

Answer 14

Behind the scenes, RDS deploys and
manages database instances on virtualized infrastructure
within the AWS cloud. It provisions the necessary
compute, storage, and networking resources based on
the selected database engine and instance type, while
also handling ROUTINE MATENANCE tasks like backups,
patching, and monitoring.

Question 15

Can you explain the concept of
EC2 instance types?

Answer 15

EC2 (Elastic Compute Cloud) instance
types DEFINE the virtual HARDWARE CONFIGURATION available
for deploying virtual servers in the AWS cloud. Each
instance type is optimized for specific use cases and
workloads, offering varying combinations of CPU,
memory, storage, and networking capabilities. Examples
include general-purpose (e.g., t2, t3), compute-optimized
(e.g., c5), memory-optimized (e.g., r5), and storage-
optimized (e.g., i3) instance types.

Question 16

So there is a service in Amazon
named Beanstalk. So what do you think it’s a SaaS,
PaaS, or Infrastructure as a Service? What type of
service is this?

Answer 16

Beanstalk is a Platform as a Service (PaaS)
offering by Amazon.

Question 17

Amazon has some key services.
Can you name some of the services, like what you
think are core services?

Answer 17

Core Amazon services include S3 for
storage, EC2 for computing, DynamoDB for databases,
VPC for networking, CloudWatch for monitoring, Systems
Manager, CodeCommit, CodePipeline, and
CloudFormation for configuration management

Question 18

Can you explain S3 service?

Answer 18

S3 (Simple Storage Service) is a storage
service provided by AWS, primarily used for object
storage. It allows users to store and retrieve data from
anywhere on the web.

Question 19

Can you explain what is AMI
(Amazon Machine Image)?

Answer 19

AMI is a TEMPLATE used to create EC2
instances. It includes an operating system, storage, and
possibly additional software and configurations.

Question 20

What relationship exists between
an instance and an AMI?

Answer 20

An instance is a running virtual machine
CREATED FROM an AMI. The AMI serves as a template for
creating instances.

Question 21

How do you vertically scale an EC2
instance?

Answer 21

Vertically scaling an EC2 instance involves
UPGRADING RESOURCES, such as increasing memory or
CPU capacity

Question 22

Are you familiar with instance
types? How many instance types do we have?

Answer 22

Instance types define the virtual hardware
configurations available for EC2 instances. There are
various instance types optimized for different use cases.

Question 23

In a VPC, we have private and
public subnets. If we need to launch a database
server, where should we ideally launch it?

Answer 23

It’s recommended to launch a database
server in the private subnet of a VPC for better security.

Question 24

What is the role of IAM (Identity
and Access Management) service?

Answer 24

IAM is used to manage access to AWS
services and resources SECURLY. It enables the creation
of users, groups, roles, and policies to control
permissions.

Question 25

What permission is needed on a
private key when SSH-ing to an EC2 instance?

Answer 25

Proper permissions are required on the
private key locally on the machine attempting to SSH to
the EC2 instance, typically restricted to read/write for the owner only

Question 26

If you had to migrate a large
dataset (20 TB) to AWS, which service could help
with this task?

Answer 26

AWS offers a service where a physical
storage device is shipped to the customer for data
upload, known as AWS Snowball.

Question 27

Can you establish a peering
connection to a VPC in a different region?

Answer 27

No, peering connections are limited to
VPCs within the same region.

Question 28

What is the difference between
an RDS instance and an RDS server?

Answer 28

There is no difference; both terms refer to
an instance of the RDS (Relational Database Service)
provided by AWS.

Question 29

How many types of load
balancers do we have in AWS?

Answer 29

There are three types of load balancers:
Classic Load Balancer, Network Load Balancer, and
Application Load Balancer.

Question 30

Can you provide a use case
scenario for Network Load Balancer?

Answer 30

Network Load Balancers are suitable for
applications that require high throughput and low
latency, such as SSH connections or TCP traffic.

Question 31

How can you automate the
patching process of EC2 instances

Answer 31

The patching process can be automated
using services like Systems Manager or tools like Ansible
playbooks.

