Sunday, 28 November 2021

Top 20 Oracle Access Manager Interview Questions and Answers

  

Oracle Access Manager (Access Manager) is the key capability for Web Single Sign-on (SSO), authentication, authorisation, centralised policy administration and agent management, real-time session management, and auditing in the new Oracle Access Management platform. Access Manager is a 100% Java solution that is incredibly scalable, allowing it to manage Internet-scale installations. It also works with heterogeneous environments that already exist, with agents certified for hundreds of web and application servers. Access Manager increases security, improves user experience and productivity, and improves compliance while lowering total cost of ownership by providing broad capabilities, scalability, and high availability.

  Oracle SQL Interview Questions and Answers

Ques: 1). What are the different security modes available in Oracle Access Manager?

Answer: 

Open: Allows communication without encryption. There is no authentication or encryption between the AccessGate and the Access Server in Open mode. The AccessGate does not need the Access Server to provide proof of identification, and the Access Server accepts connections from all AccessGates. Similarly, Identity Server does not require WebPass to provide confirmation of identity.

Simple: Oracle encryption is supported. TLS v1 is used to secure communications between Web clients in Simple mode (WebPass and Identity Server, Policy Manager and WebPass, and Access Server and WebGate). Oracle Access Manager components only use X.509 digital certificates in both Simple and Cert modes. The standard cert-decode plug-in decodes the certificate and delivers certificate information to the standard credential mapping authentication plug-in in Cert Authentication between WebGates and the Access Server. Oracle Access Manager saves the associated private key for each public key in the aaa key.pem file for the Access Server (or ois key.pem for the Identity Server).

Cert: A third-party certificate is required. If you have an internal Certificate Authority (CA) for processing server certificates, use Cert (SSL) mode. Communication between WebGate and Access Server, as well as between Identity Server and WebPass, is encrypted in Cert mode utilising Transport Layer Security (RFC 2246). (TLS v1).

BlockChain Interview Question and Answers

Ques: 2). What Is Oracle Access Manager's Architecture?

Answer: 

Identity Server, WebPass, Policy Manager, Access Server, and a WebGate are the primary components of the Oracle Access Manager architecture. Identity Server is a stand-alone C++ server that connects to LDAP directly.

It also receives requests from Webpass and responds to them. WebPass is a web server plugin that allows information to be passed between the identity server and the web server. It sends Identity XML SOAP requests to Identity Server and redirects HTTP requests from the browser to Access Server.

A web server plugin called Policy Manager (PMP or PAP) interfaces directly with user, configuration, and policy repositories. Access Server, commonly known as PDP, is a stand-alone C++ server. It receives requests from WebGates/AccessGates and responds to them.

It also uses LDAP for communication. It responds to queries from the Access Server SDK. WebGate (PEP) is a web server plugin that communicates with the access server. It passes user authentication data to access server for processing.

 

Ques: 3). In Oracle Access Manager, what is the Iwa mechanism?

Answer: 

The OAM offers a feature that allows Microsoft Internet Explorer users to authenticate to their Web packages using their computing device credentials on a regular basis. Windows Native Authentication is the term for this. The user logs in to the computer, and the Windows Domain Administrator authentication mechanism is used to complete the local authentication.

The user launches an Internet Explorer (IE) browser and asks a Web assist from the Access System.

The browser notifies the IIS Web server about the neighbourhood authentication and sends a token.

The token is used by the IIS Web server to authenticate the user and to set the REMOTE USER HTTP header variable, which indicates the customer name provided by the customer and authenticated by the server.

The WebGate creates an ObSSOCookie and sends it lower back to the browser.

The Access System authorization and different techniques proceed as usual.

The maximum session timeout length configured for the WebGate is applicable to the generated ObSSOCookie.

 

Ques: 4). What Is An Access Server Sdk?

Answer :

The Access Manager Software Developer's Kit (SDK) allows you to extend the Access System's access management features. You can use this SDK to construct a customised AccessGate. The Access Manager SDK provides an environment in which you can establish an AccessGate by creating a dynamic link library or a shared object. You'll also need configureAccessGate.exe to make sure your client is working properly.

 

Ques: 5).  What Is Policy Manager Api?

Answer :

The Policy Manager API provides an interface that allows custom applications to establish and edit Access System policy domains and their contents using the Access Server's authentication, authorization, and auditing capabilities.

 

Ques: 6). Name some new features of OAM11gR2?

Answer: 

Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.

Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.

Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.

Delegated Administration -- The ability to select users who can administer their own application domains.

Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.

Session Management -- Ability to set idle session timeout's at the application domain level

 

Ques: 7). What is IIS?

Answer: 

Internet Information Services (IIS, formerly Internet Information Server) is a Microsoft extensible web server designed for use with the Windows NT family of operating systems. [2] HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP are all supported by IIS. Since Windows NT 4.0, it has been a fundamental element of the Windows NT family, albeit it may be missing from other editions (e.g. Windows XP Home edition). When Windows is installed, IIS is not enabled by default. The IIS Manager can be accessed through the Control Panel's Microsoft Management Console or Administrative Tools.

  

Ques: 8). What is the meaning of an Oracle Access Manager Basic License?

Answer: 

The Oracle Access Manager (OAM) Basic licence was intended to support Oracle AS Single Sign-On (OSSO) customers who purchased the Oracle iAS Suite or other Oracle E-Business Suite products. Customers who have valid Oracle Single Sign-On (OSSO) licences can swap them for an equivalent number of Access Manager licences under the OAM Basic licence, with some restrictions. Access Manager must employ Oracle infrastructure components due to the constraints; this was also a requirement for OSSO. The LDAP directory, for example, must be Oracle Internet Directory or Oracle Virtual Directory, and only Oracle application resources can be protected. Customers who want to remove the restrictions must acquire the complete Access Manager licence.

 

Ques: 9). What is Oracle Webgate, and how does it work?

Answer: 

Oracle WebGate is a Web server plug-in that comes with Oracle Access Manager out of the box. Users' HTTP requests for Web resources are intercepted by the WebGate and forwarded to the Access Server for authentication and permission.

 

Ques: 10). 11g Access Manager Oracle HTTP Server 11g and IBM HTTP Server 7.0 support WebGates, but I prefer Apache Web Servers. If I want to use Access Manager 11g, what should I do?

Answer: 

Oracle Access Manager 10g WebGates can communicate with Access Manager 11g servers. Oracle Access Manager 10g WebGates have a wide range of web server certifications, including Apache, Domino, Microsoft IIS, and many others. With thousands of applications, I have a massive Oracle Access Manager 10gR3 implementation. Do I have to transfer them all at once to the new 11gR2 platform? No. Both Oracle Access Manager 10gR3 and Oracle Access Manager 11gR2 servers can be live in production at the same time, protecting distinct sets of applications, thanks to server side coexistence in Access Manager 11gR2. End users will continue having a seamless single sign-on experience as they navigate between applications protected by the two servers. This capability can be leveraged by customers with large deployments to perform the server migration in a phased manner over a period of time without impacting end users.

 

Ques: 11). With thousands of applications, I have a massive Sun Access Manager 7.1 or Sun Access Manager 7.1 deployment. Is it necessary to migrate all of them to the new Access Manager 11gR2 platform at the same time?

Answer: 

No. Both the OpenSSO 8.0 (or Sun Access Manager 7.1) and Access Manager 11gR2 servers can be live in production at the same time safeguarding distinct sets of apps with Access Manager 11gR2. End users will continue to have a seamless single sign-on experience as they move between the two servers' protected apps. Customers with big deployments can utilise this capability to migrate servers in stages over time without affecting end users.

 

Ques: 12).What Is An Identity Xml?

