About AWS Interview Questions
This is the right place for Top 100 AWS Interview questions and answers for freshers or experienced. Amazon web services interview questions are in objective type framed by our AWS training experts, This helps you to crack the interview successfully and improve your AWS technical skills. Now a day everything is rotating around cloud platforms, Amazon web services are the most trending cloud platform nowadays with market share 33% ahead of all cloud service platforms. We offer AWS online course and AWS classroom training by expert trainers to give you practical software industry exposure to meet present IT Demands.
Read Top AWS Interview Questions
Q1. You currently have an EC2 instance hosting a web application. The number of users is expected to increase in the coming months and hence you need to add more elasticity to your setup. Which of the following methods can help add elasticity to your existing setup. Choose 2 answers from the options given below?
- Setup your web app on more EC2 instances and set them behind an Elastic Load balancer
- Setup an Elastic Cache in front of the EC2 instance.
- Setup your web app on more EC2 instances and use Route53 to route requests accordingly.
- Setup DynamoDB behind your EC2 Instances
Q2. You are creating a Provisioned IOPS volume in AWS. The size of the volume is 8 GiB. Which of the following are the possible values that can put for the IOPS of the volume?
Q3. A company is hosting EC2 instances which focuses on work-loads are on non-production and non-priority batch loads. Also these processes can be interrupted at any time. What is the best pricing model which can be used for EC2 instances in this case?
- Reserved Instances
- On-Demand Instances
- Spot Instances
- Regular Instances
Q4. You have 2 Ubuntu instances located in different subnets in the same VPC. Now to your understanding these instances should be able to communicate with each other, but when you try to ping from one instance to another, you get a timeout. The Route tables seem to be valid and has the entry for the Target ‘local’ for your VPC CIDR. Which of the following could be a valid reason for this ?
- The Instances are of the wrong AMI , hence you are not able to ping the instances.
- The Security Group has not been modified for allow the required traffic.
- The Instances don’t have Public IP, so that the ping commands can be routed
- The Instances don’t have Elastic IP, so that the ping commands can be routed
Q5. What is the best way to move an EBS volume currently attached to an EC2 instance from one availability zone to another ?
- Detach the volume and attach to an EC2 instance in another AZ.
- Create a new volume in the other AZ and specify the current volume as the source.
- Create a snapshot of the volume and then create a volume from the snapshot in the other AZ
- Create a new volume in the AZ and do a disk copy of contents from one volume to another.
Q6. When it comes to API credentials, what is the best practice recommended by AWS?
- Create a role which has the necessary and can be assumed by the EC2 instance.
- Use the API credentials from an EC2 instance.
- Use the API credentials from a bastion host.
- Use the API credentials from a NAT Instance.
Q7. You want to retrieve the Public IP addresses assigned to a running instance via the instance metadata. Which of the below URLs is valid for retrieving this data.
- http:// 169.254.169.254/latest/meta-data/public-ipv4
Q8. You are planning to use the MySQL RDS in AWS. You have a requirement to ensure that you are available to recover from a database crash. Which of the below is not a recommended practice when you want to fulfill this requirement?
- Ensure that automated backups are enabled for the RDS
- Ensure that you use the MyISAM storage engine for MySQL
- Ensure that the database does not grow too large
- Ensure that file sizes for the RDS is well under 6 TB.
Q9. Which of the following is a valid bucket name?.
Q10. Which of the following is not a feature provided by Route53?
- Registration of Domain Names
- Routing of internet traffic to domain resources
- Offloading content to cache locations
- Health check of resources
Q11. When working with API gateways in AWS, what is the type of endpoints that exposed
Q12. Which of the following verbs are supported with the API Gateway?
- All of the above
Q13. Which of the following container technologies are currently supported by the AWS ECS service?
- Canonical LXD
Q14. Which of the following when used alongside with the AWS Secure Token service can be used to provide a single sign-on experience for existing users who are part of an organization using on-premise applications?
- OpenID Connect
- SAML 2.0
Q15. While performing status checks on your volume in AWS , you can see that the volume check has a status of “insufficient-data”. What can you derive from this status check?
- All checks have passed
- A particular check has failed only
- All checks have failed
- The check on the volume is still in progress.
