1) Which AWS storage is used for long term data storage and archival? How sensitive information can be securely stored in this service?
Glacier is the long term archival storage used for data backup and archival on cost efficient basis. AWS glacier is a longterm data archival solution. Amazon Glacier is an extremely low-cost storage service that provides service as low as $0.004 per gigabyte per month also keeping it secure, durable, and flexible storage for data backup and archival. Glacier vault lock can be used to store information that are compliance sensitive and needs to be stored securely. In glacier with vault lock feature the regulatory and compliance data can be stored in immutable format as this data is write once read many called WORM format. Technically information stored in glacier is 99.99% durable. This is possible by storing data in multiple facility and multiple devices within each facility. In addition to all the advantages mentioned above this is least expensive option to store data meeting the requirements
2) Can AWS glacier be used for CDN?
Nope. AWS is long term archival and backup solution and this is not CDN from AWS
3) Is there a restriction on DNS naming convention on this amazon S3 bucket name in US regions?
All bucket names comply with DNS naming conventions. These conventions are enforced in all regions except for the US East (North Virginia) region
4) Give details on reselling reserved instances in a EC2 environment :-
Reserved instances is the term given to the discount package that comes as part of general EC2 instance saving discount option. This discount can be availed by paying all upfront, partial upfront , no upfront cost. This reserves computing capacity for an EC2 instance from 1 year or 3 years. There is an option to resell the reserved instances in case of migration of EC2 instance to different availability zone, unexpected project termination, project completion before anticipated date. This will help you save money
5) Give details on amazon S3 bucket versioning :-
We can enable S3 versioning that retained older version of missing files in AWS. In S3 bucket once we enable versioning it is like retaining many copies of same file. It is true that versioning will consume space but can be a savior in times of critical projects. In S3 versioning once enabled can’t be disabled. Only buckets can be copied and original buckets can be deleted. We need to copy the existing bucket to new bucket without versioning
6) What is the use of copy-image command?
The command copy-image is used to copy an AMI from a specified source region to the current region. During copy we need to specify the destination region by using its endpoint when making the request
7) What is the use of amazon resource name ARN’s?
Amazon Resource Names called as ARN’s uniquely identify AWS resources. An ARN is required when we need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service tags, and API calls
8) What are the relational and non-relational databases included in amazon RDS services?
AWS Relational database service RDS includes relational database services like oracle, mysql, sql server, DynamoDB is the non-relational NoSQL database
9) You have created a new security group. Does this allow all outbound traffic by default?
Yes, it does. By default, a security group includes an outbound rule that allows all outbound traffic
10) In AWS RDS environment MySQL installations default to what port number?
In a typical mysql implementation 3306 is the default port. This should be secured safe and should not be accessible by untrusted hosts
11) What is the advantage of using SWF instead of SQS in an order processing workflow in an ecommerce project?
An SWF workflow action is executed only once and hence the order processing needs to be using SWF instead of SQS to make sure the order processing does not repeat multiple times
12) Is an AWS platform certified to use PCI DSS Level 1 ?
The Payment Card Industry Data Security Standard (also known as PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.AWS has been PCI DSS Certified since 2010. As of July 11, 2016, an external Qualified Security Assessor Company (QSAC), Coalfire Systems Inc. has validated that Amazon Web Services (AWS) successfully completed PCI Data Security Standards 3.2 Level 1 Service Provider assessment and were found to be compliant for all the services outlined below.
Service provider levels are defined as:
Level 1: Any service provider that stores, processes and/or transmits over 300,000 transactions annually
Level 2: Any service provider that stores, processes and/or transmits less than 300,000 transactions annually
13) What kind of storage is amazon S3?
Amazon S3 is an object based storage. In simple terms an amazon S3 creates buckets and the information is stored in buckets as objects
14) You are moving data from amazon S3 to EC2 in the same region. How much do you need to pay for this?
We dont need to pay any money as there is no cost associated with moving data from S3 to EC2 in the same region
15) For denying root access to EC2 instances can you make use of IAM policies that utilizes least privilege concept to restrict access via role assignment?
Root user is the super user in the system and has access to entire system including all of its resources and services. This can’t be restricted using IAM policies
16) How will you protect a bastion host ?
A bastion host sits in a public subnet serving as secure gateway to SSH onto instance via private subnet
17) Which AWS S3 solution will you recommend to store non-critical and reproducible data that needs to be stored with cost efficiency?
S3 reduced redundancy storage RRS can be used for cost efficient purpose
18) Whish AWS service is ideal for BI tools and datawarehousing?
Redshift is datawarehouse, BI, big data solution from AWS
19) Which amazon S3 resource stores data as objects?
While we start using amazon S3 to store files the first thing to do would be to creates AWS S3 buckets. This is the resource used to store data in the form of objects. In plain terms, once you upload your simple notepad file onto S3 it is stored in AWS s3 bucket as bucket object
20) When a file of size 20GB is uploaded the error message: “Your proposed upload exceeds the maximum allowed object size.” is returned. What solution to this problem does AWS recommend?
In AWS S3 Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object’s data. We need to design our application to use the Multipart Upload API for all objects
21) Your environment has set of terminated instances. You have issued reboot-instances command. Should you be bothered about restart of terminated instances?
No need. Requests to reboot terminated instances are ignored while making use of reboot-instances command
22) What is the strategy to control access to your Amazon EC2 instances?
