AWS/CLOUD

Question 1

What is AWS IAM?

Answer 1

Identity and Access Management: controls who/what can access AWS resources and what actions they can perform (users, roles, policies).

Question 2

IAM: User vs Role vs Policy

Answer 2

User = human identity; Role = assumable identity (by services or users) with temporary credentials; Policy = permissions document attached to a user/role/resource.

Question 3

What does “least privilege” mean in IAM?

Answer 3

Grant only the minimum permissions required to perform a task; avoid broad actions/resources like ‘*’ unless necessary.

Question 4

Why avoid long-lived access keys in production?

Answer 4

They are easy to leak and hard to rotate; prefer IAM roles with temporary credentials or secret managers.

Question 5

What is an IAM role used for in services?

Answer 5

To give AWS services (EC2/ECS/Lambda) permissions via temporary credentials without embedding secrets.

Question 6

What is a VPC?

Answer 6

A Virtual Private Cloud: your isolated virtual network in AWS where you place subnets, routing, security controls, and resources.

Question 7

Public subnet vs private subnet

Answer 7

Public subnet routes to an Internet Gateway; Private subnet has no direct inbound internet route (often uses NAT for outbound internet).

Question 8

What is an Internet Gateway (IGW)?

Answer 8

A gateway that enables resources in a VPC public subnet to have internet connectivity.

Question 9

What is a NAT Gateway used for?

Answer 9

Allows instances in private subnets to make outbound internet connections without being directly reachable from the internet.

Question 10

Security Group vs NACL

Answer 10

Security Group = stateful firewall at instance/ENI level; NACL = stateless firewall at subnet level.

Question 11

What does “stateful” mean for Security Groups?

Answer 11

Return traffic is automatically allowed if inbound/outbound is permitted; you don’t need explicit rules for response traffic.

Question 12

What is EC2?

Answer 12

Elastic Compute Cloud: virtual machines where you manage OS-level configuration and scaling (with ASG).

Question 13

What is ECS?

Answer 13

Elastic Container Service: runs containerized applications; integrates with load balancers, IAM roles, and can run on Fargate.

Question 14

What is Fargate?

Answer 14

Serverless compute for containers: run ECS tasks without managing EC2 instances.

Question 15

What is EKS?

Answer 15

Elastic Kubernetes Service: managed Kubernetes control plane to run container workloads.

Question 16

What is Lambda?

Answer 16

Serverless function compute: event-driven, auto-scaling, pay-per-invocation; best for short-lived tasks.

Question 17

EC2 vs Containers vs Lambda (quick selection)

Answer 17

EC2 = full control; Containers (ECS/EKS) = standardized app packaging + scalability; Lambda = event-driven, minimal ops, some limits (timeouts/cold starts).

Question 18

What is RDS?

Answer 18

Managed relational database service (e.g., PostgreSQL, Oracle) with backups, patching, and HA options.

Question 19

When choose RDS (relational DB)?

Answer 19

When you need transactions, strong consistency, joins, constraints, and rich SQL querying.

Question 20

What is DynamoDB?

Answer 20

Managed NoSQL key-value/document database with low latency and horizontal scalability; designed around access patterns.

Question 21

When choose DynamoDB?

Answer 21

High throughput/scale needs with predictable key-based access; where joins/complex relational queries are not required.

Question 22

What is S3?

Answer 22

Object storage for files/blobs (logs, backups, assets), highly durable and scalable.

Question 23

S3: common use cases

Answer 23

Storing documents/images, backups, static web assets, data lakes, logs and artifacts.

Question 24

What is CloudWatch Logs?

Answer 24

AWS logging service to collect, store, and query logs from apps and AWS services.

Question 25

What is CloudWatch Metrics?

Answer 25

Time-series metrics for resources and apps (CPU, latency, error rate, queue depth, etc.).

Question 26

What is a CloudWatch Alarm?

Answer 26

A rule that triggers notifications/actions when a metric crosses a threshold (e.g., high 5xx rate).

Question 27

What metrics matter most for an API?

Answer 27

Latency (p95/p99), error rate (4xx/5xx), traffic/throughput, and saturation (CPU/memory/DB connections).

Question 28

What is an ALB?

Answer 28

Application Load Balancer: layer 7 load balancing for HTTP/HTTPS with routing rules.

Question 29

What is an NLB?

Answer 29

Network Load Balancer: layer 4 load balancing for TCP/UDP; low latency, high throughput.

Question 30

What is API Gateway?

Answer 30

Managed service to create, publish, secure, and monitor APIs; common with serverless/Lambda.

Question 31

Why are timeouts essential in service-to-service calls?

Answer 31

To prevent requests from hanging and causing resource exhaustion and cascading failures.

