Ans: Security Groups can be used to protect your EC2 instances in a VPC. We can configure both INBOUND and OUTBOUND traffic in a Security Group which enables secured access to your EC2 instances. Security Group automatically denies any unauthorized access to your EC2 instances.

Ans: Initially you are limited to launch 20 EC2 Instances at one time. Maximum VPC  size is 65,536 instances.

Ans: Not possible. Peering Connection are available only between VPC in the same region.

Ans: Yes, Possible. Provided the owner of other VPCs accepts your connection.

Ans: Internet Gateway, Virtual Private Gateway, NAT, EndPoints, Peering Connections.

Ans: Yes, Possible. Provided an Internet Gateway is configured in such a way that traffic bounded for EC2 instances running in other VPCs.

Ans: It is possible using Amazon VPC Flow-Logs feature.

Ans: A Security Group defines which traffic is allowed TO or FROM  EC2 instance. Whereas ACL, controls at the SUBNET level, scrutinize the traffic TO or FROM a Subnet.

Ans: Using either a Public IP or an Elastic IP.

Ans:  PAAS (Platform As A Service), IAAS (Infrastructure As A Service), SAAS (Software As A Service)

Ans: Creating duplicate instances during heavy business hours. Scale-IN and Scale-OUT are two different statues of Scaling. Scale-IN: Reducing the instances. Scale-OUT: Increasing the instances by duplicating.

Ans: AMI is defined as Amazon Machine Image. Basically it’s a template comprising software configuration part. For example, Operating System, DB Server, Application Server, etc.,

Ans: When you STOP an instance it is a normal shutdown. The corresponding EBS volume attached to that instance remains attached and you can restart the instance later. When you TERMINATE an instance it gets deleted and you cannot restart that instance again later. And any EBS volume attached with that instance also deleted.

Ans: Not advisable. Because the purpose of having standby RDS  instance is to avoid an infrastructure failure. So you have to keep your standby RDS service in a different Availability Zone, which may have different infrastructure.

Ans: RDS is meant for structured data only. DynamoDB is meant for unstructured data which is a NoSQL service. Redshift is a data warehouse product used for data analysis.

Ans: Lifecycle Hooks are used in Auto Scaling. Lifecycle hooks enable you to perform custom actions by pausing instances as an Auto Scaling group launches or terminates them. Each Auto Scaling group can have multiple lifecycle hooks.

Ans: S3 stands for Simple Storage Service, with a  simple web service interface to store and retrieve any amount of data from anywhere on the web.

Ans: Lambda is an event-driven platform. It is a compute service that runs code in response to events and automatically manages the compute resources required by that code.

Ans: By default 100 buckets can be created in a region.

Ans: Amazon CloudFront is a service that speeds up transfer of your static and dynamic web content such as HTML files, IMAGE files., etc., CloudFront delivers your particulars thru worldwide data centers named Edge Locations.

Ans: S3, a Simple Storage Service from Amazon. You can move your files TO and FROM S3. Its like a FTP storage. You can keep your SNAPSHOTS in S3. You can also ENCRYPT your sensitive data in S3.

Ans: Amazon has hosted EC2 in various locations around the world. These locations are called REGIONS. For example in Asia, Mumbai is one region and Singapore is another region. Each region is composed of isolated locations which are known as AVAILABLE ZONES.    Region is independent. But the Available Zones are linked thru low-latency links.

Ans: Classic LB and Application LB. ALB is the Content Based Routing.

Ans: Yes. A developer can create an AMI and share it with other developers for their use. A shared AMI is packed with the components you need and you  can customize the same as per your needs. As you are not an owner of a shared AMI there is a risk always involved.

Ans: A Hypervisor is a kind of software that enables Virtualization. It combines physical hardware resources into a platform which is delivered virtually to one or more users. XEN is the Hypervisor for EC2.

Ans: You use Key Pair to login to your Instance in a secured way. You can create a key pair using EC2 console. When your instances are spread across regions you need to create key pair in each region.

Ans: ClassicLink allows instances in EC2 classic platform to communicate with instances in VPC using Private IP address. EC2 classic platform instances cannot not be linked to more than one VPC at a time.

Ans: Yes. You can always modify route rules to specify which subnets are routed to the Internet gateway, the virtual private gateway, or other instances.

Ans: 5 VPC Elastic IP addresses per AWS account per region

Ans: NO, you cannot. It is not supported. However you can ping EC2 instances within a VPC, provided your firewall, Security Groups and network ACLs allows such traffic.

Ans: Using Amazon VPC Flow Logs feature.

Ans: Yes.

Ans: After selecting your AMI Template and Instance Type, in the third step while configuring the instance you must select the SUBNET in which you wish to launch your instance. It will be launched in the AZ associated with that SUBNET.

Ans: NO. Normally an IG is HORIZONTALLY SCALLED, Redundant and Highly Available. It is not having nay Bandwidth constraints usually.

Ans: When you launch your instances in a Default VPC in a Region, you would be getting the benefit of advanced Network Functionalities. You can also make use of Security Groups, multiple IP addresses, and multiple Network interfaces.

Ans: You can use, provided if it is located in the same region where your VPC is presented.

Ans: The PEERING CONNECTION available in the other side would also get terminated. There will no more traffic flow.

Ans: NO. Its possible between VPCs in the same region.

Ans: Yes. Only when that owner accepts your peering connection request.

Ans: When a DB instance is deleted, RDS retains the user-created DB snapshot along with all other manually created DB snapshots. Also automated backups are deleted and only manually created DB Snapshots are retained.

Ans: The Public IP is associated with the instance until it is stopped or terminated Only. A Public IP is not static. Every time your instance is stopped or terminated the associated Public IP gets vanished and a new Public IP gets assigned with that instance. To over come this issue a public IP can be replaced by an Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it. Similarly when if you are hosting multiple websites on your EC2 server, in that case you may require more than one Elastic IP address.

Ans: Websites hosted on your EC2 instances can load their static contents directly from S3. It provides highly scalable, reliable, fast, inexpensive data storage infrastructure.

