AWS Solutions Architect Interview Questions and

Answers

1. What is Amazon EC2?

EC2 is short for Elastic Compute Cloud, and it provides scalable computing
capacity. Using Amazon EC2 eliminates the need to invest in hardware,
leading to faster development and deployment of applications. You can
use Amazon EC2 to launch as many or as few virtual servers as needed,
configure security and networking, and manage storage. It can scale up or
down to handle changes in requirements, reducing the need to forecast
traffic. EC2 provides virtual computing environments called “instances.”

2. What Are Some of the Security Best Practices for Amazon EC2?

Security best practices for Amazon EC2 include using Identity and Access
Management (IAM) to control access to AWS resources; restricting access
by only allowing trusted hosts or networks to access ports on an instance;
only opening up those permissions you require, and disabling password-
based logins for instances launched from your AMI.

3. What is Amazon S3?

S3 is short for Simple Storage Service, and Amazon S3 is the most

supported storage platform available. S3 is object storage that can store
and retrieve any amount of data from anywhere. Despite that versatility,
it is practically unlimited as well as cost-effective because it is storage
available on demand. In addition to these benefits, it offers
unprecedented levels of durability and availability. Amazon S3 helps to
manage data for cost optimization, access control, and compliance.

4. Can S3 Be Used with EC2 Instances, and If Yes, How?

Amazon S3 can be used for instances with root devices backed by local
instance storage. That way, developers have access to the same highly
scalable, reliable, fast, inexpensive data storage infrastructure that
Amazon uses to run its own global network of websites. To execute
systems in the Amazon EC2 environment, developers load Amazon
Machine Images (AMIs) into Amazon S3 and then move them between
Amazon S3 and Amazon EC2.
Amazon EC2 and Amazon S3 are two of the best-known web services that
make up AWS.

5. What Is Identity and Access Management (IAM) and How Is It

Used?

Identity and Access Management (IAM) is a web service for securely

controlling access to AWS services. IAM lets you manage users, security
credentials such as access keys, and permissions that control which AWS
resources users and applications can access.

Free Course: Getting Started with AWS

Learn the Fundamentals of AWSENROLL NOW

6. What Is Amazon Virtual Private Cloud (VPC) and Why Is It Used?

A VPC is the best way of connecting to your cloud resources from your
own data center. Once you connect your datacenter to the VPC in which
your instances are present, each instance is assigned a private IP address
that can be accessed from your data center. That way, you can access
your public cloud resources as if they were on your own private network.

7. What Is Amazon Route 53?

Amazon Route 53 is a scalable and highly available Domain Name System

(DNS). The name refers to TCP or UDP port 53, where DNS server requests
are addressed.

8. What Is Cloudtrail and How Do Cloudtrail and Route 53 Work

Together?

CloudTrail is a service that captures information about every request sent

to the Amazon Route 53 API by an AWS account, including requests that
are sent by IAM users. CloudTrail saves log files of these requests to an
Amazon S3 bucket. CloudTrail captures information about all requests.
You can use information in the CloudTrail log files to determine which
requests were sent to Amazon Route 53, the IP address that the request
was sent from, who sent the request, when it was sent, and more.

9. When Would You Prefer Provisioned IOPS over Standard Rds

Storage?
You would use Provisioned IOPS when you have batch-oriented workloads.
Provisioned IOPS delivers high IO rates, but it is also expensive. However,
batch processing workloads do not require manual intervention.

10. How Do Amazon Rds, Dynamodb, and Redshift Differ from

Each Other?

Amazon RDS is a database management service for relational databases.

It manages patching, upgrading, and data backups automatically. It’s a
database management service for structured data only. On the other
hand, DynamoDB is a NoSQL database service for dealing with
unstructured data. Redshift is a data warehouse product used in data
analysis.

11. What Are the Benefits of AWS’s Disaster Recovery?

Businesses use cloud computing in part to enable faster disaster recovery

of critical IT systems without the cost of a second physical site. The AWS
cloud supports many popular disaster recovery architectures ranging from
small customer workload data center failures to environments that enable
rapid failover at scale. With data centers all over the world, AWS provides
a set of cloud-based disaster recovery services that enable rapid recovery
of your IT infrastructure and data.

Q1. What is AWS?

Ans. It is among the most commonly asked AWS interview questions.
There is little room to be creative – you either know or you don’t know the
answer.

Amazon Web Services or AWS is a set of cloud computing services and

tools from Amazon. It offers over 200 comprehensive data center services
globally. AWS is a cross-functional platform that offers a wide variety of
services ranging from data warehousing to content delivery.

Also Explore –

Top Full Stack Development Courses Popular Big Data Courses

Top Programming Courses Popular QA and Testing Co

Q2. What is Amazon S3?
Ans. Amazon S3 (Simple Storage Service) is object storage with a simple
web service interface to store and retrieve any amount of data from
anywhere on the web.

To learn more about AWS, read our blog on – What is AWS?

Q3. What is AWS SNS?

Ans. Amazon Simple Notification Service (Amazon SNS) is a push
notification service used in sending individual messages to a big group of
mobile or email subscriber systems including Amazon SQS queues, AWS
Lambda functions, and HTTPS endpoints. It is both application-to-
application (A2A) and application-to-person (A2P) communication.

Q4. What is CloudFront?

Ans. Amazon CloudFront has become one of the most popular delivery
networks (content delivery network, CDN) in the world, thanks to its ability
to accelerate the transmission of static and dynamic web content,
as .html, .css, and .js files. CloudFront works efficiently with services like
AWS Shield and helps in curbing DDoS attacks. It utilizes Amazon S3,
Elastic Load Balancing, or Amazon EC2 as sources for your applications
and uses Lambda @ Edge to run custom code closer to and personalize
customer users.

Q5. What are the main differences

between ‘horizontal’ and ‘vertical’
scales?
Ans. The main differences between ‘horizontal’ and ‘vertical’ scales are –

Horizontal Scale Vertical Scale

Provides new resources along You would need to increase p

with new hardware devices to resources by upgrading the cu
support the infrastructure machine

Used in distributed systems Used in virtualization

Resilient to system failure Single point of failure

Utilizes network calls Interprocess communicatio

Increases the capacity of Connects multiple system entiti

existing hardware or software by hardware, and software such th
adding additional resources work as a single logical un

Difficult to implement Easy to implement

Q6. What is Sharding?

Ans. Sharding or horizontal partitioning is a scale-out technique for
relational databases. This technique is used to put that data into smaller
subsets and distribute them across physically separated database servers,
where every server is called a database shard. These database shards
have the same hardware, database engine, and data structure so that a
similar level of performance is generated.
Image – Sharded database architecture (Source)

Q7. What are the different types of

load balancers in EC2?
Ans: There are three types of load balancers in EC2 –

Application Load Balancer – These balancers are designed to make

routing decisions at the application layer.

Network Load Balancer: Network load balancer handles millions of

requests per second and helps in making routing decisions at the
transport layer.

Classic Load Balancer: Classic Load Balancer is mainly used for

applications built within the EC2-Classic network. It offers basic load
balancing at varying Amazon EC2 instances.
Q8. What is DynamoDB?
Ans. DynamoDB is a NoSQL database. It is very flexible and performs
quite reliably – and can be integrated with AWS! It offers fast and
predictable performance with seamless scalability. With the help of
DynamoDB, you do not need to worry about hardware provisioning, setup,
and configuration, replication, software patching, or cluster scaling.

Explore AWS Certification Online Courses & Certifications

Q9. What is AWS CloudFormation?

Ans. AWS CloudFormation, is an Amazon service, dedicated to solving the
need to standardize and replicate the architectures to facilitate their
execution and optimize resources and costs in the delivery of applications,
or compliance with the requirements of the organization. CloudFormation
allows creating a proprietary library of instance templates or architectures
capable of being delivered at any time and in an organized manner,
through programming.

Q10. What are the advantages of

using AWS CloudFormation?
Ans. It is one of the most popular AWS interview questions.

AWS CloudFormation –

1. Reduces infrastructure deployment time

2. Reduces environment repair time
3. Increases confidence in deployments
4. Replicates complex environments, for example,
have complex environments for development, pre-
 production and production, that are the same, or
almost the same, simply by scaling up resources
5. Reuses the definitions between different products

Q11. What is Elastic Beanstalk?

Ans. Elastic Beanstalk is an orchestration service by AWS, used in various
AWS applications such as EC2, S3, Simple Notification Service,
CloudWatch, autoscaling, and Elastic Load Balancers. It is the fastest and
simplest way to deploy your application on AWS using either AWS
Management Console, a Git repository, or an integrated development
environment (IDE).

Q12. What is Geo Restriction in

CloudFront?
Ans. Geo restriction, also known as geoblocking, is used to prevent users
in specific geographic locations from accessing content that you’re
distributing through a CloudFront web distribution.

Q13. What is a T2 instance?

Ans. T2 instances are designed to provide moderate baseline
performance and the capability to burst to higher performance as required
by workload.

Q14. What is AWS Lambda?

Ans. AWS Lambda is a compute service that lets you run code in the AWS
Cloud without provisioning or managing servers.
Q15. What is a Serverless application
in AWS?
Ans. The AWS Serverless Application Model (AWS SAM) extends AWS
CloudFormation to provide a simplified way of defining the Amazon API
Gateway APIs, AWS Lambda functions, and Amazon DynamoDB tables
needed by your serverless application.

Q16. What is the use of Amazon

ElastiCache?
Ans. Amazon ElastiCache is a web service that makes it easy to deploy,
operate, and scale an in-memory data store or cache in the cloud.

Q17. Explain how the buffer is used in

Amazon web services.
Ans. The buffer is used to make the system more robust to manage traffic
or load by synchronizing different components.

Q18. Differentiate between stopping

and terminating an instance.
Ans. When an instance is stopped, the instance performs a normal
shutdown and then transitions to a stopped state.

When an instance is terminated, the instance performs a normal

shutdown, then the attached Amazon EBS volumes are deleted unless the
volume’s deleteOnTermination attribute is set to false.
Also Read>> Top 10 Reasons to learn AWS

Q19. Is it possible to change the

private IP addresses of an EC2 while
it is running/stopped in a VPC?
Ans. The primary private IP address cannot be changed. Secondary
private addresses can be unassigned, assigned, or moved between
interfaces or instances at any point.

Q20. Give one instance where you

would prefer Provisioned IOPS over
Standard RDS storage?
Ans. Provisioned IOPS can be preferred over Standard RDS storage when
we have batch-oriented workloads.

Q21. What are the different types of

cloud services?
Ans. Different types of cloud services are:

 Software as a Service (SaaS)

 Data as a Service (DaaS)
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)
Q22. What is the boot time for an
instance store-backed instance?
Ans. The boot time for an Amazon Instance Store -Backed AMI is less than
5 minutes.

Q23. Will you use encryption for S3?

Ans. Yes, I will, as it is a proprietary technology. It’s always a good idea to
consider encryption for sensitive data on S3.

Q24. What is Identity Access

Management and how is it used?
Ans. It is a web service, which is used to securely control access to AWS
services. Identity Access Management allows you to manage users,
security credentials, and resource permissions.

Q25. Explain the advantages of

AWS’s Disaster Recovery (DR)
solution.
Ans. This is also among the most popular AWS interview questions asked
in an AWS interview.

Following are the advantages of AWS’s Disaster Recovery (DR) solution:

 AWS offers a cost-effective backup, storage, and

DR solution, helping the companies to reduce their
capital expenses
 Fast setup time and greater productivity gains
  AWS helps companies to scale up even during
seasonal fluctuations
 It seamlessly replicates on-premises data to the
cloud
 Ensures fast retrieval of files

Q26. How do you send requests to

Amazon S3?
Ans. We can achieve this by using the REST API or the AWS SDK wrapper
libraries. These elements wrap the underlying Amazon S3 REST API.

Q27. What is DynamoDB?

Ans. DynamoDB is a fully managed proprietary NoSQL database service,
supporting key-value and document data structures. It can be used when
a fast and flexible NoSQL database with a flexible data model and reliable
performance is required.

Q28. What is Redshift?

Ans. Redshift is a petabyte size data warehouse service by Amazon. It is
easy, cost-effective, and scalable, and can be fully configured to analyze
your entire data with the existing business intelligence tools.

Q29. Which data centers are

deployed for cloud computing?
Ans. There are two data centers in cloud computing, one is Containerized
Data centers, and another is Low-Density Data Centers.
Q30. Which AWS services will you use
to collect and process e-commerce
data for near real-time analysis?
Ans. Following are the AWS services that will be used to collect and
process e-commerce data for near real-time analysis:

 Amazon DynamoDB
 Amazon ElastiCache
 Amazon Elastic MapReduce
 Amazon Redshift

Q31. What is SQS?

Ans. Simple Queue Service (SQS) is a distributed message queuing
service that acts as a mediator for two controllers. It is a pay-per-use web
service.

Read More – AWS Solutions Architect – Associate level

examination

Q32. What are the popular DevOps

tools?
Ans. The popular DevOps tools are –

 Chef, Puppet, Ansible, and SaltStack – Deployment

and Configuration Management Tools
 Docker – Containerization Tool
 Git – Version Control System Tool
  Jenkins – Continuous Integration Tool
 Nagios – Continuous Monitoring Tool
 Selenium – Continuous Testing Tool

Q33. What is Hybrid cloud

architecture?
Ans. It is a type of architecture where the workload is divided into two
halves among which one is on public load and the other is on the local
storage. It is a mix of on-premises, private cloud and third-party, and
public cloud services between two platforms.

Q34. What Is Configuration

Management?
Ans. Configuration management is used to manage the configuration of
systems and the services that they provide entirely through code. This is a
repetitive and consistent process that is achieved through –

 Intuitive command-line interface

 A lightweight and easily readable domain-specific
language (DSL)
 Comprehensive REST-based API

Q35. What are the features of

Amazon cloud search?
Ans. Amazon cloud search features:

 AutoComplete advice
 Boolean Searches
 Entire text search
  Faceting term boosting
 Highlighting
 Prefix Searches
 Range searches

Q36. How do you access the data on

EBS in AWS?
Ans. Data cannot be accessible on EBS directly by a graphical interface in
AWS. This process includes assigning the EBS volume to an EC2 instance.
Here, when the volume is connected to any of the instances either it can
be Windows or Unix, you can write or read on it. First, you can take a
screenshot from the volumes with data and build unique volumes with the
help of screenshots. Here, each EBS volume can be attached to only a
single instance.

Q37. What is the difference between

Amazon RDS, Redshift, and Dynamo
DB?
Ans. Differentiate between Amazon RDS, Redshift, and Dynamo DB:

Features Amazon RDS Redshift Dynamo

Primary Conventional Datawarehouse Database

Usage Databases dynamica
Feature modified d

Database MySQL, Oracle DB, Redshift NoSQL

Engine SQL Server, Amazon
Aurora, Postgre SQL
Computing Instances with 64 Nodes with vCPU Not specifi
Resources vCPU and 244 GB and 244 GB RAM SaaS-Soft
RAM a Service.

Multi A-Z Additional Service Manual In-built

Replication
Maintenanc 30 minutes every 30 minutes every No impact
e Window week. week.

Q38. If you hold half of the workload

on the public cloud whereas different
half is on local storage, in such case
what type of architecture can be
used?
Ans. In such cases, the hybrid cloud architecture can be used.

Read More >> AWS vs Google Cloud

Q39. Mention the possible connection

issues you encounter when
connecting to an EC2 instance?
Ans. Following are the possible connection issues you encounter when
connecting to an EC2 instance:

 Server refused key

  Connection timed out
 Host key not found, permission denied.
 Unprotected private key file
 No supported authentication method available

Q40. What are lifecycle hooks in AWS

autoscaling?
Ans. Lifecycle hooks can be added to the autoscaling group. It enables
you to perform custom actions by pausing instances where the
autoscaling group terminates and launches them. Every auto-scaling
group consists of multiple lifecycle hooks.

Q41. What is a Hypervisor?

Ans. A Hypervisor is a type of software used to create and run virtual
machines. It integrates physical hardware resources into a platform which
are distributed virtually to each user. Hypervisor includes Oracle Virtual
Box, Oracle VM for x86, VMware Fusion, VMware Workstation, and Solaris
Zones.

Q42. Explain the use of Route Table.

Ans. Route Table is used to control the network traffic where each
subnetwork of VPC is associated with a routing table. Route table consists
of huge information, whereas connecting multiple subnetworks to a
routing table is also feasible.

Q43. What is the use of Connection

Draining?
Ans. Connection Draining is a process used to support load balancer. It
keeps tracking all of the instances if any instance fails connection draining
drag all the traffic from that specific failed instance and re-route the traffic
to the active instances.

Q44. Explain the role of AWS

CloudTrail?
Ans. AWS CloudTrail is a service designed for monitoring and auditing
actions of API calls. With AWS CloudTrail, the user can monitor and retain
account activity connected with actions covering the AWS infrastructure.

Q45. Explain the use of Amazon

Transfer Acceleration Service?
Ans. Amazon Transfer Acceleration Service is used to boost your data
transfer with the help of advanced network paths. It also transfers files
fast and secures between your client and an S3 bucket.

Q46. How to update AMI tools at the

Boot-Time on Linux?
Ans. To update AMI tools at the Boot-Time on Linux:

# Update to Amazon EC2 AMI tools

echo ” + Updating EC2 AMI tools”

yum update -y aws-amitools-ec2

echo ” + Updated EC2 AMI tools”

Q47. How does Encryption is done in
S3?
Ans. Encryption is done in S3 by using:

 In Transit: SSL/TLS
 At Rest
 Server-Side in Encryption
 S3 Managed Keys – SSE-S3
 AWS Key Management Service, Managed of Keys –
SSE-KMS
 6.Server-Side Encryption with Customer Provided
Keys – SSE-C
 Client-Side Encryptions

Q48. Explain Amazon Route 53?

Ans. Amazon Route 53 is defined as a scalable and highly available
Domain Name System (DNS). It is created for the benefit of developers
and companies to route end users to internet applications by translating
names which is the most reliable and cost-effective process.

Q49. What are the pricing models for

EC2 instances?
Ans. Following are the different pricing model for EC2 instances:

 Dedicated
 Reserved
 On-demand
 Scheduled
 Spot
Q50. What are the parameters for S3
pricing?
Ans. Following are the parameters for S3 pricing:

 Transfer acceleration
 Number of requests you make
 Storage management
 Data transfer
 Storage used

Top 10 Reasons to learn AWS –

Services and Benefits

Q51. What are the best security

practices for Amazon EC2?
Ans. Below are the steps to follow for secure Amazon EC2 best practices:

 Using AWS identity and access management to

manage access to the AWS resource.
 Exclude access by initializing trusted hosts or
networks to access ports on our instance.
 Evaluate the rules in your security groups.
 Stop passport login, for instance, opened from your
AMI

Q52. How do you add a current

instance to a new Autoscaling group?
Ans. Follow the steps to know how you can add an existing instance to a
new auto-scaling group:

 Launch EC2 console

 Under instances select your instance
 Choose the action, instance setting and attach to
the auto-scaling group
 Select a new auto-scaling group
 Comply with this group to the instance
 If needed edit the instance
 In the end, you can add the instance to a new
auto-scaling group successfully.

Q53. Name the different types of

instances.
Ans. Following are the different types of instances:

 Memory-optimized
 Accelerated computing
 Computer-optimized
 General-purpose
 Storage optimize

Q54. Mention the different layers of

cloud architecture.
Ans. Following are the different types of layers in cloud architecture:

 Node controller
 Cloud controller
 Cluster controller
 Storage controller

Q55. What are the edge locations?

Ans. An edge location is defined as the place where the content is used to
be cached. If a user finds to access some content, then the given content
will be searched in the edge location. If it is not available, then the
content will be accessible from the origin location, and a copy will be
stored.

Q56. What are NAT gateways?

Ans. NAT(Network Address Translation) used to enable instances in a
private subnet that helps to connect to the internet but avoid the internet
from starting a connection with those instances.

Q57. Name the database types in

RDS?
Ans. Following are the types of databases in RDS:

 MYSQL server
 Postgresql
 SQL server
 Aurora
 Oracle
 MariaDB

Q58. What are EBS Volumes?

Ans. Elastic Block Store(EBS) is a block-level storage device, wherein
each block acts as a separate hard drive. These volumes are used with
EC2 instances, and each EBS volume can be attached to only one EC2
instance.

Q59. Name the types of backups in

the RDS database.
Ans. Following are two types of backups in the RDS database:

 Automated backups
 Manual backups

Q60. Mention the benefits of auto-

scaling.
Ans. Following are some of the benefits of auto-scaling:

 Better availability
 Better fault tolerance
 Better cost management

Q61. How can Amazon SQS be used?

Ans. Amazon SQS (Simple Queue Service) is a message passing
mechanism used to make a connection between different connectors that
are connected with each other. It is also used as an interlink between
multiple components of Amazon.

Q62. Name some examples of the DB

engine that is used in AWS RDS.
Ans. Below are the few examples of DB engine that is used in AWS RDS:

 MS-SQL DB
 MYSQL DB
 Maria DB
 Oracle DB
 Postgre DB
Q63. Is it possible to minimize an EBS
volume?
Ans. No, it is not possible to minimize volume, we can only increase it.

Q64. Is there any possible way to

restore the deleted S3 bucket?
Ans. We can only restore it when versioning is enabled.

Q65. Name the types of AMI provided

by AWS?
Ans. Following are two types of AMI provided by AWS:

 Instance Store backed

 EBS Backed

Q66. What is auto-scaling?

Ans. Auto-scaling is a feature of AWS which allows you to configure and
automatically provision and spin-up new instances without the need for
your intervention.

Q67. What is SimpleDB?

Ans. SimpleDB is a structured data store that supports indexing and data
queries to both EC2 and S3.
Q68. What is an AMI?
Ans. AMI (Amazon Machine Image) is a snapshot of the root filesystem.

Q69. What is the type of architecture,

where half of the workload is on the
public load while at the same time
half of it is on the local storage?
Ans. Hybrid cloud architecture.

Q70. Can I vertically scale an Amazon

instance? How do you do it?
Ans. Yes. Spinup a new larger instance than the one you are running,
then pause that instance to detach the root EBS volume from this server
and discard. After that, stop the live instance and detach its root volume.
Note the unique device ID and attach that root volume to the new server,
and start again. This way you will have scaled vertically.

Q71. How can you send a request to

Amazon S3?
Ans. You can send requests by using the REST API or the AWS SDK
wrapper libraries that wrap the underlying Amazon S3 REST API.
Q72. How many buckets can be
created in AWS by default?
Ans. By default, 100 buckets can be created in AWS by default.

Q73. Should encryption be used for

S3?
Ans. Encryption should be considered for sensitive data as S3 is a
proprietary technology.

Q74. What are the various AMI design

options?
Ans. Fully Baked AMI, JeOS (just enough operating system) AMI, and
Hybrid AMI.

Why AWS Architect Interview Questions?

The AWS Solution Architect Role: With regards to AWS, a Solution
Architect would design and define AWS architecture for existing systems,
migrating them to cloud architectures as well as developing technical
road-maps for future AWS cloud implementations. So, through this AWS
Architect interview questions article, I will bring you top and frequently
asked AWS interview questions.

The following is the outline of this article:

 Section 1: What is Cloud Computing?

 Section 2: Amazon EC2 Interview Questions
 Section 3: Amazon Storage
 Section 4: AWS VPC
 Section 5: Amazon Database
 Section 6: AWS Auto Scaling, AWS Load Balancer
 Section 7: CloudTrail, Route 53
 Section 8: AWS SQS, AWS SNS, AWS SES, AWS
ElasticBeanstalk
  Section 9: AWS OpsWorks, AWS KMS

Now in every section, we will start with aws basic interview questions, and
then move towards AWS interview questions and answers for
experienced people which are more technically challenging,

AWS Interview Questions And Answers

2021 | AWS Solution Architect Training |
Edureka

In this Edureka AWS Interview Questions video, you will get to know the
questions which you may face in the interview, the concepts explained
here are essential for any Solution Architect in the making.
Section 1: What is Cloud Computing? Can
you talk about and compare any two
popular Cloud Service Providers?
For a detailed discussion on this topic, please refer our Cloud
Computing blog. Following is the comparison between two of the most
popular Cloud Service Providers:

Amazon Web Services Vs Microsoft Azure

Parameters AWS Azure

Initiation 2006 2010
Market Share 4x x
 More Experimentation
Implementation Less Options
Possible
Features Widest Range Of Options Good Range Of Options
App Hosting AWS not as good as Azure Azure Is Better
Development Varied & Great Features Varied & Great Features
IaaS Offerings Good Market Hold Better Offerings than AWS
1. Try this AWS scenario based interview question. I have
some private servers on my premises, also I have
distributed some of my workload on the public cloud, what
is this architecture called?

A. Virtual Private Network

B. Private Cloud
C. Virtual Private Cloud
D. Hybrid Cloud

Answer D.

Explanation: This type of architecture would be a hybrid cloud. Why?

Because we are using both, the public cloud, and your on premises
servers i.e the private cloud. To make this hybrid architecture easy to use,
wouldn’t it be better if your private and public cloud were all on the same
network(virtually). This is established by including your public cloud
servers in a virtual private cloud, and connecting this virtual cloud with
your on premise servers using a VPN(Virtual Private Network).

Section 2: Amazon EC2 Interview Questions

For a detailed discussion on this topic, please refer our EC2 AWS blog.

2. What does the following command do with respect to

the Amazon EC2 security groups?

ec2-create-group CreateSecurityGroup

A. Groups the user created security groups into a new group for easy
access.
B. Creates a new security group for use with your account.
C. Creates a new group inside the security group.
D. Creates a new rule inside the security group.

Answer B.

Explanation: A Security group is just like a firewall, it controls the traffic

in and out of your instance. In AWS terms, the inbound and outbound
traffic. The command mentioned is pretty straight forward, it says create
security group, and does the same. Moving along, once your security
group is created, you can add different rules in it. For example, you have
an RDS instance, to access it, you have to add the public IP address of the
machine from which you want access the instance in its security group.

3. Here is aws scenario based interview question. You

have a video trans-coding application. The videos are
processed according to a queue. If the processing of a
video is interrupted in one instance, it is resumed in
another instance. Currently there is a huge back-log of
videos which needs to be processed, for this you need to
add more instances, but you need these instances only
until your backlog is reduced. Which of these would be an
efficient way to do it?

You should be using an On Demand instance for the same. Why? First of
all, the workload has to be processed now, meaning it is urgent, secondly
you don’t need them once your backlog is cleared, therefore Reserved
Instance is out of the picture, and since the work is urgent, you cannot
stop the work on your instance just because the spot price spiked,
therefore Spot Instances shall also not be used. Hence On-Demand
instances shall be the right choice in this case.

4. You have a distributed application that periodically

processes large volumes of data across multiple Amazon
EC2 Instances. The application is designed to recover
gracefully from Amazon EC2 instance failures. You are
required to accomplish this task in the most cost effective
way.

Which of the following will meet your requirements?

A. Spot Instances
B. Reserved instances
C. Dedicated instances
D. On-Demand instances

Answer: A

Explanation: Since the work we are addressing here is not continuous, a

reserved instance shall be idle at times, same goes with On Demand
instances. Also it does not make sense to launch an On Demand instance
whenever work comes up, since it is expensive. Hence Spot Instances will
be the right fit because of their low rates and no long term commitments.

5. How is stopping and terminating an instance different

from each other?
Starting, stopping and terminating are the three states in an EC2 instance,
let’s discuss them in detail:

 Stopping and Starting an instance: When an instance is stopped,

the instance performs a normal shutdown and then transitions to a
stopped state. All of its Amazon EBS volumes remain attached, and
you can start the instance again at a later time. You are not charged
for additional instance hours while the instance is in a stopped state.
 Terminating an instance: When an instance is terminated, the
instance performs a normal shutdown, then the attached Amazon
EBS volumes are deleted unless the
volume’s deleteOnTermination attribute is set to false. The instance
itself is also deleted, and you can’t start the instance again at a
later time.

6. If I want my instance to run on a single-tenant

hardware, which value do I have to set the instance’s
tenancy attribute to?

A. Dedicated
B. Isolated
C. One
D. Reserved

Answer A.

Explanation: The Instance tenancy attribute should be set to Dedicated

Instance. The rest of the values are invalid.

7. When will you incur costs with an Elastic IP address

(EIP)?

A. When an EIP is allocated.

B. When it is allocated and associated with a running instance.
C. When it is allocated and associated with a stopped instance.
D. Costs are incurred regardless of whether the EIP is associated with a
running instance.

Answer C.

Explanation: You are not charged, if only one Elastic IP address is

attached with your running instance. But you do get charged in the
following conditions:

 When you use more than one Elastic IPs with your instance.
 When your Elastic IP is attached to a stopped instance.
 When your Elastic IP is not attached to any instance.
8. How is a Spot instance different from an On-Demand
instance or Reserved Instance?

First of all, let’s understand that Spot Instance, On-Demand instance and
Reserved Instances are all models for pricing. Moving along, spot
instances provide the ability for customers to purchase compute capacity
with no upfront commitment, at hourly rates usually lower than the On-
Demand rate in each region. Spot instances are just like bidding, the
bidding price is called Spot Price. The Spot Price fluctuates based on
supply and demand for instances, but customers will never pay more than
the maximum price they have specified. If the Spot Price moves higher
than a customer’s maximum price, the customer’s EC2 instance will be
shut down automatically. But the reverse is not true, if the Spot prices
come down again, your EC2 instance will not be launched automatically,
one has to do that manually. In Spot and On demand instance, there is no
commitment for the duration from the user side, however in reserved
instances one has to stick to the time period that he has chosen.

9. Are the Reserved Instances available for Multi-AZ

Deployments?

A. Multi-AZ Deployments are only available for Cluster Compute

instances types
B. Available for all instance types
C. Only available for M3 instance types
D. D. Not Available for Reserved Instances

Answer B.

Explanation: Reserved Instances is a pricing model, which is available for

all instance types in EC2.

10. How to use the processor state control feature

available on the c4.8xlarge instance?

The processor state control consists of 2 states:

 The C state – Sleep state varying from c0 to c6. C6 being the

deepest sleep state for a processor
 The P state – Performance state p0 being the highest and p15 being
the lowest possible frequency.

Now, why the C state and P state. Processors have cores, these cores
need thermal headroom to boost their performance. Now since all the
cores are on the processor the temperature should be kept at an optimal
state so that all the cores can perform at the highest performance.

Now how will these states help in that? If a core is put into sleep state it
will reduce the overall temperature of the processor and hence other
cores can perform better. Now the same can be synchronized with other
cores, so that the processor can boost as many cores it can by timely
putting other cores to sleep, and thus get an overall performance boost.

Concluding, the C and P state can be customized in some EC2 instances

like the c4.8xlarge instance and thus you can customize the processor
according to your workload.

How to do it? You can refer this tutorial for the same.

11. What kind of network performance parameters can

you expect when you launch instances in cluster
placement group?

The network performance depends on the instance type and network

performance specification, if launched in a placement group you can
expect up to

 10 Gbps in a single-flow,
 20 Gbps in multiflow i.e full duplex
 Network traffic outside the placement group will be limited to 5
Gbps(full duplex).

12. To deploy a 4 node cluster of Hadoop in AWS which

instance type can be used?

First let’s understand what actually happens in a Hadoop cluster, the

Hadoop cluster follows a master slave concept. The master machine
processes all the data, slave machines store the data and act as data
nodes. Since all the storage happens at the slave, a higher capacity hard
disk would be recommended and since master does all the processing, a
higher RAM and a much better CPU is required. Therefore, you can select
the configuration of your machine depending on your workload. For e.g. –
In this case c4.8xlarge will be preferred for master machine whereas for
slave machine we can select i2.large instance. If you don’t want to deal
with configuring your instance and installing hadoop cluster manually, you
can straight away launch an Amazon EMR (Elastic Map Reduce) instance
which automatically configures the servers for you. You dump your data to
be processed in S3, EMR picks it from there, processes it, and dumps it
back into S3.

13. Where do you think an AMI fits, when you are

designing an architecture for a solution?

AMIs(Amazon Machine Images) are like templates of virtual machines and

an instance is derived from an AMI. AWS offers pre-baked AMIs which you
can choose while you are launching an instance, some AMIs are not free,
therefore can be bought from the AWS Marketplace. You can also choose
to create your own custom AMI which would help you save space on AWS.
For example if you don’t need a set of software on your installation, you
can customize your AMI to do that. This makes it cost efficient, since you
are removing the unwanted things.

14. How do you choose an Availability Zone?

Let’s understand this through an example, consider there’s a company

which has user base in India as well as in the US.

Let us see how we will choose the region for this use case :

So, with reference to the above figure the regions to choose between are,
Mumbai and North Virginia. Now let us first compare the pricing, you have
hourly prices, which can be converted to your per month figure. Here
North Virginia emerges as a winner. But, pricing cannot be the only
parameter to consider. Performance should also be kept in mind hence,
let’s look at latency as well. Latency basically is the time that a server
takes to respond to your requests i.e the response time. North Virginia
wins again!

So concluding, North Virginia should be chosen for this use case.

15. Is one Elastic IP address enough for every instance

that I have running?