Q16. Which of the following can constitute the term of a “Golden Image”?
- This is the basic AMI which is available in AWS.
- This refers to an instance which has been bootstrapped.
- This refers to an AMI that has been constructed from a customized Image.
- This refers to a special type of Linux AMI.
Q17. When designing a health check for your web application which is hosted behind an elastic load balancer, which of the following health checks is ideal to implement?
- A TCP health check
- A UDP health check
- A HTTP health check
- A combination of TCP and UDP health checks
Q18. Which of the following is an example of synchronous replication which occurs in the AWS service?
- AWS RDS Read Replica’s for MySQL, MariaDB and PostgreSQL
- AWS Multi-AZ RDS
- Redis engine for Amazon ElastiCache replication
- AWS RDS Read Replica’s for Oracle
Q19. You want to get the reason for your EC2 Instance termination from the CLI. Which of the below commands is ideal in getting the reason?
- aws ec2 describe-instances
- aws ec2 describe-images
- aws ec2 get-console-screenshot
- aws ec2 describe-volume-status
Q20. When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions?
- Amazon DynamoDB
- Amazon Elastic Compute Cloud (EC2)
- Amazon Elastic Load Balancing
- Amazon Simple Storage Service (S3)
Q21. An application is currently configured on an EC2 instance to process messages in SQS. The queue has been created with the default settings. The application is configured to just read the messages once a week. It has been noticed that not all the messages are being picked by the application. What could be the issue?
- The application is configured to long polling, so some messages are not being picked up
- The application is configured to short polling, so some messages are not being picked up
- Some of the messages have surpassed the retention period defined for the queue
- Some of the messages don’t have the right permissions to be picked up by the application
Q22. Your application is on an EC2 instance in AWS. Users use the application to upload a file to S3. The message first goes to an SQS queue, before it is picked up by a worker process, which fetches the object and uploads it to S3. An email is then sent on successful completion of the upload. You notice though that you are getting numerous emails for each request, when ideally you should be getting only one final email notification for each successful upload. Which of the below could be the possible reasons for this?
- The application is configured for long polling so the messages are being picked up multiple times.
- The application is not deleting the messages from SQS.
- The application is configured to short polling, so some messages are not being picked up
- The application is not reading the message properly from the SQS queue.
Q23. You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have noticed that the instance is not receiving a DNS name. Which of the below options could be a valid reason for this issue?
- The CIDR block for the VPC is invalid
- The CIDR block for the subnet is invalid
- The VPC configuration needs to be changed.
- The subnet configuration needs to be changed.
Q24. You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have attached an internet gateway to the VPC and seen that the instance has a public IP. The Route table is shown below?
The instance still cannot be reached from the Internet. Which of the below changes need to be made to the route table to ensure that the issue can be resolved?
- Add the following entry to the route table – 0.0.0.0/0->Internet Gateway
- Modify the above route table – 10.0.0.0/16 ->Internet Gateway
- Add the following entry to the route table – 10.0.0.0/16 ->Internet Gateway
- Add the following entry to the route table – 0.0.0.0/16->Internet Gateway
Q25. You wanted to have a VPC created in AWS which will host an application. The application will just consist of web and database servers. The application just requires to be accessed from the internet by internet users. Which of the following VPC configuration wizards options would you use?
- VPC with a Single Public Subnet Only
- VPC with Public and Private Subnets
- VPC with Public and Private Subnets and Hardware VPN Access
- VPC with a Private Subnet Only and Hardware VPN Access
Q26. Which of the following statements are true with regards to EBS Volumes. Choose 3 correct answers from the options given below?
- EBS Volumes are automatically replicated within that zone to prevent data loss due to failure of any single hardware component
- EBS Volumes can be attached to any EC2 Instance in any AZ.
- After you attach a volume, it appears as a native block device similar to a hard drive or other physical device.
- An EBS volume can be attached to only one instance at a time
Q27. You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur?
- Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on this port after a reboot.
- Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate over this port immediately.
- Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.
- Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as soon as the relevant Time To Live (TTL) expires.
Q28. You are creating a number of EBS Volumes for your EC2 instances. You are concerned on the backups of the EBS Volumes. Which of the below is a way to backup the EBS Volumes?
