AWS Solutions Architect Interview Questions and Answers (Part3)
Q1. What is Short polling and Long polling in SQS ?
Ans1 – Amazon SQS provides short polling and long polling to receive messages from a queue. By default, queues use short polling.
With short polling, the ReceiveMessage request queries only a subset of the servers (based on a weighted random distribution) to find messages that are available to include in the response. Amazon SQS sends the response right away, even if the query found no messages.
With long polling, the ReceiveMessage request queries all of the servers for messages. Amazon SQS sends a response after it collects at least one available message, up to the maximum number of messages specified in the request. Amazon SQS sends an empty response only if the polling wait time expires.
Q2. How does the standard queue guarantee that a message is delivered?
Ans2 – Standard queues provide at-least-once delivery, which means that each message is delivered at least once. FIFO queues provide exactly once processing, which means that each message is delivered once and remains available until a consumer processes it and deletes it. Duplicates are not introduced into the queue.
Q3. How does SQS help decouple systems in AWS?
Ans3 – SQS lets you decouple application components so that they run and fail independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.
Q4. Do we increase the Lambda runtime that jobs will run more than 15 minutes?
Ans4 – You cannot increase the runtime to more than 15 minutes. The AWS Lambda limit page states the Function timeout is 900 seconds (15 minutes). If you need more than 15 minutes of execution time you have to look at other services.
Q5. Any limitation of creating Lambda function with AWS free tier account?
Ans5 – The AWS Lambda free usage tier includes 1M free requests per month and 400,000 GB-seconds of compute time per month.
Q1. What is DynamoDB?
A1. Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database so that you don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling
Q2. What is Transitive peering ?
A2. Instead of using VPC peering, you can use an AWS Transit Gateway that acts as a network transit hub, to interconnect your VPCs and on-premises networks. You cannot route packets directly from VPC B to VPC C through VPC A.
Q3. How do I connect to a different VPC in AWS?
A3.The simplest way to connect two VPCs is to use VPC Peering. In this setup, a connection enables full bidirectional connectivity between the VPCs. This peering connection is used to route traffic between the VPCs. VPCs across accounts and AWS Regions can also be peered together.
Q4. Why do we need VPC?
A4. Provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
Q5. If we have a VPN, do we need NAT gateway?
A5. Yes NAT gateway is required if you have a VPN.
Q6. What is a NAT gateway?
A6. NAT gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
Q7. How to create a VPN connection?
A7. Create a VPN connection
In the Amazon VPC console, under VPN Connections, choose VPN Connections.
Select Create VPN Connection.
Enter a meaningful name for the VPN connection.
For Virtual Private Gateway, choose the virtual private gateway you just created.
For Customer Gateway, choose the customer gateway you just created.
For Routing Options, choose Dynamic or Static. If you choose static routing, specify the Static IP Prefixes of the appropriate private network(s) on your office LAN.
Choose Yes, Create.
https://aws.amazon.com/premiumsupport/knowledge-center/create-connection-vpc/
Q1. Can we install PhpMyAdmin for that MySQL instance?
Ans 1 – Installing phpMyAdmin is a quick process and once installed, we can create databases, tables, MySQL users, as well as setting privileges for MySQL users for particular tables or databases. Before installing phpMyAdmin, we should have already installed a web server such as Apache or IIS.
Q2. What about database encryption on AWS?
Ans 2 – Amazon RDS encrypts your databases using keys you manage with the AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.
Q3. What type of indexing is used in DynamoDB?
Ans 3 – DynamoDB supports two types of secondary indexes: Global secondary index — An index with a partition key and a sort key that can be different from those on the base table. A global secondary index is considered “global” because queries on the index can span all of the data in the base table, across all partitions.
Q4. How does SNS work? Is this for SMS only?
Ans 4 – You can use Amazon SNS to send text messages, or SMS messages, to SMS-enabled devices. You can send a message directly to a phone number, or you can send a message to multiple phone numbers at once by subscribing those phone numbers to a topic and sending your message to the topic.