Depends! Every instance comes with its own private and public address.
The private address is associated exclusively with the instance and is
returned to Amazon EC2 only when it is stopped or terminated. Similarly,
the public address is associated exclusively with the instance until it is
stopped or terminated. However, this can be replaced by the Elastic IP
address, which stays with the instance as long as the user doesn’t
manually detach it. But what if you are hosting multiple websites on your
EC2 server, in that case you may require more than one Elastic IP
address.

16. What are the best practices for Security in Amazon

EC2?

There are several best practices to secure Amazon EC2. A few of them are
given below:
  Use AWS Identity and Access Management (IAM) to control access to
your AWS resources.
 Restrict access by only allowing trusted hosts or networks to access
ports on your instance.
 Review the rules in your security groups regularly, and ensure that
you apply the principle of least
 Privilege – only open up permissions that you require.
 Disable password-based logins for instances launched from your
AMI. Passwords can be found or cracked, and are a security risk.

Section 3: Amazon Storage

17. Another scenario based interview question. You need
to configure an Amazon S3 bucket to serve static assets
for your public-facing web application. Which method will
ensure that all objects uploaded to the bucket are set to
public read?

A. Set permissions on the object to public read during upload.

B. Configure the bucket policy to set all objects to public read.
C. Use AWS Identity and Access Management roles to set the bucket to
public read.
D. Amazon S3 objects default to public read, so no action is needed.

Answer B.

Explanation: Rather than making changes to every object, its better to

set the policy for the whole bucket. IAM is used to give more granular
permissions, since this is a website, all objects would be public by default.

18. A customer wants to leverage Amazon Simple Storage

Service (S3) and Amazon Glacier as part of their backup
and archive infrastructure. The customer plans to use
third-party software to support this integration. Which
approach will limit the access of the third party software
to only the Amazon S3 bucket named “company-backup”?

A. A custom bucket policy limited to the Amazon S3 API in three

Amazon Glacier archive “company-backup”
B. A custom bucket policy limited to the Amazon S3 API in “company-
backup”
C. A custom IAM user policy limited to the Amazon S3 API for the
Amazon Glacier archive “company-backup”.
D. A custom IAM user policy limited to the Amazon S3 API in “company-
backup”.

Answer D.
Explanation: Taking queue from the previous questions, this use case
involves more granular permissions, hence IAM would be used here.

AWS Certification Training - Solutions Architect

Explore Curriculum

19. Can S3 be used with EC2 instances, if yes, how?

Yes, it can be used for instances with root devices backed by local
instance storage. By using Amazon S3, developers have access to the
same highly scalable, reliable, fast, inexpensive data storage
infrastructure that Amazon uses to run its own global network of web
sites. In order to execute systems in the Amazon EC2 environment,
developers use the tools provided to load their Amazon Machine Images
(AMIs) into Amazon S3 and to move them between Amazon S3 and
Amazon EC2.

Another use case could be for websites hosted on EC2 to load their static
content from S3.

For a detailed discussion on S3, please refer our S3 AWS blog.

20. A customer implemented AWS Storage Gateway with a

gateway-cached volume at their main office. An event
takes the link between the main and branch office offline.
Which methods will enable the branch office to access
their data?

A. Restore by implementing a lifecycle policy on the Amazon S3

bucket.
B. Make an Amazon Glacier Restore API call to load the files into
another Amazon S3 bucket within four to six hours.
C. Launch a new AWS Storage Gateway instance AMI in Amazon EC2,
and restore from a gateway snapshot.
D. Create an Amazon EBS volume from a gateway snapshot, and
mount it to an Amazon EC2 instance.

Answer C.
Explanation: The fastest way to do it would be launching a new storage
gateway instance. Why? Since time is the key factor which drives every
business, troubleshooting this problem will take more time. Rather than
we can just restore the previous working state of the storage gateway on
a new instance.

21. When you need to move data over long distances

using the internet, for instance across countries or
continents to your Amazon S3 bucket, which method or
service will you use?

A. Amazon Glacier
B. Amazon CloudFront
C. Amazon Transfer Acceleration
D. Amazon Snowball

Answer C.

Explanation: You would not use Snowball, because for now, the snowball
service does not support cross region data transfer, and since, we are
transferring across countries, Snowball cannot be used. Transfer
Acceleration shall be the right choice here as it throttles your data
transfer with the use of optimized network paths and Amazon’s content
delivery network upto 300% compared to normal data transfer speed.

22. How can you speed up data transfer in Snowball?

The data transfer can be increased in the following way:

 By performing multiple copy operations at one time i.e. if the

workstation is powerful enough, you can initiate multiple cp
commands each from different terminals, on the same Snowball
device.
 Copying from multiple workstations to the same snowball.
 Transferring large files or by creating a batch of small file, this will
reduce the encryption overhead.
 Eliminating unnecessary hops i.e. make a setup where the source
machine(s) and the snowball are the only machines active on the
switch being used, this can hugely improve performance.

Section 4: AWS VPC

23. If you want to launch Amazon Elastic Compute Cloud
(EC2) instances and assign each instance a predetermined
private IP address you should:

A. Launch the instance from a private Amazon Machine Image (AMI).

B. Assign a group of sequential Elastic IP address to the instances.
 C. Launch the instances in the Amazon Virtual Private Cloud (VPC).
D. Launch the instances in a Placement Group.

Answer C.

Explanation: The best way of connecting to your cloud resources (for ex-
ec2 instances) from your own data center (for eg- private cloud) is a VPC.
Once you connect your datacenter to the VPC in which your instances are
present, each instance is assigned a private IP address which can be
accessed from your datacenter. Hence, you can access your public cloud
resources, as if they were on your own network.

24. Can I connect my corporate datacenter to the Amazon

Cloud?

Yes, you can do this by establishing a VPN(Virtual Private Network)

connection between your company’s network and your VPC (Virtual
Private Cloud), this will allow you to interact with your EC2 instances as if
they were within your existing network.

25. Is it possible to change the private IP addresses of an

EC2 while it is running/stopped in a VPC?

Primary private IP address is attached with the instance throughout its

lifetime and cannot be changed, however secondary private addresses
can be unassigned, assigned or moved between interfaces or instances at
any point.

26. Why do you make subnets?

A. Because there is a shortage of networks

B. To efficiently utilize networks that have a large no. of hosts.
C. Because there is a shortage of hosts.
D. To efficiently utilize networks that have a small no. of hosts.

Answer B.

Explanation: If there is a network which has a large no. of hosts,

managing all these hosts can be a tedious job. Therefore we divide this
network into subnets (sub-networks) so that managing these hosts
becomes simpler.

27. Which of the following is true?

A. You can attach multiple route tables to a subnet

B. You can attach multiple subnets to a route table
C. Both A and B
D. None of these.
Answer B.

Explanation: Route Tables are used to route network packets, therefore

in a subnet having multiple route tables will lead to confusion as to where
the packet has to go. Therefore, there is only one route table in a subnet,
and since a route table can have any no. of records or information, hence
attaching multiple subnets to a route table is possible.

28. In CloudFront what happens when content is NOT

present at an Edge location and a request is made to it?

A. An Error “404 not found” is returned

B. CloudFront delivers the content directly from the origin server and
stores it in the cache of the edge location
C. The request is kept on hold till content is delivered to the edge
location
D. The request is routed to the next closest edge location

Answer B.

Explanation: CloudFront is a content delivery system, which caches data

to the nearest edge location from the user, to reduce latency. If data is
not present at an edge location, the first time the data may get
transferred from the original server, but from the next time, it will be
served from the cached edge.

29. If I’m using Amazon CloudFront, can I use Direct

Connect to transfer objects from my own data center?

Yes. Amazon CloudFront supports custom origins including origins from

outside of AWS. With AWS Direct Connect, you will be charged with the
respective data transfer rates.

30. If my AWS Direct Connect fails, will I lose my

connectivity?

If a backup AWS Direct connect has been configured, in the event of a

failure it will switch over to the second one. It is recommended to enable
Bidirectional Forwarding Detection (BFD) when configuring your
connections to ensure faster detection and failover. On the other hand, if
you have configured a backup IPsec VPN connection instead, all VPC
traffic will failover to the backup VPN connection automatically. Traffic
to/from public resources such as Amazon S3 will be routed over the
Internet. If you do not have a backup AWS Direct Connect link or a IPsec
VPN link, then Amazon VPC traffic will be dropped in the event of a failure.

Section 5: Amazon Database

31. If I launch a standby RDS instance, will it be in the
same Availability Zone as my primary?

A. Only for Oracle RDS types

B. Yes
C. Only if it is configured at launch
D. No

Answer D.

Explanation: No, since the purpose of having a standby instance is to

avoid an infrastructure failure (if it happens), therefore the standby
instance is stored in a different availability zone, which is a physically
different independent infrastructure.

32. When would I prefer Provisioned IOPS over Standard

RDS storage?

A. If you have batch-oriented workloads

B. If you use production online transaction processing (OLTP)
workloads.
C. If you have workloads that are not sensitive to consistent
performance
D. All of the above

Answer A.

Explanation: Provisioned IOPS deliver high IO rates but on the other

hand it is expensive as well. Batch processing workloads do not require
manual intervention they enable full utilization of systems, therefore
a provisioned IOPS will be preferred for batch oriented workload.

33. How is Amazon RDS, DynamoDB and Redshift

different?

 Amazon RDS is a database management service for relational

databases, it manages patching, upgrading, backing up of data etc.
of databases for you without your intervention. RDS is a Db
management service for structured data only.
 DynamoDB, on the other hand, is a NoSQL database service, NoSQL
deals with unstructured data.
 Redshift, is an entirely different service, it is a data warehouse
product and is used in data analysis.

34. If I am running my DB Instance as a Multi-AZ

deployment, can I use the standby DB Instance for read or
write operations along with primary DB instance?
 A. Yes
B. Only with MySQL based RDS
C. Only for Oracle RDS instances
D. No

Answer D.

Explanation: No, Standby DB instance cannot be used with primary DB

instance in parallel, as the former is solely used for standby purposes, it
cannot be used unless the primary instance goes down.

35. Your company’s branch offices are all over the world,
they use a software with a multi-regional deployment on
AWS, they use MySQL 5.6 for data persistence.

The task is to run an hourly batch process and read data from
every region to compute cross-regional reports which will be
distributed to all the branches. This should be done in the
shortest time possible. How will you build the DB architecture in
order to meet the requirements?

A. For each regional deployment, use RDS MySQL with a master in the
region and a read replica in the HQ region
B. For each regional deployment, use MySQL on EC2 with a master in
the region and send hourly EBS snapshots to the HQ region
C. For each regional deployment, use RDS MySQL with a master in the
region and send hourly RDS snapshots to the HQ region
D. For each regional deployment, use MySQL on EC2 with a master in
the region and use S3 to copy data files hourly to the HQ region

Answer A.

Explanation: For this we will take an RDS instance as a master, because

it will manage our database for us and since we have to read from every
region, we’ll put a read replica of this instance in every region where the
data has to be read from. Option C is not correct since putting a read
replica would be more efficient than putting a snapshot, a read replica can
be promoted if needed to an independent DB instance, but with a Db
snapshot it becomes mandatory to launch a separate DB Instance.

36. Can I run more than one DB instance for Amazon RDS
for free?

Yes. You can run more than one Single-AZ Micro database instance, that
too for free! However, any use exceeding 750 instance hours, across all
Amazon RDS Single-AZ Micro DB instances, across all eligible database
engines and regions, will be billed at standard Amazon RDS prices. For
example: if you run two Single-AZ Micro DB instances for 400 hours each
in a single month, you will accumulate 800 instance hours of usage, of
which 750 hours will be free. You will be billed for the remaining 50 hours
at the standard Amazon RDS price.

For a detailed discussion on this topic, please refer our RDS AWS blog.

37. Which AWS services will you use to collect and process
e-commerce data for near real-time analysis?

A. Amazon ElastiCache
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Elastic MapReduce

Answer B,C.

Explanation: DynamoDB is a fully managed NoSQL database service.

DynamoDB, therefore can be fed any type of unstructured data, which can
be data from e-commerce websites as well, and later, an analysis can be
done on them using Amazon Redshift. We are not using Elastic
MapReduce, since a near real time analyses is needed.

38. Can I retrieve only a specific element of the data, if I

have a nested JSON data in DynamoDB?

Yes. When using the GetItem, BatchGetItem, Query or Scan APIs, you can
define a Projection Expression to determine which attributes should be
retrieved from the table. Those attributes can include scalars, sets, or
elements of a JSON document.

39. A company is deploying a new two-tier web application

in AWS. The company has limited staff and requires high
availability, and the application requires complex queries
and table joins. Which configuration provides the solution
for the company’s requirements?

A. MySQL Installed on two Amazon EC2 Instances in a single

Availability Zone
B. Amazon RDS for MySQL with Multi-AZ
C. Amazon ElastiCache
D. Amazon DynamoDB

Answer D.

Explanation: DynamoDB has the ability to scale more than RDS or any
other relational database service, therefore DynamoDB would be the apt
choice.
40. What happens to my backups and DB Snapshots if I
delete my DB Instance?

When you delete a DB instance, you have an option of creating a final DB

snapshot, if you do that you can restore your database from that
snapshot. RDS retains this user-created DB snapshot along with all other
manually created DB snapshots after the instance is deleted, also
automated backups are deleted and only manually created DB Snapshots
are retained.

41. Which of the following use cases are suitable for

Amazon DynamoDB? Choose 2 answers

A. Managing web sessions.

B. Storing JSON documents.
C. Storing metadata for Amazon S3 objects.
D. Running relational joins and complex updates.

Answer C,D.

Explanation: If all your JSON data have the same fields eg [id,name,age]
then it would be better to store it in a relational database, the metadata
on the other hand is unstructured, also running relational joins or complex
updates would work on DynamoDB as well.

42. How can I load my data to Amazon Redshift from

different data sources like Amazon RDS, Amazon
DynamoDB and Amazon EC2?

You can load the data in the following two ways:

 You can use the COPY command to load data in parallel directly to
Amazon Redshift from Amazon EMR, Amazon DynamoDB, or any
SSH-enabled host.
 AWS Data Pipeline provides a high performance, reliable, fault
tolerant solution to load data from a variety of AWS data sources.
You can use AWS Data Pipeline to specify the data source, desired
data transformations, and then execute a pre-written import script
to load your data into Amazon Redshift.

43. Your application has to retrieve data from your user’s

mobile every 5 minutes and the data is stored in
DynamoDB, later every day at a particular time the data is
extracted into S3 on a per user basis and then your
application is later used to visualize the data to the user.
You are asked to optimize the architecture of the backend
system to lower cost, what would you recommend?
 A. Create a new Amazon DynamoDB (able each day and drop the one
for the previous day after its data is on Amazon S3.
B. Introduce an Amazon SQS queue to buffer writes to the Amazon
DynamoDB table and reduce provisioned write throughput.
C. Introduce Amazon Elasticache to cache reads from the Amazon
DynamoDB table and reduce provisioned read throughput.
D. Write data directly into an Amazon Redshift cluster replacing both
Amazon DynamoDB and Amazon S3.

Answer C.

Explanation: Since our work requires the data to be extracted and

analyzed, to optimize this process a person would use provisioned IO, but
since it is expensive, using a ElastiCache memoryinsread to cache the
results in the memory can reduce the provisioned read throughput and
hence reduce cost without affecting the performance.

44. You are running a website on EC2 instances deployed

across multiple Availability Zones with a Multi-AZ RDS
MySQL Extra Large DB Instance. The site performs a high
number of small reads and writes per second and relies on
an eventual consistency model. After comprehensive tests
you discover that there is read contention on RDS MySQL.
Which are the best approaches to meet these
requirements? (Choose 2 answers)

A. Deploy ElastiCache in-memory cache running in each availability

zone
B. Implement sharding to distribute load to multiple RDS MySQL
instances
C. Increase the RDS MySQL Instance size and Implement provisioned
IOPS
D. Add an RDS MySQL read replica in each availability zone

Answer A,C.

Explanation: Since it does a lot of read writes, provisioned IO may

become expensive. But we need high performance as well, therefore the
data can be cached using ElastiCache which can be used for frequently
reading the data. As for RDS since read contention is happening, the
instance size should be increased and provisioned IO should be introduced
to increase the performance.

Cloud Computing Training

AWS CERTIFICATION TRAINING - SOLUTIONS ARCHITECT

AWS Certification Training - Solutions Architect
Reviews
5(97597)

SALESFORCE CERTIFICATION TRAINING: ADMIN 201 AND APP

BUILDER
Salesforce Certification Training: Admin 201 and App Builder
Reviews
5(15850)

CLOUD ARCHITECT CERTIFICATION TRAINING - GOOGLE CLOUD

Cloud Architect Certification Training - Google Cloud
Reviews
5(8101)

MICROSERVICES CERTIFICATION TRAINING

Microservices Certification Training
Reviews
5(8861)

MICROSOFT AZURE DEVOPS SOLUTIONS CERTIFICATION (AZ-400)

Microsoft Azure DevOps Solutions Certification (AZ-400)
Reviews
5(531)

AWS DEVELOPMENT CERTIFICATION TRAINING

AWS Development Certification Training
Reviews
4(9352)

IOT CERTIFICATION TRAINING ON AZURE

IoT Certification Training on Azure
Reviews
5(8537)

AZ-104 MICROSOFT AZURE ADMINISTRATOR CERTIFICATION

AZ-104 Microsoft Azure Administrator Certification
Reviews
5(5371)

MIGRATING APPLICATIONS TO AWS TRAINING

Migrating Applications to AWS Training
Reviews
5(5187)

Next
45. A startup is running a pilot deployment of around 100
sensors to measure street noise and air quality in urban
areas for 3 months. It was noted that every month around
4GB of sensor data is generated. The company uses a load
balanced auto scaled layer of EC2 instances and a RDS
database with 500 GB standard storage. The pilot was a
success and now they want to deploy at least 100K
sensors which need to be supported by the backend. You
need to store the data for at least 2 years to analyze it.
Which setup of the following would you prefer?

A. Add an SQS queue to the ingestion layer to buffer writes to the RDS
instance
B. Ingest data into a DynamoDB table and move old data to a Redshift
cluster
C. Replace the RDS instance with a 6 node Redshift cluster with 96TB
of storage
D. Keep the current architecture but upgrade RDS storage to 3TB and
10K provisioned IOPS

Answer C.
Explanation: A Redshift cluster would be preferred because it easy to
scale, also the work would be done in parallel through the nodes,
therefore is perfect for a bigger workload like our use case. Since each
month 4 GB of data is generated, therefore in 2 year, it should be around
96 GB. And since the servers will be increased to 100K in number, 96 GB
will approximately become 96TB. Hence option C is the right answer.

Section 6: AWS Auto Scaling, AWS Load

Balancer
46. Suppose you have an application where you have to
render images and also do some general computing. From
the following services which service will best fit your
need?

A. Classic Load Balancer

B. Application Load Balancer
C. Both of them
D. None of these
Answer B.

Explanation: You will choose an application load balancer, since it

supports path based routing, which means it can take decisions based on
the URL, therefore if your task needs image rendering it will route it to a
different instance, and for general computing it will route it to a different
instance.

47. What is the difference between Scalability and

Elasticity?

Scalability is the ability of a system to increase its hardware resources to

handle the increase in demand. It can be done by increasing the hardware
specifications or increasing the processing nodes.

Elasticity is the ability of a system to handle increase in the workload by

adding additional hardware resources when the demand increases(same
as scaling) but also rolling back the scaled resources, when the resources
are no longer needed. This is particularly helpful in Cloud environments,
where a pay per use model is followed.

48. How will you change the instance type for instances
which are running in your application tier and are using
Auto Scaling. Where will you change it from the following
areas?

A. Auto Scaling policy configuration

B. Auto Scaling group
C. Auto Scaling tags configuration
D. Auto Scaling launch configuration

Answer D.

Explanation: Auto scaling tags configuration, is used to attach metadata

to your instances, to change the instance type you have to use auto
scaling launch configuration.

49. You have a content management system running on an

Amazon EC2 instance that is approaching 100% CPU
utilization. Which option will reduce load on the Amazon
EC2 instance?

A. Create a load balancer, and register the Amazon EC2 instance with
it
B. Create a CloudFront distribution, and configure the Amazon EC2
instance as the origin
C. Create an Auto Scaling group from the instance using the
CreateAutoScalingGroup action
 D. Create a launch configuration from the instance using the
CreateLaunchConfigurationAction

Answer A.

Explanation:Creating alone an autoscaling group will not solve the issue,

until you attach a load balancer to it. Once you attach a load balancer to
an autoscaling group, it will efficiently distribute the load among all the
instances. Option B – CloudFront is a CDN, it is a data transfer tool
therefore will not help reduce load on the EC2 instance. Similarly the other
option – Launch configuration is a template for configuration which has no
connection with reducing loads.

50. When should I use a Classic Load Balancer and when

should I use an Application load balancer?

A Classic Load Balancer is ideal for simple load balancing of traffic across
multiple EC2 instances, while an Application Load Balancer is ideal for
microservices or container-based architectures where there is a need to
route traffic to multiple services or load balance across multiple ports on
the same EC2 instance.

For a detailed discussion on Auto Scaling and Load Balancer, please refer
our EC2 AWS blog.

51. What does Connection draining do?

A. Terminates instances which are not in use.

B. Re-routes traffic from instances which are to be updated or
failed a health check.
C. Re-routes traffic from instances which have more workload to
instances which have less workload.
D. Drains all the connections from an instance, with one click.

Answer B.

Explanation: Connection draining is a service under ELB which

constantly monitors the health of the instances. If any instance fails a
health check or if any instance has to be patched with a software update,
it pulls all the traffic from that instance and re routes them to other
instances.

52. When an instance is unhealthy, it is terminated and

replaced with a new one, which of the following services
does that?

A. Sticky Sessions
B. Fault Tolerance
C. Connection Draining
 D. Monitoring

Answer B.

Explanation: When ELB detects that an instance is unhealthy, it starts

routing incoming traffic to other healthy instances in the region. If all the
instances in a region becomes unhealthy, and if you have instances in
some other availability zone/region, your traffic is directed to them. Once
your instances become healthy again, they are re routed back to the
original instances.

53. What are lifecycle hooks used for in AutoScaling?

A. They are used to do health checks on instances

B. They are used to put an additional wait time to a scale in or scale
out event.
C. They are used to shorten the wait time to a scale in or scale out
event
D. None of these

Answer B.

Explanation: Lifecycle hooks are used for putting wait time before any
lifecycle action i.e launching or terminating an instance happens. The
purpose of this wait time, can be anything from extracting log files before
terminating an instance or installing the necessary softwares in an
instance before launching it.

54. A user has setup an Auto Scaling group. Due to some

issue the group has failed to launch a single instance for
more than 24 hours. What will happen to Auto Scaling in
this condition?

A. Auto Scaling will keep trying to launch the instance for 72 hours
B. Auto Scaling will suspend the scaling process
C. Auto Scaling will start an instance in a separate region
D. The Auto Scaling group will be terminated automatically

Answer B.

Explanation: Auto Scaling allows you to suspend and then resume one or
more of the Auto Scaling processes in your Auto Scaling group. This can
be very useful when you want to investigate a configuration problem or
other issue with your web application, and then make changes to your
application, without triggering the Auto Scaling process.

Section 7: CloudTrail, Route 53

55. You have an EC2 Security Group with several running
EC2 instances. You changed the Security Group rules to
allow inbound traffic on a new port and protocol, and then
launched several new instances in the same Security
Group. The new rules apply:

A. Immediately to all instances in the security group.

B. Immediately to the new instances only.
C. Immediately to the new instances, but old instances must be
stopped and restarted before the new rules apply.
D. To all instances, but it may take several minutes for old instances to
see the changes.

Answer A.

Explanation: Any rule specified in an EC2 Security Group applies

immediately to all the instances, irrespective of when they are launched
before or after adding a rule.

56. To create a mirror image of your environment in

another region for disaster recovery, which of the
following AWS resources do not need to be recreated in
the second region? ( Choose 2 answers )

A. Route 53 Record Sets

B. Elastic IP Addresses (EIP)
C. EC2 Key Pairs
D. Launch configurations
E. Security Groups

Answer A.

Explanation: Route 53 record sets are common assets therefore there is

no need to replicate them, since Route 53 is valid across regions

57. A customer wants to capture all client connection

information from his load balancer at an interval of 5
minutes, which of the following options should he choose
for his application?

A. Enable AWS CloudTrail for the loadbalancer.

B. Enable access logs on the load balancer.
C. Install the Amazon CloudWatch Logs agent on the load balancer.
D. Enable Amazon CloudWatch metrics on the load balancer.

Answer A.
Explanation: AWS CloudTrail provides inexpensive logging information
for load balancer and other AWS resources This logging information can
be used for analyses and other administrative work, therefore is perfect
for this use case.

58. A customer wants to track access to their Amazon

Simple Storage Service (S3) buckets and also use this
information for their internal security and access audits.
Which of the following will meet the Customer
requirement?

A. Enable AWS CloudTrail to audit all Amazon S3 bucket access.

B. Enable server access logging for all required Amazon S3 buckets.
C. Enable the Requester Pays option to track access via AWS Billing
D. Enable Amazon S3 event notifications for Put and Post.

Answer A.

Explanation: AWS CloudTrail has been designed for logging and tracking
API calls. Also this service is available for storage, therefore should be
used in this use case.

59. Which of the following are true regarding AWS

CloudTrail? (Choose 2 answers)

A. CloudTrail is enabled globally

B. CloudTrail is enabled on a per-region and service basis
C. Logs can be delivered to a single Amazon S3 bucket for aggregation.
D. CloudTrail is enabled for all available services within a region.

Answer B,C.

Explanation: Cloudtrail is not enabled for all the services and is also not
available for all the regions. Therefore option B is correct, also the logs
can be delivered to your S3 bucket, hence C is also correct.

60. What happens if CloudTrail is turned on for my account

but my Amazon S3 bucket is not configured with the
correct policy?

CloudTrail files are delivered according to S3 bucket policies. If the bucket

is not configured or is misconfigured, CloudTrail might not be able to
deliver the log files.

61. How do I transfer my existing domain name

registration to Amazon Route 53 without disrupting my
existing web traffic?
You will need to get a list of the DNS record data for your domain name
first, it is generally available in the form of a “zone file” that you can get
from your existing DNS provider. Once you receive the DNS record data,
you can use Route 53’s Management Console or simple web-services
interface to create a hosted zone that will store your DNS records for your
domain name and follow its transfer process. It also includes steps such as
updating the nameservers for your domain name to the ones associated
with your hosted zone. For completing the process you have to contact
the registrar with whom you registered your domain name and follow the
transfer process. As soon as your registrar propagates the new name
server delegations, your DNS queries will start to get answered.

Section 8: AWS SQS, AWS SNS, AWS SES,

AWS ElasticBeanstalk
62. Which of the following services you would not use to
deploy an app?

A. Elastic Beanstalk
B. Lambda
C. Opsworks
D. CloudFormation

Answer B.

Explanation: Lambda is used for running server-less applications. It can

be used to deploy functions triggered by events. When we say serverless,
we mean without you worrying about the computing resources running in
the background. It is not designed for creating applications which are
publicly accessed.

63. How does Elastic Beanstalk apply updates?

A. By having a duplicate ready with updates before swapping.

B. By updating on the instance while it is running
C. By taking the instance down in the maintenance window
D. Updates should be installed manually

Answer A.

Explanation: Elastic Beanstalk prepares a duplicate copy of the instance,

before updating the original instance, and routes your traffic to the
duplicate instance, so that, incase your updated application fails, it will
switch back to the original instance, and there will be no downtime
experienced by the users who are using your application.

64. How is AWS Elastic Beanstalk different than AWS

OpsWorks?
AWS Elastic Beanstalk is an application management platform while
OpsWorks is a configuration management platform. BeanStalk is an easy
to use service which is used for deploying and scaling web applications
developed with Java, .Net, PHP, Node.js, Python, Ruby, Go and Docker.
Customers upload their code and Elastic Beanstalk automatically handles
the deployment. The application will be ready to use without any
infrastructure or resource configuration.

In contrast, AWS Opsworks is an integrated configuration management

platform for IT administrators or DevOps engineers who want a high
degree of customization and control over operations.

65. What happens if my application stops responding to

requests in beanstalk?

AWS Beanstalk applications have a system in place for avoiding failures in

the underlying infrastructure. If an Amazon EC2 instance fails for any
reason, Beanstalk will use Auto Scaling to automatically launch a new
instance. Beanstalk can also detect if your application is not responding
on the custom link, even though the infrastructure appears healthy, it will
be logged as an environmental event( e.g a bad version was deployed) so
you can take an appropriate action.

For a detailed discussion on this topic, please refer Lambda AWS blog.

Section 9: AWS OpsWorks, AWS KMS

66. How is AWS OpsWorks different than AWS
CloudFormation?

OpsWorks and CloudFormation both support application modelling,

deployment, configuration, management and related activities. Both
support a wide variety of architectural patterns, from simple web
applications to highly complex applications. AWS OpsWorks and AWS
CloudFormation differ in abstraction level and areas of focus.

AWS CloudFormation is a building block service which enables customer

to manage almost any AWS resource via JSON-based domain specific
language. It provides foundational capabilities for the full breadth of AWS,
without prescribing a particular model for development and operations.
Customers define templates and use them to provision and manage AWS
resources, operating systems and application code.
AWS Certification Training - Solutions Architect

Weekday / Weekend BatchesSee Batch Details

In contrast, AWS OpsWorks is a higher level service that focuses on

providing highly productive and reliable DevOps experiences for IT
administrators and ops-minded developers. To do this, AWS OpsWorks
employs a configuration management model based on concepts such as
stacks and layers, and provides integrated experiences for key activities
like deployment, monitoring, auto-scaling, and automation. Compared to
AWS CloudFormation, AWS OpsWorks supports a narrower range of
application-oriented AWS resource types including Amazon EC2 instances,
Amazon EBS volumes, Elastic IPs, and Amazon CloudWatch metrics.

67. I created a key in Oregon region to encrypt my data in

North Virginia region for security purposes. I added two
users to the key and an external AWS account. I wanted to
encrypt an object in S3, so when I tried, the key that I just
created was not listed. What could be the reason?

A. External aws accounts are not supported.

B. AWS S3 cannot be integrated KMS.
C. The Key should be in the same region.
D. New keys take some time to reflect in the list.

Answer C.

Explanation: The key created and the data to be encrypted should be in

the same region. Hence the approach taken here to secure the data is
incorrect.

68. A company needs to monitor the read and write IOPS

for their AWS MySQL RDS instance and send real-time
alerts to their operations team. Which AWS services can
accomplish this?

A. Amazon Simple Email Service

B. Amazon CloudWatch
C. Amazon Simple Queue Service
D. Amazon Route 53
Answer B.

Explanation: Amazon CloudWatch is a cloud monitoring tool and hence

this is the right service for the mentioned use case. The other options
listed here are used for other purposes for example route 53 is used for
DNS services, therefore CloudWatch will be the apt choice.

69. What happens when one of the resources in a stack

cannot be created successfully in AWS OpsWorks?

When an event like this occurs, the “automatic rollback on error” feature
is enabled, which causes all the AWS resources which were created
successfully till the point where the error occurred to be deleted. This is
helpful since it does not leave behind any erroneous data, it ensures the
fact that stacks are either created fully or not created at all. It is useful in
events where you may accidentally exceed your limit of the no. of Elastic
IP addresses or maybe you may not have access to an EC2 AMI that you
are trying to run etc.

70. What automation tools can you use to spinup servers?

Any of the following tools can be used:

 Roll-your-own scripts, and use the AWS API tools. Such scripts could
be written in bash, perl or other language of your choice.
 Use a configuration management and provisioning tool like puppet
or its successor Opscode Chef. You can also use a tool like Scalr.
 Use a managed solution such as Rightscale.

AWS Architect Interview Questions and Answers

Q1): How terminating and stopping an instance are different processes?

Ans: Instance performs a regular shut down when it is stopped. It then performs transactions. As
the entire EBS volumes remain present, it is possible to start the instance anytime again when
you want. The best thing is when the instance remains in the stopped state, users don’t need to
pay for that particular time.

Upon termination, the instance performs a regular shutdown. After this, the Amazon EBS
volumes start deleting. You can stop them from deleting simply by setting the “Delete on
Termination” to false. Because the instance gets deleted, it is not possible to run it again in the
future.

Q2): At what value the instance’s tenancy attribute is to be set for running it on single-tenant
hardware?
Ans: It should be set to the Dedicated Instance for smoothly running it on single-tenant
hardware. Other values are not valid for this operation.

Q3): When there is a need to acquire costs with an EIP?

Ans: EIP stands for Elastic Internet Protocol address. Costs are acquired with an EIP when the
same is associated and allocated with a stopped instance. In case only one Elastic IP is there
with the instance you are running, you will not be charged for it. However, in case the IP is
attached to a stopped instance or doesn’t attach to any instance, you need to pay for it.

Q4): What is the difference between an On-demand instance and a Spot Instance?

