1. What are the main advantages of cloud computing?

• Cost Efficiency: Reduces capital expenditure by eliminating the need to buy hardware or
maintain data centers.

• Scalability: Allows businesses to scale resources up or down based on demand.

• Flexibility: Provides access to a wide range of services, enabling businesses to adopt solutions
tailored to their needs.

• Reliability: Offers high availability and disaster recovery options.

• Global Reach: Enables businesses to deploy applications worldwide with minimal latency.

• Automatic Updates: Ensures the latest security and software updates are applied without user
intervention.

2. What is cloud computing?

Cloud computing refers to the delivery of computing services—such as servers, storage, databases,
networking, software, and analytics—over the internet (“the cloud”). It allows users to access and store
data and applications on remote servers instead of local hardware, providing on-demand resources and
scalability.

3. What is the purpose of AWS Regions and Availability Zones?

• AWS Regions: Independent geographical areas designed to provide full redundancy and fault
tolerance. Each region contains multiple Availability Zones (AZs) and is isolated from other
regions to ensure compliance and reduce latency for users in specific areas.

• Availability Zones: Physically separate data centers within a region, designed for fault isolation.
They allow users to build highly available applications by distributing resources across multiple
AZs to ensure minimal downtime.
4. How does the AWS Management Console help users manage AWS resources?

The AWS Management Console is a web-based interface that helps users:

• Launch and configure services with a graphical interface.

• Monitor resources using dashboards and performance metrics.

• Manage billing and costs.

• Access service-specific tools like S3 bucket management or EC2 instance configuration.

• Simplify administration with a centralized view of all AWS resources.

5. What are edge locations in AWS, and how do they contribute to content delivery?

Edge locations are data centers located globally where AWS services, such as Amazon CloudFront, cache
content to deliver it closer to end users. They contribute to content delivery by:

• Reducing latency: Ensuring faster load times for users by serving content from the nearest edge
location.

• Enhancing performance: Providing seamless streaming and reduced buffering.

• Improving reliability: Automatically routing requests to the next closest edge location if one
becomes unavailable.

6. What is the problem with the traditional IT approach compared to using the Cloud?

• High Costs: Traditional IT requires significant upfront investment in hardware, software, and
maintenance.

• Limited Scalability: Scaling resources is time-consuming and expensive in traditional setups.

• Resource Inefficiency: Overprovisioning for peak demand leads to wasted resources, while
underprovisioning causes performance issues.

• Complex Maintenance: Regular updates, patching, and managing infrastructure require

dedicated IT staff.

• Geographical Constraints: Expanding services globally is difficult and costly.

7. What is Amazon EC2, and what are its main uses?

Amazon EC2 (Elastic Compute Cloud) is a web service that provides scalable compute capacity in the
cloud.
Main Uses:

• Hosting applications and websites.

• Running batch jobs or large-scale compute tasks.

• Development and testing environments.

• Running big data analytics and machine learning workloads.

• Disaster recovery and backup solutions.

8. Differentiate between stopping and terminating an instance.

• Stopping an Instance: Shuts down the instance, but its root volume remains, and data is
preserved. You can restart the instance later.

• Terminating an Instance: Permanently deletes the instance and its associated storage unless
marked as “Delete on Termination.”

9. What are EC2 On-Demand, Reserved, and Spot Instances?

• On-Demand Instances: Pay-as-you-go model without commitments. Ideal for short-term or

unpredictable workloads.

• Reserved Instances: Offer significant cost savings with a commitment of 1 or 3 years. Best for
stable workloads.

• Spot Instances: Allow bidding for unused EC2 capacity at discounted rates. Suitable for non-
critical, interruptible workloads.
10. What are the different types of EC2 instance families?

• General Purpose: Balanced compute, memory, and networking (e.g., t3, m6).

• Compute Optimized: High-performance computing tasks (e.g., c6g).

• Memory Optimized: Workloads requiring large memory (e.g., r6i).

• Storage Optimized: High read/write performance (e.g., i4i).

• Accelerated Computing: GPU-based processing for AI/ML (e.g., p4d).

11. What is an Elastic IP address in EC2?

An Elastic IP is a static IPv4 address designed for dynamic cloud computing. It allows users to mask the
failure of an instance by remapping the address to another instance in the same account.

12. What is Amazon Elastic Block Store (EBS)?

Amazon EBS provides block-level storage volumes for use with EC2 instances. EBS volumes are highly
available, durable, and allow data persistence even when the instance is stopped.

13. What are the types of EBS volumes available in AWS?

• General Purpose SSD (gp3, gp2): Cost-effective, suitable for most workloads.