Answer: 

IdentityXML provides a programmatic interface for performing the actions that a user can perform while using a browser to access a COREid application. A software can, for example, submit an IdentityXML request to find members of a group defined in the Group Manager software or to add a person to the User Manager. Simple moves and multi-step procedures can be applied to trade person, institution, and company object profiles using IdentityXML. After you've finished constructing the IdentityXML request, you'll need to put up a SOAP wrapper to send the IdentityXML request to WebPass over HTTP. XML over SOAP is used by the IdentityXML API. Using an HTTP request, we send IdentityXML parameters to the COREid Server. A SOAP envelope is included in this HTTP request. When WebPass receives an HTTP request, the SOAP envelope identifies it as an IdentityXML request rather than a standard browser request. The request is passed to the COREid Server, which executes the request and returns a response. You could also use WSDL to put together the SOAP request. This appears to be the SOAP content material: SOAP envelope (with oblix namespace described), SOAP body (with authentication information), genuine request (with software name and params). Userservcenter, groupservcenter, or objservcenter are examples of application names (for companies).

 

Ques: 13). What are Header Variables and How Do I Use Them?

Answer: 

The Header Variable contains Oracle Access Manager allows administrators to build a web of trust in which a user's credentials are confirmed once and then delivered to each application that the user uses. The programme does not need to re-authenticate the user with its own mechanism when using these credentials. Users who have been authenticated by Oracle Access Manager are able to access applications without having to re-authenticate. A user's credentials can be sent in one of two ways:

• Using Cookies: A specific value is set on the browser's cookie that the application must extract to identify a user.

• Using Header Variables: An HTTP header set on the request by the agent and visible to the application. Authorization Policy Response in the Administration Console Header response values are inserted into a request by an OAM Agent, and can only be applied on Web servers that are protected by an agent registered with OAM 11g If the policy includes a redirect URL that is hosted by a Web server not protected by OAM, header responses are not applied.

 

Ques: 14). Explain the Oam-oaam Integration Architecture and Integration.

Answer: 

Using all of these products together will provide you complete control over the authentication process and comprehensive pre-/post-authentication testing capabilities against Adaptive Risk Manager models.

Two Oracle Access Manager AccessGates are used in the OAAM's ASA-OAM integration: one for fronting the Web server (a traditional WebGate) to Adaptive Strong Authenticator and one for the embedded AccessGate. The access server SDK must be installed and configured before the AccessGate device can be used. The ASDK location will be updated in the ASA bharosa papers. An application that will use the ASA authentication mechanism and will be tested for the ASA login touchdown page.

 

Ques: 15). What Happens When A User Submits A Request That Is Protected By An Access Gate (No Longer Webgate)?

Answer: 

The following is an example of the flow:

The consumer sends a resource request to the application or servlet that has the access gate code.

The access gate code creates an ObResourceRequest shape and calls the Access server to determine whether or not the resource is protected.

The server responds to the request for entry. If the aid isn't secured, gaining access to the gate allows anyone to gain access to the resource. Otherwise, Access Gate creates an ObAuthenticationScheme shape to inquire about the credentials the user wishes to send to Access Server. The request for entry to the server is granted. To get the credentials, the programme employs a form or one of several additional methods. The AccessGate creates the ObUserSession structure, which provides the Acc Server with user information. If credentials are verified valid, get admission to gate creates a session token for the person after which sends an authorization request to the get admission to server. Access server validates if the user is authz to get right of entry to that useful resource. Access gate permits user to get entry to the asked resource.

 

Ques: 16). What exactly is SSO?

Answer: 

SSO (single sign-on) is a session/user authentication method that allows a user to access different apps with just one username and password. The procedure authenticates the user for all of the programmes to which they have been granted access and removes the need for further questions when they switch applications during a session.

Overview:

  • Provides users with unified sign-on and authentication across all their enterprise resources, including
  • desktops, client-server, custom, and host-based mainframe applications
  • Provides a centralized framework for security and compliance enforcement
  • Eliminates the need for multiple usernames and passwords
  • Helps enforce strong password and authentication policies.
  • Uses any LDAP directory, Active Directory, or any SQL database server as its user profile and credential repository

Benefits

  • Reduces deployment risk and operational costs.
  • Allows enterprises to provide fast, secure access to applications for employees and partners.
  • Eliminates the overhead and limitations of traditional desktop client deployments.
  • Seamlessly integrates with Oracle Identity Management for common security policy enforcement and compliance reporting across applications

  

Ques: 17). What is Reverse Proxy?

Answer: 

A reverse proxy gives you architectural flexibility by allowing you to expose the same application on both the intranet and the extranet without having to make any changes to the existing application. By sending all requests through the proxy, you may safeguard all Web content from a single logical component.

This is true even for platforms that Oracle Access Manager does not support. All content on these servers can be safeguarded if you have multiple types of Web servers, such as iPlanet, Apache, and others, running on different platforms, such as MacOS, Solaris x86, mainframe, and so on. A reverse proxy can be used as a workaround for unsupported Web servers, removing the requirement to develop custom AccessGates for unsupported Web servers or systems that do not support AccessGates. This creates a single management point. You can manage the security of all of the Web servers through the reverse proxy without establishing a footprint on the other Web servers.

 

Ques: 18). What is Identity Store and how does it work? Describe the many types of identity stores.

Answer: 

The term "identity store" refers to a database that contains business users and groups. Weblogic includes an inbuilt LDAP that is used as the identity store by default by fusion middleware components. External LDAP servers, such as OID, AD, and others, can be configured to serve as identity stores.

System Store - Represents the identity store which will have groups or users that will act as “Administrators” to OAM that is only members of this identity store group/user can perform admin functions via oam console.

Default Store - This will be the identity store that will be used at time of patching for migration purpose or by Oracle security token service.

 

Ques: 19). In OAM, what are Authorization Policies?

Answer: 

The process of assessing whether a user has the permission to access a requested resource is known as authorization. Administrators can establish the circumstances under which a subject or identity has access to a resource by creating one or more authorization policies. A user may seek to view data or run a policy-protected application programme. The requested resource must be part of an application domain and be covered by a specified permission policy within that domain.

 

Ques: 20). In comparison to the ECC, what are the benefits of the DCC?

Answer: 

From a security and flexibility standpoint, the DCC has several advantages. The DCC can be placed anywhere in the DMZ because it is totally detached from the Access Manager server. It also adds security by terminating all unauthenticated end user login requests at the DCC in the DMZ, isolating the server from unauthenticated network traffic.



Tuesday, 23 November 2021

Top 20 AWS Database Interview Questions & Answers

  

Ques: 1). What are your thoughts on the Amazon Database?

Answer: 

Amazon Database is an Amazon Web Services offering that includes managed databases, managed services, and NoSQL. It also comes with a fully managed petabyte-scale data warehouse and in-memory caching as a service. There are four AWS database services to choose from, and the user can use one or all of them depending on their needs. DynamoDB, RDS, RedShift, and ElastiCache are the Amazon database services.


BlockChain Interview Question and Answers


Ques: 2). What are the features of Amazon Database?

Answer: 

Following are the important features of Amazon Database:

  • Easy to administer
  • Highly scalable
  • Durable and reliable
  • Faster performance
  • Highly available
  • More secure
  • Cost-effective

 

 Ques: 3). What is a key-value store, and how does it work?

Answer: 

A key-value store is a database service that makes it easier to store, update, and query items that are identified by their keys and values. These objects are made up of keys and values that make up the actual content that is saved.

 

Ques: 4).  What Is A Data Warehouse, And How Can Amazon Redshift Help With Storage?

Answer: 

A data warehouse can be conceived of as a repository for data acquired and stored from the company's systems and other sources. As a result, a data warehouse's design is three-tiered:

The tools that clean and collect data are found on the bottom rung.

We have tools in the intermediate layer that use Online Analytical Processing Server to alter the data.

We have various tools on the top layer that execute data analysis and data mining on the front end.

Setting up and maintaining a data warehouse costs a lot of money, especially as an organization's data grows and its data storage servers need to be upgraded on a regular basis. As a result, AWS RedShift was created, allowing businesses to store their data in Amazon's cloud-based warehouses.

 

AWS RedShift Interview Questions and Answers


Ques: 5). What Is The Difference Between A Leader Node And A Compute Node?

Answer: 

The queries from the client application are received in a leader node, where they are parsed and an execution plan is created. The stages for processing these queries are created, and the outcome is returned to the client application.