Question 32

What are retries and when are they safe?

Answer 32

Retrying failed calls; safest for idempotent operations (GET/PUT) and with backoff/jitter to avoid thundering herd.

Question 33

What is exponential backoff?

Answer 33

A retry strategy where delay increases after each failure (often with jitter) to reduce load during outages.

Question 34

What is a circuit breaker?

Answer 34

Stops calls to an unhealthy dependency after failures, allowing recovery and preventing cascading failures.

Question 35

What is “cascading failure” in microservices?

Answer 35

When one failing dependency causes timeouts/retries that overload other services, spreading the outage.

Question 36

What is SQS?

Answer 36

A managed message queue for decoupling producers/consumers and smoothing traffic spikes.

Question 37

SQS delivery semantics

Answer 37

Typically 'at least once' delivery: consumers must handle duplicate messages safely.

Question 38

What does “idempotent consumer” mean?

Answer 38

Processing the same message multiple times produces the same end result (no double-charging, no duplicate records).

Question 39

What is SNS?

Answer 39

A pub/sub service to fan out notifications to multiple subscribers (queues, lambdas, HTTP endpoints).

Question 40

What is EventBridge?

Answer 40

An event bus for routing events based on rules to targets (lambda, queues, etc.) for event-driven architectures.

Question 41

When prefer async (SQS/events) over sync REST?

Answer 41

For non-real-time tasks, resilience, decoupling, spike handling, and when eventual consistency is acceptable.

Question 42

What is “eventual consistency”?

Answer 42

System state becomes consistent over time; changes propagate asynchronously rather than instantly.

Question 43

Microservice definition

Answer 43

An independently deployable service that owns a focused capability and often its own data.

Question 44

Key microservice principles

Answer 44

Independent deployability, clear boundaries, strong observability, resilience, and careful API versioning.

Question 45

Why is a shared database across services a smell?

Answer 45

Tight coupling; schema changes become coordinated; it undermines independent deployability and ownership.

Question 46

What is “observability”?

Answer 46

Ability to understand system behavior from logs, metrics, and traces to debug issues quickly.

Question 47

What is a correlation ID?

Answer 47

An identifier propagated across services to connect logs/traces for a single request flow.

Question 48

What is “encryption in transit”?

Answer 48

Protecting data over the network using TLS/HTTPS.

Question 49

What is “encryption at rest”?

Answer 49

Encrypting stored data (e.g., RDS storage encryption, S3 SSE) to protect from disk-level exposure.

Question 50

What is AWS Secrets Manager?

Answer 50

Service to store and rotate secrets securely and inject them into apps at runtime.

Question 51

Parameter Store (SSM) vs Secrets Manager (basic)

Answer 51

Both store configuration; Secrets Manager adds rotation and is specialized for secrets management.

Question 52

What is “immutable artifact”?

Answer 52

A build output (jar/docker image) that doesn't change; build once and deploy the same artifact across environments.

Question 53

Why “build once, deploy many”?

Answer 53

Reduces environment drift; increases reproducibility and reliability.

Question 54

What is blue/green deployment?

Answer 54

Two environments (blue and green); switch traffic to the new version; rollback by switching back.

Question 55

What is canary deployment?

Answer 55

Roll out to a small percentage of traffic first; monitor metrics; expand or rollback based on health.

Question 56

What is a feature flag?

Answer 56

A runtime toggle to enable/disable features without redeploying; useful for safe releases and quick rollback.

Question 57

How to troubleshoot an AWS production issue (high-level)?

Answer 57

Check CloudWatch metrics/alarms and logs, confirm recent deploys, isolate app vs DB vs network vs downstream, mitigate/rollback, and add prevention.

Question 58

What is “saturation” in monitoring?

Answer 58

Resource capacity usage nearing limits (CPU, memory, threads, DB connections, queue depth).

Question 59

What is an SLO/SLI (basic)?

Answer 59

SLI = measurable indicator (latency, availability); SLO = target for that indicator (e.g., 99.9% availability).

Question 60

Common pitfalls in cloud services

Answer 60

Missing timeouts, overly broad IAM permissions, secrets in code, lack of monitoring, chatty sync calls, no rollback plan.

Question 61

What is “cold start” in Lambda?

Answer 61

Extra latency when Lambda initializes a new execution environment, especially after inactivity.

Question 62

Why separate config from code in cloud?

Answer 62

So you can deploy the same artifact and adjust behavior per environment safely (12-factor principle).

Question 63

What is an IAM “resource ARN”?

Answer 63

A unique identifier for an AWS resource used in policies to scope permissions.

Question 64

What is “throttling” in APIs?

Answer 64

Rate limiting to protect systems from overload; often configured in API Gateway or at service level.