AWS:

1. How to increase the root volume size of your ec2 instance.

2. How to increase the root volume of your ec2 instance without changing instance ip address

3. How to scale instances timings base using autoscaling

4. How to configure ELB in AWS

5. What is sticky session ELB in AWS

6. How will you configure sticky session

7. How to upload SSL certificates in ELB

8. What is cross balancing in ELB

9. How to delete the one year old files in s3 bucket in AWS

10. what is Classic ELB

11. What is Application ELB

12. What is the difference between classic and Application ELB

13. How to redirect the https in ELB

14. How to deploy or copy the application on autoscaling

15. What life cycle in S3

16. Have worked on spot instances

17. What is cloud formation

18. What is CloudFront

19. What is public subnet and private subnet in aws

20. what are the challenges you faced while migrating servers from physical to cloud

21. What is RDS in aws and how will you launch RDS in instance in AWS and how will you connect it.

22. Difference between private cloud and public cloud

23. What is EC2, S3, ELB, Autoscaling, Cloudforamtion, CloudFront.

24. I want to stop 24 hours mysql database instance how you will stop it.

25. how to configure ELB health checks

26. what is the difference between AMI and Snapshot

27. I want to configure ELB with one instance does it work

28. which mysql versions are available in RDS

29. what is VPC in AWS and what is the use of VPC and how will you create public, private subnets and NAT instances and gateways

30. What are the terminologies available in route53

31. IAM policies

32. what is the mechanism of ELB

33. what is the mechanism of Autoscaling group

34. How will you provide ec2 instance key to users are you using any protocall for this

Q1: List the components required to build Amazon VPC?

Ans: Subnet, Internet Gateway, NAT Gateway, HW VPN Connection, Virtual Private Gateway, Customer Gateway, Router, Peering Connection, VPC Endpoint for S3, Egress-only Internet Gateway.

Q2: How do you safeguard your EC2 instances running in a VPC?

Ans: Security Groups can be used to protect your EC2 instances in a VPC. We can configure both INBOUND and OUTBOUND traffic in a Security Group which enables secured access to your EC2 instances. Security Group automatically denies any unauthorized access to your EC2 instances.

Q3: In a VPC how many EC2 instances can you use?

Ans: Initially you are limited to launch 20 EC2 Instances at one time. Maximum VPC size is 65,536 instances.

Q4: Can you establish a peering connection to a VPC in a different REGION?

Ans: Not possible. Peering Connection are available only between VPC in the same region.

Q5: Can you connect your VPC with a VPC owned by another AWS account?

Ans: Yes, Possible. Provided the owner of other VPCs accepts your connection.

Q6: What are all the different connectivity options available for your VPC?

Ans: Internet Gateway, Virtual Private Gateway, NAT, EndPoints, Peering Connections.

Q7: Can a EC2 instance inside your VPC connect with the EC2 instance belonging to other VPCs?

Ans: Yes, Possible. Provided an Internet Gateway is configured in such a way that traffic bounded for EC2 instances running in other VPCs.

Q8: How can you monitor network traffic in your VPC?

Ans: It is possible using Amazon VPC Flow-Logs feature.

Q9: Difference between Security Groups and ACLs in a VPC?

Ans: A Security Group defines which traffic is allowed TO or FROM EC2 instance. Whereas ACL, controls at the SUBNET level, scrutinize the traffic TO or FROM a Subnet.

Q10: Hon an EC2 instance in a VPC establish the connection with the internet?

Ans: Using either a Public IP or an Elastic IP.

Q11: Different types of Cloud Computing as per services?

Ans: PAAS (Platform As A Service), IAAS (Infrastructure As A Service), SAAS (Software As A Service)

Q12: What is Auto Scaling?

Ans: Creating duplicate instances during heavy business hours. Scale-IN and Scale-OUT are two different statues of Scaling. Scale-IN: Reducing the instances. Scale-OUT: Increasing the instances by duplicating.

Q13: What is AMI?

Ans: AMI is defined as Amazon Machine Image. Basically it’s a template comprising software configuration part. For example, Operating System, DB Server, Application Server, etc.,

Q14: Difference between Stopping and Terminating the Instances?

Ans: When you STOP an instance it is a normal shutdown. The corresponding EBS volume attached to that instance remains attached and you can restart the instance later. When you TERMINATE an instance it gets deleted and you cannot restart that instance again later. And any EBS volume attached with that instance also deleted.

Q15: When you launch a standby Relational Database Service instance will it be available in the same Available Zone?

Ans: Not advisable. Because the purpose of having standby RDS instance is to avoid an infrastructure failure. So you have to keep your standby RDS service in a different Availability Zone, which may have different infrastructure.

Q16: Difference between Amazon RDS, DynamoDB and Redshift?

Ans: RDS is meant for structured data only. DynamoDB is meant for unstructured data which is a NoSQL service. Redshift is a data warehouse product used for data analysis.

Q17: What are Lifecycle Hooks?

Ans: Lifecycle Hooks are used in Auto Scaling. Lifecycle hooks enable you to perform custom actions by pausing instances as an Auto Scaling group launches or terminates them. Each Auto Scaling group can have multiple lifecycle hooks.

Q18: What is S3?

Ans: S3 stands for Simple Storage Service, with a simple web service interface to store and retrieve any amount of data from anywhere on the web.

Q19: What is AWS Lambada?

Ans: Lambda is an event-driven platform. It is a compute service that runs code in response to events and automatically manages the compute resources required by that code.

Q20: In S3 how many buckets can be created?

Ans: By default 100 buckets can be created in a region.

Q21: What is CloudFront?

Ans: Amazon CloudFront is a service that speeds up transfer of your static and dynamic web content such as HTML files, IMAGE files., etc., CloudFront delivers your particulars thru worldwide data centers named Edge Locations.

Q22: Brief about S3 service in AWS?

Ans: S3, a Simple Storage Service from Amazon. You can move your files TO and FROM S3. Its like a FTP storage. You can keep your SNAPSHOTS in S3. You can also ENCRYPT your sensitive data in S3.

Q23: Explain Regions and Available Zones in EC2?

Ans: Amazon has hosted EC2 in various locations around the world. These locations are called REGIONS. For example in Asia, Mumbai is one region and Singapore is another region. Each region is composed of isolated locations which are known as AVAILABLE ZONES. Region is independent. But the Available Zones are linked thru low-latency links.

Q24: What are the two types of Load Balancer?

Ans: Classic LB and Application LB. ALB is the Content Based Routing.

Q25: Can a AMI be shared?

Ans: Yes. A developer can create an AMI and share it with other developers for their use. A shared AMI is packed with the components you need and you can customize the same as per your needs. As you are not an owner of a shared AMI there is a risk always involved.

Q26: What is a Hypervisor?

Ans: A Hypervisor is a kind of software that enables Virtualization. It combines physical hardware resources into a platform which is delivered virtually to one or more users. XEN is the Hypervisor for EC2.

Q27: Key Pair and its uses?

Ans: You use Key Pair to login to your Instance in a secured way. You can create a key pair using EC2 console. When your instances are spread across regions you need to create key pair in each region.

Q28: What is the feature of ClassicLink?

Ans: ClassicLink allows instances in EC2 classic platform to communicate with instances in VPC using Private IP address. EC2 classic platform instances cannot not be linked to more than one VPC at a time.

Q29: Can you edit a Route Table in VPC?

Ans: Yes. You can always modify route rules to specify which subnets are routed to the Internet gateway, the virtual private gateway, or other instances.

Q30: How many Elastic IPs can you create?

Ans: 5 VPC Elastic IP addresses per AWS account per region

Q31: Can you ping the router or default gateway that connects your subnets?

Ans: NO, you cannot. It is not supported. However you can ping EC2 instances within a VPC, provided your firewall, Security Groups and network ACLs allows such traffic.

Q32: How will you monitor the network traffic in a VPC?

Ans: Using Amazon VPC Flow Logs feature.

Q33: Can you make a VPC available in multiple Available Zones?

Ans: Yes.

Q34: How do you ensure an EC2 instance is launched in a particular Available Zone?