The steps allocated in the leader node are completed in a compute node, and the data is transferred. After that, the result is returned to the leader node before being delivered to the client application.

 

Ques: 6). What Is Amazon ElastiCache, and How Does It Work?

Answer: 

Amazon ElastiCache is an in-memory key-value store that can handle Redis and Memcached as key-value engines. It is a fully managed and zero administration service that Amazon has hardened. You may use Amazon ElastiCache to either create a new high-performance application or upgrade an existing one. ElastiCache has a wide range of applications in gaming, healthcare, and other fields.

 

Ques: 7). What Is Amazon ElastiCache's Purpose?

Answer: 

The caching of information that is utilised repeatedly could increase the performance of online applications. Using in-memory-caching, the data may be accessed very quickly. There is no need to manage a separate caching server with ElastiCache. An open source compatible in-memory data source with high throughput and low latency can be readily deployed or run.

 

Ques: 8). When would I prefer Provisioned IOPS over Standard RDS storage?

Answer: 

Provisioned IOPS deliver high IO rates but on the other hand it is expensive as well. Batch processing workloads do not require manual intervention they enable full utilization of systems, therefore a provisioned IOPS will be preferred for batch oriented workload.

 

Ques: 9). What Oracle features are available in AWS RDS?

Answer: 

Oracle is a well-known relational database that is available through Amazon RDS with enterprise version features. Almost every Oracle functionality may be used with the RDS platform.

If no version is specified when the database is created, it defaults to the most recent version available at the moment. In a Python SDK programme, here's an example of how to access the supported DB Engine versions using the AWS API.

 

Ques: 10). What are the differences between Amazon RDS, DynamoDB, and Redshift?

Answer: 

Amazon RDS is a relational database management service that handles patching, upgrading, and data backups for you without requiring your involvement. RDS is a database management service that exclusively handles structured data.

On the other hand, DynamoDB is a NoSQL database service, which works with unstructured data.

Redshift is a data warehouse product that is utilised in data analysis and is a completely different service.

 

Ques: 11). Can I use Amazon RDS to operate many database instances for free?

Answer: 

Yes. You can operate many Single-AZ Micro database instances, and they're all free! Any use of more than 750 instance hours across all Amazon RDS Single-AZ Micro DB instances, across all qualifying database engines and locations, will be paid at normal Amazon RDS charges. For example, if you run two Single-AZ Micro DB instances for 400 hours each in a month, you'll have 800 instance hours total, with 750 hours being free. The remaining 50 hours will be charged at the usual Amazon RDS rate.

 

Ques: 12). What is Oracle Licensing and how does it work?

Answer: 

Oracle licenses can be used in RDS in two ways:

Model with a License

The license for the software you'll use is held by Amazon in this model. Also, through its support programme, AWS provides support for both AWS and Oracle products. As a result, the user does not need to purchase a separate license. The user's licensing costs are included in the platform pricing.

Bring Your Own license

In this arrangement, the user imports her license into the RDS platform. It is the user's responsibility to keep the license, database instance class, and database edition all in sync. The user directly contacts the Oracle support channel for any need. In this model the supported editions are Enterprise Edition (EE), Standard Edition (SE), Standard Edition One (SE1) and Standard Edition Two (SE2).

 

Ques: 13). If I delete my DB Instance, what happens to my backups and DB Snapshots?

Answer: 

When you delete a database instance, you have the option of creating a final database snapshot, which you can use to restore your database. After the instance is removed, RDS keeps this user-made DB snapshot together with all other manually created DB snapshots. Automated backups are also deleted, leaving just manually created DB Snapshots.

 

Ques: 14).  How can I load data into Amazon Redshift from various data sources such as Amazon RDS, Amazon DynamoDB, and Amazon EC2?

Answer: 

You have two options for loading the data:

The COPY command can be used to load data into Amazon Redshift in parallel from Amazon EMR, Amazon DynamoDB, or any SSH-enabled server.

AWS Data Pipeline is a fault-tolerant, high-performance solution for loading data from a range of AWS data sources. To load your data into Amazon Redshift, you can utilise AWS Data Pipeline to specify the data source, required data transformations, and then run a pre-written import script.

 

Ques: 15). What is an RDS instance, and how does it work?

Answer: 

The Amazon Relational Database Service (Amazon RDS) is a web service that lets you easily construct a cloud-based relational database instance. Amazon RDS administers the database instance on your behalf, including backups, failover, and database software maintenance. Read Replicas, which are RDS instances that act as copies of the source master database for handling read-requests, can be launched for read-heavy applications. A source DB instance can have up to five (5) Read Replicas attached to it. The existing RDS Instances in the selected AWS region are listed on the Instances page. The information for an existing RDS Instance are displayed when you click on it.

Fields

Name - unique name/identifier for the RDS instance.

Engine - The version of the MySQL or Oracle engine of the RDS Instance.

RDS Subnet Group - The group of RDS Subnets for the VPC.

Availability Zone - The availability zone into which the RDS Instance will be created and launched.

Multi-AZ - Indicates that the RDS Instance will be used in a multiple availability zone configuration.

Instance class - If you selected a different instance type, the existing instance will be terminated and new RDS instance will be launched.

Storage - storage size in GBs for the instance that will be allocated for storing data.

Source instance - If the instance is a Read Replica, it will list the name of the source DB instance.

Status - The status of the RDS Instance (creating, modifying, available, rebooting, deleting). An RDS Instance will only be accessible when its status is 'available'.

 

 

Ques: 16). What is Amazon Aurora and how does it work?

Answer: 

Amazon Aurora is a form of cloud-based relational database that works with MySQL and PostgreSQL. It performs five times faster than MySQL and three times faster than PostgreSQL. The performance and availability of traditional databases are combined with the simplicity and cost-effectiveness of open-source databases in this hybrid database type. Because Amazon RDS manages this database completely, operations like hardware provisioning, database setup, patching, and backups are all automated.

 

Ques: 17). Which Amazon Web Services services will you use to collect and process e-commerce data in real time for analysis?

Answer: 

For real-time analysis, I'll utilise DynamoDB to collect and handle e-commerce data. DynamoDB is a fully managed NoSQL database service for unstructured data. It can even be used to extract e-commerce information from websites. RedShift may then be used to perform analysis on the retrieved e-commerce data. Elastic MapReduce can be utilised for analysis as well, but we won't use it here because real-time analysis isn't required.

 

Ques: 18). What happens if a user deletes a dB instance? What happens to the dB snapshots and backups?

Answer: 

The user is given the option of taking a last dB snapshot when a dB instance is removed. If you do so, your information from the snapshot will be restored. When the dB instance is removed, AWS RDS preserves all of the user-made dB snapshots together with all of the other manually created dB snapshots. Automated backups are erased at the same time, but manually produced dB snapshots are kept.

 

Ques: 19). What Is A Dynamodbmapper Class And How Does It Work?

Answer: 

The DynamoDB's entry point is the mapper class. It allows users to access the endpoint and input the DynamoDB. Users can use the DynamoDB mapper class to retrieve data stored in various databases, run queries, scan them against the tables, and perform CRUD activities on the data items.

 

Ques: 20). What is the RDS interface, and how does it work?

Answer: 

To use the RDS service, Amazon provides an RDS interface. An RDS interface is required to interact with the RDS service, such as reading data, uploading data, and running other programmes.

The GUI Console, Command Line Interface, and AWS API are the three main interfaces available.

A GUI Console is the most basic interface via which users can interact with the RDS Service.

The Command Line Interface (CLI) provides you with CLI access to the service, allowing you to run DB commands and interact with it.

An AWS API is an Application Programming Interface that allows two systems to exchange data.

 


Top 20 Aws Cloudwatch interview Questions & Answers

  

Ques: 1). What Is Amazon Cloudwatch and How Does It Work?

Answer:

CloudWatch is an AWS monitoring service that keeps track of your cloud resources and the applications you run on them. CloudWatch may be used to gather and track metrics, monitor log files, and generate alarms. EC2 instances, DynamoDB tables, and RDS DB instances may all be monitored with CloudWatch.