Ans: Spot instance is similar to bidding and the price of bidding is known as the Spot price. Both
Spot and on-demand instances are pricing models. In both of them, there is no commitment to
the exact time from the user end. Without upfront payment, Spot instance can be used while the
same is not possible in the case of an On-demand instance. It needs to be purchased first and
the price is higher than the spot instance.

Q5): Name the Instances types for which the Multi AZ-deployments are available

Ans: The Multi-AZ deployments are simply available for all the instances irrespective of their
types and use.

Watch this video on “Top 10 Highest Paying IT Jobs in 2021” and know how to get into these job
roles.

<iframe width="560" height="315" src="https://www.youtube.com/embed/G-vSRFhkeeU"

frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope;
picture-in-picture" allowfullscreen></iframe>

Q6): When Instances are launched in the cluster placement group, what are the network
performance parameters that can be expected?

Ans: Actually, it depends largely on the type of Instance, as well as on the specification of
network performance. In case they are started in the placement group, you can expect the
following parameters
  20 Gbps in case of full-duplex or when in multi-flow

 Up to 10 Gbps in case of a single-flow

 Outside the group, the traffic is limited to 5 Gbps.

Q7): Which Instance can be used for deploying a 4-node cluster of Hadoop in Amazon Web
Services?

Ans: It is possible to use i2.large or c4.8x large Instance for this. However, c.4bx needs a better
configuration on the PC. At some stages, you can simply launch the EMR for the automatic
configuration of the server for you. Data can be put into S3 and EMR is able to pick it from there.
It will load your data in S3 again after processing it.

[ Related Article: Amazon S3 Tutorial ]

Q8): What do you know about an AMI?

Ans: AMI is generally considered as the template for virtual machines. While starting an
instance, it is possible to select pre-baked AMI’s that AMI commonly has in them. However, not
all AMIs are available to use free of cost. It is also possible to have a customized AMI and the
most common reason to use the same is nothing but saving the space on Amazon Web Service.
This is done in case a group of software is not required and AMI can simply be customized in
that situation.

Q9): Tell us various parameters that you should consider while selecting the Availability
Zone?

Ans: For this, there are various parameters that should be kept in mind. Some of them are
performance, pricing, latency, as well as response time.

Q10): What do you know about the private and the public address?

Ans: Well, the private address is directly correlated with the Instance and is sent back
to EC2 only in case it is terminated or stopped. On the other side, the public address is
correlated in a similar manner with the Instance until it is terminated or stopped. It is possible to
replace the public address with Elastic IP. This is done when a user wants it to stay with Instance
as per the need.

Q11): Is it possible to run multiple websites on the EC2 server with one Elastic IP address?
Ans: No, it’s not possible. We need more than one elastic IP in such a case.

Q12): Name the practices available when it comes to securing the Amazon EC2?

Ans: This can be done through several practices. A review of the protocols in the security group
is to be monitored regularly and it is to be ensured that the principle of least is applicable over
there. The next practice is using access management and AWS identity for controlling and
securing access. Access is to be restricted to hosts and networks that are trusted. In addition to
this, only those permissions are opened which are required and not any other. It would also be
good to disable password-based logins for the instances.

Q13): What are the states available in Processor State Control?

Ans: It contains two states and they are:

 P-state- It has different levels starting from P0 to P15. P0 represents the highest
frequency and P15 represents the lowest frequency.

 C-State- Its levels are from C0 to C6 where C6 is the strongest state for the
processor.

It is possible to customize these states in a few EC2 instances which enable users to customize
the processor as per need.

Q14): Name the approach that restricts the access of third-party software in Storage Service
to S3 bucket named “Company Backup”?

Ans: There is a policy named custom IAM user policy that limits the S3 API in the bucket

Q15): It is possible to use S3 with EC2 instances. How?

Ans: Yes, it’s possible if the instances are having root devices and they are supported by the
instance storage. Amazon uses one of the very reliable, scalable, fast, as well as inexpensive
networks for hosting all their websites. With the help of S3, it is possible for the developers to get
access to the same network. There are tools available in AMI’s that users can consider when it
comes to executing systems in EC2. The files can simply be moved between EC2 and S3.

[ Related Article: AWS Interview Questions and Answers for Beginners ]

Q16): Is it possible to speed up data transfer in Snowball? How?

Ans: Yes, it’s possible. There are certain methods for this. First is simply copying from different
hosts to the same Snowball. Another method is by creating a group of smaller files. This is
helpful as it cut down the encryption issues. Data transfer can also be enhanced by simply copy
operations again and again at the same time provided the workstation is capable to bear the
load.

Q17): Name the method that you will use for moving the data to a very long distance?

Ans: Amazon Transfer Acceleration is a good option. There are other options such as Snowball
but the same doesn’t support data transfer over a very long distance such as among continents.
Amazon Transfer Acceleration is the best option because it simply throttles the data with the help
of network channels that are optimized and assures very fast data transfer speed.

Q18): What will happen if you launch the instances in Amazon VPC?

Ans: This is a common approach that is considered when it comes to launching EC2 instances.
Each instance will be having a default IP address if the instances are launched in Amazon VPC.
This approach is also considered when you need to connect cloud resources with the data
centers.

Q19): Is it possible to establish a connection between the Amazon cloud and a corporate data
center? How?

Ans: Yes, it’s possible. For this, first, a Virtual Private Network is to be established between the
Virtual private cloud and the organization’s network. After this, the connection can simply be
created and data can be accessed reliably.

Q20): Why is it not possible to change or modify the private IP address of an EC2 instance
when it is running?

Ans: This is because the private IP remains with the instance permanently or through the life
cycle. Thus it cannot be changed or modified. However, it is possible to change the secondary
private address.

Q21): Why are subnets required to be created?

Ans: They are needed to utilize the network with a large number of hosts in a reliable manner. Of
course, it’s a daunting task to manage them all. By dividing the network into smaller subnets, it
can be made simpler and the chances of errors or data loss can be eliminated up to an excellent
extent.

[ Related Article: AWS Tutorial Blogs ]

Q22): Is it possible to attach multiple subnets to a routing table?

Ans: Yes, it’s possible. They are generally considered when it comes to routing the network
packets. Actually, when a subnet has several route tables, it can create confusion about the
destination of these packets. It is because of no other reason than this there should be only one
route table in a subnet. The route table can have unlimited records and therefore it is possible to
attach multiple subnets to a routing table.

Q23): What happens if the AWS Direct Connect fails to perform its function?

Ans: It is recommended to backup the Direct Connect as in case of a power failure you can lose
everything. Enabling BFD i.e. Bi-directional Forwarding Detection can avoid the issues. In case
no backup is there, VPC traffic would be dropped and you need to start everything from the initial
point again.

Q24): What will happen if the content is absent in CloudFront and a request is made?

Ans: CloudFront sent the content from the primary server directly to the cache memory of the
edge location. As it’s a content delivery system, it tries to cut down the latency and that is why it
will happen. If the operation is performed for the second time, the data would directly be served
from the cache location.

Q25): Is it possible to use direct connect for transferring the objects from the data centers?

Ans: Yes, it is possible. Cloud Front simply supports custom origins and thus this task can be
performed. However, you need to pay for it depending on the data transfer rates.

Q26): When there is a need to consider Provisional IOPS than Standard RDS storage in
AWS?
Ans: In case you have hosts that are batch-oriented, there is a need for the same. The reason is
provisional IOPs are known to provide faster IO rates. However, they are a bit expensive when
compared to other options. Hosts with batch processing don’t need manual intervention from the
users. It is because of this reason provisional IOPs are preferred.

Q27): Compare RDS, Redshift, and DynamoDB?

Ans: RDS is basically a DBM service that is considered for relational databases. It is useful for
upgrading and patching data automatically. However, it works for structured data only. On the
other side, Redshift is used in Data analysis. It is basically a data warehouse service. When it
comes to DynamoDB, it is considered when there is a need to deal with unstructured data. RDS
is quick as compared to both Redshift and DynamoDB. All of them are powerful enough to
perform their tasks without errors.

Q28): Is it possible to run multiple DB for Amazon RDS free of cost?

Ans: Yes, it’s possible. However, there is a strict upper limit of 750 hours of usage post which
everything will be billed as per RDS prices. In case you exceed the limit, you will be charged only
for the extra hours beyond 750.

Q29): Name the services which can be used for collecting and processing e-commerce data?

Ans: Amazon Redshift and Amazon DynamoDB are the best options. Generally, data from e-
commerce websites are in unstructured manner. As both of them are useful for unstructured
data, we can use them.

Q30): What is the significance of Connection Draining?

Ans: There are certain stages when the traffic needs to be re-verified for bugs unwanted files
that raise security concerns. Connection draining helps in re-routing the traffic that comes from
the Instances and which is in a queue to be updated.

Best AWS Interview Questions & Answers for Job

Placements
Besant Technologies supports the students by providing AWS interview questions
and answers for the job placements and job purposes. AWS is the leading important
course in the present situation because more job openings and the high salary pay
for this Amazon Web Services and more related jobs. We provide the AWS online
training also for all students around the world through the Gangboard medium.
These are top AWS interview questions and answers, prepared by our institute
experienced trainers.
Here are the list of most frequently asked Amazon Web Services Interview Questions
and Answers in technical interviews. These questions and answers are suitable for
both freshers and experienced professionals at any level. The questions are for
intermediate to somewhat advanced AWS professionals, but even if you are just a
beginner or fresher you should be able to understand the answers and explanations
here we give.
Q1: List the components required to build Amazon VPC?

Ans: Subnet, Internet Gateway, NAT Gateway, HW VPN Connection, Virtual Private
Gateway, Customer Gateway, Router, Peering Connection, VPC Endpoint for S3,
Egress-only Internet Gateway.

Q2: How do you safeguard your EC2 instances running in a VPC?

Q3: In a VPC how many EC2 instances can you use?

Q4: Can you establish a peering connection to a VPC in a different REGION?

Q5: Can you connect your VPC with a VPC owned by another AWS account?

Q6: What are all the different connectivity options available for your VPC?

Q7: Can a EC2 instance inside your VPC connect with the EC2 instance belonging to other
VPCs?

Q8: How can you monitor network traffic in your VPC?

Q9: Difference between Security Groups and ACLs in a VPC?

Q10: Hon an EC2 instance in a VPC establish the connection with the internet?

Q11: Different types of Cloud Computing as per services?

Q12: What is Auto Scaling?

Q13: What is AMI?

Q14: Difference between Stopping and Terminating the Instances?

Q15: When you launch a standby Relational Database Service instance will it be available
in the same Available Zone?

Q16: Difference between Amazon RDS, DynamoDB and Redshift?

Q17: What are Lifecycle Hooks?

Q18: What is S3?

Q19: What is AWS Lambada?

Q20: In S3 how many buckets can be created?

Q21: What is CloudFront?

Q22: Brief about S3 service in AWS?

Q23: Explain Regions and Available Zones in EC2?

Q24: What are the two types of Load Balancer?

Q25: Can a AMI be shared?

Q26: What is a Hypervisor?

Q27: Key Pair and its uses?

Q28: What is the feature of ClassicLink?

Q29: Can you edit a Route Table in VPC?

Q30: How many Elastic IPs can you create?

Q31: Can you ping the router or default gateway that connects your subnets?

Q32: How will you monitor the network traffic in a VPC?

Q33: Can you make a VPC available in multiple Available Zones?

Q34: How do you ensure an EC2 instance is launched in a particular Available Zone?

Q35: For Internet Gateways do you find any Bandwidth constraints?

Q36: What is the significance of a Default VPC?

Q37: Can you make use of default EBS Snapshots?

Q38: What will happen when you delete a PEERING CONNECTION in your side?

Q39: Can you establish a Peering connection to a VPC in a different region?

Q40: Can you connect your VPC with a VPC created by another AWS account?

Q41: When you delete your DB instance what will happen to your backups and DB
snapshots?

Q42: What is the significance of an Elastic IP?

Q43: How will you use S3 with your EC2 instances?

Q44: Is this possible to connect your company datacenter to Amazon Cloud?

Q45: Can you change the Private IP of an EC2 instance while it is running or stopped?

Q46: What is the use of Subnets?

Q47: What is the use of Route Table?

Q48: Can you use the Standby DB instance for read and write along with your Primary DB
instance?

Q49: What is the use of Connection Draining?

Q50: What is the role of AWS CloudTrail?

Q51: What is the use of Amazon Transfer Acceleration Service?

Q52: What is the name of AWS CEO or Chief?

Q53: EC2 officially launch in …..

Q54: S3 Launched officially lunched in …..

Q55: You cannot store unlimited data in Amazon Web Services…..

A. True
B. False

Q56: Rapid provisioning allows you to very quickly spin up a new virtual machine with
minimal effort. True or false ?

Q57: A hybrid setup is one in which part of your resources are AWS and the rest are with
another cloud provider. True or False ?

Q58: As an added layer of security for AWS management, which of the following should
be you do ?

Create multiple Admin accounts

Generate a new security key each time you log in
Create IAM users

Q59: Is AMI template ?

A.True
B. False

Q60: EC2 Instances are Virtual Server in AWS

A.True
B. False

Q61: What does “elastic” refer to in Elastic Compute Cloud(EC2)? Select all that apply...

A.Increasing and decreasing capacity as needed

B.Monitoring services on multiple devices
C. Operating on Mac, Windows and Linux
D. Paying only for running virtual machines
E. Stretching applications across virtual machines
Q62: You can upload a custom configuration virtual image and sell it on the AWS
Marketplace. True or false?

A. True
B. False

Q63: EC2 Machine types define which of the following ?

A. AWS Region
B. Core Count
C. User Location

Q64: Which is default instance type

A. On-demand
B. RI
C. Spot instance

Q65: What is Elastic Computing ?

A. Data will be replicate to different AZs

B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Q66: You can upload a custom configuration virtual image and sell it on the AWS
Marketplace. True or false ?

A. True
B. False

Q67: EC2 Machine types define which of the following?

A. AWS Region
B. Core Count
C. User Location

Q68: Which is default instance type

A. On-demand
B. RI
C. Spot instance

Q69: What is Elastic Computing?

A. Data will be replicate to different AZs

B. You can spin up and spin down VMs
C. Automatically VMs will be add and remove

Q70: Can We launch multiple instances with the same AMI?

A. True
B. False

Q71: PEM file is one time physical password…

A. True
B. False

Q72: Windows user required PPK file to connect Linux instance hosted on AWS.

True
False

Q73: You can purchase time on EC2 directly from other users and specify the price you
want to pay. True or false?

A. True
B. False

Q74: Which of the following might prevent your EC2 instance from appearing in the list of
instances?

Q75: Which of the following main reason to terminate an unused EC2 instance?

A. Security Concerns
B. Additional fees
C. Data Loss

Q76: Which AWS service exists only to redundantly cache data and images?

A. AWS Availability Zones

B. AWS Edge Locations
C. AWS Regions

Q77: Regions, AZs and Edge Locations all terms are the same…

A. True
B. False

Q78: AWS every service is available at every regions….

A. True
B. False

Q79: Premium support is Available in AWS for Developer, Business & Enterprise level?

A. True
B. False

Q80: Can you add new Debit/Credit card in your AWS Account?
A. True
B. False

Q81: Can you increase micro to large of instance?

A. True
B. False

Q82: On-demand instances is based on a bid mechanism.

A. True
B. False

Q83: RI can be sold on the AWS marketplace?

A. True
B. False

Q84: Which is default types options in AWS?

A. On-demand
B. RI
C. Spot instance

Q85: What are On-demand, RI and Spot instances ? Which instance is best on
Production?

A. On-demand
B. RI
C. Depends on Application or Website

Q86: Which is most expensive options in instance?

A. On-demand
B. RI
C. Spot instance

Q87: Amazon S3 is internet accessible storage via HTTP /HTTPS

A. True
B. False

Q88: Amazon S3 is not a object level of storage

A. True
B. False

Q89: Amazon S3 is storage for the Internet

A. True
B. False

Q90: Temporary storage access speed is not guaranteed.

A. True
B. False

Q91: There is 99.99% SLA(Service Level Agreement) for temporary storage.

A. True
B. False

Q92: Ephemeral storage is block-level storage?

A. True
B. False

Q93: Single object size is up to 5 TB in Amazon S3.

A. True
B. False

Q94: You can create unlimited bucket size in Amazon S3.

A. True
B. False

Q95: By default, Instance-Backed and EBS-Backed root volumes delete all data. However,
when using EBS-Backed storage, you can configure it to save the data on the root
volume. True or false?

A. True
B. False

Q96: You can switch from an Instance-Backed to an EBS-Backed root volume at any time.
True or False?

A. True
B. False

Q97: When using an EBS-Backed machine, you can override the terminate option and
save the root volume. True or False?

A. True
B. False

Q98: Which of the following is a service of AWS Simple Storage Service(S3)? Select all
that apply.

A. Database Indexing
B. File searching
C. Secure Hosting
D. Storage Scaling

Q99: What’s the difference between instance store and EBS?

Q100: BS can be attached to any running instance that is in the same Availability Zone?

A. True
B. False

Q101: EBS is internet accessible

A. True
B. False

Q102: EBS has persistent file system for EC2

A. True
B. False

Q103: EBS supports incremental snapshots

A. True
B. False

Q104: Amazon Glacier enables customers to offload the administrative burdens of

operating and scaling storage to AWS.

True
False

Q105: Amazon Glacier is a great storage choice when low storage cost is paramount.

A. True
B. False

Q106: Data is rarely retrieved, and retrieval latency of several hours is acceptable in
Glacier

A. True
B. False

Q107: Glacier is basically for data archival

True
False

Q108: It is very cheap storage

A. True
B. False

Q109: Glacier has very, very slow retrieval times

A. True
B. False

Q110: By Default, Instance-Backed and EBS-Backed root volumes delete all data.
However, when using EBS-Backed storage, you can configure it to save the data on the
root volume.

True
False

Q111: You can switch from an Instance-Backed to an EBS-Backed root volume at any
time.

A. True
B. False

Q112: When using an EBS-Backed machine, you can override the terminate option and
save the root volume.

A. True
B. False

Q113: VPC is Private, Isolated, Virtual Network

A. True
B. False

Q114: VPC would be logically isolated network in AWS cloud

A. True
B. False

Q115: VPC is also give control of network architecture

A. True
B. False

Q116: VPC is also going to enhanced security

A. True
B. False

Q117: VPC has ability to interwork with other organizations

A. True
B. False

Q118: VPC does not enable hybrid cloud(site-to-site VPN)

A. True
B. False

Q119: Route Table is a set of Rules tells the direction of network

A. True
B. False

Q120: Security Group is a subnet level of security

A. True
B. False

Q121: NACLs(Network Access Lists) is a resource level of security

A. True
B. False

Q122: Any default stack is available in Cloud Formation?

Q123: What is the difference between Stack and Template in Cloud Formation?

Q124: We can create multiple server for same stack?

Q125: Can you explain the term SQS is pull based, not pushed base.

Q126: How many Elastic IP addresses can be associated with a single account?

Q127: What is the name to the additional network interfaces that can be created and
attached to any Amazon EC2 instance in your VPC?

Q128: You have configured ELB with three instances connected to that. If your instances
are unhealthy or terminated, the traffic should be automatically replaced to another
instance, what type of service can be used to achieve this requirement?

Q129: After configuring ELB, you need to ensure that the user requests are always
attached to a single instance. What setting can you use?
A. Session cookie
B. Cross one load balancing
C. Connection drainage
D. Sticky session

Q130: Which of the following metrics cannot have a cloud watch alarm?

A. EC2 instance status check failed

B. EC2 CPU utilization
C. RRS lost object
D. Auto scaling group CPU utilization

Q131: Which of the below mentioned service is provided by Cloud watch?

A. Monitor estimated AWS usage

B. Monitor EC2 log files
C. Monitor S3 storage
D. Monitor AWS calls using Cloud trail

Q132: A user has Launched an EC2 instance which of the below mentioned statements is
not true respect to instance addressing?

A. The private IP addresses are not reachable from the internet

B. The user can communicate using the private IP across regions
C. The private IP address and pubic IP address for an instance are directly mapped to
each other using NAT
D. The private IP address for the instance is assigned using DHCP

Q133: Which of the following service provides the edge – storage or content delivery
system that caches data at different locations?

A. Amazon RDS
B. Simple DB
C. Amazon Cloud Front
D. Amazon associates web services

Q134: A user is launching an instance under the free usage tier from the AMI with a
snapshot size of 50 GB. How can the user launch the instance under the free usage tier?

A. Launch a micro instance

B. Launch a micro instance, but in the EBS configuration modify the size of EBS to 50
GB.
C. Launch a micro instance, but do not store the data of more than 30 GB on the EBS
storage.
D. It is not possible to have this instance under the free usage tier
Q135: What are the possible connection issues you can face while connecting to your
instance?

A. Connection timed out

B. Server refused our key
C. No supported authentication methods available
D. All of the above

Q136: You are enabled sticky session with ELB. What does it do with your instance?

A. Routes all the requests to a single DNS

B. Binds the user session with a specific instance
C. Binds the user IP with a specific session
D. Provides a single ELB DNS for each IP address

Q137: Which is a main email platform that provides an easy, cost effective way for you to
send compliance and receive a response using your own email address and domains?

A. SES
B. SNS
C. SQS
D. SAS

Q138: Which type of load balancer makes routing decisions at either the transport layer
or the application layer and supports either EC2 or VPC.

A. Application Load Balancer

B. Classic Load Balancer
C. Primary Load Balancer
D. Secondary Load Balancer

Q139: AWS Cloud Front has been configured to handle the customer requests to the web
server launched in Linux machine. How many requests per second can Amazon Cloud
Front handle?

A. 1000
B. 100
C. 10000
D. There is no such limit

Q140: You are going to launched one instance with security group. While configuring
security group, what are the things you have to select?

A. Protocol and type

B. Port
C. Source
D. All of the above
Q141: Which is virtual network interface that you can attach to an instance in a VPC?

A. Elastic IP
B. AWS Elastic Interface
C. Elastic Network Interface
D. AWS Network ACL

Q142: You have launched a Linux instance in AWS EC2. While configuring security group,
you have selected SSH, HTTP, HTTPS protocol. Why do we need to select SSH?

A. To verity that there is a rule that allows traffic from your computer to port 22
B. To verify that there is a rule that allows traffic from EC2 Instance to your computer
C. Allows web traffic from instance to your computer
D. Allows web traffic from your computer to EC2 instance

Q143: You need to quickly set up an email service because a client needs to start using it
in the next hour. Amazon service seems to be the logical choice but there are several
options available to set it up. Which of the following options to set up AWS service would
best meet the needs of the client?

A. Amazon SES console

B. AWS Cloud Formation
C. SMTP interface
D. AWS Elastic Beanstalk

Q144: You have chosen a windows instance with Classic and you want to make some
change to the security group. How will these changes be effective?

A. Security group rules cannot be changed

B. Changes are automatically applied to windows instances
C. Changes will be effective after rebooting the instance in that security group
D. Changes will be effective after 24-hours

Q145: Load Balancer and DNS service comes under which type of cloud service?

A. IAAS-Network
B. IAAS-Computational
C. IAAS-Storage
D. None of the above

Q146: You have an EC2 instance that has an unencrypted volume. You want to create
another encrypted volume from this unencrypted volume. Which of the following steps
can achieve this?
Q147: Where does the user specify the maximum number of instances with the auto
scaling commands?

A. Auto scaling Launch Config

B. Auto scaling group
C. Auto scaling policy
D. Auto scaling size

Q148: A user is identify that a huge data download is occurring on his instance he has
already set the auto scaling policy to increase the instance count when the network Input
Output increase beyond a threshold limits how can the user ensure that this temporary
event does not result in scaling The network I/O are not affecting during data download

A. The policy cannot be set on the network I/O

B. There is no way the can stop scaling as it already configured
C. Suspend scaling

Q149: Which are the types of AMI provided by AWS? EBS Backed
A. Instance Store backed
B. None its volume type and not AMI types
C. Both A and B

Q150: What is the significance of forming Subnets?

A. Because, not enough hosts

B. To manage small number of hosts
C. To utilize the Volume available across different subnets
D. Smartly utilize network that have large number of hosts

Q151: If you want to launch your instance on a single-tenancy platform, which option you
would select against Instance Tenancy Attribute parameter?

A. One to one
B. Sole Owner
C. Dedicated
D. Reserved

Q152 _____________ is a fully managed Data Warehouse service from AWS?

A. Amazon Redshift
B. Amazon Neptune
C. Amazon Aurora
D. Amazon DynamoDB

Q153: Which of the following statements are applicable to AWS Elastic File System(EFS)?

A. EFS provides simple, scalable file storage for use with Amazon EC2
B. EFS with MS-Windows based EC2 instances is not supported
C. EFS supports the Network File System version 4 protocol
D. All of the above

Q154: What is the role of Connection Draining?

A. Helps to launch an EC2 instance

B. Automatically terminates instances which are not in use
C. Establishes connection between EC2 and RDS instances
D. Auto Scaling wait for outstanding requests to complete before terminating
instances when CD is enabled

Q155: What is the use of Lambda?

A. Lambda is used for running server-less applications

B. It is a testing tool from AWS
C. It is a database service from AWS
D. It is an Anti Virus software from AWS

Q156: What is Application Load Balancing?

A. It is a feature of Elastic Load Balancing

B. Use to distribute traffic to different Target Groups
C. It is a service generating Elastic IPs for AWS customers
D. It is a kind of Firewall

Q157: What are the uses of Elastic Beanstalk?

A. Quickly deploy and manage applications in the AWS Cloud

B. Supports Java, .NET, Node.js, PHP, Python applications
C. It is an Application Server from AWS
D. Use to deploy only Java-Beans applications

Q158: Can you connect your company’s datacenter to the Amazon Cloud network?

A. Not possible
B. You can connect thru a Dedicated N/W line
C. By establishing a Virtual Private Network (VPN) between your datacenter and VPC
D. Connect with a hotline

Q159: You have commissioned PRIVATE servers in your premises. You also distributed
some of your workloads with the PUBLIC cloud. What type of architecture is this?

A. Virtual Private Cloud

B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
Q160: DynamoDB _______________________. Which one of the following is true regarding
DynamoDB?

A. Manages Notification Service

B. Stores Metadata
C. Manages Queue Service
D. None of the above

Q161: What are the significances of AWS CloudTrail?

A. Takes care of Message Queuing Service

B. It enables governance, compliance, operational auditing and risk auditing of your
AWS account.
C. Used as a database service
D. It provides an event history of your AWS account activities

Q162: Which one is a global Content Delivery Network service that securely delivers
data, videos, applications, and APIs to your viewers with low latency and high transfer
speeds?

A. Amazon CloudWatch
B. Amazon CloudFront
C. Amazon CloudTrail
D. Amazon VPC

Q163: Is AWS offering Reserved Instances facility for Multiple-Subnet deployments? A.

Yes, available for all kind of instances
B. No, available only for Dedicated Tenancy
C. Offering only for LINUX based instances
D. None of the above

Q164: Select the correct statement from the below:

A. You can have multiple ACLs for a subnet

B. Security Group is not necessary for an EC2 instance
C. You can attach multiple Zones/Subnets to a Route Table
D. You can create S3 bucket using AWS AMI templates

Q165: Name the AWS DB Service which is Server-Less and NoSQL DB which delivers
consistent single-digit millisecond latency at any scale?

A. Amazon Redshift
B. Amazon Neptune
C. Amazon Aurora
D. Amazon DynamoDB
Q166: Is this advisable to keep your Standby-Database instance in the same zone where
your primary instance is running?

A. Yes, you can keep

B. Possible only for MySQL instance
C. No, not recommended for any kind of DB instance
D. Recommended only for MS-SQL instance

Q167: Can objects in S3 be delivered by Amazon CloudFront?

A. Yes, you can place any objects in S3 which CloudFront quickly delivers
B. CloudFront delivers only movie type objects
C. No, S3 cannot be integrated with CloudFront
D. Amazon VPC will deliver the objects

Q168: What you should do if you want to launch an EC2 instance with a pre-allocated
private IP address?

A. Launch it in a Subnet Group

B. Launch the instance from a Private AMI
C. Assign EIP address to that instance
D. Launch that instance in AWS VPC cloud

Q169: Can you edit a Security Group (SG) rules when it is used by multiple EC2
instances? Will new rules apply to all previously running EC2 instances?

A. No, you cannot edit a SG when used by a EC2 instance

B. Yes, you can edit. Immediately apply to all instances.
C. You can edit only the Outbound rules
D. Only Outbound rules apply to all EC2 instances

Q170: Which of the following statements are true with Route 53?

A. Amazon Route 53 is a scalable and highly available Domain Name System (DNS)
B. Amazon Route 53 is fully compliant with IPv6 as well
C. Will automatically configure DNS settings for your domains
D. Route 53 provides low latency database service

Q171: What is a Virtual Private Cloud (VPC)?

A. VPC enables you to launch AWS resources into a virtual network

B. VPC is a virtual network dedicated to your AWS account
C. VPC is used to create domain name for your organization
D. VPC can also be connected to your own office data center

Q172: What is an Elastic IP?

A. There is no such IP. Only public & private IPs are valid.
B. Used in Elastic Load Balancing
C. An Elastic IP address is a static IPv4 address
D. An Elastic IP address is for use in a specific region only

Q173. _____________ is a fully managed in-memory data store service offered by Amazon
Web Services (AWS)? A. Amazon Neptune
B. Amazon Redshift
C. Amazon ElastiCache
D. Amazon Aurora

Q174: In AWS which service is used to create Domain Name for their customers?

A. Amazon CloudWatch
B. Amazon Route53
C. Amazon CloudDomain
D. Amazon VPC

Q175: Which one is a valid statement regarding EBS-Volumes?

A. You can attach maximum of 5 volumes to an instance

B. You can attach multiple instances to one volume
C. You can attach multiple volumes to a single EC2 instance
D. You cannot attach a additional volume to an instan

Q176: Which one is a valid statement regarding EBS-Snapshots?

A. You can access Snapshots thru S3 APIs

B. You can store your Snapshots in a S3 BUCKET
C. Snapshots are available only thru EC2 instances
D. You can access your Snapshots thru VPC APIs

Q177: Which AWS Service you would use to transfer objects from your data center, when
you are using Amazon CloudFront?

A. AWS CloudWatch
B. AWS SNS Service
C. AWS SMS Service
D. AWS Direct Connect

Q178: Which one is the valid scenario?

A. Creating PEERING connection to a VPC in a Different Region

B. Creating PEERING connection between VPCs in Same Region
C. Attaching VOLUME in one subnet/zone with EC2 instance in another subnet/zone
D. Keeping your primary db and secondary db in the same zone
Q179: How do you connect a VPC to your Office Datacenter?

A. By keeping AWS VPC and Office Datacenter in same IP range

B. Establishing VPN connection between VPC and Datacenter
C. Establishing a dedicated hotlink between VPC and Datacenter
D. You cannot connect VPC and your Datacenter

Q180: Choose the valid scenarios regarding VPC?

A. You can delete the Default VPC available in your region

B. VPC can span across multiple Availability Zones
C. Trying to launch an instance without having VPC in a region
D. Launching an instance onto a VPC created by you

Q181: How the EC2 instances inside a VPC directly access the internet?

A. With the help of instance’s Public IP

B. By attaching a Elastic IP to that instance
C. Internet Gateway enables the access to the internet
D. With the help of Route Table

Q182: Which one is the highly secured design?

A. Keeping both EC2 and Database instances in a public subnet

B. Keep EC2 in public subnet and Database in private subnet
C. Keep EC2 in public subnet and Database in a S3 bucket
D. Defining ANYWHERE in the DB security group INBOUND rule

Q183: Keeping your instance in a public subnet and database in a private subnet. What
type of cloud deployment model is this?

A. Community Cloud
B. Private Cloud
C. Public Cloud
D. Hybrid Cloud

Q184: Which service distribute the contents from Edge Locations to the end users to
reduce the latency?

A. Amazon CloudWatch
B. Amazon CloudTrail
C. Amazon CloudFront
D. Amazon PushData

Q185: I am a cloud web service used for hosting your application. Who am I?

A. AWS Route 53
B. AWS VPC
C. AWS S3
D. AWS EC2

Q186: You can add ________________ to your Auto Scaling group so that you can perform
custom

Q187: What is Auto Scaling?

A. Accelerating VPC Speed

B. Creating/Terminating duplicate instances using Scale IN/OUT
C. Automating backup/restore service
D. None of the above

Q188:; You want complex querying capabilities but don’t want data warehouse. Which
database service you would choose?

A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon RDS
D. Amazon ElastiCache

Q189: What is an Availability Zone?

A. A Container where all your S3 buckets are stored

B. Denotes an Entire Region
C. A location inside a Region which is protected from failures
D. Collection of Regions

Q190: The cloud infrastructure is shared by several organizations and supports specific
group that has shared concerns. Government departments, universities, central banks
etc. often find this type of cloud useful. What kind of cloud deployment model is this?

A. Private Cloud
B. Hybrid Cloud
C. Community Cloud
D. Public Cloud

Q191: How many Buckets you can create in S3?