Ans: After selecting your AMI Template and Instance Type, in the third step while configuring the instance you must select the SUBNET in which you wish to launch your instance. It will be launched in the AZ associated with that SUBNET.

Q35: For Internet Gateways do you find any Bandwidth constraints?

Ans: NO. Normally an IG is HORIZONTALLY SCALLED, Redundant and Highly Available. It is not having nay Bandwidth constraints usually.

Q36: What is the significance of a Default VPC?

Ans: When you launch your instances in a Default VPC in a Region, you would be getting the benefit of advanced Network Functionalities. You can also make use of Security Groups, multiple IP addresses, and multiple Network interfaces.

Q37: Can you make use of default EBS Snapshots?

Ans: You can use, provided if it is located in the same region where your VPC is presented.

Q38: What will happen when you delete a PEERING CONNECTION in your side?

Ans: The PEERING CONNECTION available in the other side would also get terminated. There will no more traffic flow.

Q39: Can you establish a Peering connection to a VPC in a different region?

Ans: NO. Its possible between VPCs in the same region.

Q40: Can you connect your VPC with a VPC created by another AWS account?

Ans: Yes. Only when that owner accepts your peering connection request.

Q41: When you delete your DB instance what will happen to your backups and DB snapshots?

Ans: When a DB instance is deleted, RDS retains the user-created DB snapshot along with all other manually created DB snapshots. Also automated backups are deleted and only manually created DB Snapshots are retained.

Q42: What is the significance of an Elastic IP?

Ans: The Public IP is associated with the instance until it is stopped or terminated Only. A Public IP is not static. Every time your instance is stopped or terminated the associated Public IP gets vanished and a new Public IP gets assigned with that instance. To over come this issue a public IP can be replaced by an Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it. Similarly when if you are hosting multiple websites on your EC2 server, in that case you may require more than one Elastic IP address.

Q43: How will you use S3 with your EC2 instances?

Ans: Websites hosted on your EC2 instances can load their static contents directly from S3. It provides highly scalable, reliable, fast, inexpensive data storage infrastructure.

Q44: Is this possible to connect your company datacenter to Amazon Cloud?

Ans: Yes, you can very well do this by establishing a VPN connection between your company’s network and Amazon VPC.

Q45: Can you change the Private IP of an EC2 instance while it is running or stopped?

Ans: A Private IP is STATIC. And it is attached with an instance throughout is lifetime and cannot be changed.

Q46: What is the use of Subnets?

Ans: When a network has more number of HOSTS, managing these hosts can be tedious under a single large network. Therefore we divide this large network into easily manageable sub-networks (subnets) so that managing hosts under each subnet becomes easier.

Q47: What is the use of Route Table?

Ans: Route Table is used to route the network pockets. Generally one route table would be available in each subnet. Route table can have any no. of records or information, hence attaching multiple subnets to a route table is also possible.

Q48: Can you use the Standby DB instance for read and write along with your Primary DB instance?

Ans: Standby server cannot be used in parallel with primary server unless your Primary instance goes down.

Q49: What is the use of Connection Draining?

Ans: Connection Draining is a service under Elastic Load Balancing. It keeps monitoring the healthiness of the instances. If any instance fails Connection Draining pulls all the traffic from that particular failed instance and re-route the traffic to other healthy instances.

Q50: What is the role of AWS CloudTrail?

Ans: CloudTrail is designed for logging and tracking API calls. Also used to audit all S3 bucket accesses.

Q51: What is the use of Amazon Transfer Acceleration Service?

Ans: ATA service speeds up your data transfer with the use of optimized network paths. Also, speed up your CDN up to 300% compared to normal data transfer speed

Q53: EC2 officially launch in …..

2002
2006
2008

Ans: 2006

Q54: S3 Launched officially lunched in …..

2002
2006
2008

Ans: 2006

Q55: You cannot store unlimited data in Amazon Web Services…..

A. True
B. False

Ans: B. False

Q56: Rapid provisioning allows you to very quickly spin up a new virtual machine with minimal effort. True or false ?

Ans: True

Q57: A hybrid setup is one in which part of your resources are AWS and the rest are with another cloud provider. True or False ?

Ans: False

Q58: As an added layer of security for AWS management, which of the following should be you do ?

Create multiple Admin accounts
Generate a new security key each time you log in
Create IAM users

Ans: Create IAM users

EC2, Elastic Computing & Instances Types

Q59: Is AMI template ?

A.True
B. False

Ans: A.True

Q60: EC2 Instances are Virtual Server in AWS

A.True
B. False

Ans: A. True

Q61: What does “elastic” refer to in Elastic Compute Cloud(EC2)? Select all that apply...

A.Increasing and decreasing capacity as needed
B.Monitoring services on multiple devices
C. Operating on Mac, Windows and Linux
D. Paying only for running virtual machines
E. Stretching applications across virtual machines

Ans: A. Increasing and decreasing capacity as needed & D. Paying only for running virtual machines

Q62: You can upload a custom configuration virtual image and sell it on the AWS Marketplace. True or false?

A. True
B. False

Ans: A. True

Q63: EC2 Machine types define which of the following ?

A. AWS Region
B. Core Count
C. User Location

Ans: B. Core Count

Q64: Which is default instance type

A. On-demand
B. RI
C. Spot instance

Ans: A. On-demand

Q65: What is Elastic Computing ?

A. Data will be replicate to different AZs
B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Ans: B. You can spin up and spin down VMs

Q65: What is Elastic Computing ?

A. Data will be replicate to different AZs
B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Ans: B. You can spin up and spin down VMs

Q65: What is Elastic Computing ?

A. Data will be replicate to different AZs
B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Ans: B. You can spin up and spin down VMs

Q66: You can upload a custom configuration virtual image and sell it on the AWS Marketplace. True or false ?

A. True
B. False

Ans: A. True

Q67: EC2 Machine types define which of the following?

A. AWS Region
B. Core Count
C. User Location

Ans: B. Core Count

Q68: Which is default instance type

A. On-demand
B. RI
C. Spot instance

Ans: A. On-demand

Q69: What is Elastic Computing?

A. Data will be replicate to different AZs
B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Ans: B. You can spin up and spin down VMs

Q70: Can We launch multiple instances with the same AMI?

A. True
B. False

Ans: A. True

Q71: PEM file is one time physical password…

A. True
B. False

Q71: PEM file is one time physical password…

A. True
B. False

Ans: A. True

Q72: Windows user required PPK file to connect Linux instance hosted on AWS.

True
False

Ans: True

Q73: You can purchase time on EC2 directly from other users and specify the price you want to pay. True or false?

A. True
B. False

Ans: A. True

Q74: Which of the following might prevent your EC2 instance from appearing in the list of instances?

A. EC2 is not selected
B. Correct region is not selected
C. AWS marketplace is not selected

Ans: B. Correct region is not selected

Q75: Which of the following main reason to terminate an unused EC2 instance?

A. Security Concerns
B. Additional fees
C. Data Loss

Ans: B. Additional fees

Q76: Which AWS service exists only to redundantly cache data and images?

A. AWS Availability Zones
B. AWS Edge Locations
C. AWS Regions

Ans: B. AWS Edge Locations

Q77: Regions, AZs and Edge Locations all terms are the same…

A. True
B. False

Ans: B. False

Q78: AWS every service is available at every regions….

A. True
B. False

Ans: B. False

Q79: Premium support is Available in AWS for Developer, Business & Enterprise level?

A. True
B. False

Ans: A. True

Q80: Can you add new Debit/Credit card in your AWS Account?

A. True
B. False

Ans: A. True

Q81: Can you increase micro to large of instance?

A. True
B. False

Ans: A. True

Q82: On-demand instances is based on a bid mechanism.

A. True
B. False

Ans: B. False

Q83: RI can be sold on the AWS marketplace?

A. True
B. False

Ans: A. True

Q84: Which is default types options in AWS?

A. On-demand
B. RI
C. Spot instance

Ans: A. On-demand

Q85: What are On-demand, RI and Spot instances ? Which instance is best on Production?