Amazon CloudWatch is a management tool for system architects, administrators, and developers, and it is part of the Amazon Web Services family.

 

AWS RedShift Interview Questions and Answers


Ques: 2). What's the difference between CloudTrail and CloudWatch, and how do I use them?

Answer:

CloudWatch keeps track of the health and performance of AWS services and resources and generates reports on them. CloudTrail, on the other hand, keeps track of all of the activities that take place in your AWS environment.

 

Ques: 3). What platforms are compatible with CloudWatch Logs Agent?

Answer:

The CloudWatch logs agent is compatible with a wide range of operating systems and platforms. The following is a list of similar items:

  • CentOS
  • Amazon Linux
  • Ubuntu
  • Red Hat Enterprise Linux
  • Windows

 

Ques: 4). What Are Amazon Cloudwatch Logs, and What Do They Mean?

Answer:

Using your existing system, application, and custom log files, Amazon CloudWatch Logs allows you to monitor and troubleshoot your systems and applications. You may monitor your logs in near real time with CloudWatch Logs for specific phrases, values, or patterns. You could, for example, set an alarm for the amount of failures in your system logs or look at graphs of web request latency from your application logs. The original log data can then be viewed to determine the source of the problem. You don't have to worry about filling up hard discs because log data may be saved and accessed endlessly in very durable, low-cost storage.

 

Ques: 5). What Cloudwatch Access Management Policies Can I Implement?

Answer:

You can select which CloudWatch actions a user in your AWS Account can execute using CloudWatch's integration with AWS IAM. IAM cannot be used to restrict access to CloudWatch data for individual resources. You can't grant a person access to CloudWatch data for just one group of instances or a single LoadBalancer, for example. Permissions provided by IAM apply to all cloud resources used by CloudWatch. Furthermore, the Amazon CloudWatch command line tools do not support IAM roles.

 

Ques: 6). What is a CloudWatch Alarm, and how does it work?

Answer:

CloudWatch Alarms is a new feature that allows you to monitor CloudWatch metrics and receive warnings when they go outside of the levels (high or low thresholds) you designate. There can be several Alarms for each statistic, each with its own set of actions.

A CloudWatch Alarm's state is always one of three things: OK, ALARM, or INSUFFICIENT DATA. When the metric is inside the permissible range that you've set, the Monitor is in the OK condition. It enters the ALARM state when it hits a particular threshold. When the data needed to make a judgement is absent or incomplete, the monitor enters the INSUFFICIENT DATA state.

 

Ques: 7). What Is The Average Metric Retention Period?

Answer:

The following is how CloudWatch stores metric data:

For 3 hours, data points with a period of less than 60 seconds are available. These data points are bespoke measurements with a high resolution.

Data points with a period of 60 seconds (1 minute) are available for 15 days, 300 seconds (5 minutes) are available for 63 days, and 4) data points with a metric of 3600 seconds (1 hour) are available for 455 days (15 months). Data points with a shorter duration of publication are aggregated together for long-term storage.

 

Ques: 8). When should I use a custom metric instead of sending a log to Cloudwatch Logs?

Answer:

Custom metrics, CloudWatch logs, or both can be used to keep track of your data. If your data, such as OS process or performance measurements, is not already produced in log format, you may want to utilise custom metrics. You may also create your own app or script, or use one offered by an AWS partner. CloudWatch Logs can be used to store and save specific measurements as well as supplementary information.

 

Ques: 9). Is There Anything I Can Do With My Cloudwatch Logs?

Answer:

CloudWatch Logs can monitor and store logs to help you understand and operate your systems and applications better. No code modifications are necessary when using CloudWatch Logs with your logs because your existing log data is used for monitoring.

 

Ques: 10). What is Amazon CloudWatch Synthetics, and how does it work?

Answer:

You may use Amazon CloudWatch Synthetics to create canaries, which are programmable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same paths as customers and do the same actions, allowing you to validate your client experience even when there is no customer activity on your apps. Using canaries, you can notice problems before your customers do.

Synthetic monitoring is a technique for assessing a website or online service's availability, performance, and functionality by mimicking visitor queries.

 

Ques: 11). Is it possible to use regular expressions with log data?

Answer:

Regular expressions are not supported by CloudWatch Metric Filters. Consider using Amazon Kinesis and connecting the stream to a regular expression processing engine to handle your log data with regular expressions.

 

Ques: 12). Canaries in Amazon CloudWatch Synthetics are what they sound like.

Answer:

Canaries are scripts that are written in Node.js or Python. Users construct Lambda functions in your account using Node.js or Python as a framework. The HTTP and HTTPS protocols are both supported by Canaries.

 

Ques: 13). How Do I Get My Log Data Back?

Answer:

The CloudWatch Logs console or the CloudWatch Logs CLI can be used to retrieve any of your log data. The Log Group, Log Stream, and time with which the log events are related are used to obtain them.

 

Ques: 14). What Are the Different Thresholds I Can Use To Set A Cloudwatch Alarm?

Answer:

When you create an alarm, you must first select the CloudWatch statistic that it will track. The next step is to select an evaluation period and a statistical value to assess. Set a target value and choose whether the alarm will be triggered if the value is more, equal, or less than that value to create a threshold.

 

Ques: 15). What is Amazon CloudWatch ServiceLens, and how does it work?

Answer:

Amazon CloudWatch ServiceLens is a new tool that allows you to visualise and analyse the health, performance, and availability of your applications in a single location. All public AWS Regions that offer AWS-X-Ray support Amazon CloudWatch ServiceLens.

 

Ques: 16). What are CloudWatch Metric Streams, and how can I use them?

Answer:

CloudWatch Metric Streams is a feature that lets you broadcast CloudWatch metrics endlessly to a location of your choice with very little setup and administration. It's a completely managed solution that takes care of everything for you, including writing code and maintaining infrastructure. With a few clicks, users can setup a metric stream to destinations like Amazon Simple Storage Service (S3). Users might also submit the analytics to a variety of third-party service providers to keep their operational dashboards up to date.

 

Ques: 17). What Can Amazon Cloudwatch Metrics Tell Me?

Answer:

CloudWatch allows you to monitor AWS cloud resources as well as the AWS packages you use. EC2 times, EBS volumes, ELBs, Autoscaling agencies, EMR process flows, RDS DB times, DynamoDB tables, ElastiCache clusters, RedShift clusters, OpsWorks stacks, Route 53 fitness assessments, SNS topics, SQS queues, SWF workflows, and Storage Gateways are among the AWS services and products for which metrics are automatically provided. You can also view custom metrics generated by your own applications and services.

 

Ques: 18). How do I send Grafana from CloudWatch metrics?

Answer:

1. Install Grafana : Follow the steps to Install Grafana.

2. Go to AWS -> IAM -> Policies.

3. Add below JSON in policy -> Create Policy:

{

   "Version": "2021-10-23", -- current Date

   "Statement": [

       {

           "Sid": "AllowReadingMetricsFromCloudWatch",

           "Effect": "Allow",

           "Action": [

               "cloudwatch:ListMetrics",

               "cloudwatch:GetMetricStatistics",

               "cloudwatch:GetMetricData"

           ],

           "Resource": "*"

       },

       {

           "Sid": "AllowReadingTagsInstancesRegionsFromEC2",

           "Effect": "Allow",

           "Action": [

               "ec2:DescribeTags",

               "ec2:DescribeInstances",

               "ec2:DescribeRegions"

           ],

           "Resource": "*"

       }

   ]

}

4. IAM -> Roles -> Create Role -> Select AWS Service / EC2

5. Attach Permission policies

6. IAM -> Users and click Add User ->Attach existing policies -> copy Access Key ID, your Secret Key

7. EC2 -> Instances-> Select Grafana Server and click on Actions -> Instance Settings -> Attach/Replace IAM Role -> Attach your Grafana IAM Role to the instance.