A. 150
B. 250
C. 500
D. 100
Q192: What is the maximum size of a S3 Bucket?

A. 3 Terabytes
B. 10 Terabytes
C. 5 Terabytes
D. 7 Terabytes

Q193: Which service of Amazon AWS is used to host a static website?

A. Amazon Simple Storage Service(S3)

B. Amazon CloudFront
C. Amazon Route53
D. Amazon CloudWatch

Q194: Which of the following is not a Part of Security groups?

A. List of Protocols
B. List of Users
C. Ports
D. IP Address

Q195: A data transport solution that accelerates moving terabytes to petabytes of data
into and out of AWS using storage devices designed to be secure for physical transport.
Name this solution.

A. Amazon EFS
B. Amazon S3
C. Amazon Glacier
D. Amazon Snowball

Q196: What type of IP address do you use for your CGW (Customer Gateway) address?

A. You will use PRIVATE IP address of your NAT device

B. You will use PUBLIC IP address of your NAT device
C. You will use ELASTIC IP address of your NAT device
D. You will use VPN

Q197: How many subnets you can have per VPC?

A. 100
B. 300
C. 250
D. 200

Q198: I have a REST API interface and uses secure HMAC-SHA1 authentication keys. I am
also a data storage system. Who am I?
A. SS3
B. Elastic Block Store
C. S3
D. Snapshots

Q199: I am a structured data store. I support indexing and data queries to both EC2 and
S3. Who am I?

A. DynamoDB
B. SimpleDB
C. MySQL
D. Aurora

Q200: How many Elastic IP address can be associated with a single account?

A) 4
B) 10
C) 5
D) None the above

Q201: After configuring ELB, you need to ensure that the user requests are always
attached to a single instance. What setting can you use?

A) Session cookie
B) Cross one load balancing
C) Connection drainage
D) Sticky session

Q202: Which of the following metrics cannot have a cloud watch alarm?

A) EC2 instance status check failed

B) EC2 CPU utilization
C) RRS lost object
D) Auto scaling group CPU utilization

Q203: Which of the below mentioned service is provided by Cloud watch?

A) Monitor estimated AWS usage

B) Monitor EC2 log files
C) Monitor S3 storage
D) Monitor AWS calls using Cloud trail

Q204: Which of the following service provides the edge – storage or content delivery
system that caches data at different locations?
Q205: What are the possible connection issues you can face while connecting to your
instance?

Q206: You are enabled sticky session with ELB. What does it do with your instance?

Q207: Which is an email platform that provides an easy, cost effective way for you to
send and receive email using your own email address and domains?

Q208: AWS Cloud Front has been configured to handle the customer requests to the web
server launched in Linux machine. How many requests per second can Amazon Cloud
Front handle?

Q209: Which is virtual network interface that you can attach to an instance in a VPC?

Q210: You have launched an instance in EC2-Classic and you want to make some change
to the security group rule. How will these changes be effective?

Q211: Load Balancer and DNS service comes under which type of cloud service?
Q212: You have an EC2 instance that has an unencrypted volume. You want to create
another encrypted volume from this unencrypted volume. Which of the following steps
can achieve this?

Q213: Where does the user specify the maximum number of instances with the auto
scaling commands?

A) Auto scaling Launch Config

B) Auto scaling group
C) Auto scaling policy
D) Auto scaling size

Q214: A user is aware that a huge download is occurring on his instance he has already
set the auto scaling policy to increase the instance count when the network I/O increase
beyond a certain limits how can the user ensure that this temporary event does not
result in scaling

Q215: Which are the types of AMI provided by AWS?

Q216: Name some cloud service providers for public & private cloud?

Q 217: What are all the different Instance categories based on pricing and explain them
briefly?

Q 218: I have some private servers on my premises, also I have distributed some of my
workload on the public cloud, what is this architecture called?

Q219: What is the difference between S3 and Glacier storage?

Q 220: Name some Database engines available natively in RDS services?

Q 221: How can you automate resource provisioning in AWS?

Q 222: What is autoscaling & mentions some of its benefits?

Q 223: What is the difference between S3 availability & durability?

Q 224: Mention some important features of S3 buckets?

Q 225: What are all the measures that you take to protect the data in S3?

Q 226: What is Elastic IP address?

Q 227: You have a webserver running on an Amazon EC2 instances that is approaching
100% CPU utilization. Which option will reduce load on the Amazon EC2 instance and
describe why?

Q 228: what is CloudWatch and mention what can we do with it?

Q 229: How will you classify the cloud, based on the services?

Q 230: Name the messaging service available in AWS and point out a use case of it?

Q 231: Your company wants to use AWS for their newly designed analytics platform. They
have got around 20 TB of data In the on-premises. They want to construct an analytics
platform in AWS with this 20 TB of data for analysis. Once analysis is done they want to
archive this data for best backup and recovery. What are the services that best matches
this use case and say why?

Q232: Your Relational database engine in AWS got crashes often when the traffic to your
RDS instance is high. The Replica of the RDS instance is not promoted as master
instance. What would you do to handle this situation ??
Q 233: There is a production DB server running in a EC2 Linux instance which has a ext4
formatted EBS volumes/disks attached. The database is about to run out of storage
space. How can you address this problem?

Q234: A company wants to migrate the on-premises servers to the AWS cloud platform.
The company wants to estimate the cost of the machines that is going to get provisioned
in the cloud. How would you proceed to determine the cost?

Q235: An XYZ company is using AWS services for the past one month for its production
servers. They have established a VPN connectivity from on-premises to AWS with a single
IPSEC tunnel. During peak production hours, servers are not reachable in the AWS Cloud
due to network problem. How would you mitigate this problem with minimal cost?

Q236: What is the Cloud Computing?

Q237: What is the merits of Cloud Computing?

Q238: What are the Cloud Computing?

Q239: What are the top 10 advantages of Cloud Computing?


 

Q240: What are the different layers (Service Models) of cloud computing?

1.

2.

3.

Q241: How do disable Password-Based Logins for the Root in Amazon EC2 Instance?

Q242: How can I take an Snapshot of a RAID Array?

Q243: What is the difference between Volume and Snapshot in the Amazon Web
Services?

Q244: What happens if my application to stops responding to requests in beanstalk?

Q245: How to update AMI tools at the Boot Time?

Q246: How to update AMI tools at the Boot Time on linux?

Q247: How does AWS Lambda to handle failure during event processing?

Q248: What are the Storage of classes of Amazon?


 

Q249: How do Encryption is done in S3?

Q250: How will do upload a file greater than 100 megabytes in Amazon S3?

Q251: What type of performance can you expect from Elastic Block Storage??

Q252: How to vertically scale on an Amazon Instance?

Q253: What is the difference between Vertical & Horizontal Scaling?

Q254: What are the states available in Processor State Control?

Q255: How to transfer an existing domain name registration to Amazon Route53 without
disrupting existing web traffic?

Q256: How is AWS Elastic Beanstalk different than AWS OpsWorks?

Q257: How can you safeguard EC2 instances running on a vpc?

Q258: How can S3 be cast-off with EC2 Instances?

Q250: Which platforms support CloudWatch logs Agent?


 

Q250: List out the retention period of all metrics?

Q250: What are the Different networking modes available in ECS?

Q259: What are the connectivity options for my vpc?

Q260: Why can’t you ping the Router, Or My Default Gateway, That’s Connects My
Subnets?

Q261: Can you Monitor The Network Traffic in your Vpc?

Q262: With in Which Amazon EC2 Regions is Amazon VPC Available?

Q262: When you call Describe volumes(),Do you see all of my Amazon Ebs volumes,
Including Those in Ec2 classic And Ec2-vpc?

Q264: Difference between NAT Instances Gateway?

Q265: How do I disable NAT-T on my connection?

Q266: Are there any bandwidth limitations for internet gateway?

Q267: if you peer vpc A to vpc B and I peer vpc B to vpc C, does that mean VPC’s A and C
peer?

Q268: What are the Amazon Route 53 Benefits?


 

Q269: What are the AWS Route 53 Policies?

Q270: What is Amazon workspace Devices?

Q271: What are the Features Amazon Work Spaces Features?

Q272: What are the Advantages of Amazon CloudWatch?

Q273: What is Database Engines in RDS?

Q274: What are the types of queues in SQS?

Q275: Explain the layers of cloud architecture?


 

Q276: How many AWS services are there in 2021?

Q277: What are the most popular services in AWS?

Q278: Default number of roles you can assign for an IAM user?

Q279: How to implement security on a VPC setup?

1.

2.

Q280: Can you add multiple types of instances in the same target group?

Q281: Can we associate multiple target groups under launch configuration of auto
scaling groups?

Q282: What is the maximum size of EBS that can be launched in AWS?

Q283: Can you monitor resources with Cloud Watch for multiple regions?

Q284: Can you assign 2 IPs for a single EC2 instance?

Q285: What tools have you used for reporting bugs in the infra?

Q286: Can you change the CPU of an instance which is already launched?

Q287: What happens when ELB goes down?What is the workaround for users to reach
your servers?

Q288: Have you worked on RDS?How to check permissions assigned/who can access the
RDS?

Q289: How do you know if the AMI you use in EC2 is secure enough?

Q290: You lost your EC2 instance’s key pair. How will you connect it now?

Q291: What is the use of VPC flow logs?

Q292: When will you use a D type instance?

Q293: How can you switch between master and child accounts in AWS?

Q294: What will you do when an EC2 instance from your auto-scaling group fails /not
responding to the end-user?

Q295: How are EFS mounted in an autoscaled EC2 instance group?

Q296: What is Peer to Peer Gateway (Connection)?

Q297: By default AWS will reserve 5 IPs, what are those?

1.

2.

3.

4.

5.

Q298: How many VPC can be created under a single AWS account?

Q299: What is the difference between the RDS database and Dynamo DB?

Q300: What is the difference between CANME and Alias in Route 53?

Q301: What are instance types?

Q302: What are inbound and outbound?

Q303: What are A and AAAA records stands for in Route 53?

Q304: When you created in Domain some 3rd party, how do you map your AWS route 53
to 3rd party Domain?

Q305: What is Elastic IP Limit for an AWS Account?

Q306: Which region we have to choose for CDN Certificate?

Q307: What is the maximum object limit in S3?

Q308: What are AWS services which are not region specified?

Q309: What is the storage type used for EC2?

Q310: How are EFS mounted in an autoscaled EC2 instance group?

Q311: Types of reserve instances?

Q3012: What are the placement groups?

Q313: What is the instances limit for the spread placement group ?

Q314: What is ENI?

Q315: What is the difference between Internet Gateway and NAT gateway?

Q316: What are Route 53 policies?

Q317: What is VPN?

Q318: what is TTL stands in Route 53?

Q319: Difference between Application and Network Load Balancer?

Q320: What are Vertical scalability and Horizontal scalability?

Q321: What is stickiness in Load Balancer?

Q322: Types of Load Balancer?

Q323: What is Egress Internet gateway?

Q324: What is Network ACLS?

Q325: What are route Tables?

Basic AWS architect interview questions

1. What is Amazon EC2?
Amazon EC2 or Elastic Compute Cloud is the AWS service for achieving highly scalable
computing capacity. The use of Amazon EC2 can eliminate the need for investments in
hardware, thereby leading to faster application development and deployment.
2. What is Amazon S3?
Amazon S3 or Simple Storage Service is the AWS service for storage. The object storage allows
storing and retrieval of a significant amount of data irrespective of the location. In addition, it is
also unlimited, and users can avail of storage on demand.
3. What is Identity Access Management (IAM)?
Identity Access Management (IAM) in AWS provides web service for secure control over access
to AWS services. It helps in management of users and security credentials such as permissions
and access keys.
4. What is Amazon Route 53?
Amazon Route 53 is a Domain Name System (DNS) service with the assurance of higher
scalability and availability. The name is derived from the TCP or UDP port 53, the location where
all the DNS server requests are addressed.
5. What is the process of sending a request to Amazon S3?
Users can requests to Amazon S3 through the REST API. You can also use the AWS SDK
wrapper libraries that encompass the Amazon S3 REST API underneath.
6. Is encryption recommended for S3?
Since S3 is proprietary technology, it is important for users to consider encryption for sensitive
data.
7. Define Geo Restriction in CloudFront.
Geo Restriction, which is also known as geoblocking, is the process of restricting user’s access
privileges in particular geographic locations to content distributed a specific CloudFront web
distribution.
8. What is a T2 instance?
T2 instances specifically aim at providing moderate levels of baseline performance. In addition,
they also have the capability to extend the performance levels demanded by the respective
workloads.
9. Define a serverless application in AWS?
In AWS, the Serverless Application Model (SAM) helps in extending the capabilities of AWS
CloudFormation. As a result, users can get a simple approach for definition of Amazon API
Gateway APIs, Amazon DynamoDB tables, and AWS Lambda functions that your serverless
application needs.
10. What are the applications of Amazon ElastiCache?
Amazon ElastiCache serves as the web service for easier deployment, operations, and
scalability of in-memory data store or cached data in the cloud.
Latest AWS Architect Interview Questions and Answers
1. What is the difference between terminating and stopping an
instance?
When you stop an instance, it goes through a normal shutdown and then shifts to the ‘stop’ state.
On the other hand, when you terminate an instance, it goes through a normal shutdown.
However, the attached Amazon EBS volumes are deleted only if the deleteOnTermination
attribute of the volume is set to true.
2. Can I change the private IP address of an EC2 instance when it is
running or stopped on a VPC?

You cannot change the primary private IP address. However, the secondary private addresses
could be assigned, unassigned, or transferred between instances or interfaces at any point in
time.
3. What are the benefits of AWS Disaster Recovery?
AWS offers cost-effective disaster recovery for reliable backup and storage with the assurance of
faster setup and installation. The Disaster Recovery solution of AWS can replicate on-premises
data to the cloud with higher efficiency and also ensures faster retrieval.
4. What is DynamoDB?
DynamoDB is Amazon’s fully managed NoSQL database service. It provides support for key-
value and document data structures. DynamoDB is ideal for use cases that require a NoSQL
database with reliable performance and a flexible model.
5. Which AWS services help in collecting and processing eCommerce
data for real-time analysis?
The AWS services for collecting and processing eCommerce data for real-time data analysis are
Amazon DynamoDB, Amazon Redshift, Amazon ElastiCache, and Amazon Elastic MapReduce.
6. Define SQS.
SQS or Simple Queue Service on AWS is a distributed message queuing service. It serves as a
mediator between two controllers and works on the pay-per-use model.
7. Do you know some popular DevOps tools?
Some of the noticeable DevOps tools include the following,
 Docker is a containerization tool.
 Nagios is a continuous monitoring tool.
 Chef, Ansible, SaltStack, and Puppet are development and configuration
management tools.
 Git is a version control system tool.
 Jenkins is a continuous integration tool.
8. Define configuration management.
Configuration management is the process for management of system configuration. It also
includes the management of services provided by the systems, all through code.
9. What are the notable features of Amazon cloud search?
The striking features of Amazon cloud search include,
 AutoComplete advice
 Highlighting
 Range searches
 Prefix searches
 Entire text search
 Boolean searches
 Faceting term boosting
10. What are some possible connection issues while connecting to an
EC2 instance?
The connection issues while connecting to an EC2 instance include,
1. Server refused key.
2. The unprotected private key file.
3. Connection timed out.
4. No supported authentication method available.
5. Host key not found; permission denied.
Aws Soluction Architect Interview Questions And Answers
Pdf
1. How to secure your data for transport in the cloud?
Answer: Ensure that no one can intercept the data as it moves from point
A to point B in the cloud and also checks that there are no data leaks with
the encryption key from any storage in the cloud. You can also segregate
your data from other companies’ data and then encrypt it by using an
approved method. In addition, you can ensure the security of older data
that remains with a cloud vendor after you have no use for it.

2. What is S3? What is it used for? Should encryption be used in

S3?
Answer: According to Amazon, S3 is storage for the Internet. They define
it as a “simple storage service that offers software developers a highly-
scalable, reliable, and low-latency data storage infrastructure at very low
costs”.
Amazon S3 provides a simple web service interface which you can use to
store and retrieve any amount of data, at any time, from anywhere on the
web. Using this web service, developers can easily build applications that
make use of Internet storage.
Encryption should be considered for sensitive data, as S3 is a proprietary
technology developed by Amazon themselves, and yet to be proven from
a security standpoint.

3. How is AWS OpsWorks different than AWS CloudFormation?

Answer: OpsWorks and CloudFormation both support application
modeling, deployment, configuration, management, and related activities.
Both support a wide variety of architectural patterns, from simple web
applications to highly complex applications. AWS OpsWorks and AWS
CloudFormation differ in abstraction level and areas of focus.

AWS CloudFormation is a building block service which enables the

customer to manage almost any AWS resource via JSON-based domain-
specific language. It provides foundational capabilities for the full breadth
of AWS, without prescribing a particular model for development and
operations. Customers define templates and use them to provision and
manage AWS resources, operating systems and application code.

In contrast, AWS OpsWorks is a higher level service that focuses on

providing highly productive and reliable DevOps experiences for IT
administrators and ops-minded developers. To do this, AWS OpsWorks
employs a configuration management model based on concepts such as
stacks and layers and provides integrated experiences for key activities
like deployment, monitoring, auto-scaling, and automation. Compared to
AWS CloudFormation, AWS OpsWorks supports a narrower range of
application-oriented AWS resource types including Amazon EC2 instances,
Amazon EBS volumes, Elastic IPs, and Amazon CloudWatch metrics.
4. Explain what is AMI?
Answer: AMI stands for Amazon Machine Image. It’s a template that
provides the information (an operating system, an application server, and
applications) required to launch an instance, which is a copy of the AMI
running as a virtual server in the cloud. You can launch instances from as
many different AMIs as you need.

5. What is the Amazon EC2 service?

Answer: Amazon describes Elastic Compute Cloud (Amazon EC2) as a
web service that provides resizable compute capacity in the cloud. It is
designed to make web-scale cloud computing easier for developers.
Amazon EC2’s simple web service interface allows developers to obtain
and configure capacity with minimal friction.

6. How is buffer used in Amazon web services?

Answer: Buffer is used to making the system more resilient to burst of
traffic or load by synchronizing different components. The components
always receive and process the requests in an unbalanced way. Buffer
keeps the balance between different components and makes them work
at the same speed to provide faster services.

7. How to use the processor state control feature available on the

c4.8xlarge instance?
Answer:
The processor state control consists of 2 states:

The C state – Sleep state varying from c0 to c6. C6 being the deepest
sleep state for a processor
The P state – Performance state p0 being the highest and p15 being the
lowest possible frequency.
Now, why the C state and P state. Processors have cores, these cores
need thermal headroom to boost their performance. Now since all the
cores are on the processor the temperature should be kept at an optimal
state so that all the cores can perform at the highest performance.

8. When should I use a Classic Load Balancer and when should I

use an Application load balancer?
Answer: A Classic Load Balancer is ideal for simple load balancing of
traffic across multiple EC2 instances, while an Application Load Balancer is
ideal for microservices or container-based architectures where there is a
need to route traffic to multiple services or load balance across multiple
ports on the same EC2 instance.

9. What is the difference between SQL and NoSQL Database in

AWS?
Answer: Explain about RDS options and Dynamo DB characteristics, their
differences, benefits, and purpose of each related to AWS service.
Which option exists to accelerate the performance of a web application?
Describe how to improve the performance of web applications by allowing
you to retrieve information from a fast, managed, in-memory system,
instead of relying entirely on slower disk-based databases. AWS offers a
service called Amazon Elastic Cache, it can not only improve load and
response time to user actions and queries but also reduce the cost
associated with scaling web applications.

10. What is the function of the Amazon Elastic Compute Cloud?

Answer: Amazon Elastic compute cloud also known as Amazon EC2 is an
Amazon web service that provides scalable resources and makes the
computing easier for developers. The main functions of Amazon EC2 are:

 It provides easy configurable options and allows the user to

configure the capacity.
 It provides the complete control of computing resources and let the
user run the computing environment according to his requirements.
 It provides a fast way to run the instances and quickly book the
system hence reducing the overall time.
 It provides scalability to the resources and changes its environment
according to the requirement of the user.
 It provides varieties of tools to the developers to build failure
resilient applications.
11. How to deliver content faster?
Answer: Describe in detail the service like Amazon CloudFront which is a
content delivery web service. It integrates with other AWS services to give
developers and businesses an easy way to distribute content to end-users
with low latency, high data transfer speeds, and no minimum usage
commitments.

12. What are the different deployment models for Cloud?

Answer:

The different models are:

 Private Cloud
 Public Cloud
 Hybrid Clouds
13. How to enable an automatic scaling solution according to the
user demand?
Answer:
Explain about Autoscaling features of AWS. Remember that Auto Scaling
allows you to scale your Amazon EC2 capacity up or down automatically
according to conditions you define, and it is particularly well suited for
applications that experience hourly, daily, or weekly variability in usage.
Describe how to create a launch configuration, an auto-scaling group
including common limits and how to monitor it using Cloudwatch and how
to establish automatic alerts and actions.
14. What is the use of Amazon ElastiCache?
Answer: Amazon ElastiCache is a web service that makes it easy to
deploy, operate, and scale an in-memory data store or cache in the cloud.

15. What are the managed database services provided by AWS?

Answer: Answer with the Amazon Relational Database Service (Amazon
RDS). It is a web service that makes it easy to set up, operate, and scale a
relational database in the cloud. It provides cost-efficient and resizable
capacity while managing time-consuming database management tasks,
allowing you to focus on your applications and business.

It gives you access to the capabilities of a MySQL, Oracle, SQL Server, or

PostgreSQL database engines running on your own Amazon RDS cloud-
based database instance with high availability configurations.

16. What is the relation between Instance and AMI?

Answer: An Amazon Machine Image (AMI) is a template that contains a
software configuration (for example, an operating system, an application
server, and applications). From an AMI, you launch an instance, which is a
copy of the AMI running as a virtual server in the cloud.
You can launch different types of instances from a single AMI. An instance
type determines the hardware of the host computer used for your
instance. Each instance type offers different compute and memory
capabilities.

17. Explain how the buffer is used in Amazon web services?

Answer: The buffer is used to make the system more robust to manage
traffic or load by synchronizing different component.

18. What is an EC2 instance? How to protect and reuse it?

Answer: Explain that EC2 is a web service that provides resizable
computing capacity in the cloud. Describe how to create an AMI, taking
EC2 snapshot to backup, and reuse EC2 instance. (Company)

19. What kind of instances does AWS offer?

Answer: Describe all EC2 instance types. Each EC2 instance type
comprises varying combinations of CPU, memory, storage, and networking
capacity giving you the flexibility to choose the appropriate mix of
resources for your applications.

20. What uses do API’s have in cloud services?

Answer: Application Programming Interface (API) has the following uses:

 It eliminates the need to write fully-fledged programs

 It provides the instructions to set up communication between one or
more applications
  It allows easy creation of applications and links the cloud services
with other systems.
21. Is it possible to change the private IP addresses of an EC2
while it is running/stopped in a VPC?
Answer: Primary private IP address is attached with the instance
throughout its lifetime and cannot be changed, however secondary
private addresses can be unassigned, assigned or moved between
interfaces or instances at any point.

22. Which AWS services are offered for business intelligence?

Answer: Describe each AWS related service, highlight Amazon Redshift
as a fast, fully managed, petabyte-scale data warehouse solution that
makes it simple and cost-effective to efficiently analyze all your data using
your existing business intelligence tools.

From the end-user analytic point of view, there exists a service named
Amazon QuickSight which is a very fast, easy-to-use, and cloud-powered
business intelligence (BI) service. It makes it easy for all employees within
an organization to build visualizations, perform ad-hoc analysis, and
quickly get business insights from their data. Amazon QuickSight
integrates automatically with AWS data services, enables organizations to
scale to hundreds of thousands of users, and delivers fast and responsive
query performance to them via the SPICE engine.

23. What happens if CloudTrail is turned on for my account but

my Amazon S3 bucket is not configured with the correct policy?
Answer: CloudTrail files are delivered according to S3 bucket policies. If
the bucket is not configured or is misconfigured, CloudTrail might not be
able to deliver the log files.

24. Mention what is the relation between an instance and AMI?

Answer: From a single AMI, you can launch multiple types of instances.
An instance type defines the hardware of the host computer used for your
instance. Each instance type provides different compute and memory
capabilities. Once you launch an instance, it looks like a traditional host,
and we can interact with it as we would with any computer.

25. What do you know about the Shared Responsibility Model

established with AWS?
Answer: Because you’re building systems on top of the AWS platform, the
security responsibilities will be shared. While AWS manages the security
of the cloud, security in the cloud is the responsibility of the customer.
Customers retain control of the security they choose to implement to
protect their own content, platform, applications, systems, and networks,
no differently than they would have for the applications in an on-site
datacenter.
26. What are storage options provided by AWS?
Answer: Describe in detail all the storage options provided by AWS like
EBS, S3, Glacier, etc. Remember that AWS offers many different storage
services, including Amazon S3, Amazon EBS, Amazon EFS, and Amazon
Glacier. Amazon S3 is an object storage service, Amazon EBS is a block
storage service, Amazon EFS is a file storage service, and Amazon Glacier
is a long-term archive storage service.
Refer depending on scenario what is the best storage option.

27. How do you choose an Availability Zone?

Answer: Let’s understand this through an example, consider there’s a
company which has a user base in India as well as in the US.

Let us see how we will choose the region for this use case:

So, with reference to the above figure the regions to choose between are,
Mumbai and North Virginia. Now let us first compare the pricing, you have
hourly prices, which can be converted to your per month figure. Here
North Virginia emerges as a winner. But, pricing cannot be the only
parameter to consider. Performance should also be kept in mind hence,
let’s look at latency as well. Latency basically is the time that a server
takes to respond to your requests i.e the response time. North Virginia
wins again!

28. What are the best practices for Security in Amazon EC2?
Answer:
There are several best practices to secure Amazon EC2. A few of
them are given below:

 Use AWS Identity and Access Management (IAM) to control access

to your AWS resources.
 Restrict access by only allowing trusted hosts or networks to access
ports on your instance.
 Review the rules in your security groups regularly, and ensure that
you apply the principle of least
 Privilege – only open up permissions that you require.
 Disable password-based logins for instances launched from your
AMI. Passwords can be found or cracked, and are a security risk.
Learn To Use AWS Tools
Section 3: Amazon Storage.

29. How can you speed up data transfer in Snowball?

Answer:
The data transfer can be increased in the following way:

 By performing multiple copy operations at one time i.e. if the

workstation is powerful enough, you can initiate multiple cp
 commands each from different terminals, on the same Snowball
device.
 Copying from multiple workstations to the same snowball.
 Transferring large files or by creating a batch of small file, this will
reduce the encryption overhead.
 Eliminating unnecessary hops i.e. make a setup where the source
machine(s) and the snowball are the only machines active on the
switch being used, this can hugely improve performance.
30. How to create your own resources into the AWS Cloud?
Answer: Describe the Amazon VPC service. Notice that Amazon Virtual
Private Cloud (Amazon VPC) lets you provision a logically isolated section
of the AWS Cloud, where you can launch AWS resources in a virtual
network that you define. You have complete control over your virtual
networking environment, including the selection of your own IP address
range, the creation of subnets, and the configuration of route tables and
network gateways.

Highlight VPC security settings using security groups and ACLs for
subnets.

31. What does an AMI include?

Answer:
An AMI includes the following things
A template for the root volume for the instance
Launch permissions decide which AWS accounts can avail the AMI to
launch instances
A block device mapping that determines the volumes to attach to the
instance when it is launched.

32. What automation tools can you use to spin up servers?

Answer:
Any of the following tools can be used:

Roll-your-own scripts, and use the AWS API tools. Such scripts could be
written in bash, Perl or another language of your choice.
Use a configuration management and provisioning tools like puppet or its
successor Opscode Chef. You can also use a tool like Scalr.
Use a managed solution such as Rightscale.

33. If an organization is facing a major change, what is your

approach as AWS Solution Architect to suggest to face it?
Answer: This reveals if the candidate for AWS Solution Architect position
possesses an open interest in a future customer, understand their
business model, and recognize actual changes and challenges.

34. what are the relevant responsibilities of an AWS Solution

Architect?
Answer: Describe relevant responsibilities, duties, and challenges for an
AWS Solution Architect.

35. What is Geo Restriction in CloudFront?

Answer: Geo restriction, also known as geoblocking, is used to prevent
users in specific geographic locations from accessing content that you’re
distributing through a CloudFront web distribution.

36. How do you normally take AWS architecture requirements to

design?
Answer: Describe your procedures and methodology for establishing
relationships and how to understand business requirements from the
customer.

37. What is a Serverless application in AWS?

Answer: The AWS Serverless Application Model (AWS SAM) extends AWS
Cloud Formation to provide a simplified way of defining the Amazon API
Gateway APIs, AWS Lambda functions, and Amazon DynamoDB tables
needed by your serverless application.

38. What happens if my application stops responding to requests

in beanstalk?
Answer: AWS Beanstalk applications have a system in place for avoiding
failures in the underlying infrastructure. If an Amazon EC2 instance fails
for any reason, Beanstalk will use Auto Scaling to automatically launch a
new instance. Beanstalk can also detect if your application is not
responding on the custom link, even though the infrastructure appears
healthy, it will be logged as an environmental event( e.g a bad version
was deployed) so you can take appropriate action.

39. Why AWS Architect Interview Questions?

Answer: For the 7th straight year, Gartner placed Amazon Web Services
in the “Leaders” quadrant. Also, Forbes reported, AWS Certified Solutions
Architect Leads the 15 Top Paying IT Certifications. Undoubtedly, AWS
Solution Architect position is one of the most sought after amongst IT jobs.

We at Edureka are committed to helping you upgrade your career in sync

with industry requirements. That’s why we have created a list of AWS
Architect Interview questions and answers that will most probably get
asked during your interview. If you’ve attended an AWS Architect
interview or have additional questions beyond what we have covered, we
encourage you to add them in the comments section below.

In the meantime, you can maximize the Cloud computing career

opportunities that are sure to come your way by taking AWS Architect
online training with svr.
The AWS Solution Architect Role: With regards to AWS, a Solution
Architect would design and define AWS architecture for existing systems,
migrating them to cloud architectures as well as developing technical
road-maps for future AWS cloud implementations. So, in this AWS
Architect interview questions blog, in every section, we will start with the
basics and then move our way forward to more technical questions, for
the best learning experience please refer the questions in sequence so
that the concepts for the next question will be clear in the first.

40. You have a video transcoding application. The videos are

processed according to a queue. If the processing of a video is
interrupted in one instance, it is resumed in another instance.
Currently, there is a huge back-log of videos which needs to be
processed, for this you need to add more instances, but you need
these instances only until your backlog is reduced. Which of these
would be an efficient way to do it?
You should be using an On-Demand instance for the same. Why?
Answer: First of all, the workload has to be processed now, meaning it is
urgent, secondly you don’t need them once your backlog is cleared,
therefore Reserved Instance is out of the picture, and since the work is
urgent, you cannot stop the work on your instance just because the spot
price spiked, therefore Spot Instances shall also not be used. Hence On-
Demand instances shall be the right choice in this case.

 When you use more than one Elastic IPs with your instance.
 When your Elastic IP is attached to a stopped instance.
 When your Elastic IP is not attached to any instance.
41. What are the different layers of cloud computing?
Answer:
The three layers are:

 Infrastructure as a Service (IaaS)

 Platform as a Service (PaaS)
 Software as a Service (SaaS)
42. How is a Spot instance different from an On-Demand instance
or Reserved Instance?
Answer: First of all, let’s understand that Spot Instance, On-Demand
instance, and Reserved Instances are all models for pricing. Moving along,
spot instances provide the ability for customers to purchase compute
capacity with no upfront commitment, at hourly rates usually lower than
the On-Demand rate in each region. Spot instances are just like bidding,
the bidding price is called Spot Price. The Spot Price fluctuates based on
supply and demand for instances, but customers will never pay more than
the maximum price they have specified. If the Spot Price moves higher
than a customer’s maximum price, the customer’s EC2 instance will be
shut down automatically. But the reverse is not true, if the Spot prices
come down again, your EC2 instance will not be launched automatically,
one has to do that manually. In Spot and On-demand instance, there is no
commitment for the duration from the user side, however in reserved
instances one has to stick to the time period that he has chosen.

43. Can I vertically scale an Amazon instance? How do you do it?

Answer: Yes. Spinup a new larger instance than the one you are running,
then pause that instance to detach the root ebs volume from this server
and discard. After that, stop the live instance and detach its root volume.
Note the unique device ID and attach that root volume to the new server,
and start again. This way you will have scaled vertically.

44. What is the type of architecture, where half of the workload is

on the public load while at the same time half of it is on the local
storage?
Answer:
Hybrid cloud architecture.

45. Should encryption be used for S3?

Answer:
Encryption should be considered for sensitive data as S3 is a proprietary
technology.

46. What are the various AMI design options?

Answer: Fully Baked AMI, JeOS (just enough operating system) AMI, and
Hybrid AMI.

47. What is a Serverless application in AWS?

Answer: The AWS Serverless Application Model (AWS SAM) extends AWS
CloudFormation to provide a simplified way of defining the Amazon API
Gateway APIs, AWS Lambda functions, and Amazon DynamoDB tables
needed by your serverless application.

