Fundamentals Interview Guide

IP Address Types (Know These for Interviews)

DNS Record Types (Quick Reference)

The complete end-to-end flow when you type www.example.com in your browser — mapped to AWS services:

Performance Optimization at Each Layer

• DNS: Route 53 latency-based routing routes users to the nearest region
• TLS: CloudFront terminates TLS at the edge (450+ PoPs) — users connect to nearby edge, not distant origin
• HTTP: CloudFront caches static assets. Set proper Cache-Control headers. Use HTTP/2 and HTTP/3.
• Server: Use ElastiCache/DAX to cache DB queries. Use read replicas for read-heavy workloads.
• Rendering: Serve pre-compressed assets (gzip/Brotli from CloudFront). Lazy-load images.

Fundamental questions often warm up an interview. Getting these wrong early can set a negative tone. These cover networking basics, protocols, and cloud concepts.

1. Explain the OSI model. Which layer does an ALB operate at vs an NLB? Why does this distinction matter for your architecture?
   Answer Guide

   ALB = Layer 7 (HTTP/HTTPS) — can route based on URL path, host header, HTTP methods. NLB = Layer 4 (TCP/UDP) — routes based on IP/port, ultra-low latency. This matters because: ALB can do content-based routing to microservices, NLB is needed for non-HTTP protocols (gRPC, WebSocket passthrough, gaming).
2. What's the difference between TCP and UDP? Give an AWS use case where you'd specifically choose UDP over TCP.
   Answer Guide

   TCP — reliable, ordered, connection-oriented (HTTP, database connections). UDP — unreliable but fast, connectionless (video streaming, DNS, IoT telemetry, gaming). AWS use case: NLB with UDP listeners for real-time gaming servers, or Route 53 DNS queries (UDP by default, TCP for large responses).
3. Explain CIDR notation. Your company gives you a /16 VPC. How many /24 subnets can you create? How many usable IP addresses per /24 subnet in AWS?
   Answer Guide

   /16 = 65,536 IPs. /24 = 256 IPs. So /16 contains 256 possible /24 subnets. AWS reserves 5 IPs per subnet (network, VPC router, DNS, future, broadcast), so a /24 has 251 usable IPs. Know this math — interviewers will ask you to design VPC CIDR allocation on the spot.
4. What's the difference between latency, bandwidth, and throughput? A user says "the network is slow." How do you diagnose whether it's a latency problem or a bandwidth problem?
   Answer Guide

   Latency = time for a packet to travel (ms). Bandwidth = max capacity of the pipe (Gbps). Throughput = actual data transferred (affected by both). Diagnosis: high latency + normal throughput = distance/routing issue. Normal latency + low throughput = bandwidth saturation. Use CloudWatch, VPC Flow Logs, and traceroute.
5. Explain the AWS Shared Responsibility Model. A customer's RDS database gets hacked because they used the default admin password. Whose fault is it — AWS or the customer?
   Answer Guide

   Customer's fault. AWS is responsible for security OF the cloud (hardware, network, hypervisor). Customer is responsible for security IN the cloud (IAM, SG rules, passwords, encryption, patching OS on EC2). RDS: AWS patches the engine, customer manages access credentials, SGs, and encryption settings.
6. What HTTP status codes should every architect know? A user gets a 502 error from your ALB. What does this mean and how do you troubleshoot it?
   Answer Guide

   Key codes: 200 (OK), 301/302 (redirect), 400 (bad request), 401 (unauthenticated), 403 (forbidden), 404 (not found), 429 (throttled), 500 (server error), 502 (bad gateway), 503 (service unavailable), 504 (timeout). 502 from ALB = backend target returned invalid response or connection refused. Check target health, security groups, and application logs.
7. Compare REST, GraphQL, and gRPC. You're designing APIs for a mobile app that needs to minimize data transfer and battery usage. Which would you recommend?
   Answer Guide

   GraphQL — client requests exactly the fields it needs (no over-fetching/under-fetching). REST — fixed response shapes, over-fetching common. gRPC — binary protocol (Protobuf), most efficient but complex on mobile. For mobile: GraphQL for flexible queries, or REST with field selection. gRPC for backend-to-backend microservice communication.
8. Explain stateless vs stateful applications. Why is statelessness important for cloud architecture? Your application stores user sessions in local server memory. What happens when you scale to 5 instances behind a load balancer?
   Answer Guide

   Stateful: session data on the server. If user hits a different instance, session is lost. Solutions: sticky sessions (ALB, but reduces load balancing effectiveness), externalize state to ElastiCache Redis or DynamoDB (best practice). Statelessness enables horizontal scaling, auto-scaling, and graceful instance replacement.
9. What is the difference between encryption at rest and encryption in transit? Name the AWS service or feature you'd use for each across S3, RDS, EBS, and API communication.
   Answer Guide

   At rest — data stored on disk is encrypted. S3: SSE-S3/SSE-KMS. RDS: encrypted volumes (enable at creation). EBS: encrypted snapshots/volumes. In transit — data moving over the network. TLS 1.2+ (ALB terminates TLS), ACM for certificates. End-to-end: TLS from client → ALB → re-encrypt to backend.
10. Explain IaaS, PaaS, and SaaS with AWS examples. Where does a container service like ECS fit in this model? What about a managed Kubernetes service like EKS?
    Answer Guide

    IaaS = EC2 (you manage OS up). PaaS = Elastic Beanstalk, App Runner (you manage code, platform handles infra). SaaS = S3, DynamoDB (fully managed, just use the API). ECS on Fargate = between PaaS and IaaS (you manage containers, not servers). EKS = closer to IaaS (you manage K8s workloads, potentially nodes too).