8. Log in to your Grafana Server using Terminal as root user and provide Access Key ID, your Secret Key:

# vim /usr/share/grafana/.credentials

aws_access_key_id = 000000000000

aws_secret_access_key = 0000000000

region = us-west-2


# chmod 0644 .credentials

9. Grafana -> Navigate to Data Sources -> Select CloudWatch Type

10. Create Dashboard -> Select Graph -> Select Panel Title -> edit and provide namespace.


Ques: 19). Is it possible to use IAM roles with the CloudWatch logs agent?

Answer:

Yes, the CloudWatch logs agent has access to both keys and IAM roles and is capable of supporting and working with IAM.

Amazon Key Management Service (AWS KMS) is a managed service that integrates with a number of other AWS services. You can use it to create, store, and control encryption keys in your applications to encrypt your data. AWS KMS Key Management Service is a service that allows you to manage your keys on Amazon Web Services.

 

Ques: 20). How does AWS CloudWatch handle authentication and access control?

Answer:

Use IAM users or roles to control who has access.

To manage access control, use Dashboard Permissions, IAM identity-based policies, and service-linked roles.

Permissions policies define who gets access to what and when.

Policies based on an individual's identity

Policies based on resources

You can't utilise CloudWatch Amazon Resource Names (ARNs) in an IAM policy because there aren't any. When designing a policy to control access to CloudWatch actions, replace the resource with a * (asterisk).




Monday, 22 November 2021

Top 20 Aws Lambda Interview Questions & Answers

 

Ques: 1). What exactly is AWS Lambda?

Answer:

AWS Lambda is a serverless computing solution that is one of the best on the market. It enables you to run code without the need for server management or setup. When you consume data, you must pay for the computation time. When you are not running your code, there are no fees to pay. You may use Lambda to run code for any application or backend service virtually, without having to worry about management. All you have to do is upload the code, and Lambda will handle the rest. Lambda is a high-availability service that runs and scales your code. You may even set up the code to call it straight from the mobile app or the web, or from any other AWS accessible.


 BlockChain Interview Question and Answers


Ques: 2). What is the purpose of Lambda?

Answer:

If you need a rapid, one-time function that accomplishes something simple and doesn't require long-running operations or expensive calculations, and you only need it to execute for a brief amount of time, Lambda functions are ideal. They can be provided as parameters into higher-order functions, making them handy in situations when other types of code might not be suitable for the task at hand.

 

Ques: 3). What types of programmes can be run on AWS Lambda?

Answer:

AWS Lambda makes it simple to complete a variety of tasks in the cloud. AWS Lambda, for example, can be used to fetch and transform data from Amazon DynamoDB in mobile back-ends. Other tasks that may be done in the cloud with the help of AWS Lambda include handlers that alter and compress objects when they are uploaded to Amazon S3, server-less streaming data processing with Amazon Kinesis, and reporting and auditing of API calls made to any of Amazon's Web Services.

 

Ques: 4). What distinguishes Lambda as a time-saving strategy?

Answer:

This is for a variety of reasons. The first is that everything can be stored in the local server memory. Furthermore, data can be directly stored in the database without compromising performance. Additionally, testing is not very difficult. Multiple vendors can simply make integration testing more powerful.


 AWS RedShift Interview Questions and Answers


Ques: 5). What are your thoughts on Auto-Scaling?

Answer:

It's essentially an Amazon Web Services capability that allows you to automatically configure and start up new instances. The good news is that you are not required to intervene at any point. Users may, however, keep track of everything using metrics and criteria. Simply cross a threshold to activate this task, and you'll notice that the instances have scaled horizontally without any intervention.

 

Ques: 6). How can a serverless application be automated?

Answer:

An AWS CodePipeline and an AWS CodeDeploy can be used to automate the serverless application's release process. The CodePipeline is a continuous delivery service that allows for the modelling, visualisation, and automation of essential procedures, allowing for the deployment of server-less applications. For Lambda-based apps, CodeDeploy also has an automated deployment engine. It enables you to coordinate deployments using best-practice approaches such as canary and linear deployments, as well as assisting you in establishing major barriers to ensure that the newly deployed software is secure, stable, and ready for industrial usage.

 

Ques: 7). What is the best way to troubleshoot a serverless application?

Answer:

By adding X-Ray permissions to the Lambda function's role of execution and changing the function's "mode of tracing" to "active," a Lambda function can be activated for tracking with AWS X-Ray. When you enable X-ray for Lambda functions, AWS Lambda will provide tracing data to X-Ray, including information about the Lambda service used to invoke the function. This will show you the overhead of the Lambda service, the time it takes to execute a function unit, and the time it takes to execute a function. Also, the X-Ray SDK can be included in Lambda deploying the package to create one’s segments of the trace, annotate one’s marks, or view the trace segments for various downstream calls that are made from Lambda function. X-Ray SDKs are presently available for Node.js and Java. Visit the Troubleshooting applications based on Lambda to learn more. AWS X-Ray rates shall apply.

 

Ques: 8). Is there a limit on how many AWS Lambda functions may be run at the same time?

Answer:

No. AWS Lambda is built to run multiple instances of functions at the same time. AWS Lambda, on the other hand, has a safety threshold set by default for some consecutive runs for each account per region. The maximum number of times a single AWS Lambda function can be executed in a row can be adjusted, which can be used to set aside a portion of the account concurrency threshold for key functions or reduce traffic rates to downstream resources.

If you want to submit a request to extend the limit, go to the Support Centre for additional information.

 

Ques: 9). What is the definition of a server-less application?

Answer:

Lambda-based apps (also known as server-less applications) are built up of functions that are triggered by different events. One or more of these methods are triggered by events such as object upload to Amazon S3, Amazon SNS, or API activities in a standard server-less application. The functions can work independently or in conjunction with other resources such as DynamoDB tables or Amazon S3 buckets. A function is the most common serverless application.

 

Ques: 10). What precisely is deployment automation?

Answer:

It's a lot like programming in another language. However, it alleviated many of the difficulties. The nicest part is the deployment of a pipeline that can be readily built as one gains experience. Automated Deployment reduces human intervention and assists enterprises in ensuring quality-based and best-in-class outcomes.

 

Ques: 11). What are the features of AWS Lambda that make deployments more automated?

Answer:

AWS lambda supports a variety of environmental factors. When it comes to altering the deployment package, they can be utilised for data and a variety of additional credentials. It also allows aliases because it's a serverless technique. There are a few categories that you may simply think about, such as stage production and development. As a result, functions may be readily evaluated for testing without disrupting the production code. Because the end-point does not change frequently, it is possible to keep up with the task's pace.

 

Ques: 12). What are the benefits of employing a server-less approach?

Answer:

To begin with, this technique features straightforward procedures that allow for a faster time to market and increased revenue. Users only have to pay when the code is compiling, therefore increasing profitability can save a lot of money. Managing the components of the larger application is also not difficult. Furthermore, the additional infrastructure is not required. The biggest advantage is that customers don't have to worry about the servers where the code is run.

 

Ques: 13). What is the definition of an external extension? What are some external Lambda runtime extensions?

Answer:

An external extension is one that continues to execute as a separate process in the execution even after the function call has completed. External extensions for Lambda runtimes include:

  • NET Core 3.1 (C#/PowerShell) ( dotnetcore3. 1 )
  • Custom runtime ( provided )
  • Custom runtime on Amazon Linux 2 ( provided. al2 )
  • Java 11 (Corretto) ( java11 )
  • Java 8 (Corretto) ( java8. al2 )

 

Ques: 14). Is it possible to scale Amazon Instance vertically? If so, how would you go about doing it?

Answer:

Yes, it is feasible to scale an Amazon Instance vertically. Here's how to do it:

  • On top of the already controlling instance, form and twist a new enormous instance.
  • Try delaying the present instance and separating the source web mass of dispatch and the server.
  • The next step is to terminate your current instance and detach it from the source quantity.
  • Make a note of the new machine ID and use the same source mass on your new server.

 

Ques: 15). What are the many ways to activate Lamda?

Answer:

Lambda can be triggered in three different ways.