48. Now how will these states help in that?

Answer: If a core is put into sleep state it will reduce the overall
temperature of the processor and hence other cores can perform better.
Now the same can be synchronized with other cores so that the processor
can boost as many cores it can by timely putting other cores to sleep, and
thus get an overall performance boost.

Concluding, the C and P state can be customized in some EC2 instances

like the c4.8xlarge instance and thus you can customize the processor
according to your workload.

49. To deploy a 4 node cluster of Hadoop in AWS which instance

type can be used?
Answer: First, let’s understand what actually happens in a Hadoop
cluster, the Hadoop cluster follows a master-slave concept. The master
machine processes all the data, slave machines store the data and act as
data nodes. Since all the storage happens at the slave, a higher capacity
hard disk would be recommended and since master does all the
processing, a higher RAM and a much better CPU is required. Therefore,
you can select the configuration of your machine depending on your
workload. For e.g. – In this case, c4.8xlarge will be preferred for master
machine whereas for slave machine we can select i2.large instance. If you
don’t want to deal with configuring your instance and installing Hadoop
cluster manually, you can straight away launch an Amazon EMR(Elastic
Map Reduce) instance which automatically configures the servers for you.
You dump your data to be processed in S3, EMR picks it from there,
processes it, and dumps it back intoS3.

50. Where do you think an AMI fits, when you are designing an
architecture for a solution?
Answer: AMIs(Amazon Machine Images) are like templates of virtual
machines and an instance is derived from an AMI. AWS offers pre-baked
AMIs which you can choose while you are launching an instance, some
AMIs are not free, therefore can be bought from the AWS Marketplace.
You can also choose to create your own custom AMI which would help you
save space on AWS. For example, if you don’t need a set of software on
your installation, you can customize your AMI to do that. This makes it
cost-efficient since you are removing the unwanted things.

1). Explain what is AWS(Amazon Web Service)?

2). Explain what are the key components of AWS( Amazon Web Service )?

3). Explain what is IAM service?

4). What is AWS Certificate Manager?

5). Explain what is S3?

6). Explain what is AMI ( Amazon Machine Image )?

7). Mention what is the relation between an instance and AMI?

8). Explain what is Redshift?

9). What Is Amazon EC2?

10). Explain what Is Amazon EC2 instance?

11). Exmplain some features of Amazon EC2?

12). Mention what are the differences between Amazon S3 and EC2 ?

13). How many buckets can you create in AWS by default?

14). Explain what is T2 instances?

15). Explain what is C4 instances?

16). Explain how the buffer is used in Amazon web services?

17). Explain what is DynamoDB?

18). Explain what is ElastiCache?

19). What is the AWS Key Management Service?

20). What is AWS WAF? What are the potential benefits of using WAF?

21). What is Amazon EMR?

22). What is AWS Data Pipeline? and what are the components of AWS Data
Pipeline?
23). What is Amazon Kinesis Firehose?

24). What Is Amazon CloudSearch and its features?

25). Explain what is Regions and Endpoints in AWS?

26). How to find your regions and Availability Zones using the Amazon EC2
CLI?

27). What is Amazon AppStream and advantage of using AppStreaming?

28). Which AWS responsible for managed email and calendaring?

29). What are the benefits of EBS vs. instance-store?

30). How you will find out the instance id from within an ec2 machine?

31). How do you pass custom environment variable on Amazon Elastic

Beanstalk (AWS EBS)?

32). Is it possible to use AWS as a web host? What are the way of using AWS
as a web host?

33). How step you follow to make 10,000 files as public in S3?

34). How do you see how much disk space is using by S3 bucket?

35). Explain what happens when I reboot an EC2 instance?

36). Write down the command you will use to copy all files from one S3 bucket
to another with s3cmd?

37). How you will change the root EBS device of my amazon EC2 instance?

38). What is the difference between Amazon SNS and Amazon SQS?

39). How many objects you can put in a S3 bucket? is there a limit to the
number of objects I can put in an S3 bucket?

40). How to delete files recursively from an S3 bucket?

41). How to access/ping a server located on AWS?

42). What is the maximum length of a file-name in S3?

43.) What is Amazon RDS?

44.) In RDS, what is the maximum value you can set for my backup retention
period?

45.) In RDS, Automated backups are enabled by default for new DB Instance,
true or false?

46.) What is MFA in AWS?

47.) What is Amazon VPC?

48.) If you want to run a database on an EC2 instance, which is the most
recommended Amazon storage option, S3, RDS or EBS?

49.) In S3, what does RRS stand for?

50.) What are the 4 level of AWS premium support?

51.) What is the underlying Hypervisor for EC2?

52.) What is the difference between Elastic Beanstalk and CloudFormation?

53.) What action is required to establish an Amazon Virtual Private Cloud

(VPC) VPN?
54.) Suppose that you are working with a customer who has 10 TB of archival
data that they want to migrate to Glacier. The customer has a 1-Mbps
connection to the internet. Which service or feature provides the fastest
method of getting data into Amazon Glacier?

55.) Example, how you will create a VPC and Subnets using the AWS CLI?

56.) Why we use VPC in AWS?

57.) Can you descrive the steps of create default VPC in AWS?

58.) What are the three features provided by Amazon that you can use to
increase and monitor the security?

59.) What is the difference between Network ACLs and Security Groups in
AWS?

60.) What benefits to VPC security groups give you that EC2 security groups
do not?

TOP 95 AWS VPC INTERVIEW QUESTIONS ANSWERS

1). What is Amazon Virtual Private Cloud (Amazon VPC)?

2). What are the connectivity options for my VPC?

3). How do you connect my VPC to the Internet?

4). What are the components of Amazon VPC?

4.1) What are the steps to build a custom VPC?

5). Why should you use Amazon VPC, Advantage of using AWS VPC?

6). What is the difference between stateful and stateless filtering?

7). Within Amazon VPC, can you use SSH key pairs created for instances
within Amazon EC2, and vice versa?

8). Can Amazon EC2 instances within a VPC communicate with Amazon EC2
instances not within a VPC?

9). Why can’t you ping the router, or my default gateway, that connects my
subnets?
10). Can you monitor the network traffic in your VPC?

11). Within which Amazon EC2 region(s) is Amazon VPC available?

12). Can a VPC span multiple Availability Zones?

13). Can you use your existing AMIs in Amazon VPC?

14). Can you employ Amazon CloudWatch within Amazon VPC?

15). How do you specify which Availability Zone my Amazon EC2 instances are
launched in?

16). Are there any bandwidth limitations for Internet gateways? Do you need to
be concerned about its availability? Can it be a single point of failure?

17). How do you secure Amazon EC2 instances running within my VPC?

18). What are the differences between security groups in a VPC and network
ACLs in a VPC?

19). How do you determine which Availability Zone my subnets are located in?

20). When you call DescribeInstances(), do you see all of my Amazon EC2
instances, including those in EC2-Classic and EC2-VPC?

21). When you call DescribeVolumes(), do you see all of my Amazon EBS
volumes, including those in EC2-Classic and EC2-VPC?

22). How many Amazon EC2 instances can you use within a VPC?

23). Can you employ Auto Scaling within Amazon VPC?

24). What is the IP range of a default VPC?

25). How many default VPCs can you have?

26). How many default subnets are in a default VPC?

27). Can you launch Amazon EC2 Cluster Instances in a VPC?

28). What is a default VPC?

29). What are the advantage of a default VPC?

30). What accounts are enabled for default VPC?

31). How can you know if my account is configured to use a default VPC?
32). Can you create other VPCs and use them in addition to my default VPC?

33). Can you create additional subnets in my default VPC, such as private
subnets?

34). Will you need to know anything about Amazon VPC in order to use a
default VPC?

35). What are the differences between instances launched in EC2-Classic and
EC2-VPC?

36). Can you use my existing Amazon EBS snapshots?

37). Can you boot an Amazon EC2 instance from an Amazon EBS volume
within Amazon VPC?

38). Can you use Amazon EC2 Reserved Instances with Amazon VPC?

39). Do you need to have a VPN connection to use a default VPC?

40). Can you delete a default VPC?

41). Can you delete a default subnet?

42). If you delete my side of a peering connection, will the other side still have
access to my VPC?

43). If you peer VPC A to VPC B and I peer VPC B to VPC C, does that mean
VPCs A and C are peered?

44). You have an existing EC2-Classic account. Can I get a default VPC?

45). You really want a default VPC for my existing EC2 account. Is that
possible?

46). How are IAM accounts impacted by default VPC?

47). Can you attach or detach one or more network interfaces to an EC2
instance while it’s running?

48). What if your peering connection goes down?

49). Can you create a peering connection to a VPC in a different region?

50). Can you peer my VPC with a VPC belonging to another AWS account?

51). Can you have more than two network interfaces attached to my EC2
instance?

52). Can you attach a network interface in one Availability Zone to an instance
in another Availability Zone?

53). Can you attach a network interface in one VPC to an instance in another
VPC?

54). Can you use Elastic Network Interfaces as a way to host multiple websites
requiring separate IP addresses on a single instance?

55). Can you detach the primary interface (eth0) on my EC2 instance?

56). Can you use AWS Direct Connect or hardware VPN connections to access
VPCs I’m peered with?

57). Can you peer two VPCs with matching IP address ranges?

58). Do you need an Internet Gateway to use peering connections?

59). Is VPC peering traffic within the region encrypted?

60). Is there any bandwidth limitations for peering connections?

61). What is ClassicLink?

62). How do you use ClassicLink?

63). Does the EC2-Classic instance become a member of the VPC?

64). Will ClassicLink settings on my EC2-Classic instance persist through

stop/start cycles?

65). Can you modify the VPC route tables? How?

66). Can you specify which subnet will use which gateway as its default?

67). Can you use the AWS Management Console to control and manage
Amazon VPC?

68). How many VPCs, subnets, Elastic IP addresses, Internet gateways,

customer gateways, virtual private gateways, and VPN connections can you
create?

69). Does the Amazon VPC VPN Connection have a Service Level Agreement
(SLA)?

70). What does an Amazon VPC router do?

71). Does Amazon VPC support multicast or broadcast?

72). How do instances in a VPC access the Internet?

73). How do instances without public IP addresses access the Internet?

74). How does a hardware VPN connection work with Amazon VPC?

75). What is IPsec?

76). Which customer gateway devices can I use to connect to Amazon VPC?

77). Name any VPCs for which you cannot enable ClassicLink?

78). Can traffic from an EC2-Classic instance travel through the Amazon VPC
and egress through the Internet gateway, virtual private gateway, or to peered
VPCs?

79). Does ClassicLink affect the access control between the EC2-Classic
instance, and other instances that are in the EC2-Classic platform?

80). What tools are available to me to help troubleshoot my Hardware VPN

configuration?

81). How do I connect a VPC to my corporate datacenter?

82). Are there any VPN connection throughput limitations?

83). Can you NAT your CGW behind a router or firewall?

84). What IP address do you use for your CGW address?

85). How do you assign IP address ranges to VPCs?

86). What IP address ranges are assigned to a default VPC?

87). Can you assign any IP address to an instance?

88). Can you assign multiple IP addresses to an instance?

89). What defines billable VPN connection-hours?

90). Can you change a VPC's size?

91). How many subnets can I create per VPC?

92). Is there a limit on how large or small a subnet can be?

93). How do you assign private IP addresses to Amazon EC2 instances within
a VPC?

94). How do you disable NAT-T on my connection?

95). Can Amazon EC2 instances within a VPC communicate with Amazon S3?
Q1): What is Amazon Web Services?

Ans: AWS stands for Amazon Web Services, which is a cloud computing platform. It is designed
in such a way that it provides cloud services in the form of small building blocks, and these
blocks help create and deploy various types of applications in the cloud. These sequences of
small blocks are integrated to deliver the services in a highly scalable manner.

[ Related Article: Introduction to Amazon Web Services ]

Q2): What are the Main Components of AWS?

Ans: The Key Components of AWS are:

 Simple Email Service: It allows you to send emails with the help of regular SMTP or
by using a restful API call

 Route 53: It’s a DNS web service.

 Simple Storage Device S3: It is a widely used storage device service in AWS
Identity and Access Management

 Elastic compute cloud( EC2): It acts as an on-demand computing resource for

hosting applications. EC2 is very helpful in times of uncertain workloads.

 Elastic Block Store: It allows you to store constant volumes of data which is
integrated with EC2 and enables you to data persist.

 Cloud watch: It allows you to watch the critical areas of the AWS with which you can
even set a reminder for troubleshooting.

[ Related Blog: AWS Big Data ]

Q3): Explain what S3 is all about?

Ans: S3 is the abbreviation for a simple storage service. It is used for storing and retrieving data
at any time and anywhere on the web. S3 makes web-scale computing easier for developers.
The payment mode of S3 is available on a pay-as-you-go basis.

Q4): What is AMI?

Ans: It stands for Amazon Machine Image. The AMI contains essential information required to
launch an instance, and it is a copy of AMI running in the cloud. You can download as many
examples as possible from multiple AIMs.

[ Related Article: What is AWS AMI ]

Q5): What is the relationship between an instance and AMI?

Ans: Using a single AMI, you can download as many instances as you can. An instance type is
used to define the hardware of the host computer for your situation. Each instance is unique and
provides the facilities in computational and storage capabilities. Once you install an instance, it
looks similar to a traditional host with which we can interact in the same way we do with a
computer.

Q6): What are the things that are included in the AIM?

Ans: An AIM consists of the things which are mentioned below:

 A template for the instance

 Launch permissions

 A block mapping that decides the volume to be attached when it gets launched.
Q7): What is an EIP?

Ans: The Elastic IP address (EIP) is a static Ipv4 address offered by AWS to manage dynamic
cloud computing services. Connect your AWS account with EIP so that if you want a static IPv4
address for your instance, you can be associated with the EIP which enables communication
with the internet.

Q8): What is CloudFront?

Ans: CloudFront is a content delivery network offered by AWS, and it speeds up the distribution
of dynamic and static web content such as .css, .js, .html, and image files to the users. It delivers
the content with low latency and high transfer speed to the users. AWS provides CDN for less
price and it suits the best startups.

Q9): What is VPC?

Ans: Virtual Private Cloud (VPC) allows you to launch AWS resources into the virtual network. It
allows users to create and customize network configurations according to users’ business
requirements.

Q10): What is the VPC peering connection?

Ans: VPC peering connection is a networking connection that allows connecting one VPC with
the other. It enables the route traffic between two VPCs using IPv6 and Ipv4 addresses.
Instances within the VPCs behave like as they are in the same network.

Q11): What is the procedure to send a request to Amazon S3?

Ans: S3 in Amazon is a RESt service, and you can send requests by using the AWS SDK or
REST API wrapper libraries.

[ Related Blog: Tools of Cloud Computing ]

Q12): What are NAT gateways?

Ans: Network Address Translation (NAT) allows instances to connect in a private subnet with the
internet and other AWS services. NAT prevents the internet to have an initial connection with the
instances.

Q13): What is SNS?

Ans: Amazon Simple Notification Service (SNS )is a web service provided by AWS. It manages
and delivers messages or notifications to users and clients from any cloud platform. In SNS,
there are two types of clients: subscribers and publishers. Publishers produce and send a
message to the subscriber instance through the communication channels. Subscribers receive
notification from the publisher over one of the supported protocols such as Amazon SQS, HTTP,
and Lambda, etc. Amazon SNS automatically triggers the service and sends an email with a
message that “ your EC2 instance is growing” when you are using Auto Scaling.

Q14): What is SQS?

Ans: Amazon SQS stands for Simple Queue Service, and it manages the message queue
service. Using this service, you can move the data or message from one application to another
even though it is not in the running or active state. SQS sends messages between multiple
services, including S3, DynamoDB, EC2 Instance, and also it uses the Java message queue
service to deliver the information. The maximum visibility timeout of a message is 12 hours in the
SQS queue.

[ Related Article: AWS SQS Tutorial ]

Q15): What are the types of queues in SQS?

Ans: There are two types of queues in SQS. They are as follows:

Standard Queues: It is a default queue type. It provides an unlimited number of transactions per
second and at least one message delivery option.

FIFO Queues: FIFO queues are designed to ensure that the order of messages is received and
sent is strictly preserved as in the exact order that they sent.

Q16): Explain the types of instances available?

Ans: Below stated are the available instances:

 General-purpose

 Storage optimized

 Accelerated computing

 Computer-optimized
  Memory-optimized
Q17): Explain about DynamoDB?

Ans: If you want to have a faster and flexible NoSQL database, then the right thing available
is DynamoDB, which is a flexible and efficient database model available in Amazon web
services.

Q18): What is Glacier?

Ans: Amazon Glacier is one of the most important services provided by AWS. The Glacier is an
online web storage service that provides you with low-cost and effective storage with security
features for archival and data backup. With Glacier, you can store the information effectively for
months, years, or even decades.

Q19): What is Redshift?

Ans: Redshift is a big data product used as a data warehouse in the cloud. It is the fast, reliable,
and powerful product of a big data warehouse.

[ Related Article: Redshift Tutorial ]

Q20): What are the Types of AMI Provided by AWS?

Ans: Below listed are the two kinds of AMIs provided by AWS:

 EBS backed

 Instance store backed

Till now, you have seen basic interview questions. Now, we will move to the Intermediate
Questions.

Amazon Web Services Interview Questions - Intermediate Level

Q21): What is an ELB?

Ans: Elastic Load Balancer( ELB) is a load balancing service offered by AWS. It distributes
incoming resources and controls the application traffic to meet traffic demands.
Q22): What are the types of load balancers in EC2?

Ans: There are three types of load balancers in EC2. They are as follows:

Application Load Balancer: The application load balancer designed to make routing decisions
at the application layer. ALC supports dynamic host port mapping and path-based routings.

Network Load Balancer: Network load balancer is designed to make routing decisions at the
transport layer. It handles millions of requests per second. Using the flow hash routing algorithm,
NCL selects the target from the target groups after receiving a connection from the load
balancer.

Classic Load Balancer: Classic load balancer is designed to make routing decisions either at
the application layer or transport layer. It requires a fixed relationship between the container
instance port and the load balancer port.

Q23): Explain what is a T2 instance?

Ans: T2 instance is one of the low-cost Amazon instances that provides a baseline level of CPU
performance.

Q24): Mention the security best practices for Amazon EC2.

Ans: Security best practices for Amazon EC2 are as below:

  Security and network

 Storage

 Resource Management

 Recovery and Backup

Q25): While connecting to your instance, what are the possible connection issues one might
face?

Ans: The following are the connection issues faced by the user:

 User key not recognized by the server

 Permission denied

 Connection timeout

 Cannot connect using user’s browser

 Server unexpectedly closed network connection

 Unprotected private key

 Cannot ping the instance

 Server refused host key

 The private key must begin with “BEGIN RSA PRIVATE KEY” and end with “ END
RSA PRIVATE KEY.”
Q26): What are key pairs in AWS?

Ans: Amazon EC2 uses both public and private keys to encrypt and decrypt the login
information. The sender uses a public key to encrypt the data and the receiver uses a private key
to decrypt the data. Private and public keys are known as key pairs. The public key enables you
to access the instance securely and a private key is used instead of a password.

Q27): What is SimpleDB?

Ans: SimpleDB is one of Amazon's services offered by AWS. It is a distributed database and
highly available NoSQL data store that offloads the work of database administrators.

Q28): What is Elastic Beanstalk?

Ans: Elastic Beanstalk is the best service offered by AWS for deploying and managing
applications. It assists applications developed in Java, .Net, Node.js, PHP, Ruby, and Python.
When you deploy the application, Elastic beanstalk builts the selected supported platform
versions and AWS services like S3, SNS, EC2, cloud watch, and autoscaling to run your
application.

Q29): Mention a few benefits of the Elastic beanstalk.

Ans: Following are the few benefits of the Elastic Beanstalk:

1. Easy and simple: Elastic Beanstalk enables you to manage and deploy the application
easily and quickly.
2. Autoscaling: Beanstalk scales up or down automatically when your application traffic
increases or decreases.
3. Developer productivity: Developers can easily deploy the application without any
knowledge, but they need to maintain the application securely and user-friendly.
4. Cost-effective: No charge for Beanstalk. Charges are applied for the AWS service
resources which you are using for your application.
5. Customization: Elastic Beanstalk allows users to select the configurations of AWS
services that users want to use for application development.
6. Management and updates: It updates the application automatically when it changes the
platform. Platform updates and infrastructure management are taken care of by AWS
professionals.

Q30): Define regions and availability zones in Amazon EC2.

Ans: Amazon web service has a global infrastructure that is divided into availability zones and
regions. Each region is divided into a geographic area and it has multiple isolated locations
called availability zones.

Q31): What is Amazon EC2 Root Device Volume?

Ans: When the developer launches the instance, the root device volume is used to boot the
instance that contains the image. When the developer introduces the Amazon EC2, all AMIs are
propped up by an Amazon EC2 instance store.

Q32): What is Server Load Balancing?

Ans: A Server load balancer (SLB) provides content delivery and networking services using load
balancing algorithms. SLB distributes the network traffic equally across a group of servers to
ensure high-performance application delivery.
Q33): How does a server load balancer work?

Ans: The server load balancer works based on two approaches. They are:

 Transport level load balancing

 Application-level load balancing

Q34): What are the advantages of the Server load balancer?

Ans: The advantages of server load balancer are as follows:

 Increases scalability

 Redundancy

 Maintenance and performance

Q35): Explain the process to secure the data for carrying in the cloud.

Ans: One thing that must be taken into consideration is that no one should resize the data while
it is moving from one point to another. The other thing to consider is there should not be any kind
of leakage with the security key from the multiple storerooms in the cloud. Dividing the
information into different types and encrypting it into valid methods could help you in securing the
data in the cloud.

Q36): What are the layers available in cloud computing?

Ans: Below listed are the various layers of cloud computing

SaaS: Software as a Service

PaaS: Platform as a Service

IaaS: Infrastructure as a Service

[ Related Article: Cloud Computing Platform ]

Q37): Explain the layers of Cloud architecture?

Ans: We have five different types of layers available, which are:

 SC- Storage controller

 CC- cluster controller

 NC- Node controller

 Walrus

 CLC- cloud controller

Q38): What are the reserved instances?

Ans: It is nothing but a reservation of resources for one or three years and utilized whenever you
need it. The reservation comes on a subscription basis available for a term of 1 year and three
years. The hourly rate goes down as the usage increases. Purchasing reservations isn’t just
associated with the reservation of resources, but also, it comes with the capacity that is required
for a particular zone.

Q39): What is meant by a cloud watch?

Ans: Cloud watching is a monitoring tool in Amazon Web Services with which you can monitor
different resources of your organization. You can have a look at various things like health,
applications, network, etc.

Q40): How many types of cloud watches do we have?

Ans: We have two types of cloud watches: essential monitoring and detailed monitoring. The
necessary tracking will come to you free of cost, but when it comes to detailed control, you need
to pay for it.
Q41): Explain the cloud watch metrics that are meant for EC2 instances?

Ans: The available metrics for EC2 instances are Disk reads, CPU utilization, network packets
out, CPUCreditUsage, Disk writes, network packets, networkOut, and CPUCreditBalance.

Q42): What would be the minimum and maximum size of the individual objects that you can
store in S3?

Ans: The minimum size of the object that you can store in S3 is 0 bytes, and the maximum size
of an individual object that you can save is 5TB.

Q43): Explain the various storage classes available in S3?

Ans: Below mentioned are the storage classes available in S3.

 Standard frequency accessed

 One-zone infrequency accessed

 RRS - reduced redundancy storage

 Standard infrequency accessed

 Glacier
Q44): What are the methods to encrypt the data in S3?

Ans: We have three different methods available for encrypting the data in S3. They are as
follows.

 Server-Side Encryption - C

 Server-Side Encryption - S3

 Server-Side Encryption - KMS

Q45): On what basis the pricing of the S3 is decided?

Ans: The pricing for S3 is decided by taking into consideration the below topics.

1. Data transfer
2. Storage used
3. Number of requests
4. Transfer acceleration
5. Storage management

AWS Interview Questions - Advanced Level

Below are the Advanced AWS Interview Questions for Experienced Professionals

Q46): Is the property of broadcast or multicast supported by Amazon VPC?

Ans: No, at present, Amazon VPC is not supporting any multicast or broadcast.

Q47): How many IP addresses are allowed for each account in AWS?

Ans: For each AWS account, 5 VPC elastic addresses are allowed.

Q48): What is meant by Edge location?

Ans: The actual content is cached at the places called edge locations. So whenever a user
searches for the content, he will find the same at the edge locations.

Q49): What is Snowball?

Ans: Snowball is an option available in AWS to transport. Using snowball, one can transfer the
data into AWS and out of it. It helps us in transporting massive amounts of data from one
destination to another. It helps in lowering the networking expenditure.

Q50): Explain the advantages of auto-scaling?

Ans: Below listed are the advantages of autoscaling.

 Better availability

 Better cost management

 High fault-tolerant
Q51): What is a Subnet?

Ans: When a large amount of IP addresses are divided into small chunks, then these tiny chunks
are called Subnets.

Q52): What is the number of subnets that we can have per VPC?

Ans: Under one VPC, we can have 200 subnets.

Q53): What is AWS CloudTrail?

Ans: AWS Cloudtrail is an AWS service that helps you to enable governance, risk auditing, and
compliance of your AWS account. Cloud trail records events when actions are taken by the role,
user, or an AWS service. Events include when actions are taken by AWS command-line
interface, AWS management console, APIs, and AWS SDKs.

Q54): What is meant by Elasticache?

Ans: Elasticache is a web service that makes the path easier to deploy and store the data in the
cloud easily.

Q55): Explain AWS Lambda.

Ans: AWS Lambda is a computational service that enables you to run code without maintaining
any servers. It automatically executes the code whenever needed. You are required to pay for
the time that you have used it for. Lambda enables you to run the code virtually for any kind of
application without managing any servers.

Q56): What is Geo Restriction in CloudFront?

Ans: It is an important feature available in AWS which helps you in preventing the users from
accessing the content from specific regions. CloudFront is useful for distributing the content only
to desired locations.

Q57): What is Amazon EMR?

Ans: Amazon EMR is a survived cluster stage and it helps you to create data structures before
the intimation. Big data technologies such as Apache Hadoop and Spark are the tools that
enable you to investigate a large amount of data. You can use the data for making analytical
goals by using the apache hive and other relevant open source technologies.

Q58): What is the actual boot time taken to instance stored-backend AMI?

Ans: It takes less than 5 minutes to store the instance-backed AMI.

Q59): Explain the essential features of the Amazon cloud search.

Ans: Below listed are the essential features of Amazon cloud search.
  Prefixes Searches

 Enter text search

 Boolean searches

 Range searches

 Autocomplete Advice
Q60): Give a few examples of DB engines that are used in AWS RDS.

Ans: Following are few examples of DB engines that are used in AWS RDS:

 MariaDB

 OracleDB

 MS-SQL DB

 MYSQL DB

 Postgre DB
Q61): What is the security group?

Ans: In AWS the in and out traffic to instances is controlled with virtual firewalls which are known
as Security groups. Security groups allow you to control traffic based on various aspects such as
protocol, port, and source destination.

Q62): What is the difference between block storage and file storage?

Ans:

Block Storage: it functions at a lower level and manages the data asset of blocks.

File Storage: The file storage operates at a higher level or operational level and manages data
in the form of files and folders.

Q63): Explain the types of Routing policies available in Amazon route S3.

Ans:

 Latency-based

 Weighted
  Failover

 Simple

 Geolocation
Q64): List the default tables that we get when we create AWS VPC.

Ans:

 Network ACL

 Security group

 Route table
Q65): List the different ways to access AWS.

Ans: We have three different ways to access AWS, such as:

 Console

 SDK

 CLI
Q66): What are the EBS volumes?

Ans: The EBS is the abbreviation for Elastic Block Stores. These blocks act as a persistent
volume that can be attached to the instances. The EBS volumes will store the data even if you
stop the instances.

Q67): How can you control the security of your VPC?

Ans: You can use security groups, network access controls (ACLs), and flow logs to control your
VPC security.

Most Frequently Asked AWS Interview Questions - FAQs

Q68): Does Amazon support region base services on all services?

Ans: No, it is not providing region-specific usage on all its services. But most of the services are
region-based.

Q69): What is EBS in AWS?

Ans: Elastic block storage (EBS) is a storage system that is used to store persistent data. EBS is
designed to provide block-level storage volumes and to use EC2 instances for both transactions
and throughput-intensive workloads at any scale.

Q70): How many AWS services are there in 2020?

Ans: As of September 2019, the AWS Serverless Application repository is available in the AWS
GovCloud (US-East) region. With this service, the availability of services is increased to a total of
18 AWS regions across North America, South America, the EU, and the Asia Pacific.

Q71): Which AWS region is the cheapest?

Ans: The US standard is the cheapest region; it is also the most established AWS region.

Q72): What is the maximum size of an S3 bucket?

Ans: The maximum size of an S3 bucket is 5 terabytes.

Q73): What are the most popular AWS Services?

Ans: Following are the most popular AWS Services:

1. Amazon S3
2. AWS Lambda
3. Amazon Glacier
4. Amazon EC2
5. Amazon SNS
6. Amazon CloudFront
7. Amazon EBS
8. Amazon Kinesis
9. Amazon VPC
10. Amazon SQ

Q74): Is AWS RDS free?

Ans: Yes, AWS RDS is a free tier. RDS helps the AWS customers to get started with the
management database service in the cloud for free.

Q75): What is the difference between EBS and S3?

Ans: Difference between EBS and S3

 EBS S3
Highly scalable Less scalable
It is a block storage It is an object storage
EBS is faster than S3 S3 is slower than EBS
User can access EBS only via the given EC2 instance Anyone can access S3; it is a public instance.
It supports the File system interface It supports Web interface
Q76): Is Amazon S3 a global service?

Ans: Yes, Amazon S3 is a global service. It provides object storage through the web interface
and it uses the Amazon scalable storage infrastructure to run its global e-commerce network.

Q77): What are the benefits of AWS?

Ans: AWS provides services to its users at a low cost. Amazon web services are easy to use
and the user should not worry about security, servers, and databases. Amazon web services
have several benefits which make user rely on them.

Q1) What is AWS?

Answer: AWS stands for Amazon Web Services. AWS is a platform that
provides on-demand resources for hosting web services, storage, networking,
databases and other resources over the internet with a pay-as-you-go pricing.
Q2) What are the components of AWS?

Answer:EC2 – Elastic Compute Cloud, S3 – Simple Storage Service, Route53,

EBS – Elastic Block Store, Cloudwatch, Key-Paris are few of the components of
AWS.
Q3) What are key-pairs?

Answer:Key-pairs are secure login information for your instances/virtual

machines. To connect to the instances we use key-pairs that contain a public-
key and private-key.
Q4) What is S3?

Answer:S3 stands for Simple Storage Service. It is a storage service that

provides an interface that you can use to store any amount of data, at any
time, from anywhere in the world. With S3 you pay only for what you use and
the payment model is pay-as-you-go.
Q5) What are the pricing models for EC2instances?

Answer:The different pricing model for EC2 instances are as below,

 On-demand

 Reserved

 Spot

 Scheduled

 Dedicated
Q6) What are the types of volumes for EC2 instances?

Answer:

 There are two types of volumes,

 Instance store volumes

 EBS – Elastic Block Stores

Q7) What are EBS volumes?

Answer:EBS stands for Elastic Block Stores. They are persistent volumes that
you can attach to the instances. With EBS volumes, your data will be
preserved even when you stop your instances, unlike your instance store
volumes where the data is deleted when you stop the instances.
Q8) What are the types of volumes in EBS?

Answer:Following are the types of volumes in EBS,

 General purpose

 Provisioned IOPS

 Magnetic

 Cold HDD

 Throughput optimized
Q9) What are the different types of instances?

Answer: Following are the types of instances,

 General purpose
  Computer Optimized

 Storage Optimized

 Memory Optimized

 Accelerated Computing
Q10) What is an auto-scaling and what are the components?

Answer: Auto scaling allows you to automatically scale-up and scale-down the
number of instances depending on the CPU utilization or memory utilization.
There are 2 components in Auto scaling, they are Auto-scaling groups and
Launch Configuration.
Get AWS Online Training
Q11) What are reserved instances?

Answer: Reserved instances are the instance that you can reserve a fixed
capacity of EC2 instances. In reserved instances you will have to get into a
contract of 1 year or 3 years.
Q12)What is an AMI?

Answer: AMI stands for Amazon Machine Image. AMI is a template that
contains the software configurations, launch permission and a block device
mapping that specifies the volume to attach to the instance when it is
launched.
Q13) What is an EIP?

Answer: EIP stands for Elastic IP address. It is designed for dynamic cloud
computing. When you want to have a static IP address for your instances
when you stop and restart your instances, you will be using EIP address.
Q14) What is Cloudwatch?

Answer: Cloudwatch is a monitoring tool that you can use to monitor your
various AWS resources. Like health check, network, Application, etc.
Q15) What are the types in cloudwatch?
Answer: There are 2 types in cloudwatch. Basic monitoring and detailed
monitoring. Basic monitoring is free and detailed monitoring is chargeable.
Q16) What are the cloudwatch metrics that are available for EC2
instances?

