Friday, 15 August 2025

AWS Interview Master Guide

AWS Interview Master Guide - Full Q&A

1. Security & Identity Management

·         Q: What is IAM in AWS?

A: Identity and Access Management – controls who can access AWS resources and what actions they can take.

 

·         Q: IAM Users vs Roles?

A: Users: Long-term credentials for people/services. Roles: Temporary credentials for AWS resources or cross-account access.

 

·         Q: IAM Policy types?

A: Identity-based, Resource-based, Permissions boundaries, SCPs.

 

·         Q: AWS WAF use cases?

A: Block SQL injection, XSS, DDoS mitigation, geo-restriction.

 

·         Q: What is AWS Shield?

A: Managed DDoS protection (Standard = free, Advanced = paid with SLA).

 

·         Q: How does GuardDuty detect threats?

A: Analyzes VPC Flow Logs, CloudTrail, DNS logs using ML and threat intel.

 

·         Q: AWS Inspector vs AWS Config?

A: Inspector → Security vulnerability scans. Config → Configuration tracking & compliance.

 

·         Q: Steps for least privilege access?

A: Create minimal policies, review with IAM Access Analyzer, remove unused permissions.

 

·         Q: KMS vs Secrets Manager?

A: KMS = encryption keys. Secrets Manager = credentials & rotation.

 

·         Q: How to secure S3 buckets?

A: Block public access, bucket policies, SSE encryption, MFA delete.

 

·         Q: Difference between Security Groups and NACLs?

A: SG: Instance-level, stateful. NACL: Subnet-level, stateless.

 

·         Q: What is MFA in AWS?

A: Multi-Factor Authentication – extra security layer using device codes.

 

·         Q: Bastion Host best practice?

A: Public subnet, SSH from admin IP only, use SSM Session Manager.

 

·         Q: Encryption at rest vs in transit?

A: At rest → SSE-KMS, EBS encryption. In transit → TLS/HTTPS.

 

2. Networking

·         Q: What is VPC?

A: Isolated virtual network in AWS for resources.

 

·         Q: Key VPC components?

A: Subnets, Route Tables, IGW, NAT Gateway, SG, NACLs, VPC Peering.

 

·         Q: Public vs Private subnet?

A: Public: route to IGW, public IP. Private: no IGW, only private IP.

 

·         Q: VPC Peering vs Transit Gateway?

A: Peering: direct 2-VPC link. TGW: hub for many VPCs & on-prem.

 

·         Q: NAT Gateway purpose?

A: Allows private subnet instances to reach internet without inbound access.

 

·         Q: VPN types in AWS?

A: Site-to-Site, Client VPN, AWS Direct Connect.

 

·         Q: PrivateLink use case?

A: Secure private service access without public internet.

 

·         Q: VPC Flow Logs use?

A: Track traffic in/out of ENIs for troubleshooting.

 

·         Q: Route Table function?

A: Controls outbound/inbound traffic destinations.

 

·         Q: Difference between IGW & EIGW?

A: IGW: full internet access. EIGW: only outbound internet access.

 

·         Q: How to connect multiple VPCs securely?

A: TGW, PrivateLink, Peering + route tables.

 

·         Q: ALB vs NLB?

A: ALB: HTTP/HTTPS, content routing. NLB: TCP/UDP, high speed.

 

·         Q: VPC Endpoint types?

A: Gateway (S3/DynamoDB), Interface (ENI-based).

 

3. Compute

·         Q: EC2 pricing models?

A: On-Demand, Reserved, Spot, Savings Plans.

 

·         Q: EC2 families?

A: General, Compute Optimized, Memory Optimized, Storage Optimized.

 

·         Q: Auto Scaling use?

A: Scale EC2 count based on metrics (CPU, traffic).

 

·         Q: ALB vs NLB vs CLB?

A: ALB = L7 HTTP/HTTPS. NLB = L4 TCP/UDP. CLB = legacy.

 

·         Q: Placement groups?

A: Cluster, Spread, Partition – for network latency control.

 

·         Q: Spot Instances use?

A: Cost saving, non-critical workloads.

 

·         Q: What is ECS?

A: AWS managed container orchestration (Docker).

 

·         Q: ECS vs EKS?

A: ECS: AWS-native. EKS: Kubernetes.

 

·         Q: User Data in EC2?

A: Scripts run at instance launch for config automation.

 

·         Q: Elastic IP use?

A: Static public IPv4 for EC2.

 

·         Q: Difference between ELB and API Gateway?

