1. Name the customer gateway devices that are used to connect to Amazon VPC
Ans.Statically routed VPN connections and dynamically routed VPN connections are the two types of VPN connections. The customer gateway devices that supports statically routed VPN connections must be able to do:-
1. Using pre-shared keys, establish IKE security association.
2. In tunnel mode, establish IPsec security associations.
3. Utilization of AES 128 bit or 256 bit encryption function
4. Prior to encryption, perform packet fragmentation.
5. Utilization of SHA 1 or SHA 2 having function
The custom gateway devices that supports dynamically routed VPN connections must be able to:-
1.Establishing border gateway protocol peering
2.Utilization of IPsec dead peer detection
3.Binding of tunnels to logical interfaces which have VPN route based
2. Mention the VPCs for which the classic link cannot be enabled.
Ans.A VPC which has a classless inter domain routing is one type of VPCs for which you cannot enable classic link. Another one is the VPC which has a
route table entry that points to 10.0.0.0/8 CIDR space.
3. Is it possible for traffic from an EC2 classic instance to travel through the Amazon VPC and then egress through the internet
gateway, virtual private gateway or to peer VPCs?
Ans. It is only possible to route the traffic from an EC2 classic instance to the private IP addresses that is within the VPC. They cannot be routed to any other destination which is outside the VPC.
4. Is the access control between the EC2 classic instance and other instances which are present in the EC2 classic platform be affected
by classic link?
Ans.The access control that is defined for an EC2 classic instance through its existing security groups from the EC2 classic platform cannot be changed with classic link.
5. Name the tools that are available to help troubleshoot the hardware VPN configuration.
Ans.The status of the VPN connection is displayed by the Describe VPN connection API. It also includes the Up or down state of each and every
VPN tunnel and it shows corresponding error messages if either one of the tunnel is down.
6. What is Amazon Machine Image (AMI)?
Ans. A Machine Image on Amazon (AMI) contains a software configuration information like OS information, app server, and app information. We can even launch multiple instances of an AMI.
7. What is Amazon Machine Image and what is the relation between Instance and AMI?
Ans. Amazon Web Services provides several ways to access Amazon EC2, like web-based interface, AWS Command Line Interface (CLI) and Amazon Tools for Windows Powershell. First, you need to sign up for an AWS account and you can access Amazon EC2. Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.
8. Mention what are the key components of AWS?
Ans.The key components of AWS are
• Route 53: A DNS web service
• Simple E-mail Service: It allows sending e-mail using RESTFUL API call or via regular SMTP
• Identity and Access Management: It provides enhanced security and identity management for your AWS account
• Simple Storage Device or (S3): It is a storage device and the most widely used AWS service
• Elastic Compute Cloud (EC2): It provides on-demand computing resources for hosting applications. It is very useful in case of unpredictable workloads
• Elastic Block Store (EBS): It provides persistent storage volumes that attach to EC2 to allow you to persist data past the lifespan of a single EC2
• CloudWatch: To monitor AWS resources, It allows administrators to view and collect key Also, one can set a notification alarm in case of trouble.
9. What does an AMI include?
Ans.An AMI includes the following things
• A template for the root volume for the instance
• Launch permissions decide which AWS accounts can avail the AMI to launch instances
• A block device mapping that determines the volumes to attach to the instance when it is launched
10. How can you send request to Amazon S3?
Ans.Amazon S3 is a REST service, you can send request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.
11. Explain can you vertically scale an Amazon instance? How?
Ans. Yes, you can vertically scale on Amazon instance. For that
• Spin up a new larger instance than the one you are currently running
• Pause that instance and detach the root webs volume from the server and discard
• Then stop your live instance and detach its root volume
• Note the unique device ID and attach that root volume to your new server
• And start it again
12. In VPC with private and public subnets, database servers should ideally be launched into which subnet?
Ans.With private and public subnets in VPC, database servers should ideally launch into private subnets.
