AWS SysOps Administrator Interview Question-1

Consider you have to grant IAM access to your entire development team then how will you do this?

Instead of defining permissions for individual IAM users, it’s usually more convenient to create groups that relate to job functions. Next, we can define the relevant permissions for each group. Then, we can assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group.

A new company policy mandates that all S3 buckets use server-side encryption.What S3 encryption feature would you use?

Server-side encryption is about protecting data at rest. Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your own encryption keys. AWS manages the encryption keys for SSE-S3 and stores the keys for SSE-KMS.

Your manager wants to perform Penetration Testing on your entire AWS environment. How should you approach this?

It will depend on the service and the type of test they want to perform. Some will require permission.Penetration Testing is allowed with prior approval from AWS.

Which ELB response Codes indicates a normal, successful response from the registered instances?

A HTTPCode_Backend_2XX indicates a normal, successful response from the registered instances. 

In which service, your CloudTrail logs store?

Logs are stored in S3. We must specify a storage bucket name to enable CloudTrail. 

What is role of AWS Config?

AWS Config allows gives you a view of the configuration of your AWS infrastructure and compares it for compliance against rules you can define

What is the role of AWS Budgets?

AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users and finally, Reserved Instance Reporting provides a number of RI-specific cost management solutions to help you better understand and manage RI Utilization and Coverage.

What kind of a solution would give you near real-time visualizations of multiple EC2 instance metrics at once?

We can gather the necessary metrics together in CloudWatch Dashboards for complete operational visibility. 

You would like to run a Lambda function at the same time every night. How will you do this?

We can create rules that self-trigger on an automated schedule in CloudWatch Events using cron.

What does AWS Organizations offer?

AWS Organizations offers policy-based management for multiple AWS accounts as well as consolidated billing. Personal Health Dashboard provides alerts when AWS is experiencing outages and other events that may impact you. Inspector is used for vulnerability scanning of applications running on EC2. IAM is used for policy based access control for users under a single AWS account