Technical Interview 3 Flashcards
Containers vs VMs - what is each, which is better, when would you use one vs the other?
Containers are self contained environments that are running application code. Containers run on a docker engine which sits on a host operating system, where you can launch many containers side by side on . They are lightweight
A Virtual Machine includes a full copy of an operating system, the application, necessary binaries and libraries – taking up tens of GBs. VMs can also be slow to boot.
Containers would work well in a microservices environment where each container is capable of running its unique code to handle it’s required function, and you would be able to scale out the containers as needed at a more granular level.
VMs would work better for a larger singular application that may still be running on a monolithic design
That being said, we run ECS (docker images) on virtual machines EC2
DDoS attacks - what would you do during an attack?
Ideally we have AWS Shield advanced
Find out which services the attack is directed at
- API gateway
- Web server in public subnet
Try to determine the offending IPs and setup network ACLs to deny traffic for those unique IPs.
Depending on how the attack is coming through - ensure a Web Application Firewall with web ACLs is setup to minimize the effects using
- Rate based rule
AND
- Geo matching if the IPs are from a specific region
IP Address CIDR - examples
192.168.1.0/16
VPC - Allowed CIDR block size in a VPC is between what two netmasks?
/16 - 65,536
/28 - 16 IP address
/32 - 1 IP
How would you troubleshoot an issue with a Linux application? Walk through the steps, commands, etc?
Compute:
Top -c - for excessive compute
If something was using too much computer, I would check that process with ps -ef | grep, narrowing down the issue
Disk:
df -k - for disk space issues
If a disk space was out of space that the application write to, i’d change directories to and sort the files by ls -ltrk to see the newest written files, nothing stands out I would look up my find command I have saved to look for the 10 largest files. (find /path/to/search/ -type f -printf ‘%s %p\n’| sort -nr | head -10)
Network:
If the application is suppose to be listening on a specific port, i’d check netstat -anp | grep . If the port was listening but being used by another service, then find the service and restart it
Check ifconfig for network settings
Check iptables -L
Check spsmon, oen_query client, backlogs, database etc
How would you diagnosis a problem with a slow database application
I would check the DB resource by reviewing CloudWatch metrics for: CPU Utilization Read Latency Write Latency Freeable Memory
Performance insights:
DBLoad - The number of active sessions for the DB engine
DBLoadCPU - The number of active sessions where the wait event type is CPU
DBLoadNonCPU - The number of active sessions where the wait event type is not CPU.
Specifics about how we performed these things in Cerner: DM2 current sql, monwait, Automatic Workload Repository (AWR), Oracle Enterprise Manager (dashboard)
What is the function of a OLAP database?
Example: Redshift
Online Analytics Processing - Data Warehouse, used for complex queries and data analysis - Like Redshift and Amazon EMR.
Informed decision making
Consolidated data from many sources
Historical data analysis
Separation of analytics processing from transactional databases, which improves performance of both systems
What are ways to improve a system architecture?
Making it:
- highly available (has atleast 1 redundant resource)
- fault tolerant (has many redundant resource (multi az))
- high performing
- – (ensure traffic is routed in the most effective manner - route 53 geo location, latency)
- – scaling ec2 based on sqs queue depth to handle the load
- Secure
- – Encryption at rest and in transit
- – WAF
- – Security groups/network acls
What is Federation and what are different federation types?
Identity federation - is a system of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.
SAML 2.0 federation
Web identity federation (open id connect)
Service:
AWS Identity and Access Management
AWS Single Sign On
Amazon Cognito
What is database normalization?
Normalization is a database design technique to reduce data redundancy and improve data integrity. It’s purpose is to eliminate repetitive data and ensure data is stored logically.
Hardware vs Software in the context of storage
Storage hardware would be something akin to a physical disk where the data is stored
Storage Software would handle volume management and how data is stored to the physical disks. RAID software - redundant array of disks would handle how data is written to a collection of physical disks.
** What is Group Policy loopback processing?
This policy directs the system to apply the set of Group Policy Objects (GPOs) for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers where you must modify the user policy based on the computer that’s being used. For example, computers in public areas, in laboratories, and in classrooms.
Explain load balancing
Load balancing is the process of distributing networking or requests across multiple servers or resources with the goal of making the overall processing more efficient and/or redundant.
Elastic load balancer do this by way of distributing incoming traffic in a round robin, least outstanding request, as well as flow hash routing
Explain Highly available 3 tier architecture
It would be ensuring you have multiple Web servers, App Servers, and Database (with multi az). Along with shared storage that spans multiple AZ
**How you share session if you have application in two different regions?
You could connect your VPCs in different regions together using a VPC peering connection.
OR
If we are talking about storing a session state then I would used DynamoDB Global tables to save my session state information to it, so if I have a lost of connection in one region and another region needs to pick it up then the session state is available from the EC2s in the other region.
***How will you measure the latency and find out the performance lag?
Use Apache JMeter
I would use traceroute if its an option to check the speed between network hops
I would test my query or request at different levels of the tiers if possible.
Cloudwatch - metric/logs files
Presentation Tier
App Tier
DB Tier directly to see what type of response times I see
