5 INTERVIEW QUESTIONS HANDY FOR AWS SOLUTION ARCHITECH

1. How Do You patch Linux on premises?

• Identify the patches that need to be applied to your Linux system and this can be achieved with the use of  the release notes of Linux distribution.

• Then make use of the package manager of Linux distribution to download and install the patches. For some of the flavor, you can use the "apt-get" command for the download and install the patches.

• Once the installation is done, you then test the system to ensure that the patches was applied correctly and that the system can perform optimally.

• The last step will be to monitor the new patches so that the system can remain secure and up-to-date.

2. What Are Steps Taken To Manage Storage On Linux?

• STEP 1: This is when partitions are created on the storage device with tools such as "fdisk", "gdisk" or "parted".

• STEP 2: This is when format the partitions you have created with a file system. This is achieved by running command like "mkfs.ext4 /dev/sda1" where "/dev/sda1" is the partition to format.

• STEP 3: Here, the file system is mounted or attach the file system to a directory in your file system hierarchy using the "mount" command (e.g, mounting partition "/dev/sda1" to a directory such as "/mnt/data". RUN: "mount /dev/sda1 /mnt/data" to achieve this. Additionally, if you want to "Unmount the file system from its mount point, RUN: "umount /mnt/data".

• STEP 4: Tool such as "df" and "du" can be used to monitor disk usage as well as directories and files tat take so much of the disk space.

• STEP 5: This is the stage where the management of the storage devices is vital. Here, tools like "udev"  to manage storage devices and this come handy to identify device names, paths, as well as the creation and removal of  device links.

3. What Are Different Migration Strategies?:

• Lift and Shift: This strategy requires minimal modification changes to the application code. This is useful in the migration of legacy applications to the cloud.

• Rehosting: This strategy requires minor modifications to the application code and its useful when the operating system of the current environment is the same as the new infrastructure.

• Replatforming: Here, in order to take advantage of the new environment's capabilities,  some modifications to the application code are made to improve on the application. 

• Refactoring: This requires making significant changes to the application code such as redesigning the whole application architecture or bringing in different services such as API and other event driven solutions cloud offers.

• Rebuilding: This strategy involves rebuilding the application from scratch for the new environment, such as re-architecting and using a completely new programming  framework.

• Retiring: This strategy involves retiring workload that is no longer in vogue or relevant to the organization. 

4. Clearly Explain Difference Between SG and NACLs Rules?:

• One major difference in terms of rule is the creation of both inbound and outbound rules for NACLs for each traffic flow, as against the creation of only inbound rules for SGs.

• NACLs filter traffic and can control traffic to or from the subnet, while SGs control traffic to or from an instance.

• NACLS = ALLOW/DENY and SG = ALLOW Rules. For NACLs, this means that if a rule is set to "deny," the traffic will be blocked, and if no rule explicitly allows the traffic, it will be denied. For SG, if a rule is set to DENY, automatically both traffic whether inbound or outbound is set to be blocked.

5. What Are The Steps and Process With SSL AND TSL?. 

• STEP 1: SSL/TLS handshake is initiated by sending a Client Hello message to the server.

• STEP 2: Then, the Server responds with Hello message.

• STEP 3: The client then verifies the server's SSL/TLS certificate for validity which was issued by a trusted certificate authority.

• STEP 4: Both the client and server agree on a shared encryption key (i.e. a key exchange algorithm, such as RSA).

• STEP 5: Once STEP 4 for encryption key is established, both the client and server can then use the key to encrypt and decrypt all transmitted data available during this session.

• STEP 6: Here, the encrypted data is transmitted between the client and server based on the  applicable encryption algorithm they both earlier agreed on.

• STEP 7:  Once the data transmission is complete, it can then be terminated. This can be initiated by either the client or server by sending a message called "close_notify"

• STEP 8: Finally, the SSL/TLS handshake is complete, and a secure connection has been established between the client and server, as well as terminated as the case may be.

These are potential interview questions asked. Happy Learning!!😊

5 Foundational Interview Questions on Terraform

                                         

    1.    Who is responsible for maintaining terraform providers?

Answers: Terraform providers is primarily maintained by HashiCorp Community.

 

2.    What are Terraform functions?

      Answers: 

a.      Configuration

b.      Resource Graph

c.      Provisioning

d.      State Management

e.      Planning

f.       Execution

 

3.    What is the desired state of the infrastructure, and how is it defined in the Terraform configuration file?

Answers: The desired state of the infrastructure refers to the desired end result of the configuration of the infrastructure.

 

4.    How does Terraform integrate with other tools, such as version control systems, CICD pipelines, and security tools, to provide a complete solution for infrastructure management?

         Answers: 

a.  Version control systems: Terraform configuration files can be stored in a version control system / within the configuration file such as Git as part of stack for infrastructure provisioning.

b.     Continuous Integration/Continuous Deployment (CI/CD) Pipelines: As part of the deployment process, terraform can be integrated into a CI/CD pipeline to automate the provisioning and management of infrastructure.

c.      Security tools: For security tools such as vulnerability scanners and compliance tools, terraform can be integrated to help ensure that the infrastructure is secure and compliant with industry-wide standards.

d.      Monitoring tools: Terraform can be integrated with monitoring and other logging tools such as CloudWatch, Prometheus and Logstash to monitor the state of the infrastructure and track changes within the environment.