Q5. Can DynamoDB be used by applications running on any operating system?
Ans 5 – Yes. DynamoDB is a fully managed cloud service that you access via API. Applications running on any operating system (such as Linux, Windows, iOS, Android, Solaris, AIX, and HP-UX) can use DynamoDB. We recommend using the AWS SDKs to get started with DynamoDB.
Q1. What is CloudWAtch?
A1. Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources. With CloudWatch, you can collect and access all your performance and operational data in form of logs and metrics from a single platform.
Q2. What is Route 53 hosted zone?
A2. A hosted zone is an Amazon Route 53 concept. A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name. All resource record sets within a hosted zone must have the hosted zone’s domain name as a suffix.
Q3. Can I buy domain from AWS?
A3.You can register new domain names with Route 53 as well as manage DNS records for your domain. Select Get Started Now under Domain Registration then Click the Register Domain button.
Q4. How much GoDaddy charges for a cheap domain name?
A4. With GoDaddy, you can register domains for as low as ₹ 72.80(INR). You can even snag a free domain with one of our website hosting plans. It doesn’t get any cheaper or any better.
Q5.What is IPv4 and IPv6?
A5.The Internet Protocol version 4 (IPv4) is a protocol for use on packet-switched Link Layer networks (e.g. Ethernet). IPv4 provides an addressing capability of approximately 4.3 billion addresses. The Internet Protocol version 6 (IPv6) is more advanced and has better features compared to IPv4.
Q6. Does VPC have a private and Public Subnet?
A6. Yes, VPC has private and public subnets.
Q1- What is the difference between public and private subnet in AWS?
Ans1 – The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can’t. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.
Q2- How many days logs will be maintained in CloudTrail by default?
Ans2 – CloudTrail trail logs are not limited to 90 days retention. They can be delivered to an S3 bucket or to AWS CloudWatch Logs and configured to send SNS notifications when a particular event happens.
Q3- Who should use CloudTrail?
Customers who need to track changes to resources, answer simple questions about user activity, demonstrate compliance, troubleshoot, or perform security analysis should use CloudTrail.
Q4- What is the difference between CloudTrail and CloudWatch?
Ans4 –
AWS CloudWatch:
It is a monitoring tool used for real-time monitoring of AWS resources and applications. It provides a report on the basis of monitoring which can be used to analyze the performance of the system. It monitors various AWS resources like Amazon EC2, Amazon RDS, Amazon S3, Elastic Load Balancer, etc.
AWS CloudTrail:
It is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It continuously logs and monitors the activities and actions across your AWS account. It also provides the event history of your AWS account including information about who is accessing your AWS services.
Q5- What does “MySQL compatible” mean?
Ans5 – It means that most of the code, applications, drivers, and tools you already use today with your MySQL databases can be used with Aurora with little or no change. The Amazon Aurora database engine is designed to be wire-compatible with MySQL 5.6 and 5.7 using the InnoDB storage engine. Certain MySQL features like the MyISAM storage engine are not available with Amazon Aurora.
Q1. Why do we use auto scaling?
A1. Auto Scaling is a service in AWS that automatically monitors resources to maintain performance for applications as demand increases or decreases. As the demand increases it scales up the resources and as the demand decreases it scales down the resources.
Q2. What is the difference between auto scaling and load balancing?
A2.Load balancing evenly distributes load to application instances in all availability zones in a region while auto scaling makes sure instances scale up or down depending on the load.
Q3. Can auto scaling upgrade instance?
A3. No, Auto Scaling does not upgrade instances.
Q4. How many auto scaling groups can you have per region?
A4. You can have 200 Auto Scaling Groups per region.(defined by AWS)
Q5. What is difference between Application Load Balancer and Network Load Balancer?
A5.The network load balancer just forward requests whereas the application load balancer examines the contents of the HTTP request header to determine where to route the request. So, the application load balancer is performing content based routing.
