Answer: Recovery Time Objective is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable. Recover Point Objective is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.

Answer: An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.
A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.

Answer: A Stateful Firewall is the one that maintains the state of the rules defined. It requires defining only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow. 
A Stateless Firewall requires to explicitly defining rules for inbound as well as outbound traffic. For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.

Answer: An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.
An EBS Volume represents a persistent storage disk and he data stored will be available even after the instance is turned off.

Answer:Amazon Route 53 uses the following to provide high availability and low latency:
Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
Dependency - Route 53 provides a high level of dependability required by critical applications.
Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.

Answer:

• A template for the root volume for the instance.
• Launch permissions to decide which AWS accounts can avail the AMI to launch instances.
• A block device mapping that determines the volumes to attach to the instance when it is launched.

Answer: Eventual Consistency - It means that the data will be consistent eventually that will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. Strong Consistency - It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly, this model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.

Answer: When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.
On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

Answer: No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.

Answer:

• IaaS – Infrastructure as a Service (IaaS) allows users to access virtual computing resources with the help of the internet. A service provider hosts server, storage, hardware, etc. on behalf of the users via IaaS. It offers high scalability and can adapt according to the workload. IaaS providers also manage tasks of their users like system maintenance, backup, resilience, etc.
• PaaS – Platform as a Service (PaaS) helps service providers to deliver software and hardware tools to their users. It is especially used for the application development process, and one can receive applications from the service provider via the internet using PaaS. Users do not have to own in-house software/hardware for application development/testing as they can do it with the help of PaaS.
• SaaS – Software as a Service (SaaS) is a widely sold model by service providers for software distribution. On-demand computing software can be delivered using SaaS to the users/customers. The SaaS model is preferred as it is easy to administer and manage patches.

Answer: NAT (Network Address Translation) is an AWS service that helps in connecting an EC2 instance to the internet. The EC2 instance used via NAT should be in a private subnet. Not only the internet but NAT can also help in connecting an EC2 instance to other AWS services.
Since we are using the EC2 instance in a private subnet, connecting to the internet via any other means would make it public. NAT helps in retaining the private subnet while establishing a connection between the EC2 instance and the internet. Users can create NAT gateways or NAT instances for establishing a connection between EC2 instances and internet/AWS services.
NAT instances are single EC2 instances, while NAT gateways can be used across various availability zones. If you are creating a NAT instance, it will support a fixed amount of traffic decided by the instance’s size.

Answer: Both AWS and OpenStack are indulged in providing cloud computing services to their users. AWS is owned and distributed by Amazon, whereas OpenStack is an open-source cloud computing platform. AWS offers various services in cloud computing and offers IaaS, PaaS, etc., whereas OpenStack is an IaaS cloud computing platform. You can use OpenStack for free as it is open source, but you have to pay for AWS services as you use it.
Another significant difference between AWS and OpenStack is in terms of performing repeatable operations. While AWS performs repeatable functions via templates, OpenStack does it via text files. OpenStack is good for understanding and learning cloud computing, but AWS is better and equipped for businesses. AWS also offers business development tools that OpenStack does not offer.

Answer: AWS Lambda is a computing platform provided as a part of the AWS services that do not need servers to perform activities. Any code compiled on AWS Lambda will run in response to events, and it identifies the resources required for code compilation automatically. AWS Lambda supports various coding languages like Node.js, Python, Java, Ruby, etc. With AWS Lambda, you will pay only for the time your code is being executed. You will not be charged any amount when you are not using any computer time.

Answer: For safeguarding the applications running on AWS from any kind of DDoS (Distributed Denial of Service) attacks, we can use AWS Shield. AWS Shield can automatically identify a DDoS attack and will reduce the application downtime and latency. A firm doesn’t have to contact Amazon tech support as all the protective measures can be automated via AWS Shield. All the AWS users are subjected to automatic protections against DDoS attacks via AWS Shield Standard. However, for protection against large/organized DDoS attacks, one can use the AWS Shield Advanced services. 
AWS Shield Advanced protects the AWS-based applications against various sophisticated DDoS attacks on the network and transport layer. It also provides real-time visibility and monitoring at the time of any DDoS attack on the AWS applications.

Answer: HVM – HVM (Hardware Virtual Machine) helps in full virtualization of hardware where all the virtual hardware machines act as an individual unit. Once AWS AMI virtualization is done, the virtual machines execute the master boot record to boot themselves. The root block device of the created AWS machine image contains the master boot record executed by virtual machines.
PV – PV (Paravirtualization) is virtualization to a lighter degree as compared to HVM. The guest OS in PV will require some modifications before performing anything. These modifications help users to export a scalable and modified version of hardware to the virtual machines.
PV on HVM – Paravirtualization on HVM can also be done for increased functionality. Operating systems can get access to storage and network I/O through the host via PV on HVM.

