1

Respuesta de referencia

I would use AWS DataSync or S3 Cross-Region Replication for efficient and secure data transfer. If it's a large volume, I may also consider AWS Snowball for bulk data migration.

2

Respuesta de referencia

In AWS, security groups act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic at the instance level. Network ACLs (Access Control Lists), on the other hand, control traffic at the subnet level within your VPC. Both are essential for network security. A key distinction is that security groups are stateful, meaning they remember previous connections, while ACLs are stateless, meaning each request is evaluated independently. For an AWS Cloud Engineer, understanding how to configure and apply these security features will help you ensure that resources remain protected while allowing legitimate traffic to flow seamlessly.

3

Respuesta de referencia

Amazon Kinesis is a family of services for processing and analyzing real-time streaming data at scale, supporting use cases like analytics, log and event collection, and IoT data processing. Components include Kinesis Data Streams, Data Firehose, Data Analytics, and Video Streams.

4

Respuesta de referencia

Low-cost storage used for long-term data archiving.

5

Respuesta de referencia

AWS Cloud9 is a cloud-based IDE that enables development in a web browser, with features like code completion, debugging, and terminal access.

6

Respuesta de referencia

In Oracle, a table is a database object that stores data in rows and columns, while a view is a virtual table generated by a query. Views are used for data abstraction, security, and simplifying complex queries.

7

Respuesta de referencia

You can automate code deployment using CodePipeline, CodeDeploy, and CodeCommit, where CodePipeline triggers a deployment when a commit is pushed, and CodeDeploy deploys the code to EC2 instances.

8

Respuesta de referencia

A) AWS S3

9

Respuesta de referencia

Networking in AWS is managed using VPC. VPC allows you to configure subnets, route tables, and security groups for secure communication.

10

Respuesta de referencia

Everything as Code applies coding principles—such as version control, testing, and automation—to all aspects of IT (infrastructure, configuration, policies, documentation). AWS supports this with services like CloudFormation, CDK, and automation tools, enabling codification and automation across the stack.

11

Respuesta de referencia

AMI means Amazon Machine Images. It is designed to template the virtual machines and keep an instance of the AMI. AWS primarily offers pre-baked AMIs, which play a major role in launching EC2 instances. There are some AMIs that you cannot get for free of cost. In that case, you have to bring them from the AWS Marketplace. You also get the privilege of designing your own custom AMIs.

12

Respuesta de referencia

There are a number of ways to scale an application on AWS. Some common scaling methods include: - Horizontal scaling: This involves adding more instances of your application to handle increased traffic. - Vertical scaling: This involves adding more resources to your existing instances, such as CPU, memory, and storage. - Autoscaling: This involves using AWS services to automatically scale your application based on demand. The best way to scale your application will depend on your specific needs.

13

Respuesta de referencia

S3 supports server-side encryption (SSE) with S3-Managed Keys (SSE-S3), AWS KMS-Managed Keys (SSE-KMS), and customer-provided keys (SSE-C). It also supports client-side encryption where the encryption is handled outside of S3.

14

Respuesta de referencia

15

Respuesta de referencia

AWS Transit Gateway Network Manager is a service that helps you to manage and visualize your AWS Transit Gateway networks. Transit Gateway Network Manager provides a number of features to help you manage your Transit Gateway networks, including: - Network topology visualization: Transit Gateway Network Manager provides a graphical view of your Transit Gateway network topology. This helps you to understand how your network is connected and to identify potential problems. - Route management: Transit Gateway Network Manager allows you to manage the routes in your Transit Gateway network. This helps you to control the flow of traffic in your network. - Monitoring and alerts: Transit Gateway Network Manager monitors your Transit Gateway network and sends you alerts if there are any problems.

16

Respuesta de referencia

When an EC2 instance is stopped, a normal shutdown is performed on the instance, whereas when an EC2 instance is terminated, it gets transferred to a stopped state, and then the attached EBS volumes are permanently deleted.

17

Respuesta de referencia

This is a behavioral question. For example: 'In a previous role, I had to resolve a critical network outage within 2 hours. I prioritized tasks, coordinated with the team, and used troubleshooting tools to identify a misconfigured firewall. I resolved the issue in 90 minutes, restoring service and preventing further impact.'

18

Respuesta de referencia

- Use Amazon CloudFront: Reduce latency with edge caching. - Optimize Database Performance: Upgrade to Amazon Aurora, optimize indexes, and enable read replicas. - Enable Gzip Compression: Reduce response payload size. - Optimize Images & Static Assets: Use Amazon S3 with intelligent tiering. - Use AWS Global Accelerator: Reduce latency for global users. - Tune Auto Scaling: Adjust scaling policies to prevent delays.

19

Respuesta de referencia

The AWS Partner Network (APN) is a global community of partners that leverage programs, expertise, and resources to build, market, and sell customer offerings. This diverse network features 100,000 partners from more than 150 countries. The APN supports customers in a variety of ways, including: - Providing access to a wide range of AWS products and services: APN partners offer a wide range of AWS products and services, including consulting, implementation, and managed services. This gives customers a single point of contact for all of their AWS needs. - Helping customers to build and deploy AWS solutions: APN partners can help customers to build and deploy AWS solutions that meet their specific needs. APN partners can also help customers to migrate their existing applications to AWS. - Providing support and training: APN partners can provide support and training to customers on AWS products and services. This helps customers to get the most out of their AWS investments.

20

Respuesta de referencia

DDoS or Distributed Denial of Service is a cyber attack that disrupts the normal traffic to a web property. It attacks online services and websites by giving them more traffic than they can handle. The AWS Shield is a managed service for DDoS protection.

21

Respuesta de referencia

Backup of a database instance.

22

Respuesta de referencia

The rapid innovation, scalability, and impact of AWS in transforming businesses motivate me. I enjoy working with cutting-edge technologies, solving complex problems, and contributing to projects that help organizations grow and innovate.

23

Respuesta de referencia

Start with an assessment phase: inventory the app's components, dependencies, and data. Choose a migration strategy — typically "rehost" (lift-and-shift) as a first step using AWS Application Migration Service. From there, identify services for refactoring (like RDS for the database, S3 for static content, EC2 or ECS for the app tier). You can use tools like AWS Migration Hub and AWS DMS for planning and execution.

24

Respuesta de referencia

A cloud architecture diagram is a visual representation of the components of a cloud architecture and how they are interconnected. Cloud architecture diagrams are important because they can help you to: - Understand the different components of a cloud architecture. - Identify potential bottlenecks and security risks. - Plan for future growth and scalability.

25

Respuesta de referencia

In Amazon EKS, a pod is the smallest deployable unit and represents a single instance of a running process in a cluster. Nodes are individual virtual machines that make up the underlying infrastructure, and a cluster is a collection of nodes that together provide the computing resources for running pods.

26

Respuesta de referencia

Set up a continuous deployment workflow using a CI/CD tool like GitHub Actions or AWS CodePipeline integrated with Elastic Beanstalk. Configure your workflow to trigger deployments to Elastic Beanstalk whenever changes are pushed to your repository, using IAM credentials with appropriate permissions and deployment scripts defined in your pipeline configuration.

27

Respuesta de referencia

I reviewed logs, GC metrics, and deployment timelines and correlated spikes with a recent dependency upgrade. Rolling back and fixing the issue reduced p99 latency by 42%.

28

Respuesta de referencia

It is not possible to change the primary private IP addresses. However, secondary IP addresses can be assigned, unassigned, or moved between instances at any given point.

29

Respuesta de referencia

Amazon Simple Storage Service (S3) is an object storage service. It offers high availability, scalability, and durability (99.999999999%). It is also ideal for storing unstructured data such as backups, log files, media, or static assets for websites. You can optimize S3 costs by choosing different S3 storage tiers based on access frequency (like S3 Standard, Infrequent Access, Glacier, etc).

30

Respuesta de referencia

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses.