A: ELB = traffic distribution. API Gateway = API management.

 

·         Q: RDS Proxy role?

A: Connection pooling for RDS/Lambda/EC2.

 

4. Storage

·         Q: S3 vs EFS vs EBS?

A: S3 = object storage, EFS = shared file storage, EBS = block storage.

 

·         Q: S3 storage classes?

A: Standard, IA, One-Zone IA, Glacier, Deep Archive.

 

·         Q: S3 versioning use?

A: Keeps old versions for recovery.

 

·         Q: Lifecycle policies?

A: Auto-move/expire objects.

 

·         Q: Cross-region replication?

A: Auto-copy S3 objects to another region.

 

·         Q: How to secure S3?

A: Block public, bucket policy, SSE encryption.

 

·         Q: EBS snapshot purpose?

A: Backup EC2 volumes to S3.

 

·         Q: EBS vs Instance Store?

A: EBS persistent, Instance Store temporary.

 

·         Q: EFS vs FSx?

A: EFS = NFS Linux, FSx = Windows/High-perf.

 

·         Q: Multipart upload in S3?

A: Upload large files in parts for efficiency.

 

5. Databases

·         Q: RDS vs DynamoDB?

A: RDS = SQL, DynamoDB = NoSQL.

 

·         Q: Aurora vs RDS?

A: Aurora = AWS-optimized RDS with better scaling.

 

·         Q: Multi-AZ vs Read Replica?

A: Multi-AZ = HA. Read Replica = scale reads.

 

·         Q: DynamoDB partition key best practice?

A: High cardinality to avoid hot partitions.

 

·         Q: ElastiCache use?

A: In-memory caching for fast reads.

 

·         Q: RDS Proxy benefit?

A: Connection pooling.

 

·         Q: DMS purpose?

A: Migrate DB with minimal downtime.

 

·         Q: Backup in DynamoDB?

A: On-demand + point-in-time recovery.

 

6. Serverless

·         Q: Lambda cold start?

A: Delay on first run – fix with Provisioned Concurrency.

 

·         Q: Lambda vs EC2?

A: Lambda = short-lived, event-based. EC2 = full control.

 

·         Q: API Gateway + Lambda?

A: Build serverless REST APIs.

 

·         Q: Step Functions use?

A: Workflow orchestration.

 

·         Q: EventBridge vs SNS?

A: EventBridge = event bus, SNS = pub/sub messaging.

 

·         Q: DynamoDB scaling?

A: On-demand mode, adaptive capacity.

 

7. Automation & IaC

·         Q: CloudFormation vs Terraform?

A: CF = AWS-only. Terraform = multi-cloud.

 

·         Q: AWS CLI use?

A: Automate via shell scripts.

 

·         Q: Boto3 use?

A: AWS SDK for Python.

 

·         Q: CodePipeline?

A: CI/CD orchestration.

 

·         Q: AMI automation?

A: Packer or Lambda scripts.

 

8. Monitoring & Logging

·         Q: CloudWatch vs CloudTrail?

A: CW = metrics/logs. CT = API calls audit.

 

·         Q: X-Ray use?

A: Trace requests for performance bottlenecks.

 

·         Q: Alarms in CloudWatch?

A: Notify via SNS.

 

·         Q: Centralized logging?

A: CloudWatch → Kinesis → S3/SIEM.

 

9. DevOps Integration

·         Q: CI/CD in AWS?

A: CodeCommit → CodeBuild → CodeDeploy → CodePipeline.

 

·         Q: Blue/Green deployment?

A: Zero-downtime deployments.

 

·         Q: Canary release?

A: Gradual traffic shift.

 

10. Migration & Hybrid

·         Q: Snowball?

A: Physical device for TB-PB data transfer.

 

·         Q: DMS?

A: Minimal downtime DB migration.

 

·         Q: Direct Connect?

A: Private dedicated link to AWS.

 

11. Cost Optimization

·         Q: Trusted Advisor?

A: Cost, security, performance checks.

 

·         Q: RI vs Savings Plans?

A: Both give discounts; Savings Plans more flexible.

 

·         Q: Spot instances?

A: Cheapest EC2 pricing.

 

12. Advanced Architecture

·         Q: Multi-Region design?

A: DR, latency optimization.

 

·         Q: RTO vs RPO?

A: Recovery Time Objective, Recovery Point Objective.

 

·         Q: DR strategies?

A: Backup/restore, pilot light, warm standby, multi-site.

 


Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)