• Provisioned IOPS SSD (io2, io1): High-performance, low-latency storage for critical applications.

• Throughput Optimized HDD (st1): High throughput for streaming workloads.

• Cold HDD (sc1): Low-cost storage for infrequent access.

• Magnetic Standard: Legacy option for low-cost storage.

14. What is Amazon S3, and why is it important?

Amazon S3 (Simple Storage Service) is an object storage service that provides secure, scalable, and
durable data storage.
Importance:

• Cost-effective storage for data backups, archives, and content delivery.

• Seamless integration with other AWS services.

• High availability and durability (99.999999999% durability).

15. What is an EBS snapshot, and how does it work?

An EBS snapshot is a point-in-time backup of an EBS volume. It stores only the changed data since the
last snapshot, reducing storage costs. Snapshots can be used to restore volumes or create new ones.

16. Can you share EBS snapshots across AWS accounts?

Yes, EBS snapshots can be shared across AWS accounts by modifying their permissions. Shared snapshots
can be public or private. However, encryption must be removed or a key must be shared for encrypted
snapshots.

17. Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?

• Running Instance: The private IP address cannot be changed.

• Stopped Instance: The private IP address can be reassigned only if you launch the instance with
a new one.

18. What is Identity and Access Management, and how is it used?

AWS Identity and Access Management (IAM) allows you to manage access to AWS services and
resources securely.
Uses:

• Create and manage users, groups, and roles.

• Apply policies to control permissions.

• Enable multi-factor authentication for secure access.

19. What is Identity and Access Management (IAM)?

IAM is a framework that ensures authorized users and devices can access specific resources. It provides
tools for:

• User authentication.

• Role-based access control.

• Auditing and monitoring activities.

20. Explain the difference between Authentication and Authorization.

• Authentication: Verifies the identity of a user or system (e.g., login credentials, biometrics).

• Authorization: Determines what actions or resources an authenticated user is allowed to access

based on assigned permissions.

21. What are the key components of an IAM system?

• Users: Represents individual accounts with specific permissions.

• Groups: Collections of users with shared permissions for easier management.

• Roles: Temporary permissions assigned to AWS services or users, allowing them to perform
specific tasks.

• Policies: JSON documents that define permissions and control access to AWS resources.

• Authentication Methods: Includes password-based logins, access keys, and Multi-Factor

Authentication (MFA).

22. What is an IAM policy, and how does it work?

An IAM policy is a JSON document that defines permissions for actions on AWS resources.
How it works:

• Specifies actions (what can be done), resources (where actions apply), and conditions (when
and how actions are allowed).

• Policies are attached to users, groups, or roles to grant or restrict access.

23. What is the difference between an inline policy and a managed policy?

• Inline Policy: Directly attached to a specific user, group, or role. It is tightly coupled with the
entity and cannot be reused.

• Managed Policy: Standalone policy that can be reused and attached to multiple users, groups, or
roles. AWS provides AWS Managed Policies, and users can create Customer Managed Policies.

24. What is Multi-Factor Authentication (MFA), and why is it important?

MFA is a security mechanism requiring two or more authentication factors:

• Something you know (password).

• Something you have (a mobile device or token).

Importance:

• Enhances account security by requiring additional verification.

• Protects accounts from unauthorized access, even if credentials are compromised.

25. Explain the difference between full, incremental, and differential snapshots.

• Full Snapshot: A complete backup of all data at a specific point in time.

• Incremental Snapshot: Captures only the changes made since the last snapshot, reducing
storage and backup time.

• Differential Snapshot: Captures changes made since the last full snapshot, requiring the latest
full snapshot for restoration.

26. What is an Amazon VPC?

Amazon VPC (Virtual Private Cloud) is a customizable network environment in AWS that allows users to
define and manage isolated sections of the AWS cloud. It provides full control over network
configuration, including IP address ranges, subnets, and security settings.
27. What are the main components of an Amazon VPC?

• Subnets: Divide the VPC into public and private sections.

• Route Tables: Define how traffic is routed within the VPC and to external networks.

• Internet Gateway (IGW): Allows resources in public subnets to access the internet.

• NAT Gateway: Enables resources in private subnets to access the internet securely.

• Security Groups: Control inbound and outbound traffic at the instance level.

• Network Access Control Lists (NACLs): Control traffic at the subnet level.

28. What is the difference between a public subnet and a private subnet?

• Public Subnet:

o Accessible from the internet via an Internet Gateway (IGW).

o Typically hosts public-facing resources like web servers.

• Private Subnet:

o Not directly accessible from the internet.

o Hosts resources like databases or application servers requiring internal access only.
Access to the internet is possible via a NAT Gateway.