Answer: Diskreads, Diskwrites, CPU utilization, networkpacketsIn,

networkpacketsOut, networkIn, networkOut, CPUCreditUsage,
CPUCreditBalance.
Q17) What is the minimum and maximum size of individual objects that
you can store in S3

Answer: The minimum size of individual objects that you can store in S3 is 0
bytes and the maximum bytes that you can store for individual objects is
5TB.
Q18) What are the different storage classes in S3?

Answer: Following are the types of storage classes in S3,

 Standard frequently accessed

 Standard infrequently accessed

 One-zone infrequently accessed.

 Glacier

 RRS – reduced redundancy storage

Q19) What is the default storage class in S3?

Answer: The default storage class in S3 in Standard frequently accessed.

Became an AWS Expert with Certification in 25hours
Q20) What is glacier?

Answer: Glacier is the back up or archival tool that you use to back up your
data in S3.
Q21) How can you secure the access to your S3 bucket?

Answer: There are two ways that you can control the access to your S3
buckets,

 ACL – Access Control List

  Bucket polices
Q22) How can you encrypt data in S3?

Answer: You can encrypt the data by using the below methods,

 Server Side Encryption – S3 (AES 256 encryption)

 Server Side Encryption – KMS (Key management Service)

 Server Side Encryption – C (Client Side)

Q23) What are the parameters for S3 pricing?

Answer: The pricing model for S3 is as below,

 Storage used

 Number of requests you make

 Storage management

 Data transfer

 Transfer acceleration
Q24) What is the pre-requisite to work with Cross region replication in S3?

Answer: You need to enable versioning on both source bucket and destination
to work with cross region replication. Also both the source and destination
bucket should be in different region.
Q25) What are roles?

Answer: Roles are used to provide permissions to entities that you trust
within your AWS account. Roles are users in another account. Roles are
similar to users but with roles you do not need to create any username and
password to work with the resources.
Q26) What are policies and what are the types of policies?

Answer: Policies are permissions that you can attach to the users that you
create. These policies will contain that access that you have provided to the
users that you have created. There are 2 types of policies.

 Managed policies
  Inline policies
Q27) What is cloudfront?

Answer: Cloudfront is an AWS web service that provided businesses and

application developers an easy and efficient way to distribute their content
with low latency and high data transfer speeds. Cloudfront is content delivery
network of AWS.
Q28) What are edge locations?

Answer: Edge location is the place where the contents will be cached. When a
user tries to access some content, the content will be searched in the edge
location. If it is not available then the content will be made available from the
origin location and a copy will be stored in the edge location.
Q29) What is the maximum individual archive that you can store in
glacier?

Answer: You can store a maximum individual archive of upto 40 TB.

Get AWS 100% Practical Training
Q30) What is VPC?

Answer: VPC stands for Virtual Private Cloud. VPC allows you to easily
customize your networking configuration. VPC is a network that is logically
isolated from other network in the cloud. It allows you to have your own IP
address range, subnets, internet gateways, NAT gateways and security
groups.
Q31) What is VPC peering connection?

Answer: VPC peering connection allows you to connect 1 VPC with another
VPC. Instances in these VPC behave as if they are in the same network.
Q32) What are NAT gateways?

Answer: NAT stands for Network Address Translation. NAT gateways enables
instances in a private subnet to connect to the internet but prevent the
internet from initiating a connection with those instances.
Q33) How can you control the security to your VPC?
Answer: You can use security groups and NACL (Network Access Control List)
to control the security to your
VPC.
Q34) What are the different types of storage gateway?

Answer: Following are the types of storage gateway.

 File gateway

 Volume gateway

 Tape gateway
Q35) What is a snowball?

Answer: Snowball is a data transport solution that used source appliances to

transfer large amounts of data into and out of AWS. Using snowball, you can
move huge amount of data from one place to another which reduces your
network costs, long transfer times and also provides better security.
Q36) What are the database types in RDS?

Answer: Following are the types of databases in RDS,

 Aurora

 Oracle

 MYSQL server

 Postgresql

 MariaDB

 SQL server
Q37) What is a redshift?

Answer: Amazon redshift is a data warehouse product. It is a fast and

powerful, fully managed, petabyte scale data warehouse service in the cloud.
Q38) What is SNS?
Answer: SNS stands for Simple Notification Service. SNS is a web service that
makes it easy to notifications from the cloud. You can set up SNS to receive
email notification or message notification.
Q39) What are the types of routing polices in route53?

Answer: Following are the types of routing policies in route53,

 Simple routing

 Latency routing

 Failover routing

 Geolocation routing

 Weighted routing

 Multivalue answer
Q40) What is the maximum size of messages in SQS?

Answer: The maximum size of messages in SQS is 256 KB.

Q41) What are the types of queues in SQS?

Answer: There are 2 types of queues in SQS.

 Standard queue

 FIFO (First In First Out)

Q42) What is multi-AZ RDS?

Answer: Multi-AZ (Availability Zone) RDS allows you to have a replica of your
production database in another availability zone. Multi-AZ (Availability Zone)
database is used for disaster recovery. You will have an exact copy of your
database. So when your primary database goes down, your application will
automatically failover to the standby database.
Q43) What are the types of backups in RDS database?

Answer: There are 2 types of backups in RDS database.

 Automated backups

 Manual backups which are known as snapshots.

 Q44) What is the difference between security groups and network access
control list?

Answer:

Security Groups Network access control list

Can control the access at the instance level Can control access at the subnet l

Can add rules for “allow” only Can add rules for both “allow” and

Rules are processed in order numb

Evaluates all rules before allowing the traffic
traffic.

Can assign unlimited number of security groups Can assign upto 5 security groups

Statefull filtering Stateless filtering

Q45) What are the types of load balancers in EC2?

Answer: There are 3 types of load balancers,

 Application load balancer

 Network load balancer

 Classic load balancer

Become an AWS Certified Expert in 25Hours
Q46) What is and ELB?

Answer: ELB stands for Elastic Load balancing. ELB automatically distributes
the incoming application traffic or network traffic across multiple targets like
EC2, containers, IP addresses.
Q47) What are the two types of access that you can provide when you
are creating users?

Answer: Following are the two types of access that you can create.

 Programmatic access

 Console access
Q48) What are the benefits of auto scaling?
Answer: Following are the benefits of auto scaling

 Better fault tolerance

 Better availability

 Better cost management

Q49) What are security groups?

Answer: Security groups acts as a firewall that contains the traffic for one or
more instances. You can associate one or more security groups to your
instances when you launch then. You can add rules to each security group
that allow traffic to and from its associated instances. You can modify the
rules of a security group at any time, the new rules are automatically and
immediately applied to all the instances that are associated with the security
group
Get AWS Online Training
Q50) What are shared AMI’s?

Answer: Shared AMI’s are the AMI that are created by other developed and
made available for other developed to use.
Q51)What is the difference between the classic load balancer and
application load balancer?

Answer: Dynamic port mapping, multiple port multiple listeners is used in

Application Load Balancer, One port one listener is achieved via Classic Load
Balancer
Q52) By default how many Ip address does aws reserve in a subnet?

Answer: 5
Q53) What is meant by subnet?

Answer: A large section of IP Address divided in to chunks are known as

subnets
Q54) How can you convert a public subnet to private subnet?

Answer: Remove IGW & add NAT Gateway, Associate subnet in Private route
table
Q55) Is it possible to reduce a ebs volume?

Answer: no it’s not possible, we can increase it but not reduce them
Q56) What is the use of elastic ip are they charged by AWS?

Answer: These are ipv4 address which are used to connect the instance
from internet, they are charged if the instances are not attached to it
Q57) One of my s3 is bucket is deleted but i need to restore is there any
possible way?

Answer: If versioning is enabled we can easily restore them

Q58) When I try to launch an ec2 instance i am getting Service
limit exceed, how to fix the issue?

Answer: By default AWS offer service limit of 20 running instances per region,
to fix the issue we need to contact AWS support to increase the limit based
on the requirement
Q59) I need to modify the ebs volumes in Linux and windows is it possible

Answer: yes its possible from console use modify volumes in section give the
size u need then for windows go to disk management for Linux mount it to
achieve the modification
Get AWS Online Training
Q60) Is it possible to stop a RDS instance, how can I do that?

Answer: Yes it’s possible to stop rds. Instance which are non-production and
non multi AZ’s
Q61) What is meant by parameter groups in rds. And what is the use of
it?

Answer: Since RDS is a managed service AWS offers a wide set

of parameter in RDS as parameter group which is modified as per
requirement
Q62) What is the use of tags and how they are useful?

Answer: Tags are used for identification and grouping AWS Resources
Q63) I am viewing an AWS Console but unable to launch the instance, I
receive an IAM Error how can I rectify it?
Answer: As AWS user I don’t have access to use it, I need to have permissions
to use it further
Q64) I don’t want my AWS Account id to be exposed to users how can I
avoid it?

Answer: In IAM console there is option as sign in url where I can rename my
own account name with AWS account
Q65) By default how many Elastic Ip address does AWS Offer?

Answer: 5 elastic ip per region

Q66) You are enabled sticky session with ELB. What does it do with your
instance?

Answer: Binds the user session with a specific instance

Q67) Which type of load balancer makes routing decisions at either the
transport layer or the
Application layer and supports either EC2 or VPC.

Answer: Classic Load Balancer

Q68) Which is virtual network interface that you can attach to an instance
in a VPC?

Answer: Elastic Network Interface

Q69) You have launched a Linux instance in AWS EC2. While configuring
security group, you
Have selected SSH, HTTP, HTTPS protocol. Why do we need to select SSH?

Answer: To verify that there is a rule that allows traffic from EC2 Instance to
your computer
Q70) You have chosen a windows instance with Classic and you want to
make some change to the
Security group. How will these changes be effective?

Answer: Changes are automatically applied to windows instances

Q71) Load Balancer and DNS service comes under which type of cloud
service?

Answer: IAAS-Storage
Q72) You have an EC2 instance that has an unencrypted volume. You
want to create another
Encrypted volume from this unencrypted volume. Which of the following
steps can achieve this?

Answer: Create a snapshot of the unencrypted volume (applying encryption

parameters), copy the. Snapshot and create a volume from the copied
snapshot
Q73) Where does the user specify the maximum number of instances
with the auto scaling Commands?

Answer: Auto scaling Launch Config

Q74) Which are the types of AMI provided by AWS?

Answer: Instance Store backed, EBS Backed

Q75) After configuring ELB, you need to ensure that the user requests are
always attached to a Single instance. What setting can you use?

Answer: Sticky session

Q76) When do I prefer to Provisioned IOPS over the Standard RDS
storage?

Answer:If you have do batch-oriented is workloads.

Q77) If I am running on my DB Instance a Multi-AZ deployments, can I use
to the stand by the DB Instance for read or write a operation along with to
primary DB instance?

Answer: Primary db instance does not working.

Q78) Which the AWS services will you use to the collect and the process e-
commerce data for the near by real-time analysis?

Answer: Good of Amazon DynamoDB.

Q79) A company is deploying the new two-tier an web application in AWS.
The company has to limited on staff and the requires high availability, and
the application requires to complex queries and table joins. Which
configuration provides to the solution for company’s requirements?

Answer: An web application provide on Amazon DynamoDB solution.

Q80) Which the statement use to cases are suitable for Amazon
DynamoDB?
Answer:The storing metadata for the Amazon S3 objects& The Running of
relational joins and complex an updates.
Q81) Your application has to the retrieve on data from your user’s mobile
take every 5 minutes and then data is stored in the DynamoDB, later
every day at the particular time the data is an extracted into S3 on a per
user basis and then your application is later on used to visualize the data
to user. You are the asked to the optimize the architecture of the backend
system can to lower cost, what would you recommend do?

Answer: Introduce Amazon Elasticache to the cache reads from the Amazon
DynamoDB table and to reduce the provisioned read throughput.
Q82) You are running to website on EC2 instances can deployed across
multiple Availability Zones with an Multi-AZ RDS MySQL Extra Large DB
Instance etc. Then site performs a high number of the small reads and the
write per second and the relies on the eventual consistency model. After
the comprehensive tests you discover to that there is read contention on
RDS MySQL. Which is the best approaches to the meet these
requirements?

Answer:The Deploy Elasti Cache in-memory cache is running in each

availability zone and Then Increase the RDS MySQL Instance size and the
Implement provisioned IOPS.
Q83) An startup is running to a pilot deployment of around 100 sensors to
the measure street noise and The air quality is urban areas for the 3
months. It was noted that every month to around the 4GB of sensor data
are generated. The company uses to a load balanced take auto scaled
layer of the EC2 instances and a RDS database with a 500 GB standard
storage. The pilot was success and now they want to the deploy take
atleast 100K sensors.let which to need the supported by backend. You
need to the stored data for at least 2 years to an analyze it. Which setup
of following would you be prefer?

Answer: The Replace the RDS instance with an 6 node Redshift cluster with
take 96TB of storage.
Q84) Let to Suppose you have an application where do you have to render
images and also do some of general computing. which service will be best
fit your need?

Answer:Used on Application Load Balancer.

Q85) How will change the instance give type for the instances, which are
the running in your applications tier and Then using Auto Scaling. Where
will you change it from areas?
Answer: Changed to Auto Scaling launch configuration areas.
Q86) You have an content management system running on the Amazon
EC2 instance that is the approaching 100% CPU of utilization. Which
option will be reduce load on the Amazon EC2 instance?

Answer: Let Create a load balancer, and Give register the Amazon EC2
instance with it.
Q87) What does the Connection of draining do?

Answer: The re-routes traffic from the instances which are to be updated (or)
failed an health to check.
Q88) When the instance is an unhealthy, it is do terminated and replaced
with an new ones, which of the services does that?

Answer: The survice make a fault tolerance.

Q89) What are the life cycle to hooks used for the AutoScaling?

Answer: They are used to the put an additional taken wait time to the scale
in or scale out events.
Are You Interested in AWS Course ? Click here
Q90) An user has to setup an Auto Scaling group. Due to some issue the
group has to failed for launch a single instance for the more than 24
hours. What will be happen to the Auto Scaling in the condition?

Answer: The auto Scaling will be suspend to the scaling process.

Q91) You have an the EC2 Security Group with a several running to EC2
instances. You changed to the Security of Group rules to allow the
inbound traffic on a new port and protocol, and then the launched a
several new instances in the same of Security Group.Such the new rules
apply?

Answer:The Immediately to all the instances in security groups.

Q92) To create an mirror make a image of your environment in another
region for the disaster recoverys, which of the following AWS is resources
do not need to be recreated in second region?

Answer: May be the selected on Route 53 Record Sets.

Q93) An customers wants to the captures all client connections to get
information from his load balancers at an interval of 5 minutes only, which
cal select option should he choose for his application?
Answer: The condition should be Enable to AWS CloudTrail for the
loadbalancers.
Q94) Which of the services to you would not use to deploy an app?

Answer: Lambda app not used on deploy.

Q95) How do the Elastic Beanstalk can apply to updates?

Answer: By a duplicate ready with a updates prepare before swapping.

Q96) An created a key in the oregon region to encrypt of my data in North
Virginia region for security purposes. I added to two users to the key and
the external AWS accounts. I wanted to encrypt an the object in S3, so
when I was tried, then key that I just created is not listed.What could be
reason&solution?

Answer:The Key should be working in the same region.

Q97) As a company needs to monitor a read and write IOPS for the AWS
MySQL RDS instances and then send real-time alerts to the operations of
team. Which AWS services to can accomplish this?

Answer:The monitoring on Amazon CloudWatch

Q98) The organization that is currently using the consolidated billing has to
recently acquired to another company that already has a number of the AWS
accounts. How could an Administrator to ensure that all the AWS accounts,
from the both existing company and then acquired company, is billed to the
single account?
Answer: All Invites take acquired the company’s AWS account to join
existing the company’s of organization by using AWS Organizations.
Q99) The user has created an the applications, which will be hosted on the
EC2. The application makes calls to the Dynamo DB to fetch on certain
data. The application using the DynamoDB SDK to connect with the EC2
instance. Which of respect to best practice for the security in this
scenario?

Answer: The user should be attach an IAM roles with the DynamoDB access
to EC2 instance.
Q100) You have an application are running on EC2 Instance, which will
allow users to download the files from a private S3 bucket using the pre-
assigned URL. Before generating to URL the Q101) application should be
verify the existence of file in S3. How do the application use the AWS
credentials to access S3 bucket securely?

Answer:An Create an IAM role for the EC2 that allows list access to objects in
S3 buckets. Launch to instance with this role, and retrieve an
role’s credentials from EC2 Instance make metadata.
Q101) You use the Amazon CloudWatch as your primary monitoring
system for web application. After a recent to software deployment, your
users are to getting Intermittent the 500 Internal Server to the Errors,
when you using web application. You want to create the
CloudWatch alarm, and notify the on-call engineer let when these occur.
How can you accomplish the using the AWS services?

Answer: An Create a CloudWatch get Logs to group and A define metric filters
that assure capture 500 Internal Servers should be Errors. Set a CloudWatch
alarm on the metric and By Use of Amazon Simple to create a Notification
Service to notify an the on-call engineers when prepare CloudWatch alarm is
triggered.
Q102) You are designing a multi-platform of web application for the AWS.
The application will run on the EC2 instances and Till will be accessed
from PCs, tablets and smart phones.Then Supported accessing a platforms
are Windows, MACOS, IOS and Android. They Separate sticky sessions and
SSL certificate took setups are required for the different platform types.
Which do describes the most cost effective and Like performance efficient
the architecture setup?

Answer:Assign to multiple ELBs an EC2 instance or group of EC2 take

instances running to common component of the web application, one
ELB change for each platform type.Take Session will be stickiness and SSL
termination are done for the ELBs.
Q103) You are migrating to legacy client-server application for AWS. The
application responds to a specific DNS visible domain (e.g.
www.example.com) and server 2-tier architecture, with multiple
application for the servers and the database server. Remote clients use to
TCP to connect to the application of servers. The application servers need
to know the IP address of clients in order to the function of properly and
are currently taking of that information from TCP socket. A Multi-AZ RDS
MySQL instance to will be used for database. During the migration you
change the application code but you have file a change request. How do
would you implement the architecture on the AWS in order to maximize
scalability and high availability?
Answer: File a change request to get implement of Proxy Protocol support in
the application. Use of ELB with TCP Listener and A Proxy Protocol enabled to
distribute the load on two application servers in the different AZs.
Q104) Your application currently is leverages AWS Auto Scaling to the
grow and shrink as a load Increases/decreases and has been performing
as well. Your marketing a team expects and steady ramp up in traffic to
follow an upcoming campaign that will result in 20x growth in the traffic
over 4 weeks. Your forecast for approximate number of the Amazon EC2
instances necessary to meet peak demand is 175. What should be you do
avoid potential service disruptions during the ramp up traffic?

Answer: Check the service limits in the Trusted Advisors and adjust as
necessary, so that forecasted count remains within the limits.
Q105) You have a web application running on the six Amazon EC2
instances, consuming about 45% of resources on the each instance. You
are using the auto-scaling to make sure that a six instances are running at
all times. The number of requests this application processes to consistent
and does not experience to spikes. Then application are critical to your
business and you want to high availability for at all times. You want to the
load be distributed evenly has between all instances. You also want to
between use same Amazon Machine Image (AMI) for all instances. Which
are architectural choices should you make?

Answer: Deploy to 3 EC2 instances in one of availability zone and 3 in

another availability of zones and to use of Amazon Elastic is Load Balancer.
Q106) You are the designing an application that a contains protected
health information. Security and Then compliance requirements for your
application mandate that all protected to health information in application
use to encryption at rest and in the transit module. The application to
uses an three-tier architecture. where should data flows through the load
balancers and is stored on the Amazon EBS volumes for the processing,
and the results are stored in the Amazon S3 using a AWS SDK. Which of
the options satisfy the security requirements?

Answer: Use TCP load balancing on load balancer system, SSL termination on
Amazon to create EC2 instances, OS-level disk take encryption on Amazon
EBS volumes, and The amazon S3 with server-side to encryption and Use the
SSL termination on load balancers, an SSL listener on the Amazon to create
EC2 instances, Amazon EBS encryption on the EBS volumes containing the
PHI, and Amazon S3 with a server-side of encryption.
Q107) An startup deploys its create photo-sharing site in a VPC. An elastic
load balancer distributes to web traffic across two the subnets. Then the
load balancer session to stickiness is configured to use of AWS-generated
session cookie, with a session TTL of the 5 minutes. The web server to
change Auto Scaling group is configured as like min-size=4, max-size=4.
The startup is the preparing for a public launchs, by running the load-
testing software installed on the single Amazon Elastic Compute Cloud
(EC2) instance to running in us-west-2a. After 60 minutes of load-testing,
the web server logs of show the following:WEBSERVER LOGS | # of HTTP
requests to from load-tester system | # of HTTP requests to from private
on beta users || webserver #1 (subnet an us-west-2a): | 19,210 | 434 |
webserver #2 (subnet an us-west-2a): | 21,790 | 490 || webserver #3
(subnet an us-west-2b): | 0 | 410 || webserver #4 (subnet an us-west-2b):
| 0 | 428 |Which as recommendations can be help of ensure that load-
testing HTTP requests are will evenly distributed across to four web
servers?

Answer:Result of cloud is re-configure the load-testing software to the re-

resolve DNS for each web request.
Q108) To serve the Web traffic for a popular product to your chief financial
officer and IT director have purchased 10 m1.large heavy utilization of
Reserved Instances (RIs) evenly put spread across two availability zones:
Route 53 are used to deliver the traffic to on Elastic Load Balancer (ELB).
After the several months, the product grows to even more popular and
you need to additional capacity As a result, your company that purchases
two c3.2xlarge medium utilization RIs You take register the two c3.2xlarge
instances on with your ELB and quickly find that the ml of large instances
at 100% of capacity and the c3.2xlarge instances have significant to
capacity that’s can unused Which option is the most of cost effective and
uses EC2 capacity most of effectively?

Answer: To use a separate ELB for the each instance type and the distribute
load to ELBs with a Route 53 weighted round of robin.
Q109) An AWS customer are deploying an web application that is the
composed of a front-end running on the Amazon EC2 and confidential
data that are stored on the Amazon S3. The customer security policy is
that all accessing operations to this sensitive data must authenticated and
authorized by centralized access to management system that is operated
by separate security team. In addition, the web application team that be
owns and administers the EC2 web front-end instances are prohibited
from having the any ability to access data that circumvents this
centralized access to management system. Which are configurations will
support these requirements?
Answer:The configure to the web application get authenticate end-users
against the centralized access on the management system. Have a web
application provision trusted to users STS tokens an entitling the download of
the approved data directly from a Amazon S3.
Q110) A Enterprise customer is starting on their migration to the cloud,
their main reason for the migrating is agility and they want to the make
their internal Microsoft active directory available to the many applications
running on AWS, this is so internal users for only have to remember one
set of the credentials and as a central point of user take control for the
leavers and joiners. How could they make their actions the directory
secures and the highly available with minimal on-premises on
infrastructure changes in the most cost and the time-efficient way?

Answer: By Using a VPC, they could be create an the extension to their data
center and to make use of resilient hardware IPSEC on tunnels, they could
then have two domain consider to controller instances that are joined to the
existing domain and reside within the different subnets in the different
availability zones.
Get AWS Online Training!
Q111) What is Cloud Computing?

Answer:Cloud computing means it provides services to access programs,

application, storage, network, server over the internet through browser or
client side application on your PC, Laptop, Mobile by the end user without
installing, updating and maintaining them.
Cloud computing is a cloud platform service that provides you with theon-
demand services that can range from compute, databases, storage,
networking, applications and so on. Cloud computing follows your pay-as-you-
go model where you are going to pay only for what you are using.
Q112) Why we go for Cloud Computing?

Answer:

 Lower computing cost

 Improved Performance

 No IT Maintenance
  Business connectivity

 Easily upgraded

 Device Independent
Q113) What are the deployment models using in Cloud?

Answer:

 Private Cloud

 Public Cloud

 Hybrid cloud

 Community cloud 4
Q114) Explain Cloud Service Models?

Answer: SAAS (Software as a Service): It is software distribution model in

which application are hosted by a vendor over the internet for the end user
freeing from complex software and hardware management. (Ex: Google
drive, drop box)
PAAS (Platform as a Service): It provides platform and environment to allow
developers to build applications. It frees developers without going into the
complexity of building and maintaining the infrastructure. (Ex: AWS Elastic
Beanstalk, Windows Azure)
IAAS (Infrastructure as a Service): It provides virtualized computing resources
over the internet like cpu, memory, switches, routers, firewall, Dns, Load
balancer (Ex: Azure, AWS)
Q115) What are the advantage of Cloud Computing?

Answer:

 Pay per use

 Scalability

 Elasticity

 High Availability

 Increase speed and Agility

  Go global in Minutes
Q116) What is AWS?

Answer: Amazon web service is a secure cloud services platform offering

compute, power, database, storage, content delivery and other functionality
to help business scale and grow.
AWS is fully on-demand
AWS is Flexibility, availability and Scalability
AWS is Elasticity: scale up and scale down as needed.
Q117) What is mean by Region, Availability Zone and Edge Location?

Answer: Region: An independent collection of AWS resources in a defined

geography. A collection of Data centers (Availability zones). All availability
zones in a region connected by high bandwidth.
Availability Zones: An Availability zone is a simply a data center. Designed as
independent failure zone. High speed connectivity, Low latency.
Edge Locations: Edge location are the important part of AWS Infrastructure.
Edge locations are CDN endpoints for cloud front to deliver content to end
user with low latency
Q118) How to access AWS Platform?

Answer:

 AWS Console

 AWS CLI (Command line interface)

 AWS SDK (Software Development Kit)

Q119) What is EC2? What are the benefits in EC2?

Amazon Elastic compute cloud is a web service that provides resizable

compute capacity in the cloud.AWS EC2 provides scalable computing
capacity in the AWS Cloud. These are the virtual servers also called as an
instances. We can use the instances pay per use basis.
Benefits:

 Easier and Faster

  Elastic and Scalable

 High Availability

 Cost-Effective
Q120) What are the pricing models available in AWS EC2?

Answer:

 On-Demand Instances

 Reserved Instances

 Spot Instances

 Dedicated Host
Q121) What are the types using in AWS EC2?

Answer:

 General Purpose

 Compute Optimized

 Memory optimized

 Storage Optimized

 Accelerated Computing (GPU Based)

Q122) What is AMI? What are the types in AMI?

Answer:
Amazon machine image is a special type of virtual appliance that is used to
create a virtual machine within the amazon Elastic compute cloud. AMI
defines the initial software that will be in an instance when it is launched.
Types of AMI:

 Published by AWS

 AWS Marketplace

 Generated from existing instances

 Uploaded virtual server

Q123) How to Addressing AWS EC2 instances?
Answer:

 Public Domain name system (DNS) name: When you launch an

instance AWS creates a DNS name that can be used to access the

 Public IP: A launched instance may also have a public ip address

This IP address assigned from the address reserved by AWS and
cannot be specified.

 Elastic IP: An Elastic IP Address is an address unique on the internet

that you reserve independently and associate with Amazon EC2
instance. This IP Address persists until the customer release it and
is not tried to
Q124) What is Security Group?

Answer: AWS allows you to control traffic in and out of your instance through
virtual firewall called Security groups. Security groups allow you to control
traffic based on port, protocol and source/Destination.
Q125) When your instance show retired state?

Answer:Retired state only available in Reserved instances. Once the reserved

instance reserving time (1 yr/3 yr) ends it shows Retired state.
Q126) Scenario: My EC2 instance IP address change automatically while
instance stop and start. What is the reason for that and explain solution?

Answer:AWS assigned Public IP automatically but it’s change dynamically

while stop and start. In that case we need to assign Elastic IP for that
instance, once assigned it doesn’t change automatically.
Q127) What is Elastic Beanstalk?

Answer:AWS Elastic Beanstalk is the fastest and simplest way to get an

application up and running on AWS.Developers can simply upload their code
and the service automatically handle all the details such as resource
provisioning, load balancing, Auto scaling and Monitoring.
Q128) What is Amazon Lightsail?
Answer:Lightsail designed to be the easiest way to launch and manage a
virtual private server with AWS.Lightsail plans include everything you need to
jumpstart your project a virtual machine, ssd based storage, data transfer,
DNS Management and a static ip.
Q129) What is EBS?

Answer:Amazon EBS Provides persistent block level storage volumes for use
with Amazon EC2 instances. Amazon EBS volume is automatically replicated
with its availability zone to protect component failure offering high
availability and durability. Amazon EBS volumes are available in a variety of
types that differ in performance characteristics and Price.
Q130) How to compare EBS Volumes?

Answer: Magnetic Volume: Magnetic volumes have the lowest performance

characteristics of all Amazon EBS volume types.
EBS Volume size: 1 GB to 1 TB Average IOPS: 100 IOPS Maximum throughput:
40-90 MB
General-Purpose SSD: General purpose SSD volumes offers cost-effective
storage that is ideal for a broad range of workloads. General purpose SSD
volumes are billed based on the amount of data space provisioned regardless
of how much of data you actually store on the volume.
EBS Volume size: 1 GB to 16 TB Maximum IOPS: upto 10000 IOPS Maximum
throughput: 160 MB
Provisioned IOPS SSD: Provisioned IOPS SSD volumes are designed to meet
the needs of I/O intensive workloads, particularly database workloads that
are sensitive to storage performance and consistency in random access I/O
throughput. Provisioned IOPS SSD Volumes provide predictable, High
performance.
EBS Volume size: 4 GB to 16 TB Maximum IOPS: upto 20000 IOPS Maximum
throughput: 320 MB
Q131) What is cold HDD and Throughput-optimized HDD?
Answer: Cold HDD: Cold HDD volumes are designed for less frequently
accessed workloads. These volumes are significantly less expensive than
throughput-optimized HDD volumes.
EBS Volume size: 500 GB to 16 TB Maximum IOPS: 200 IOPS Maximum
throughput: 250 MB
Throughput-Optimized HDD: Throughput-optimized HDD volumes are low cost
HDD volumes designed for frequent access, throughput-intensive workloads
such as big data, data warehouse.
EBS Volume size: 500 GB to 16 TB Maximum IOPS: 500 IOPS Maximum
throughput: 500 MB
Q132) What is Amazon EBS-Optimized instances?

Answer: Amazon EBS optimized instances to ensure that the Amazon EC2
instance is prepared to take advantage of the I/O of the Amazon EBS Volume.
An amazon EBS-optimized instance uses an optimized configuration stack
and provide additional dedicated capacity for Amazon EBS I/When you select
Amazon EBS-optimized for an instance you pay an additional hourly charge
for that instance.
Q133) What is EBS Snapshot?

Answer:

 It can back up the data on the EBS Volume. Snapshots are

incremental backups.

 If this is your first snapshot it may take some time to create.

Snapshots are point in time copies of volumes.
Q134) How to connect EBS volume to multiple instance?

Answer: We can’t able to connect EBS volume to multiple instance, but we

can able to connect multiple EBS Volume to single instance.
Q135) What are the virtualization types available in AWS?

Answer: Hardware assisted Virtualization: HVM instances are presented with

a fully virtualized set of hardware and they executing boot by executing
master boot record of the root block device of the image. It is default
Virtualization.
Para virtualization: This AMI boot with a special boot loader called PV-GRUB.
The ability of the guest kernel to communicate directly with the hypervisor
results in greater performance levels than other virtualization approaches
but they cannot take advantage of hardware extensions such as networking,
GPU etc. Its customized Virtualization image. Virtualization image can be
used only for particular service.
Q136) Differentiate Block storage and File storage?

Answer:
Block Storage: Block storage operates at lower level, raw storage device level
and manages data as a set of numbered, fixed size blocks.
File Storage: File storage operates at a higher level, the operating system
level and manage data as a named hierarchy of files and folders.
Q137) What are the advantage and disadvantage of EFS? Advantages:

Answer:

 Fully managed service

 File system grows and shrinks automatically to petabytes

 Can support thousands of concurrent connections

 Multi AZ replication

 Throughput scales automatically to ensure consistent low latency

Disadvantages:

 Not available in all region

 Cross region capability not available

 More complicated to provision compared to S3 and EBS

Q138) what are the things we need to remember while creating s3
bucket?

Answer:
  Amazon S3 and Bucket names are

 This means bucket names must be unique across all AWS

 Bucket names can contain upto 63 lowercase letters, numbers,

hyphens and

 You can create and use multiple buckets

 You can have upto 100 per account by

Q139) What are the storage class available in Amazon s3?

Answer:

 Amazon S3 Standard

 Amazon S3 Standard-Infrequent Access

 Amazon S3 Reduced Redundancy Storage

 Amazon Glacier
Get AWS Online Training
Q140) Explain Amazon s3 lifecycle rules?

Answer: Amazon S3 lifecycle configuration rules, you can significantly reduce

your storage costs by automatically transitioning data from one storage class
to another or even automatically delete data after a period of time.

 Store backup data initially in Amazon S3 Standard

 After 30 days, transition to Amazon Standard IA

 After 90 days, transition to Amazon Glacier

 After 3 years, delete

Q141) What is the relation between Amazon S3 and AWS KMS?