Q1- What are IPV4 and IPV6?
Ans1- IPV4 - IPv4 stands for Internet Protocol version 4. It is the underlying technology that makes it possible for us to connect our devices to the web. Whenever a device accesses the Internet, it is assigned a unique, numerical IP address such as 99.48.227.227. To send data from one computer to another through the web, a data packet must be transferred across the network containing the IP addresses of both devices.
IPV6 – IPv6 is the next-generation Internet Protocol (IP) address standard intended to supplement and eventually replace IPv4, the protocol many Internet services still use today. Every computer, mobile phone, home automation component, IoT sensor, and any other device connected to the Internet needs a numerical IP address to communicate between other devices. The original IP address scheme, called IPv4, is running out of addresses due to its widespread usage from the proliferation of so many connected devices.
Q2- What is a VPC subnet?
Ans2- Subnet is a key component in VPC. A VPC can contain all public subnets (or) public/private subnet combination. A private Subnet is a subnet that doesn’t have a route to the internet gateway. A subnet can be configured as a VPN-only subnet by routing traffic via a virtual private gateway.
Q3- What is the price of Amazon Route 53?
Ans3 – Amazon Route 53 charges are based on actual usage of the service for Hosted Zones, Queries, and Health Checks. You pay only for what you use. There are no minimum fees, no minimum usage commitments, and no overage charges
Q4- Why should I use Amazon VPC?
Ans 4 – Amazon VPC enables you to build a virtual network in the AWS cloud – no VPNs, hardware, or physical datacenters required. You can define your own network space, and control how your network and the Amazon EC2 resources inside your network are exposed to the Internet. You can also leverage the enhanced security options in Amazon VPC to provide more granular access to and from the Amazon EC2 instances in your virtual network.
Q5 – Can I connect to my VPC using software VPN?
Ans5- Yes, You may use a third-party software VPN to create a site-to-site or remote access VPN connection with your VPC via the Internet gateway.
Q1. What is the difference between a virtual machine and an AWS machine instance?
A1.EC2 instances are effectively a static portion of host resources, while VMs are ephemeral. Static resources are used to isolate your EC2 instance from those of other tenants hosted on the same server. Since a VM is hosted on a private network, its resources do not need to be isolated.
Q2. What is PPK file in AWS?
A2. PPK file is a SSH private key used to access EC2 Instance through PuTTY in Windows PC.
Q3. How do convert private key from PEM (Open SSH) into PPK (PuTTy SSH)?
A3. To convert your private key
Open PuTTYgen.
Click on Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pemfile, choose the option to display files of all types.
Select your .pemfile for the key pair that you specified when you launched your instance and choose Open. PuTTYgen displays a notice that the .pem file was successfully imported. Choose OK.
To save the key in the format that PuTTY can use, choose Save private key.
PuTTYgen displays a warning about saving the key without a passphrase. Choose Yes.
Specify the same name for the key that you used for the key pair (for example, my-key-pair) and choose Save. PuTTY automatically adds the .ppkfile extension
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html
Q4. Do we need to delete AMI first for deleting a Snapshot?
A4. Yes, for deleting a Snapshot you need to first delete AMI.
Q5. Can we get a email notification if web servers are down?
A5. Yes, you can get a email notification if the server is down but you need to set up email alerts in cloud Watch for that.
Q1 What is the difference between Virtual machine and container?
A1. Virtual machines are part of virtualization environments. A container, on the other hand, is a specific kind of virtualization strategy that offers its own benefits and disadvantages in different kinds of virtualization platforms, including hosted networks and cloud computing systems.
Q2 Can I have multiple health checks in ELB?
A2. Yes, you can but there is only one URL we can provide for continuous health check monitoring. If we use TCP based health check, we can only come to know if the instances are up and running but not the actual web applications.
Q3 Difference between Horizontal and Vertical autoscaling?