- Configure Amazon Storage Gateway with EBS volumes as the data source and store the backups on-premise through the storage gateway
- Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes.
- Use a lifecycle policy to back up EBS volumes stored on Amazon S3 for durability
- Write a cronjob on the server that compresses the data and then copy it to Glacier
Q29. You have a set of IIS Servers running on EC2 Instances. You want to collect and process the log files generated from the IIS Servers. Which of the below services is ideal to run in this scenario?
- Amazon S3 for storing the log files and Amazon EMR for processing the log files
- Amazon S3 for storing the log files and EC2 Instances for processing the log files
- Amazon EC2 for storing and processing the log files
- Amazon DynamoDB to store the logs and EC2 for running custom log analysis scripts
Q30. You are trying to configure Cross Region Replication for your S3 bucket. But you are not able to select the option of Cross Region Replication and is disabled. Which of the below could be the possible reasons for this?
- The feature is not available in that region
- You need to enable versioning on the bucket
- The source region is currently down
- The destination region is currently down
Q31. What is the amount of temp space is allocated to you when using Lambda functions per invocation?
- 256 MB
- 512 MB
- 2 GiB
- 16 GiB
Q32. You have a requirement to create a subnet in an AWS VPC which will host around 20 hosts. This subnet will be used to host web servers. Which of the below could be the possible CIDR block allocated for the subnet?
Q33. You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS?
- SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members.
- Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
- SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
- Use SNS to notify when a premium member has uploaded a video and then process that video accordingly.
Q34. Which of the following services natively encrypts data at rest within an AWS region? ( Choose two )?
- AWS Storage Gateway
- Amazon DynamoDB
- Amazon CloudFront
- Amazon Glacier
- Amazon Simple Queue Service
Q35. Your EC2 instances are configured to run behind an Amazon VPC. You have assigned two web servers instances to an Elastic Load Balancer. However, the instances and the ELB are not reachable via URL to the elastic load balancer serving the web app data from the EC2 instances. What could be done to resolve this issue?
- Attach an Internet gateway to the VPC and route it to the subnet
- Add an elastic IP address to the instance
- Use Amazon Elastic Load Balancer to serve requests to your instances located in the internal subnet
- Recreate the instances again
Q36. You want to ensure that you keep a check on the Active Volumes, Active snapshots and Elastic IP addresses you use so that you don’t go beyond the service limit. Which of the below services can help in this regard?
- AWS Cloudwatch
- AWS EC2
- AWS Trusted Advisor
- AWS SNS
Q37. You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?
- Multiple Amazon EBS volume with snapshots
- A single Amazon Glacier vault
- A single Amazon S3 bucket
- Multiple instance stores
Q38. You are an AWS Administrator for your company. The company currently has a set of AWS resources hosted in a particular region. You have been requested by your supervisor to create a script which could create duplicate resources in another region incase of a disaster. Which of the below AWS services could help fulfil this requirement?
- AWS Elastic Beanstalk
- AWS SQS
- AWS Cloud formation
- AWS SNS
Q39. What are bastion hosts?
- They are instances in the public subnet which are used as a jump server to resources within other subnets.
- They are instances in the private subnet which are used as a jump server to resources within other subnets.
- They are instances in the public subnet which are used to host web resources that can be accessed by users.
- They are instances in the private subnet which are used to host web resources that can be accessed by users.
Q40. You have several AWS reserved instances in your account. They have been running for some time, but now need to be shutdown since they are no longer required. The data is still required for future purposes. Which of the below possible 2 steps can be taken?
- Convert the instance to on-demand instances
- Sell the instances on the AWS Reserved Instance Marketplace
- Take snapshots of the EBS volumes and terminate the instances
- Convert the instance to spot instances
Q41. You have an EC2 Instance in a particular region. This EC2 Instance has a preconfigured software running on it. You have been requested to create a disaster recovery solution incase the instance in the region fails. Which of the following is the best solution. Please select:
- Create a duplicate EC2 Instance in another AZ. Keep it in the shutdown state. When required , bring it back up.
- Backup the EBS data volume. If the instance fails , bring up a new EC2 instance and attach the volume.
- Store the EC2 data on S3. If the instance fails , bring up a new EC2 instance and restore the data from S3.
