AWS_Practical_Interview_401 600

AWS Practical Interview Questions (401-600)

AWS Well-Architected Framework

Q401: What are the pillars of AWS Well-Architected Framework?

Answer:

1. Operational Excellence - Run and monitor systems
2. Security - Protect information and systems
3. Reliability - Recover from failures
4. Performance Efficiency - Use computing resources efficiently
5. Cost Optimization - Avoid unnecessary costs
6. Sustainability - Minimize environmental impact

Q402: How do you implement Operational Excellence?

Answer:

• Use Infrastructure as Code (CloudFormation/Terraform)
• Implement monitoring and alerting
• Automate responses to events
• Document procedures
• Regular improvements

Q403: How do you implement Security pillar?

Answer:

• Identity and access management (IAM)
• Detective controls (CloudTrail, GuardDuty)
• Infrastructure protection (Security Groups, WAF)
• Data protection (encryption, backups)
• Incident response planning

Q404: How do you implement Reliability pillar?

Answer:

• Design for failure
• Implement multi-AZ deployments
• Use auto-scaling
• Test recovery procedures
• Implement backup and restore

Q405: How do you implement Performance Efficiency?

Answer:

• Select right instance types
• Use serverless where appropriate
• Implement caching (CloudFront, ElastiCache)
• Monitor performance metrics
• Review and optimize regularly

Q406: How do you implement Cost Optimization?

Answer:

• Right-size resources
• Use reserved instances/Savings Plans
• Implement tagging for cost tracking
• Use spot instances for fault-tolerant workloads
• Regular cost analysis

Q407: How do you implement Sustainability?

Answer:

• Use managed services
• Implement serverless architecture
• Use efficient instance types
• Minimize data transfer
• Implement lifecycle policies

---

AWS Cost Management

Q408: How do you set up Cost Explorer?

Answer:

# Enable Cost Explorer
aws ce enable-cost-explorer

# Get cost and usage
aws ce get-cost-and-usage \
  --time-period Start=2024-01-01,End=2024-01-31 \
  --granularity DAILY \
  --metrics UnblendedCost \
  --group-by Type=DIMENSION,Key=SERVICE

Q409: How do you create budget?

Answer:

# Create budget
aws budgets create-budget \
  --account-id 123456789012 \
  --budget '{
    "BudgetName": "monthly-cost",
    "BudgetLimit": {"Amount": "1000", "Unit": "USD"},
    "TimeUnit": "MONTHLY",
    "CostTypes": {"IncludeTax": true}'
  }'

# Add alert
aws budgets create-notification \
  --account-id 123456789012 \
  --budget-name monthly-cost \
  --notification '{
    "NotificationType": ACTUAL,
    "ComparisonOperator": GREATER_THAN,
    "Threshold": 80,
    "ThresholdType": PERCENTAGE
  }'

Q410: How do you use Cost Allocation Tags?

Answer:

# Enable tags
aws ce enable-tag-poly \
  --tag-name Department

# View costs by tag
aws ce get-cost-and-usage \
  --time-period Start=2024-01-01,End=2024-01-31 \
  --granularity MONTHLY \
  --group-by Type=TAG,Key=Department

Q411: How do you set up CUR (Cost and Usage Report)?

Answer:

# Create report
aws cur create-report-definition \
  --report-name my-cur \
  --time-unit HOURLY \
  --format Parquet \
  --compression SNAPPY \
  --s3-bucket my-bucket \
  --s3-prefix reports/ \
  --additional-report-elements RESOURCES

---

AWS Organizations

Q412: How do you create OU (Organizational Unit)?

Answer:

# Create OU
aws organizations create-organizational-unit \
  --parent-id r-1234 \
  --name Production

# Move account
aws organizations move-account \
  --account-id 123456789012 \
  --source-parent-id r-1234 \
  --destination-parent-id ou-1234

Q413: How do you create SCP (Service Control Policy)?

Answer:

# Create SCP
aws organizations create-policy \
  --content '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Deny",
      "Action": ["ec2:*"],
      "Resource": "*",
      "Condition": {"Bool": {"aws:SecureTransport": false}}
    }]
  }' \
  --description "Deny non-SSL EC2" \
  --name "Deny-Non-SSL-EC2" \
  --type SERVICE_CONTROL_POLICY

Q414: How do you enable all features?

Answer:

# Enable all features
aws organizations enable-all-features

---

AWS Control Tower

Q415: How do you set up Control Tower?

Answer:

# Create landing zone (requires console setup)
# Or use AWS Control Tower API
aws controltower create-landing-zone \
  --manifest file://manifest.json

Q416: How do you enroll account?

Answer:

# Enroll account
aws controltower enroll-account \
  --account-id 123456789012 \
  --organizational-unit-name Production

---

AWS Resource Access Manager

Q417: How do you share resources with RAM?

Answer:

# Create resource share
aws ram create-resource-share \
  --name my-share \
  --resource-arns arn:aws:ec2:us-east-1:123456789012:subnet/subnet-12345 \
  --principils "111111111111"

---

AWS Service Catalog

Q418: How do you create Portfolio?

