part3 Flashcards

1
Q

when using terraform to create RDS how should you save the DB username and password ?

A

To securely save the database (DB) username and password for an Amazon RDS instance, you should avoid hardcoding them in your application or configuration files.
we can integrate the application with
- AWS secrets manager
- Environment variables
- harshicorp vault

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what kind of DB have you used or supported ?

A
  • relational ie mysql for a LAMP stack application
  • NoSql (json format) ie mongo DB, Dynamo DB
  • key-value DB ie ETCD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

your security team has insisted that certain packages have to be present on all the instances for a defense project, how will you come up with a solution to ensure these packages are present in all EC2 instances ?

A
  • Create a custom Amazon Machine Image (AMI) with the required packages preinstalled.
    Ensure all new EC2 instances are launched using this AMI using HashiCorp packer
  • Use tools like Ansible, Chef, or Puppet to define and enforce the required package state on all EC2 instances.
    Create a playbook or recipe that installs the necessary packages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

why do we have 3 types of IAM policy types ?

A
  • managed: managed by AWS
  • customer managed: custom made IAM policies using terraform or other wise
  • inline policy: policy is deleted if user or group it is attached to is deleted.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

which build tool are you aware of and how have you used it in your previous role ?

A

i have worked in multiple projects and my developers tend to use java or node js in which case they use
- maven for java
- npm for nodejs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is ingress and egress? what are these terms mostly associated with ?

A

ingress is incoming traffic egress is outgoing traffic. they are mostly associated with security groups, vpc and subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is the difference between docker image and docker layers ?

A
  • A Docker image is a lightweight, standalone, and executable package that contains everything needed to run a piece of software
  • A Docker layer is an individual change or modification to the base filesystem. Each command in a Dockerfile (like RUN, COPY, or ADD) creates a new layer in the Docker image.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is a bastion host or gateway server and what role do they play ?

A

a bastion host is used to manage access to a private network from an external network. it can be called a gateway server or jump server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

auto scaling group for a project is having issues with getting new nodes, it is using complete spot instances what could be the issue ?

A
  • Issue: Your AWS account may have hit its EC2 Spot Instance quota limit
  • The ASG might be misconfigured. Examples include:
    Specified instance types that aren’t available in your chosen region.
  • The ASG may be limited to a specific Availability Zone that lacks Spot capacity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a pod is trying to access a volume but there is an error, what could be the error?

A
  • The Persistent Volume Claim (PVC) is not bound to a Persistent Volume (PV).
  • The volume is already mounted by another pod, and the access mode does not support multiple mounts (e.g., ReadWriteOnce).
  • Check the volume’s NodeAffinity and ensure the pod is scheduled to a compatible node
How well did you know this?
1
Not at all
2
3
4
5
Perfectly