Ans: Yes, you can very well do this  by establishing a VPN connection between your company’s network and Amazon VPC.

Ans: A Private IP is STATIC. And it is attached with an instance throughout is lifetime and cannot be changed.

Ans: When a network has more number of HOSTS, managing these hosts can be tedious under a single large network. Therefore we divide this large network into easily manageable sub-networks (subnets) so that managing hosts under each subnet becomes easier.

Ans: Route Table is used to route the network pockets. Generally one route table would be available in each subnet. Route table can have any no. of records or information, hence attaching multiple subnets to a route table is also possible.

Ans: Standby server cannot be used in parallel with primary server unless your Primary instance goes down.

Ans: Connection Draining is a service under Elastic Load Balancing. It keeps monitoring the healthiness of the instances. If any instance fails Connection Draining pulls all the traffic from that particular failed instance and re-route the traffic to other healthy instances.

Ans: CloudTrail is designed for logging and tracking API calls. Also used to audit all S3 bucket accesses.

Ans: ATA service speeds up your data transfer with the use of optimized network paths. Also, speed up your CDN up to 300% compared to normal data transfer speed

Jeff Bezos
Lisa Su
Denise Morrison

Ans: Jeff Bezos

2002
2006
2008

Ans: 2006

2002
2006
2008

Ans: 2006

Ans: B. False

Ans: True

Ans: False

Ans: Create IAM users

EC2, Elastic Computing & Instances Types

Ans: A.True

Ans: A. True

Ans: A. Increasing and decreasing capacity as needed & D. Paying only for running virtual machines

Ans: A. True

Ans: B. Core Count

Ans: A. On-demand

Ans: B. You can spin up and spin down VMs

Ans: A. True

Ans: B. Core Count

Ans: A. On-demand

Ans: B. You can spin up and spin down VMs

Ans: A. True

Ans: A. True

Ans: True

A. EC2 is not selected
B. Correct region is not selected
C. AWS marketplace is not selected

Ans: B. Correct region is not selected

Ans: B. Additional fees

Ans: B. AWS Edge Locations

Ans: B. False

Ans: B. False

Ans: A. True

Ans: A. True

Ans: A. True

Ans: B. False

Ans: A. True

Ans: A. On-demand

Ans:  C. Depends on Application or Website

Ans: On-demand

Ans: A. True

Ans: B.False

Ans: A. True

Ans: A. True

Ans: B. False

Ans: A. True

Ans: A. True

Ans: A. True

Ans: A. True

Ans: B. False

Ans: A. True

Ans: C. Secure Hosting & D. Storage Scaling

Issue
I’m not sure whether to store the data associated with my Amazon EC2 instance in instance store or  in an attached Amazon Elastic Block Store (Amazon EBS) volume. Which option is best for me?
Resolution
Some Amazon EC2 instance types come with a form of directly attached, block-device storage known as the instance store. The instance store is ideal for temporary storage, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures. You can find more detailed information about the instance store at Amazon EC2 Instance Store.
For data you want to retain longer-term, or if you need to encrypt the data, we recommend using EBS volumes instead. EBS volumes preserve their data through instance stops and terminations, can be easily backed up with EBS snapshots, can be removed from instances and reattached to another, and support full-volume encryption. For more detailed information about EBS volumes, see Features of Amazon EBS.

Ans: You can not create default stack but you can choose the type of stack to create e.g :
A sample stack
A Linux-based chef 12 stack
A Windows-based Chef 12.2 stack
A Linux-based Chef 11.10 stack

Ans: Stack : Cloud-based applications usually require a group of related resources—application servers, database servers, and so on—that must be created and managed collectively. This collection of instances is called a stack

Ans: you can select one “instance type” e.g: t2.micro at a time but you can set more then one “Webserver Capacity” which is “The initial number of Webserver instances“ means automatically same kind of instances will launch.

Ans: It means that you have to actively poll the queue in order to receive a messages.
The messages are pushed into the queue by the producers but pulled out of the queue by the consumers.You have to call the Receive Message action from the consumer in order to get the messages, they are not pushed to you automatically when they arrive.

A. 4
B. 10
C. 5
D. None the above

Ans: C. 5

A. Elastic IP
B. Elastic Network Interface
C. AWS Elastic Interface
D. AWS Network ACL
Ans: B. Elastic Network Interface

A. Sticky session
B. Fault Tolerance
C. Connection drainage
D. Monitoring

Ans: B. Fault Tolerance

Ans: D. Sticky session

Ans: C. RRS lost object

Ans: A. Monitor estimated AWS usage

Ans: B. The user can communicate using the private IP across regions

Ans: C. Amazon Cloud Front

Ans: D. It is not possible to have this instance under the free usage tier

Ans: D. All of the above

Ans: B. Binds the user session with a specific instance

Ans: A. SES

Ans: B. Classic Load Balancer

Ans: D. There is no such limit

Ans: C. Source

Ans: C. Elastic Network Interface

Ans: B. To verify that there is a rule that allows traffic from EC2 Instance to your computer

Ans: A. Amazon SES console

Ans: B. Changes are automatically applied to windows instances

Ans: C. IAAS-Storage

A. Just simply create a copy of the unencrypted volume, you will have the option to encrypt the volume.
B. Create a snapshot of the unencrypted volume and then while creating a volume from the snapshot you can encrypt it
C. Create a snapshot of the unencrypted volume (applying encryption parameters), copy the snapshot and create a volume from the copied snapshot
D. This is not possible, once a volume is unencrypted, there is no way to create an encrypted volume from this

Ans: C. Create a snapshot of the unencrypted volume (applying encryption parameters), copy the snapshot and create a volume from the copied snapshot

Ans: A. Auto scaling Launch Config

Ans: C. Both A and B

AWS Interview Questions and Answers for Freshers

A. CloudWatch
B. CloudTrail
C. Load Balancer
D. Lifecycle Hooks” open=”no” style=”default” icon=”plus” anchor=”” class=””] The answer is: D

A) Amazon RDS
B) Simple DB
C) Amazon Cloud Front
D) Amazon associates web services