API Gateway event:

These are what are known as standard events. When someone calls an API Gateway For Lambda, it will call your lambda function. If you're using the Serverless Framework, you'll need to specify which event type was triggered in the configuration, or serverless.yml.

S3 events:

S3 events happen when someone(s) changes the contents of an S3 bucket. A file can be created, removed, or updated to change the content. When you specify an event, you can choose whether the lambda function creates, destroys, or changes a file.

DynamoDB events:

When someone makes a modification to a record in a DynamoDB table, all of the changes are immediately published in a stream, and the lambda is triggered because there is data in the stream. When there is data in the stream, Lambda can be activated in two different ways. First, the lambda will only be called once if there is specific data in the stream, such as a single database change at a specific time. The second method Lambda is activated is when a stream of events is processed together. Because streams are rather rapid, this significantly reduces the amount of time spent running.

 

Ques: 16). What are the drawbacks of a serverless architecture?

Answer:

Everything in the Aws lambda has its own set of advantages and disadvantages, depending on the task at hand.

In the serverless technique, the upper limit is strictly on vendor control, which results in higher downtime.

Other difficulties include the loss of system operation and the system's constraints. AWS serverless solution requires dedicated hardware, which is not available.

Most of the time, it is the customer's blunders that cause the issues.

 

Ques: 17). What are the best security techniques in Lambda?

Answer:

In terms of security, Lambda has some of the best solutions. Identity Access and Management can be used. When it comes to regulating access to resources, this might be advantageous. Another option is privilege, which essentially expands the permissions. Access might be blocked to untrustworthy or unauthorised hosts. The security group has regulations that can be reviewed over time to stay up with the pace.

 

Ques: 18). In Lambda, what is SQS? What function does it have?

Answer:

SQS is essentially a method for sharing and transmitting information between hosts and connectors. Different Lambda components can be made available, or in other words, communication can be enabled. Even if the functional components aren't the same, they can be linked together. This strategy can eliminate a lot of failures, and components can communicate well with one another.

 

Ques: 19). In Lambda, what are Final Variables and Effectively Final Variables?

Answer:

Final variables are ones that can't be changed once they've been assigned. They are called essentially variable when they are in an early stage where any type of change is possible. They have yet to be assigned a value. In many circumstances, the outcome is required without constraint, which is why effective variables are used. They can also help with testing. Effective Variables can be used to empower final variables with a variety of additional capabilities. In Lambda, the majority of local expressions are final.

 

Ques: 20). What are the different types of storage that Amazon offers?

Answer:

There are a variety of storage options for Amazon Lambda, and the main thing to remember is that all of them are the finest in terms of durability and performance. It would not be a problem if you used them together. Accessibility for people with disabilities is also available. Let me give you a few examples, such as EBS, which is a storage tool that is essentially block-level storage. This comes with encryption capabilities, and it's an excellent alternative to think about if your system requires independent storage. The next category is EC2 instances, which are storage discs that are directly attached to the host PC.

This sort of storage is only employed for a short period of time. After then, the user can think about good storage. Until the instances are valid, the user data will be valid. The user can utilise this storage to run instances. The next type is Adding storage -> this is a type of root storage device. This is where you'll find information on the boot instance. The third type is Amazon S3, which is another AWS lambda storage option that is considered a low-cost alternative that can store any quantity of data.



Top 20 Aws Cloud Support Engineer Interview Question & Answers

  

Ques: 1). What is the purpose of Amazon Web Services (AWS) cloud services?

Answer: 

"Storage," as this is the primary purpose of AWS cloud services. Customers can store several types of material on the Amazon online service, including videos, music files, movies, images, files, and documents. This is a common AWS cloud support engineer interview question that can be asked during the main portion of your interview.

 

BlockChain Interview Question and Answers


Ques: 2). In what way does Amazon Web Services appear to be ideal?

Answer: 

This is a very basic but common AWS Cloud Support Engineer interview question, and the candidate's response can be stated as follows:

The Amazon Web Servers are capable of performing a wide range of tasks. Customers can select the level of assistance and support they require from AWS based on the services they desire. Amazon Web Service (AWS) provides the following services:

  • High storage
  • Monitoring & Analytics
  • Security and safety
  • Networking
  • Databases
  • Compute power

These services will always be there for the clients of Amazon Web Services. For more details about the services, you can browse the official web page of Amazon Web Service (AWS).

 

Ques: 3). What Attracts You To This Position?

Answer:

I want to help the company grow and level up by providing safe database storage, content distribution, cloud services, and computer power. I've also been keeping up with your company's recent trends, and I've seen that what you're doing is exactly what I'm interested in. I'm excited to be a part of your team. I believe this position will provide me with a tremendous opportunity to help you improve in this field.

 

Ques: 4). What networking commands do you use on a daily basis to troubleshoot problems?

Answer:

When working with servers, whether real or virtual, the first command that comes to mind is traceroute, which may be used to find the request response path taken. Tracert is the corresponding command on Windows platforms.

Ping, ipconfig, and ifconfig are some other useful commands that deal with network communication, network addresses, and interface settings.

DNS commands – nslookup, Lookup of /etc/resolv.conf file in Linux systems to get details on DNS

 

Ques: 5). Tell us about your proudest achievement.

Answer:

My most significant accomplishment was in my former work as a cloud specialist. I worked for a firm that was experiencing a shortage of cloud professionals at the time. Adding more cloud professionals to the tea sounded expensive because the company was small. I recommended to the company's president how we could automate some tasks. I helped him because he didn't know what to do. Some operations, such as backups at specific intervals and resource pattern monitoring, become simple to automate. At the end of the day, the corporation was able to achieve its goal while spending very little money.

 

Ques: 6). What do you think the most difficult aspect of this job will be?

Answer:

Lack of experience and resources will be one of the primary issues that businesses will encounter in the near future. Technology is rapidly advancing as firms continue to shift more workload to the cloud. It's becoming difficult to keep up with the correct tools. This has necessitated further training in order for me to be prepared to deal with these difficulties if they affect our organisation.

 

Ques: 7). What services does AWS typically provide to its customers?

Answer: 

Everyone knows that Amazon Web Services (AWS) is a very dependable and trusted web service. It's a safe and secure web or cloud services platform that may propel your company to new heights of success. This type of question is the most popular and falls under the category of Amazon Support Engineer interview questions. This means that you must first clear your fundamentals in order to pass or crack this interview. You can find such basic questions among AWS cloud interview questions if you are prepared for an AWS interview.

To assist its clients, AWS provides computational power, database storage, content distribution, and a variety of other related support services. Customers all around the world have already chosen the AWS platform, products, and solutions to develop dependable applications with increased flexibility and reliability. It's a fantastic IT infrastructure platform for both small and large organisations.

 

Ques: 8). When a person types the domain name into a web browser, how can you bring the website content back to them?

Answer: 

As you may be aware, every website has its own domain name system (DNS). As a result, the DNS and each website would be assigned a unique internet protocol or IP address. When entering a domain name into a web browser, the following scenarios may arise:

  • Your input or signal will be received as a request by the web server hosting services. Following that, the web server hosting firm will undoubtedly respond to your request with appropriate outcomes.
  • When you use a browser, it sends a request to the internet protocol address, which is linked to the domain name automatically.
  • The IP address is sometimes returned to the user by the domain name system.
  • To deliver back the website content to the users, the web browser will contact a domain name system.

The salary of a cloud support engineer in AWS is determined by your abilities and performance during the AWS support interview. So, if you want a higher income in your AWS work, make sure you answer the interviewer's questions properly and confidently.

 

Ques: 9). Give some instances of typical networking commands you've used.

Answer:

It's worth noting that the AWS stack is mostly based on Linux, and its cloud design makes it extremely network-dependent. As a result, regardless of your history as a system administrator, database administrator, or bigdata administrator, your AWS interview could be about networking. Learn how to use these basic networking commands:

The first step when a system is unreachable is to ping the host to ensure it is up and functioning.

ping host – This pings the host and output results

Domain related commands as AWS has become preferred hosting for major itnernet based companies, SaaS firms

To get DNS information of the domain use – dig domain

To get whois information on domain use – whois domain

Host reverse lookup – dig -x host

Download file – wget file

To continue stopped download – wget -c file

 

Ques: 10). What does the term "fault tolerant" mean?