31

Respuesta de referencia

AWS Artifact enhances compliance and security in a number of ways. Compliance - AWS Artifact provides a central repository for all of your AWS security and compliance documents. This makes it easy to find and access the documents you need when preparing for audits or generating compliance reports. - AWS Artifact provides a variety of reports that can help you demonstrate compliance with specific AWS services and regulations. - AWS Artifact makes it easy to track the status of your AWS agreements, such as the Business Associate Addendum (BAA). This can help you ensure that you are always in compliance with your AWS agreements. Security - AWS Artifact uses a variety of security measures to protect your data, including encryption, access control, and auditing. - AWS Artifact integrates with AWS Identity and Access Management (IAM) to ensure that only authorized users can access your data. - AWS Artifact logs all activity to CloudTrail, so that you can audit who accessed your data and what they did with it. Here are some specific examples of how AWS Artifact can be used to enhance compliance and security: - A healthcare organization can use AWS Artifact to store and manage its HIPAA compliance documents. This can help the organization prepare for HIPAA audits and demonstrate compliance with HIPAA regulations. - A financial services organization can use AWS Artifact to store and manage its PCI DSS compliance documents. This can help the organization prepare for PCI DSS audits and demonstrate compliance with PCI DSS regulations. - A government organization can use AWS Artifact to store and manage its FedRAMP compliance documents. This can help the organization prepare for FedRAMP audits and demonstrate compliance with FedRAMP requirements. AWS Artifact is a powerful tool that can help AWS customers of all sizes enhance their compliance and security posture.

32

Respuesta de referencia

Create a VPC, define subnets, set route tables, associate an Internet Gateway with public subnets and a NAT Gateway for private ones.

33

Respuesta de referencia

The Domain Name System, also known as DNS, is a system that converts human-readable website addresses into machine-readable IP addresses. When a user types a website URL into their browser, it sends a request to a DNS server to translate the domain name to an IP address. After obtaining the IP address, the browser sends an HTTP request to the server at that address to access the website's content.

34

Respuesta de referencia

Vertical scaling involves increasing the resources of a single machine, such as its CPU or RAM. In contrast, horizontal scaling means adding more machines to a network, distributing the workload across them.

35

Respuesta de referencia

By using strong passwords, encryption, multi-factor authentication, and security groups.

36

Respuesta de referencia

Performance measurements like CPU utilization.

37

Respuesta de referencia

A Content Delivery Network (CDN) is a system of distributed servers that deliver content to a user based on their geographic location.

38

Respuesta de referencia

Cost optimization strategies include: - Rightsizing EC2 instances - Using reserved instances, - Auto-scaling - AWS Trusted Advisor - Tagging for cost allocation.

39

Respuesta de referencia

The major cloud service providers are: - Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) These providers offer a wide range of cloud services, including IaaS, PaaS, and SaaS. Some of their core services include: - AWS: Compute (EC2), storage (S3), databases (RDS), networking (VPC), analytics (RedShift), machine learning (SageMaker), and more. - Azure: Compute (Virtual Machines), storage (Blob Storage), databases (SQL Database), networking (Virtual Network), analytics (Synapse Analytics), machine learning (Azure ML), and more. - GCP: Compute (Compute Engine), storage (Cloud Storage), databases (Cloud SQL), networking (Cloud Networking), analytics (BigQuery), machine learning (Vertex AI), and more.

40

Respuesta de referencia

I don't like managing my own clusters. If candidates pride themselves in how they operated a 15-node cluster, it might be a red flag. Managing that cluster was probably a major focus, perhaps even a full-time job. Managing your own cluster is as in-the-weeds as you can get. Good cloud engineers let managed services sweat the management details so they can focus on optimizing the workload broadly across your stack.

41

Respuesta de referencia

B) AWS API Gateway

42

Respuesta de referencia

Allows instances in private subnet to access the internet.

43

Respuesta de referencia

Handling stateful applications in AWS involves using various services and design patterns to maintain application state across distributed environments. Here are some strategies: - Database Storage: Use managed databases like Amazon RDS or Amazon DynamoDB to store application state. These services provide persistence and can handle high availability and scaling. - Amazon ElastiCache: For applications that require fast access to state information, consider using Amazon ElastiCache (Redis or Memcached) to cache stateful data in memory, improving performance and reducing database load. - AWS Step Functions: Use Step Functions to orchestrate stateful workflows and maintain state across multiple services. This is especially useful for long-running processes or complex transactions. - Session Management: For web applications, manage user sessions using Amazon DynamoDB or Redis. You can store session data and retrieve it as needed, enabling scalability across multiple instances. - Event Sourcing: Implement an event sourcing architecture where state changes are captured as a sequence of events. Store these events in Amazon Kinesis or DynamoDB, allowing you to reconstruct the state at any point in time. - Microservices with Service Discovery: In microservices architectures, use AWS App Mesh or Amazon ECS service discovery to manage stateful interactions between services, ensuring they can locate and communicate with each other efficiently. By leveraging these strategies and AWS services, you can effectively handle stateful applications while maintaining scalability and resilience.

44

Respuesta de referencia

Amazon RDS is a managed relational database service that supports engines like MySQL, PostgreSQL, Oracle, SQL Server, and Aurora.

45

Respuesta de referencia

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield comes in two tiers: Standard and Advanced.

46

Respuesta de referencia

Cloud-based data lakes are a type of cloud storage that is designed to store large amounts of raw data. Cloud-based data lakes can be used for a variety of purposes, such as data analytics, machine learning, and artificial intelligence. Here are some of the benefits of using cloud-based data lakes: - Scalability: Cloud-based data lakes are highly scalable, so you can easily add or remove storage capacity as needed. - Cost-effectiveness: Cloud-based data lakes can be more cost-effective than traditional on-premises data warehouses. - Ease of use: Cloud-based data lakes are typically easy to use and manage.

47

Respuesta de referencia

- Vertical scaling refers to increasing the size (e.g., CPU, memory) of an instance. - Horizontal scaling refers to adding more instances to handle increased traffic.

48

Respuesta de referencia

There are a number of ways to monitor and manage cloud resource performance, including: - Monitoring: Monitoring your cloud resources can help you to identify and troubleshoot performance problems early on. - Logging: Logging can help you to track down the root cause of performance problems with your cloud resources. - Alerting: Alerting can help you to be notified of performance problems with your cloud resources so that you can take corrective action. - Optimization: Optimization can help you to improve the performance of your cloud resources by making changes to your configuration or code.

49

Respuesta de referencia

Yes. When a Lambda function is updated, there will be a limited timeframe, less than a minute—during which both the old and new versions of the function can handle requests.

50

Respuesta de referencia

I use Lambda for short-running, event-driven tasks under 15 minutes with variable traffic - pay only for execution time. Built a document processing pipeline with Lambda triggered by S3 uploads. Costs $50/month at low volume, scales automatically for high volume. Containers (ECS/EKS) for long-running processes, specific runtime needs, or applications over 15 minutes. Containerized a legacy Java app requiring specific JVM settings and running background jobs for hours. ECS Fargate gave us container benefits without managing servers. Reality is most systems use both. Web APIs on Lambda, background processing on ECS, orchestrated with Step Functions.

51

Respuesta de referencia

Amazon S3 versioning is a feature that enables users to maintain multiple versions of an object stored in an S3 bucket. This allows for greater data protection and recovery capabilities. Key aspects of S3 versioning include: - Enabling Versioning: Versioning can be enabled at the bucket level. Once enabled, S3 automatically assigns a unique version ID to each object uploaded to the bucket. - Object Storage: When a new version of an object is uploaded, S3 retains the previous versions, allowing users to retrieve, restore, or permanently delete specific versions. - Deleting Objects: Deleting an object in a versioned bucket does not permanently remove it. Instead, S3 adds a delete marker, making the most recent version of the object inaccessible. Users can still retrieve previous versions using their version IDs. - Data Recovery: Versioning enhances data protection by allowing users to recover from accidental deletions or overwrites. Users can revert to earlier versions of an object as needed. - Cost Implications: While versioning provides significant benefits, users should be aware that storing multiple versions of objects can lead to increased storage costs. Lifecycle policies can be implemented to manage the retention of old versions. Amazon S3 versioning is a powerful feature for data management and recovery, providing users with greater control over their stored objects.

