AWS Interview Questions

1. I have some private servers on my premises, also I have distributed some of my workload on the public cloud, what is this architecture called?

1. Virtual Private Network
2. Private Cloud
3. Virtual Private Cloud
4. Hybrid Cloud

Answer 4.

Explanation: This type of architecture would be a hybrid cloud. Why? Because we are using both, the public cloud, and your on premises servers i.e the private cloud. To make this hybrid architecture easy to use, wouldn’t it be better if your private and public cloud were all on the same network(virtually). This is established by including your public cloud servers in a virtual private cloud, and connecting this virtual cloud with your on premise servers using a VPN(Virtual Private Network).

2. What does the following command do with respect to the Amazon EC2 security groups?

ec2-create-group CreateSecurityGroup

1. Groups the user created security groups into a new group for easy access.
2. Creates a new security group for use with your account.
3. Creates a new group inside the security group.
4. Creates a new rule inside the security group.

Answer 2.

Explanation: A Security group is just like a firewall, it controls the traffic in and out of your instance. In AWS terms, the inbound and outbound traffic. The command mentioned is pretty straight forward, it says create security group, and does the same. Moving along, once your security group is created, you can add different rules in it. For example, you have an RDS instance, to access it, you have to add the public IP address of the machine from which you want access the instance  in its security group.

3. You have a video trans-coding application. The videos are processed according to a queue. If the processing of a video is interrupted in one instance, it is resumed in another instance. Currently there is a huge back-log of videos which needs to be processed, for this you need to add more instances, but you need these instances only until your backlog is reduced. Which of these would be an efficient way to do it?

You should be using an On Demand instance for the same. Why? First of all, the workload has to be processed now, meaning it is urgent, secondly you don’t need them once your backlog is cleared, therefore Reserved Instance is out of the picture, and since the work is urgent, you cannot stop the work on your instance just because the spot price spiked, therefore Spot Instances shall also not be used. Hence On-Demand instances shall be the right choice in this case.

4. You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost effective way.

Which of the following will meet your requirements?

1. Spot Instances
2. Reserved instances
3. Dedicated instances
4. On-Demand instances

Answer: 1

Explanation: Since the work we are addressing here is not continuous, a reserved instance shall be idle at times, same goes with On Demand instances. Also it does not make sense to launch an On Demand instance whenever work comes up, since it is expensive. Hence Spot Instances will be the right fit because of their low rates and no long term commitments.

5. How is stopping and terminating an instance different from each other?

Starting, stopping and terminating are the three states in an EC2 instance, let’s discuss them in detail:

Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.

Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s deleteOnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.

6. If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?

1. Dedicated
2. Isolated
3. One
4. Reserved

Answer 1.

Explanation: The Instance tenancy attribute should be set to Dedicated Instance. The rest of the values are invalid.

7. When will you incur costs with an Elastic IP address (EIP)?

1. When an EIP is allocated.
2. When it is allocated and associated with a running instance.
3. When it is allocated and associated with a stopped instance.
4. Costs are incurred regardless of whether the EIP is associated with a running instance.

Answer 3.

Explanation: You are not charged, if only one Elastic IP address is attached with your running instance. But you do get charged in the following conditions:

When you use more than one Elastic IPs with your instance.

When your Elastic IP is attached to a stopped instance.

When your Elastic IP is not attached to any instance.

8. How is a Spot instance different from an On-Demand instance or Reserved Instance?

First of all, let’s understand that Spot Instance, On-Demand instance and Reserved Instances are all models for pricing. Moving along, spot instances provide the ability for customers to purchase compute capacity with no upfront commitment, at hourly rates usually lower than the On-Demand rate in each region. Spot instances are just like bidding, the bidding price is called Spot Price. The Spot Price fluctuates based on supply and demand for instances, but customers will never pay more than the maximum price they have specified. If the Spot Price moves higher than a customer’s maximum price, the customer’s EC2 instance will be shut down automatically. But the reverse is not true, if the Spot prices come down again, your EC2 instance will not be launched automatically, one has to do that manually.  In Spot and On demand instance, there is no commitment for the duration from the user side, however in reserved instances one has to stick to the time period that he has chosen.

