DevOps & Cloud Mastery: 100 Must-

Know Questions on AWS, Azure, and GCP

(2025)
AWS

IAM (Identity and Access Management)

1. What is AWS IAM?

Answer:
IAM (Identity and Access Management) is a service that helps you securely control access to
AWS resources by managing users, groups, roles, and permissions.

2. What is an IAM Role?

Answer:
An IAM Role is an identity with permissions that can be assumed by users, applications, or
services. It does not have credentials (username/password) associated with it.

3. What is the difference between an IAM User and an IAM Role?

Answer:

o IAM User: Represents a person or application with long-term credentials.

o IAM Role: Represents a set of permissions that can be assumed temporarily.

4. What is an IAM Policy?

Answer:
An IAM Policy is a JSON document that defines permissions for users, groups, or roles.

5. How do you enforce Multi-Factor Authentication (MFA) in AWS?

Answer:
Use IAM policies to enforce MFA for specific actions or resources.
 6. What is the purpose of an IAM Group?
Answer:
An IAM Group is a collection of IAM users that share the same permissions.

7. How do you rotate IAM access keys?

Answer:
Create a new access key, update applications to use the new key, and then delete the old key.

8. What is the difference between an IAM Policy and a Bucket Policy in S3?
Answer:
o IAM Policy: Attached to users, groups, or roles to control access to AWS resources.

o Bucket Policy: Attached to an S3 bucket to control access to the bucket and its objects.

9. What is the principle of least privilege in IAM?

Answer:
Grant only the minimum permissions required for a user or role to perform their tasks.

10. How do you restrict access to specific AWS regions using IAM?
Answer:
Use a condition in the IAM policy to restrict actions based on the aws:RequestedRegion key.

EC2 (Elastic Compute Cloud)

11. What is AWS EC2?

Answer:
EC2 (Elastic Compute Cloud) is a web service that provides resizable compute capacity in the
cloud.

12. What is an EC2 Instance Type?

Answer:
An EC2 Instance Type defines the hardware (CPU, memory, storage, etc.) of the virtual machine.

13. What is the difference between Spot Instances and On-Demand Instances?
Answer:

o On-Demand Instances: Pay for compute capacity by the hour with no long-term
commitment.

o Spot Instances: Bid for unused EC2 capacity at a lower cost, but instances can be
terminated by AWS with short notice.

14. What is an AMI?

Answer:
An AMI (Amazon Machine Image) is a template that contains the software configuration (OS,
applications, etc.) required to launch an EC2 instance.
 15. How do you secure an EC2 instance?
Answer:

o Use Security Groups to control inbound and outbound traffic.

o Apply IAM roles for permissions.

o Regularly update the OS and applications.

16. What is an Elastic IP?

Answer:
An Elastic IP is a static IPv4 address designed for dynamic cloud computing. It can be associated
with an EC2 instance.
17. What is the purpose of a Security Group?
Answer:
A Security Group acts as a virtual firewall to control inbound and outbound traffic for EC2
instances.

18. What is the difference between a Security Group and a Network ACL?
Answer:

o Security Group: Stateful, applies to instances, and allows only "allow" rules.

o Network ACL: Stateless, applies to subnets, and allows both "allow" and "deny" rules.

19. What is an EC2 Auto Scaling Group?

Answer:
An Auto Scaling Group automatically adjusts the number of EC2 instances based on demand or
predefined policies.

20. How do you connect to an EC2 instance?

Answer:
Use SSH for Linux instances or RDP for Windows instances. Example:

bash

Copy

ssh -i key.pem ec2-user@public-ip

S3 (Simple Storage Service)

21. What is AWS S3?

Answer:
S3 (Simple Storage Service) is an object storage service that offers scalability, data availability,
and security.
 22. What is an S3 Bucket?
Answer:
An S3 Bucket is a container for storing objects (files) in S3.

23. What is the difference between S3 Standard and S3 Glacier?

Answer:

o S3 Standard: For frequently accessed data.

o S3 Glacier: For long-term archival storage with low cost.