52

Respuesta de referencia

AWS Regions and Availability Zones (AZs) are key concepts in the AWS architecture, designed to provide high availability and fault tolerance. - Regions: An AWS region is a geographically isolated area that contains multiple data centers. Each region is independent and consists of several Availability Zones. Users choose regions based on factors such as proximity to customers, regulatory requirements, and service availability. - Availability Zones (AZs): An AZ is a discrete data center within a region, equipped with independent power, cooling, and networking. AZs are designed to be isolated from failures in other AZs within the same region, allowing users to distribute applications across multiple AZs for redundancy and high availability. By using multiple regions and AZs, organizations can ensure that their applications remain operational even in the event of localized failures, enhancing reliability and performance.

53

Respuesta de referencia

AWS CloudFormation is a service that allows users to define and provision AWS infrastructure using code in a declarative manner. This infrastructure-as-code approach provides several benefits: - Infrastructure as Code: Users can define the entire infrastructure in a JSON or YAML template, making it easy to version control and manage. This facilitates collaboration and consistency across environments. - Automated Deployment: CloudFormation automates the provisioning and updating of resources, reducing the risk of human error and enabling quicker deployments. - Consistent Environments: By using templates, users can ensure that their environments are consistently configured, minimizing discrepancies between development, testing, and production. - Resource Management: CloudFormation manages dependencies between resources, automatically provisioning them in the correct order, and providing rollback capabilities in case of failures. - Custom Resources: Users can define custom resources to integrate with other AWS services or perform tasks that are not natively supported by CloudFormation. - Cross-Region and Cross-Account Deployments: CloudFormation templates can be used to deploy resources across multiple regions and accounts, facilitating large-scale infrastructure management. Overall, AWS CloudFormation streamlines the process of managing and provisioning AWS resources, enhancing operational efficiency and consistency.

54

Respuesta de referencia

Permissions for S3 buckets can be managed using bucket policies, ACLs (Access Control Lists), and IAM policies.

55

Respuesta de referencia

When it comes to scaling applications in AWS, you need to consider both vertical and horizontal scaling options. Vertical scaling involves increasing the size of a single instance (e.g., upgrading from a smaller EC2 instance to a larger one), while horizontal scaling involves adding more instances to spread the load and ensure reliability. AWS provides Auto Scaling, which can automatically adjust the number of instances based on demand. Elastic Load Balancing (ELB) can distribute incoming traffic across multiple EC2 instances, ensuring that your application scales efficiently while maintaining performance.

56

Respuesta de referencia

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database engine with enhanced performance and scalability. It uses a distributed, fault-tolerant architecture and is designed for applications requiring high availability and low-latency performance.

57

Respuesta de referencia

Using encryption, access controls, and regular audits.

58

Respuesta de referencia

There are three different types of deployment models in the cloud: - Private cloud: this type of service is used by a single organization and is not exposed to the public. It is adapted to organizations using sensitive applications. - Public cloud: these cloud resources are owned and operated by third-party cloud services like Amazon Web Services, Microsoft Azure, and all those mentioned in the AWS market share section. - Hybrid cloud: this is the combination of both private and public clouds. It is designed to keep some servers on-premises while extending the remaining capabilities to the cloud. Hybrid cloud provides flexibility and cost-effectiveness of the public cloud.

59

Respuesta de referencia

I architect defensively. Your cloud engineer should know how to architect for failure at the following levels: application, server, architectural (app tier, database tier, etc.), and physical data center.

60

Respuesta de referencia

AWS Snowball Edge is a device that can be used to transfer data to and from AWS. Snowball Edge is a good option for transferring large amounts of data, such as data for migration or disaster recovery. Snowball Edge is also a good option for running edge computing applications. Edge computing applications are applications that are run on devices that are located close to the data source. This can reduce latency and improve performance.

61

Respuesta de referencia

AWS Elemental MediaConvert is a service that converts video files from one format to another. MediaConvert can also be used to generate thumbnails, transcode audio, and create captions. MediaConvert is a good choice for converting video files for different devices and platforms. It is also a good choice for generating thumbnails and transcoding audio.

62

Respuesta de referencia

Best practices include using IAM roles for permissions, enabling security groups and network ACLs, regularly patching OS and applications, disabling root access and using SSH keys, encrypting data at rest and in transit, and monitoring with CloudWatch and CloudTrail.

63

Respuesta de referencia

AWS SageMaker is a fully managed service. It helps to build, train, and deploy machine learning models at scale. It simplifies ML workflows with pre-built algorithms and tools.

64

Respuesta de referencia

65

Respuesta de referencia

Cloud scalability is the ability of a cloud computing system to adapt to changing computing requirements by either increasing or decreasing its resources, such as computing power, storage, or network capacity on demand. Cloud scalability has a number of benefits, including: - Cost savings: Organizations can save money by scaling their cloud resources up or down as needed, instead of having to overprovision resources in anticipation of peak demand. - Improved performance: Cloud scalability can help to improve the performance of applications by ensuring that they have the resources they need to run smoothly. - Increased agility: Cloud scalability allows organizations to quickly respond to changes in demand by rapidly scaling their cloud resources up or down. - Enhanced business continuity: Cloud scalability can help to improve business continuity by ensuring that applications are still available even if there is a problem with one of the underlying physical servers.

66

Respuesta de referencia

- IaaS (Infrastructure as a Service) - PaaS (Platform as a Service) - SaaS (Software as a Service)

67

Respuesta de referencia

AWS CodeDeploy automates code deployments to any instance, including EC2, Lambda, or on-premise servers.

68

Respuesta de referencia

AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the compute resources for you.

69

Respuesta de referencia

AWS Key Management Service functions as a security service within AWS. It helps users generate and manage encryption keys, which protect data stored in Amazon S3, Amazon EBS, and Amazon RDS.

70

Respuesta de referencia

IaC is the management of infrastructure (networks, virtual machines, load balancers, etc.) in a descriptive model, using tools like CloudFormation and Terraform.

71

Respuesta de referencia

AWS Database Migration Service (DMS) facilitates the migration of databases to AWS quickly and securely. Here's how it works: - Source and Target Databases: DMS supports various database sources (e.g., Oracle, SQL Server, MySQL, PostgreSQL) and targets (e.g., Amazon RDS, Amazon Redshift, Amazon S3). - Replication Instance: When you set up a migration task, DMS provisions a replication instance that manages the data migration process. This instance reads the source database and writes to the target. - Database Schema Conversion: If the source and target database engines differ, use the AWS Schema Conversion Tool (SCT) to convert the database schema and make necessary adjustments. - Change Data Capture: DMS supports ongoing replication using change data capture (CDC). This means that after the initial load of the existing data, DMS continuously replicates changes made to the source database, ensuring that the target stays in sync. - Task Configuration: Configure migration tasks to specify what data to migrate (full load, incremental updates, or both) and set parameters for error handling, logging, and monitoring. - Monitoring and Management: AWS DMS provides monitoring capabilities through Amazon CloudWatch, allowing you to track migration progress and performance metrics. - Security and Compliance: DMS supports data encryption in transit and at rest, ensuring that sensitive data is protected during the migration process. AWS DMS simplifies the process of migrating databases to AWS, minimizing downtime and allowing organizations to leverage cloud benefits quickly.

72

Respuesta de referencia

AWS Web Application Firewall (WAF) helps protect your web applications from common web exploits like SQL injection and cross-site scripting (XSS) by allowing you to define rules that allow or block specific requests.

73

Respuesta de referencia

I implement caching at multiple layers. ElastiCache Redis for application-level caching - session storage, database query results, computed data. We had an API aggregating data from multiple sources - caching results for 5 minutes cut database load 80% and response time from 2s to 50ms. CloudFront for static content delivery at edge locations. Users in Asia went from 3-second page loads to under 500ms. API Gateway caching for frequently called endpoints reduces backend invocations. The key is setting appropriate TTLs. Short TTLs (5-10 min) for dynamic data, longer (1 day+) for static content. Always implement cache invalidation for critical updates.

74

Respuesta de referencia

An AWS Administrator manages cloud resources, ensures security, configures access controls, monitors system health, and optimizes costs for efficient cloud operations.

