Lambda (Serverless Computing)
1. What is AWS Lambda?
A) AWS Lambda is a serverless compute service that executes code in response to events without the need to provision or manage servers.
2. How does Lambda scale?
A) Lambda scales automatically by running code in response to triggers, capable of processing thousands of concurrent executions.
3. What are Lambda triggers?
A) Triggers are events that invoke Lambda functions, such as S3 uploads, API Gateway requests, DynamoDB table updates, or scheduled CloudWatch events.
4. How do you monitor Lambda functions?
A) Monitoring is done using AWS CloudWatch Logs for logging, CloudWatch Metrics for performance oversight, and AWS X-Ray for tracing.
5. What is the maximum execution time for a Lambda function?
The maximum execution time allowed for a Lambda function is 15 minutes.
CloudFormation (Infrastructure as Code)
1. What is AWS CloudFormation?
A) CloudFormation is a service that enables you to model and set up your AWS resources through templates, facilitating Infrastructure as Code (IaC).
2. What is a CloudFormation stack?
A) A stack refers to a collection of AWS resources managed as a single unit using a CloudFormation template.
3. How do you handle updates to a CloudFormation stack?
A) You can update a stack by altering its template or parameters, and CloudFormation will implement the changes systematically and in a controlled manner.
4. What is a CloudFormation template?
A) A template is a file in JSON or YAML format that specifies the AWS resources and their configurations.
5. What is CloudFormation drift detection?
A) Drift detection identifies any discrepancies between the resources in your stack and the expected configuration as defined in your template.
DynamoDB (NoSQL Database)
1. What is Amazon DynamoDB?
A) DynamoDB is a fully managed NoSQL database service that delivers fast and reliable performance, along with effortless scalability.
2. What is a DynamoDB partition key?
A) The partition key, also known as the hash key, is a unique attribute that DynamoDB utilizes to distribute data across multiple partitions for storage.
3. What are DynamoDB global and local secondary indexes?
A) A Global Secondary Index (GSI) enables querying based on attributes other than the primary key across the entire table. In contrast, a Local Secondary
Index (LSI) allows querying with a different sort key within the same partition as the primary key.
4. What is DynamoDB auto-scaling?
A) Auto-scaling automatically adjusts the read and write capacity of your DynamoDB table in response to traffic, preventing both under- and over-
provisioning of resources.
5. What is DynamoDB Streams?
A) DynamoDB Streams captures table activities (insert, update, delete) and facilitates real-time processing of this data, typically in conjunction with
Lambda.
6. How do you ensure strong consistency in DynamoDB?
A) By default, DynamoDB operates with eventual consistency. To obtain strong consistency, you must specify “ConsistentRead” during a read operation.
7. What is DynamoDB TTL (Time to Live)?
A) TTL automatically deletes expired data from your DynamoDB tables, assisting in the management of storage costs.
VPC (Virtual Private Cloud)
1. What is an Amazon VPC?
A) Amazon VPC allows you to create a logically isolated area of the AWS cloud to launch AWS resources within a specified virtual network.
2. What is a subnet in VPC?
A) A subnet is a portion of a VPC’s IP address space where you can deploy EC2 instances, categorized as either public or private.
3. What is the difference between a public and a private subnet?
A) Public subnets have a route to an internet gateway, allowing external access, whereas private subnets lack direct internet connectivity.
4. What is an Internet Gateway?
A) An Internet Gateway facilitates communication between instances in your VPC and the internet.
5. What are NAT instances and NAT gateways?
A) NAT instances and NAT gateways enable instances in a private subnet to access the internet while preventing inbound traffic.
6. What is a route table in VPC?
A) A route table consists of rules that dictate where network traffic from your subnets is directed.
7. What is VPC peering?
A) VPC peering allows for a private connection between two VPCs, enabling them to communicate as if they were on the same network.
8. What is a VPC endpoint?
A) A VPC endpoint provides a private connection from your VPC to supported AWS services without the need for an internet gateway or NAT.
9. What are VPC flow logs?
A) VPC Flow Logs offer detailed insights into IP traffic to and from network interfaces in your VPC, which is helpful for security and troubleshooting
purposes.
10. What are security groups and NACLs?
A) Security Groups function as virtual firewalls for your instances, managing both inbound and outbound traffic, while Network ACLs (NACLs) regulate traffic at
the subnet level.
CloudWatch (Monitoring)
1. What is Amazon CloudWatch?
A) CloudWatch is a monitoring and observability service that provides insights and data on AWS resources and applications by collecting metrics and logs.
2. What are CloudWatch Alarms?
A) Alarms monitor metrics and trigger notifications or automated actions when a specified threshold is exceeded.
3. What is a CloudWatch Metric?
A) Metrics are sets of time-ordered data points used for monitoring resources and applications.
4. What is CloudWatch Logs?
A) CloudWatch Logs allow for real-time monitoring of logs from AWS services, applications, and systems, enabling searching and filtering of log data.
5. What is CloudWatch Events?
A) CloudWatch Events provide a stream of system events that describe changes in AWS resources, allowing for automated responses or the invocation of Lambda functions.
6. How do you set up a CloudWatch dashboard?
A) A CloudWatch dashboard is a customizable interface that lets you visualize metrics from various AWS services in one place.