A) Connection timed out
B) Server refused our key
C) No supported authentication methods available
D) All of the above

A) Routes all the requests to a single DNS
B) Binds the user session with a specific instance
C) Binds the user IP with a specific session
D) Provides a single ELB DNS for each IP address

A) SES
B) SNS
C) SQS
D) SAS

A) 1000
B) 100
C) 10000
D) There is no such limit

A) Elastic IP
B) AWS Elastic Interface
C) Elastic Network Interface
D) AWS Network ACL

A) Security group rules cannot be changed
B) Changes are automatically applied to all instances that are associated with the security group
C) Changes will be effective after rebooting the instance in that security group
D) Changes will be effective after 24-hours

A) IAAS-Network
B) IAAS-Computational
C) IAAS-Storage
D) None of the above

A) Just simply create a copy of the unencrypted volume, you will have the option to encrypt the volume.
B) Create a snapshot of the unencrypted volume and then while creating a volume from the snapshot you can encrypt it
C) Create a snapshot of the unencrypted volume (applying encryption parameters), copy the snapshot and create a volume from the copied snapshot
D) This is not possible, once a volume is unencrypted, there is no way to create an encrypted volume from this

A) The network I/O are not affecting during data download
B) The policy cannot be set on the network I/O
C) There is no way the can stop scaling as it already configured
D) Suspend scaling

A) EBS Backed
B) Instance Store backed
C) None its volume type and not AMI types
D) Both A and B

Public: Amazon web services, Microsoft Azure, Google Cloud, Oracle Cloud, Alibaba Cloud.
Private: Redhat-Openstack, Rackspace, VMware, IBM Private Cloud.

On-demand Instances: On-demand instances are the virtual servers that are provisioned by AWS EC2 service at an hourly price basis.
Reserved Instances: Instances which are reserved for a time, 1 year or 3 years , is called reserved Instances. Hourly prices are reduced significantly compared to on-demand Instances with reservation.
Spot Instances: Spot Instances are the special instance category where you request the unused resources of EC2 from the datacenter for steep discounts. Spot prices are fixed by AWS EC2 and you need to bid the spot price more than the pricing of AWS EC2.

Hybrid Cloud

S3 is a simple storage service, which is used to store and retrieve data. We can store any amount of data and any type of data. Data that we are storing here are referred as objects. Whereas the Glacier storage is an archival store which is used to store infrequently accessed data or cold data. Major use case of glacier is data archiving and backup.

MYSQL
MSSQL server
Oracle DB
Postgres DB
Amazon AURORA
Maria DB

We can use the native service tool called AWS Cloud Formation for automation. It is also a good option to consider the third-party tools like Ansible, Chef, Puppet etc. to automate the services.

Autoscaling is a service that automatically scales EC2 instance capacity out and in based on the criteria’s that we are going to set. Autoscaling benefits its use for dynamic workloads like web spikes, retail shop flash sales, ticket booking system on the vacations etc.,

Availability and durability are closely related to each other, but they are not the same. Availability refers to the uptime of the service i.e.., S3 storage system’s uptime and can able to deliver the requests and data. Durability on the other hand, refers to the data that is stored should not suffer from degradation and corruption.

Static web hosting
Versioning
Encryption
Object lifecycle management
Unlimited storage

lists and pre-signed Encrypt the data using Server-Side Encryption or Client-Side Encryption.
Enable MFA delete to protect data against accidental deletion.
Usage of access control URL’s.

Elastic IP address(EIP) is a static, internet routable address that is managed by the AWS platform. Each Elastic IP address are assigned to the Instances from a Pool of IP address in each region. Charges are applied once you allocate the EIP address no matter whether you associate the IP to an Instance or not. When you release the allocated IP Address, EIP will to returned to the pool.

We should create an Elastic load balancer with Autoscaling , and associate it with the EC2 instances. Layer 7 or Application layer Load balancers are used for this use case. ELB should be used because ELB can balance the incoming load across the EC2 resources.

CloudWatch is native service used to monitor our resources and applications in the AWS cloud. CloudWatch does this by collecting information in the form of logs, metrics and events from the resources that we provisioned in the AWS environment. We can define alarms, troubleshoot issues using logs to optimize our infrastructure using CloudWatch.

We can classify the cloud computing platform into three types based on the services.
Infrastructure As A Service.
Platform As A Service.
Software As A Service.

Simple Notification Services is a complete messaging service to deliver the messages end to end. It is shortly referred to as SNS. A real time use case would be a banking system where SNS will be sending a real time message (Email, SMS etc.,) to the end users who debits his account by withdrawing some amount of money.

Redshift would be the proper analytics platform which AWS provides. For data storage S3 is the ideal option and once data analytics is done, data must get moved to glacier for backup & Archival system. To do this data migration from s3 to glacier wee need to setup a lifecycle management policy in S3 to get moved to glacier.

Under these circumstances, we need to choose a bigger RDS instance type for handling the huge amount of traffic. Creation of manual or automated snapshots is a must to recover from the disaster cases.

First, we need to increase the EBS volumes level to a consistent amount in the AWS management console. Next step we should use resize2fs command to use the provisioned space in the Operating system level because an increase in the EBS volumes doesn’t guarantee the increase in the OS level. For this to happen we should consider increasing the provisioned space in the operating system level.

Perform a mapping of the on-premises server’s cores and RAM to the nearest machine types in the AWS Cloud. Then use the online AWS pricing calculator to estimate the cost of the machines in the AWS Cloud.

Considering the cost factor, we should first consider increasing the number if IPSEC tunnels that are used for the secure connectivity to AWS. If the problem persists even after increasing the tunnels, consider the other options for better a network.

Practice of using a network of the remote servers, hosted on the Internet to store, manage, and process data,

Rather more than a local server or a personal computer is called Cloud Computing.

Companies offering the computing services are called “cloud providers” and typically charge for cloud.

Computing services  based on the usage, similar to how you are billed for water or electricity at home.

E.g.: AWS, AZURE, IBM BLUEMIX, GOOGLE CLOUD

This cloud model is composed of the five essential characteristics, three service models and four deployment  models.

