Interview Questions

 VPC END Points : AWS Interview Questions: 1).VPC endpoints ? types of vpc endpoints? what is vpc endpoints: if your ec2 server is in public subnets  we can attach the IAm role .using this role we connect the other aws services. if your ec2 server and database is in private subnets , we can use the nat gateway and nat instances , we can connect to the other aws services  vpc endpoints : all resources are put into privately  two types of end points: interface endpoints using the interface endpoints we can connect other aws resources  gateway endpoints using the gateway endpoints we can connect the s3 service and dynamo db services. vpc endpoints: your database into private subnets , would you like to store the logs ,would you like to store the backups into  s3 buckets which is the internet ? How does database into private subnet ,how to talk to the  internet related the aws resources? using the  vpc endpoints inthis case we don't need to require fo...

 Linux inetrview questions: 1).How can I revoke file permission on a dirextory or a file for one user? so if you want to revoke the file permiison, so we can execute the command like as the, chmod o-x filename  so in this way we can revoke file permission or a directory permissions from a one user. which means the acl is set on this file . so that's why patrticular user doesn't access the file  if you are listing the file , we can see the +1 options which means , the acl is enable on this file  2). any files are ends with +1 which means we are enable on the acl on this particular file or directory all userss having the access for the files and directory but ram users are doesn't . because the acl or enable on this file 3).how to setfacl ,getfacl amd sticky bit in linux os ? we can execute the command like as the, setfacl -m u:ram:rwx filename  in this way we can set it to the acl on this particuat file  4)how to check if acl is etting on this pativulat file...

 1).setup the ec2 ,vpc,subnet,route table ,interent gateway ,nat gateway ,jumb host First we should create the network flow for giving architecure: first we need to create the vpc: go to vpc: choose name for the vpc: choose the ipv4 cider bloc choose the ipv6 cider block give ipv4 cider block ip address tendancy create dag  then create for the vpc  next we need to create the two subnets  one is public and private subnets subnets cidr block range is ends with  /24 which means 256 ipaddress are avilble into subnets For next we need to carete the interent gateway and attach  to the vpc: using this inetrnet gateway we can establish the network connectivity between the vpc and inetrent  this inetrent gatway is attached to the public subnets next we need to create the two route tables next subnets also associated with two route tables route tables is used to establish the netwrok connectivoy between the subnets with the help of interent gateway next we need ...

 Sql interview questions: 1)what is sql? 2)what are the subsets of sql? ddl  (creaet,alter,drop,truncate,rename) dml(dekete update,insert) dcl(grant,revoke) tcl(commit,roolback,savepoint) 3)create table and add data 4)difference between truncate ,drop and delete in sql? truncate table: truncate table table -name drop  drop table table_name select*from table name delete where id ='10'; 5).what are constrains in sql? primary key foreign key not null default check unique 6).difference between primary key and foreign key: primary key: its doesn't accept the null value only one primary key it will be there unique key: accept the null values many unique keys are there 7).Difference between union and union all? union : removes any duplicates records. union all: its doesn't remove duplicate records

 IAm Interview Questions part-02: 1)what is IAM ? 2).what are policies in IAM? 3).Two types of access for IAM user? 4).How many IAm keys can a user have? 5).How will you revoke the access keys? 6).How a root AWS user is different from in IAM user? 7).what is access advisor? 8).what are method available for craete policy? import/visual/json/ policy generator 9).what is permission boundary? Inline policy? (How to set the permission boundary): go to user - then go to permission -then here only we can find the permission boundary inline policy : we can create the policy or roles for a particular user .. go to user -> go to permission -> from right only we can see the inline policy options  10).what is policy version?max version allowed? policy or user give / 5 version. 11).what will you do if a server in your environment gets  compromised and you have your aws keys on that? 12).what is roles vs what is policy? can i change the IAm role on a running ec2 instances? 13).wh...