7. What is AWS X-Ray?
A) X-Ray is a service that helps debug and analyze distributed applications by providing end-to-end tracing of requests as they move through your services.
8. What distinguishes CloudWatch from CloudTrail?
A) CloudWatch focuses on performance monitoring (metrics, logs), while CloudTrail is centered on auditing API calls made within your AWS account.
Elastic Beanstalk (PaaS)
1. What is AWS Elastic Beanstalk?
A) Elastic Beanstalk is a Platform as a Service (PaaS) that simplifies the deployment and scaling of web applications and services built in popular
programming languages.
2. How does Elastic Beanstalk simplify application deployment?
A) Elastic Beanstalk handles infrastructure provisioning, load balancing, scaling, and monitoring, allowing developers to focus on coding.
3. What is an environment in Elastic Beanstalk?
A) An environment is a collection of AWS resources running a specific version of an application within Elastic Beanstalk.
4. How does Elastic Beanstalk manage updates?
A) Elastic Beanstalk employs rolling updates to avoid downtime, deploying new instances while phasing out old ones.
5. How do you monitor applications in Elastic Beanstalk?
A) Elastic Beanstalk integrates with CloudWatch to monitor resource usage, application logs, and metrics.
ECS (Elastic Container Service)
1. What is Amazon ECS?
A) ECS is a fully managed container orchestration service that allows you to run Docker containers on a cluster of EC2 instances.
2. What is the difference between ECS and EKS?
A) ECS is an AWS-native service for container management, while EKS is AWS’s managed Kubernetes service for container orchestration.
3. What are ECS tasks and services?
A) A task is a single instance of a running container, and an ECS service manages the number of task instances and load balancing.
4. What is an ECS cluster?
A) A cluster is a logical grouping of EC2 instances or Fargate tasks where ECS tasks are initiated.
5. What is Amazon Fargate?
A) Fargate is a serverless compute engine for containers, allowing you to run containers without managing the underlying EC2 instances.
Elastic Load Balancer (ELB)
1. What is an Elastic Load Balancer (ELB)?
A) ELB automatically distributes incoming traffic across multiple EC2 instances, containers, or IP addresses to enhance availability.
2. What types of load balancers exist in AWS?
A) There are three types: Application Load Balancer (ALB), Network Load Balancer (NLB), and Gateway Load Balancer (GWLB).
3. What distinguishes an ALB from an NLB?
A) ALB operates at the application layer (HTTP/HTTPS), while NLB functions at the transport layer (TCP), providing low-latency load balancing.
4. What is a target group in ELB?
A) A target group directs requests to one or more registered targets, such as EC2 instances, containers, or IP addresses.
5. How does ELB manage SSL termination?
A) ELB can handle SSL certificates and perform SSL termination at the load balancer level, relieving backend servers of SSL processing.
CodePipeline (CI/CD)
1. What is AWS CodePipeline?
A) Advanced Security & Identity Management CodePipeline is a continuous integration and continuous delivery (CI/CD)
service that automates the release pipeline for application updates.
2. What are the primary components of CodePipeline?
A) Key components include sources (where code is stored), build providers (like CodeBuild), test stages, and deployment stages.
3. How does CodePipeline integrate with other AWS services?
A) CodePipeline collaborates with services such as CodeBuild, CodeDeploy, Lambda, S3, and CloudFormation to create a comprehensive CI/CD pipeline.
4. What is the difference between CodePipeline and Jenkins?
A) CodePipeline is a fully managed AWS service for CI/CD, whereas Jenkins is an open-source CI tool that requires more manual setup and maintenance.
5. What is AWS CodeBuild?
A) CodeBuild is a fully managed build service that compiles source code, runs tests, and generates software packages for deployment.
Advanced Security & Identity Management
1. What is AWS KMS (Key Management Service)?
A) KMS is a managed service for creating and controlling encryption keys used to encrypt and decrypt data across AWS services.
2. What encryption types does AWS KMS support?
A) It supports both symmetric and asymmetric encryption.
3. What is AWS Secrets Manager?
A) Secrets Manager provides secure storage, retrieval, and management of sensitive information such as database credentials or API keys.
4. What is AWS Shield?
A) AWS Shield is a managed DDoS protection service that defends applications running on AWS from network and application layer attacks.
5. What is Amazon GuardDuty?
A) GuardDuty is a threat detection service that continuously monitors AWS accounts and workloads for malicious or unauthorized activities.
6. What is AWS WAF (Web Application Firewall)?
A) AWS WAF is a web application firewall designed to safeguard web applications from common attacks such as SQL injection and cross-site scripting.
7. What is Amazon Inspector?
A) Amazon Inspector automatically evaluates applications for vulnerabilities and deviations from best practices.
8. What is an AWS Organizations policy?
A) Organizations policies enable centralized management of security, auditing, andcompliance for multiple AWS accounts within your organization.
9. How does AWS IAM role delegation operate?
A) Role delegation provides temporary access to AWS resources without the need to share long-term credentials by assuming IAM roles.
10. What is a service-linked role in AWS IAM?
A) A service-linked role is automatically generated by AWS services to enable them to access resources on your behalf.