Answer: 

When a set number of failures and issues occur, the fault tolerant process is used to control or manage the faults. It's one of the AWS Cloud's most critical self-healing features. This has become a crucial Amazon AWS cloud support engineer interview question and answer because, while the question appears easy, the answer is really complex.

It is a system property that allows a system to work or continue to work in the face of numerous failures at any moment. It is a computer system capability that makes the work of users much more reliable. Such systems are intended to safeguard any present functional system against numerous failures that may occur at any given time. It ensures that any network or system maintains the needed level of continuity in order to avoid the negative effects of interruptions.

 

Ques: 11). What exactly is a procedure? In Linux, how do you manage processes: -

Answer:

When a command is issued in a Linux/Unix based OS, a process is launched or created. In simple terms, an instance of a programme is produced while it is running in an operating system. This is how it works. Process management commands are useful in Linux for managing processes.

ps – this is the commonly used process management command to start with. ps command provides details on currently running active processes.

top – This command provides details on all running processes. ps command lists active processes whereas top lists all the processes (i.e) activity of processor in real-time. This includes details on processor and memory being used.

kill – To kill a process using the process id kill command is used. ps command provides details on process id. To kill a process issue kill pid.

killall proc – This command is same as kill command. To kill all the processes by name proc we can use this

 

Ques: 12). In Amazon Web Services, Emphasize The Importance Of Buffer.

Answer:

An Elastic Load Balancer ensures that incoming traffic is spread as efficiently as possible across multiple AWS instances. A buffer will synchronise several components and make the setup more elastic in the event of a burst of load or traffic. The components are prone to receiving and processing requests in an unreliable manner. The buffer produces an equilibrium between diverse devices and crafts them to function at the same rate, allowing for faster service delivery.

 

Ques: 13). What Is An Amazon Web Services Availability Zone?

Answer: 

A collection of your AWS resources is made up of availability zones (within a region). For high availability and fault tolerance, properly built applications will use several availability zones. Each AZ has a low-latency direct connection to the others, and each AZ is separated from the others to ensure fault tolerance.

 

Ques: 14). What Happens When A User Types A Domain Name Into A Web Browser? 

Answer:

A DNS server is contacted by the web browser, which requests the IP address associated with the domain name.

The IP address is returned to the Browser by the DNS server.

A request (for content) is sent by the browser to the IP address associated with the domain name.

The request is received by the web server holding web content, which then provides the web content back to the user.

 

Ques: 15). What are the various kinds of routing protocols?

Answer:

The routing protocol is a crucial word that describes how different routers communicate. The routing protocol can be implemented by two nodes in a computer network. The following are some of the most often used routing protocols:

  • Routing information protocols (RIP)
  • Interior Gateway Protocol (IGP)
  • Open shortest path first (OSPF)
  • Exterior Gateway Protocol (EGP)
  • Border Gateway Protocol (BGP)
  • Intermediate system to intermediate system (IS-IS)

These are some of the most commonly utilised routing kinds among system users. The interviewer may pose this topic as one of the most typical AWS cloud support engineer interview questions. So, remove your doubts regarding the network, infrastructure, and other related topics before embarking on such interviews.

 

Ques: 16). What Does The Elasticity Concept Mean For AWS Consumers and Enterprise Users?

Answer:

Elastic systems allow for the rapid addition and subtraction of servers as demand (user base) on a web application increases and drops. Getting rid of unused servers might save a lot of money.

 

Ques: 17). What is the primary distinction between a private and a public subnet?

Answer:

A private subnet normally directs traffic to a NAT instance. In the private subnet, only private IP and internet traffic is routed. A public subnet, on the other hand, requires a public IP address to communicate. The major distinction between a private and a public subnet is this.

 

Ques: 18). How would you persuade a customer to switch to AWS?

Answer: 

These types of questions might be posed during your interview to assess your mental agility, persuasion power, and speaking ability. As a candidate, you must remain cool and optimistic under such circumstances. If this question is asked during your interview, you must respond honestly. You can state things like "I have experience dealing with such customers" and "I have knowledge and expertise dealing with such consumers," and so on in your response. You can persuade customers by describing the capabilities and advantages of using the AWS cloud. As a result, job candidates can readily respond to this question based on their degree of thinking and speaking ability.

 

Ques: 19). Do you understand how the internet works in your area?

Answer: 

There are several internet tiers and web servers available all over the world, which serve as the internet's communication path. Without the internet's ingenuity, sharing could not have progressed as quickly as it has. 

Circuit switching is a word used on the internet to describe how the internet works in your current context. Another internet technology is packet switching, which makes it much easier for the internet to communicate or distribute information. This is one of the most common AWS cloud support engineer interview questions because it gives you some fundamental internet knowledge.

Packing switching is the process of separating a single internet server into numerous servers. There is no requirement for a physical path for the computer. The internet's supporting equipment would be sufficient to enable better and more dependable internet sharing among a large number of computers.

 

Ques: 20). In Linux or UNIX-based operating systems, how can you easily manage processes?

Answer:

When a user types a command into a Unix operating system, it starts working. When an operating system is started, an instance is created automatically. To manage processes in Linux OS, I would use the PS processing command. This command displays information about the currently running processes and activities. When running Linux, I can also use TOPIS as a process management tool. 

This command can be used to acquire statistics about the operating system's activity. To kill running processes, I would also use the Kill command. In a Linux-based operating system, press Ctrl+Alt+Del to terminate all programmes. I would use the killall command. With these commands, I would be able to take full control of the operating system and manage its processes effectively.

 

 

Top 20 AWS Solution Architect Interview Questions & Answers

  

Ques: 1). I have a few private servers, and I also use the public cloud to share some workloads. What kind of structure is this?

Answer:

The hybrid cloud is created when both private and public cloud services are combined. When private and public clouds are virtually housed on the same network, it is easy to comprehend a hybrid architecture.

 

AWS RedShift Interview Questions and Answers


Ques: 2). What's the difference between stopping and terminating an instance?

Answer:

Stopping an Instance: When you stop an instance, it goes through a standard shutdown process. Its Amazon EBS volume, on the other hand, remains attached, and you may restart the instance whenever you want. The advantage of stopping an instance is that you will not be charged for that instance once it has been terminated.

Terminating an Instance: When an instance is terminated, it goes through a normal shutdown and any Amazon EBS volumes attached to the instance are destroyed at the same time. You cannot restart an instance once it has been terminated.

 

Ques: 3). What distinguishes a Spot Instance from a Reserved or On-Demand Instance?

Answer:

Pricing models include Spot instances, Reserved instances, and On-demand instances. Users can buy compute power without making an upfront investment using a spot instance, however they must pay hourly, which is lower than the on-demand instance fee in each area.

Spot instances are analogous to bidding, and the Spot Price is the bidding price for these instances. The price may fluctuate due to availability and demand, but you will never pay more than the maximum amount mentioned. In the event that spot prices rise above the maximum price, the EC2 instances will automatically shut down. The opposite is not true: if spot prices fall, EC2 Instances are not instantly launched. It's possible to do it manually.

There is no obligation on the part of the user for Spot and On-demand instances. In the case of Reserved Instances, however, one must keep to the time period that was previously selected.

 

Ques: 4). In AWS, which instance type should you use to deploy a 4-node Hadoop cluster?

Answer:

Each Hadoop cluster is built on a master-slave model, in which the master system processes the data and the slave machine acts as a data node. Because all of the processing is done on the master system, it requires a high-capacity CPU and RAM, and because all of the storage is done on the slave machine, a large hard disc is required.

You have complete control over the machine's setup based on the workload. If you don't want to configure the computer manually, you can immediately launch an Amazon EMR instance that will do it for you. You dump the data to be processed in S3, EMR picks the data from there, processes it, and dumps it back to the S3.

