Cloud Solution Architect / Engineer Interview Questions and LAB for Career Growth
A lot of you are learning Public Cloud and Public Cloud Networking and Security. We have some LAB topologies that will help you learn Secure Cloud Networking at your own pace. These LABs should also help you during job interviews, especially when you are applying at Aviatrix. I cannot give you better hint than this
Preparing for Interview
General Networking Interview Questions
Following networking topics are commonly covered during the interview process. Anything outside of this is also fair game and depends on what you have mentioned on your resume and the person taking the interview.
- Really good and deep understanding of BGP (no need to brush your OSPF/EIGRP etc. these protocols are dead in the public cloud)
- Highly available on-prem data center design
- ECMP, Active/Active, Active/Standby
- Very good understanding of IPSec encryption. Design choices etc. For example Policy-Based vs Route-Based VPN
- On-Prem DC to Cloud connectivity options, design choices, pros/cons
- On-Prem Branch to Cloud connectivity options, design choices, pros/cons
- Traffic flows and packet walk
- NGWFW design and packet flow
- If you want to impress us, then come prepared with a design that you can white-board (Zoom annotate option). We can ask design and architecture questions from it then too.
- Highlight any blog/video/etc. you have published during the interview process
I am new to Public Cloud Networking
Now the question is what if you do not know the public cloud at all. What I expect you to do in this case is as follows
- Take the ACE Associate Certification which mainly covers the basic Public Cloud Networking and Security concepts. This is self-paced and usually, there are promotions going on for deep discount
Then I expect you to complete LAB1 and LAB2 in order. LAB1 is a cookie-cutter lab
LAB1 - Multi-Cloud Networking 101
This lab is about simplifying your cloud and multi-cloud networking using Aviatrix. Follow the LAB detailed here using Aviatrix Sandbox Starter Tool
- All the cost associated with running and deploying these labs is your responsibility including but not limited to the cost incurred by CSPs and Aviatrix.
- You should shut down the instances or even delete all the resources if the cost is a concern for you
- You may also use services like https://www.parkmycloud.com to schedule or automatically shut down your lab
LAB2 - AWS Networking 101
You can pick your favorite cloud and should go deep in one Cloud first. Knowing one cloud is enough for the interview. I would suggest starting with AWS. During our interview process, we usually only cover the Networking and Security aspects. Storage and other app layer services are not covered.
- Create 5 VPCs in an AWS Region
- Create one smallest instance in each Prod, Shared, and Dev VPC (so a total of three)
- Make sure that these three VMs can ping to each other using Private IPs
- Use native peering to connect those VPCs
- Deploy a Palo Alto VM in Transit VPC
- Make sure you can access Palo Alto VM using its public IP address from your desktop/laptop
- Make sure all 3 instances (in Prod, Shared, and Dev VPCs) can ping the Palo Alto ping using its private IP address
- Make sure your instances in Prod, Shared, and Dev VPC can ping any Internet site (like aviatrix.com or github.com) using the Palo Alto Firewall
- Make sure the instance in Management VPC can ping any Internet site (such as aviatrix.com or gitbub.com) using the AWS Internet GW (IGW) deployed inside the Management VPC
This is a complex lab and can take a lot of time. I do not expect you to finish it end to end. But it should intrigue you to read some relevant topics that will be handy during the interview process
Cloud Networking and Security Related Interview Questions
Assume you picked up AWS as your favorite cloud for an interview, then I would probably ask questions (which you should be able to answer if you have done your LAB1 and LAB2 properly.
- What is the difference between public and private subnet?
- How do you associate subnet to the route table?
- What is IGW?
- In AWS how can an EC2 instance has EIP and also Private IP? How does it work?
- Explain the Egress flow? How the traffic is routed with EIP and without EIP?
- Explain Ingress packet walk
- AWS-TGW: Does it belong to a VPC? or is it a global resource?
- How would you connect 10 VPCs without using AWS-TGW?
- How can you add a NGFW in the traffic flow between two EC2 for inspection?
- How would you secure the Apps in VPC? What are the options?
- What about encryption, do you need it? If yes, then how can you achieve end-to-end encryption inside the Cloud. And what about on-prem resources?
- How can you migrate VMs to AWS? What are the design choices? Considerations? Pros/Cons?
- Overlapping IP and NAT related questions
- Transitive vs Non-transitive VPC design
- Active/Active design
- And more ...
Usually, for these questions, I don't expect you to give me Aviatrix solution as an answer. Stick to native AWS choices
Misc. Hints about the Interview Process
- For the most part, the interview is from the resume you submitted
- I allow candidates to do a Google search during the interview and find the answer. I do not expect candidates to cram. Usually, I would give you 1 minute or so to do that. But it depends on person to person. Not everyone is like me :-)
- Sometimes I will confuse you. Present you a scenario and pose naive.
- I try to simulate a real-world design scenario and check your communication and confidence.
- We could also check how you handle a tough situation. Believe me, the Architect job is not easy. Some people did not survive in our Solution Architecture team and left within 3 months :--)
- We could interrupt you during your answer, break your flow because this is what happens in real-world, and see how you react
- You can pick a few Cloud Networking and Security topics and prepare for them. You can mention that you would want to stay within that area mostly and we will try to accommodate. For instance
- AWS Direct Connect design and deploy details
- GCP Shared VPC concepts and routing details
- Azure NVA and transit design with Firewalls
- The interview focuses more on the design and architecture aspects
- On-prem connectivity from Cloud is an important topic
- Routing and Security inside the Cloud is discussed too
- You can pick a public Cloud of your choice and explain design/architecture in detail with us
- If you have Kubernetes knowledge that is a plus.
- Linux networking and security knowledge is also a plus.
Just finished this build. At the end of the lab wanted to figure out a way to back up my entire AWS build. I'm not really a cloudformation user. Starting a 2 hour tutorial on terraform to see if I IaC my entire config. Thank you for creating this exercise. On to the aviatrix sandbox lab once I export my config.