13. Mention what are the security best practices for Amazon EC2?
Ans.For secure Amazon EC2 best practices, follow the following steps
• Use AWS identity and access management to control access to your AWS resources
• Restrict access by allowing only trusted hosts or networks to access ports on your instance
• Review the rules in your security groups regularly
• Only open up permissions that your require
• Disable password-based login, for instance, launched from your AMI
14. While connecting to your instance what are the possible connection issues one might face?
Ans.The possible connection errors one might encounter while connecting instances are
• Connection timed out
• User key not recognized by the server
• Host key not found, permission denied
• Unprotected private key file
• Server refused our key or No supported authentication method available
• Error using MindTerm on Safari Browser
• Error using Mac OS X RDP Client
15. Question 4. What Is The Way To Secure Data For Carrying In The Cloud?
Answer : One thing must be ensured that no one should seize the information in the cloud while data is moving from point one to another and also there should not be any leakage with the security key from several storerooms in the cloud. Segregation of information from additional companies’ information and then encrypting it by means of approved methods is one of the options.
16. Distinguish Between Scalability And Flexibility?
Answer : The aptitude of any scheme to enhance the tasks on hand on its present hardware resources to grip inconsistency in command is known as scalability. The capability of a scheme to augment the tasks
on hand on its present and supplementary hardware property is recognized as flexibility, hence enabling the industry to convene command devoid of putting in the infrastructure at all. AWS has several configuration management solutions for AWS scalability, flexibility, availability and management.
17 Name The Various Layers Of The Cloud Architecture?
Answer :
There are 5 layers and are listed below
o CC- Cluster Controller
o SC- Storage Controller
o CLC- Cloud Controller
o Walrus
o NC- Node Controller
18. What Are The Different Types Of Events Triggered By Amazon Cloud Front?
Answer : Different types of events triggered by Amazon CloudFront are as
follows:
Viewer Request: When an end user or a client program makes an HTTP/HTTPS request to CloudFront, this event is triggered at the Edge
Location closer to the end user. Viewer Response: When a CloudFront server is ready to respond to a
request, this event is triggered. Origin Request: When CloudFront server does not have the
requested object in its cache, the request is forwarded to Origin server. At this time this event is triggered.
Origin Response: When CloudFront server at an Edge location receives the response from Origin server, this event is triggered.
19. Which Automation Gears Can Help With Spinup Services?
Answer : The API tools can be used for spinup services and also for the written scripts. Those scripts could be coded in Perl, bash or other languages of your preference. There is one more option that is patterned
administration and stipulating tools such as a dummy or improved descendant. A tool called Scalr can also be used and finally we can go with a controlled explanation like a Rightscale.
20. Explain Elastic Block Storage? What Type Of Performance Can You Expect? How Do You Back It Up? How Do You Improve Performance?
Answer : EBS is a virtualized SAN or storage area network. That means it is RAID storage to start with, so it’s redundant and fault tolerant. If disks die in that RAID you don’t lose data. Great! It is also virtualized, so you can provision and allocate storage, and attach it to your server with various API calls. No calling the storage expert and asking him or her to run specialized commands from the hardware vendor. Performance on EBS can exhibit variability. That is, it can go above the SLA performance level, then drop below it. The SLA provides you with an average disk I/O rate you can expect. This can frustrate some folks, especially performance experts who expect reliable and consistent disk throughout on a server. Traditional physically hosted servers behave that way. Virtual AWS instances do not. Backup EBS volumes by using the snapshot facility via API call or via a GUI interface like elasticfox.Improve performance by using Linux software raid and striping across four volumes.
21. What Automation Tools Can I Use To Spin Up Servers?
Answer : The most obvious way is to roll-your-own scripts, and use the AWSAPI tools. Such scripts could be written in bash, Perl or another language or your choice. The next option is to use a configuration management and provisioning tools like puppet or better it’s successor Opscode Chef.You might also look towards a tool like Scalr. Lastly, you can go with a managed solution such as Rightscale.
22. What Is Configuration Management? Why Would I Want To Use It With Cloud Provisioning Of Resources?
Answer : Configuration management has been around for a long time in web operations and systems administration. Yet the cultural popularity of it has been limited. Most systems administrators configure machines as software was developed before version control – that is manually making changes on servers. Each server can then and usually is slightly different. Troubleshooting though, is straightforward as you login to the box and operate on it directly. Configuration management brings a large automation tool in the picture, managing servers like strings of a puppet. This forces standardization, best practices, and reproducibility as all configs are versioned and managed. It also introduces a new way of working which is the biggest hurdle to its adoption. Enter the cloud, then configuration management becomes even more critical.That’s because virtual servers such as amazons EC2 instances are much less reliable than physical ones.You absolutely need a mechanism to rebuild them as-is at any moment.This pushes best practices like automation, reproducibility and disaster recovery into center stage.