A3. In short, the main difference between vertical and horizontal autoscaling in AWS is that in vertical autoscaling the capacity or size of the instance is increased as per demand whereas in horizontal autoscaling the number of instances (not the size) under the load balancer is increased as per requirement.
Q4 Does the EBS backup go in as a snapshot?
A4. You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. Each snapshot contains all of the information that is needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.
Q5. What can I scale with AWS Auto Scaling?
A5. Amazon EC2 Auto Scaling groups.
Amazon Elastic Container Service (ECS) services (currently ECS services cannot be discovered using resource tags)
Amazon EC2 Spot Fleets.
Amazon DynamoDB throughput capacity.
Aurora replicas for Amazon Aurora.
Q6. Can our Windows file systems be in different regions and EC2 instances are in different regions, What combination is allowed?
A6- Yes you can have a multi-region Windows File System using Amazon FSx but the setup is a bit different and complex. At first, you will have to setup a VPC peering connection between the two regions that you want to setup for FSx and use another AWS service named AWS Datasync which can copy data for Server Message Block (SMB) protocol. Datasync enables data transfer rapidly over the network in AWS infrastructure and provides end-to-end security, including encryption and integrity validation, to ensure your data arrives securely, intact, and ready to use.
For more information you can check this AWS document:
https://aws.amazon.com/blogs/storage/how-to-replicate-amazon-fsx-file-server-data-across-aws-regions/
AWS Day 3 FAQ’s
Q1 Does AWS help us to delete the data stored in on-premise after successful migration?
A1-Once the migration completes successfully and the migrated VMs are configured and running properly, you can delete the replication job to stop replication from your on-premises data center to AWS.
Q2 Is it free of cost to create AMI on AWS?
A2- You are only charged for the storage of the bits that make up your AMI, there are no charges for creating an AMI. EBS-backed AMIs are made up of snapshots of the EBS volumes that form the AMI.
Q3 What is the main object of AMI on AWS?
A3- An Amazon Machine Image (AMI) provides the information required to launch an instance. You must specify an AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration.
Q4 Can I have multiple key value pairs for one EC2 instance?
A4- EC2 doesn’t support multiple Key Pairs by default. And updating Key Pairs (adding new keys, replacing existing keys, or deleting existing keys) is not supported by default. User Data allows you to deploy a bunch of Key Pairs on an EC2 instance during bootstrapping.
Q5 Does AMI are region-specific?
A5- Consistent global deployment: Copying an AMI from one Region to another enables you to launch consistent instances in different regions based on the same AMI. You can also take advantage of Region-specific features, such as for instance types or other AWS services.
Q1. What is edge location?
A1. An Edge location is basically a small setup in different locations that provides low latency connectivity by providing static contents to be available from nearest location of the request. What happens is that instead of getting the information from the source it just routes to the nearest edge location and delivers the information reducing the latency. This way the access time is less, and response is faster.
Q2. What is archival data?
A2. The data that you are not going to access for a long period of time or say you are going to access the day less frequently; Archival data is stored so that at any time it can be brought back into service.
Q3. What is the difference between RDS and Non-relational database?
A3. The difference between the relational and non-relational databases: relational databases store data in rows and columns like a spreadsheet while non-relational databases store data don’t, using a storage model (one of four) that is best suited for the type of data it’s storing.
Q4. IAM user cannot create another IAM user?
A4. No, an IAM user is not authorized to create another IAM user, only a Root User can create IAM users and assign permissions to them in terms of Policies.
Q5. To reduce EC2 usage, I just shut it down, after my use, correct?
A5. Yes, correct you shall terminate the resources which you have launched once its need is over, this will save you cost, and you won’t exceed the free tier limit soon. Please try to clean up the resources once, no more required.
Q1. Why is HTTP rule added?
A1. HTTP is a protocol which allows the fetching of resources. It is the foundation of any data exchange on the Web and it is a client-server protocol, which means requests are initiated by the recipient, usually the Web browser.