The primary reasons for the moving to the cloud are: –

• It will never run out of the capacity, since it is a virtually infinite.
• You can access your cloud-based on applications from anywhere, you just need a device which can Connect to the Internet.

• Totally free from Maintenance i.e., You do not have to maintain or administer any infrastructurefor the same.
• Lower Computing Cost.
• Improved Performance.
• Reduced Software Cost.
• Instant Software Updates.
• Unlimited Storage Capacity i.e., It will never run out of the capacity, since it is virtually infinite.
• Increased Data Reliability.
• Device Independence and the “always on! Anywhere and any  of place” i.e., You can access your Cloud – based on  applications from anywhere, you just need a device which can connect to the Internet.Cloud Computing is the fastest growing part of  the network-based computing. It provides to tremendous.Benefits  to  customers of  the all sizes: simple users, developers, enterprises and all types of organizations.

• Lower TCO.
• Reliability, Scalability & Sustainability.
• Secure Store Management.
• Low Capital Expenditure.
• Frees from Internal Resources.
• Utility Based.
• Easy & Agile Deployment.
• Device & Location Independent.
• 24 * 7 Support.
• Pay As You Use.

• Pay as you Go Model.” open=”no” style=”default” icon=”plus” anchor=”” class=””]
• Increased Mobility.
• Less or No CAPEX.
• High Availability.
• Easy to Manage.
• High Productivity.
• Environment Friendly.
• Less Deployment Time.
• Dynamic Scaling.
• Shared Resources.

Cloud computing consists of the  3 layers in the hierarchy and these are as follows:

1. Infrastructure as a Service (IAAS) provides cloud infrastructure in terms of the hardware like memory, processor speed etc.
2. Platform as a Service (PAAS) provides cloud applications platform for the developers.
3. Software as a Service (SAAS) provides cloud applications which is used by the user directly without Installing anything on the system.

Using a fixed for the root password for a public AMI is a security risk that can be quickly become known. Even Relying on users to change the password after to the first login opens a small window of  the opportunity for potential abuses.

Following are the steps to disable password-based on remote logins for the root users.

1.Open the /etc/ssh/sshd config  file with an text editor and locate to the following line:

#PermitRootLogin  yes.

2.Change to the line to:

PermitRoot Login without-password.

Problem – Take an snapshot excludes data held in the cache by the applications and the OS. This tends not to matter on a single volume, however using a multiple volumes in the RAID Array, this can be a problem due to inter dependencies of  arrays.

In Amazon Web Services, a Volume is  durables, block level storage can device that can be attached to a singles  EC2 instance. In plain words it is like an hard disk on which we can be write or read from.A Snapshot is created by copying the data of  volume to the another location at a specific time. We can even replicate samen of  Snapshot to multiple availability zones. So, Snapshot is the single point in time view of a volume. We can create an Snapshot only when we have a Volumes. Also, from a Snapshot we can create an Volumes. In AWS, we have to pay for the storage that is used by  Volume as well as the one used by a Snapshots.

AWS Beanstalk applications have an system in place for avoiding to failures in the underlying infrastructures.

AWS is recommends that your AMIs downloads and upgrade to the Amazon EC2 AMI creation tools during the startup. This ensures that a new AMIs based on your shared AMIs have to the

latest AMI tools.

# Update to Amazon EC2 AMI tools

echo ” + Updating EC2 AMI tools”

yum update -y aws-amitools-ec2

echo ” + Updated EC2 AMI tools”

In AWS Lambda we can run a function of synchronous or asynchronous modes. In synchronous mode, if AWS Lambda function is fails, then it will just give on the exception to the calling application. In asynchronous  modes, if AWS Lambda function is fails then it will retry to  the same function at least 3 times. If AWS Lambda is running in response to an event in the Amazon DynamoDB or Amazon Kinesis, then  event will be retried till that Lambda function succeeds or the data expires. In DynamoDB or Kinesis, AWS maintains datas for at least 24 hours.

• Amazon S3
• Scalable Storage in Cloud
• Amazon EBS
• Block Storage for EC2
• AWS Elastic File System
• Managed File Storage for EC2
• Amazon Glacier
• Low-cost Achieve Storage in the
• cloud
• AWS Storage Gateway
• Hybrid Storage Integration
• Amazon Snowball
• Petabyte-Scale Data Transport
• AWS Snowball Edge
• Petabyte-scale Data to Transport with
• On-Demand Compute
• AWS Snowmobile
• Exabyte-scale Data to Transport

• In Transit: SSL/TLS
•  At Rest
• Server-Side in Encryption
• S3 Managed Keys – SSE-S3
• AWS Key Management Service, Managed of Keys – SSE-KMS
•  6.Server-Side Encryption with Customer Provided Keys – SSE-C
• Client-Side Encryptions

Amazon S3 supports of storing objects or files up to 5 terabytes. To upload an  file greater than 100 megabytes, we have to use of Multipart upload utility from AWS. By using Multipart upload we can upload an  large file in multiple parts. Each part will be independently to be uploaded. It doesn’t matter in what order to each part is uploaded. It even to supports uploading these parts of  parallel to decrease overall time. Once of all the parts are uploaded, this utility makes a these as one single objects or file from which the parts were do created.

Performance of an elastic block storage varies i.e. it can go above the SLA performance level and after that drop below it. SLA provides an average disk I/O rate which can at times frustrate performance experts who yearn for reliable and consistent disk throughput on a server.

• Spin up a larger Amazon instance than the existing one.
• Pause the existing instances to remove the root EBS volume from the server and discard.
• stop the live running instance and detach its root volume.
• Make a note of the unique device ID and attach that root volume to the new server.
• Start the instance again.

The main difference between vertical and horizontal scaling is the way in which you add compute resources to your infrastructure. In vertical scaling more power is added to the existing machine while in horizontal scaling resources are added into system with the addition of more machines into the network so that the workload and processing is shared among multiple devices.

P-State- It has different levels starting from P0 to P15.

C-State- Its levels are from C0 to C6 where CG is the Strongest for the Processor.