 Linux inetrview questions: 1).How can I revoke file permission on a dirextory or a file for one user? so if you want to revoke the file permiison, so we can execute the command like as the, chmod o-x filename  so in this way we can revoke file permission or a directory permissions from a one user. which means the acl is set on this file . so that's why patrticular user doesn't access the file  if you are listing the file , we can see the +1 options which means , the acl is enable on this file  2). any files are ends with +1 which means we are enable on the acl on this particular file or directory all userss having the access for the files and directory but ram users are doesn't . because the acl or enable on this file 3).how to setfacl ,getfacl amd sticky bit in linux os ? we can execute the command like as the, setfacl -m u:ram:rwx filename  in this way we can set it to the acl on this particuat file  4)how to check if acl is etting on this pativulat file...

 Aws Interview Questions: 1).How to troubleshoot  the aws ec2 kernel panic issue in cloud environment? How to troubleshoot the aws kernel panic issues in aws cloud? 1).Take the snapshot for panic instances 2).create new instances in same avilibity zone 3).detach the root volume from panic instance and attach  to the rescue instances  4).mount the panic instances and restore the kernel version 5).stop the recue instances and detach the root volume and  reattach the rescue instances  so, In this way we can troubleshoot the aws kernel  panic issue. run the following commands , to verify the root volume is attached to the rescue instances. lsblk = its list out the block devices craete the mount point and mount to the disk  next we need to mount the /dev, /run,/proc, /sys sudo mount -o bind /dev /mount/dev sudo mount -o bind /sys /mount/sys sudo mount -o bind /proc /mount/proc sudo mount -o bind /ys /mount/sys run the chroot command on the mounted/mnt ...

 AWS Interview Questions: 1). What is EC2? 2).what is snowball in aws ? snowball is a service. using this snowball service we can tarnsfer the terrabyte of amount inside and outside into  the aws environment first we need to craete the job next we need to connect to the snowball copy the data to snowball your data moved into s3 bucket 3).what is cloudwatch? 4).what is elastic Transcoder? Elastic Transcoder is an AWS Service Tool that helps you in changing a video’s format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions. 5).what is vpc? 6). DNS and Load Balancer Services come under which type of Cloud Service? This both services are comes under by IAAS service 7).What are the Storage Classes available in Amazon S3? 8).Explain what t2 instances are into AWS? T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload 9).What are key-pairs...

 1).How to setup the vpc,public ,private subnet,nat ,internet gateway and route table into aws? 2).Avilibity zones in aws? 3).what is the subnets ? 4).What is the cidr into aws? Iam Access Analayzer in aws? ------------------------------------------------------------------- Go to Iam section  here we can finout the access analyzer  here we can findout the credtetial report  click on and download this report . using this reort  we can get what are useras are craeted and which cedentials they are assigned  to them . when users is created and when is paddwords are craeted and genearted ,modified date and time.. access adviosr: which is used to list out last accessed data . then we cna findout the lass accesed data and remove their unused permisisons here that's what we can called it as the access advisor  next we can see the option called unused access: which is used to nalayze the which iam account is not access for long term  go to unused access: c...

 Aws Interview quesions: aws organizations scp vs aws IAM? SCP: service control policies: using the scp policies we can specify the maxmium permissiond for accounts in organzations using the scp we can restirct the aws services , resoucres  Indiual api access for user and roles in each memeber account can access. so you can configure the scp in two ways : deny list: you can specify what services and actions can be denied  allow list: you can soecify what services and actions can be allowd by default scp's supports for the deny lists. This policy attaches to an orgnazational unit or a aws account This Iam policy is only applied into iam identities(user, group and roles).iam policy can't restirct the aws account root user. configure the scp in iam: service control policies: go to this otion here we can find the deny list or allow list now am goin gto deny the us region using the deny list scp's policy . after that us region access are cut it down here. 2).Aws Identity cente...