Question 32

Besides Systems Manager, what
other services can help with patching?

Answer 32

Other services like CloudFormation or
Lambda functions can also be used for patching
automation.

Question 33

How does AWS Lambda help in
automating operational tasks?

Answer 33

AWS Lambda allows users to run code
WITHOUT provisioning or managing SERVERS, enabling
automation of operational tasks triggered by events or
scheduled times.

Question 34

If data in an S3 bucket is
encrypted and the encryption key is lost, can the
data be recovered?

Answer 34

Data recovery without the encryption key
is typically not possible for encrypted data in S3.

Question 35

How do you troubleshoot
performance issues with EC2 instances?

Answer 35

Troubleshooting performance issues with
EC2 instances involves ANALYZING METRICS/LOGS, and
RESOURCE UTILIZATION to identify bottlenecks and potential
causes of slowness.

Question 36

How many security credentials are in the IAM
service?

Answer 36

In the AWS IAM (Identity and Access Management)
service, there are primarily three types of security
credentials that can be used to authenticate and
authorize access to AWS resources:
1. IAM User Credentials: These are access keys
(access key ID and secret access key) that are generated
for IAM users within an AWS account. Access keys are
used to make programmatic requests to AWS services
AWS Technical Questions:
through APIs, SDKs, CLI (Command Line Interface), or
AWS Management Console. IAM users can also have
passwords for console access.
2. IAM Role Credentials: IAM roles define a set of
permissions that determine what actions can be
performed on AWS resources. IAM roles do not have
permanent security credentials like access keys. Instead,
temporary security credentials are obtained dynamically
when a role is assumed by a trusted entity, such as an
IAM user or an AWS service. These temporary credentials
consist of an access key ID, a secret access key, and a
session token.
3. Temporary Security Tokens: Temporary
security tokens are obtained when federated users
authenticate with an external identity provider (IdP) and
assume an IAM role in the AWS account. These tokens are
provided by the AWS Security Token Service (STS) and
include an access key ID, a secret access key, a session
token, and optional expiration time. Federated users
typically receive these tokens as part of the
authentication process and use them to access AWS
resources within the permissions granted by the IAM role.

Question 37

What are federated users in AWS IAM?

Answer 37

Federated users in AWS IAM are TEMPORARY user who
utilize their EXISTING credentials from EXTERNAL services
like Facebook or Google to access AWS instead of

creating separate accounts. For example, instead of
making a new AWS username and password, users can
log in using their Facebook or Google details. This
simplifies access and avoids the need for extra
passwords

Question 38

what is Gateway in AWS?

Answer 38

In AWS, a gateway is a networking component that acts
as an ENTRY or EXIT point for TRAFFIC between DIFFERENT networks or between a network AND the internet. There
are several types of gateways in AWS, each serving
different purposes:1. Internet Gateway (IGW): A gateway that connects a
VPC to the internet, allowing instances within the VPC to
communicate with resources outside the VPC and vice
versa.

2. Virtual Private Gateway (VGW): A gateway that
   connects a VPC to a VPN or Direct Connect connection,
   enabling secure communication between the VPC and an
   on-premises network.
3. Transit Gateway: A gateway that simplifies network
   connectivity by allowing multiple VPCs and on-premises
   networks to connect to a central hub, enabling efficient
   routing between them.
4. API Gateway: A fully managed service that enables
   developers to create, publish, maintain, monitor, and
   secure APIs at any scale, providing a secure and scalable
   entry point for applications to access backend services
   and resources.
   These gateways play crucial roles in enabling
   connectivity, security, and communication within and outside AWS enviornments.

Question 39

AWS CDN service?

Answer 39

The AWS CDN service, known as Amazon CloudFront, is a
content delivery network (CDN) provided by Amazon Web
Services (AWS). It delivers data, videos, applications, and
APIs to customers globally with low latency, high transfer
speeds, and a high level of security. CloudFront works by
caching content in EDGE LOCATION strategically located
around the world, reducing the distance data must travel
and IMPROVING USER EXPERIENCE. It also provides
features such as dynamic content delivery, real-time
analytics, and integration with other AWS services for
enhanced functionality.