You will to get a list of the DNS record data for your domain name first, it is generally   available in the form of a “zone file” that you can get from your existing DNS provider. Once you receive the DNS record data. You can use Route 53’s  management console or simple web-services interfaces to create a hosted zone that will store your DNS records for your domain name and follow its transfer process. It also includes steps such as updating the name servers for your domain name to the ones associated with your hosted zone.

AWS Elastic Beanstalk is an application management platform while OpsWorks is configuration management platform Beanstalk is an easy to use service which Is used for deploying and scaling web applications developed with  Java, .Net, PHP ,Node js.,Python, Ruby, Go and Dockers.

AWS Security groups associated with EC2 instances can help you safeguard EC2 instances running in a vpc by providing security at the protocol and port access level. You can configure both INBOUND and OUTBOUND traffic to enables secured access for the EC2 instance. AWS security groups are much similar to a fire-wall-they contain set of rules which filter the traffic coming into and out of an EC2 instance.

It is possible to cast off with EC2 instances by using root approaches which have the backup of native occurrence storage. When a developer or a client is using Amazon S3 services, they have the capability to use extremely scalable and additionally fast. Dependable low priced data storage structures that are used by Amazon itself to track the worldwide network of its own websites.

• CenOs
• Amazon Linux
• Ubuntu
• Red Hat Enterprise Linux
• Windows

• Any data points or high-resolution custom metrics with a spam of fewer than 60seconds are available for 3hours.
• Data Points with a Period of 60 seconds are available for 15days.
• Data points with a period with a period of 5minutes are available for 63days.
• Data points with a period of 1hour are available for 455 days or 15months.

There are four modes:

• 1^st Mode Bridge
• 2^nd mode Aws vpc
• 3^rd mode host
• 4^th mode none

• The Internet (via an Internet gateway)
• Your corporate data center using a Hardware VPN connection (via the virtual private gateway)
• Both the Internet and your corporate data center
• Other AWS services (via Internet gateway, NAT, Virtual private gateway, or VPC endpoints)
• Other VPCs (via VPC peering connections)

ping requests to the router in your VPC is not supported .Ping between Amazon EC2 instances within VPC is supported as long as your operating system’s firewalls, VPC  security groups, and network ACL’s permit such traffic.

Yes, you can use the Amazon VPC Flow logs feature to monitor the network traffic in your VPC.

Amazon VPC is currently available in multiple Availability Zones in all Amazon EC2 Regions.

Yes, Describe Volumes() will return all your EBS volumes.

You will need to disable NAT-T on your device. If you don’t plan on using NAT-T and it is not disabled on your device, we will attempt to establish a tunnel over UDP port 4500, If that port is not open the tunnel will not establish.

Do you need to be concerned about its availability? Can it be a single point of failure?

No, An internet gateway is horizontally-scaled, redundant,  and highly available .it imposes no bandwidth constraints.

No, Transitive peering relationships are not supported.

• Highly Available and Reliable
• Flexible
• simple
• Fast
• Cost-effective
• Designed to integrate with Other AWS Services
• secure
• scalable

There are several types of routing policies. The below list provides the routing policies which are used by AWS Route53.

• Simple Routing
• Latency-based Routing
• Geolocation Routing

Functionality

The basic idea behind Amazon Workspace’s is to access your desktop from anywhere, at any time from any device.

• Functionality
• Amazon Workspace’s Bundles
• Allowing to bring your own licenses.
• Easy provisioning
• Persistent Storage

• One dashboard, Access all data
• Visibility on the complete infrastructure
• Improve total cost of ownership
• Insights from logs
• Optimize Applications and Resources

There are six database engines which RDS provides, and they are:

• Amazon Aurora
• Postgre SQL
• MySQL
• Maria DB
• Oracle Database
• Microsoft SQL Server

There are two types of queues in SQS, They are Follows;

Standard Queues: it is default queue type. It provides an unlimited number of transactions per second and at least once message delivery option.

FIFO Queues: FIFO queues are designed to ensure that the order of messages is received and sent is strictly preserved as in the exact order that they sent.

We have five different types of layers available ,which are:

• SC-Storage controller
• CC-cluster controller
• NC –Node Controller

Walrus

• CLC- Cloud Controller

The AWS server less Application repository is available in the AWS GovCloud (US-East) region. With this service, the availability of services is increases to a total of 18 AWS regions across North America, South America, the EU, and the Asia Pacific.

• Amazon s3
• AWS Lambda
• Amazon Glacier
• Amazon EC2
• Amazon Cloud Front
• Amazon SNS
• Amazon EBS
• Amazon kinesis
• Amazon VPC
• Amazon SQ

Ans: 10

Ans: A. Security groups

1. Access Control List
2. Subnet level restriction thru CIDR

Ans: Yes, manually adding them is possible

Ans: No, instance type is defined in Launch configuration. 

Ans: 16TB

Ans: Yes, Cloud watch is not region-specific

Ans: Yes, primary and secondary IP is possible. Only when it is private IP.

Ans: Cloud watch, SCOM, Nagios

Ans: Yes, Vertical scaling method. Stop the instance, edit the instance type and relaunch again.

Ans: The application server becomes unreachable to the end user thru Website.

Routing the traffic directly to the biggest EC2 instance will resume the operation. But load will increase on the instance, which will give us only a few hours until the server crashes. (Depends on the application and traffic too)

Ans:- Thru IAM roles mostly.

Ans: Organisations generally have golden standard AMIs with all the security applications available. Default once we need to configure the security

Ans: Reset the key using EC2Rescue application or using AWS systems manager

Ans: More visibility on the Activities happening across the VPC network. Helps in troubleshooting

Ans: Whenever a High-performance system requirement is present.

Ans: Thru AWS IAMs used alongside with AWS Organisation.

Ans: If the server is reachable and in good health, manually remove it from the autoscaling target group and troubleshoot it, while autoscaling spawns a new instance as a replacement.

Ans: Using the launch configuration, mentioning the file system. 

Ans: Peer to Peer connection is used to establish a connection from One VPC to another VPC. It may be the same AWS account or a different AWS account.