24. What is S3 Versioning?

Answer:
S3 Versioning keeps multiple versions of an object in the same bucket, protecting against
accidental deletion or overwrites.

25. What is an S3 Lifecycle Policy?

Answer:
An S3 Lifecycle Policy automates the transition of objects between storage classes or deletion
after a specified period.

26. What is S3 Cross-Region Replication?

Answer:
S3 Cross-Region Replication automatically replicates objects from one bucket to another in a
different AWS region.

27. What is the difference between S3 and EBS?

Answer:

o S3: Object storage for files and backups.

o EBS: Block storage for EC2 instances.

28. How do you enable encryption for S3?
Answer:
Use Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3), customer-managed keys
(SSE-KMS), or client-side encryption.

29. What is an S3 Pre-Signed URL?

Answer:
A Pre-Signed URL provides temporary access to a private S3 object.

30. What is S3 Transfer Acceleration?

Answer:
S3 Transfer Acceleration uses CloudFront's edge locations to speed up file transfers to and from
S3.

Lambda
 31. What is AWS Lambda?
Answer:
AWS Lambda is a serverless compute service that runs code in response to events without
provisioning or managing servers.

32. What is the maximum execution time for a Lambda function?

Answer:
15 minutes.

33. What is a Lambda Layer?

Answer:
A Lambda Layer is a distribution mechanism for libraries, custom runtimes, or other
dependencies.

34. How do you trigger a Lambda function?

Answer:
Use event sources like S3, DynamoDB, API Gateway, or CloudWatch Events.

35. What is the difference between synchronous and asynchronous invocation in Lambda?
Answer:

o Synchronous: The caller waits for the function to complete.

o Asynchronous: The function is queued for execution, and the caller does not wait.

VPC (Virtual Private Cloud)

36. What is a VPC?

Answer:
A VPC (Virtual Private Cloud) is a logically isolated section of the AWS cloud where you can
launch resources.

37. What is a Subnet?

Answer:
A Subnet is a range of IP addresses in a VPC where resources can be launched.

38. What is the difference between a Public Subnet and a Private Subnet?
Answer:

o Public Subnet: Has a route to the internet via an Internet Gateway.

o Private Subnet: Does not have direct internet access.

39. What is a NAT Gateway?

Answer:
A NAT Gateway allows instances in a private subnet to access the internet for updates or patches
while preventing inbound traffic.
 40. What is a VPC Peering Connection?
Answer:
A VPC Peering Connection enables private connectivity between two VPCs.

Load Balancers

41. What is an Elastic Load Balancer (ELB)?

Answer:
An ELB distributes incoming traffic across multiple EC2 instances.
42. What are the types of ELB?
Answer:

o Application Load Balancer (ALB): Operates at Layer 7 (HTTP/HTTPS).

o Network Load Balancer (NLB): Operates at Layer 4 (TCP/UDP).

o Classic Load Balancer (CLB): Operates at both Layer 4 and Layer 7.

43. What is the difference between ALB and NLB?

Answer:

o ALB: Best for HTTP/HTTPS traffic with advanced routing features.

o NLB: Best for high-performance, low-latency TCP/UDP traffic.

44. What is a Target Group in ALB?

Answer:
A Target Group is a set of EC2 instances or Lambda functions that receive traffic from the ALB.

45. How do you enable SSL/TLS on an ELB?

Answer:
Upload an SSL/TLS certificate to AWS Certificate Manager (ACM) and associate it with the ELB.

Azure

IAM (Azure Active Directory)

46. What is Azure AD?
Answer:
Azure AD (Active Directory) is a cloud-based identity and access management service.

47. What is an Azure Role?

Answer:
An Azure Role defines a set of permissions for managing Azure resources.

48. What is the difference between Azure AD and On-Premises AD?

Answer:
 o Azure AD: Cloud-based, supports SaaS applications.

o On-Premises AD: Traditional directory service for on-premises environments.

GCP

IAM (Google Cloud IAM)

49. What is GCP IAM?

Answer:
GCP IAM (Identity and Access Management) provides centralized control over Google Cloud
resources.