A. On-demand
B. RI
C. Depends on Application or Website

Ans: C. Depends on Application or Website

Q86: Which is most expensive options in instance?

A. On-demand
B. RI
C. Spot instance

Ans: On-demand

Q87: Amazon S3 is internet accessible storage via HTTP /HTTPS

A. True
B. False

Ans: A. True

Q88: Amazon S3 is not a object level of storage

A. True
B. False

Ans: B.False

Q89: Amazon S3 is storage for the Internet

A. True
B. False

Ans: A. True

Q90: Temporary storage access speed is not guaranteed.

A. True
B. False

Ans: A. True

Q91: There is 99.99% SLA(Service Level Agreement) for temporary storage.

A. True
B. False

Ans: B. False

Q92: Ephemeral storage is block-level storage?

A. True
B. False

Ans: A. True

Q93: Single object size is up to 5 TB in Amazon S3.

A. True
B. False

Ans: A. True

Q94: You can create unlimited bucket size in Amazon S3.

A. True
B. False

Ans: A. True

Q95: By default, Instance-Backed and EBS-Backed root volumes delete all data. However, when using EBS-Backed storage, you can configure it to save the data on the root volume. True or false?

A. True
B. False

Ans: A. True

Q96: You can switch from an Instance-Backed to an EBS-Backed root volume at any time. True or False?

A. True
B. False

Ans: B. False

Q97: When using an EBS-Backed machine, you can override the terminate option and save the root volume. True or False?

A. True
B. False

Ans: A. True

Q98: Which of the following is a service of AWS Simple Storage Service(S3)? Select all that apply.

A. Database Indexing
B. File searching
C. Secure Hosting
D. Storage Scaling

Ans: C. Secure Hosting & D. Storage Scaling

Q99: What’s the difference between instance store and EBS?

Issue
I’m not sure whether to store the data associated with my Amazon EC2 instance in instance store or in an attached Amazon Elastic Block Store (Amazon EBS) volume. Which option is best for me?
Resolution
Some Amazon EC2 instance types come with a form of directly attached, block-device storage known as the instance store. The instance store is ideal for temporary storage, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures. You can find more detailed information about the instance store at Amazon EC2 Instance Store.
For data you want to retain longer-term, or if you need to encrypt the data, we recommend using EBS volumes instead. EBS volumes preserve their data through instance stops and terminations, can be easily backed up with EBS snapshots, can be removed from instances and reattached to another, and support full-volume encryption. For more detailed information about EBS volumes, see Features of Amazon EBS.

Q100: BS can be attached to any running instance that is in the same Availability Zone?

A. True
B. False

Ans: True

Q101: EBS is internet accessible

A. True
B. False

Ans: B. False

Q102: EBS has persistent file system for EC2

A. True
B. False

Ans: True

Q103: EBS supports incremental snapshots

A. True
B. False

Ans: A. True

Q104: Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS.

True
False

Ans: True

Q105: Amazon Glacier is a great storage choice when low storage cost is paramount.

A. True
B. False

Ans: A. True

Q106: Data is rarely retrieved, and retrieval latency of several hours is acceptable in Glacier

A. True
B. False

Ans: A. True

Q107: Glacier is basically for data archival

True
False

Ans: True

Q108: It is very cheap storage

A. True
B. False

Ans: A. True

Q109: Glacier has very, very slow retrieval times

A. True
B. False

Ans: A. True

Q110: By Default, Instance-Backed and EBS-Backed root volumes delete all data. However, when using EBS-Backed storage, you can configure it to save the data on the root volume.

True
False

Ans: True

Q111: You can switch from an Instance-Backed to an EBS-Backed root volume at any time.

A. True
B. False

Ans: B. False

Q112: When using an EBS-Backed machine, you can override the terminate option and save the root volume.

A. True
B. False

Ans: A. True

Q113: VPC is Private, Isolated, Virtual Network

A. True
B. False

Ans: A. True

Q114: VPC would be logically isolated network in AWS cloud

A. True
B. False

Ans: A. True

Q115: VPC is also give control of network architecture

A. True
B. False

Ans: A. True

Q116: VPC is also going to enhanced security

A. True
B. False

Ans: A. True

Q117: VPC has ability to interwork with other organizations

A. True
B. False

Ans: A. True

Q118: VPC does not enable hybrid cloud(site-to-site VPN)

A. True
B. False

Ans: A. False

Q119: Route Table is a set of Rules tells the direction of network

A. True
B. False

Ans: A. True

Q120: Security Group is a subnet level of security

A. True
B. False

Ans: B. False

Q121: NACLs(Network Access Lists) is a resource level of security

A. True
B. False

Ans: B. False

Q122: Any default stack is available in Cloud Formation?

Ans: You can not create default stack but you can choose the type of stack to create e.g :
A sample stack
A Linux-based chef 12 stack
A Windows-based Chef 12.2 stack
A Linux-based Chef 11.10 stack

Q123: What is the difference between Stack and Template in Cloud Formation?

Ans: Stack : Cloud-based applications usually require a group of related resources—application servers, database servers, and so on—that must be created and managed collectively. This collection of instances is called a stack

Q124: We can create multiple server for same stack?

Ans: you can select one “instance type” e.g: t2.micro at a time but you can set more then one “Webserver Capacity” which is “The initial number of Webserver instances“ means automatically same kind of instances will launch.

Q125: Can you explain the term SQS is pull based, not pushed base.

Ans: It means that you have to actively poll the queue in order to receive a messages.
The messages are pushed into the queue by the producers but pulled out of the queue by the consumers.You have to call the Receive Message action from the consumer in order to get the messages, they are not pushed to you automatically when they arrive.

Q126: How many Elastic IP addresses can be associated with a single account?

A. 4
B. 10
C. 5
D. None the above

Ans: C. 5

Q127: What is the name to the additional network interfaces that can be created and attached to any Amazon EC2 instance in your VPC?

A. Elastic IP
B. Elastic Network Interface
C. AWS Elastic Interface
D. AWS Network ACL
Ans: B. Elastic Network Interface

Q128: You have configured ELB with three instances connected to that. If your instances are unhealthy or terminated, the traffic should be automatically replaced to another instance, what type of service can be used to achieve this requirement?

A. Sticky session
B. Fault Tolerance
C. Connection drainage
D. Monitoring

Ans: B. Fault Tolerance

Q129: After configuring ELB, you need to ensure that the user requests are always attached to a single instance. What setting can you use?

A. Session cookie
B. Cross one load balancing
C. Connection drainage
D. Sticky session

Ans: D. Sticky session

Q130: Which of the following metrics cannot have a cloud watch alarm?

A. EC2 instance status check failed
B. EC2 CPU utilization
C. RRS lost object
D. Auto scaling group CPU utilization

Ans: C. RRS lost object

Q131: Which of the below mentioned service is provided by Cloud watch?

A. Monitor estimated AWS usage
B. Monitor EC2 log files
C. Monitor S3 storage
D. Monitor AWS calls using Cloud trail

Ans: A. Monitor estimated AWS usage

Q132: A user has Launched an EC2 instance which of the below mentioned statements is not true respect to instance addressing?

A. The private IP addresses are not reachable from the internet
B. The user can communicate using the private IP across regions
C. The private IP address and pubic IP address for an instance are directly mapped to each other using NAT
D. The private IP address for the instance is assigned using DHCP

Ans: B. The user can communicate using the private IP across regions

Q133: Which of the following service provides the edge – storage or content delivery system that caches data at different locations?

A. Amazon RDS
B. Simple DB
C. Amazon Cloud Front
D. Amazon associates web services

Ans: C. Amazon Cloud Front

Q134: A user is launching an instance under the free usage tier from the AMI with a snapshot size of 50 GB. How can the user launch the instance under the free usage tier?

A. Launch a micro instance
B. Launch a micro instance, but in the EBS configuration modify the size of EBS to 50 GB.
C. Launch a micro instance, but do not store the data of more than 30 GB on the EBS storage.
D. It is not possible to have this instance under the free usage tier

Ans: D. It is not possible to have this instance under the free usage tier

Q135: What are the possible connection issues you can face while connecting to your instance?