Ans:

1. 168.0.0 – Network IP
2. 168.0.1 – AWS VPC Router IP
3. 168.0.2 – a reserve for Amazon DNS
4. 168.0.3 – reserved for AWS Future use
5. 168.0.255 – Broadcast Address

Ans: 5 VPC’s per account.

Ans: RDS is SQL-based and Dynamo is non-SQL Based.

Ans:

CNAME: it used map URL to URL. ( ex : myapp.mydomain.com –> another URL )

Alias: IT used to map AWS resources (ex: CDN, Load Balancer, S3 Website

Ans: On-Demand instances, Reserve instances, Spot instances, Dedicated instances, Dedicated Hosts.

Ans:

Inbound –> it allows external users to access EC2.

Outbound –> it allows EC2 instances to access the Internet.

Ans: A- is used for IPv4 address Record. AAAA – is used for IPv6 Record.

Ans: we have to create a new public domain for our 3rd party in Route 53 and then have to map the new domain Name Servers to 3rd party.

Ans: 5

Ans: US-EAST (N.Virginia)

Ans: 5TB

Ans: IAM, S3, CDN

Ans: EBS

Ans: unlimited

Ans: Convertible and schedule-based.

Ans: cluster, partition, and spread

Ans: 7

Ans: It is an additional network interface which can be attached to exiting Ec2.

Ans: Internet gateway: will transfer the packets bi-directionally (both end-user, as well EC2 can communicate to external)

NAT Gateway: will allow the only EC2 to communicate externally.

Ans: Simple, weighted, Failover, latency, Geo , Multiple.

Ans: VPN is used to connect private networks via VPN Connection

Ans: TTL: Time To Live is used to stick the DNS records for a specific time Frame ( It may be seconds or Minutes or days ).

Ans: Application load balancer is using layer 7 protocols ( https, https ). The network Load balancer is using layer 4 Protocols ( TCP, UDP, TLS ) and it will use elastic Ip’s for each subnet.

Ans: Vertical scalability means we can increase compute family from one type to another type ( ex: t2.micro to t3.large)

Horizontal scalability means we can increase instances. ( we will specify minimum and maximum instances )

Ans: it will route the traffic and hold the user for some specific time Frame. ( ex: stickiness: 10 Seconds, then it will hold for 10 seconds, then will route the traffic to next instance).

Ans: Classic , Application, and Network.

Ans: it is used for IPv6.

Ans: Network ACLs are like firewalls which used to control the traffic from Subnet Level

Ans: Route tables are used to establish a connection to a VPC or Subnet.

Ans: The edge area is the region where the substance will be reserved. Thus, when a client is attempting to getting to any substance, the substance will consequently be looked in the edge area.

Ans: VPC represents Virtual Private Cloud. It permits you to redo your systems administration arrangement. It is an organization that is consistently detached from another organization in the cloud. It permits you to have your IP address range, web doors, subnet, and security gatherings

Ans: Snowball is an information transport choice. It utilized source apparatuses to a lot of information into and out of AWS. With the assistance of snowball, you can move a monstrous measure of information starting with one spot then onto the next. It assists you with diminishing systems administration costs.

Ans: This is one of the significant AWS inquiries for experienced posts. Peruse on to know more AWS inquiries questions and responds in due order regarding experienced/senior posts.
There are four sorts of evaluating models for Amazon EC2 occasions that are as per the following:
• On-request occasion – On-request evaluating or pay-more only as costs arise model permits you to pay just for the assets utilized till now. You should pay by second/hour for the assets utilized, contingent upon the cases. The on-request evaluating model is acceptable if the work hours are short and capricious as they don’t need any forthright installment.
• Reserved case – It is the best model to utilize in the event that you have an essential for your forthcoming prerequisites. Firms figure their future EC2 necessities and pay forthright to get a rebate of up to 75%. Saved cases will save figuring limit with respect to you, and you can utilize them any place required.
• Spot Instance – If some additional measure of processing limit is required quickly, one can decide on spot occurrences at up to a 90% markdown. The unused registering limit is sold at an intensely limited rate by means of the spot case evaluating model.
• Dedicated hosts – A client can save an actual EC2 worker by settling on the devoted hosts valuing model.

Ans: S3 (Simple Storage Service) gives adaptable article extra room to firms and IT experts. It is perhaps the soonest administration presented by AWS. The simple to-utilize web administrations interface of S3 permits clients to store and recover information from distant areas. S3 contains pails to store documents/information.
Clients make a pail in the S3 and name it as it is a general namespace. A HTTP 200 code is gotten on effective transferring of a document to the alloted S3 pail. A special name is given to each container to produce the DNS address (interesting).
You can likewise download the information from a pail in S3 and grant different clients to download it. The validation instrument of S3 helps in getting the information from any potential breaks.

Ans: I will recommend cross breed cloud design for my association. Crossover cloud design has the ideal mix of private and public mists. One can utilize the public cloud in the half and half engineering for the common assets in my firm. The classified assets must be imparted to the supervisory group utilizing a private cloud.
We can partake in the administrations of both private and public mists by introducing a half and half cloud design in our firm. Contingent upon the information security prerequisites, a cross breed cloud permits information to be gotten to at various levels in an association/firm. It will help our firm in reducing expenses over the long haul.

Ans: There are three sorts of cloud administrations models that are:
• IaaS – Infrastructure as a Service (IaaS) permits clients to get to virtual figuring assets with the assistance of the web. A specialist co-op has worker, stockpiling, equipment, and so on for the benefit of the clients by means of IaaS. IaaS stages offer high adaptability and can adjust as per the responsibility. IaaS suppliers likewise oversee undertakings of their clients like framework upkeep, reinforcement, strength, and so on
• PaaS – Platform as a Service (PaaS) helps specialist organizations to convey programming and equipment instruments to their clients. It is particularly utilized for the application advancement interaction, and one can get applications from the specialist organization through the web utilizing PaaS. Clients don’t need to possess in-house programming/equipment for application improvement/testing as they can do it with the assistance of PaaS.
• SaaS – Software as a Service (SaaS) is a generally sold model by specialist organizations for programming conveyance. On-request processing programming can be conveyed utilizing SaaS to the clients/clients. The SaaS model is liked as it is not difficult to regulate and oversee patches.