Answer: To encrypt Amazon S3 data at rest, you can use several variations of
Server-Side Encryption. Amazon S3 encrypts your data at the object level as
it writes it to disks in its data centers and decrypt it for you when you access
it’ll SSE performed by Amazon S3 and AWS Key Management Service (AWS
KMS) uses the 256-bit Advanced Encryption Standard (AES).
Q142) What is the function of cross region replication in Amazon S3?
Answer: Cross region replication is a feature allows you asynchronously
replicate all new objects in the source bucket in one AWS region to a target
bucket in another region. To enable cross-region replication, versioning must
be turned on for both source and destination buckets. Cross region
replication is commonly used to reduce the latency required to access objects
in Amazon S3
Q143) How to create Encrypted EBS volume?

Answer: You need to select Encrypt this volume option in Volume creation
page. While creation a new master key will be created unless you select a
master key that you created separately in the service. Amazon uses the AWS
key management service (KMS) to handle key management.
Q144) Explain stateful and Stateless firewall.

Answer:
Stateful Firewall: A Security group is a virtual stateful firewall that controls
inbound and outbound network traffic to AWS resources and Amazon EC2
instances. Operates at the instance level. It supports allow rules only. Return
traffic is automatically allowed, regardless of any rules.
Stateless Firewall: A Network access control List (ACL) is a virtual stateless
firewall on a subnet level. Supports allow rules and deny rules. Return traffic
must be explicitly allowed by rules.
Q145) What is NAT Instance and NAT Gateway?

Answer:
NAT instance: A network address translation (NAT) instance is an Amazon
Linux machine Image (AMI) that is designed to accept traffic from instances
within a private subnet, translate the source IP address to the Public IP
address of the NAT instance and forward the traffic to IWG.
NAT Gateway: A NAT gateway is an Amazon managed resources that is
designed to operate just like a NAT instance but it is simpler to manage and
highly available within an availability Zone. To allow instance within a private
subnet to access internet resources through the IGW via a NAT gateway.
Q146) What is VPC Peering?

Answer: Amazon VPC peering connection is a networking connection between

two amazon vpc’s that enables instances in either Amazon VPC to
communicate with each other as if they are within the same network. You can
create amazon VPC peering connection between your own Amazon VPC’s or
Amazon VPC in another AWS account within a single region.
Q147) What is MFA in AWS?

Answer: Multi factor Authentication can add an extra layer of security to your
infrastructure by adding a second method of authentication beyond just
password or access key.
Q148) What are the Authentication in AWS?

Answer:

 User Name/Password

 Access Key

 Access Key/ Session Token

Q149) What is Data warehouse in AWS?

Data ware house is a central repository for data that can come from one or
more sources. Organization typically use data warehouse to compile reports
and search the database using highly complex queries. Data warehouse also
typically updated on a batch schedule multiple times per day or per hour
compared to an OLTP (Online Transaction Processing) relational database
that can be updated thousands of times per second.
Q150) What is mean by Multi-AZ in RDS?

Answer: Multi AZ allows you to place a secondary copy of your database in

another availability zone for disaster recovery purpose. Multi AZ deployments
are available for all types of Amazon RDS Database engines. When you
create s Multi-AZ DB instance a primary instance is created in one Availability
Zone and a secondary instance is created by another Availability zone.
Q151) What is Amazon Dynamo DB?
Answer: Amazon Dynamo DB is fully managed NoSQL database service that
provides fast and predictable performance with seamless scalability. Dynamo
DB makes it simple and Cost effective to store and retrieve any amount of
data.
Q152) What is cloud formation?

Answer: Cloud formation is a service which creates the AWS infrastructure

using code. It helps to reduce time to manage resources. We can able to
create our resources Quickly and faster.
Q153) How to plan Auto scaling?

Answer:

 Manual Scaling

 Scheduled Scaling

 Dynamic Scaling
Q154) What is Auto Scaling group?

Answer: Auto Scaling group is a collection of Amazon EC2 instances managed

by the Auto scaling service. Each auto scaling group contains configuration
options that control when auto scaling should launch new instance or
terminate existing instance.
Q155) Differentiate Basic and Detailed monitoring in cloud watch?

Answer:
Basic Monitoring: Basic monitoring sends data points to Amazon cloud watch
every five minutes for a limited number of preselected metrics at no charge.
Detailed Monitoring: Detailed monitoring sends data points to amazon
CloudWatch every minute and allows data aggregation for an additional
charge.
Q156) What is the relationship between Route53 and Cloud front?

Answer: In Cloud front we will deliver content to edge location wise so here
we can use Route 53 for Content Delivery Network. Additionally, if you are
using Amazon CloudFront you can configure Route 53 to route Internet traffic
to those resources.
Q157) What are the routing policies available in Amazon Route53?

Answer:

 Simple

 Weighted

 Latency Based

 Failover

 Geolocation
Q158) What is Amazon ElastiCache?

Answer: Amazon ElastiCache is a web services that simplifies the setup and
management of distributed in memory caching environment.

 Cost Effective

 High Performance

 Scalable Caching Environment

 Using Memcached or Redis Cache Engine

Q159) What is SES, SQS and SNS?

Answer: SES (Simple Email Service): SES is SMTP server provided by Amazon
which is designed to send bulk mails to customers in a quick and cost-
effective manner.SES does not allows to configure mail server.
SQS (Simple Queue Service): SQS is a fast, reliable and scalable, fully
managed message queuing service. Amazon SQS makes it simple and cost
Effective. It’s temporary repository for messages to waiting for processing
and acts as a buffer between the component producer and the consumer.
SNS (Simple Notification Service): SNS is a web service that coordinates and
manages the delivery or sending of messages to recipients.
Q160) How To Use Amazon Sqs? What Is Aws?
Answer:Amazon Web Services is a secure cloud services stage, offering
compute power, database storage, content delivery and other functionality to
help industries scale and grow.
Q161) What is the importance of buffer in AWS?

Answer:low price – Consume only the amount of calculating, storage and

other IT devices needed. No long-term assignation, minimum spend or up-
front expenditure is required.
Elastic and Scalable – Quickly Rise and decrease resources to applications to
satisfy customer demand and control costs. Avoid provisioning maintenance
up-front for plans with variable consumption speeds or low lifetimes.
Q162) What is the way to secure data for resounding in the cloud?

Answer:

 Avoid storage sensitive material in the cloud. …

 Read the user contract to find out how your cloud service storing
works. …

 Be serious about passwords. …

 Encrypt. …

 Use an encrypted cloud service.

Q163) Name The Several Layers Of Cloud Computing?

Answer:Cloud computing can be damaged up into three main services:

Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-
as-a-Service (PaaS). PaaS in the middle, and IaaS on the lowest
Q164) What Is Lambda edge In Aws?

Answer:Lambda Edge lets you run Lambda functions to modify satisfied that
Cloud Front delivers, executing the functions in AWS locations closer to the
viewer. The functions run in response to Cloud Front events, without
provisioning or managing server.
Q165) Distinguish Between Scalability And Flexibility?
Answer:Cloud computing offers industries flexibility and scalability when it
comes to computing needs:
Flexibility. Cloud computing agrees your workers to be more flexible – both in
and out of the workplace. Workers can access files using web-enabled
devices such as smartphones, laptops and notebooks. In this way, cloud
computing empowers the use of mobile technology.
One of the key assistances of using cloud computing is its scalability. Cloud
computing allows your business to easily expensive or downscale your IT
requests as and when required. For example, most cloud service workers will
allow you to increase your existing resources to accommodate increased
business needs or changes. This will allow you to support your commercial
growth without exclusive changes to your present IT systems.
Q166) What is IaaS?

Answer:IaaS is a cloud service that runs services on “pay-for-what-you-use”

basis
IaaS workers include Amazon Web Services, Microsoft Azure and Google
Compute Engine
Users: IT Administrators
Q167) What is PaaS?

Answer:PaaS runs cloud platforms and runtime environments to develop, test

and manage software
Users: Software Developers
Q168) What is SaaS?

Answer:In SaaS, cloud workers host and manage the software application on
a pay-as-you-go pricing model
Users: End Customers
Q169) Which Automation Gears Can Help With Spinup Services?

Answer:The API tools can be used for spin up services and also for the written
scripts. Persons scripts could be coded in Perl, bash or other languages of
your preference. There is one more option that is flowery management and
stipulating tools such as a dummy or improved descendant. A tool called
Scalar can also be used and finally we can go with a controlled explanation
like a Right scale. Which automation gears can help with pinup service.
Q170) What Is an Ami? How Do I Build One?

Answer:An Amazon Machine Image (AMI) explains the programs and settings
that will be applied when you launch an EC2 instance. Once you have finished
organizing the data, services, and submissions on your ArcGIS Server
instance, you can save your work as a custom AMI stored in Amazon EC2. You
can scale out your site by using this institution AMI to launch added instances
Use the following process to create your own AMI using the AWS
Administration Console:
*Configure an EC2 example and its attached EBS volumes in the exact way
you want them created in the custom AMI.

1. Log out of your instance, but do not stop or terminate it.

2. Log in to the AWS Management Console, display the EC2 page for your
region, then click Instances.

3. Choose the instance from which you want to create a custom AMI.

4. Click Actions and click Create Image.

5. Type a name for Image Name that is easily identifiable to you and,
optionally, input text for Image Description.

6. Click Create Image.

Read the message box that appears. To view the AMI standing, go to the
AMIs page. Here you can see your AMI being created. It can take a though to
create the AMI. Plan for at least 20 minutes, or slower if you’ve connected a
lot of additional applications or data.
Q171) What Are The Main Features Of Amazon Cloud Front?

Answer:Amazon Cloud Front is a web service that speeds up delivery of your

static and dynamic web content, such as .html, .css, .js, and image files, to
your users.CloudFront delivers your content through a universal network of
data centers called edge locations
Q172) What Are The Features Of The Amazon Ec2 Service?

Answer:Amazon Elastic Calculate Cloud (Amazon EC2) is a web service that

provides secure, resizable compute capacity in the cloud. It is designed to
make web-scale cloud calculating easier for designers. Amazon EC2’s simple
web serviceinterface allows you to obtain and configure capacity with
minimal friction.
Q173) Explain Storage For Amazon Ec2 Instance.?

Answer:An instance store is a provisional storing type located on disks that

are physically attached to a host machine. … This article will present you to
the AWS instance store storage type, compare it to AWS Elastic Block Storage
(AWS EBS), and show you how to backup data stored on instance stores to
AWS EBS
Amazon SQS is a message queue service used by scattered requests to
exchange messages through a polling model, and can be used to decouple
sending and receiving components
Q174) When attached to an Amazon VPC which two components provide
connectivity with external networks?

Answer:

 Internet Gateway {IGW)

 Virtual Private Gateway (VGW)

Q175) Which of the following are characteristics of Amazon VPC subnets?

Answer:

 Each subnet maps to a single Availability Zone.

 By defaulting, all subnets can route between each other, whether

they are private or public.
Q176) How can you send request to Amazon S3?
Answer:Every communication with Amazon S3 is either genuine or
anonymous. Authentication is a process of validating the individuality of the
requester trying to access an Amazon Web Services (AWS) product. Genuine
requests must include a autograph value that authenticates the request
sender. The autograph value is, in part, created from the requester’s AWS
access keys (access key identification and secret access key).
Q177) What is the best approach to anchor information for conveying in
the cloud ?

Answer:Backup Data Locally. A standout amongst the most vital interesting

points while overseeing information is to guarantee that you have
reinforcements for your information,

 Avoid Storing Sensitive Information. …

 Use Cloud Services that Encrypt Data. …

 Encrypt Your Data. …

 Install Anti-infection Software. …

 Make Passwords Stronger. …

 Test the Security Measures in Place.

Q178) What is AWS Certificate Manager ?

Answer:AWS Certificate Manager is an administration that lets you

effortlessly arrangement, oversee, and send open and private Secure Sockets
Layer/Transport Layer Security (SSL/TLS) endorsements for use with AWS
administrations and your inward associated assets. SSL/TLS declarations are
utilized to anchor arrange interchanges and set up the character of sites over
the Internet and additionally assets on private systems. AWS Certificate
Manager expels the tedious manual procedure of obtaining, transferring, and
reestablishing SSL/TLS endorsements.
Q179) What is the AWS Key Management Service

Answer:AWS Key Management Service (AWS KMS) is an overseen benefit that

makes it simple for you to make and control the encryption keys used to
scramble your information. … AWS KMS is additionally coordinated with AWS
CloudTrail to give encryption key use logs to help meet your inspecting,
administrative and consistence needs.
Q180)

What is Amazon EMR ?

Answer:Amazon Elastic MapReduce (EMR) is one such administration that

gives completely oversaw facilitated Hadoop system over Amazon Elastic
Compute Cloud (EC2).
Q181) What is Amazon Kinesis Firehose ?

Answer:Amazon Kinesis Data Firehose is the least demanding approach to

dependably stack gushing information into information stores and
examination devices. … It is a completely overseen benefit that consequently
scales to coordinate the throughput of your information and requires no
continuous organization
Q182) What Is Amazon CloudSearch and its highlights ?

Answer:Amazon CloudSearch is a versatile cloud-based hunt benefit that

frames some portion of Amazon Web Services (AWS). CloudSearch is
normally used to incorporate tweaked seek abilities into different
applications. As indicated by Amazon, engineers can set a pursuit application
up and send it completely in under 60 minutes.
Q183) Is it feasible for an EC2 exemplary occurrence to wind up an
individual from a virtual private cloud?

Answer:Amazon Virtual Private Cloud (Amazon VPC) empowers you to

characterize a virtual system in your very own consistently disengaged zone
inside the AWS cloud, known as a virtual private cloud (VPC). You can
dispatch your Amazon EC2 assets, for example, occasions, into the subnets of
your VPC. Your VPC nearly looks like a conventional system that you may
work in your very own server farm, with the advantages of utilizing adaptable
foundation from AWS. You can design your VPC; you can choose its IP
address extend, make subnets, and arrange course tables, organize portals,
and security settings. You can interface occurrences in your VPC to the web
or to your own server farm
Q184) Mention crafted by an Amazon VPC switch.

Answer:VPCs and Subnets. A virtual private cloud (VPC) is a virtual system

committed to your AWS account. It is consistently segregated from other
virtual systems in the AWS Cloud. You can dispatch your AWS assets, for
example, Amazon EC2 cases, into your VPC.
Q185) How would one be able to associate a VPC to corporate server
farm?

Answer:AWS Direct Connect empowers you to safely associate your AWS

condition to your on-premises server farm or office area over a standard 1
gigabit or 10 gigabit Ethernet fiber-optic association. AWS Direct Connect
offers committed fast, low dormancy association, which sidesteps web access
suppliers in your system way. An AWS Direct Connect area gives access to
Amazon Web Services in the locale it is related with, and also access to
different US areas. AWS Direct Connect enables you to consistently parcel the
fiber-optic associations into numerous intelligent associations called Virtual
Local Area Networks (VLAN). You can exploit these intelligent associations
with enhance security, separate traffic, and accomplish consistence
necessities.
Q186) Is it conceivable to push off S3 with EC2 examples ?

Answer:Truly, it very well may be pushed off for examples with root
approaches upheld by local event stockpiling. By utilizing Amazon S3,
engineers approach the comparative to a great degree versatile, reliable,
quick, low-valued information stockpiling substructure that Amazon uses to
follow its own overall system of sites. So as to perform frameworks in the
Amazon EC2 air, engineers utilize the instruments giving to stack their
Amazon Machine Images (AMIs) into Amazon S3 and to exchange them
between Amazon S3 and Amazon EC2. Extra use case may be for sites
facilitated on EC2 to stack their stationary substance from S3.
Q187) What is the distinction between Amazon S3 and EBS ?

Answer:EBS is for mounting straightforwardly onto EC2 server examples. S3

is Object Oriented Storage that isn’t continually waiting be gotten to (and is
subsequently less expensive). There is then much less expensive AWS Glacier
which is for long haul stockpiling where you don’t generally hope to need to
get to it, however wouldn’t have any desire to lose it.
There are then two principle kinds of EBS – HDD (Hard Disk Drives, i.e.
attractive turning circles), which are genuinely ease back to access, and SSD,
which are strong state drives which are excessively quick to get to, yet
increasingly costly.

 Finally, EBS can be purchased with or without Provisioned IOPS.

 Obviously these distinctions accompany related estimating

contrasts, so it merits focusing on the distinctions and utilize the
least expensive that conveys the execution you require.
Q188) What do you comprehend by AWS?

Answer:This is one of the generally asked AWS engineer inquiries questions.

This inquiry checks your essential AWS learning so the appropriate response
ought to be clear. Amazon Web Services (AWS) is a cloud benefit stage which
offers figuring power, investigation, content conveyance, database
stockpiling, sending and some different administrations to help you in your
business development. These administrations are profoundly versatile, solid,
secure, and cheap distributed computing administrations which are plot to
cooperate and, applications in this manner made are further developed and
escalade.
Q189) Clarify the principle components of AWS?

Answer:The principle components of AWS are:

Highway 53: Route53 is an exceptionally versatile DNS web benefit.
Basic Storage Service (S3): S3 is most generally utilized AWS stockpiling web
benefit.
Straightforward E-mail Service (SES): SES is a facilitated value-based email
benefit and enables one to smoothly send deliverable messages utilizing a
RESTFUL API call or through an ordinary SMTP.
Personality and Access Management (IAM): IAM gives enhanced character
and security the board for AWS account.
Versatile Compute Cloud (EC2): EC2 is an AWS biological community focal
piece. It is in charge of giving on-request and adaptable processing assets
with a “pay as you go” estimating model.
Flexible Block Store (EBS): EBS offers consistent capacity arrangement that
can be found in occurrences as a customary hard drive.
CloudWatch: CloudWatch enables the controller to viewpoint and accumulate
key measurements and furthermore set a progression of cautions to be
advised if there is any inconvenience.
This is among habitually asked AWS engineer inquiries questions. Simply find
the questioner psyche and solution appropriately either with parts name or
with the portrayal alongside.
Get AWS Online Training
Q190) I’m not catching your meaning by AMI? What does it incorporate?

Answer:You may run over at least one AMI related AWS engineer inquiries
amid your AWS designer meet. Along these lines, set yourself up with a
decent learning of AMI.
AMI represents the term Amazon Machine Image. It’s an AWS format which
gives the data (an application server, and working framework, and
applications) required to play out the dispatch of an occasion. This AMI is the
duplicate of the AMI that is running in the cloud as a virtual server. You can
dispatch occurrences from the same number of various AMIs as you require.
AMI comprises of the followings:
A pull volume format for a current example
Launch authorizations to figure out which AWS records will inspire the AMI so
as to dispatch the occasions
Mapping for square gadget to compute the aggregate volume that will be
appended to the example at the season of dispatch
Q191) Is vertically scale is conceivable on Amazon occurrence?

Answer:Indeed, vertically scale is conceivable on Amazon example.

This is one of the normal AWS engineer inquiries questions. In the event that
the questioner is hoping to find a definite solution from you, clarify the
system for vertical scaling.
Q192) What is the association among AMI and Instance?

Answer:Various sorts of examples can be propelled from one AMI. The sort of
an occasion for the most part manages the equipment segments of the host
PC that is utilized for the case. Each kind of occurrence has unmistakable
registering and memory adequacy.
When an example is propelled, it gives a role as host and the client
cooperation with it is same likewise with some other PC however we have a
totally controlled access to our occurrences. AWS engineer inquiries
questions may contain at least one AMI based inquiries, so set yourself up for
the AMI theme exceptionally well.
Q193) What is the distinction between Amazon S3 and EC2?

Answer:The contrast between Amazon S3 and EC2 is given beneath:

Amazon S3
Amazon EC2
The significance of S3 is Simple Storage Service. The importance of EC2 is
Elastic Compute Cloud.
It is only an information stockpiling administration which is utilized to store
huge paired files. It is a cloud web benefit which is utilized to have the
application made.
It isn’t required to run a server. It is sufficient to run a server.
It has a REST interface and utilizations secure HMAC-SHA1 validation keys. It
is much the same as a tremendous PC machine which can deal with
application like Python, PHP, Apache and some other database.
When you are going for an AWS designer meet, set yourself up with the ideas
of Amazon S3 and EC2, and the distinction between them.
Q194) What number of capacity alternatives are there for EC2 Instance?

Answer:There are four stockpiling choices for Amazon EC2 Instance:

 Amazon EBS

 Amazon EC2 Instance Store

 Amazon S3

 Adding Storage

Amazon EC2 is the basic subject you may run over while experiencing AWS
engineer inquiries questions. Get a careful learning of the EC2 occurrence
and all the capacity alternatives for the EC2 case.
Q195) What are the security best practices for Amazon Ec2 examples?

Answer:There are various accepted procedures for anchoring Amazon EC2

occurrences that are pertinent whether occasions are running on-preface
server farms or on virtual machines. How about we view some broad
prescribed procedures:
Minimum Access: Make beyond any doubt that your EC2 example has
controlled access to the case and in addition to the system. Offer access
specialists just to the confided in substances.
Slightest Privilege: Follow the vital guideline of minimum benefit for cases
and clients to play out the capacities. Produce jobs with confined access for
the occurrences.
Setup Management: Consider each EC2 occasion a design thing and use AWS
arrangement the executives administrations to have a pattern for the setup
of the occurrences as these administrations incorporate refreshed enemy of
infection programming, security highlights and so forth.
Whatever be the activity job, you may go over security based AWS inquiries
questions. Along these lines, motivate arranged with this inquiry to break the
AWS designer meet.
Q196) Clarify the highlights of Amazon EC2 administrations.

Answer:Amazon EC2 administrations have following highlights:

 Virtual Computing Environments

 Proffers Persistent capacity volumes

 Firewall approving you to indicate the convention

 Pre-designed layouts

 Static IP address for dynamic Cloud Computing

Q197) What is the system to send a demand to Amazon S3?

Answer: Reply: There are 2 different ways to send a demand to Amazon S3 –

 Using REST API

 Using AWS SDK Wrapper Libraries, these wrapper libraries wrap the
REST APIs for Amazon
Q198) What is the default number of basins made in AWS?

Answer:This is an extremely straightforward inquiry yet positions high among

AWS engineer inquiries questions. Answer this inquiry straightforwardly as
the default number of pails made in each AWS account is 100.
Q199) What is the motivation behind T2 examples?

Answer:T2 cases are intended for

Providing moderate gauge execution
Higher execution as required by outstanding task at hand
Q200) What is the utilization of the cradle in AWS?

Answer:This is among habitually asked AWS designer inquiries questions.

Give the appropriate response in straightforward terms, the cradle is
primarily used to oversee stack with the synchronization of different parts i.e.
to make framework blame tolerant. Without support, segments don’t utilize
any reasonable technique to get and process demands. Be that as it may, the
cushion makes segments to work in a decent way and at a similar speed,
hence results in quicker administrations.
Q201) What happens when an Amazon EC2 occurrence is halted or
ended?

Answer:At the season of ceasing an Amazon EC2 case, a shutdown is

performed in a typical way. From that point onward, the changes to the
ceased state happen. Amid this, the majority of the Amazon EBS volumes are
stayed joined to the case and the case can be begun whenever. The
occurrence hours are not included when the occasion is the ceased state.
At the season of ending an Amazon EC2 case, a shutdown is performed in an
ordinary way. Amid this, the erasure of the majority of the Amazon EBS
volumes is performed. To stay away from this, the estimation of credit
deleteOnTermination is set to false. On end, the occurrence additionally
experiences cancellation, so the case can’t be begun once more.
Became an AWS Expert with Certification in 25hours
Q202) What are the mainstream DevOps devices?

Answer:In an AWS DevOps Engineer talk with, this is the most widely
recognized AWS inquiries for DevOps. To answer this inquiry, notice the well
known DevOps apparatuses with the kind of hardware –

 Jenkins – Continuous Integration Tool

 Git – Version Control System Tool

 Nagios – Continuous Monitoring Tool

 Selenium – Continuous Testing Tool

 Docker – Containerization Tool

 Puppet, Chef, Ansible – Deployment and Configuration

Administration Tools.
Q203) What are IAM Roles and Policies, What is the difference between
IAM Roles and Policies.

Answer:Roles are for AWS services, Where we can assign permission of some
AWS service to other Service.
Example – Giving S3 permission to EC2 to access S3 Bucket Contents.
Policies are for users and groups, Where we can assign permission to user’s
and groups.
Example – Giving permission to user to access the S3 Buckets.
Q204) What are the Defaults services we get when we create custom AWS
VPC?

Answer:

 Route Table

 Network ACL

 Security Group
Q205) What is the Difference Between Public Subnet and Private Subnet ?

Answer:Public Subnet will have Internet Gateway Attached to its associated

Route Table and Subnet, Private Subnet will not have the Internet Gateway
Attached to its associated Route Table and Subnet
Public Subnet will have internet access and Private subnet will not have the
internet access directly.
Q206) How do you access the Ec2 which has private IP which is in private
Subnet ?

Answer: We can access using VPN if the VPN is configured into that Particular
VPC where Ec2 is assigned to that VPC in the Subnet. We can access using
other Ec2 which has the Public access.
Q207) We have a custom VPC Configured and MYSQL Database server
which is in Private Subnet and we need to update the MYSQL Database
Server, What are the Option to do so.

Answer:By using NAT Gateway in the VPC or Launch a NAT Instance ( Ec2)
Configure or Attach the NAT Gateway in Public Subnet ( Which has Route
Table attached to IGW) and attach it to the Route Table which is Already
attached to the Private Subnet.
Q208) What are the Difference Between Security Groups and Network
ACL
Answer:

Security Groups Network ACL

Attached to Ec2 instance Attached to a subnet.

Stateful – Changes made in incoming rules is Stateless – Changes made in in

automatically applied to the outgoing rule not applied to the outgoing rule

Blocking IP Address can’t be done IP Address can be Blocked

Allow rules only, by default all rules are denied Allow and Deny can be Used.

Q209) What are the Difference Between Route53 and ELB?

Answer:Amazon Route 53 will handle DNS servers. Route 53 give you web
interface through which the DNS can be managed using Route 53, it is
possible to direct and failover traffic. This can be achieved by using DNS
Routing Policy.
One more routing policy is Failover Routing policy. we set up a health check
to monitor your application endpoints. If one of the endpoints is not available,
Route 53 will automatically forward the traffic to other endpoint.
Elastic Load Balancing
ELB automatically scales depends on the demand, so sizing of the load
balancers to handle more traffic effectively when it is not required.
Q210) What are the DB engines which can be used in AWS RDS?

Answer:

 MariaDB

 MYSQL DB

 MS SQL DB

 Postgre DB

 Oracle DB
Q211) What is Status Checks in AWS Ec2?
Answer: System Status Checks – System Status checks will look into problems
with instance which needs AWS help to resolve the issue. When we see
system status check failure, you can wait for AWS to resolve the issue, or do
it by our self.

 Network connectivity

 System power

 Software issues Data Centre’s

 Hardware issues

 Instance Status Checks – Instance Status checks will look into

issues which need our involvement to fix the issue. if status check
fails, we can reboot that particular instance.

 Failed system status checks

 Memory Full

 Corrupted file system

 Kernel issues
Q212) To establish a peering connections between two VPC’s What
condition must be met?

Answer:

 CIDR Block should overlap

 CIDR Block should not overlap

 VPC should be in the same region

 VPC must belong to same account.

 CIDR block should not overlap between vpc setting up a peering

connection . peering connection is allowed within a region , across
region, across different account.

Q213) Troubleshooting with EC2 Instances:

Answer: Instance States

 If the instance state is 0/2- there might be some hardware issue

  If the instance state is ½-there might be issue with OS.
Workaround-Need to restart the instance, if still that is not working
logs will help to fix the issue.

Q214) How EC2instances can be resized.

Answer: EC2 instances can be resizable(scale up or scale down) based on
requirement
Q215) EBS: its block-level storage volume which we can use after
mounting with EC2 instances.

Answer:For types please refer AWS Solution Architect book.

Q216) Difference between EBS,EFS and S3

Answer:

 We can access EBS only if its mounted with instance, at a time EBS
can be mounted only with one instance.

 EFS can be shared at a time with multiple instances

 S3 can be accessed without mounting with instances

Q217) Maximum number of bucket which can be crated in AWS.

Answer:100 buckets can be created by default in AWS account.To get more

buckets additionally you have to request Amazon for that.
Q218) Maximum number of EC2 which can be created in VPC.

Answer:Maximum 20 instances can be created in a VPC. we can create 20

reserve instances and request for spot instance as per demand.
Q219) How EBS can be accessed?

Answer:EBS provides high performance block-level storage which can be

attached with running EC2 instance. Storage can be formatted and mounted
with EC2 instance, then it can be accessed.
Q220) Process to mount EBS to EC2 instance

Answer:

 Df –k
  mkfs.ext4 /dev/xvdf

 Fdisk –l

 Mkdir /my5gbdata

 Mount /dev/xvdf /my5gbdata

Q221) How to add volume permanently with instance.

Answer:With each restart volume will get unmounted from instance, to keep
this attached need to perform below step
Cd /etc/fstab
/dev/xvdf /data ext4 defaults 0
0 <edit the file system name accordingly>
Q222) What is the Difference between the Service Role and SAML
Federated Role.

Answer: Service Role are meant for usage of AWS Services and based upon
the policies attached to it,it will have the scope to do its task. Example : In
case of automation we can create a service role and attached to it.
Federated Roles are meant for User Access and getting access to AWS as per
designed role. Example : We can have a federated role created for our office
employee and corresponding to that a Group will be created in the AD and
user will be added to it.
Q223) How many Policies can be attached to a role.

Answer: 10 (Soft limit), We can have till 20.

Q224) What are the different ways to access AWS.

Answer:3 Different ways (CLI, Console, SDK)

Q225) How a Root AWS user is different from in IAM User.

Answer: Root User will have acces to entire AWS environment and it will not
have any policy attached to it. While IAM User will be able to do its task on
the basis of policies attached to it.
Q226) What do you mean by Principal of least privilege in term of IAM.
Answer: Principal of least privilege means to provide the same or equivalent
permission to the user/role.
Q227) What is the meaning of non-explicit deny for an IAM User.

Answer: When an IAM user is created and it is not having any policy attached
to it,in that case he will not be able to access any of the AWS Service until a
policy has been attached to it.
Q228) What is the precedence level between explicit allow and explicit
deny.

Answer: Explicit deny will always override Explicit Allow.

Q229) What is the benefit of creating a group in IAM.

Answer:Creation of Group makes the user management process much

simpler and user with the same kind of permission can be added in a group
and at last addition of a policy will be much simpler to the group in
comparison to doing the same thing manually.
Q230) What is the difference between the Administrative Access and
Power User Access in term of pre-build policy.

Answer: Administrative Access will have the Full access to AWS resources.
While Power User Access will have the Admin access except the user/group
management permission.
Get AWS Online Training
Q231) What is the purpose of Identity Provider.

Answer: Identity Provider helps in building the trust between the AWS and the
Corporate AD environment while we create the Federated role.
Q232) What are the benefits of STS (Security Token Service).

Answer: It help in securing the AWS environment as we need not to embed or

distributed the AWS Security credentials in the application. As the credentials
are temporary we need not to rotate them and revoke them.
Q233) What is the benefit of creating the AWS Organization.
Answer: It helps in managing the IAM Policies, creating the AWS Accounts
programmatically, helps in managing the payment methods and consolidated
billing.
Q234) What is the maximum file length in S3?

Answer: utf-8 1024 bytes

Q235) Which activity cannot be done using autoscaling?

Answer:Maintain fixed running of ec2

Q236) How will you secure data at rest in EBS?

Answer: EBS data is always secure

Q237) What is the maximum size of S3 Bucket?

Answer: 5TB
Q238) Can objects in Amazon s3 be delivered through amazon cloud
front?

Answer:Yes
Q239) Which service is used to distribute content to end user service
using global network of edge location?

Answer: Virtual Private Cloud

Q240) What is ephemaral storage?

Answer: Temporary storage

Q241) What are shards in kinesis aws services?

Answer: Shards are used to store data in Kinesis.

Q242) Where can you find the ephemeral storage?

Answer: In Instance store service.

Q243) I have some private servers on my premises also i have distributed
some of My workload on the public cloud,what is the architecture called?

Answer:Virtual private cloud

Q244) Route 53 can be used to route users to infrastructure outside of
aws.True/false?

Answer: False
Q245) Is simple workflow service one of the valid Simple Notification
Service subscribers?

Answer: No
Q246) Which cloud model do Developers and organizations all around the
world leverage extensively?

Answer: IAAS-Infrastructure as a service.

Q247) Can cloud front serve content from a non AWS origin server?

Answer: No
Q248) Is EFS a centralised storage service in AWS?

Answer: Yes
Q249) Which AWS service will you use to collect and process ecommerce
data for near real time analysis?

Answer: Both Dynamo DB & Redshift

Q250) An high demand of IOPS performance is expected around
15000.Which EBS volume type would you recommend?

Answer: Provisioned IOPS.

Q251) What are various vendors that provides that cloud computing
services ?