A. Connection timed out
B. Server refused our key
C. No supported authentication methods available
D. All of the above

Ans: D. All of the above

Q136: You are enabled sticky session with ELB. What does it do with your instance?

A. Routes all the requests to a single DNS
B. Binds the user session with a specific instance
C. Binds the user IP with a specific session
D. Provides a single ELB DNS for each IP address

Ans: B. Binds the user session with a specific instance

Q137: Which is a main email platform that provides an easy, cost effective way for you to send compliance and receive a response using your own email address and domains?

A. SES
B. SNS
C. SQS
D. SAS

Ans: A. SES

Q138: Which type of load balancer makes routing decisions at either the transport layer or the application layer and supports either EC2 or VPC.

A. Application Load Balancer
B. Classic Load Balancer
C. Primary Load Balancer
D. Secondary Load Balancer

Ans: B. Classic Load Balancer

Q139: AWS Cloud Front has been configured to handle the customer requests to the web server launched in Linux machine. How many requests per second can Amazon Cloud Front handle?

A. 1000
B. 100
C. 10000
D. There is no such limit

Ans: D. There is no such limit

Q140: You are going to launched one instance with security group. While configuring security group, what are the things you have to select?

A. Protocol and type
B. Port
C. Source
D. All of the above

Ans: C. Source

Q141: Which is virtual network interface that you can attach to an instance in a VPC?

A. Elastic IP
B. AWS Elastic Interface
C. Elastic Network Interface
D. AWS Network ACL

Ans: C. Elastic Network Interface

Q142: You have launched a Linux instance in AWS EC2. While configuring security group, you have selected SSH, HTTP, HTTPS protocol. Why do we need to select SSH?

A. To verity that there is a rule that allows traffic from your computer to port 22
B. To verify that there is a rule that allows traffic from EC2 Instance to your computer
C. Allows web traffic from instance to your computer
D. Allows web traffic from your computer to EC2 instance

Ans: B. To verify that there is a rule that allows traffic from EC2 Instance to your computer

Q143: You need to quickly set up an email service because a client needs to start using it in the next hour. Amazon service seems to be the logical choice but there are several options available to set it up. Which of the following options to set up AWS service would best meet the needs of the client?

A. Amazon SES console
B. AWS Cloud Formation
C. SMTP interface
D. AWS Elastic Beanstalk

Ans: A. Amazon SES console

Q144: You have chosen a windows instance with Classic and you want to make some change to the security group. How will these changes be effective?

A. Security group rules cannot be changed
B. Changes are automatically applied to windows instances
C. Changes will be effective after rebooting the instance in that security group
D. Changes will be effective after 24-hours

Ans: B. Changes are automatically applied to windows instances

Q145: Load Balancer and DNS service comes under which type of cloud service?

A. IAAS-Network
B. IAAS-Computational
C. IAAS-Storage
D. None of the above

Ans: C. IAAS-Storage

Q146: You have an EC2 instance that has an unencrypted volume. You want to create another encrypted volume from this unencrypted volume. Which of the following steps can achieve this?

A. Just simply create a copy of the unencrypted volume, you will have the option to encrypt the volume.
B. Create a snapshot of the unencrypted volume and then while creating a volume from the snapshot you can encrypt it
C. Create a snapshot of the unencrypted volume (applying encryption parameters), copy the snapshot and create a volume from the copied snapshot
D. This is not possible, once a volume is unencrypted, there is no way to create an encrypted volume from this

Ans: C. Create a snapshot of the unencrypted volume (applying encryption parameters), copy the snapshot and create a volume from the copied snapshot

Q147: Where does the user specify the maximum number of instances with the auto scaling commands?

A. Auto scaling Launch Config
B. Auto scaling group
C. Auto scaling policy
D. Auto scaling size

Ans: A. Auto scaling Launch Config

Q148: A user is identify that a huge data download is occurring on his instance he has already set the auto scaling policy to increase the instance count when the network Input Output increase beyond a threshold limits how can the user ensure that this temporary event does not result in scaling The network I/O are not affecting during data download

A. The policy cannot be set on the network I/O
B. There is no way the can stop scaling as it already configured
C. Suspend scaling

Ans: C. Suspend scaling

Q149: Which are the types of AMI provided by AWS? EBS Backed
A. Instance Store backed
B. None its volume type and not AMI types
C. Both A and B

Q150: What is the significance of forming Subnets?

A. Because, not enough hosts
B. To manage small number of hosts
C. To utilize the Volume available across different subnets
D. Smartly utilize network that have large number of hosts

The answer is: D

Q151: If you want to launch your instance on a single-tenancy platform, which option you would select against Instance Tenancy Attribute parameter?

A. One to one
B. Sole Owner
C. Dedicated
D. Reserved

The answer is: C

Q152 _____________ is a fully managed Data Warehouse service from AWS?

A. Amazon Redshift
B. Amazon Neptune
C. Amazon Aurora
D. Amazon DynamoDB

The answer is: A

Q153: Which of the following statements are applicable to AWS Elastic File System(EFS)?

A. EFS provides simple, scalable file storage for use with Amazon EC2
B. EFS with MS-Windows based EC2 instances is not supported
C. EFS supports the Network File System version 4 protocol
D. All of the above

The answer is: D

Q154: What is the role of Connection Draining?

A. Helps to launch an EC2 instance
B. Automatically terminates instances which are not in use
C. Establishes connection between EC2 and RDS instances
D. Auto Scaling wait for outstanding requests to complete before terminating instances when CD is enabled

The answer is: D

Q155: What is the use of Lambda?

A. Lambda is used for running server-less applications
B. It is a testing tool from AWS
C. It is a database service from AWS
D. It is an Anti Virus software from AWS

The answer is: A

Q156: What is Application Load Balancing?

A. It is a feature of Elastic Load Balancing
B. Use to distribute traffic to different Target Groups
C. It is a service generating Elastic IPs for AWS customers
D. It is a kind of Firewall

The answers are: A and B

Q157: What are the uses of Elastic Beanstalk?

A. Quickly deploy and manage applications in the AWS Cloud
B. Supports Java, .NET, Node.js, PHP, Python applications
C. It is an Application Server from AWS
D. Use to deploy only Java-Beans applications

The answers are: A and B

Q158: Can you connect your company’s datacenter to the Amazon Cloud network?

A. Not possible
B. You can connect thru a Dedicated N/W line
C. By establishing a Virtual Private Network (VPN) between your datacenter and VPC
D. Connect with a hotline

The answer is: C

Q159: You have commissioned PRIVATE servers in your premises. You also distributed some of your workloads with the PUBLIC cloud. What type of architecture is this?

A. Virtual Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud

The answer is: D

Q160: DynamoDB _______________________. Which one of the following is true regarding DynamoDB?

A. Manages Notification Service
B. Stores Metadata
C. Manages Queue Service
D. None of the above

The answer is: B

Q161: What are the significances of AWS CloudTrail?

A. Takes care of Message Queuing Service
B. It enables governance, compliance, operational auditing and risk auditing of your AWS account.
C. Used as a database service
D. It provides an event history of your AWS account activities

The answers are: B and D

Q162: Which one is a global Content Delivery Network service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds?

A. Amazon CloudWatch
B. Amazon CloudFront
C. Amazon CloudTrail
D. Amazon VPC

The answer is: B

Q163: Is AWS offering Reserved Instances facility for Multiple-Subnet deployments? A. Yes, available for all kind of instances
B. No, available only for Dedicated Tenancy
C. Offering only for LINUX based instances
D. None of the above

The answer is: A

Q164: Select the correct statement from the below:

A. You can have multiple ACLs for a subnet
B. Security Group is not necessary for an EC2 instance
C. You can attach multiple Zones/Subnets to a Route Table
D. You can create S3 bucket using AWS AMI templates

The answer is: C

Q165: Name the AWS DB Service which is Server-Less and NoSQL DB which delivers consistent single-digit millisecond latency at any scale?

A. Amazon Redshift
B. Amazon Neptune
C. Amazon Aurora
D. Amazon DynamoDB

The answer is: D

Q166: Is this advisable to keep your Standby-Database instance in the same zone where your primary instance is running?