50. What is a GCP Service Account?

Answer:
A Service Account is a special account used by applications or virtual machines to interact with
GCP services.

This is the first half of the questions. Let me know if you'd like me to continue with the remaining 50!

CONTINUE

Certainly! Here are the remaining 50 interview questions and answers on AWS, Azure, and GCP, focusing
on IAM, EC2, S3, Lambda, VPC, Load Balancers, and other key services for DevOps roles (updated for
2025 trends).

AWS (Continued)

Lambda (Continued)

51. What is the maximum memory size for a Lambda function?

Answer:
10 GB (as of 2025).

52. What is the difference between Lambda@Edge and regular Lambda?

Answer:

o Lambda@Edge: Runs Lambda functions at CloudFront edge locations for low-latency

processing.

o Regular Lambda: Runs in a specific AWS region.

53. How do you monitor Lambda functions?

Answer:
Use AWS CloudWatch to monitor logs, metrics, and performance.
 54. What is the purpose of a Lambda Execution Role?
Answer:
An Execution Role defines the permissions a Lambda function has to interact with other AWS
services.

55. What is the difference between Lambda and EC2?

Answer:

o Lambda: Serverless, event-driven, and scales automatically.

o EC2: Requires manual provisioning and scaling.

VPC (Continued)

56. What is a VPC Endpoint?

Answer:
A VPC Endpoint allows private connectivity between a VPC and supported AWS services without
using the internet.

57. What is the difference between a VPC Endpoint and a NAT Gateway?
Answer:

o VPC Endpoint: Provides private access to AWS services.

o NAT Gateway: Allows private subnets to access the internet.

58. What is a VPC Flow Log?

Answer:
VPC Flow Logs capture information about IP traffic going to and from network interfaces in a
VPC.

59. What is the purpose of a VPN Gateway in a VPC?

Answer:
A VPN Gateway enables secure communication between a VPC and an on-premises network over
an IPsec VPN connection.
60. What is the difference between a VPC and a Subnet?
Answer:

o VPC: A logically isolated section of the AWS cloud.

o Subnet: A range of IP addresses within a VPC.

Load Balancers (Continued)

61. What is the difference between an ALB and a CLB?

Answer:
 o ALB: Supports advanced routing (e.g., path-based, host-based) and modern protocols
(HTTP/2, WebSockets).

o CLB: Basic load balancing for HTTP/HTTPS and TCP.

62. What is the purpose of a Health Check in an ELB?

Answer:
A Health Check monitors the health of targets and routes traffic only to healthy instances.

63. What is the difference between an Internal and an Internet-Facing ELB?

Answer:
o Internal ELB: Routes traffic within a VPC.
o Internet-Facing ELB: Routes traffic from the internet to instances.

64. How do you enable Cross-Zone Load Balancing in an ELB?

Answer:
Enable the feature in the ELB settings to distribute traffic evenly across all instances in all
Availability Zones.

65. What is the purpose of Sticky Sessions in an ELB?

Answer:
Sticky Sessions ensure that requests from the same client are routed to the same target.

Azure

Virtual Machines (VM)

66. What is an Azure VM?

Answer:
An Azure VM is a scalable, on-demand virtual machine hosted in Azure.
67. What is the difference between a Standard and a Premium VM in Azure?
Answer:
o Standard VM: General-purpose, cost-effective.

o Premium VM: High-performance, optimized for I/O-intensive workloads.

68. What is an Azure Availability Set?

Answer:
An Availability Set ensures high availability by distributing VMs across multiple fault and update
domains.

69. What is Azure Scale Sets?

Answer:
Azure Scale Sets allow you to create and manage a group of identical, auto-scaling VMs.
 70. What is the purpose of an Azure Managed Disk?
Answer:
A Managed Disk simplifies disk management by handling storage accounts and scaling
automatically.

Azure Storage

71. What is Azure Blob Storage?

Answer:
Azure Blob Storage is a scalable object storage service for unstructured data (e.g., images,
videos).

72. What is the difference between Hot and Cool Blob Storage?
Answer:

o Hot: Optimized for frequently accessed data.

o Cool: Optimized for infrequently accessed data with lower storage costs.

73. What is Azure Table Storage?

Answer:
Azure Table Storage is a NoSQL key-value store for semi-structured data.

74. What is Azure Queue Storage?

Answer:
Azure Queue Storage is a messaging service for decoupling application components.

75. What is Azure File Storage?

Answer:
Azure File Storage provides fully managed file shares accessible via SMB protocol.

Azure Functions

76. What is Azure Functions?

Answer:
Azure Functions is a serverless compute service that runs event-triggered code without managing
infrastructure.

77. What is the difference between Azure Functions and AWS Lambda?
Answer:

o Azure Functions: Tightly integrated with Azure services.

o AWS Lambda: Tightly integrated with AWS services.

 78. What is a Durable Function in Azure?
Answer:
A Durable Function is an extension of Azure Functions that supports stateful workflows.

79. What is the maximum execution time for an Azure Function?

Answer:
10 minutes (default), extendable to 30 minutes.

80. How do you monitor Azure Functions?

Answer:
Use Azure Monitor and Application Insights for logging and performance monitoring.

Azure Networking

81. What is an Azure Virtual Network (VNet)?

Answer:
An Azure VNet is a logically isolated network in Azure for deploying resources.

82. What is the difference between a VNet and a Subnet?

Answer:

o VNet: A logically isolated network.

o Subnet: A segment of a VNet for organizing resources.

83. What is an Azure Load Balancer?

Answer:
An Azure Load Balancer distributes incoming traffic across VMs for high availability.

84. What is the difference between a Public and an Internal Load Balancer?
Answer:
o Public Load Balancer: Routes traffic from the internet.

o Internal Load Balancer: Routes traffic within a VNet.

85. What is Azure Traffic Manager?
Answer:
Azure Traffic Manager is a DNS-based traffic load balancer for distributing traffic across global
Azure regions.

GCP

Compute Engine

86. What is GCP Compute Engine?

Answer:
GCP Compute Engine provides scalable, customizable virtual machines.
 87. What is the difference between Preemptible and Regular VMs?
Answer:

o Preemptible VMs: Short-lived, cost-effective, can be terminated by GCP.

o Regular VMs: Standard VMs with no termination risk.

88. What is an Instance Template in GCP?

Answer:
An Instance Template defines the configuration for creating VM instances.

89. What is an Instance Group in GCP?

Answer:
An Instance Group is a collection of VM instances managed as a single entity.

90. What is the purpose of a Managed Instance Group (MIG)?

Answer:
A MIG automatically scales and manages VM instances based on demand.

Cloud Storage

91. What is GCP Cloud Storage?

Answer:
GCP Cloud Storage is a unified object storage service.

92. What is the difference between Regional and Multi-Regional Storage?

Answer:

o Regional Storage: Data stored in a specific region.

o Multi-Regional Storage: Data stored across multiple regions for higher availability.

93. What is a Storage Bucket in GCP?

Answer:
A Storage Bucket is a container for storing objects in GCP Cloud Storage.
94. What is the purpose of a Lifecycle Rule in GCP Cloud Storage?
Answer:
A Lifecycle Rule automates the deletion or transition of objects based on age or other conditions.

95. What is the difference between Nearline and Coldline Storage?

Answer:

o Nearline: For data accessed once a month or less.

o Coldline: For data accessed once a year or less.

Cloud Functions
96. What is GCP Cloud Functions?
Answer:
GCP Cloud Functions is a serverless compute service for running event-driven code.

97. What is the maximum execution time for a Cloud Function?

Answer:
9 minutes (default), extendable to 60 minutes.

98. What is the difference between HTTP and Event-Triggered Functions?

Answer:
o HTTP Functions: Triggered by HTTP requests.

o Event-Triggered Functions: Triggered by events (e.g., Pub/Sub, Storage).

99. How do you monitor GCP Cloud Functions?

Answer:
Use Cloud Monitoring and Cloud Logging for metrics and logs.

100. What is the purpose of a Service Account in GCP Cloud Functions?

Answer:
A Service Account defines the permissions for a Cloud Function to interact with other GCP
services.