- Create an AMI of the EC2 Instance and copy it to another region
Q42. Amazon’s Redshift uses which block size for its columnar storage?
Q43. You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?
- Save the API credentials to your PHP files.
- Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.
- Save your API credentials in a public GitHub repository.
- Pass API credentials to the instance using instance userdata.
Q44. You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?
- CPU Usage
- Memory usage
- Disk read operations
- Network in
Q45. In order for an EC2 instance to be accessed from the internet, which of the following are required. Choose 3 answers from the options given below Please select:
- An Internet gateway attached to the VPC
- A private IP address attached to the instance
- A public IP address attached to the instance
- A route entry to the Internet gateway in the Route table
Q46. You are IOT sensors to monitor the number of bags that are handled at an airport. The data gets sent back to a Kinesis stream with default settings. Every alternate day, the data from the stream is sent to S3 for processing. But you notice that S3 is not receiving all of the data that is being sent to the Kinesis stream. What could be the reason for this.
- The sensors probably stopped working on some days hence data is not sent to the stream.
- S3 can only store data for a day
- Data records are only accessible for a default of 24 hours from the time they are added to a stream
- Kinesis streams are not meant to handle IoT related data
Q47. You are defined the following Network ACL for your subnet?
What will be the outcome when a workstation of IP 18.104.22.168 tries to access your subnet?
- The request will be allowed
- The request will be denied
- The request will be allowed initially and then denied
- The request will be denied initially and then allowed
Q48. Which procedure for backing up relational database on EC2 that is using a set of RAIDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup?
A. 1. Detach EBS volume, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes
B. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes
C. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk I/O
D. 1. Suspend disk I/O. 2. Start EBS snapshot of volumes, 3. Resume disk I/O
D. 1. Suspend disk I/O, 2. Start EBS snapshot of Volumes, 3. Wait for snapshot to complete, 4. Resume disk
Q49. You are a solutions architect working for a company. They store their data on S3, however recently an someone accidentally deleted some critical files in S3. You’ve been asked to prevent this from happening in the future. What options below can prevent this?
- Make sure you provide signed URL’s to all users.
- Enable S3 versioning and Multifactor Authentication (MFA) on the bucket.
- Use S3 Infrequently Accessed storage to store the data on.
- Create an IAM bucket policy that disables deletes.
Q50. You run an automobile reselling company that has a popular online store on AWS. The application site behind an Auto Scaling group and required new instances of Auto scaling group to identify their puclic and private Ip addresses. How can you achieve this?
- By using Ipconfig for windows or ifconfig for linux
- By using a cloud watch metric
- using a curl or Get command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
- using a curl or Get command to get the latest meta-data from http://169.254.169.254/latest/user-data/
Q51. You are the solution architect for a company. The company has a requirement to deploy an application which will need to have session management in place. Which of the following services can be used for session management accordingly?
- AWS Storage Gateway, Elasticache & ELB
- ELB, Elasticache & RDS
- Cloudwatch, RDS & DynamoDb
- RDS, DynamoDB & Elasticache.
Q52. You are working for an Enterprise and have been asked to get a support plan in place from AWS.
1) 24×7 access to support
2) Access to the full set of Trusted Advisor checks
Which of the following would meet these requirements ensuring that cost is kept at a minimum?
Q53. Which of the following is incorrect with regards to Private IP addresses?
- In Amazon EC2 classic, the private IP addresses are only returned to Amazon EC2 when the instance is stopped or terminated
- In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
- In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.
- In Amazon EC2 classic, the private IP address is associated exclusively with the instance for its lifetime
Q54. Which of the following are best practices for monitoring your EC2 Instances?
- Create and implement a monitoring plan that collects monitoring data from all of the parts in your AWS solution
- Automate monitoring tasks as much as possible
- Check the log files on your EC2 instances
- All of the above
Q55. For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? Choose two answers from the options given below?
- Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors
- Managing a multi-step and multi-decision checkout process of an e-commerce website.
- Orchestrating the execution of distributed and auditable business process.
- Using as an SNS endpoint to trigger execution of video transcoding jobs
Q56. You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it’s user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible?
- S3 – Infrequently Accessed Storage.
- S3 – Reduced Redundancy Storage (RRS).
- S3 – Provisioned IOPS.