A. Yes, you can keep
B. Possible only for MySQL instance
C. No, not recommended for any kind of DB instance
D. Recommended only for MS-SQL instance

The answer is: C

Q167: Can objects in S3 be delivered by Amazon CloudFront?

A. Yes, you can place any objects in S3 which CloudFront quickly delivers
B. CloudFront delivers only movie type objects
C. No, S3 cannot be integrated with CloudFront
D. Amazon VPC will deliver the objects

The answer is: A

Q168: What you should do if you want to launch an EC2 instance with a pre-allocated private IP address?

A. Launch it in a Subnet Group
B. Launch the instance from a Private AMI
C. Assign EIP address to that instance
D. Launch that instance in AWS VPC cloud

The answer is: D

Q169: Can you edit a Security Group (SG) rules when it is used by multiple EC2 instances? Will new rules apply to all previously running EC2 instances?

A. No, you cannot edit a SG when used by a EC2 instance
B. Yes, you can edit. Immediately apply to all instances.
C. You can edit only the Outbound rules
D. Only Outbound rules apply to all EC2 instances

The answer is: B

Q170: Which of the following statements are true with Route 53?

A. Amazon Route 53 is a scalable and highly available Domain Name System (DNS)
B. Amazon Route 53 is fully compliant with IPv6 as well
C. Will automatically configure DNS settings for your domains
D. Route 53 provides low latency database service

The answers are: A,B and C

Q171: What is a Virtual Private Cloud (VPC)?

A. VPC enables you to launch AWS resources into a virtual network
B. VPC is a virtual network dedicated to your AWS account
C. VPC is used to create domain name for your organization
D. VPC can also be connected to your own office data center

The answers are: A,B and D

Q172: What is an Elastic IP?

A. There is no such IP. Only public & private IPs are valid.
B. Used in Elastic Load Balancing
C. An Elastic IP address is a static IPv4 address
D. An Elastic IP address is for use in a specific region only

The answers are: C and D

Q173. _____________ is a fully managed in-memory data store service offered by Amazon Web Services (AWS)? A. Amazon Neptune
B. Amazon Redshift
C. Amazon ElastiCache
D. Amazon Aurora

The answer is: C

Q174: In AWS which service is used to create Domain Name for their customers?

A. Amazon CloudWatch
B. Amazon Route53
C. Amazon CloudDomain
D. Amazon VPC

The answer is: B

Q175: Which one is a valid statement regarding EBS-Volumes?

A. You can attach maximum of 5 volumes to an instance
B. You can attach multiple instances to one volume
C. You can attach multiple volumes to a single EC2 instance
D. You cannot attach a additional volume to an instan

ce” open=”no” style=”default” icon=”plus” anchor=”” class=””] The answer is: C

Q176: Which one is a valid statement regarding EBS-Snapshots?

A. You can access Snapshots thru S3 APIs
B. You can store your Snapshots in a S3 BUCKET
C. Snapshots are available only thru EC2 instances
D. You can access your Snapshots thru VPC APIs

The answer is: C

Q177: Which AWS Service you would use to transfer objects from your data center, when you are using Amazon CloudFront?

A. AWS CloudWatch
B. AWS SNS Service
C. AWS SMS Service
D. AWS Direct Connect

The answer is: D

Q178: Which one is the valid scenario?

A. Creating PEERING connection to a VPC in a Different Region
B. Creating PEERING connection between VPCs in Same Region
C. Attaching VOLUME in one subnet/zone with EC2 instance in another subnet/zone
D. Keeping your primary db and secondary db in the same zone

The answer is: B

Q179: How do you connect a VPC to your Office Datacenter?

A. By keeping AWS VPC and Office Datacenter in same IP range
B. Establishing VPN connection between VPC and Datacenter
C. Establishing a dedicated hotlink between VPC and Datacenter
D. You cannot connect VPC and your Datacenter

The answer is: B

Q180: Choose the valid scenarios regarding VPC?

A. You can delete the Default VPC available in your region
B. VPC can span across multiple Availability Zones
C. Trying to launch an instance without having VPC in a region
D. Launching an instance onto a VPC created by you

The answers are: A,B and D

Q181: How the EC2 instances inside a VPC directly access the internet?

A. With the help of instance’s Public IP
B. By attaching a Elastic IP to that instance
C. Internet Gateway enables the access to the internet
D. With the help of Route Table

The answer is: C

Q182: Which one is the highly secured design?

A. Keeping both EC2 and Database instances in a public subnet
B. Keep EC2 in public subnet and Database in private subnet
C. Keep EC2 in public subnet and Database in a S3 bucket
D. Defining ANYWHERE in the DB security group INBOUND rule

The answer is: B

Q183: Keeping your instance in a public subnet and database in a private subnet. What type of cloud deployment model is this?

A. Community Cloud
B. Private Cloud
C. Public Cloud
D. Hybrid Cloud

The answer is: D

Q184: Which service distribute the contents from Edge Locations to the end users to reduce the latency?

A. Amazon CloudWatch
B. Amazon CloudTrail
C. Amazon CloudFront
D. Amazon PushData

The answer is: C

Q185: I am a cloud web service used for hosting your application. Who am I?

A. AWS Route 53
B. AWS VPC
C. AWS S3
D. AWS EC2

The answer is: D

Q186: You can add ________________ to your Auto Scaling group so that you can perform custom

actions when instances launch or terminate.

CloudWatch
B. CloudTrail
C. Load Balancer
D. Lifecycle Hooks” open=”no” style=”default” icon=”plus” anchor=”” class=””] The answer is: D

Q187: What is Auto Scaling?

A. Accelerating VPC Speed
B. Creating/Terminating duplicate instances using Scale IN/OUT
C. Automating backup/restore service
D. None of the above

The answer is: B

Q188:; You want complex querying capabilities but don’t want data warehouse. Which database service you would choose?

A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon RDS
D. Amazon ElastiCache

The answer is: C

Q189: What is an Availability Zone?

A. A Container where all your S3 buckets are stored
B. Denotes an Entire Region
C. A location inside a Region which is protected from failures
D. Collection of Regions

The answer is: C

Q190: The cloud infrastructure is shared by several organizations and supports specific group that has shared concerns. Government departments, universities, central banks etc. often find this type of cloud useful. What kind of cloud deployment model is this?

A. Private Cloud
B. Hybrid Cloud
C. Community Cloud
D. Public Cloud

The answer is: C

Q191: How many Buckets you can create in S3?

A. 150
B. 250
C. 500
D. 100

The answer is: D

Q192: What is the maximum size of a S3 Bucket?

A. 3 Terabytes
B. 10 Terabytes
C. 5 Terabytes
D. 7 Terabytes

The answer is: C

Q193: Which service of Amazon AWS is used to host a static website?

A. Amazon Simple Storage Service(S3)
B. Amazon CloudFront
C. Amazon Route53
D. Amazon CloudWatch

The answer is: A

Q194: Which of the following is not a Part of Security groups?

A. List of Protocols
B. List of Users
C. Ports
D. IP Address

The answer is: B

Q195: A data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage devices designed to be secure for physical transport. Name this solution.

A. Amazon EFS
B. Amazon S3
C. Amazon Glacier
D. Amazon Snowball

The answer is: D

Q196: What type of IP address do you use for your CGW (Customer Gateway) address?

A. You will use PRIVATE IP address of your NAT device
B. You will use PUBLIC IP address of your NAT device
C. You will use ELASTIC IP address of your NAT device
D. You will use VPN

The answer is: B

Q197: How many subnets you can have per VPC?

A. 100
B. 300
C. 250
D. 200

The answer is: D

Q198: I have a REST API interface and uses secure HMAC-SHA1 authentication keys. I am also a data storage system. Who am I?

A. SS3
B. Elastic Block Store
C. S3
D. Snapshots

The answer is: C

Q199: I am a structured data store. I support indexing and data queries to both EC2 and S3. Who am I?