 

Ques: 5). Is a single Elastic IP address sufficient for all running instances?

Answer:

Each instance has its own public and private addresses. When an instance is stopped or terminated, it returns a private address that is unique to that instance. Similarly, until the instance is halted or terminated, a public address is connected only with it. However, an EIP (Elastic IP address) can be assigned to an instance that will remain active until the user detaches it manually. In the event that you are hosting multiple websites on your EC2 server, you will require different EIP numbers.

 

Ques: 6). Is it possible to use an S3 bucket with EC2 Instances as well?

Answer:

Yes, it's possible to utilise it with root devices that are backed up by local instances storage. Amazon S3 gives developers access to the same dependable and expensive data storage infrastructure that Amazon uses to power its global websites.

 

Ques: 7). Explain how to use Amazon Instance to vertically scale.

Answer:

The following are the steps to vertically scale on Amazon:

  1. Upgrade from the current instance to a new larger instance.
  2. Pause the previous instance and discard it by detaching the root web volumes from the servers.
  3. Now stop the live instance and also detach its root volume.
  4. Attach the root volume to the new server after you note the unique device ID.
  5. And finally, restart it.

 

Ques: 8). What does a buffer do in Amazon web services?

Answer:

The buffer is used to make the system more robust for managing traffic or load by synchronising multiple components. The components, in general, receive and process requests in an uneven manner. When the buffer is used, however, the components are balanced and operate at the same speed, ensuring that proper service is provided.

 

Ques: 9). What kind of performance can Elastic Block Storage provide? How do you back it up and improve the results?

Answer:

The performance of elastic block storage fluctuates, and it might go above and below the SLA performance threshold. SLA gives an average disc I/O rate, which can irritate performance experts who want a server's disc throughput to be consistent and reliable. This is not the case with virtual AWS instances. A graphical user interface, such as elasticfox, can be used to backup EBS volumes, or an API call can be used to leverage the snapshot feature. Using Linux software raid and striping over four drives can further increase performance.

 

Ques: 10). Distinguish between an on-demand and a spot instance.

Answer:

Spot Instances are unused Amazon EC2 instances that can be bid on. The spot instance will be launched once the bid exceeds the current spot price (which changes in real-time based on demand and supply). If the spot price exceeds the bid price, the instance can be cancelled at any time and with only 2 minutes' notice. The best technique to determine the best bid price for a spot instance is to consult the AWS console's price history for the previous 90 days. Spot instances have the benefit of being cost-effective, but the disadvantage is that they can be cancelled at any time. Spot instances are ideal to use when –

There are optional nice to have tasks.

You have flexible workloads which can be run when there is enough compute capacity.

Tasks that require extra computing capacity to improve performance.

On-demand instances are available anytime you need them, and you must pay on an hourly basis for the time you utilise them. These instances can be released as soon as they are no longer needed, and there is no commitment required up front. Unlike spot instances, AWS guarantees the availability of these instances.

The recommended practise is to start a few on-demand instances that can provide a minimal level of assured compute resources for the application and then add on a few spot instances as needed.

 

Ques: 11). What is Amazon EMR and how does it work?

Answer:

Amazon EMR is a surviving cluster stage that is useful in data structures since it demonstrates how things work before they are notified. On Amazon Web Services, Apache Spark and Apache Hadoop are useful for analysing massive amounts of data. Data for analytics purposes and marketing intelligence workloads can be prepared using Apache Hive. It also makes use of other open-source ideas that are applicable.

 

Ques: 12). Is it possible to scale an Amazon Instance vertically? If so, how do you go about doing it?

Answer:

The steps to vertically scale an Amazon Instance are as follows –

    1. Spin up a larger Amazon instance than the existing one.
    2. Pause the exisiting instance to remove the root ebs volume from the server  and discard.
    3. Stop the live running instance and detach its root volume.
    4. Make a note of the unique device ID and attach that root volume to the new server.
    5. Start the instance again.

 

Ques: 13). How will you prepare an instance to serve traffic by configuring it with the application and its dependencies?

Answer:

The use of lifecycle hooks can help you do this. They are useful because they allow you to halt the construction or termination of an instance so that you can sneak a peek inside and do specific activities such as configuring the instance, downloading relevant files, and performing any other steps necessary to get the instance ready. There can be many lifecycle hooks in each auto scaling group.

 

Ques: 14).  How can EC2 instances running in a VPC be protected?

Answer:

AWS Security groups connected with EC2 instances can help you protect EC2 instances running in a VPC by enforcing protocol and port access security. You can secure access to the EC2 instance by configuring both INBOUND and OUTBOUND traffic. AWS security groups are similar to firewalls in that they contain a collection of rules that filter traffic entering and exiting an EC2 instance and prevent unauthorised access to those instances.

 

Ques: 15). What are some of the most important security best practises in Amazon EC2?

Answer:

To limit access to your AWS resources, create unique IAM (Identity and Access Management) users. Creating a unique IAM user gives each user their own set of credentials, allowing them to be given varying permissions based on their access needs.

  • Secure the AWS Root account and its access keys.
  • Harden EC2  instances by disabling unnecessary services and applications by installing only necessary software and tools on EC2 instances.
  • Grant least privileges by opening up permissions that are required to perform a specific task and not more than that. Additional permissions can be granted as required.
  • Define and review the security group rules on a regular basis.
  • Have a well-defined strong password policy for all the users.
  • Deploy anti-virus software on the AWS network to protect it from Trojans, Viruses, etc.

 

Ques: 16). What are the key characteristics of a traditional load balancer in EC2?

Answer:

The high availability functionality distributes traffic among EC2 instances in a single or several availability zones.

This assures a high level of incoming traffic availability.

Based on the findings of the health check, a traditional load balancer can decide whether or not to route traffic.

By defining security groups in a VPC, you may achieve safe load balancing within a network.

Sticky sessions are supported by traditional load balancers, which ensure that a user's traffic is always routed to the same instance for a consistent experience.

 

Ques: 17).  What are the possible connection issues you encounter when connecting to an EC2 instance ?

Answer:

    • Unprotected private key file
    • Server refused key
    • Connection timed out
    • No supported authentication method available
    • Host key not found,permission denied.
    • User key not recognized by the server, permission denied.

 

Ques: 18). What's the difference between stopping and terminating an EC2 instance?

Answer:

When you end an EC2 instance, it goes into a standard shutdown mode and is moved to the stop state. When an EC2 instance is terminated, it is put into a suspended state, and any EBS volumes attached to it are erased and can't be restored.

 

Ques: 19). How can you use EBS to automate EC2 backups?

Answer:

Creating snapshots of EBS volumes can be used to back up AWS EC2 instances. Amazon S3 is utilised to store the snapshots. Snapshots can capture all of the data in EBS volumes and produce precise replicas of it. The snapshots can then be cloned and relocated to another AWS region, ensuring that sensitive data is kept safe and secure.

Stopping the instance or detaching the EBS volume that will be backed up is suggested before executing AWS EC2 backup. Any failures or problems will not effect newly produced snapshots as a result of this.

The following steps must be followed to back up an AWS EC2 instance:

  1. Sign in to the AWS account, and launch the AWS console.
  2. Launch the EC2 Management Console from the Services option.
  3. From the list of running instances, select the instance that has to be backed up.
  4. Find the Amazon EBS volumes that are attached locally to that particular instance.
  5. List the snapshots of each of the volumes, and specify a retention period for the snapshots. A snapshot has to be created of each volume too.
  6. Remember to remove snapshots that are older than the retention period.

 

Ques: 20). What is a denial-of-service (DoS) attack, and how do you respond to one?

Answer:

When a malicious attempt is made to affect the availability of a certain system, such as an application or a website, a Denial of Service (DoS) attack occurs. When an attacker uses many sources to generate a DDoS attack, it is known as a Distributed Denial of Service attack. DDoS assaults are usually classified according to whatever layer of the Open Systems Interconnection (OSI) model they target. The Network, Transport, Presentation, and Application levels, which correspond to layers 3,4,6, and 7, are the most typical targets for DDoS attacks.