75

Respuesta de referencia

There are a number of ways to troubleshoot cloud-based applications, including: - Monitoring: Monitoring your cloud-based applications can help you to identify and troubleshoot problems early on. - Logging: Logging can help you to track down the root cause of problems with your cloud-based applications. - Debugging: Debugging can help you to identify and fix specific problems with your cloud-based applications. - Support: Cloud providers offer a variety of support options to help you troubleshoot problems with your cloud-based applications.

76

Respuesta de referencia

Begin with this free cloud cost assessment to understand where you are coming from. Follow up with a tagging audit to ensure cost allocation by team, service, or environment. Use AWS tools to identify underutilized or idle resources. Prioritize non-critical workloads for Spot Instances, and convert predictable usage to Savings Plans. Look at storage tiers and data transfer costs for quick wins. Communicate clearly with teams before making any impactful changes.

77

Respuesta de referencia

Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, and events from AWS resources and applications, enabling real-time monitoring, alerting, and automated responses.

78

Respuesta de referencia

Amazon RDS (Relational Database Service) is a managed service for setting up, operating, and scaling relational databases in the AWS cloud. It automates database administration tasks such as backups, patching, and recovery, and supports multiple database engines including MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora.

79

Respuesta de referencia

There is a limit of running up to a total of 20 on-demand instances across the instance family, you can purchase 20 reserved instances and request spot instances as per your dynamic spot limit region.

80

Respuesta de referencia

AWS implements IaC through services like AWS CloudFormation and AWS CDK, where infrastructure is defined in templates (YAML/JSON or code), versioned, and deployed as stacks. These tools automate provisioning, updates, and drift detection for AWS resources.

81

Respuesta de referencia

There are a number of ways to secure data transfer in a cloud environment, including: - Encryption: Encrypting your data at rest and in transit can protect it from unauthorized access. - VPN: Using a VPN can create a secure tunnel between your on-premises network and the cloud. - IAM: Using IAM can control who has access to your data and what they can do with it.

82

Respuesta de referencia

Handling large-scale data processing in AWS involves using a combination of AWS services designed for scalability, efficiency, and performance. Key approaches include: - Data Storage: Use Amazon S3 as a scalable storage solution for large datasets. S3's object storage capabilities support vast amounts of data and various formats. - Data Processing Frameworks:some text - Amazon EMR: Utilize Amazon Elastic MapReduce (EMR) for big data processing with frameworks like Apache Hadoop, Spark, and Presto. EMR automatically provisions and scales resources based on processing needs. - AWS Glue: Use AWS Glue for serverless data integration and ETL (Extract, Transform, Load) processes. Glue can automatically discover and catalog data stored in S3. - Data Streaming: For real-time data processing, use Amazon Kinesis to collect, process, and analyze streaming data. Kinesis allows you to build real-time applications that respond to data as it arrives. - Data Analytics: Leverage Amazon Athena to run ad-hoc queries on data stored in S3 without the need for complex ETL processes. Athena integrates seamlessly with S3 and supports SQL queries. - Batch Processing: Use AWS Batch to run batch processing jobs efficiently, automatically managing the compute resources needed for large-scale batch workloads. - Machine Learning: For advanced analytics and predictive modeling, use Amazon SageMaker to build, train, and deploy machine learning models at scale. - Cost Management: Monitor and optimize costs by analyzing data processing workloads and using AWS Cost Explorer to identify cost drivers. By employing these services and strategies, organizations can effectively manage large-scale data processing in AWS, enabling real-time insights and data-driven decision-making.

83

Respuesta de referencia

Query optimization in Oracle involves techniques such as creating appropriate indexes, using the EXPLAIN PLAN command to analyze query execution plans, optimizing SQL statements, and using hints to influence the optimizer's choices.

84

Respuesta de referencia

Stores data as objects with metadata (S3).

85

Respuesta de referencia

- Amazon S3: Object storage accessed via HTTP/S, ideal for backups, static assets, and data lakes. Highly durable and scalable, but not mountable as a file system. - Amazon EBS: Block storage attached to one EC2 instance, offering low-latency and high IOPS. Best for boot volumes and transactional databases. - Amazon EFS: File storage mountable across multiple EC2s via NFS. Great for shared environments like CMS, code repos, and web servers. Scales automatically with usage.

86

Respuesta de referencia

S3 versioning keeps multiple versions of an object. It helps protect data from accidental deletions and enables rollback to previous versions.

87

Respuesta de referencia

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability, designed for high-availability applications.

88

Respuesta de referencia

Identity and Access Management (IAM) is a set of policies and procedures that control who has access to cloud resources and what they can do with those resources. IAM is important in the cloud because it helps to protect cloud resources from unauthorized access and use. IAM typically includes the following components: - Authentication: Authentication is the process of verifying that a user is who they say they are. - Authorization: Authorization is the process of determining what a user is allowed to do with cloud resources. - Auditing: Auditing is the process of tracking user activity in the cloud.

89

Respuesta de referencia

Adding metadata labels to AWS resources.

90

Respuesta de referencia

An API Gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.

91

Respuesta de referencia

When managing multi-tenant cloud environments, it is critical to employ resource management tools such as container orchestration and cluster management tools to avoid resource contention. These technologies can monitor resource utilization in each tenant's environment and ensure that resources are distributed fairly and appropriately. Also, it is essential to set resource quotas for each tenant to prevent one tenant from using too many resources and impacting the performance of other tenants' applications.

92

Respuesta de referencia

Clustering columns are used in the definition of the primary key along with the partition key. They determine the sorting order of rows within a partition and are useful for range queries. Clustering columns provide control over data ordering within a partition.

93

Respuesta de referencia

AWS Elastic Beanstalk is a platform-as-a-service (PaaS) that allows you to deploy and manage applications in various languages like Java, Python, Ruby, etc., without worrying about infrastructure.

94

Respuesta de referencia

AWS Cloud Computing provides on-demand delivery of IT resources over the internet. It offers scalability, reliability, and cost efficiency with services like compute, storage, and databases.

95

Respuesta de referencia

Amazon EC2 (Elastic Compute Cloud) provides virtual servers for scalable cloud computing in the AWS environment. You can: - Choose instance type (CPU, RAM). - Launch with AMI (Amazon Machine Image). - Attach EBS volumes for storage. - Configure security with Security Groups and Key Pairs. - Scale using Auto Scaling Groups.

96

Respuesta de referencia

AWS Identity and Access Management (IAM) is a free AWS service that grants secure access to AWS resources. It enables you to control who can use your AWS resources (authentication) and how they can use them (authorization). - Users: These are the end users who would be accessing the AWS resources. They can be grouped together according to the designations or roles. - Groups: Groups are a way to combine several users so that they can be assigned the same set of permissions. This makes managing permissions easier, especially in scenarios where multiple users require similar levels of access. - Roles: IAM roles are created and then assigned to other AWS resources or AWS accounts. They eliminate the need to share long-term credentials. Instead, they allow for secure access to resources. IAM is fundamental to AWS security and offers several advantages: - Principle of Least Privilege: Ensures users and resources have only the permissions they need to perform their tasks, reducing risks. - Granular Permissions: AWS provides a vast range of services, and within each service, there are numerous actions. IAM allows for specific actions on particular services to be granted, offering a great degree of control. - Access Management to Resources: IAM not only manages access for users and groups but also for services, ensuring secure communication between AWS resources. - Secure Access Sharing: Using roles, AWS allows for secure cross-account sharing. This is used by organizations that have multiple AWS accounts to enforce security and centralize management. - Compliance Tracking: IAM provides detailed logs to track user activity, which is crucial for compliance with industry standards. - Password Policies: IAM allows for strong password policies, ensuring user authentication methods comply with security best practices.

97

Respuesta de referencia

Cloud computing differs from the typical data center as it uses remote servers connected to the internet to store, process, and manage data, whereas traditional data centers employ physical servers. Cloud computing offers scalability, flexibility, and cost savings, whereas traditional data centers may demand a big initial investment and continuous maintenance expenses.

98

Respuesta de referencia

Amazon Elastic Compute Cloud (EC2) provides resizable compute capacity in the cloud.

99

Respuesta de referencia

A cloud DNS service is a DNS service that is hosted in the cloud. Cloud DNS services offer a number of advantages over traditional on-premises DNS services, such as: - Scalability: Cloud DNS services are highly scalable, so you can easily scale them up or down to meet your changing needs. - Reliability: Cloud DNS services are highly reliable, and cloud providers offer a variety of services to ensure the reliability of their DNS services. - Security: Cloud DNS services are secure, and cloud providers offer a variety of security services to protect your DNS data. Cloud DNS services work by resolving DNS queries for your domain names and returning the IP addresses of your servers. Cloud DNS services typically use a global network of servers to resolve DNS queries quickly and reliably.

100

Respuesta de referencia

Managing infrastructure using code instead of manual setup.

101

Respuesta de referencia

A Virtual Private Cloud (VPC) is a logically isolated, customizable virtual network within the AWS Cloud where you can launch AWS resources such as EC2 instances and databases. It closely resembles a traditional on-premises network, giving you control over IP address ranges, subnets, route tables, gateways, and security settings.

102

Respuesta de referencia

Setting up CodeBuild first, then connecting it directly with the AWS CodePipeline, makes it simple to set up and configure the release process. This makes it possible to add build steps continually, and as a result, AWS handles the processes for continuous integration and continuous deployment.

103

Respuesta de referencia

An on-demand or reserved instance will not be ideal in this case, as the task here is not continuous. Moreover, launching an on-demand instance whenever work comes up makes no sense because on-demand instances are expensive. In this case, the ideal choice would be to opt for a spot instance owing to its cost-effectiveness and no long-term commitments.

104

Respuesta de referencia

IBM's reputation for cutting-edge cloud solutions and its focus on AI and hybrid cloud excites me. Joining IBM would allow me to work on innovative AWS projects and enhance my skills in cloud technologies.

105

Respuesta de referencia

Amazon SageMaker is a fully managed service that provides tools for building, training, and deploying machine learning (ML) models at scale. It simplifies the machine learning workflow, allowing developers and data scientists to focus on model development without managing infrastructure. Key Features: - Integrated Jupyter Notebooks: SageMaker provides Jupyter notebooks for easy data exploration and model development. Users can quickly prototype models using familiar tools. - Built-in Algorithms: The service includes built-in machine learning algorithms optimized for performance and scalability. Users can also bring their own algorithms and frameworks. - Model Training: SageMaker simplifies the training process by automatically managing the underlying infrastructure. Users can easily scale training jobs based on dataset size and complexity. - Hyperparameter Tuning: SageMaker offers automatic model tuning (hyperparameter optimization) to find the best hyperparameters for models, improving performance. - Deployment and Inference: Once trained, models can be easily deployed to endpoints for real-time inference or batch transformations, allowing applications to make predictions. - Data Labeling: SageMaker Ground Truth provides tools for labeling training data, enhancing the quality of datasets for supervised learning. - Monitoring and Management: Users can monitor model performance and manage lifecycle events using SageMaker Model Monitor, ensuring that models remain accurate and effective over time. Use Cases: - Predictive analytics, fraud detection, recommendation systems, and image and text classification are common use cases for Amazon SageMaker, allowing organizations to leverage machine learning effectively. By utilizing Amazon SageMaker, organizations can accelerate their machine learning projects, improve model quality, and deploy solutions more efficiently.

106

Respuesta de referencia

AWS CodeStar is a unified user interface that makes it easy to develop, build, and deploy applications on AWS quickly.

107

Respuesta de referencia

I would use Amazon CloudFront for content delivery, deploy resources in multiple AWS regions, and implement AWS Global Accelerator to route traffic to the optimal region for reduced latency.

108

Respuesta de referencia

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, and IT managers. It provides data and actionable insights to monitor applications.

109

Respuesta de referencia

Redshift automatically applies columnar data compression. It reduces storage requirements and improves query performance by minimizing the amount of data scanned.

110

Respuesta de referencia

Docker containers virtualize at the OS level, while VMs virtualize at the hardware level. Containers are more lightweight, sharing the host OS kernel, whereas each VM runs a full guest OS.

111

Respuesta de referencia

Cloud monitoring and management tools are essential for managing cloud-based applications. These tools can help you to: - Monitor your cloud resources: Cloud monitoring tools can help you to monitor the performance and health of your cloud resources. This includes monitoring your CPU usage, memory usage, and disk usage. - Manage your cloud resources: Cloud management tools can help you to manage your cloud resources. This includes managing your cloud accounts, users, and permissions. - Automate cloud tasks: Cloud automation tools can help you to automate cloud tasks, such as deploying new applications and scaling your applications up or down.

112

Respuesta de referencia

Elastic block storage, as the name indicates, provides persistent, highly available, and high-performance block-level storage that can be attached to a running EC2 instance. The storage can be formatted and mounted as a file system, or the raw storage can be accessed directly.

113

Respuesta de referencia

As user queries move via the Amazon API Gateway REST APIs to the underlying services, we can track and examine them using AWS X-Ray.

114

Respuesta de referencia

Four primary strategies: - Backup & Restore: Store backups in Amazon S3 Glacier for cost-effective DR. - Pilot Light: Keep a minimal version of the environment running in a different region. - Warm Standby: A scaled-down but fully functional environment in another region. - Multi-Site Active/Active: Fully operational architecture across multiple AWS regions. Key AWS services: AWS Backup, RDS Read Replicas, DynamoDB Global Tables, CloudEndure Disaster Recovery, Route 53 Failover Routing, AWS Transit Gateway.

115

Respuesta de referencia

Use CloudWatch Logs for centralized log collection, CloudWatch Metrics for resource monitoring, and X-Ray for distributed tracing. Set up dashboards, alarms, and automated notifications. Use structured logging and correlation IDs for easier tracing across services.

116

Respuesta de referencia

Amazon EC2 (Elastic Compute Cloud) provides virtual servers for scalable cloud computing in the AWS environment. You can: - Choose instance type (CPU, RAM). - Launch with AMI (Amazon Machine Image). - Attach EBS volumes for storage. - Configure security with Security Groups and Key Pairs. - Scale using Auto Scaling Groups.

117

Respuesta de referencia

B) Amazon EKS

118

Respuesta de referencia

To optimize your CI/CD workflow, automate build and deployment processes, integrate automated testing, and use monitoring tools for early failure detection. Establish clear KPIs, regularly review pipeline performance, and adopt best practices like infrastructure as code, security checks, and continuous feedback. Encourage collaboration, use pipeline visualization, and embrace a culture of continuous improvement and learning.

119

Respuesta de referencia

AWS Lambda@Edge is a service that allows you to run Lambda functions at the edge of the AWS network. This allows you to process data and deliver content closer to your users, which can improve performance and reduce latency. Some of the features of AWS Lambda@Edge include: - Low latency: Lambda@Edge functions are executed at the edge of the AWS network, close to your users. This can reduce latency and improve performance for your users. - Global reach: Lambda@Edge functions can be deployed to edge locations around the world. This allows you to deliver content and process data closer to your users, regardless of where they are located. - Scalability: Lambda@Edge functions can scale automatically to meet demand. This means that your applications can handle sudden spikes in traffic without any intervention from you.

120

Respuesta de referencia

AWS CloudTrail enables governance, compliance, and operational and risk auditing by recording account activity across your AWS infrastructure.

121

Respuesta de referencia

To create an EC2 instance, you will need to specify the instance type, the operating system, and the amount of storage you need. You can also choose to add additional features, such as Elastic Block Storage (EBS) volumes and Elastic IP addresses.

122

Respuesta de referencia

A Virtual Private Cloud (VPC) lets you create a secure, isolated network within AWS, similar to a traditional on-premises setup. It includes: - Subnets: Split VPC into public & private networks. - Route tables: define traffic paths. - IGW/NAT: internet for public subnets (IGW) and outbound-only for private (NAT). - Security: Security Groups (stateful, instance-level) vs NACLs (stateless, subnet-level). - Outcome: controlled connectivity with layered security

123

Respuesta de referencia

The AWS Well-Architected Framework consists of five main pillars: - Operational excellence: Focuses on supporting development and operations through monitoring, incident response, and automation. - Security: Covers protecting data, systems, and assets through identity management, encryption, and incident response. - Reliability: Involves building systems that can recover from failures, scaling resources dynamically, and handling network issues. - Performance efficiency: Encourages the use of scalable resources and optimized workloads. - Cost optimization: Focuses on managing costs by selecting the right resources and using pricing models such as Reserved Instances.

124

Respuesta de referencia

Amazon EKS achieves high availability by distributing control plane components across multiple Availability Zones (AZs) and automatically recovering from control plane failures. Worker nodes can also be distributed across multiple AZs for application high availability.

125

Respuesta de referencia

Public cloud services are shared by multiple organizations over the public internet. They are the most cost-effective and scalable cloud computing option, but they offer the least amount of control and security. Private cloud services are dedicated to a single organization. They can be hosted on-premises or by a third-party provider. Private clouds offer more control and security than public clouds, but they are more expensive and less scalable. Hybrid clouds combine public and private cloud services. This allows organizations to take advantage of the benefits of both cloud models, such as the scalability and cost-effectiveness of public clouds and the security and control of private clouds.

126

Respuesta de referencia

You can launch instances from a single AMI. An instance type specifies the hardware of the host computer that hosts your instance. Each type of instance offers different cloud computing and memory resources. Once an instance has been launched, it becomes a standard host and can be used in the same way as any other computer.

127

Respuesta de referencia

- Service sprawl and complexity: Use Infrastructure as Code and documentation to standardize setups. - Unpredictable costs: Set up budget alerts, track cost per environment, and use platforms like CloudZero for real-time spend visibility. - Security misconfigurations: Enforce IAM best practices, regular audits, and automated policy enforcement via tools like AWS Config. - Poor observability: Use CloudWatch, X-Ray, and OpenTelemetry integrations to surface metrics and logs across services. - Over-permissioned access: Apply the principle of least privilege, use IAM Access Analyzer, and implement permission boundaries.

128

Respuesta de referencia

- Optimizing Cost vs. Performance trade-offs. - Architecting Multi-Cloud & Hybrid Environments. - Building Highly Scalable Systems for growing businesses. - Implementing AI & Machine Learning Pipelines on AWS.

129

Respuesta de referencia

In this model, AWS manages the security of the cloud (hardware, software, networking), while customers are responsible for security in the cloud (data, identity, access management).

130

Respuesta de referencia

A firewall in cloud computing is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

131

Respuesta de referencia

Cloud bursting is a technique for scaling your on-premises applications to the cloud. This can be useful when your on-premises infrastructure cannot handle spikes in traffic or workloads. Cloud bursting can be used to: - Scale up your on-premises applications to meet unexpected spikes in traffic or workloads. - Run batch jobs or other computationally intensive tasks in the cloud. - Develop and test new applications in the cloud.

132

Respuesta de referencia

ECS is a native AWS service for container orchestration, while EKS is a fully managed Kubernetes service that provides a Kubernetes control plane in AWS.

133

Respuesta de referencia

There are a number of ways to secure data in Amazon S3 buckets. Some common methods include: - Server-side encryption (SSE): SSE encrypts your data at rest in S3. You can choose to encrypt your data using AWS managed keys or your own encryption keys. - Client-side encryption (CSE): CSE encrypts your data before it is uploaded to S3. You can choose to encrypt your data using AWS managed keys or your own encryption keys. - Bucket policies: Bucket policies can be used to control access to your S3 buckets. You can use bucket policies to restrict who can access your buckets and what they can do with them. - Object ACLs: Object ACLs can be used to control access to individual objects in your S3 buckets. You can use object ACLs to restrict who can access the objects and what they can do with them.

134

Respuesta de referencia

This is a general question for the managerial round, similar to the technical round introduction. The candidate should highlight their professional background, key achievements, and motivation for the role. For example: 'I have over two years of experience in cloud support, specializing in troubleshooting AWS services and networking. I enjoy solving complex problems and working in team environments.'

135

Respuesta de referencia

AWS SQS (Simple Queue Service) is a message queuing service. It allows decoupling of microservices and helps in transmitting messages between distributed applications reliably.

136

Respuesta de referencia

A temporary URL used to grant access to private S3 objects.

137

Respuesta de referencia

I follow AWS best practices by implementing least-privilege access, using IAM roles, enabling encryption, and automating security checks. At the same time, I leverage managed and serverless services to reduce operational overhead and ensure performance and cost efficiency.

138

Respuesta de referencia

For data in transit, use TLS (HTTPS) for secure communication between services, and enforce encryption on services like API Gateway, ELB, and CloudFront. For data at rest, enable server-side encryption (SSE) with AWS Key Management Service (KMS) on services like S3, EBS, RDS, and Redshift. Use customer-managed keys (CMKs) for tighter control, auditability, and key rotation.

139

Respuesta de referencia

The booting process involves several steps: 1) The system is powered on, and the BIOS/UEFI performs a Power-On Self Test (POST) to check hardware. 2) The BIOS/UEFI loads the bootloader from the boot device. 3) The bootloader loads the operating system kernel into memory. 4) The kernel initializes system hardware and mounts the root filesystem. 5) System services and daemons are started, and the user is presented with a login prompt. Troubleshooting may involve checking hardware connections, boot device order, or repairing the bootloader.

140

Respuesta de referencia

Both offer similar services, but they have different user interfaces, pricing models, and specific services tailored to different needs.

141

Respuesta de referencia

Elasticity refers to the ability of a cloud infrastructure to dynamically scale resources up or down in response to changing demand. This characteristic is fundamental to cloud computing, allowing organizations to optimize costs and performance based on workload requirements. Key aspects of elasticity in AWS include: - Auto Scaling: AWS Auto Scaling allows users to automatically adjust the number of EC2 instances based on predefined metrics, such as CPU utilization or request counts. This ensures that applications have sufficient resources during peak times and scale down during periods of low demand to reduce costs. - Elastic Load Balancing: ELB distributes incoming application traffic across multiple targets (EC2 instances, containers, etc.), ensuring that no single instance is overwhelmed. It works seamlessly with Auto Scaling to maintain performance as the number of instances changes. - Serverless Computing: Services like AWS Lambda exemplify elasticity by allowing users to run code in response to events without provisioning or managing servers. AWS automatically scales the execution of functions based on incoming requests, providing automatic resource management. Elasticity helps organizations maintain performance, optimize costs, and efficiently manage variable workloads.

142

Respuesta de referencia

Application Load Balancer works at HTTP layer - it can route based on URL paths, perfect for microservices. I use ALB for web apps because it supports path-based routing and integrates with WAF. Network Load Balancer is Layer 4 TCP/UDP - extremely fast with static IPs. I used NLB for a gaming app that needed consistent IPs for firewall whitelisting and couldn't tolerate ALB's slight latency. Gateway Load Balancer is for security appliances. For most web applications, ALB is the answer - smarter and cheaper.

143

Respuesta de referencia

AWS Simple Notification Service (SNS) is a fully managed messaging service. It facilitates message delivery to multiple subscribers via protocols like email, SMS, and HTTP/HTTPS endpoints.

144

Respuesta de referencia

Load balancers provide high availability and scalability by splitting incoming traffic among numerous backend servers. It also helps prevent any server from overloading, improving performance and dependability. Load balancers mediate between client requests and servers, distributing incoming traffic evenly among multiple servers. This helps prevent any server from becoming overwhelmed with traffic and allows the system to continue functioning even if one or more servers fail.

145

Respuesta de referencia

Event bus service that connects applications using events.

146

Respuesta de referencia

Amazon Machine Image is a template used to launch EC2 instances.

147

Respuesta de referencia

Terraform is a platform for managing and configuring infrastructure resources, including computer systems, virtual machines (VMs), network switches, containers, etc. An API provider is in charge of meaningful API interactions that reveal resources. Terraform works with a wide range of cloud service providers.

148

Respuesta de referencia

Performance, pricing, latency, and response time are factors to consider when selecting the availability zone.