 

5.    When do we use sentinel policies in Terraform?

        Answers: These are used to enforce specific rules and constraints on the                                         deployment and management of infrastructure.

Kindly look out for more hands-on on Terraform Modules and Workspaces.

 

Top 10 Interview Questions on S3 Classes, S3 Replication and EBS

 

1.  What are the S3 storage classes in AWS?

Answer:  Amazon S3 Standard, S3 Intelligent-Tiering, S3 One Zone, S3 Glacier Deep Archive, S3 Standard-Infrequent Access, and S3 Glacier.

 

2.  Which of the S3 storage classes in AWS offers a single, available zone, providing lower-cost data storage for infrequently accessed data?

Answer:  S3 One Zone

 

3. Which of the S3 storage classes class provides long-term data archiving with retrieval times within minutes?

Answer:  S3 Glacier

 

4. What is AWS S3 Replication?

Answer: S3 replication is used to replicate gadgets/object asynchronously. S3 can replicate object in an s3 bucket to another bucket within the same region to across regions.

 

5. What is CORS (Cross Origin Resource Sharing)?

Answer:  CORS is a mechanism in AWS that enables cross-domain calls between a web browser and a server (such as Amazon S3). In AWS, CORS can be used to grant permission or denial of a cross-origin requests from specified origins to your S3 bucket.

 

6. What type of website can s3 be used to host?

Answer: Static Website. A static website is a type of website that the content doesn’t change and uses HTML. Users can not effect any change other than a read access permission.

 

7. What are the differences between Amazon S3 and Amazon Elastic Block Store (EBS)?

Answer:

·        S3 can store objects, its highly scalable, object-based cloud storage service and it is designed for durability, availability, and scalability. While EBS is a block-level storage service which has to be used with EC2 instances for intensive workloads.

·        In S3, entity can be stored while with EBS is EC2 Instances file management tool.

·        With S3, data security is high while with EBS, the data security is very few.

· 

8. How do I control access to an S3 bucket?

Answer:

·        S3 Bucket Policies: Here, permissions are configured at the bucket level.

·        Access Control List (ACL): This is to control get proper access to S3 assets.

·        IAM: The use of AWS Identity and Access Management (IAM) Groups, Roles, and Users to grant permissions to S3 objects and files.

 

9. In what aspect is S3 used with Terraform for infrastructure provisioning?

Answer: S3 comes handy to manage terraform state file for collaboration using Remote BackEnd.

 

10. How is S3 versioning different from object lifecycle management?

Answer:

S3 versioning allows you to store multiple versions of your object within the same S3 bucket while Object lifecycle management helps to automate the movement of objects between S3 different storage classes based on the access patterns. Both features can be used together to manage S3 objects for the entire lifecycle.

This is just for the beginners, in my next post, we will explore other interview questions to land that IT job you desire.

References: Object Storage Classes – Amazon S3

5 Must-Know IAM Questions Asked By Interviewers

 

1.                What do you understand about IAM role and how is it used within an environment?

·        This has to do with identity which reference sets of permissions in referencing resources in AWS. Roles are used to grant permission, for example S3 bucket as well as any other 3^rd party applications in order to access AWS resources.

Workflow:

-        Create IAM role.

-        Assign the IAM role to an AWS resource.

-        Assume the IAM role.

 

2.                Can you explain the difference between an IAM user and an IAM role?

·        We use IAM user as an identity to authenticate into the environment while IAM Role is that type of identity that is assumed to perform certain task within the environment such as making API calls between AWS services.

 

3.                Can you take me through the process of creating and attaching IAM role to an s3 Bucket or any other AWS resource?

Workflow: 

-        From IAM Choose Roles and Choose Create Role.

-        Select AWS Service, and then choose S3 under Use Case.

-        Next is Permissions.

-        Create a custom policy to access your S3 bucket with minimum required permissions.

-        Tag the resources for audit purpose and mapping.

-        Select a Role name, and then Create role.

 

4.                How is cross account access relates to IAM role.

·        Cross-account IAM Role in a single account is used to define access to resources. This can also relate to API calls between two (2) AWS Resources. For example: The Lambda can access S3 bucket in production environment through a clearly defined role to perform that function.

 

5.                How to use CLI to enable S3 Versioning and configure MFA delete. RUN: 

·        aws s3api put-bucket-versioning --bucket BUCKET1 --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "MFA TOKEN #"

·        To Note, enabling MFA Delete using the AWS Management Console is not possible, however, this must be performed via the AWS Command Line Interface (AWS CLI) or the API.

This is just for the beginners, in my next post, we will explore other interview questions to land that IT job you desire.

References: AWS - AWS Documentation (amazon.com)