Explore essential AWS EC2 and Virtual Private Cloud (VPC) interview questions designed to assess your foundational knowledge of cloud infrastructure, networking components, instance types, and security settings. Strengthen your understanding of key AWS EC2 and VPC concepts with practical, beginner-friendly scenarios.
Which option best describes a use case for a compute-optimized EC2 instance type?
Explanation: Compute-optimized EC2 instances are designed for applications that require significant CPU power, such as high-performance computing tasks. Running web servers for static sites or lightweight blogs typically requires less CPU, making general-purpose instances better suited. Storing large volumes of data is ideal for storage-optimized instances. Compute-optimized instances are not intended for storage-heavy or low-resource tasks.
What is the primary function of a security group in a virtual private cloud environment?
Explanation: A security group acts as a virtual firewall to control inbound and outbound traffic to resources. It does not handle encryption of data at rest, as this is managed separately. Automatic resource scaling is typically managed by another service, and network performance monitoring involves different tools. Security groups primarily focus on traffic filtering with customizable rules.
When launching a new EC2 instance, which of the following must you select to define the type of underlying hardware?
Explanation: Choosing an instance type specifies the hardware configuration, such as CPU, memory, and storage capacity, used by your EC2 instance. An IAM Role is for permissions, not hardware. Availability Zone defines the physical location, not the instance's characteristics. Placement Groups influence networking, not the primary hardware configuration.
Which statement best describes a subnet in a virtual private cloud?
Explanation: A subnet represents a segment of IP addresses within the boundaries of a virtual network, allowing resources to be organized and managed. It is not a global network resource, as it exists inside a specific VPC. While firewall rules are managed by security groups and network ACLs, a subnet itself does not provide DNS services directly.
Why would you associate an Elastic IP address with an EC2 instance in a VPC?
Explanation: Elastic IPs offer persistent public IPv4 addresses, ensuring consistent access even if the underlying resource changes. Creating additional subnets is unrelated to Elastic IPs. Storage performance and network encryption are separate concerns handled by different services and configurations. The primary use is maintaining a stable external IP address.
Which component is automatically created when a default VPC is set up in a new region?
Explanation: A public subnet is automatically set up within each default virtual network, allowing resources to access the internet. Custom network access control lists (NACLs) are not default; the default NACL is created automatically. Multiple VPN connections and network load balancers are not created by default with new VPCs.
What is a primary purpose of establishing a VPC peering connection?
Explanation: VPC peering enables resources in different virtual networks to communicate using private addresses, facilitating secure inter-network traffic. Sharing security groups across regions is not done via VPC peering. Elastic IP assignments and automatic resource scaling are unrelated to VPC peering functionality.
In a typical setup, what can an EBS volume be attached to?
Explanation: An EBS volume can be attached to only one running EC2 instance at a time within the same zone, allowing persistent block-level storage. Attaching to multiple EC2 instances across different zones is not supported. Security groups and network interfaces are not attachable resources for storage volumes.
How can you ensure that an EC2 instance in a subnet does not have direct internet access?
Explanation: A private subnet without a route to an internet gateway prevents instances from communicating directly with the public internet. Assigning a public IP or Elastic IP makes those instances reachable from the public internet. Placement groups are used for networking within the cloud, not for controlling internet access.
What happens to the root storage volume when you stop an EC2 instance, rather than terminate it?
Explanation: When an instance is stopped, the root volume is not deleted and retains stored data, allowing the instance to be restarted. Root volume deletion typically happens only upon termination, depending on configuration. Instances can be started after stopping, and encryption is a separate configuration not triggered by stopping.