149

Respuesta de referencia

Amazon CloudFront is a content delivery network (CDN) service that speeds up the distribution of static and dynamic web content, such as HTML pages, images, and videos, to users worldwide. CloudFront leverages a network of edge locations to cache copies of content closer to end-users, reducing latency and improving load times. Key features of Amazon CloudFront include: - Global Network: CloudFront has edge locations across multiple geographic regions, allowing for low-latency delivery to users no matter their location. - Caching: It caches content at edge locations to reduce the load on origin servers and improve content delivery speeds. Users can configure cache behaviors based on file types, HTTP methods, and query strings. - Security: CloudFront integrates with AWS Shield for DDoS protection and AWS Web Application Firewall (WAF) for application layer security. It also supports HTTPS for secure content delivery. - Customizable: Users can configure CloudFront to serve content from various origin sources, including S3 buckets, EC2 instances, or custom origins. - Cost-effective: CloudFront uses a pay-as-you-go pricing model, allowing users to only pay for the data transfer and requests made, with no upfront costs. Overall, Amazon CloudFront enhances the performance and security of web applications by delivering content efficiently and reliably to end-users.

150

Respuesta de referencia

AWS Identity and Access Management (IAM) allows you to manage access to AWS services securely. It lets you create and manage AWS users, groups, and roles, and use permissions to allow or deny access.

151

Respuesta de referencia

There are both public and private addresses for the instances. Until the Amazon EC2 or instance is terminated or disabled, the private and public addresses are still associated with them. Elastic addresses can be used in place of these addresses, and they remain with the instance as long as the user doesn't explicitly disconnect them. There will be a need for more than one Elastic IP if numerous websites are hosted on an EC2 server.

152

Respuesta de referencia

AWS Shield provides managed Distributed Denial of Service (DDoS) protection for applications running on AWS.

153

Respuesta de referencia

To optimize costs: - You will need to utilize AWS Cost Explorer to analyze spending patterns and identify cost drivers. - Review the underutilized resources and consider whether to resize or terminate them - Implementing AWS Trusted Advisor to get cost optimization recommendations is another go-to option - You could employ AWS Spot Instances for non-critical workloads, which reduces compute costs. - Use AWS Auto Scaling. This helps in rightsizing your resources based on actual usage. - Consider Reserved Instances for predictable workloads to save on compute costs.

154

Respuesta de referencia

IAM User → permanent identity with credentials IAM Role → temporary access granted to users or services

155

Respuesta de referencia

IAM Role is an IAM Identity formed in an AWS account and granted particular authorization policies. These policies outline what each IAM (Identity and Access Management) role is allowed and prohibited to perform within the AWS account. IAM roles do not store login credentials or access keys; instead, a temporary security credential is created specifically for each role session. These are typically used to grant access to users, services, or applications that need explicit permission to use an AWS resource.

156

Respuesta de referencia

AWS EventBridge is a serverless event bus service that makes it easy to connect applications together and build event-driven applications. EventBridge delivers a stream of real-time events to targets such as AWS Lambda functions, Kinesis streams, and Amazon SNS topics. To use AWS EventBridge, you first need to create an event rule. An event rule specifies the event pattern that EventBridge should match. Once you have created an event rule, you need to configure one or more targets for the rule. Targets are the resources that EventBridge will send events to when the event pattern matches.

157

Respuesta de referencia

(Example Answer) I designed a serverless e-commerce backend using AWS Lambda, API Gateway, DynamoDB, and Cognito. It handled 1 million requests per day with 99.99% uptime and reduced operational costs by 50% compared to a traditional EC2-based setup.

158

Respuesta de referencia

The AWS Free Tier allows users to try AWS services without incurring charges for a limited period: - EC2: 750 hours/month (t2.micro instance). - S3: 5GB of standard storage. - RDS: 750 hours of usage with Amazon Aurora/MySQL. - Lambda: 1 million free requests/month. - CloudFront: 50GB of outbound data transfer.

159

Respuesta de referencia

The Schema Registry storage and control layer supports the AWS Glue SLA, and the serializers and deserializers employ best-practice caching techniques to maximize client schema availability.

160

Respuesta de referencia

Containers are a lightweight virtualization technology that can be used to package and deploy applications. Containers are well-suited for cloud computing because they allow applications to be scaled and deployed quickly and easily. Containers can be used in cloud computing to: - Deploy applications to multiple cloud providers. - Scale applications up or down quickly and easily. - Improve the performance of applications by sharing resources. - Reduce the cost of running applications by reducing the number of servers that are needed.

161

Respuesta de referencia

There are three main types of cloud computing: IaaS, PaaS, and SaaS - Infrastructure as a Service (IaaS): Provides basic building blocks for cloud IT like compute, storage, and networking that users can access on-demand without needing to manage the underlying infrastructure. Examples: AWS EC2, S3, VPC. - Platform as a Service (PaaS): Provides a managed platform or environment for developing, deploying, and managing cloud-based apps without needing to build the underlying infrastructure. Examples: AWS Elastic Beanstalk, Heroku - Software as a Service (SaaS): Provides access to complete end-user applications running in the cloud that users can use over the internet. Users don't manage infrastructure or platforms. Examples: AWS Simple Email Service, Google Docs, Salesforce CRM.

162

Respuesta de referencia

There are three main cloud service models: - Infrastructure as a Service (IaaS): IaaS provides you with access to computing resources, such as servers, storage, and networking. - Platform as a Service (PaaS): PaaS provides you with a platform for developing and deploying applications. - Software as a Service (SaaS): SaaS provides you with access to software applications that are hosted in the cloud. The best cloud service model for your project will depend on your specific needs and requirements.

163

Respuesta de referencia

ECS is AWS's native container orchestration service, simpler to use and tightly integrated with AWS. EKS is a managed Kubernetes service, offering open-source Kubernetes compatibility, more flexibility, and portability, but with increased complexity.

164

Respuesta de referencia

AWS DataSync is a service that helps you to automate the transfer of data between on-premises storage systems and AWS storage services. DataSync supports a variety of on-premises storage systems, including NAS, SAN, and cloud storage. DataSync also supports a variety of AWS storage services, including S3, EFS, and FSx. DataSync works by creating a replication task. A replication task defines the source and destination for the data transfer, and the schedule for the transfer. DataSync then monitors the source for changes and transfers the changes to the destination.

165

Respuesta de referencia

EC2, a Virtual Machine in the cloud on which you have OS-level control. You can run this cloud server whenever you want and can be used when you need to deploy your own servers in the cloud, similar to your on-premises servers, and when you want to have full control over the choice of hardware and the updates on the machine.

166

Respuesta de referencia

Amazon VPC (Virtual Private Cloud) allows you to create a secure, isolated network within AWS. Features: - Subnets, Route Tables, Internet Gateway. - Security via NACLs and Security Groups. - VPN and Direct Connect for hybrid cloud setups.

167

Respuesta de referencia

AWS Lambda has limits such as a maximum of 15 minutes execution time, 10 GB of memory, and limited support for certain libraries and dependencies.

168

Respuesta de referencia

AWS Snowball is a service that allows you to transfer large amounts of data to and from AWS. Snowball devices are portable storage devices that are shipped to your location. Once you have loaded the data onto the Snowball device, you ship it back to AWS. Snowball is ideal for transferring large amounts of data to and from AWS, such as data migration, data archiving, and disaster recovery.

169

Respuesta de referencia

I would deploy a fleet of EC2 instances, which would be load balanced using Elastic Load Balancer and scaled…

170

Respuesta de referencia

Cloud data warehousing is the use of cloud computing to build and manage data warehouses. Cloud data warehouses offer a number of advantages over on-premises data warehouses, such as: - Scalability: Cloud data warehouses are highly scalable, so you can easily scale them up or down to meet your changing needs. - Reliability: Cloud data warehouses are highly reliable, and cloud providers offer a variety of services to ensure the reliability of your data warehouses. - Security: Cloud data warehouses are secure, and cloud providers offer a variety of security services to protect your data.

171

Respuesta de referencia

Common risks include misconfigured IAM permissions, unsecured S3 buckets, exposed credentials, lack of encryption, and insufficient monitoring. Risks are mitigated by following the principle of least privilege, enabling encryption at rest and in transit, using AWS Config and CloudTrail for auditing, regular security reviews, and automated compliance checks.

