Dot Net For All

Real tricky AWS cloud Interview questions and Answers

Vikram Chaudhary

AWS

Hello Friends, in this article I will help you to understand the different real time AWS cloud interview questions and answers. These questions can also help you to prepare for aws certifications as well. This article can help you to understand what type of questions you can expect in if you are appearing for AWS cloud interview for developer, architect or sysop positions.

How to prepare for AWS Certifications

Real Time Top AWS Cloud Interview Questions And Answers

  1. What is a VPC (Virtual private cloud)?
    • VPC is used to set up a logically separate data center in the cloud which can be used to distinguish your AWS service from services which are hosted by other users. Once we setup a VPC we have to provide a IPv4 address range which can be used by resources hosted in it . The IP range can be from \16 to \28.
  2. What is a subnet?
    • Once we are done with setting up of VPC, we can spin up multiple subnets in the VPC. The number of subnets we can initiate depend on the number of availabilty zones in that perticular region. One subnet spans only a single AZ. The IP addresses range assigned to a subnet is subset of the parent VPC’s IP address range. Any two subnets cannot overlap the IP addresses among themselves. The VPC is used to setup public and private instances.
  3. What is difference between public and private subnet.
    • Instances present in the public subnet can accessed from the internet while we cannot access the resources present in the private subnet. We can make a public subnet by sending out traffic using Internet Gateway in the route table from the subnet.
  4. What is an EC2 and different type of EC2 options present in AWS?
    • EC2 provides resize able compute capacity in cloud. It reduces time required to obtain and boot new server instance to minutes.
    • Different EC2 options present are as under:
      • Ondemand
      • Reserved
      • Spot
      • Dedicated Hosts.
  5. What is internet gateway.
    • An Internet Gateway is a logical connection between an Amazon VPC and the Internet. It is not a physical device Only one can be associated with each VPC. It does not limit the bandwidth of Internet connectivity.
  6. Can a subnet span across multiple Availability zones?
    • No a subnet cannot span across multiple availability zones
  7. Why is it recommended to spin an AWS Lambda without any VPC?
    • If we assign a VPC to lambda it will try to assign an ENI to the instances which behind the screen. And this process can take some time, which can increase the latency for the lambda results.
  8. What is an ENI?
    1. An elastic network interface is a logical networking component in a VPC that represents a virtual network card. For more information you can follow the link: Network Interface.
  9. What are the different  uses of Internet gateway.
    • Internet gateway has two main utilizations:
      • All the resources in a subnet are assigned with private IP and they don’t know their public IP. The network address translation for instances which has been assigned public IP.
      • Other use of an internet gateway is to make the resource in a subnet internet accessible. In other words a subnet is made public with the help of internet gateway.
  10. What is a NAT instance?
    1. Resources present in the private subnet can use NAT instance to access internet. Though we still cannot access these instances from outside, hence keeping them secure.
  11. How to set up a NAT instance?
    1. We have to create a NAT instance using already present AMI in the public subnet. And route out the traffic from the private subnets route table to this particular instance.
  12. What is a bastion host?
    1. Instances launched into private subnets can be accessed by bastion host. These are instances launched in the public subnet. We need to create an security group which allows ingress SSH or RDP only from bastion host. And assign this security group to the instances present in private subnet.
  13. What  is NAT gateway.
    1. NAT gateway is fully managed service provided by AWS to make internet accessible for the resources present in the private subnet.
  14. How is NAT instance different from NAT gateway?
    1. There is a very good and comprehensive list of differences present at this link.
  15. How is NAT different from bastion host.
    • EC2 instances in private subnet can access internet with the help of NAT instance.
    • Secure administration(SSH or RDP) of EC2 instances in private subnets can be done by using bastion host.
  16. What are different levels of security present in AWS to prevent your resources?
    1. There are two security layers present for our resources in AWS VPC. One is network level security, also known as NACL(Network access control list) and another one is instance level security know as security group(SG).
  17. What type of security is present at subnet level?
    1. We can create network access control list to allow or block traffic from specific IP addresses.
  18. What is difference between security group and network ACL?
    1. I have covered the differences in one of my previous articles which you can find here.
  19. Is security group stateless or stateful in nature. And why is it so?
    1. Security group is completely stateful in nature as it remembers the incoming or outgoing traffic port to allow the other side of traffic.
  20. What is difference between scale out and scale up?
    1. Scale out is to increase the number of resources. This is also known as horizontal scaling. On the other hand the scale up is to increase the current capacity of the resource in use. In  other words to increase the RAM or processing power of current resource in use.
  21. What are different type of storage present in AWS?
    1. Block Based (EBS)
    2. File Based (EFS)
    3. Object Based (S3)
  22. What is EBS?
    1. Allows you to create storage volumes and attach them to EC2 instances. Notably we can think of it as an hard disk which we can attach to VM.
  23. How is EBS different from EFS?
  24. Why there is need of EFS when there is S3 already present?
    1. As S3 is object based storage we cannot store files with locks and permissions. Therefore it is not possible to mount a S3 to an EC2 instance. Where as EFS is file based storage and it can be used to mount to multiple EC2 instances.
  25. What is an AMI?
    1. AMI are pre configured images which provide information to launch instances in the cloud. In fact these are the back bone of the EC2 instances. Meanwhile we can create our own AMI as well with the software configured as per our need. We can share the same AMI with public or privately within the same region or different region.
  26. What does an AMI consist?
    1. An AMI includes the following:
      1. A template for the root volume for the instance (for example, an operating system, an application server, and applications)
      2. Launch permissions that control which AWS accounts can use the AMI to launch instances
      3. A block device mapping that specifies the volumes to attach to the instance when it’s launched
  27. Can you create your own AMI and share it?
    1. Yes we can create our own AMI and share it with a particular account or publicly in the same region or different region.
  28. What are different type of EBS volume types?
    1. SSD Based: SSD is flash based with no moving parts. All points in SSD are highly available and accessible which makes them very good candidate for good I/O performance.
    2. HDD based: HDD is made up of moving parts. Eventually these parts have to move to the data location to read it. And hence a bad candidate for for I/O operations. But it has very good performance for sequential I/O.
  29. Which services have multi AZ enabled by default?
    1. There are service like S3, DynamoDb , EKS are the services are by default build to support multi AZ deployment. Therefore there is no need for a user to to provide any multi AZ option for these services.
  30. Can you use all the IP addresses assigned for a VPC?
    • The user cannot use the first four IP addresses and the last IP address in each subnet CIDR block , and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
        • 10.0.0.0: Network address.
        • 10.0.0.1: Reserved by AWS for the VPC router.
        • 10.0.0.2: Reserved by AWS. The IP address of the DNS server is always the base of the VPC network range plus two; however, we also reserve the base of each subnet range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR.
        • 10.0.0.3: Reserved by AWS for future use.
      • 10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
  31. What are the three type of gateways present in AWS?
    1. The three type of gateways present in AWS are:
      1. Internet gateway
      2. NAT gateway

I hope I have covered almost all the important and frequently asked AWS interview questions with their answers. Though I would suggest not to completely rely on this list and do your own comprehensive study of all AWS topics and have a better understanding.

Top career enhancing courses you can't miss

My Learning Resource

Excel your system design interview