A. DynamoDB
B. SimpleDB
C. MySQL
D. Aurora

The answer is: B

Q200: How many Elastic IP address can be associated with a single account?

A) 4
B) 10
C) 5
D) None the above

Q325: What are route Tables?

Ans: Route tables are used to establish a connection to a VPC or Subnet.

Q324: What is Network ACLS?

Ans: Network ACLs are like firewalls which used to control the traffic from Subnet Level

Q323: What is Egress Internet gateway?

Ans: it is used for IPv6.

Q322: Types of Load Balancer?

Ans: Classic , Application, and Network.

Q321: What is stickiness in Load Balancer?

Ans: it will route the traffic and hold the user for some specific time Frame. ( ex: stickiness: 10 Seconds, then it will hold for 10 seconds, then will route the traffic to next instance).

Q320: What are Vertical scalability and Horizontal scalability?

Ans: Vertical scalability means we can increase compute family from one type to another type ( ex: t2.micro to t3.large)

Horizontal scalability means we can increase instances. ( we will specify minimum and maximum instances )

Q319: Difference between Application and Network Load Balancer?

Ans: Application load balancer is using layer 7 protocols ( https, https ). The network Load balancer is using layer 4 Protocols ( TCP, UDP, TLS ) and it will use elastic Ip’s for each subnet.

Q318: what is TTL stands in Route 53?

Ans: TTL: Time To Live is used to stick the DNS records for a specific time Frame ( It may be seconds or Minutes or days ).

Q316: What are Route 53 policies?

Ans: Simple, weighted, Failover, latency, Geo , Multiple.

Q315: What is the difference between Internet Gateway and NAT gateway?

Ans: Internet gateway: will transfer the packets bi-directionally (both end-user, as well EC2 can communicate to external)

NAT Gateway: will allow the only EC2 to communicate externally.

Q314: What is ENI?

Ans: It is an additional network interface which can be attached to exiting Ec2.

Q313: What is the instances limit for the spread placement group ?

Ans: 7

Q309: What is the storage type used for EC2?

Ans: EBS

Q308: What are AWS services which are not region specified?

Ans: IAM, S3, CDN

Q307: What is the maximum object limit in S3?

Ans: 5TB

Q306: Which region we have to choose for CDN Certificate?

Ans: US-EAST (N.Virginia)

Q305: What is Elastic IP Limit for an AWS Account?

Ans: 5

Q304: When you created in Domain some 3rd party, how do you map your AWS route 53 to 3rd party Domain?

Ans: we have to create a new public domain for our 3rd party in Route 53 and then have to map the new domain Name Servers to 3rd party.

Q303: What are A and AAAA records stands for in Route 53?

Ans: A- is used for IPv4 address Record. AAAA – is used for IPv6 Record.

Q302: What are inbound and outbound?

Ans:

Inbound –> it allows external users to access EC2.

Outbound –> it allows EC2 instances to access the Internet.

Q301: What are instance types?

Ans: On-Demand instances, Reserve instances, Spot instances, Dedicated instances, Dedicated Hosts.

Q300: What is the difference between CANME and Alias in Route 53?

Ans:

CNAME: it used map URL to URL. ( ex : myapp.mydomain.com –> another URL )

Alias: IT used to map AWS resources (ex: CDN, Load Balancer, S3 Website

Q299: What is the difference between the RDS database and Dynamo DB?

Ans: RDS is SQL-based and Dynamo is non-SQL Based.

Q298: How many VPC can be created under a single AWS account?

Ans: 5 VPC’s per account.

Q297: By default AWS will reserve 5 IPs, what are those?

Ans:

168.0.0 – Network IP
168.0.1 – AWS VPC Router IP
168.0.2 – a reserve for Amazon DNS
168.0.3 – reserved for AWS Future use
168.0.255 – Broadcast Address

Q296: What is Peer to Peer Gateway (Connection)?

Ans: Peer to Peer connection is used to establish a connection from One VPC to another VPC. It may be the same AWS account or a different AWS account.

Q295: How are EFS mounted in an autoscaled EC2 instance group?

Ans: Using the launch configuration, mentioning the file system.

Q294: What will you do when an EC2 instance from your auto-scaling group fails /not responding to the end-user?

Ans: If the server is reachable and in good health, manually remove it from the autoscaling target group and troubleshoot it, while autoscaling spawns a new instance as a replacement.

Q293: How can you switch between master and child accounts in AWS?

Ans: Thru AWS IAMs used alongside with AWS Organisation.

Ans: Whenever a High-performance system requirement is present.

Q291: What is the use of VPC flow logs?

Ans: More visibility on the Activities happening across the VPC network. Helps in troubleshooting

Q290: You lost your EC2 instance’s key pair. How will you connect it now?

Ans: Reset the key using EC2Rescue application or using AWS systems manager

Q289: How do you know if the AMI you use in EC2 is secure enough?

Ans: Organisations generally have golden standard AMIs with all the security applications available. Default once we need to configure the security

Q288: Have you worked on RDS?How to check permissions assigned/who can access the RDS?

Ans:- Thru IAM roles mostly.

Q287: What happens when ELB goes down?What is the workaround for users to reach your servers?

Ans: The application server becomes unreachable to the end user thru Website.

Routing the traffic directly to the biggest EC2 instance will resume the operation. But load will increase on the instance, which will give us only a few hours until the server crashes. (Depends on the application and traffic too)

Q286: Can you change the CPU of an instance which is already launched?

Ans: Yes, Vertical scaling method. Stop the instance, edit the instance type and relaunch again.

Q285: What tools have you used for reporting bugs in the infra?

Ans: Cloud watch, SCOM, Nagios

Q284: Can you assign 2 IPs for a single EC2 instance?

Ans: Yes, primary and secondary IP is possible. Only when it is private IP.

Q283: Can you monitor resources with Cloud Watch for multiple regions?

Ans: Yes, Cloud watch is not region-specific

Q282: What is the maximum size of EBS that can be launched in AWS?

Ans: 16TB

Q281: Can we associate multiple target groups under launch configuration of auto scaling groups?

Ans: No, instance type is defined in Launch configuration.

Q280: Can you add multiple types of instances in the same target group?

Ans: Yes, manually adding them is possible

Q279: How to implement security on a VPC setup?

Ans: A. Security groups

Access Control List
Subnet level restriction thru CIDR

Q278: Default number of roles you can assign for an IAM user?

Ans: 10

Q277: What are the most popular services in AWS?

Amazon s3
AWS Lambda
Amazon Glacier
Amazon EC2
Amazon Cloud Front
Amazon SNS
Amazon EBS
Amazon kinesis
Amazon VPC
Amazon SQ

Q276: How many AWS services are there in 2021?

The AWS server less Application repository is available in the AWS GovCloud (US-East) region. With this service, the availability of services is increases to a total of 18 AWS regions across North America, South America, the EU, and the Asia Pacific.

Q275: Explain the layers of cloud architecture?

We have five different types of layers available ,which are:

SC-Storage controller
CC-cluster controller
NC –Node Controller

Walrus

CLC- Cloud Controller

Q274: What are the types of queues in SQS?

There are two types of queues in SQS, They are Follows;

Standard Queues: it is default queue type. It provides an unlimited number of transactions per second and at least once message delivery option.

FIFO Queues: FIFO queues are designed to ensure that the order of messages is received and sent is strictly preserved as in the exact order that they sent.

Q273: What is Database Engines in RDS?

There are six database engines which RDS provides, and they are:

Amazon Aurora
Postgre SQL
MySQL
Maria DB
Oracle Database
Microsoft SQL Server

Q272: What are the Advantages of Amazon CloudWatch?

One dashboard, Access all data
Visibility on the complete infrastructure
Improve total cost of ownership
Insights from logs
Optimize Applications and Resources

Q269: What are the AWS Route 53 Policies?

There are several types of routing policies. The below list provides the routing policies which are used by AWS Route53.

Simple Routing
Latency-based Routing
Geolocation Routing

Q268: What are the Amazon Route 53 Benefits?

Highly Available and Reliable
Flexible
simple
Fast
Cost-effective
Designed to integrate with Other AWS Services
secure
scalable

Q267: if you peer vpc A to vpc B and I peer vpc B to vpc C, does that mean VPC’s A and C peer?