Answer: CloudFront CDN (Computer Delivery Network) is a group of distributed servers used to deliver web content like webpages, etc. The delivery done by CloudFront CDN is based on the geographic region of the user, webpage origin, and the server being used for content delivery. The origin of all the files that are to be distributed by the CDN needs to be defined. An origin for CDN can be an S3 bucket, an AWS instance, or an elastic load balancer. Two types of distribution are done by CloudFront CDN that is web distribution, and RTMP. Web distribution is used for websites, whereas RTMP is used for media streaming. There are around 50 edge locations distributed in various parts of the world. Edge locations are sites where the web content is cached during the delivery process.

Answer: Simple Notification Service (SNS) offered by AWS is a means of sending messages from one application to another. It is a cost-effective solution that helps users publish messages from any particular application and forward them to other applications. SNS can also send push notifications to various mobile devices like Apple, Google, Windows phones, etc. One can also send an email/SMS to an HTTP endpoint using AWS SNS.
The best feature of SNS is that multiple types of endpoints can be grouped. SNS also supports various types of endpoints under one topic. For example, one can group Apple and Android recipients using SNS and send messages to all subscribers. SNS stores the messages already published in various availability zones to prevent any type of data loss.

Answer: S3 transfer acceleration is used to make uploads to S3 quickly. S3 transfer acceleration does not upload directly to an S3 bucket as it uploads the file to the nearest edge location. A distinct URL is used by S3 transfer acceleration to upload the file to the nearest edge location and then transfer it to the required S3 bucket.
CloudFront edge network is utilized by S3 transfer acceleration to make uploads quickly, and it also optimizes the transfer process. The edge location to which the file is uploaded will automatically transfer the file to the S3 bucket in less time. The data between clients and S3 buckets can be securely transferred using the S3 transfer acceleration service by Amazon.

Answer: The benefits of using AWS RDS are as follows:

• While using AWS RDS, you can control/tweak various database services like CPU, storage, etc., individually.
• AWS RDS helps you in enabling automatic backup and updating your database servers to the latest configuration.
• AWS RDS also creates a backup instance that can be used at the time of failover and prevents data loss.
• You can distribute the read traffic by creating RDS read replicas from the source database.

Answer: In AWS, volume is block-level storage that we can assign to an EC2 instance. We can compare this to a hard disk from where the user can read or write the data. You pay for the data used by volumes as it is a way of measuring the storage section.
A snapshot is formed when we have a volume as it is a single point in time view of a volume. When the data stored in a volume is copied to another location at a single point in time, a snapshot is formed.

Answer: AWS interview questions can be related to cloud access, security, customer service, and many more topics. One should practice AWS interview questions from diverse topics related to AWS services for cracking the interview.
Security groups are used to control access to instances, while the network access control list is concerned with controlling the access at the subnet level. Network access control list can add rules for both ‘allow’ and ‘deny,’ whereas security groups can add only rules for ‘allow.’

Answer: Cross Region Replication is a service available in aws that enables to replicate the data from one bucket to another bucket which could be in a same or different region. It provides asynchronous copying of objects, i.e., objects are not copied immediately

Answer:Regions: A region is a geographical area which consists of 2 or more availability zones. A region is a collection of data centers which are completely isolated from other regions.
Availability zones: An Availability zone is a data center that can be somewhere in the country or city. Data center can have multiple servers, switches, firewalls, load balancing. The things through which you can interact with the cloud reside inside the Data center.

Answer: Elastic Block Store is a service that provides a persistent block storage volume for use with EC2 instances in aws cloud. EBS volume is automatically replicated within its availability zone to prevent from the component failure. It offers high durability, availability, and low-latency performance required to run your workloads.

Answer: EIP (Elastic IP address) is a service provided by an EC2 instance. It is basically a static IP address attached to an EC2 instance. This address is associated with your AWS account not with an EC2 instance. You can also disassociate your EIP address from your EC2 instance and map it to another EC2 instance in your AWS account.

Answer: Policy is an object which is associated with a resource that defines the permissions. AWS evaluate these policies when user makes a request. Permissions in the policy determine whether to allow or to deny an action. Policies are stored in the form of a JSON documents.

Answer:

• A VPC peering connection is a networking connection that allows you to connect one VPC with another VPC through a direct network route using private IP addresses.
• By using VPC peering connection, instances in different VPC can communicate with each other as if they were in the same network.
• You can peer VPCs in the same account as well as with the different AWS account

Answer: S3 is a storage service where it can store any amount of data which consists of a REST interface and uses secure HMAC-SHA1 authentication keys.
EC2 is a web service used for hosting an application. It is a virtual machine which can run either Linux or Windows and can also run the applications such as PHP, Python, Apache or other databases.

Answer: An Amazon Kinesis Firehose is a web service used to deliver real-time streaming data to destinations such as Amazon Simple Storage Service, Amazon Redshift, etc.

Answer: Vertical scaling means scaling the compute power such as CPU, RAM to your existing machine while horizontal scaling means adding more machines to your server or database. Horizontal scaling means increasing the number of nodes, and distributing the tasks among different nodes.

Answer: Amazon EC2 service is a cloud facility which has entirely all the cloud features. Amazon EC2 delivers the subsequent features:

• Virtual computing atmosphere (popular as instances)
• Pre-configured patterns
• Amazon Machine Images 

Q87. What is multi-AZ RDS?