AWS Interview Questions and Answer Part – 6

You run the internal intranet for a corporate bank. The intranet consists of a number of webservers and single relational database running Microsoft SQL Server. Your peak demand occurs at 9am every week morning when users are first logging in to the intranet. They can only log in using the company’s internal network and it is not possible to access the intranet from any location other than within the office building for security purposes. Management is considering a change and to move this enironment to AWS where users will be able to access the intranet via a software VPN. You have been asked to evaluate a migration to AWS and to identify the best EC2 billing model for your company’s intranet. You must keep costs low and to be able to scale at particular times of day. You must maintain availabilty of the intranet throughout office hours. Management do not want to be locked in to any contracts in case for some reason they want to go back to hosting internally. What EC2 billing model should you recommend?

  • On-demand. (Ans)
  • Reserved Instances.
  • Dedicated Instances.
  • Spot Instances.

You are the IT manager at a furniture retailer and they are considering moving their web application to AWS. They currently colocate their servers in a colocation facility and the contract for this facility is now coming to an end. Mangement are comfortable signing a 3 year contract and want to get the cheapest web servers as possible while still maintaining availability. Their traffic is very steady and predictable. What EC2 pricing model would you recommend to maintain availability and to get the lowest cost price available?

  • On-demand.
  • Reserved Instances. (Ans)
  • Dedicated Instances.
  • Spot Instances.

You work for a government contractor who supply services that are critical to national security. Because of this your corporate IT policy states that no multi-tenant virtualization is authorised within the company. Despite this, they are interested in moving to AWS but they cannot violate corporate IT policy. Which EC2 billing model would you recommend that they use to achieve this?

  • On-demand.
  • Reserved Instances.
  • Dedicated Instances. (Ans)
  • Spot Instances.

Your company has a web application on AWS. The application computes thousands of algorithms per second and is very CPU and disk intensive. The application runs on a c4.8xlarge, the largest C class instance available. The application stores it’s data locally on a standard SSD disk. Your application starts to perform slow. You check the logs and notice that your disk IO is routinely going above 10,000 IOPS. What should you do to remediate the issue?

  • Change the instance family from a c4.8xlarge to an r4.8xlarge so that you have more memory available to cope with the increased IO.
  • Migrate the EBS volume from a standard EBS volume to a provisioned IOPS EBS volume. (Ans)
  • Migrate the EBS volume from a standard EBS volume to a magnetic volume.
  • Decrease the size of the EBS volume so as to increaase its IOPS performance.

You work for a media production company that streams popular TV shows to millions of users. They are migrating their web application from an in house solution to AWS. They will have a fleet of over 10,000 webservers to meet the demand and will need a reliable layer 4 load balancing solution capable of handling millions of requests per second. What AWS load balancing solution would be suit their needs?

  • AWS Direct Connect
  • Elastic Load Balancer.
  • Appilcation Load Balancer.
  • Network Load Balancer. (Ans)

You work for a web analytics firm who have recently migrated their application to AWS. The application sits behind an Elastic Load Balancer and it monitors user traffic to their website. You have noticed that in the application logs you are no longer seeing your users public IP addresses, instead you are seeing the private IP adress of the elastic load balancer. This data is critical for your business and you need to rectify the issue immediately. What should you do?

  • Migrate the application in front of a Network Load Balancer and then reverse proxy traffic to your RDS instance.
  • Update the application to log the x-forwarded-for header to get your users public IPv4 addresses. (Ans)
  • Install a cloudwatch logs agent on the EC2 instances behind the elastic load balancer to monitor the public IPv4 addresses and then stream this data to AWS Neptune.
  • Migrate the application to AWS Lambda instead of EC2 and put the Lambda function behind a Network Load Balancer.

You have a large team of developers working on a web application. A new developer joins the organisation but discovers they cannot do anything in the AWS console. You discover that they are not in the the developer group. You add the user to the group. How long will it take for the group’s permissions to take effect?

  • 24 hours
  • 12 hours
  • 60 seconds
  • Immediately (Ans)

You work at a large bank and are responsible for transitioning the banks applications to the cloud. You are creating an internal IT policy and this policy needs to dictate what level of access you should give to people in your organization. What is the best practice in terms of assigning permissions?

  • Grant administrator acceess to all users.
  • Grant the minimum level of access to each user, depending on what his or her job requirements are (least privilege). (Ans)
  • Grant yourself administrator access and deploy the code that your developers create yourself.
  • Deny all access to the cloud as its’s insecure.