No, Transitive peering relationships are not supported.

Q266: Are there any bandwidth limitations for internet gateway?

Do you need to be concerned about its availability? Can it be a single point of failure?

No, An internet gateway is horizontally-scaled, redundant, and highly available .it imposes no bandwidth constraints.

Q264: Difference between NAT Instances Gateway?

NAT Gateway	NAT Instance
Highly available, NAT gateways in each Availability Zone are implemented with redundancy.	Use a script to manage failover between instances.
Can scale up to 45Gbps	Depends on the bandwidth of the instance type.
Managed by AWS, You do not need to perform any maintenance.	Managed by you, for example by installing software updates or operating system, patches on the instances.
Software is optimized for handling NAT traffic.	A generic Amazon Linux AMI that’s configured to perform NAT.

You will need to disable NAT-T on your device. If you don’t plan on using NAT-T and it is not disabled on your device, we will attempt to establish a tunnel over UDP port 4500, If that port is not open the tunnel will not establish.

Q262: When you call Describe volumes(),Do you see all of my Amazon Ebs volumes, Including Those in Ec2 classic And Ec2-vpc?

Yes, Describe Volumes() will return all your EBS volumes.

Q262: With in Which Amazon EC2 Regions is Amazon VPC Available?

Amazon VPC is currently available in multiple Availability Zones in all Amazon EC2 Regions.

Q261: Can you Monitor The Network Traffic in your Vpc?

Yes, you can use the Amazon VPC Flow logs feature to monitor the network traffic in your VPC.

Q260: Why can’t you ping the Router, Or My Default Gateway, That’s Connects My Subnets?

ping requests to the router in your VPC is not supported .Ping between Amazon EC2 instances within VPC is supported as long as your operating system’s firewalls, VPC security groups, and network ACL’s permit such traffic.

Q259: What are the connectivity options for my vpc?

The Internet (via an Internet gateway)
Your corporate data center using a Hardware VPN connection (via the virtual private gateway)
Both the Internet and your corporate data center
Other AWS services (via Internet gateway, NAT, Virtual private gateway, or VPC endpoints)
Other VPCs (via VPC peering connections)

Q250: Which platforms support CloudWatch logs Agent?

CenOs
Amazon Linux
Ubuntu
Red Hat Enterprise Linux
Windows

Q257: How can you safeguard EC2 instances running on a vpc?

AWS Security groups associated with EC2 instances can help you safeguard EC2 instances running in a vpc by providing security at the protocol and port access level. You can configure both INBOUND and OUTBOUND traffic to enables secured access for the EC2 instance. AWS security groups are much similar to a fire-wall-they contain set of rules which filter the traffic coming into and out of an EC2 instance.

Q256: How is AWS Elastic Beanstalk different than AWS OpsWorks?

AWS Elastic Beanstalk is an application management platform while OpsWorks is configuration management platform Beanstalk is an easy to use service which Is used for deploying and scaling web applications developed with Java, .Net, PHP ,Node js.,Python, Ruby, Go and Dockers.

Q253: What is the difference between Vertical & Horizontal Scaling?

The main difference between vertical and horizontal scaling is the way in which you add compute resources to your infrastructure. In vertical scaling more power is added to the existing machine while in horizontal scaling resources are added into system with the addition of more machines into the network so that the workload and processing is shared among multiple devices.

Q249: How do Encryption is done in S3?

In Transit: SSL/TLS
At Rest
Server-Side in Encryption
S3 Managed Keys – SSE-S3
AWS Key Management Service, Managed of Keys – SSE-KMS
6.Server-Side Encryption with Customer Provided Keys – SSE-C
Client-Side Encryptions

Q247: How does AWS Lambda to handle failure during event processing?

In AWS Lambda we can run a function of synchronous or asynchronous modes. In synchronous mode, if AWS Lambda function is fails, then it will just give on the exception to the calling application. In asynchronous modes, if AWS Lambda function is fails then it will retry to the same function at least 3 times. If AWS Lambda is running in response to an event in the Amazon DynamoDB or Amazon Kinesis, then event will be retried till that Lambda function succeeds or the data expires. In DynamoDB or Kinesis, AWS maintains datas for at least 24 hours.

Q246: How to update AMI tools at the Boot Time on linux?

# Update to Amazon EC2 AMI tools

echo ” + Updating EC2 AMI tools”

yum update -y aws-amitools-ec2

echo ” + Updated EC2 AMI tools”

Q243: What is the difference between Volume and Snapshot in the Amazon Web Services?

In Amazon Web Services, a Volume is durables, block level storage can device that can be attached to a singles EC2 instance. In plain words it is like an hard disk on which we can be write or read from.A Snapshot is created by copying the data of volume to the another location at a specific time. We can even replicate samen of Snapshot to multiple availability zones. So, Snapshot is the single point in time view of a volume. We can create an Snapshot only when we have a Volumes. Also, from a Snapshot we can create an Volumes. In AWS, we have to pay for the storage that is used by Volume as well as the one used by a Snapshots.

Q242: How can I take an Snapshot of a RAID Array?

Problem – Take an snapshot excludes data held in the cache by the applications and the OS. This tends not to matter on a single volume, however using a multiple volumes in the RAID Array, this can be a problem due to inter dependencies of arrays.

Q243. What is the difference between Security Group and NACL in AWS?

ecurity groups vs Network ACLs - What is the Difference?

The differences between NACL and security groups have been discussed below:

NACL	Security Group
Network Access Control List that helps provide a layer of security to the amazon web services. There are two kinds of NACL- Customized and default.	A security group has to be explicitly assigned to an instance; it doesn’t associate itself to a subnet.
Multiple subnets can be bound with a single NACL, but one subnet can be bound with a single NACL only, at a time	Security groups are associated with an instance of a service. It can be associated with one or more security groups which has been created by the user.
NACL can be understood as the firewall or protection for the subnet.	Security group can be understood as a firewall to protect EC2 instances.
These are stateless, meaning any change applied to an incoming rule isn’t automatically applied to an outgoing rule.	These are stateful, which means any changes which are applied to an incoming rule is automatically applied to a rule which is outgoing.
Example: If a request comes through port 80, it should be explicitly indicated that its outgoing response would be the same port 80.	Example: If the incoming port of a request is 80, the outgoing response of that request is also 80 (it is opened automatically) by default.
NACL can be used to support as well as deny rules. Denial of rules can be explicitly mentioned, so that when the layer sees a specific IP address, it blocks connecting to it.	They support rules only, and the default behaviour is denial of all rules. Every VPC can belong to different security groups.
It is considered to be the second layer of defence, which helps protect AWS stack. It is an optional layer for VPC, which adds another security layer to the amazon service.	It is considered to be the first defence layer that helps protect the Amazon Web Services infrastructure.
In case of NACL, the rules are applied in the order of their priority, wherein priority is indicated by the number the rule is assigned.	In case of a security group, all the rules are applied to an instance.
This means every rule is evaluated based on the priority it has.	This means all rules are evaluated before they allow a traffic.

1. What is EC2?

EC2, a Virtual Machine in the cloud on which you have OS-level control. You can run this cloud server whenever you want and can be used when you need to deploy your own servers in the cloud, similar to your on-premises servers, and when you want to have full control over the choice of hardware and the updates on the machine.

2. What is SnowBall?

SnowBall is a small application that enables you to transfer terabytes of data inside and outside of the AWS environment.

AWS Snowball

3. What is CloudWatch?

CloudWatch helps you to monitor AWS environments like EC2, RDS Instances, and CPU utilization. It also triggers alarms depending on various metrics.

AWS Cloudwatch

You can download a PDF version of Aws Interview Questions.

Download PDF

4. What is Elastic Transcoder?

Elastic Transcoder is an AWS Service Tool that helps you in changing a video’s format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions.

5. What do you understand by VPC?

VPC stands for Virtual Private Cloud. It allows you to customize your networking configuration. VPC is a network that is logically isolated from other networks in the cloud. It allows you to have your private IP Address range, internet gateways, subnets, and security groups.

