cloud career

AWS Solutions Architect Interview Questions

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Do you want to learn how to master the technical part of the AWS solutions architect interview or cloud architect interview? If so, this blog is for you.

Today we’re going to talk about how to master the technical component of the cloud architect interview or AWS solutions architect interview. As hiring managers, we want to find strong, capable individuals that can competently perform the job and improve the quality of their team. How to gauge that competency is not based on the number of years of experience you have, or the number of certifications you have, but it’s based on the technical interview.

It’s not just your technical capabilities that are judged in the technical interview, though! -We learn your level of competency, and to a certain degree we can measure your soft skills. We can check your emotional intelligence by the way you respond to these technical interview questions. We can check your communication skills, as well as your sales skills because you’re effectively going to be selling yourself to the hiring manager. So a hiring manager learns a lot in this interview.

Hiring Managers accomplish this by asking open-ended cloud architect interview questions. We don’t ask multiple choice or fill in the blank style questions, because anyone can basically memorize responses to these. The reason they’re open-ended is because as an architect you must be able to interact with customers, ask the right questions, look at the customer’s business, legal, technical, and regulatory requirements, and then design a solution.

So let’s dig into the example interview questions and possible responses.

Question 1. “How do you secure a VPC?”

We want to know if someone truly understands security, vs. just learning a security term.

  • For example, when I ask that question and someone’s answer is “use a NACL and a security group”, I know they’ve read a book or passed an exam, but I know they don’t understand
  • But if someone replies: “You secure your VPC in layers. A firewall at the edge of your network to  keep a strong perimeter and keep outsiders out behind the firewall. Using IDS, IPS system, to see what’s going on if there’s an intrusion. And if there is an intrusion thwart the intrusion as it occurs. Use some DDoS protection outside of your domain and then inside of your domain, keep unwanted traffic out of your subnets within a Network Keep unwanted traffic out of your servers with the security group, add a host-based firewall   and anti-malware protection to your servers. Then add components such as IAM, then locking down your systems to make sure they don’t have any unnecessary services and patching for vulnerabilities (“server hardening”), and etc.”

When I hear that from a candidate, I know they understand security. If it’s only the name of a service, I know they passed an exam.

During these interviews, it is up to you to show that you’re competent. Show some depth of knowledge to show that you understand it, and you’ll be hired because it’s very hard to find qualified people that can answer questions like this.

Question 2. “When an organization wants to use cloud as a disaster recovery site, what are the options, and what are the strengths and weaknesses of each option?”

This question gives us good information about the person’s architectural abilities.

There really are four options with regards to using the cloud for disaster recovery, and each one of these has strengths and weaknesses.

  • First option is a completely cold standby. You put machine images of your servers in the remote location, and periodically send your data there to the remote Advantage of this is that it’s super cheap. Disadvantage is it’s going to take a long time to come back to service, should you have a primary failure.
  • Second option is when you make machine images of your web layer and your application layer, but you keep a standby database that’s active and receiving the information to be Advantage of that is you still have a slow fail-over, but it’s much faster because your data is always up to date.
  • Third option is to basically replicate your environment but use very small instances in the disaster recovery site placing them in an auto scaling group. By using an auto scaling group, they know that if their primary site fails all the traffic through  DNS will be shifted to your disaster recovery site and the systems will scale out and you’ll have more computing Disadvantages with this approach, it takes 20 to 60 minutes for your systems to auto-scale  thus it’s not the fastest”.
  • Fourth option is this. You can just run a standby everything, a complete hot standby. Whatever you have in location A, you have it in the location The only time it’ll take is for DNS to detect one site down. It will reroute your traffic to the other one.

This type of answer shows extreme depth of knowledge, and that’s how I know that someone’s an architect, and that’s how I know someone can design systems.

Question 3. “When should you use a direct connection, and when should you use a VPN?”

This question gives us an indication if someone understands networking, or at least components of networking.

  • A direct connection is not exactly a wire but logically it’s a wire between two locations, but the latency is going to be consistent. You’re going to be guaranteed to have the performance of that entire
  • If an organization needs guaranteed bandwidth and guaranteed consistent latency, they must use a direct connection. If a candidate explains that direct connection is just for performance and he/she couldn’t explain why performance is mentioned, a hiring manager knows that they’ve passed an exam but don’t understand the
  • The right answer should be: “You use VPN when you want to make it easy to create one connection to multiple sites, because the Internet’s there, you use the VPN because it’s cheaper, and because you’ve got the flexibility via VPN and everybody for the most part has internet access. You can create connections on demand, it’s very easy to connect to multiple remote The downside is you’re dependent upon internet bandwidth and latency, which is not guaranteed”.

That way you show your understanding of the VPN and the direct connect concept.

Question 4. “You’ve got a main site, hosted in the cloud and there are 10 remote sites. The 10 remote sites need to talk to the cloud as well as to talk to each other. How could you do this? What are your architectural approaches? “

This question will show if the person understands cloud networking.

There are three approaches – each one of them has different strengths.

  • First approach. Create VPN connections between the cloud and each remote site and that would work
  • Second approach. Set up VPC peering, so locations can all peer with each other. If everybody needs to connect to everybody, you’re going to have to fully mesh VPC peers. Advantages of this option are that everyone has a connection to everyone, should something happen in a central place everybody could still talk to everybody else that they need Also, the performance is better because you’re never more than one hop away. Disadvantages are that when you’re fully meshed you will have an incredible number of peers and they add up rapidly because the number of peers increases dramatically.
    • Remember, the formula to determine the peers is N times N minus one divided by two. Example – you have 3 VPCs that need to peer with each other it’s no big
    • Thus 3 x (3 -1) = 6; Then 6/2 = In the current example, you have 10 locations, thus 10 x (10-1)= 90; Then 90/2=45. By going from 3 to 10 locations, the number of connections really went up.
  • Third Using CloudHub. CloudHub is a way to create a hub and spoke VPN connection, in the AWS environment. It allows for the organizations to still talk to each other through the hub and spoke just like a traditional environment.

If the candidate only addresses the third approach, then I know they’ve only learned a service and passed an exam.

Question 5. “What functions are achieved by IPSec?”

This question shows if the candidate understands IPSec. If they do, they will know all the amazing things that IPSec does beyond just encryption.

  • If they only know encryption, I know they’ve probably passed a certification exam. That is still good, but I know they don’t really understand
  • The right answer is: “IPSec provides the ability to authenticate each remote end to prevent man in the middle attacks where someone presents to be someone else, and that it can ensure the integrity of your data because it uses a hashing algorithm.

Since you know there’s data integrity if you’ve got a message going from point A to point B,   someone can send someone an electronic payment for a hundred dollars and have it changed to a million dollars, because you can verify that nothing has been changed.

The last thing that comes out of IPSec is something called non-repudiation. Effectively there’s a record of the message, so if this person orders something from this person and then receives it, this person can’t say after the fact, “I didn’t order” because that’s the non- repudiation.

With IPSec, you can authenticate, you have the ability to determine message integrity, and you have the ability to verify that messages are sent and provide a non- repudiation environment. In addition to the encryption, and the ability to tunnel private IP addresses, private traffic,   and private routing information over a public network.

 

Make sure to stay tuned for more content from Go Cloud Careers, and more interview preparation articles. This week we focused heavily on the network, but the network is part of the cloud. Just remember the cloud is nothing more than a virtualized network in a virtualized data center.

Cloud Architect Career Development Program

16-week (self-paced)

Hybrid Live Sessions and On-Demand

Slack Community

In-Depth labs

And More

Recent Articles

Subscribe To Our Newsletter

Get updates and learn from the best

About Our Founder

Michael Gibbs is the CEO of Go Cloud Careers, a global organization that provides training for elite cloud computing careers and places a strong emphasis on helping individuals achieve their dream technology career. He is an outspoken critic of single cloud reliance and was recently featured in Investors Business Daily, Information Week, Tech Target, Authority Magazine, authored articles in HomeBusinessMagazine, and has appeared on Inside Analysis and TechStrong TV. In 2013, after a successful career with Cisco Systems as a Global Systems Engineer, he founded Go Cloud Architects, an educational organization focused on helping individuals achieve their dream technology career.

Michael is a technology expert with 25 years of experience in networking, cloud computing, and IT security. After a successful career with Cisco Systems, where he served in senior leadership as the lead enterprise architect in the global healthcare consulting practice, Michael founded Go Cloud Architects. Michael is a highly requested speaker and industry thought leader who presents at key conferences throughout the world. A passionate educator with 20 years of experience in coaching and mentoring others; Michael is also a Cisco Certified Internetwork Expert, a Google Professional Cloud Architect and holds a Master’s of Science (MS) and Master’s of Business Administration (MBA) from Widener University.

About Our Company

Go Cloud Careers is an educational organization that builds high-performance cloud computing careers. Go Cloud is founded on one premise – we get you hired. While other organizations focus on certifications or just technical proficiency; Go Cloud students develop a practical and deep knowledge of the cloud computing roles and responsibilities to build an elite tech career.

In addition to technical competency, the core instructional emphasis includes teaching the skills necessary for elite technology roles. These include leadership skills, attitude, emotional intelligence, communication skills, presentation skills, sales skills, interview skills, and more. Go Cloud students finish with more than just certifications, and by combining these executive-level skills are more desirable to employers; and will ultimately be more effective in their careers long term.

How Can We Help You Reach Your Dream Career?

Career Development Programs

At Go Cloud Careers our goal is to improve the cloud computing community as a whole, by developing individuals to succeed in their roles. Our Career Development Programs are designed to help you get the best career at the fastest speed possible. These programs not only provide technical training, but also the much-overlooked soft skills and emotional intelligence that determine whether an individual can reach that dream career. In these group training programs, we provide a combination of live group training sessions, on-demand web-based content, and extensive labs. We also provide server access to our students, to build their own cloud architectures from the ground up. You can find more information on the programs by clicking the button below.

Cloud Architect Career Development Program

Cloud Engineer Career Development Program

Tech Career Accelerator Program

Our FREE Offerings Every Week

Free Webinars

Go Cloud Careers offers the “How to get your first cloud job webinar each week on Thursday. You can register for the next webinar here. We conduct a presentation in the beginning and afterward, participants can ask any questions they want. We will even help build a career plan LIVE on these free calls. We will talk about:

  • What employers desire
  • How to build a perfect resume
  • How to get your name out to the community
  • How to get hired
  • Things to do on your interview

Register for the How to Get Your First Cloud Job Webinar

With Our Compliments

Go Cloud Careers is truly excited to offer multiple FREE resources for AWS Certification training. These include:

We look forward to you joining our Go Cloud Careers community!

More To Explore

AWS

AWS VPC Security Best Practices

In today`s article, we’ll discuss different measures for AWS VPC security best practices. Security is different layers of protection in order not to get hacked. 

Do You Want To Get Cloud Hired or Cloud Promoted

Take A Look at Our Training Programs

Increase Your Potential30% Discount code "potential"

Depending on the metrics that you look at we are seeing inflation between 6% and 10% for a sustained period of time. With that in mind, we offer this discount with the goal for you to increase your earning and employment potential. 

%d bloggers like this: