AWS INTERVIEW QUESTIONS AND ANSWERS - Part 3
AWS Interview Questions and answers are very useful to the Fresher or Experienced person who is looking for the new challenging job from the reputed company. - Part 3
Here is a list of 50 more Interview questions related to AWS
Q201)What happens when an Amazon EC2 occurrence is halted or ended?
Answer:At the season of ceasing an Amazon EC2 case, a shutdown is performed in a typical way. From that point onward, the changes to the ceased state happen. Amid this, the majority of the Amazon EBS volumes are stayed joined to the case and the case can be begun whenever. The occurrence hours are not included when the occasion is the ceased state.
At the season of ending an Amazon EC2 case, a shutdown is performed in an ordinary way. Amid this, the erasure of the majority of the Amazon EBS volumes is performed. To stay away from this, the estimation of credit deleteOnTermination is set to false. On end, the occurrence additionally experiences cancellation, so the case can’t be begun once more.
Q202)What are the mainstream DevOps devices?
Answer:In an AWS DevOps Engineer talk with, this is the most widely recognized AWS inquiries for DevOps. To answer this inquiry, notice the well known DevOps apparatuses with the kind of hardware –
Jenkins – Continuous Integration Tool
Git – Version Control System Tool
Nagios – Continuous Monitoring Tool
Selenium – Continuous Testing Tool
Docker – Containerization Tool
Puppet, Chef, Ansible – Deployment and Configuration Administration Tools.
Q203)What are IAM Roles and Policies, What is the difference between IAM Roles and Policies.
Answer:Roles are for AWS services, Where we can assign permission of some AWS service to other Service.
Example – Giving S3 permission to EC2 to access S3 Bucket Contents.
Policies are for users and groups, Where we can assign permission to user’s and groups.
Example – Giving permission to user to access the S3 Buckets.
Q204)What are the Defaults services we get when we create custom AWS VPC?
Answer:
Route Table
Network ACL
Security Group
Q205)What is the Difference Between Public Subnet and Private Subnet ?
Answer:Public Subnet will have Internet Gateway Attached to its associated Route Table and Subnet, Private Subnet will not have the Internet Gateway Attached to its associated Route Table and Subnet
Public Subnet will have internet access and Private subnet will not have the internet access directly.
Q206) How do you access the Ec2 which has private IP which is in private Subnet ?
Answer: We can access using VPN if the VPN is configured into that Particular VPC where Ec2 is assigned to that VPC in the Subnet. We can access using other Ec2 which has the Public access.
Q207)We have a custom VPC Configured and MYSQL Database server which is in Private Subnet and we need to update the MYSQL Database Server, What are the Option to do so.
Answer:By using NAT Gateway in the VPC or Launch a NAT Instance ( Ec2) Configure or Attach the NAT Gateway in Public Subnet ( Which has Route Table attached to IGW) and attach it to the Route Table which is Already attached to the Private Subnet.
Q208) What are the Difference Between Security Groups and Network ACL
Answer:
Security Groups Network ACL
Attached to Ec2 instance Attached to a subnet.
Stateful – Changes made in incoming rules is automatically applied to the outgoing rule Stateless – Changes made in incoming rules is not applied to the outgoing rule
Blocking IP Address can’t be done IP Address can be Blocked
Allow rules only, by default all rules are denied Allow and Deny can be Used.
Q209)What are the Difference Between Route53 and ELB?
Answer:Amazon Route 53 will handle DNS servers. Route 53 give you web interface through which the DNS can be managed using Route 53, it is possible to direct and failover traffic. This can be achieved by using DNS Routing Policy.
One more routing policy is Failover Routing policy. we set up a health check to monitor your application endpoints. If one of the endpoints is not available, Route 53 will automatically forward the traffic to other endpoint.
Elastic Load Balancing
ELB automatically scales depends on the demand, so sizing of the load balancers to handle more traffic effectively when it is not required.
Q210)What are the DB engines which can be used in AWS RDS?
Answer:
MariaDB
MYSQL DB
MS SQL DB
Postgre DB
Oracle DB
Q211)What is Status Checks in AWS Ec2?
Answer: System Status Checks – System Status checks will look into problems with instance which needs AWS help to resolve the issue. When we see system status check failure, you can wait for AWS to resolve the issue, or do it by our self.
Network connectivity
System power
Software issues Data Centre’s
Hardware issues
Instance Status Checks – Instance Status checks will look into issues which need our involvement to fix the issue. if status check fails, we can reboot that particular instance.
Failed system status checks
Memory Full
Corrupted file system
Kernel issues
Q212)To establish a peering connections between two VPC’s What condition must be met?
Answer:
CIDR Block should overlap
CIDR Block should not overlap
VPC should be in the same region
VPC must belong to same account.
CIDR block should not overlap between vpc setting up a peering connection . peering connection is allowed within a region , across region, across different account.
Q213) Troubleshooting with EC2 Instances:
Answer: Instance States
If the instance state is 0/2- there might be some hardware issue
If the instance state is ½-there might be issue with OS.
Workaround-Need to restart the instance, if still that is not working logs will help to fix the issue.
Q214) How EC2instances can be resized.
Answer: EC2 instances can be resizable(scale up or scale down) based on requirement
Q215) EBS: its block-level storage volume which we can use after mounting with EC2 instances.
Answer:For types please refer AWS Solution Architect book.
Q216) Difference between EBS,EFS and S3
Answer:
We can access EBS only if its mounted with instance, at a time EBS can be mounted only with one instance.
EFS can be shared at a time with multiple instances
S3 can be accessed without mounting with instances
Q217) Maximum number of bucket which can be crated in AWS.
Answer:100 buckets can be created by default in AWS account.To get more buckets additionally you have to request Amazon for that.
Q218)Maximum number of EC2 which can be created in VPC.
Answer:Maximum 20 instances can be created in a VPC. we can create 20 reserve instances and request for spot instance as per demand.
Q219) How EBS can be accessed?
Answer:EBS provides high performance block-level storage which can be attached with running EC2 instance. Storage can be formatted and mounted with EC2 instance, then it can be accessed.
Q220)Process to mount EBS to EC2 instance
Answer:
Df –k
mkfs.ext4 /dev/xvdf
Fdisk –l
Mkdir /my5gbdata
Mount /dev/xvdf /my5gbdata
Q221)How to add volume permanently with instance.
Answer:With each restart volume will get unmounted from instance, to keep this attached need to perform below step
Cd /etc/fstab
/dev/xvdf /data ext4 defaults 0
0 <edit the file system name accordingly>
Q222) What is the Difference between the Service Role and SAML Federated Role.
Answer: Service Role are meant for usage of AWS Services and based upon the policies attached to it,it will have the scope to do its task. Example : In case of automation we can create a service role and attached to it.
Federated Roles are meant for User Access and getting access to AWS as per designed role. Example : We can have a federated role created for our office employee and corresponding to that a Group will be created in the AD and user will be added to it.
Q223)How many Policies can be attached to a role.
Answer: 10 (Soft limit), We can have till 20.
Q224) What are the different ways to access AWS.
Answer:3 Different ways (CLI, Console, SDK)
Q225)How a Root AWS user is different from in IAM User.
Answer: Root User will have acces to entire AWS environment and it will not have any policy attached to it. While IAM User will be able to do its task on the basis of policies attached to it.
Q226)What do you mean by Principal of least privilege in term of IAM.
Answer: Principal of least privilege means to provide the same or equivalent permission to the user/role.
Q227)What is the meaning of non-explicit deny for an IAM User.
Answer: When an IAM user is created and it is not having any policy attached to it,in that case he will not be able to access any of the AWS Service until a policy has been attached to it.
Q228) What is the precedence level between explicit allow and explicit deny.
Answer: Explicit deny will always override Explicit Allow.
Q229) What is the benefit of creating a group in IAM.
Answer:Creation of Group makes the user management process much simpler and user with the same kind of permission can be added in a group and at last addition of a policy will be much simpler to the group in comparison to doing the same thing manually.
Q230)What is the difference between the Administrative Access and Power User Access in term of pre-build policy.
Answer: Administrative Access will have the Full access to AWS resources. While Power User Access will have the Admin access except the user/group management permission.
Q231)What is the purpose of Identity Provider.
Answer: Identity Provider helps in building the trust between the AWS and the Corporate AD environment while we create the Federated role.
Q232) What are the benefits of STS (Security Token Service).
Answer: It help in securing the AWS environment as we need not to embed or distributed the AWS Security credentials in the application. As the credentials are temporary we need not to rotate them and revoke them.
Q233)What is the benefit of creating the AWS Organization.
Answer: It helps in managing the IAM Policies, creating the AWS Accounts programmatically, helps in managing the payment methods and consolidated billing.
Q234) What is the maximum file length in S3?
Answer: utf-8 1024 bytes
Q235) which activity cannot be done using autoscaling?
Answer:Maintain fixed running of ec2
Q236)How will you secure data at rest in EBS?
Answer: EBS data is always secure
Q237)What is the maximum size of S3 Bucket?
Answer: 5TB
Q238)Can objects in Amazon s3 be delivered through amazon cloud front?
Answer:Yes
Q239)which service is used to distribute content to end user service using global network of edge location?
Answer: Virtual Private Cloud
Q240)What is ephemaral storage?
Answer: Temporary storage
Q241)What are shards in kinesis aws services?
Answer: Shards are used to store data in Kinesis.
Q242)Where can you find the ephemeral storage?
Answer: In Instance store service.
Q243)I have some private servers on my premises also i have distributed some of My workload on the public cloud,what is the architecture called?
Answer:Virtual private cloud
Q244)Route 53 can be used to route users to infrastructure outside of aws.True/false?
Answer: False
Q245)Is simple workflow service one of the valid Simple Notification Service subscribers?
Answer: No
Q246)which cloud model do Developers and organizations all around the world leverage extensively?
Answer: IAAS-Infrastructure as a service.
Q247)Can cloud front serve content from a non AWS origin server?
Answer: No
Q248)Is EFS a centralised storage service in AWS?
Answer: Yes
Q249)Which AWS service will you use to collect and process ecommerce data for near real time analysis?
Answer: Both Dynamo DB & Redshift
Q250)An high demand of IOPS performance is expected around 15000.Which EBS volume type would you recommend?
Answer: Provisioned IOPS.