AWS Part 3 (201-250)

Question 1

What happens when EC2 instance is halted or ended?

Answer 1

• Shutdown is performed typical way
• EBS volumes can stay joined and begin again
• Occurence hours are NOT charged when ceased state
  deleteontermination is set to false

Question 2

What are the mainstream DevOps devices?

6 devices mentioned - J. G. N. S. D. PCA.

Answer 2

• Jenkins ~ Continuous Integration tool
• Git ~ Version Control System tool
• Nagios ~ Continuous Monitoring tool
• Selenium ~ Continuous Testing tool
• Docker ~ Containerization tool
• Puppet, Chef, Ansible ~ Deployment & Configuration Admin tools

Question 3

What are IAM Roles and Policies? What is difference between IAM Roles, and Policies?

Answer 3

Roles: for AWS Services, assign permissions of some AWS service to another service
- Example - Give S3 permission to EC2 to access buckets

Policies: for users and groups, assign perimmissions to users and groups
- Example - Give permission to user to access S3 buckets

Question 4

What are the default services we get when we create AWS VPC?

3 main services offered… R. N. S.

Answer 4

• Route Table
• Network ACL (NACL)
• Security Group

Question 5

What is difference between Public Subnet and Private Subnet?

Answer 5

Public: will have IGW attached to route table, private will NOT have IGW attached

Causing no internet for private subnet…

Question 6

How do you access EC2 with Private IP in a Private Subnet?

Answer 6

Using VPN, if configured to that VPC
Can access using other EC2 with public access

Question 7

We have custom VPC configured and MySQL DB server which is on Private Subnet. Need to update MySQL DB server, what are the options to do so?

Answer 7

Using NAT Gateway in the VPC
. or Launch NAT instance EC2 config
. or Attach NAT Gateway in Public Subnet and attach it to the Route Table

Question 8

What is the difference between Security Groups and NACLs?

4 main things - Attached to ? Stateful or Stateless? Block IP? Rules?

Answer 8

Security Groups:
- Attached to EC2 instance
- Stateful for incoming/outgoing rules
- Blocking IP address can’t be done
- Allow rules only, by default rules are denied

NACL:
- Attached to Subnet
- Stateless - Incoming rules only
- IP address can be blocked
- Allow and Deny can be used

Question 9

What are differences between Route53 and ELB?

Answer 9

Route53 handles DNS servers with web interface

Elastic Load Balancing auto scales depending on the demand

Question 10

Which engines can be used in AWS RDS?

5 main engines mentioned here

Answer 10

• MariaDB
• MySQL DB
• MS SQL DB
• Postgre DB
• Oracle DB

Question 11

What are Status Checks in EC2?

Can you list 9 types of check?

Answer 11

Look for issues with instances for the following:
1. Network
2. Power
3. Software
4. Hardware
5. Instance
6. Memory
7. Files
8. Kernels
9. Failed checks

Question 12

To establish peering between 2 VPC’s, what conditions must be met?

Discuss about CIDR and locations

Answer 12

• CIDR block should NOT overlap between VPC settings for peering.
• Peering connection is allowed within a region, across region, across different accounts

Question 13

Troubleshoot with EC2 instances

2 examples and 2 potential solutions

Answer 13

• If instance state is (0/2) then there may be hardware issue
• If instance state is (1/2) then there may be issue with OS

Workaround - Restart, or if no resolutio then check logs

Question 14

How can EC2 instances be resized?

Answer 14

Can scale UP or DOWN based on requirement

Question 15

What is EBS?

Answer 15

Block-level storage volume which can be used after mounting EC2 instances

Question 16

Difference between EBS, EFS, and S3?

Answer 16

EBS: Can be accessed ONLY after is mounted with instance

EFS: Can be shared with multiple instances

S3: Can be access without mounting with instances

Question 17

Max number of buckets that can be created in AWS?

Answer 17

You can creat up to 100 buckets per AWS account

Question 18

Max number of EC2 instances that can be created in VPC?

Answer 18

You can create up to 20 reserved instances and request Spot as per demand

Question 19

How can EBS be accessed?

Answer 19

After mounting to EC2 instance, it can be accessed

Question 20

What is process to mount EBS to EC2 instance?

Answer 20

Coding ahead:
- Df-k
- mkfs.ext4/dev/xvdf
- Fdisk -|
- Mkdir /my5gbdata
- Mount /dev/xvdf /my5gbdata

Question 21

How to add volume permanently with instance?

Answer 21

Each restart unmounts volume from image, so to keep:

Cd /etc/fstab
/dev/xvdf /data ext4 defaults 0
0 < edit the file system name accordingly

Question 22

What is difference between Service Role and SAML Federated Role?

Answer 22

Service Role: Meant for usage of AWS services based on policies attached to it
- Ex. In case of automation we can create a service role and attach to it

Federated Role: Meant for User access and getting access to AWS as per designed role
- Ex. We can have fed role created for office emp and then that group will be created in the AD and user added to it

Question 23

How many policies can be attached to a role?

Answer 23

10 is soft limit, 20 is max limit

Question 24

What are different ways to access AWS?

3 different ways:

Answer 24

• Console
• CLI
• AWS SDK

Question 25

How is a root user different than an IAM user?

Answer 25

Root user is master of all in the AWS accounts, IAM users can be limited or act as Admin via policies

Question 26

What do you mean by principal of least privilege in terms of IAM?

Answer 26

To provide the same or equivalent permission to user/role

Question 27

What is the meaning of non-explicit deny for IAM user?

Answer 27

When IAM user is created and it is not having any policy attached to it

Question 28

What is the precedence level between explicit allow and explicit deny?

Answer 28

Explicit Deny will always override Explicit Allow

Question 29

What is the benefit of creating group in IAM?

Answer 29

- Makes user management process much simpler - Adding policy to group(s) instead of each user

Question 30

What is the difference between the Admin Access and Power User access in terms of pre-build policy?

Answer 30

Admin access has full permissions to all things, while Power Users have Admin access but no user/group management.

Question 31

What is the purpose of Identity Provider?

Answer 31

Helps in building trust between AWS and corporate AD environment, while creating Federated roles.

Question 32

What are the benefits of STS? | What is STS?

Answer 32

Helps in securing AWS environment - Do not need to embed or distribute creds - Do not need to rotate or revoke tokens

Question 33

What is the benefit of creating the AWS Organization?

Answer 33

Helps in - managing IAM policies - creating AWS accounts programmatically - managing the paymeny and billing methods

Question 34

What is max file length in S3?

Answer 34

UTF-8 1024 bytes

Question 35

Which activity cannot be done using autoscaling?

Answer 35

Maintain fixed running of EC2

Question 36

How will you secure data at rest in EBS?

Answer 36

EBS data is ALWAYS secure

Question 37

What is max size of S3 bucket?

Answer 37

5TB

Question 38

Can objects in S3 be delivered through Amazon CloudFront?

Answer 38

Yes

Question 39

Which service is used to distribute content to end users using global network EDGE LOCATION?

Answer 39

VPC | Virtual Private Cloud

Question 40

What is "Ephemaral"?

Answer 40

Temporary

Question 41

What are SHARDS in kinesis services?

Answer 41

Shards are used to store data in Kenesis

Question 42

Where can you find Ephemeral storage?

Answer 42

In the Instance Store service

Question 43

I have some private servers on my premises and distributed some of my workload to public cloud. What is this architecture called?

Answer 43

VPC | Virtual Private Cloud

Question 44

Route 53 can be used to route users to infrastructure outside of AWS. True or False?

Answer 44

False!

Question 45

Is Simple Workflow Service one of the valid SNS Subscribers?

Answer 45

No

Question 46

Which cloud model do devs and orgs all around the workd leverage extensively?

Answer 46

IAAS | Infrastructure as a Service

Question 47

Can CloudFront serve content from a non AWS origin server?

Answer 47

No

Question 48

Is EFS a centralised storage service in AWS?

Answer 48

Yes

Question 49

Which AWS service will you use to collect and process ecommerce data for real-time analysis?

Answer 49

Both Dynamo DB & Redshift

Question 50

High demand of IOPS performance is expected around 15000. Whic EBS volume type would you recommend?

Answer 50

Provisioned IOPS