172

Respuesta de referencia

Parameter Groups in RDS allow you to configure database engine settings, such as the character set, storage engine, and more, to optimize database performance.

173

Respuesta de referencia

- Auto Scaling: Configure scaling policies based on CPU, memory, and traffic. - Use Spot & Reserved Instances: Mix instance types to balance cost and availability. - Amazon RDS Read Replicas: Offload database read traffic. - Content Caching: Use CloudFront and ElastiCache for dynamic content delivery. - AWS Cost Explorer & Trusted Advisor: Continuously monitor and optimize.

174

Respuesta de referencia

Eventual Consistency - It means that the data will be consistent eventually, but may not be immediate. This will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. For example, if you don't see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds, it is acceptable. Strong Consistency - It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly. This model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

175

Respuesta de referencia

Advantages include scalability, fault tolerance, and parallel processing capabilities. Limitations include complexity for some tasks and a batch processing nature that may not be suitable for real-time data processing.

176

Respuesta de referencia

Ensure high availability by deploying resources across multiple AZs, using load balancers, configuring Multi-AZ databases, automating failover, and continuously monitoring system health. Regularly test failover and disaster recovery processes to validate readiness.

177

Respuesta de referencia

Cloud bursting is a technique for scaling your on-premises applications to the cloud. This can be useful when your on-premises infrastructure cannot handle spikes in traffic or workloads. Cloud bursting can be used to: - Scale up your on-premises applications to meet unexpected spikes in traffic or workloads. - Run batch jobs or other computationally intensive tasks in the cloud. - Develop and test new applications in the cloud.

178

Respuesta de referencia

The source code for an application must be stored and versioned using AWS Developer tools. The application is then built, tested, and deployed automatically using the services to an AWS instance or a local environment. When implementing continuous integration and deployment services, it is better to start with CodePipeline and use CodeBuild and CodeDeploy as necessary.

179

Respuesta de referencia

Common strategies include backup and restore, pilot light (minimal core infrastructure always running), warm standby (scaled-down version always running), and multi-site active-active deployments. Multi-AZ and multi-region deployments further enhance resilience and reduce RTO/RPO.

180

Respuesta de referencia

AWS IAM is a service that allows customers to manage access to AWS resources. IAM allows customers to create users and groups, and to assign them permissions to AWS services and resources. IAM also allows customers to control access to AWS resources using policies. IAM is a critical part of any AWS deployment. It helps customers to protect their resources and to ensure that only authorized users have access to them.

181

Respuesta de referencia

Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that helps you run and scale containerized applications on AWS.

182

Respuesta de referencia

Why reinvent the wheel? No matter the type of company, common sets of technical requirements evolve in an increasingly complex architecture, such as background workers, outbound email, or mobile push. Avoid engineers who believe they need to implement seemingly common architectural patterns from scratch.

183

Respuesta de referencia

Stores data as files and directories.

184

Respuesta de referencia

An Availability Zone (AZ) is one or more isolated data centers within a region used for high availability.

185

Respuesta de referencia

GCP is a suite of cloud computing services that runs on the same infrastructure that Google uses internally.

186

Respuesta de referencia

To set up AWS SSO, you will need to create an AWS SSO account and configure your applications to use AWS SSO for authentication. You will also need to assign users and groups to roles in AWS SSO. Once you have configured AWS SSO, you can enable users to log in to your applications using their AWS SSO credentials.

187

Respuesta de referencia

AWS Lambda is a serverless computing service that lets you run code without provisioning or managing servers. It enables developers to execute code in response to events such as object uploads to S3 or API requests via API Gateway, making it an essential tool for modern application architectures. As a Cloud Engineer, understanding Lambda's event-driven model is crucial. Lambda is scalable, meaning it automatically handles scaling based on the number of incoming requests, and it integrates seamlessly with other AWS services, allowing you to automate workflows and reduce infrastructure overhead.

188

Respuesta de referencia

The answer to this question is hybrid cloud. This is because you are fully utilizing the public as well as private cloud premises.

189

Respuesta de referencia

There are plenty of works available which can be done by the Amazon Web Servers. The customers can choose the required help and support from the AWS according to the type of services they really want to get. Here are some common services offered by Amazon web service (AWS): - High storage - Monitoring & Analytics - Security and safety - Networking - Databases - Compute power

190

Respuesta de referencia

AWS Web Application Firewall (WAF) protects web applications from common web exploits like SQL injection and cross-site scripting.

191

Respuesta de referencia

A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet. Subnets can be public (access to the internet) or private (no internet access).

192

Respuesta de referencia

A cloud backup and recovery strategy is a plan for protecting your data in the cloud from loss or corruption. A cloud backup and recovery strategy should include the following components: - Regular backups: You should regularly back up your data to the cloud. - Offsite storage: You should store your backups in an offsite location to protect them from physical disasters. - Testing: You should regularly test your backup and recovery procedures to ensure that they work as expected.

193

Respuesta de referencia

Here are some differences between AWS CloudFormation and AWS Elastic Beanstalk: - AWS CloudFormation assists you in provisioning and describing all infrastructure resources in your cloud environment. AWS Elastic Beanstalk, on the other hand, provides an environment that makes it simple to deploy and run cloud applications. - AWS CloudFormation meets the infrastructure requirements of a wide range of applications, including legacy applications and existing enterprise applications. AWS Elastic Beanstalk, on the other hand, is integrated with developer tools to assist you in managing the lifespan of your applications.

194

Respuesta de referencia

The main components are Buckets (containers for storing objects), Objects (the actual data/files), Keys (unique identifiers for objects within a bucket), Access Points (for managing access), and Access Control (permissions via bucket policies and ACLs).

195

Respuesta de referencia

DNS (Domain Name System) translates domain names to IP addresses. In AWS, Route 53 is a scalable DNS web service that routes end-user requests to AWS resources or external endpoints by resolving domain names to IP addresses.

196

Respuesta de referencia

Effective methods include using version control, automated CI/CD pipelines, thorough documentation, change tracking, code reviews, and continuous integration and testing to ensure safe and traceable changes.

197

Respuesta de referencia

AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, you can create roles with specific access-levels and assign the roles to the users. It also allows you to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.

198

Respuesta de referencia

The following factors affect network performance: - Type of instance - Network performance criteria When instances are launched in a cluster placement group, one should expect the following: - Single flow of 10 Gbps. - 20 Gbps full-duplex - The network traffic will be restricted to 5 Gbps irrespective of the placement unit.

199

Respuesta de referencia

The app's IAM role might lack “secretsmanager:GetSecretValue” permission, or the secret's ARN is misconfigured in the code. I'd verify both.

200

Respuesta de referencia

Architecting a global application in AWS requires careful consideration of performance, availability, and fault tolerance. Here's how to approach it: - Multi-Region Deployment: Deploy applications in multiple AWS regions to reduce latency for users in different geographic locations. Use services like Amazon Route 53 for DNS routing and latency-based routing to direct users to the nearest region. - Content Delivery: Utilize Amazon CloudFront as a content delivery network (CDN) to cache static assets and deliver content with low latency. This improves load times for users globally. - Database Strategy: Implement a globally distributed database solution. Consider using Amazon DynamoDB Global Tables for multi-region, fully replicated databases, or Amazon Aurora Global Database for relational databases with low-latency global reads. - Cross-Region Replication: Use cross-region replication for services like S3 to ensure data is available in multiple locations for disaster recovery and improved access speed. - API Gateway: Use AWS API Gateway to manage APIs that can route requests to regional backends. This enables efficient management of APIs and provides built-in security and throttling. - Monitoring and Logging: Implement centralized logging and monitoring using Amazon CloudWatch and AWS CloudTrail to track application performance and security across regions. - Resiliency and Failover: Design for resiliency by using AWS services like Elastic Load Balancing and Auto Scaling to handle variable workloads and ensure availability even during failures. By incorporating these strategies, you can build a robust, scalable global application that meets the needs of users around the world.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora

Obtenga una certificación para destacar su currículum.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA! Obtener ahora

Obtenga una certificación para destacar su currículum.

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora