Multicloud with devops by veera nareshit

General questions

1. Tell me about yourself?

2. What are your Rolls and responsibilities?
3. Explain about your last project and what is your main role in that project?
4. What are the challenges faced in your project and how did you rectify that?
5. What is team size in your project? whom are you reporting?
6. How do you start your day work?
7. What is ticketing tool you are using to handle your tickets?

Subject wise QA

IAM Identity Access Management

1. What is AWS Identity and Access Management (IAM)?

AWS IAM is a service that allows you to manage users, groups, and permissions for accessing AWS resources. It
provides centralized control over authentication and authorization.

2. What are the key components of AWS IAM?

Key components of AWS IAM include users, groups, roles, policies, permissions, and identity providers.

3. How does AWS IAM work?

AWS IAM allows you to create users and groups, assign policies that define permissions, and use roles to delegate
permissions to AWS services and resources.

4. What is the difference between authentication and authorization in AWS IAM?

Authentication is the process of verifying the identity of users or entities, while authorization is the process
of granting or denying access to resources based on policies and permissions.

5. How can you secure your AWS account using IAM?

You can secure your AWS account by enforcing the principle of least privilege, creating strong password policies,
enabling multi-factor authentication (MFA), and regularly reviewing permissions.

6. How do IAM users differ from IAM roles?

IAM users are individuals or entities that have a fixed set of permissions associated with them. IAM roles are
temporary credentials that can be assumed by users or AWS services to access resources.

7. What is an IAM policy?

An IAM policy is a JSON document that defines permissions. It specifies what actions are allowed or denied on
which AWS resources for whom (users, groups, or roles).

8. What is the AWS Management Console?

The AWS Management Console is a web-based interface that allows you to interact with and manage AWS resources.
IAM users can use the console to access resources based on their permissions.

9. How does IAM manage access keys?

IAM users can have access keys (access key ID and secret access key) associated with their accounts, which are
used for programmatic access to AWS resources.

10. What is the purpose of IAM groups?

IAM groups allow you to group users and apply policies to them collectively, simplifying permission management by
granting the same set of permissions to multiple users.

11. What is the role of an IAM policy document?

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

An IAM policy document defines the permissions and actions that are allowed or denied. It is written in JSON
format and attached to users, groups, or roles.

12. How can you grant permissions to an IAM user?

You can grant permissions to an IAM user by attaching policies to the user directly or by adding the user to
groups with associated policies.

13. How can you delegate permissions to AWS services using IAM roles?
IAM roles allow you to delegate permissions to AWS services like EC2 instances, Lambda functions, and more,
without exposing long-term credentials.

14. What is cross-account access in AWS IAM?

Cross-account access allows you to grant permissions to users or entities from one AWS account to access
resources in another AWS account.

15. How does IAM support identity federation?

IAM supports identity federation by allowing users to access AWS resources using temporary security credentials
obtained from trusted identity providers (e.g., SAML, OpenID Connect).

16. What is the purpose of an IAM access advisor?

IAM access advisors provide insights into the services that users accessed and the actions they performed. This
helps in auditing and understanding resource usage.

17. How does IAM enforce the principle of least privilege?

IAM enforces the principle of least privilege by allowing you to define specific permissions for users, groups,
or roles, reducing the risk of unauthorized access.

18. What is the difference between IAM policies and resource-based policies?
IAM policies are attached to identities (users, groups, roles), while resource-based policies are attached to AWS
resources (e.g., S3 buckets, Lambda functions) to control access from different identities.

19. How can you implement multi-factor authentication (MFA) in IAM?

You can enable MFA for IAM users to require an additional authentication factor (e.g., a code from a virtual MFA
device) along with their password when signing in.

20. What is the IAM policy evaluation logic?

CloudTrail:

1. What is AWS CloudTrail?

AWS CloudTrail is a service that provides governance, compliance, and audit capabilities by recording and storing
API calls made on your AWS account.

2. What type of information does AWS CloudTrail record?

CloudTrail records API calls, capturing information about who made the call, when it was made, which service was
accessed, and what actions were taken.

3. How does AWS CloudTrail store its data?

CloudTrail stores its data in Amazon S3 buckets, allowing you to easily analyze and retrieve the recorded
information.

4. How can you enable AWS CloudTrail for an AWS account?

You can enable CloudTrail through the AWS Management Console or the AWS CLI by creating a trail and specifying

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

the services you want to track.

5. What is a CloudTrail trail?

A CloudTrail trail is a configuration that specifies the settings for logging and delivering events. Trails can
be applied to an entire AWS account or specific regions.

6. What is the purpose of CloudTrail log files?

CloudTrail log files contain records of API calls and events, which can be used for security analysis,
compliance, auditing, and troubleshooting.

7. How can you access CloudTrail log files?

CloudTrail log files are stored in an S3 bucket. You can access them directly or use services like Amazon Athena
or Amazon CloudWatch Logs Insights for querying and analysis.

8. What is the difference between a management event and a data event in CloudTrail?
Management events are related to the management of AWS resources, while data events focus on the actions
performed on those resources.

9. How can you view and analyze CloudTrail logs?

You can view and analyze CloudTrail logs using the CloudTrail console, AWS CLI, or third-party tools. You can
also set up CloudWatch Alarms to detect specific events.

10. What is CloudTrail Insights?

CloudTrail Insights is a feature that uses machine learning to identify unusual patterns and suspicious activity
in CloudTrail logs.

11. How can you integrate CloudTrail with CloudWatch Logs?

You can integrate CloudTrail with CloudWatch Logs to receive CloudTrail events in near real-time, allowing you to
create CloudWatch Alarms and automate actions.

12. What is CloudTrail Event History?

CloudTrail Event History is a feature that displays the past seven days of management events for your account,
helping you quickly identify changes made to resources.

13. What is CloudTrail Data Events?

CloudTrail Data Events track actions performed on Amazon S3 objects, providing insight into object-level activity
and changes.

14. What is the purpose of CloudTrail Insights events?

CloudTrail Insights events are automatically generated when CloudTrail detects unusual or high-risk activity,
helping you identify and respond to potential security issues.

15. How can you ensure that CloudTrail logs are tamper-proof?
CloudTrail logs are stored in an S3 bucket with server-side encryption enabled, ensuring that the logs are
tamper-proof and protected.

16. Can CloudTrail logs be used for compliance and auditing?

Yes, CloudTrail logs can be used to demonstrate compliance with various industry standards and regulations by
providing an audit trail of AWS account activity.

17. How does CloudTrail support multi-region trails?

Multi-region trails allow you to capture events from multiple AWS regions in a single trail, providing a
centralized view of account activity.

18. Can CloudTrail be used to monitor non-AWS services?

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

CloudTrail primarily monitors AWS services, but you can integrate it with AWS Lambda to capture and log custom
events from non-AWS services.

19. How can you receive notifications about CloudTrail events?

You can use Amazon SNS (Simple Notification Service) to receive notifications about CloudTrail events, such as
when new log files are delivered to your S3 bucket.

20. How can you use CloudTrail logs for incident response?
CloudTrail logs can be used for incident response by analyzing events to identify the cause of an incident,
understand its scope, and take appropriate actions.

CloudWatch
1. What is Amazon CloudWatch?
Amazon CloudWatch is a monitoring and observability service that provides insights into your AWS resources and
applications by collecting and tracking metrics, logs, and events.

2. What types of data does Amazon CloudWatch collect?

Amazon CloudWatch collects metrics, logs, and events. Metrics are data points about your resources and
applications, logs are textual data generated by resources, and events provide insights into changes and
notifications.

3. How can you use Amazon CloudWatch to monitor resources?

You can use CloudWatch to monitor resources by collecting and visualizing metrics, setting alarms for specific
thresholds, and generating insights into resource performance.

4. What are CloudWatch metrics?

CloudWatch metrics are data points about the performance of your resources and applications. They can include
data like CPU utilization, network traffic, and more.

5. How can you collect custom metrics in Amazon CloudWatch?

You can collect custom metrics in CloudWatch by using the CloudWatch API or SDKs to publish data to CloudWatch
using the `PutMetricData` action.

6. What are CloudWatch alarms?

CloudWatch alarms allow you to monitor metrics and set thresholds to trigger notifications or automated actions
when specific conditions are met.

7. How can you visualize CloudWatch metrics?

You can visualize CloudWatch metrics using CloudWatch Dashboards, which allow you to create customized views of
metrics, graphs, and text.

8. What is CloudWatch Logs?

CloudWatch Logs is a service that collects, stores, and monitors log files from various resources, making it
easier to analyze and troubleshoot applications.

9. How can you store logs in Amazon CloudWatch Logs?

You can store logs in CloudWatch Logs by sending log data from your resources or applications using the
CloudWatch Logs agent, SDKs, or directly through the CloudWatch API.

10. What is CloudWatch Logs Insights?

CloudWatch Logs Insights is a feature that allows you to query and analyze log data to gain insights into your

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

applications and resources.

11. What is the CloudWatch Events service?

CloudWatch Events provides a way to respond to state changes in your AWS resources, such as launching instances,
creating buckets, or modifying security groups.

12. How can you use CloudWatch Events to trigger actions?

You can use CloudWatch Events to trigger actions by defining rules that match specific events and associate those
rules with targets like Lambda functions, SQS queues, and more.

13. What is CloudWatch Container Insights?

CloudWatch Container Insights provides a way to monitor and analyze the performance of containers managed by
services like Amazon ECS and Amazon EKS.

14. What is CloudWatch Contributor Insights?

CloudWatch Contributor Insights provides insights into the top contributors affecting the performance of your
resources, helping you identify bottlenecks and optimization opportunities.

15. How can you use CloudWatch Logs for troubleshooting?

You can use CloudWatch Logs for troubleshooting by analyzing log data, setting up alarms for specific log
patterns, and correlating events to diagnose issues.

16. Can CloudWatch Logs Insights query data from multiple log groups?
Yes, CloudWatch Logs Insights can query data from multiple log groups, allowing you to analyze and gain insights
from a broader set of log data.

17. How can you set up CloudWatch Alarms?

You can set up CloudWatch Alarms by defining a metric, setting a threshold for the metric, and specifying actions
to be taken when the threshold is breached.

18. What is CloudWatch Anomaly Detection?

CloudWatch Anomaly Detection is a feature that automatically analyzes historical metric data to create a baseline
and detect deviations from expected patterns.

19. How does CloudWatch support cross-account monitoring?

You can use CloudWatch Cross-Account Cross-Region (CACR) to set up cross-account monitoring, allowing you to view
metrics and alarms from multiple AWS accounts.

CloudFront
1. What is Amazon CloudFront?
Amazon CloudFront is a Content Delivery Network (CDN) service provided by AWS that accelerates
content delivery by distributing it across a network of edge locations.

2. How does CloudFront work?

CloudFront caches content in edge locations globally. When a user requests content, CloudFront delivers it from
the nearest edge location, reducing latency and improving performance.

3. What are edge locations in CloudFront?

Edge locations are data centers globally distributed by CloudFront. They store cached content and serve it to
users, minimizing the distance data needs to travel.

4. What types of distributions are available in CloudFront?

CloudFront offers Web Distributions for websites and RTMP Distributions for media streaming.

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

5. How can you ensure that content in CloudFront is updated?

You can create invalidations in CloudFront to remove cached content and force the distribution of fresh content.

6. Can you use custom SSL certificates with CloudFront?

Yes, you can use custom SSL certificates to secure connections between users and CloudFront.

7. What is an origin in CloudFront?

An origin is the source of the content CloudFront delivers. It can be an Amazon S3 bucket, an EC2 instance, an
Elastic Load Balancer, or even an HTTP server.

8. How can you control who accesses content in CloudFront?

You can use CloudFront signed URLs or cookies to restrict access to content based on user credentials.

9. What are cache behaviors in CloudFront?

Cache behaviors define how CloudFront handles different types of requests. They include settings like TTL, query
string forwarding, and more.

10. How can you integrate CloudFront with other AWS services?
You can integrate CloudFront with Amazon S3, Amazon EC2, AWS Lambda, and more to accelerate content delivery.

11. How can you analyze CloudFront distribution performance?

You can use CloudFront access logs stored in Amazon S3 to analyze the performance of your distribution.

12. What is the purpose of CloudFront behaviors?

CloudFront behaviors help specify how CloudFront should respond to different types of requests for different
paths or patterns.

13. Can CloudFront be used for dynamic content?

Yes, CloudFront can be used for both static and dynamic content delivery, improving the performance of web
applications.

14. What is a distribution in CloudFront?

A distribution represents the configuration and content for your CloudFront content delivery. It can have
multiple origins and cache behaviors.

15. How does CloudFront handle cache expiration?

CloudFront uses Time to Live (TTL) settings to determine how long objects are cached in edge locations before
checking for updates.

16. What are the benefits of using CloudFront with Amazon S3?
Using CloudFront with Amazon S3 reduces latency, offloads traffic from your origin server, and improves global
content delivery.

17. Can CloudFront be used for both HTTP and HTTPS content?
Yes, CloudFront supports both HTTP and HTTPS content delivery. HTTPS is recommended for enhanced security.

18. How can you measure the performance of CloudFront distributions?

You can use CloudFront metrics in Amazon CloudWatch to monitor the performance of your distributions and analyze
their behavior.

19. What is origin shield in CloudFront?

Origin Shield is an additional caching layer that helps reduce the load on your origin server by caching content
closer to the origin.

Multicloud with devops by veera nareshit

Multicloud with devops by veera nareshit

20. How can CloudFront improve security?

CloudFront can help protect against DDoS attacks by absorbing traffic spikes and providing secure connections
through HTTPS.

Elastic Load Balancers (ELBs)

1. What is an Elastic Load Balancer (ELB)?

An Elastic Load Balancer (ELB) is a managed AWS service that automatically distributes incoming application traffic
across multiple targets, such as Amazon EC2 instances, containers, or IP addresses, to ensure high availability and
fault tolerance.

2. What are the three types of Elastic Load Balancers available in AWS?
There are three types of Elastic Load Balancers: Application Load Balancer (ALB), Network Load Balancer (NLB), and
Gateway Load Balancer (GWLB).

3. What is the main difference between Application Load Balancer (ALB) and Network Load Balancer (NLB)?
ALB operates at the application layer and supports advanced routing, including content-based routing and path-based
routing. NLB operates at the transport layer and provides ultra-low latency and high throughput.

4. What are some key features of Application Load Balancer (ALB)?

ALB supports features like dynamic port mapping, path-based routing, support for HTTP/2 and WebSocket protocols, and
content-based routing using listeners and rules.

5. When should you use Network Load Balancer (NLB)?

NLB is suitable for scenarios that require extreme performance, high throughput, and low latency, such as gaming
applications and real-time streaming.

6. What is a target group in Elastic Load Balancing?

A target group is a logical grouping of targets (such as EC2 instances) registered with a load balancer. ALB and NLB
use target groups to route requests to registered targets.

7. How does health checking work in Elastic Load Balancers?

Elastic Load Balancers perform health checks on registered targets to ensure they are available to receive traffic.
Unhealthy targets are temporarily removed from rotation.

8. How can you route requests to different target groups based on URL paths in Application Load Balancer (ALB)?
ALB supports path-based routing, where you define listeners and rules to route requests to different target groups
based on specific URL paths.

9. What is cross-zone load balancing?

Cross-zone load balancing is a feature that evenly distributes traffic across all registered targets in all
availability zones, helping to achieve even distribution and better resource utilization.

10. How can you enable SSL/TLS encryption for traffic between clients and the load balancer?
You can configure an SSL/TLS certificate on the load balancer, enabling it to terminate SSL/TLS connections and
communicate with registered targets over HTTP.

11. Can you use Elastic Load Balancer (ELB) with resources outside AWS?
Yes, ELB can be used with on-premises resources using Network Load Balancer with IP addresses as targets or with AWS
Global Accelerator to route traffic to resources outside AWS.

12. What is a sticky session, and how can you enable it in Elastic Load Balancers?
Sticky sessions ensure that a user's session is consistently directed to the same target. In ALB, you can enable
sticky sessions using the `stickiness` option in the target group settings.

Multicloud with devops by veera nareshit

 1. What is Amazon S3?
Amazon Simple Storage Service (Amazon S3) is a scalable object storage service designed to store and retrieve any
amount
Multicloud with devops of data from anywhere on the web. It's commonly used to store files, backups, images, videos, and more.
by veera nareshit

13. What is the purpose of pre-warming in Elastic Load Balancers?

2. Pre-warming
What are theinvolves sending
key features of aAmazon
low volume
S3? of traffic to a new load balancer to allow it to scale up its capacity and
establish
Amazon connections
S3 offers features gradually.
like data durability, high availability, security options, scalable storage, and the ability
to store data in different storage classes based on access patterns.

14. How does Elastic Load Balancer support IPv6?

3. Elastic
What is Load
an S3Balancer
bucket? (ALB and NLB) supports both IPv4 and IPv6 addresses, allowing applications to be accessed over
thebucket
An S3 IPv6 protocol.
is a container for storing objects, which can be files, images, videos, and more. Each object in S3 is
identified by a unique key within a bucket.

15. What is connection draining, and when is it useful?

4. Connection
How can youdraining
control is the process
access of gradually
to objects in S3? stopping traffic to an unhealthy target instance before removing it
from the target group. It's useful to ensure active requests
Access to S3 objects can be controlled using bucket policies, are completed
access before
control lists takingand
(ACLs), theIAM
instance out and
(Identity of rotation.

Access Management) policies. You can define who can read, write, and delete objects.

16. How can you enable access logs for Elastic Load Balancers?

5. You
Whatcan
is enable access logs
the difference for Elastic
between Load Balancers
S3 Standard, to capture detailed
S3 Intelligent-Tiering, and S3information
One Zone-IAabout requests,
storage responses, and
classes?
- S3client IP addresses.
Standard: These
Offers high logs can availability,
durability, be stored in an
andAmazon S3 bucket.
performance.
- S3 Intelligent-Tiering: Automatically moves objects between two access tiers based on changing access patterns.
- S3 One Zone-IA: Stores objects in a single availability zone with lower storage costs, but without the multi-AZ
17. WhatofisS3the
resilience purpose of an idle timeout setting in Elastic Load Balancers?
Standard.
The idle timeout setting defines the maximum time an idle connection can remain open between the load balancer and a
client. After this duration, the connection is closed.

6. How does S3 provide data durability?

S3 provides 99.999999999% (11 9's) durability by automatically replicating objects across multiple facilities within a
18. Can you associate Elastic IP addresses with Elastic Load Balancers?
region.
No, Elastic Load Balancers do not have static IP addresses. They have DNS names that are used to route traffic to
registered targets.

7. What is Amazon S3 Glacier used for?

Amazon S3 Glacier is a storage service designed for data archiving. It offers lower-cost storage with retrieval times
19. from
ranging How can you configure
minutes to hours. health checks for targets in Elastic Load Balancers?
You can configure health checks by defining a health check path, interval, timeout, and thresholds. ELB sends periodic
requests to targets to verify their health.

8. How can you secure data in Amazon S3?

You can secure data in Amazon S3 by using access control mechanisms, like bucket policies and IAM policies, and by
20. Can
enabling you use Elastic
encryption Load Balancers
using server-side to distribute
encryption traffic encryption.
or client-side across regions?
Elastic Load Balancers can distribute traffic only within the same region. For distributing traffic across regions,
you can use AWS Global Accelerator.

9. What is S3 versioning?
S3 versioning is a feature that allows you to preserve, retrieve, and restore every version of every object in a
bucket. It helps protect against accidental deletion and overwrites.

10. What is a pre-signed URL in S3?

A pre-signed URL is a URL that grants temporary access to an S3 object. It can be generated using your AWS credentials
and shared with others to provide temporary access.

11. How can you optimize costs in Amazon S3?

You can optimize costs by using storage classes that match your data access patterns, utilizing lifecycle policies to
transition objects to less expensive storage tiers, and setting up cost allocation tags for billing visibility.

S3 simple storage service

12. What is S3 Cross-Region Replication?
S3 Cross-Region Replication is a feature that automatically replicates objects from one S3 bucket in one AWS region to
another bucket in a different region.

13. How can you automate the movement of objects between different storage classes?
You can use S3 Lifecycle policies to automate the transition of objects between storage classes based on predefined
rules and time intervals.

14. What is the purpose of S3 event notifications?

S3 event notifications allow you to trigger AWS Lambda functions or SQS queues when certain events, like object
creation or deletion, occur in an S3 bucket.

15. What is the AWS Snowball device?

The AWS Snowball is a physical data transport solution used for migrating large amounts of data into and out of AWS.
Multicloud with devops by veera nareshit
It's ideal for scenarios where the network transfer speed is not sufficient.