Q2. How many IP addresses are allocated during auto- assigning IP?
A2. 255 IP addresses are allocated out of which 5 IP addresses are reserved by AWS.
Q3. What are inbound and outbound rules?
A3. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don’t specify a security group, Amazon EC2 uses the default security group.
Q4. How do I change inbound or outbound rules?
A4. To update a rule using the console :
Open the Amazon VPC console In the navigation pane, choose Security Groups. Select the security group to update. Choose Actions, Edit inbound rules or Actions,Edit outbound rules.
Q5. For ping which protocol needs to be allocated in Security Group?
A5. ICMP protocol is to be allocated in the Security Group for Ping.
AWS DAY 2
Q1. Is EC2 Insatnce a virtual machine?
A1. Yes, EC2 Instance is a virtual machine.
Q2. Is arn unique for each resource in AWS?
A2. Yes arn is unique for each resource in AWS.
Q3. Can we log in with root and the IAM user at the same time?
A3. Yes, but for the other user you have to use incognito browser if you want to log in with both the users at the same time.
Q4. How can we have new user assigned default password policy?
A4. You can set a password policy on your AWS account to specify complexity requirements and mandatory rotation periods for your IAM users’ passwords.
You can use a password policy to do these things:
Set a minimum password length.
Require specific character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters. Be sure to remind your users that passwords are case sensitive.
Allow all IAM users to change their own password
Note: When you allow your IAM users to change their own passwords, IAM automatically allows them to view the password policy. IAM users need permission to view the account’s password policy in order to create a password that complies with the policy.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
Q5. Can I have multiple authentication devices active for my AWS account?
A5. Yes. Each IAM user can have its own authentication device. However, each identity (IAM user or root account) can be associated with only one authentication device.
Q6. What is the difference between SSE-C , SSE-KMS and SSE-S3?
A6. With Server-Side Encryption with Customer-Provided Keys (SSE-C), you manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects.
Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS) is similar to SSE-S3, but with some additional benefits and charges for using this service. There are separate permissions for the use of a CMK that provides added protection against unauthorized access of your objects in Amazon S3.
When you use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
Q7. What is asymmetric key vs. symmetric key?
A7. Symmetric encryption uses the same secret key to perform both the encryption and decryption processes. Asymmetric encryption, also known as public-key encryption, uses two keys, a public key for encryption and a corresponding private key for decryption.
Q8. How many buckets can be created from a single AWS account?
A8. By default, you can create up to 100 buckets in each of your AWS accounts. If you need additional buckets, you can increase your account bucket limit to a maximum of 1,000 buckets by submitting a service limit increase.
Q9. If we create and delete the bucket can we create it with the same name?
A9. Yes. If you have deleted a bucket via the web console, you can create a new one with the same name after a delay of 24h.
Q10. Is S3 a serverless storage service in AWS?
A10. Yes S3 is a serverless storage service in AWS. S3 forms the functional basis for all serverless solutions that handle large files like user-generated data, images, or video content.
Q1. Is SNS Cross region?
A1. Amazon SNS supports cross-region deliveries, both for Regions that are enabled by default and for opt-in Regions. Amazon SNS supports the cross-region delivery of notifications to Amazon SQS queues and to AWS Lambda functions.
Q2. What is the difference between root user and IAM user in AWS?
A2. There are two different types of users in AWS. You are either the account owner (root user) or you are an AWS Identity and Access Management (IAM) user. The root user is created when the AWS account is created and IAM users are created by the root user or an IAM administrator for the account.
Q3. What is the MFA?
A3. AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. You can enable MFA for your AWS account and for individual IAM users you have created under your account. MFA can be also be used to control access to AWS service APIs.
Q4 Can EFS be mounted on a windows ec2?
A4. Amazon EFS is not supported on Windows instances.
Q5. What is the use of bucket Versioning ?
A5. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.