Technical Interview 4 Flashcards
**Scenario where latency is an issue for a web server and what things you would consider? (Expect a bunch of follow-up questions based on your answers)
** TRIAGE **
I would first try to see exactly what the client is describing as slow - I need to know what they are seeing and exactly what they are experiencing.
I’d want to know if this is intermittently occurring or can be recreated every time.
After seeing the type of slowness, the speed in which the web page responds, which web pages appear to respond slowly - i’d develop a strategy to narrow down the moving parts for that piece.
Is the webserver hosting content static or dynamic content that could utilize CDN/CloudFront - Edge Locations?
Are we seeing delay/latency on the user side because they are not being routed to the nearest region that we are hosting? We could setup latency based routing from route 53 to start with to ensure users are decreasing latency there.
***How can you increase the performance of the database?
At the software level: Optimize queries, improve indexes
Relational DB: (vertically) Increase Database instance type/size - Increase memory, cpu, and storage (if you’re wanting to increase the number of IOPS) - or switch storage type from general purpose to provisioned iops. (Horizontally) Possibly sharding
NoSQL: By scaling horizontally to allow more instances of the database and/or vertically to add more resources to the individual machines.
What do you understand by hardening and how you do it?
Hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack to take place on it.
For an operating system it may be:
- ensure unnecessary services are disabled/removed
- closing unneeded network ports
- setting up firewalls or intrusion detection
Code hardening consists of preventing security holes in the code of an application so that even if the application could be reversed, no flaws could be exploited
How will secure your three tier application (5)?
Protection from attacks:- AWS Shield - AWS WAF
Encryption in transit: TLS (certificates) from user to ELB
Encryption at rest: Encryption for storage, volumes, snapshots, AMIs, databases
Separating VPC into Public/Private subnets - Security groups, and Networks ACLs
Using IAM to lock down permissions - Least privileged access
Where would you recommend no SQL database?
Example: DynamoDB
- When you don’t care about relationships between the data
- Data is not well structured/unpredictable (flexibility)
- Need to be able to scale out quickly - horizontally
- Need to handle a large amount of data with and you don’t need it to be 100% accurate (Eventual Consistency over strong consistency) (Online games, social media, etc)
How can you scale a web application
If it’s running on an EC2- and only for the web app tier
Vertically: Increase instance type
Horizontally:
- Put the Web app servers into an EC2 Auto Scaling group across multiple AZs
- Then attach an application load balancer to the EC2 Auto Scaling group to handle incoming traffic for the target group
Generally speaking - by increasing the number of resources available to support additional requests
What is caching? what are ways of increasing caching?
Storing commonly accessed temporary files or request responses in - in a medium or area that allows for fast retrieval.
- Increasing the cache size
- Increasing the time to live in cache
Regarding CloudFront:
- adding additional distributions,
- or add files to s3 buckets(origin) that you want served up by the distribution
- increasing the Cache-Control “max-age” for the distribution
How does NAT works and what the use cases for NAT
Network Address Translation (NAT) is a process that enables one, unique IP address to represent an entire group of computers
Network address translation permits a single device, such as a NAT firewall or NAT router or other network address translation device, to act as an agent between the public network and private networks—the internet and any local networks. This allows an entire group of devices to be represented by a single unique IP address when they do anything outside their network.
Outbound-
Private IP calls to the NAT service, it then forwards the request using the NAT’d IP, responses come back on this IP and are routed back to the private IP. External systems aren’t given the internal private IP
It keeps your internal network addresses from overlapping with external IP addresses. You can use any values within the cidr block without having to be concerned with the IP address that is going to be public facing as the NAT device will handle keeping track of private address that make requests out, and where the responses from external system will be returned to.
Public Subnet versus Private Subnet?
Public Subnet is a grouping of IP’s that are setup with a route table that allows them to access the internet or be accessed by the internet through an internet gateway
Private Subnets are groups of IP’s that are internal only and do not need to access the internet (route table doesn’t have a route to an internet gateway). Or if they do need access to the internet they can use a NAT gateway in a public subnet, but these gateways do not accept traffic which initiated from the internet.
How to explain discuss cloud to c level executive.
Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing.
It’s access to computing power, storage, and databases on an as-needed basis, without having to buy, own, or maintain your own physical data centers. It drops the upfront cost of building datacenter or purchasing servers (Capitalized expenditure) and It’ll lower operating expenditures which are those running costs of keeping a data center going.
what is the difference between Http and https
HTTP uses port 80 and is for unsecure regular web traffic
HTTPS uses port 443 along with TLS to allow for secure and encrypted communication for your web traffic
What is a DDOS attack
Distributed Denial of Service attack - It’s often a coordinated attack performed on a website from a single machine or sometimes many machines with the intent of overwhelming the resources on the servers hosting the website to take them down or stop the website from working.
***Describe Cloud Computing architecture.
Well Architected Framework
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Sustainability
Network Services (Route 53, VPC) Compute Services (ec2, lambda) App Integration Services (SQS, SNS) Storage Services (S3, EFS, EBS) Database Services (RDS, DynamoDB) Analytics Services (EMR,
What’s a Docker container?
A Docker container is a running instance of a Docker container image
A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application:
- code
- runtime
- system tools
- system libraries
- settings.
What is JMeter?
Apache JMeter is an Apache project that can be used as a load testing tool for analyzing and measuring the performance of a variety of services, with a focus on web applications.