You work at a small start up that has 4 developers. Each developer will need access to AWS using the SDK, CLI and Console. You create 4 user accounts and assign them to the developer group. What should you do next?

  • Create a user account called super-dev-1, Give this account full administrator access and generator the access keu id and secret access key. Share these keys with your developers.
  • Carefully consider what permissions your developers will need and create a custom IAM policy. Attach this IAM to an S3 bucket.
  • Carefully consider what permissions your developers will need and create a custom IAM policy. Attach this IAM policy to the developer group. (Ans)
  • Create a user account called super-dev-1. Give this account S3 read only access and generate the access key id and secret access key. Share these keys with your developers

You work at a busy fast food chain who have recently migrated their physical servers on to EC2. Each instance needs to be able to communicate to S3 in order to pull down some configuration data. What is the best way to achieve this?

  • Create a role, and assign an IAM policy giving you access to S3 to the role. (Ans)
  • Create a new user, assign that user full administrative privileges on AWS and then generate an Access Key ID and Secret Access Key. Store the details on each EC2 instance.
  • Create a new user, assign that user full S3 Administrator Access and then generate an Access Key ID and Secret Access Key. Store the details on eaach EC2 instance.
  • Create a new user, assign that user read only access for S3 and then generate an Access Key ID and Secret Access Key. Store the details on each EC2 instance.

An new CIO joins your company and implements a new company policy that all EC2 instances must have encryption at rest. What is the quickest and easiest way to apply this policy to your existing EC2 instances?

  • In the AWS console, click on the EC2 instances, click actions and click encrypt EBS voulmes.
  • Create a snapshot of the EC2 volume. Then create a copy of that volume, checking the box to enable encryption. Create an AMI of the copied snapshot and then redeploy the EC2 instance using the encrypted AMI. Delete the old EC2 instance. (Ans)
  • Create an encrypted snapshot of the EC2 volume using the encrypr on the fly option. Create an AMI of the copied snapshot and then redeploy the EC2 instance using the encrypted AMI. Delete the old EC2 instance.
  • Create an encrypted AMI of the EC2 volume using Windows Bitlocker.

You have a very popular blog site, which has recently had a surge in traffic. You want to implement an elasticache solution to help take the load of the production database and you want to keep it as simple as possible. You will need to scale you cache horizontally and object caching will be your primary goal. Which elasticache solution will best suit your needs?

  • ArangoDB
  • Redis
  • Memcached (Ans)
  • Couchbase

You work for an online gaming store which has a global world wide leaderboard for players of the game. You need to implement a caching system for your leaderboard that has multiple availability zones in order to prevent an outage. Which elasticache solution should you use?

  • ArangoDB
  • Redis (Ans)
  • Memcached
  • Couchbase

You have an EC2 instance in a single availability zone connected to an RDS instance. The EC2 instance needs to communicate to S3 to download some important configuration files from it. You try the command aws s3 cp s3://yourbucket /var/www/html however you receive an error message. You log in to Identity Access Management (IAM) and discover there is no role created to allow EC2 to communicate to S3. You create the role and attach it to the existing EC2 instance. How fast will the changes take to propagate?

  • Immediately (Ans)
  • The same duration as Cloudwatch standard monitoring-5 minutes.
  • The same duration as Cloudwatch detailed monitoring-1 minutes.
  • It depends on the region and availability zone.

If you encrypt a bucket on S3, what type of encryption does AWS use?

  • Data Encryption Standard (DES)
  • International Data Encryption Algorithm (IDEA)
  • Advanced Encryption Standard (AES) 128
  • Advanced Encryption Standard (AES) 256 (Ans)

When you first create an S3 bucket, this bucket is publicly accessible by default.

  • True
  • False (Ans)

If you want to enable a user to download your private data directly from S3, you can insert a pre-signed URL into a web page before giving it to your user.

  • True (Ans)
  • False

The minimum file size allowed on S3 is 1 byte.

  • True
  • False (Ans)

What is the largest size file you can transfer to S3 using a PUT operation?

  • 100MB
  • 1GB
  • 5GB (Ans)
  • 5TB

You are hosting a static website in an S3 bucket that uses Java script to reference assets in another S3 bucket. For some reason, these assets are not displaying when users browse to the site. What could be the problem?

  • Amazon S3 does not support javascript.
  • You cannot use one S3 bucket to reference another S3 bucket.
  • You haven’t enabled Cross Origin Resource Sharing (CORS) on the bucket where the assets are stored. (Ans)
  • You need to open port 80 on the appropriate security group in which the S3 bucket is locate-
Rajesh Kumar
Follow me