Ans: RTO (Recovery Time Objective) alludes to the most extreme hanging tight an ideal opportunity for resumption of AWS administrations/tasks during a blackout/catastrophe. Because of unforeseen disappointment, firms need to hang tight for the recuperation cycle, and the greatest sitting tight an ideal opportunity for an association is characterized as the RTO. At the point when an association begins utilizing AWS, they need to set their RTO, which can likewise be known as a measurement. It characterizes the time firms can stand by during calamity recuperation of uses and business measures on AWS. Associations compute their RTO as a component of their BIA (Business Impact Analysis).
Like RTO, RPO (Recovery Point Objective) is additionally a business metric determined by a business as a component of its BIA. RPO characterizes the measure of information a firm can bear to lose during a blackout or fiasco. It is estimated in a specific time period inside the recuperation time frame. RPO additionally characterizes the recurrence of information reinforcement in a firm/association. For instance, assuming a firm uses AWS administrations and its RPO is 3 hours, it suggests that all its information/plate volumes will be upheld up like clockwork.

Ans: The auto-scaling highlight in AWS EC2 consequently increases the figuring limit as indicated by the need. It helps in keeping a consistent exhibition of business measures. Auto Scaling can assist with scaling different assets in AWS inside a couple of moments. Other than EC2, one can likewise decide to naturally scale other AWS assets and devices as and when required. The advantages of the EC2 auto-scaling highlight are as per the following:
• The auto-scaling highlight of AWS EC2 is not difficult to set up. The use levels of different assets can be found under a similar interface. You don’t need to move to various control center to check the usage level of different assets.
• The auto-scaling highlight is imaginative and robotizes the scaling measures. It additionally screens the reaction of different assets to changes and scales them consequently. Other than adding processing limit, the auto-scaling highlight likewise eliminates/diminishes the registering limit if necessary.
• Even if the responsibility is eccentric, the auto-scaling highlight streamlines the application execution. The ideal presentation level of an application is kept up with the assistance of auto-scaling.

Ans: S3 stockpiling classes are utilized for information uprightness and helping simultaneous information misfortune. Whatever object you store in S3 will be related with a particular stockpiling class. It is likewise engaged with keeping up with the article lifecycle that aides in programmed movement and along these lines saves cost. The four kinds of S3 stockpiling classes are as per the following:
• S3 Standard – The information is copied and put away across different gadgets in different offices through the S3 standard stockpiling class. A deficiency of a limit of 2 offices all the while can be adapted up through the S3 standard. With its low dormancy and high throughput, it gives expanded solidness and accessibility.
• S3 Standard IA – ‘S3 Standard Infrequently Accessed’ is utilized for conditions when information isn’t gotten to routinely, however it ought to be quick when there is a need to get to information. Like S3 Standard, it can likewise support the deficiency of information at a limit of 2 offices simultaneously.
• S3 One Zone Infrequent Access – Many of its highlights are like that of S3 Standard IA. The essential distinction between S3 one zone rare access and the remainder of the capacity class is that its accessibility is low, i.e., 99.5%. The accessibility of S3 standard and standard IA is 99.99%.
• S3 Glacier – S3 glacial mass gives the least expensive stockpiling class when contrasted with other capacity classes. One can utilize the information put away in the S3 ice sheet for the file as it were.

Ans: This inquiry is an illustration of situation based AWS inquiries questions. Other than having hypothetical information, an applicant ought to likewise think about the business uses and working of different AWS administrations.
The client’s solicitations with respect to picture delivering can be coordinated to the picture delivering workers just, while the overall figuring clients can be coordinated to the registering workers. This will help in adjusting the heap on different workers and getting to them when required.

Ans: A strategy is an item in AWS that is related with a separate asset and characterizes if the client demand is to be allowed. The six distinct kinds of approaches in AWS are as per the following:
• Identity-based arrangements – These strategies are worried about a personality client, various clients, or a specific job. Character based approaches store consents in the JSON design. They are likewise additionally partitioned into overseen and inline approaches.
• Resource-based approaches – The arrangements that are worried about assets in AWS are called asset-based strategies. An illustration of an asset in AWS is the S3 pail.
• Permissions limits – Permissions limits characterize the most extreme number of authorizations that can be allowed to an article

Ans: Amazon VPC (Virtual Private Cloud) allows a client to dispatch AWS assets into a virtual organization characterized by the client as it were. Since the client characterizes the virtual organization, different parts of the virtual organization can be constrained by the client, as subnet creation, IP address, and so on
Firms can introduce a virtual organization inside their association and utilize all the AWS benefits for that organization. Clients can likewise make a directing table for their virtual organization utilizing VPC. A steering table is a bunch of decides that characterizes the bearing of the approaching traffic.
The correspondence between your virtual organization and the web can likewise be set up utilizing the web door offered by AWS VPC. One can get to the VPC offered by Amazon by means of different interfaces that are AWS the board console, AWS CLI (Command Line Interface), AWS SDKs, and Query API. Clients can pay for extra VPC segments whenever required like NAT door, traffic reflecting, private connection, and so on

Ans: This inquiry is one of the conspicuous specialized AWS inquiries questions inquired. Other than thinking about the cloud organization administrations of AWS, competitors ought to likewise zero in on information base administrations offered by Amazon.
I will introduce/send ElastiCache in the different accessibility zones of EC2 examples. Sending ElastiCache in the memory reserve of various accessibility zones will make a stored adaptation of my site in different zones. RDS MySQL read copy will then, at that point be added to every accessibility zone for quicker execution of the site. Since the ‘RDS MySQL read imitation’ is added to every accessibility zone, it won’t further load on the RDS MySQL case, hence tackling the read dispute issue. Clients can likewise get to my site rapidly in different accessibility zones as a reserved adaptation is made in each zone.