23. Explain How You Would Simulate Perimeter Security Using The Amazon Web Services Model?
Answer : Traditional perimeter security that we’re already familiar with using firewalls and so forth is not supported in the Amazon EC2 world. AWS supports security groups.One can create a security group for a jump box with ssh access – only port 22 open.From there a webserver group and database group are created.The webserver group allows 80 and 443 from the world, but port 22 *only* from the jump box group.Further the database group allows port 3306 from the webserver group and port 22 from the jump box group.Add any machines to the webserver group and they can all hit the database. No one from the world can, and no one can directly ssh to any of
your boxe.
24. How To Use Amazon Sqs?
Answer : Amazon SQS (Simple Queue Service) is a message passing mechanism that is used for communication between different connectors that are connected with each other. It also acts as a communicator between various components of Amazon. It keeps all the different functionalcomponents together. This functionality helps different components to be loosely coupled, and provide an architecture that is more failure resilient system.
25. I have some private servers on my premises, also I have distributed some of my workload on the public cloud, what is this architecture called?
A. Virtual Private Network
B. Private Cloud
C. Virtual Private Cloud
D. Hybrid Cloud
Answer D.
Explanation: This type of architecture would be a hybrid cloud. Why?
Because we are using both, the public cloud, and your on premises servers i.e the private cloud. To make this hybrid architecture easy to use, wouldn’t it be better if your private and public cloud were all on the same network(virtually). This is established by including your public cloud servers in a virtual private cloud, and connecting this virtual cloud with your on premise servers using a VPN(Virtual Private Network).
26. What does the following command do with respect to the Amazon EC2 security groups?
ec2-create-group CreateSecurityGroup
A. Groups the user created security groups into a new group for easy access.
B. Creates a new security group for use with your account.
C. Creates a new group inside the security group.
D. Creates a new rule inside the security group.
Answer B.
Explanation: A Security group is just like a firewall, it controls the traffic in and out of your instance. In AWS terms, the inbound and outbound traffic. The command mentioned is pretty straight forward, it says create security group, and does the same. Moving along, once your security group is created, you can add different rules in it. For example, you have an RDS instance, to access it, you have to add the public IP address of the machine from which you want access the instance in its security group.
3. You have a video trans-coding application. The videos are processed according to a queue. If the processing of a video is interrupted in one instance, it is resumed in another instance. Currently there is a huge back-log of videos which needs to be processed, for this you need to add more instances, but you need these instances only until your backlog is reduced. Which of these would be an efficient way to do it? You should be using an On Demand instance for the same. Why? First of all, the workload has to be processed now, meaning it is urgent, secondly you don’t need them once your backlog is cleared, therefore Reserved Instance is out of the picture, and since the work is urgent, you cannot stop the work on your instance just because the spot price spiked, therefore Spot Instances shall also not be used. Hence On-Demand instances shall be the right choice in this case.
4. You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost effective way.
27. Which of the following will meet your requirements?
A. Spot Instances
B. Reserved instances
C. Dedicated instances
D. On-Demand instances
Answer: A
Explanation: Since the work we are addressing here is not continuous, a reserved instance shall be idle at times, same goes with On Demand instances. Also it does not make sense to launch an On Demand instance whenever work comes up, since it is expensive. Hence Spot Instances will be the right fit because of their low rates and no long term commitments.
28. How is stopping and terminating an instance different from each other?
Answer: Starting, stopping and terminating are the three states in an EC2
instance, let’s discuss them in detail:
• Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
• Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s deleteOnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.
29. If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?
A. Dedicated
B. Isolated
C. One
D. Reserved
Answer A.
Explanation: The Instance tenancy attribute should be set to Dedicated Instance. The rest of the values are invalid.
30.. When will you incur costs with an Elastic IP address (EIP)?