This is accomplished using EC2 Security Groups
23) You have launched a data collection campaign that is to last for five days. Which AWS EC2 purchase option best suits your needs?
On-demand instances allow us to pay for compute capacity on hourly basis with an option to increase or decrease compute capacity and pay hourly rate for instance used
24) Is AWS redshift used to store bigdata by major companies?
Major industries including media, healthcare, finance, pharmaceutical, entertainment make use of S3 for scaling the systems that support big data, analytics, transcoding, and archive applications. Amazon redshift is datawarehouse solution and should not be confused with storing of big data
25) You have been asked to map amazon EBS to an amazon EC2 for AWS CloudFormation resources. What is used for reference?
Reference the logical IDs of both EC2 and EBS. While creating CloudFormation template JSON needs to be built with all required attributes. These attributes are logical Id’s of EBS storage columns and EC2 instances. AWS cloudformation template created a JSON file with Resources section that declares the AWS resources to include in stack including EC2, block store that can be amazon S3 bucket, EBS etc. Resources of same type can be declared together. All resources must be declared separately. The logical ID is alphanumeric and unique within the template
26) What is the availability percentage supported by AWS S3?
AWS S3 achieves 99.999999999% durability utilizing redundant storage of data across multiple facilities and multiple devices
27) What is the use of AWS load balancer component?
The load balancer component of ELB monitors the traffic and handle the requests that come in through the Internet. Load balancer component is for traffic monitoring, controller service component of ELB deals with monitoring and managing load balancers
28) How will you integrate AWS IAM with on-premises LDAP?
SAML can be used for on-premise LDAP integration as well as federated SSO implementation. Use SAML Security Assertion Markup Language to enable single sign-on between AWS and LDAP
29) You have been tasked with identifying an appropriate storage solution for a 500GB database that requires random I/O reads of greater than 130000 4kB IOPS. Which EC2 option will meet this requirement?
The I2 Instance Type offers High I/O Performance Via SSD the solid state devices that offers fastest access of data. Make use of I2 series with scheduled backup
30) What is the maximum number of simple workflow aka SWF domains allowed in a typical AWS account?
Amazon simple workflow service offers an option to maintain total of 100 registered domains that can be both registered and deprecated
31) IS root user same as power user?
No. They are different users with different set of privileges. root is the superuser with supreme privileges
32) What causes the error in an AWS environment – you are not subscribed to this service?
Your AWS account might have expired. Check the sale receipt and subscribe back to get access
33) As part of our hadoop project in AWS cloud you are looking for a web interface to manage the Hive metastore. Which tool can be used?
Hadoop user experience aka HUE can be used for this purpose
34) Which AWS service will you make use of to co-ordinate tasks across distributed application components?
Make use of amazon simple workflow AWS SWF to co-ordinate tasks across distributed application components
35) Is it possible to copy amazon machine image across regions?
Yes, it is possible. It is possible to copy AMI within as well as across AWS region. This is possible using AWS management console, AWS CLI or SDKs
36) How will you boot this HVM AMI?
Boot HVM amazon machine image by executing the master boot record of the root block device of the image
37) Does amazon S3 buckets in usa regions alone provide eventual consistency for overwrite PUTS and DELETES?
This is partially true. As per Amazon S3 documentation eventual consistency for overwrite PUTS and DELETES is available in all regions
38) When deploying databases on your EC2 instances what is AWS recommendation for better performance?
In general SSD the solid state devices are the fastest and are utilized in high throughput environment like SAP, highly transactional environments like OLTP. This is preferred option over magnetic storage devices
39) Give details on naked domain names :-
Domain name without www the world wide web extension is a naked domain. Naked domain is also called zone apex records
40) You are making use of amazon elastic search for your analytics project. How can you achieve high availability?
High availability can be achieved using Zone awareness
41) How will you enable multifactor authentication in an AWS environment?
For multifactor authentication make use of IAM
42) Give some facts about IAM :-
Every user you create in the IAM systems starts with No Permissions. IAM can be used to enable multifactor authentication in an AWS environment
43) What will the the permission of the users that you create in IAM systems are going to start with?
It starts with no permissions
44) What is Amazon CloudFront request handling capacity?
Amazon CloudFront can handle data transfer requests at the rate 1000 requests per second
45) What is DMS? What is its use in an AWS environment?
The data migration service is a GUI from amazon that supports migration of current databases onto AWS cloud Aurora database. Interestingly feasibility , problems that could be encountered during migration including packages, objects that could be impacted post-upgrade will be listed while making use of DMS. This tool is used for migration of databases
46) What is the maximum visibility timeout in amazon simple queue service SQS?
Maximum visibility timeout for amazon SQS message is 12 hours
47) What does ICMP protocol translate to?
ICMP translates to Internet Control Message Protocol
48) You have to enable the Virtual multi-factor authentication. Which AWS cloud service will you make use of for this purpose?
For enabling virtual multi-factor authentication in an AWS environment Identity and access management the IAM service is to be used
49) How will you monitor CPU utilization of an EC2 resource in AWS environment?
Make use of AWS cloudwatch for monitoring EC2 resource utilization including CPU, memory
50) Does RDS AWS service have access to operating system ?
Nope. Services like EC2, opsworks, EMR does have access to underlying operating system not RDS
1) Which AWS storage is used for long term data storage and archival? How sensitive information can be securely stored in this service?