 https://www.youtube.com/watch?v=v2g6V7oqhu0&t=1s what is the rto and rpo ?what strategy do you have in case o any disaster? active backup midigation prevention preparedness recovery respone 1).NAT Gateway: what is the NAT Gateway: if any sserver are presteend into private subnet, definiet;y we are not going to downoad any packages or updates any packages so for that reason , aws provides nat gateway. with the help of gateway , ec2 server able to communicate with internet . so in this way we can download the certain packages and updates is needed to be an ec2 instances How to setup the Natgatway: so , other way user trying to access the natgatway and  access the with ec2 server into private subnet , its not possible natgatway is always Onaway route ware . nd ec2 and other resources aer pretended into private subnet only can access the internet  How to setup the Natgateway: we need to craete the vpc  Next we need to craete the two subnets: one is public subnet and...

s3 interview questions: 1).what are lifecycle policy in s3? create the s3 bucket then go to the management tab  here only we can see the option called as the create lifecycle policy\ then go to give name of this rule next is a life cycle rule scope choose the prefix choose the object size choose the tag select the lifecycle rule action review transiistion and expirty action  then create the s3 life cycle rule .. 2).what are the cross region replication in s3? replication rule name source bucket name choose a rule scope prefix choose the dag destination bucket name choose the bucket into his account choose the bucket in another account IAm role encryption key and remaining options we can leave as default maybe if we want we can enable it or disable it.. 3).how to enable s3 staic website hosting? 4).s3 tansfer accerlations Go to this bucket. then go to the propties then we can finout the option called as the  se transfer accleration  then we can ennble it  5).what...

 AWS EC2 interview questions: 1).what are the type of virtualization do we have on aws platform? para virtualization hvm para virtualization on hvm 2). what are the type of root device? elastic block storage(ebs) instance store  3).what are the type of ebs volumes and the use cases? general purpose ssd throughput optimized ssd  provisioned iops magnetic cold hdd 4).what are the differences between t2.micro and t3.micro? t2.micro t3.micro t2,t3 is a family type micro and Nano is the instance size 5).what is the advantage  of IAm role in ec2? 6).why do we attach IAm role with ec2 machine while  creating it? 7).what are the usage of tags with ec2/aws resources? which is used to identify the which server it is  that's what dag is used. 8).under security group what kind of sources we can allow for it ? custom my ip anywhere 9).what us t2/t3 unlimited options? 10).what are the hypervisor models are there? xen  nitro 11).How can we recover the lost ec2 ssh ke...

 1).VPC flow logs : destinations end points : cloud watch logs s3 bucket vpc flow logs = destination point(cloud watch logs): why its important : in this way we can monitort all of the network taffic inside the vpc .. in this way we can findout what traffic are acccpetd or what traffics are rejected.. what levels you are configured in vpc flow logs ? vpc level which means all traffic is goes to patricular subnet of the of that particukar vpc aal of the traffic is goies to monitort the netwrok inetrface all of the traffic is goes to monit the subnet only we can configure the vpc for subnet level. only the trffic  subnet is being monitored netwrok interface level which means the traffic is moitroing  we are using the two different destinations to send the traffics: oen is cloudwatch logs  second one is s3 bucket destinations How to configure the cloudwatch logs with vpc: first we need to craete the cloudwatch log group  log group name  rentention period (prev...

 AWs Interview Questions: 1). How to configure the cloudwatch and what kind of roles are attached with clodwatch agent into aws? 1).Cpu utlization 2).memory utilizations 3).Disk Utilizations 2).Someone modify the secuirty groups and how to find and troubleshooting it? using cloudtrail service we can find the whom modify the security gorups . go to cloudtrail service: here choosse the event history : here put the security group name or else put the instnaces  name  so it will provide the details informations based on tthat we can identify whom are modified and what kind of changes they are made.. based on their change we have to add or delete the rules accordingly . 3).. What kind of activity you are doing in cloud storage  bucket? we can upload the data  we can download the data we can delete the data we are enabling the lifyccyle policy , versioning , crosss region replications ,s3 static website and  s3 event notifications .. as per out requirements and n...