A. When an EIP is allocated.
B. When it is allocated and associated with a running instance.
C. When it is allocated and associated with a stopped instance.
D. Costs are incurred regardless of whether the EIP is associated with a running instance.
Answer C.
Explanation: You are not charged, if only one Elastic IP address is attached with your running instance. But you do get charged in the
following conditions:
• When you use more than one Elastic IPs with your instance.
• When your Elastic IP is attached to a stopped instance.
• When your Elastic IP is not attached to any instance.
31. How is a Spot instance different from an On-Demand instance or Reserved Instance?
Ans. First of all, let’s understand that Spot Instance, On-Demand instance and Reserved Instances are all models for pricing. Moving along, spot instances provide the ability for customers to purchase compute capacity with no upfront commitment, at hourly rates usually lower than the On- Demand rate in each region. Spot instances are just like bidding, thebidding price is called Spot Price. The Spot Price fluctuates based on
supply and demand for instances, but customers will never pay more than the maximum price they have specified. If the Spot Price moves higher than a customer’s maximum price, the customer’s EC2 instance will be shut down automatically. But the reverse is not true, if the Spot prices come down again, your EC2 instance will not be launched automatically, one has to do that manually. In Spot and On demand instance, there is no commitment for the duration from the user side, however in reserved instances one has to stick to the time period that he has chosen.
32.. Are the Reserved Instances available for Multi-AZ Deployments?
A. Multi-AZ Deployments are only available for Cluster Compute instances types
B. Available for all instance types
C. Only available for M3 instance types
D. D. Not Available for Reserved Instances
Answer B.
Explanation: Reserved Instances is a pricing model, which is available for all instance types in EC2.
33. How to use the processor state control feature available on the c4.8xlarge instance?
Answer. The processor state control consists of 2 states:
• The C state – Sleep state varying from c0 to c6. C6 being the deepest sleep state for a processor
• The P state – Performance state p0 being the highest and p15 being the lowest possible frequency.
Now, why the C state and P state. Processors have cores, these cores need thermal headroom to boost their performance. Now since all the cores are on the processor the temperature should be kept at an optimal state so that all the cores can perform at the highest performance. Now how will these states help in that? If a core is put into sleep state it will reduce the overall temperature of the processor and hence othercores can perform better. Now the same can be synchronized with other cores, so that the processor can boost as many cores it can by timely
putting other cores to sleep, and thus get an overall performance boost. Concluding, the C and P state can be customized in some EC2 instances like the c4.8xlarge instance and thus you can customize the processor
according to your workload. How to do it? You can refer this tutorial for the same.
34. What kind of network performance parameters can you expect when you launch instances in cluster placement group?
Ans. The network performance depends on the instance type and network performance specification, if launched in a placement group you can expect up to
• 10 Gbps in a single-flow,
• 20 Gbps in multiflow i.e full duplex
• Network traffic outside the placement group will be limited to 5 Gbps(full duplex).
35. To deploy a 4 node cluster of Hadoop in AWS which instance type can be used?
Ans. First let’s understand what actually happens in a Hadoop cluster, the Hadoop cluster follows a master slave concept. The master machine processes all the data, slave machines store the data and act as data
nodes. Since all the storage happens at the slave, a higher capacity hard disk would be recommended and since master does all the processing, a higher RAM and a much better CPU is required. Therefore, you can select
the configuration of your machine depending on your workload. For e.g. – In this case c4.8xlarge will be preferred for master machine whereas for slave machine we can select i2.large instance. If you don’t want to deal
with configuring your instance and installing hadoop cluster manually, you can straight away launch an Amazon EMR (Elastic Map Reduce) instance which automatically configures the servers for you. You dump your data to be processed in S3, EMR picks it from there, processes it, and dumps it back into S3.
36 . Where do you think an AMI fits, when you are designing an architecture for a solution?
Ans. AMIs(Amazon Machine Images) are like templates of virtual machines and an instance is derived from an AMI. AWS offers pre-baked AMIs which you can choose while you are launching an instance, some AMIs are not free, therefore can be bought from the AWS Marketplace. You can also choose to create your own custom AMI which would help you save space on AWS. For example if you don’t need a set of software on your installation, you can customize your AMI to do that. This makes it cost efficient, since you are removing the unwanted things.