Below are some of the vendors that provides that cloud services.

 AWS

 Azure

 GCP

 SAP cloud

 Oracle cloud

 Red Hat cloud

 Verizon and so on.

Q252) What is the difference between a user and a role in AWS and under
what service does this concept come under?
A user and a role is used to provide access to the AWS services. When a user
is created, you will have credentials for the user but when you create a role,
no credentials are created. So your roles are more secured when compared
to the users. This concept comes under the IAM service that deals with the
access to the AWS services.
Q253) What are the types of access that you can give to your users ?

You can give 2 types of access to your users, programmatic access and
console access.
Q254) What are the different instance types we have in EC2?

We have the below type of instance types in EC2,

 General-purpose

 Compute-optimized

 Storage optimized

 Memory-optimized

 Accelerated computing
Q255) What are the pricing models in EC2 ?

Below are the pricing models in EC2,

 On-demand

 Spot instances

 Scheduled instances

 Reserved instances

 Dedicated instances

 Dedicated hosts

 Saving plans

 Capacity reservations
Q256) What is the difference between Instance store volume and EBS
volumes?
Instance store volumes are used for temporary data. That is, the data is
available as long as the instance is running. F you stop or terminate the
instance, the data is lost.
EBS volumes are used for persistent data. That is, the data can be made
available even when the instance is not running.
Q257) What are the types of EBS volumes?

Below are the types in EBS volumes,

 General-purpose

 Provisioned IOPS

 Magnetic

 Cold HDD

 Throughput optimized
Q258) What are key pairs and what does it consists of?

Key pairs are login information that you can use to login to the EC2 instances.
It consists of public key and private key that will make for the key pairs.
Q259) How can you monitor the health status of your EC2 instances?

You can monitor the EC2 instances by creating a health check for the EC2
instances. You have this option when creating the load balancer and can be
used by the load balancer to decide whether to send the load/traffic to the
EC2 instances.
Q260) What is the monitoring tool in AWS and what are the metrics that
you can monitor for EC2?

Cloudwatch is the monitoring tool in AWS. By using this, you can monitor
metrics like, CPU utilization, disk reads, disk writes, network in, network out
and so on.
Get AWS Online Training
Q261) What is the S3 service? What are the different storage types and
which is the default one?
S3 is storage for the internet. You can use this S3 service to store any data,
any time and access the data from any location. Below are the types of S3
storage,

 Standard frequently accessed

 Standard infrequently accessed

 One-zone infrequently accessed

 Glacier

 Glacier archive

 Intelligent tiering

 Reduced redundancy storage.

By default, whenever you create the S3 buckets, standard frequently

accessed will be used.
Q262) How can control the access to your S3 buckets ?

You can control the access by using the ACL – Access Control List and the
bucket policies.
Q263) What is the difference between EBS and EFS?

EBS – Elastic Block Store is attached to a single instance at a time, whereas

EFS – Elastic File System can be attached to multiple instances at the same
time.
Q264) What is the service that can be used for data migration?

Snowball is a service that can be used for data migration. You can use this
service to move your data from one region to another region, import from S3,
export from S3 or for local usage.
Q265) What is the difference between the Internet gateway and NAT
gateway?

The Internet gateway is used to give internet access to your instances that
are running the public subnets and NAT – Network Address Translation is
used to give internet access to that instances that are running in the private
subnets.
Q266) What is an EIP ?

EIP – Elastic IP address is a static IP address that be used to mask the failure
of EC2 instances. When you stop and start an instance, you public IP address
will change. To avoid this, you can use an EIP that will maintain the same IP
address when you start and stop and EC2 instance.
Q267) What is the difference between a security group and NACL?
Security groups NACL
Created at the instance level. Created at the subnet
level.
You can add only “allow” rules. You can add “allow” and
“deny” rules.
Does not have any rule numbers. Follows rule numbering
system.
Statefull. Stateless.

Q267) What is the auditing service in AWS ?

Cloud trail is the auditing service that can be used in AWS. By default, all the
actions that a user takes in the AWS account is logged as an event in the
CloudTrail service. You can see the events for the last 90 days by default.
Q268) What is cloud formation ?

CloudFormation is also known as Infrastructure As A Service. This service can

be used to automate the infrastructure setup by writing scripts. You can
write the script in either JSON or YAML format. Both are supported by
cloudFormation.
Q269) What are the types of routing policies we have in Route53 ?

We have the below routing policies in Route53,

 Simple

 Weighted

 Latency

 Failover

 Geolocation
  Multivalue answer
Q270) What is cloudFront ?

CloudFront is the content delivery network in AWS. In CloudFront, you have

edge locations that act as your cache locations that are utilized by CloudFront
to cache the contents.
Q271) What are the types you have in storage gateway ?

There are 3 types in storage gateway,

 File gateway

 Volume gateway

 Tape gateway
Q272) What are the types you have in kinesis ?

There are 3 types in kinesis,

 Kinesis streams

 Kinesis firehose

 Kinesis analytics
Q272) What is the command that you can use to login to the command
line tool ?

You can use the “aws configure” command to login to the command line tool.
This will prompt you for the access key and secret key to login to the
terminal.
Q273) What is the command to copy contents from S3 bucket to an EC2
server ?

You can use the below command,

aws s3 cp s3://<S3 bucket name> <destination>
Q274) Which is the service that is known as serverless computing
service ?

Lambda is the service that is known as serverless computing. With this

service, you do not have to worry about provisioning servers or managing
any servers.
Q275) What are key pairs ?

Key pairs are you login information that you can use to login to the EC2
servers. Key pairs consists of public key and private key that make up for the
key pairs.
Q276) What is user data in AWS ?

User data can be used to write the boot-up script that you can use to execute
certain commands when your server is starting up. Whenever you want to
automate certain tasks in your server, you can make use of the user data
section for your boot-up scripts.
Q277) How can you encrypt the data in S3 ?

You can use AES-256 and KMS to encrypt your data in S3. KMS is your Key
Management Service to encrypt your data in S3.

Top 35 Solution Architect Interview Questions and Example

Answers
February 23, 2021
Share
By: Indeed Editorial Team

Solutions architects are professionals who are responsible for solving certain
business problems and completing projects. Businesses today rely on the expertise
of solutions architects to recommend and manage hardware and software systems
that are central to operations. For this reason, people with technical acumen and
development skills may look into becoming a solution architect. In this article, we'll
provide the top 35 solution architect interview questions to expect during a job
interview with example answers.

Related: A Complete Guide to AWS Certification Training

General questions
These are general questions you might be asked in a solutions architect interview:

 What goals would you set for yourself as a professional solutions architect?
 What projects will you start within three months of starting this job as a solutions
architect?
 If we asked your coworkers to describe you in one word, what would they say?
  How comfortable are you speaking to people about technical topics?
 What would a day at your ideal job look like?
 What is your desired salary range?
 Explain a recent professional achievement.
 What qualities make you a good fit for the job?
 What skills are required of a solutions architect?
 Why are you choosing to exit your current role?

Questions about solution architect experience and

background
The following solutions architect interview questions will help you prepare for your
next interview:

 What's your favorite thing about being a solutions architect?

 How long have you been working as a solutions architect?
 What are your strengths as a solutions architect?
 What are your weaknesses when it comes to performing the duties of a solutions
architect?
 Tell me about a recent successful project as a solutions architect?
 Tell me about a time a project was unsuccessful, what happened?
 How many coding languages are you fluent in and what are they?
 In your experience, what's the major benefit of being a solutions architect?
 How does your educational background prepare you to be a solutions architect?
 Explain any solutions architect projects in your portfolio.

Related: The Top Highest-Paying IT Certifications

In-depth interview questions

In-depth questions are those that require you to answer in steps or provide
examples, like a portfolio, or work-out a sample problem. The most common you'll
likely encounter in a solutions architect interview include:

 Explain the projects in your portfolio.

 Share an example in which you analyzed a complex problem, came up with a solution
and evaluated results.
 Show me projects you've worked on that demonstrate technical skills in coding.
 Describe a time that you diagnosed the cause of an operating error and fixed it.
 What's an example of a time you had to collect information to solve a problem. How
did you do it?
 Explain what tools you use to perform the duties of a solutions architect. Why do you
use them and what do they do?
 In steps, describe your approach for working with a lot of data.
 In what ways have you applied new technology to being a solutions architect and
innovated the company you were working for?
 Explain your strategy for successfully improving upon existing software.
 Look at this example piece of code and determine the output.

Related: 10 Top IT Certifications to Explore

Common solution architect interview questions
Here are common solution architect interview questions with example answers to
help you prepare for your interview:

 What is the most innovative solution you've proposed, working as a solutions

architect?
 What is AWS?
 How can you protect against an injection attack?
 Describe your protocol for ensuring security.
 What can a solutions architect do to support functional analysts?

What is the most innovative solution you've proposed, working as a

solutions architect?

When an interviewer asks you about innovative solutions you've proposed, they may
want to know what experience you have with new technology and how you can apply
it to help their business. The most appropriate answer discusses a non-obvious
solution and how it impacted business operations.

Example: "When I worked at Copy Company, I was presented with a problem

having to do with a client that was a creditor. The company's website was designed
to encourage users to create an account and find the perfect credit card for their
lifestyle.

They wanted to include a way that customers could return to a credit card they had
previously viewed. I decided that the best solution would be to create a user
interface that allows guests to favorite credit cards. This allowed consumers to mark
cards they wanted to return to. As a result, the creditor increased their customer
base."

What is AWS?

Many solutions architects work with cloud platform technology. Sometimes, they use
Amazon Web Service or AWS. When a solutions architect is specialized in AWS,
they are usually referred to as an AWS solutions architect. Whether you are
interviewing to be an AWS solutions architect or just a solutions architect, you may
need to know about AWS. To answer this question, give a thorough description of
what it is.

Example: "AWS is the leading PaaS service. Produced by Amazon, it provides a

development platform with a compute engine and code library. It also is an open-
source community where developers can produce and share innovation and advice.
Businesses use AWS to build and run applications that power their business with
lean resources."

How can you protect against an injection attack?

An interviewer may ask this question to determine if a candidate has knowledge of
injection attacks. To answer this question offer a solution for protecting against this
type of attack. There are multiple solutions and anyone will suffice.

Example: "I protect against injection attacks by avoiding the use of dynamic SQL.
Additionally, I enlist a web application firewall. Finally, by ensuring continuous
monitoring of SQL statements regarding the connection with web applications."

Describe your protocol for ensuring security

Security is a top priority for businesses looking to enlist the help of a solutions
architect. These professionals may be responsible for providing innovative security
solutions, so knowing how to ensure cybersecurity and data protection is a must. To
answer this question, provide examples of how you ensure cybersecurity for a
company.

Example: "To make sure cloud environments are the most secure, I backup data
daily, ensure continuous monitoring, encrypt data and use virus protection. I would
also enlist innovative cloud edge security services to protect the company from an
attack where cloud platforms are most vulnerable."

What can a solutions architect do to support functional analysts?

Functional analysts (FA) and solutions architects often work side-by-side. When you
get a question about how you would support FAs, you should assume the interviewer
wants you to talk about the ways you can successfully collaborate with an analyst.

Top AWS Solution Architect

Interview Questions
By
Sujith Kumar
-
November 7, 2017
 AMAZON WEB SERVICES







This morning, a friend of mine asked me: “I would like to become an AWS
Enterprise Solution Architect, what do you think are the most
relevant AWS Solution Architect Interview questions that I will have
to answer during the interview?” I decided to answer this question
during this article. First, I’ll be sharing a common job description related to an
AWS Solution Architect, that includes their relevant skills and knowledge
required. After that, I will share some tips for answering typical questions
during the AWS Solution Architect interview.

Share this article on Twitter and get 25% OFF on AWS Certified Solution
Architect Associate/Professional Certification Courses. Share it
now and send us a mail to support@whizlabs.com with your Twitter post
link.

Based on several job descriptions found at the Amazon Jobs site, we can
describe an AWS Solution Architect as a professional that fulfill the following
unified job description:

AWS Enterprise Solution Architect

General Description
The AWS Solution Architect engage with customers to understand their
business drivers, assess application portfolios, design reliable, and cost-
effective cloud-native architectures. The Solution Architect is a very technical
role: broadly competent across many areas of technology. The AWS Solution
Architect will spend most of their day interacting with several customers and
stakeholders, including developers, team leads, engineering directors, and
CxOs.

As an AWS Solution Architect, you will form partnerships with customers,

AWS Sales and several other AWS teams to create highly scalable, flexible,
and resilient cloud architectures that address customers’ business problems,
accelerate the adoption of AWS services, and assist in driving revenue growth
across a broad set of customers.
As a trusted advisor and customer advocate, the AWS Solution Architect will
help organizations understand best practices around advanced cloud-based
solutions, and how to migrate existing workloads to the cloud.

Also, this role can help shape and execute a strategy to build mindshare and
broad use of AWS within enterprise customers. The ideal candidate must be
self-motivated with a proven track record in software/technology sales or
consult. The ability to connect technology with measurable business value is
critical to an AWS Solution Architect. The candidate on the post of AWS
Solution Architect has a demonstrated ability to think strategically about
business, products, and technical challenges.

Roles and Responsibilities

 In partnership with the sales team, create and execute a sales
strategy to exceed revenue objectives through the adoption of AWS
 Engage with opportunities to help a customer to successfully deploy
a new workload onto AWS by developing relationships with
customers, understanding their technology roadmap and strategic IT
direction. Help to ensure success in building and migrating
applications, software, and services on the AWS platform
 Understand the use case of customer’s workloads and its long-term
roadmap
 Regularly review customer core/foundational/mission-critical
workloads for compliance with best practices using the Well
Architected Framework
 Assist in defining migration roadmaps to AWS and driving buy-in
across complex organizational structures
 Maintain a broad technical knowledge of the AWS Cloud Platform
while developing an Area of Depth/Specialization
 Deliver Thought Leadership through speaking engagements and
creation of deep technical content
 Solicit feedback from customers and influence future iterations of
the AWS platform
 Assist with cost/benefit modeling and create compelling business
cases/total cost of ownership studies for migration
 Lead regular self-development and mentor new members of the
team
  Take part in deep-dive education and design exercises to create
world-class solutions built on AWS
 Educate customers of all sizes on the value proposition of AWS, and
participate in deep architectural discussions to ensure solutions are
designed for successful deployment in the cloud
 Conduct one-to-few and one-to-many training sessions to transfer
knowledge to customers considering or already using AWS
 Capture and share best-practice knowledge among AWS Solution
Architect Community
 Author and/or otherwise contribute to AWS customer-facing
publications such as white papers
 Build deep relationships with senior technical individuals within
customers to enable them to be cloud advocates
 Act as a technology advocate and liaison between customers,
service engineers, and support teams.

Basic Qualifications
 7+ years of design/implementation/consulting experience with
distributed applications
 5+ years experience in infrastructure architecture, database
architecture, and networking
 3+ years relevant experience in technology/software sales
 Working knowledge of software development tools and
methodologies
 Technical degree or equivalent experience required; Computer
Science or Mathematics background highly desired
 Strong written communication skills; ability to deliver high-quality
documents, and paying attention to detail
 Presentation skills with a high degree of comfort speaking with
executives, IT Management, and developers
 Elevated level of comfort communicating effectively across internal
and external organizations
 Demonstrated ability to learn quickly and adopt innovative
technologies

Preferred Qualifications
  Experience in migrating or transforming legacy customer solutions
to the cloud
 Professional experience in architecting/operating solutions built on
AWS
 Familiarity with common enterprise services, products, enterprise
architecture, and management frameworks
 Experience in working within software development or Internet-
related industries
 Willingness to travel up to 25%
Obviously, it is recommended that an AWS Solution Architect candidate has a
relative AWS certification: AWS Certified Solutions Architect –
Professional. According to the AWS Certification website, an experimented
Solution Architect is required to have:

 Two or more years of hands-on experience in designing and

deploying cloud architecture on AWS
 Abilities to evaluate cloud application requirements and make
architectural recommendations for implementation, deployment,
and provisioning applications on AWS
 Capabilities to provide best practices guidance on the architectural
design across multiple applications, projects, and the enterprise
Also, the candidate should have a deep understanding of:

 Designing and deploying dynamically scalable, highly available,

fault-tolerant, and reliable applications on AWS
 Selecting appropriate AWS services to design and deploy an
application based on given requirements
 Migrating complex, multi-tier applications on AWS
 Designing and deploying enterprise-wide scalable operations on
AWS
 Implementing cost control strategies
Based on information and previous requirements, during the AWS Solution
Architect Interview, the interviewer company is going to verify if you are an
ideal candidate that possesses the following characteristics:

 An IT Leader that can transform how an enterprise uses the public

Cloud
 One who works equally well with executives and technologists
 Someone who is a technology evangelist
  A professional who is interested in joining a highly technical team
that invests in your success by providing a comprehensive learning
program
 A professional that has a passion for helping customers and design
large distributed systems
 A person who enjoys doing architecture using the world’s most
advanced cloud computing technologies
 An Architect that has a knack for helping organizations, understand
application architectures and integration approaches, architecting
advanced cloud-based solutions, and launching the build-out of
those systems
 One of those rare technologists with the consultative leadership
skills to help guide major projects to success
Some questions that you’ll find during a job interview, are focused to
describe the person and professional beyond his resume, revealing the job
candidate’s personality, strengths, weaknesses, knowledge, skills, and
abilities as mentioned before.

Others focus on the skills and qualifications that the hiring company wants in
the candidates and the contributions that they expect the candidate will
make to their company. Those questions assess the prospective employee’s
work experience and his approach for architecting enterprise solutions will
determine how the candidate interacts with people and their future work
environment.

Note: As a fresher, you can get the AWS certified cloud practitioner
certification exam and start your AWS journey. AWS Certified Cloud
Practitioner exam is the fundamental-level exam, intended for the beginners
in AWS cloud. You can try the AWS Certified Cloud Practitioner practice
exam to prepare for the exam. After that, you can move to AWS associate
certification, professional certification, and specialty certification
respectively.

These are some common AWS Solution Architect Interview

Questions to be answered by an AWS Enterprise Solution
Architect, without order predefined:
Interview Questions: Business Recommended Answer
Perspective
If an organization is facing a major This reveals if the candidate for the AWS Solution
Architect position possesses an open interest in a
change, what is your approach as AWS
future customer, understand their business model,
Solution Architect to suggest to face it? and recognize actual changes and challenges.

What steps will you perform to resolve

this situation?

From your point of view, what are the Describe relevant responsibilities, duties,
relevant responsibilities of an AWS and challenges for an AWS Solution
Solution Architect? Architect.

Refer to above job description.

How do you normally take AWS Describe your procedures and methodology for
establishing relationships and how to understand
architecture requirements to design?
business requirements from customer.

What are key considerations/guidelines Demonstrate with some examples, how you make
decisions and recommendations about AWS
when you’re going to make some AWS
Architecture topics.
Architecture recommendations?

How do you approach a pre-sales engagement as It makes interviewers understand how the candidate
AWS Solution Architect? How do you establish a creates a relationship and collaborate with other AWS
relationship with AWS salespeople? Please describe… work teams.

What challenges are you looking for the position as an Discover and explain what is the candidate/job
AWS Solution Architect? purpose and objective into the company on this role.

How do you share (describe) your ideas This will reveal if the candidate has
and knowledge about AWS excellent communication and
services/products to customers or other presentation skills and really enjoy
people of your team? Please describe… sharing his/her expertise and knowledge
as an advocate.
Could you please show us?

Could you please describe a situation, where you Understand if the candidate has had communication
interacted with CxOs people or other business and relationship with C-level people, and how has
leaders? managed those relationships.

Please describe a successful project that reflects your Discover practical experience based at project
design/ implementation/ consulting experience about executed before around AWS Solution Architecture.
AWS Solution Architecture?
 What enterprise architecture and management Reveal the knowledge of candidate about enterprise
frameworks do you know? And how you have used architecture, business architecture, architecture, and
them? management frameworks. Also, reveals how the
candidate has used them based on the experience.

Please describe a problem or issue during your career Understand how the candidate handles issues and
as an AWS Solution Architect? How did you handle problems.
them?

What have you done to improve your AWS knowledge Discover if the candidate has invested into his/her
within last year? personal and professional growth by himself/herself.

What are most important characteristics of an AWS Understand if the candidate uses the AWS well-
Cloud solution that you need to take into account Architected framework and has a holistic view of a
when you design it? business solution.

Please describe or tell us about a special contribution Explain clearly what contributions you did in the past,
you have made to your last employer? which was his contribution to the success of the
previous company and satisfaction of its customers.
Share some past experiences.

Who are you? Please tell us about yourself? Describe your principal values and characteristics as a
human being. Explain why you’re the best candidate
for that job position and what differentiates you from
others.

Table #1 Typical general AWS Solution Architect Interview Questions

Normally, the above questions are complemented with specific AWS technical
questions that evaluate if the candidate has required qualifications from the
AWS services and technology perspective like following:

Interview Questions: Technical Recommended Answer

Perspective

What is Cloud Computing? Explain the meaning of cloud computing, talk about
What are their principal characteristics and benefits? characteristics as flexibility, elasticity, pay on demand.
Describe each different cloud models as IaaS, PaaS,
and SaaS. Reflect on the benefits and myths of the
cloud.

What is AWS? Highlight AWS leadership in the cloud. Describe

briefly some of the AWS services with which you feel
at ease, for example, EC2, RDS, DynamoDB,
Cloudformation etc…
 Note that AWS has comprehensive
security capabilities that support virtually
any cloud workload.

What is the AWS free tier? Explain how the AWS Free Tier is designed to enable
What is included in it? you to get hands-on experience with AWS cloud
services; and what AWS services are freely available
for 12 months following your AWS sign-up date, as
well as additional service offers that do not
automatically expire at the end of your 12-month
AWS Free Tier term.

What is an EC2 instance? How to protect and reuse it? Explain that EC2 is a web service that provides
resizable computing capacity in the cloud. Describe
how to create an AMI, taking EC2 snapshot to backup,
and reuse EC2 instance

What kind of instances does AWS offer? Describe all EC2 instance types. Each EC2 instance
type comprises varying combinations of CPU,
memory, storage, and networking capacity giving you
the flexibility to choose the appropriate mix of
resources for your applications. For more information
refers to https://aws.amazon.com/ec2/instance-
types/

How to increase the availability of your Describe AWS load balancing solutions. Remember
applications? How to avoid bottlenecks in the that services like Elastic Load Balancing automatically
performance of your applications? distributes incoming application traffic across multiple
Amazon EC2 instances in the cloud. It enables you to
achieve greater levels of fault tolerance in your
applications, seamlessly providing the required
amount of load balancing capacity required to
distribute application traffic.

Describe ELB services, the difference

between application and classic load
balancing service.

How to enable an automatic scaling solution Explain about Auto scaling features of AWS.
according to the user demand? Remember that Auto Scaling allows you to scale your
Amazon EC2 capacity up or down automatically
according to conditions you define, and it is
particularly well suited for applications that
experience hourly, daily, or weekly variability in
usage.
 Describe how to create a launch
configuration, an auto-scaling group
including common limits and how to
monitor it using Cloudwatch and how to
establish automatic alerts and actions.

How to create your own resources into the AWS Describe Amazon VPC service. Notice that Amazon
Cloud? Virtual Private Cloud (Amazon VPC) lets you provision
a logically isolated section of the AWS Cloud, where
you can launch AWS resources in a virtual network
that you define. You have complete control over your
virtual networking environment, including the
selection of your own IP address range, the creation
of subnets, and the configuration of route tables and
network gateways.

Highlight VPC security settings using

security groups and ACLs for subnets.

How cloud you implement a DNS service in AWS? Explain services like Amazon Route 53, a highly
How could you register a new domain name? How available and scalable Domain Name System (DNS)
could you implement a low-latency, fault-tolerant web service. You can use Amazon Route 53 to
architectures managing Web application traffic? configure DNS health checks to route traffic to
healthy endpoints or to independently monitor the
health of your application and its endpoints. Amazon
Route 53 makes it possible for you to manage traffic
globally through a variety of routing types, including
Latency Based Routing, Geo DNS, and Weighted
Round Robin—all of which can be combined with DNS
Failover to enable a variety of low-latency, fault-
tolerant architectures. Don’t forget that Amazon
Route 53 also offers Domain Name Registration – you
can purchase and manage domain names such as
example.com and Amazon Route 53 will automatically
configure DNS settings for your domains.

How to implement a private connection to AWS AWS offers a service called AWS Direct Connect that
Services? lets you establish a dedicated network connection
between your network and one of the AWS Direct
Connect locations. This dedicated connection can be
partitioned into multiple virtual interfaces as a VLAN.
This allows you to use the same connection to access
public resources using public IP address space, and
private resources using private IP space while
maintaining network separation between the public
 and private environments.

Describe advantages and disadvantages

of using private network connections.

What do you know about the Shared Responsibility Because you’re building systems on top of the AWS
Model established with AWS? platform, the security responsibilities will be shared.
While AWS manages the security of the cloud,
Could you please explain more about security in the cloud is the responsibility of the
what is the responsibility of a customer? customer. Customers retain control of the security
they choose to implement to protect their own
content, platform, applications, systems, and
networks, no differently than they would have for the
applications in an on-site datacenter.

How to control the access to your resources located There is a service called AWS Identity and Access
at AWS? Management (IAM) that enables you to securely
control access to AWS services and resources for your
How could you protect your data at rest? users. Using IAM, you can create and manage AWS
users and groups and use permissions to allow and
deny their access to AWS resources.

For protecting your data, there is AWS

Key Management Service (KMS), it is a
managed service that helps make it easy
for you to create and control the
encryption keys used to encrypt your
data.

What are storage options provided by AWS? Describe in detail all the storage options provided by
AWS like EBS, S3, Glacier etc. Remember that AWS
offers many different storage services, including
Amazon S3, Amazon EBS, Amazon EFS, and Amazon
Glacier. Amazon S3 is an object storage service,
Amazon EBS is a block storage service, Amazon EFS is
a file storage service, and Amazon Glacier is a long-
term archive storage service.

Refer depending on scenario what is the

best storage option.

What is the AWS Storage Gateway? The AWS Storage Gateway is a service connecting an
on-premises software appliance with cloud-based
storage, to provide seamless and secure integration
between an organization’s on-premises IT
 environment and AWS storage infrastructure.

Notice when to use it, and how to use it

for recovery or backup storage option.

How to deliver content faster? Describe in detail the service like Amazon CloudFront
which is a content delivery web service. It integrates
with other AWS services to give developers and
businesses an easy way to distribute content to end
users with low latency, high data transfer speeds, and
no minimum usage commitments.

What are the managed database services provided by Answer with the Amazon Relational Database Service
AWS? (Amazon RDS). It is a web service that makes it easy
to set up, operate, and scale a relational database in
What kind of SQL databases are the cloud. It provides cost-efficient and resizable
supported by AWS? capacity while managing time-consuming database
management tasks, allowing you to focus on your
applications and business.

It gives you access to the capabilities of a

MySQL, Oracle, SQL Server, or
PostgreSQL database engines running on
your own Amazon RDS cloud-based
database instance with high availability
configurations.

What is the difference between SQL and NoSQL Explain about RDS options and DynamoDB
Database in AWS? characteristics, their differences, benefits, and
purpose of each related to AWS service.

Which option exists to accelerate the performance of Describe how to improve the performance of web
a web application? applications by allowing you to retrieve information
from a fast, managed, in-memory system, instead of
relying entirely on slower disk-based databases. AWS
offers a service called Amazon ElastiCache, it can not
only improve load and response time to user actions
and queries but also reduce the cost associated with
scaling web applications.

Which AWS services are offered for business Describe each AWS related service, highlight Amazon
intelligence? Redshift as a fast, fully managed, petabyte-scale data
warehouse solution that makes it simple and cost-
effective to efficiently analyze all your data using your
existing business intelligence tools.
 From the end-user analytic point of view,
there exists a service named Amazon
QuickSight which is a very fast, easy-to-
use, and cloud-powered business
intelligence (BI) service. It makes it easy
for all employees within an organization
to build visualizations, perform ad-hoc
analysis, and quickly get business
insights from their data. Amazon
QuickSight integrates automatically with
AWS data services, enables organizations
to scale to hundreds of thousands of
users, and delivers fast and responsive
query performance to them via the SPICE
engine.

What other AWS services do you use at the Describe in detail all the application services provided
application level? by AWS like SNS, SES, SQS, and Workflow.

Remember that Amazon Simple Email

Service (Amazon SES) is a highly scalable
and cost-effective email-sending service
for businesses and developers. On the
other hand, Amazon Simple Notification
Service (Amazon SNS) is a web service
that makes it easy to set up, operate,
and send notifications from the cloud. It
provides developers with a highly
scalable, flexible, and cost-effective
capability to publish messages from an
application and immediately deliver them
to subscribers or other applications.
Finally, Amazon Simple Queue Service
offers a reliable, highly scalable hosted
queue for storing messages as they
travel between computers. By using
Amazon SQS, developers can simply
move data between distributed
application components performing
different tasks, without losing messages
 or requiring each component to be
always available. Amazon SQS makes it
easy to build an automated workflow.

Don’t forget that Amazon Simple

Workflow Service (Amazon SWF) is a web
service that makes it easy to coordinate
work across distributed application
components. Amazon SWF enables
applications for a range of use cases,
including media processing, web
application back-ends, business process
workflows, and analytics pipelines, to be
designed as a coordination of tasks.

How will you improve the deployment and Describe how AWS services as AWS Elastic Beanstalk,
management of AWS services? AWS OpsWorks, and Cloudformation contribute to
improving the deployment and management of AWS
services?

As an AWS Solution Architect, how could you If you want to enable faster disaster recovery of their
implement Disaster recovery on AWS? critical IT systems without incurring the infrastructure
expense of a second physical site, you should use
AWS services. Remember, that the AWS platform
supports many popular disaster recovery (DR)
architectures, from “pilot light” environments that
are ready to scale up at a moment’s notice, to “hot
standby” environments that enable rapid failover and
enable rapid recovery of your IT infrastructure and
data.

Table #2. Typical technical AWS Solution Architect Interview

Questions

Top 6 Cloud Architect Interview

Questions
1. How do you connect on-premise applications to
cloud services?
2. What should be the strategy for application
migration to the cloud?
 3. What is Serverless (AWS Lambda)?
4. What is the problem in Lambda (Serverless)
implementation?
5. What is the use of API Gateway?
6. Where to use NoSQL databases as compared to
traditional relational databases?

6 Interview Questions & Answers for

Cloud Architect

 How do you connect on-premise Applications to

Cloud Services?

You can connect on-premise applications to cloud services

through Hybrid integration. Traditionally this has been
done with VPNs or FTP for loading data, but they’re not
very efficient for integration.

You can choose a good cloud provider like

AWS/Azure/GCloud so that you have more control over it,
compared to a public cloud set up. You will then have to
set up an encrypted channel so that your on-premise apps
can communicate with your private cloud platform.

 What should be the strategy for Application

migration to the Cloud?

There is no single right answer for this question as there

are multiple answers depending on the circumstances.
Here are the different strategies:

Re-hosting: This can be done by redeploying applications to a

cloud-based hardware setup while configuring the application
host accordingly. This is quick and easy while sacrificing
scalability.
Re-platforming: You can choose to run the application directly
on the cloud vendor’s platform. This can be done without
changing the app’s core architecture. While it has the advantage
of backward compatibility, the underdeveloped PaaS
infrastructure means that common capabilities are sometimes
excluded.
Repurchasing: This might come at a high cost and cause lock-in
with the new vendor, but one option is to junk the old application
and purchase a compatible SaaS platform.
Refactoring: This can be a resource-intensive exercise because it
involves overhauling how an application is architected. This is
usually treated as a last resort when new features need to be
added, or if the services need to be scaled or to improve the
overall performance.

 What is Serverless (AWS Lambda)?

AWS Lambda lets users run code without having to

manage servers, so it’s called a serverless service. It
executes code only when needed and scales
automatically, from a few requests per day to thousands
per second. This allows users to pay only for the compute
time consumed – Users can run code for different
application types without any administration.

 What is the problem in Lambda (Serverless)

implementation?

Vendor lock-in: When the application is hosted on a

serverless platform, porting it to another platform is
 cumbersome due to compatibility issues in terms of
supported programming languages. It also means that the
user will have to cede control of their hosted application to
the vendor.

Long-term challenges: Since Lamba is a Function-as-a-

Service, it calls multiple functions if it takes too long to
execute a task, which is resource intensive and
ineffective.

 What is the use of API Gateway?

The API gateway is the entry point for an API for a group of
microservices. It handles protocol translations which
makes it suitable for microservices that make use of
multiple APIs. They allow devs to design the application
structure depending on the use case. The API gateway can
be used for:

 Authentication
 Security enforcement
 Cache management
 Load balancing
 Where to use NoSQL databases as compared to
traditional relational databases?

You should use NoSQL database if:

Need to handle a large volume of data that is

structured/unstructured

If your business requirements make you follow development

practices such as agile sprints, quick iterations, and frequent code
pushes
Prefer object-oriented programming that is easy to use and
flexible

Want to leverage efficient, scale-out architecture instead of

expensive, monolithic architecture