9. Are the Reserved Instances available for Multi-AZ Deployments?

1. Multi-AZ Deployments are only available for Cluster Compute instances types
2. Available for all instance types
3. Only available for M3 instance types
4. D. Not Available for Reserved Instances

Answer 2.

Explanation: Reserved Instances is a pricing model, which is available for all instance types in EC2.

10. How to use the processor state control feature available on the  c4.8xlarge instance?

The processor state control consists of 2 states:

The C state – Sleep state varying from c0 to c6. C6 being the deepest sleep state for a processor

The P state – Performance state p0 being the highest and p15 being the lowest possible frequency.

Now, why the C state and P state. Processors have cores, these cores need thermal headroom to boost their performance. Now since all the cores are on the processor the temperature should be kept at an optimal state so that all the cores can perform at the highest performance.

Now how will these states help in that? If a core is put into sleep state it will reduce the overall temperature of the processor and hence other cores can perform better. Now the same can be  synchronized with other cores, so that the processor can boost as many cores it can by timely putting other cores to sleep, and thus get an overall performance boost.

Concluding, the C and P state can be customized in some EC2 instances like the c4.8xlarge instance and thus you can customize the processor according to your workload.

11. What kind of network performance parameters can you expect when you launch instances in cluster placement group?

The network performance depends on the instance type and network performance specification, if launched in a placement group you can expect up to

10 Gbps in a single-flow,

20 Gbps in multiflow i.e full duplex

Network traffic outside the placement group will be limited to 5 Gbps(full duplex).

12. To deploy a 4 node cluster of Hadoop in AWS which instance type can be used?

First let’s understand what actually happens in a Hadoop cluster, the Hadoop cluster follows a master slave concept. The master machine processes all the data, slave machines store the data and act as data nodes. Since all the storage happens at the slave, a higher capacity hard disk would be recommended and since master does all the processing, a higher RAM and a much better CPU is required. Therefore, you can select the configuration of your machine depending on your workload. For e.g. – In this case c4.8xlarge will be preferred for master machine whereas for slave machine we can select i2.large instance. If you don’t want to deal with configuring your instance and installing hadoop cluster manually, you can straight away launch an Amazon EMR (Elastic Map Reduce) instance which automatically configures the servers for you. You dump your data to be processed in S3, EMR picks it from there, processes it, and dumps it back into S3.

13. Where do you think an AMI fits, when you are designing an architecture for a solution?

AMIs(Amazon Machine Images) are like templates of virtual machines and an instance is derived from an AMI. AWS offers pre-baked AMIs which you can choose while you are launching an instance, some AMIs are not free, therefore can be bought from the AWS Marketplace. You can also choose to create your own custom AMI which would help you save space on AWS. For example if you don’t need a set of software on your installation, you can customize your AMI to do that. This makes it cost efficient, since you are removing the unwanted things.

14. Is one Elastic IP address enough for every instance that I have running?

Depends! Every instance comes with its own private and public address. The private address is associated exclusively with the instance and is returned  to Amazon EC2 only when it is stopped or terminated. Similarly, the public address is associated exclusively with the instance until it is stopped or terminated. However, this can be replaced by the Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it. But what if you are hosting multiple websites on your EC2 server, in that case you may require more than one Elastic IP address.

15. What are the best practices for Security in Amazon EC2?

There are several best practices to secure Amazon EC2. A few of them are given below:

Use AWS Identity and Access Management (IAM) to control access to your AWS resources.

Restrict access by only allowing trusted hosts or networks to access ports on your instance.

Review the rules in your security groups regularly, and ensure that you apply the principle of least

Privilege – only open up permissions that you require.

Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

More about AWS:

• AWS Interview Questions
• Best AWS Course Training Institute in Marathahalli, Bangalore-SDLC