Ans: AWS information engineer inquiries can be posed if an up-and-comer is applying for information researcher/engineer. The server farm of my firm can be associated with the Amazon cloud climate with the assistance of VPC (Virtual Private Cloud). I would recommend my firm set up a virtual private organize and afterward interface VPC and the server farm. My firm would then be able to dispatch AWS assets in the virtual private organization utilizing VPC. A virtual private organization will build up a protected association between the association’s server farm and the AWS worldwide organization. Adding cloud administrations to our association will assist us with doing less time while effectively cutting expenses over the long haul.
I would likewise recommend making numerous reinforcements of the organization information prior to moving it effectively to the cloud. AWS offers moderate reinforcement plans, and one can likewise computerize reinforcements after a fixed stretch.

Ans: Flexible burden adjusting in AWS upholds three distinct kinds of burden balancers. The heap balancers are utilized to course the approaching traffic in AWS. The three kinds of burden balancers in AWS are as per the following:
• Application load balancer – The application load balancer is worried about the directing choices made at the application layer. It does way based directing at the HTTP/HTTPS (layer 7). It additionally helps in steering solicitations to different holder occasions. You can highway a solicitation to more than one port in the compartment occasions utilizing the application load balancer.
• Network load balancer – The organization load balancer is worried about steering choices made at the vehicle layer (SSL/TCP). It utilizes a stream hash directing calculation to decide the objective on the port from the gathering of targets. When the objective is chosen, a TCP association is set up with the picked target dependent on the audience setup that is known.
• Classic burden balancer – An exemplary burden balancer can settle on either the application layer or the vehicle layer. One can plan a heap balancer port to just a single holder case (fixed planning) through the exemplary burden balancer.

Ans: NAT (Network Address Translation) is an AWS administration that aides in interfacing an EC2 occurrence to the web. The EC2 occasion utilized by means of NAT ought to be in a private subnet. The web as well as help in associating an EC2 case to other AWS administrations.
Since we are utilizing the EC2 occasion in a private subnet, associating with the web through some other means would disclose it. NAT helps in holding the private subnet while setting up an association between the EC2 example and the web. Clients can make NAT entryways or NAT occasions for setting up an association between EC2 examples and web/AWS administrations.
NAT cases are single EC2 occasions, while NAT entryways can be utilized across different accessibility zones. In the event that you are making a NAT occurrence, it’s anything but a fixed measure of traffic chose by the example’s size.

Ans: AMI represents Amazon Machine Image. It’s a layout that gives the data (a working framework, an application worker, and applications) needed to dispatch an occasion, which is a duplicate of the AMI running as a virtual worker in the cloud. You can dispatch occurrences from as a wide range of AMIs as you need.

Ans: From a solitary AMI, you can dispatch various kinds of occasions. A case type characterizes the equipment of the host PC utilized for your occasion. Each occasion type gives diverse PC and memory capacities. When you dispatch an example, it’s anything but a customary host, and we can collaborate with it as we would with any PC.

Ans: An AMI incorporates the accompanying things
• A format for the root volume for the example
• Launch authorizations choose which AWS records can benefit the AMI to dispatch occasions
• A block gadget planning that decides the volumes to join to the occasion when it is dispatched

Ans: Amazon S3 is a REST administration, and you can send a solicitation by utilizing the REST API or the AWS SDK covering libraries that wrap the basic Amazon S3 REST API.

Ans: Of course, you can make up to 100 cans in every one of your AWS accounts.

Ans: Indeed, you can upward scale on the Amazon occurrence. For that
• Spin up another bigger case than the one you are right now running
• Pause that occasion and disconnect the root networks volume from the worker and dispose of
• Then stop your live example and segregate its root volume
• Note the novel gadget ID and append that root volume to your new worker
• And start it once more

Ans: T2 examples are intended to give moderate pattern execution and the capacity to blast to better as needed by the responsibility.

Ans: With private and public subnets in VPC, information base workers ought to in a perfect world dispatch into private subnets.

Ans: For secure Amazon EC2 best practices, follow the accompanying advances
• Use AWS character and access the board to control admittance to your AWS assets
• Restrict access by permitting just confided in hosts or organizations to get to ports on your example
• Review the standards in your security bunches consistently
• Only open up consents that you require
• Disable secret word based login, for instance, dispatched from your AMI

Ans: The cushion is utilized to make the framework more strong to oversee traffic or burden by synchronizing various parts. Typically, segments get and measure the solicitations in an uneven manner. With the assistance of a support, the parts will be adjusted and will work at similar speed to offer quicker types of assistance.

Ans: The conceivable association blunders one may experience while interfacing occurrences are
• Connection planned out
• User key not perceived by the worker
• Host key not discovered, consent denied
• An unprotected private key document
• The worker rejected our key or No upheld validation strategy accessible
• Error utilizing MindTerm on Safari Browser
• Error utilizing Mac OS X RDP Client

Ans: Key sets are secure login data for your virtual machines. To associate with the occasions, you can utilize key matches that contain a public-key and private-key.

Ans: Following are the sorts of occurrences:
What NOT to do
• General-reason
• Computer Optimized
• Memory-Optimized
• Storage Optimized
• Accelerated Computing

Ans: No, right now Amazon VPI doesn’t offer help for broadcast or multicast.

Ans: 5 VPC Elastic IP addresses are considered each AWS account.

Ans: The default stockpiling class is a Standard oftentimes got to.

Ans: Jobs are accustomed to giving consents to elements that you can trust inside your AWS account. Jobs are basically the same as clients. Nonetheless, with jobs, you don’t need to make any username and secret key to work with the assets.

Ans: Redshift is a major information stockroom item. It is a quick and incredible, completely oversaw information stockroom administration in the cloud.

Ans: Following are the benefits of autoscaling
• Offers adaptation to internal failure
• Better accessibility
• Better cost the board

Ans: A huge part of IP Addresses partitioned into pieces is known as subnets.

Ans: Indeed, we can build up a peering association with a VPC in an alternate area. It is called between district VPC peering association.

Ans: Basic Queue Service is otherwise called SQS. It is appropriated lining administration which goes about as a middle person for two regulators.

Ans: You can have 200 subnets per VPC.