6. DNS and Load Balancer Services come under which type of Cloud Service?

DNS and Load Balancer are a part of IaaS-Storage Cloud Service.

7. What are the Storage Classes available in Amazon S3?

Storage Classes available with Amazon S3 are:

Amazon S3 Standard
Amazon S3 Standard-Infrequent Access
Amazon S3 Reduced Redundancy Storage
Amazon Glacier

8. Explain what T2 instances are?

T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.

9. What are Key-Pairs in AWS?

Key-Pairs are secure login information for your Virtual Machines. To connect to the instances, you can use Key-Pairs which contain a Public Key and a Private Key.

10. How many Subnets can you have per VPC?

You can have 200 Subnets per VPC.

11. List different types of Cloud Services.

Different types of Cloud Services are:

Software as a Service (SaaS)
Data as a Service (DaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)

Advanced AWS Questions

12. Explain what S3 is?

S3 stands for Simple Storage Service. You can use the S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. For S3, the payment model is “pay as you go”.

13. How does Amazon Route 53 provide high availability and low latency?

Amazon Route 53 uses the following to provide high availability and low latency:

Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
Dependency - Route 53 provides a high level of dependability required by critical applications.
Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.

Amazon Route

As can be seen in the above image, the requests coming from a user in India are served from the Singapore Server, while the requests coming from a user in the US are routed to Oregon region.

14. How can you send a request to Amazon S3?

Amazon S3 is a REST Service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.

15. What does AMI include?

An AMI includes the following things:

A template for the root volume for the instance.
Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
A block device mapping that determines the volumes to attach to the instance when it is launched.

16. What are the different types of Instances?

Following are the types of instances:

Compute Optimized
Memory-Optimized
Storage Optimized
Accelerated Computing
General Purpose

17. What is the relation between the Availability Zone and Region?

An AWS Availability Zone is a physical location where an Amazon data center is located. On the other hand, an AWS Region is a collection or group of Availability Zones or Data Centers.

This setup helps your services to be more available as you can place your VMs in different data centers within an AWS Region. If one of the data centers fails in a Region, the client requests still get served from the other data centers located in the same Region. This arrangement, thus, helps your service to be available even if a Data Center goes down.

18. How do you monitor Amazon VPC?

You can monitor Amazon VPC using:

CloudWatch
VPC Flow Logs

19. What are the different types of EC2 instances based on their costs?

The three types of EC2 instances based on the costs are:

On-Demand Instance - These instances are prepared as and when needed. Whenever you feel the need for a new EC2 instance, you can go ahead and create an on-demand instance. It is cheap for the short-time but not when taken for the long term.

Spot Instance - These types of instances can be bought through the bidding model. These are comparatively cheaper than On-Demand Instances.

Reserved Instance - On AWS, you can create instances that you can reserve for a year or so. These types of instances are especially useful when you know in advance that you will be needing an instance for the long term. In such cases, you can create a reserved instance and save heavily on costs.

20. What do you understand by stopping and terminating an EC2 Instance?

Stopping an EC2 instance means to shut it down as you would normally do on your Personal Computer. This will not delete any volumes attached to the instance and the instance can be started again when needed.

On the other hand, terminating an instance is equivalent to deleting an instance. All the volumes attached to the instance get deleted and it is not possible to restart the instance if needed at a later point in time.

21. What are the consistency models for modern DBs offered by AWS?

Eventual Consistency - It means that the data will be consistent eventually, but may not be immediate. This will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. For example, if you don’t see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds, it is acceptable.

Strong Consistency - It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly. This model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

22. What is Geo-Targeting in CloudFront?

Geo-Targeting enables the creation of customized content based on the geographic location of the user. This allows you to serve the content which is more relevant to a user. For example, using Geo-Targeting, you can show the news related to local body elections to a user sitting in India, which you may not want to show to a user sitting in the US. Similarly, the news related to Baseball Tournament can be more relevant to a user sitting in the US, and not so relevant for a user sitting in India.

23. What are the advantages of AWS IAM?

AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, you can create roles with specific access-levels and assign the roles to the users.

It also allows you to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.

24. What do you understand by a Security Group?

When you create an instance in AWS, you may or may not want that instance to be accessible from the public network. Moreover, you may want that instance to be accessible from some networks and not from others.

Security Groups are a type of rule-based Virtual Firewall using which you can control access to your instances. You can create rules defining the Port Numbers, Networks, or protocols from which you want to allow access or deny access.

25. What are Spot Instances and On-Demand Instances?

When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.

On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

26. Explain Connection Draining.

Connection Draining is a feature provided by AWS which enables your servers which are either going to be updated or removed, to serve the current requests.

If Connection Draining is enabled, the Load Balancer will allow an outgoing instance to complete the current requests for a specific period but will not send any new request to it. Without Connection Draining, an outgoing instance will immediately go off and the requests pending on that instance will error out.

27. What is a Stateful and a Stateless Firewall?

A Stateful Firewall is the one that maintains the state of the rules defined. It requires you to define only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow.

On the other hand, a Stateless Firewall requires you to explicitly define rules for inbound as well as outbound traffic.

For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.

28. What is a Power User Access in AWS?

An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.

A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

29. What is an Instance Store Volume and an EBS Volume?

An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.

On the other hand, an EBS Volume represents a persistent storage disk. The data stored in an EBS Volume will be available even after the instance is turned off.

30. What are Recovery Time Objective and Recovery Point Objective in AWS?

Recovery Time Objective - It is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable.

Recover Point Objective - It is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.

31. Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?

Yes, it is possible by using the Multipart Upload Utility from AWS. With the Multipart Upload Utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts are merged into a single object or file to create the original file from which the parts were created.

32. Can you change the Private IP Address of an EC2 instance while it is running or in a stopped state?

No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.

33. What is the use of lifecycle hooks is Autoscaling?

Lifecycle hooks are used for Auto-scaling to put an additional wait time to a scale-in or a scale-out event.

34. What are the policies that you can set for your user’s passwords?

Following are the policies that can be set for user’s passwords:

You can set a minimum length of the password.
You can ask the users to add at least one number or special character to the password.
Assigning the requirements of particular character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.
You can enforce automatic password expiration, prevent the reuse of old passwords, and request for a password reset upon their next AWS sign-in.
You can have the AWS users contact an account administrator when the user has allowed the password to expire.

aws important questions

ecurity groups vs Network ACLs - What is the Difference?

1. What is EC2?

2. What is SnowBall?

3. What is CloudWatch?

4. What is Elastic Transcoder?

5. What do you understand by VPC?

6. DNS and Load Balancer Services come under which type of Cloud Service?

7. What are the Storage Classes available in Amazon S3?

8. Explain what T2 instances are?

9. What are Key-Pairs in AWS?

10. How many Subnets can you have per VPC?

11. List different types of Cloud Services.

Advanced AWS Questions

12. Explain what S3 is?

13. How does Amazon Route 53 provide high availability and low latency?

14. How can you send a request to Amazon S3?

15. What does AMI include?

16. What are the different types of Instances?

17. What is the relation between the Availability Zone and Region?

18. How do you monitor Amazon VPC?

19. What are the different types of EC2 instances based on their costs?

20. What do you understand by stopping and terminating an EC2 Instance?

21. What are the consistency models for modern DBs offered by AWS?

22. What is Geo-Targeting in CloudFront?

23. What are the advantages of AWS IAM?

24. What do you understand by a Security Group?

25. What are Spot Instances and On-Demand Instances?

26. Explain Connection Draining.

27. What is a Stateful and a Stateless Firewall?

28. What is a Power User Access in AWS?

29. What is an Instance Store Volume and an EBS Volume?

30. What are Recovery Time Objective and Recovery Point Objective in AWS?

31. Is there a way to upload a file that is greater than 100 Megabytes in Amazon S3?

32. Can you change the Private IP Address of an EC2 instance while it is running or in a stopped state?

33. What is the use of lifecycle hooks is Autoscaling?

34. What are the policies that you can set for your user’s passwords?

Comments

Post a Comment