Answer:

# Create portfolio
aws servicecatalog create-portfolio \
  --name "My Portfolio" \
  --description "Products for developers"

# Create product
aws servicecatalog create-product \
  --name "Web Server" \
  --owner "IT Team" \
  --product-type CLOUD_FORMATION_TEMPLATE \
  --provisioning-artifact-parameters '{
    "Name": "v1",
    "Description": "Web server template",
    "Info": {"LoadTemplateURL": "https://s3.amazonaws.com/templates/template.yaml"}
  }'

---

AWS Systems Manager

Q419: How do you run command on multiple instances?

Answer:

# Run command
aws ssm send-command \
  --document-name AWS-RunShellScript \
  --targets '[{"Key":"tag:Environment","Values":["Production"]}]' \
  --parameters '{
    "commands": ["yum update -y", "systemctl restart nginx"]
  }'

# Get command output
aws ssm list-command-invocations \
  --command-id command-id \
  --details

Q420: How do you use Patch Manager?

Answer:

# Create patch baseline
aws ssm create-patch-baseline \
  --name "Production Baseline" \
  --operating-system AMAZON_LINUX2 \
  --patch-filters '[{"Key":"PRODUCT","Values":["AmazonLinux2.0"]}]'

# Register for patching
aws ssm register-default-patch-baseline --baseline-id baseline-id

---

AWS Config Rules

Q421: How do you create custom Config rule?

Answer:

# Create rule
aws configservice put-config-rule \
  --config-rule '{
    "ConfigRuleName": "required-tags",
    "Source": {
      "Owner": CUSTOM_LAMBDA,
      "SourceIdentifier": "arn:aws:lambda:us-east-1:123456789012:function:config-rule"
    },
    "InputParameters": {"tagName": "Environment"}'
  }'

---

AWS CloudTrail Insights

Q422: How do you enable CloudTrail Insights?

Answer:

# Enable insights
aws cloudtrail update-trail \
  --name my-trail \
  --enable-insight-selectors

---

AWS GuardDuty

Q423: How do you create GuardDuty findings?

Answer:

# Enable GuardDuty
aws guardduty create-detector \
  --enable

# Create sample findings
aws guardduty create-sample-findings \
  --detector-id detector-id

---

AWS Security Hub

Q424: How do you enable security standards?

Answer:

# Enable standards
aws securityhub enable-standards \
  --standards-arn "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"

---

AWS Network Firewall

Q425: How do you create Network Firewall?

Answer:

# Create firewall
aws network-firewall create-firewall \
  --firewall-name my-firewall \
  --vpc-id vpc-123 \
  --subnet-mapping '{
    "us-east-1a": "subnet-123",
    "us-east-1b": "subnet-456"
  }' \
  --firewall-policy-arn policy-arn

---

AWS WAF

Q426: How do you create WAF Web ACL?

Answer:

# Create Web ACL
aws wafv2 create-web-acl \
  --name my-acl \
  --scope REGIONAL \
  --default-action '{
    "Allow": {}
  }' \
  --rules '[
    {
      "Name": "AWS-AWSManagedRulesCommonRuleSet",
      "Priority": 1,
      "Statement": {
        "ManagedRuleGroupStatement": {
          "VendorName": "AWS",
          "Name": "AWSManagedRulesCommonRuleSet"
        }
      },
      "OverrideAction": {"None": {}},
      "VisibilityConfig": {
        "SampledRequestsEnabled": true,
        "CloudWatchMetricsEnabled": true,
        "MetricName": "AWSManagedRulesCommonRuleSet"
      }
    }
  ]'

---

AWS Firewall Manager

Q427: How do you set up Firewall Manager?

Answer:

# Create security policy
aws firewallmanager create-security-policy \
  --security-policy-name my-policy \
  --remediation-enabled

---

AWS Shield

Q428: How do you enable Shield Advanced?

Answer:

# Subscribe to Shield Advanced
aws shield describe-subscription

---

AWS PrivateLink

Q429: How do you create PrivateAnswer:**

**
# Create VPC endpoint
aws ec2 create-vpc-endpoint \
  --vpc-id vpc-123 \
  --service-name com.amazonaws.us-east-1.s3 \
  --vpc-endpoint-type Gateway \
  --route-table-ids rtb-123

Q430: How do you create Interface endpoint?

Answer:

# Create Interface endpoint
aws ec2 create-vpc-endpoint \
  --vpc-id vpc-123 \
  --service-name com.amazonaws.us-east-1.sqs \
  --vpc-endpoint-type Interface \
  --subnet-ids subnet-123 subnet-456

---

AWS Transit Gateway

Q431: How do you create Transit Gateway?

Answer:

# Create Transit Gateway
TG=$(aws ec2 create-transit-gateway \
  --description "Main TGW" \
  --options '{
    "AmazonAsn": 64512,
    "AutoAcceptSharedAttachments": "enable",
    "DefaultRouteTableAssociation": "enable",
    "DefaultRouteTablePropagation": "enable",
    "VpnEcmpSupport": "enable"
  }' \
  --query 'TransitGateway.TransitGatewayId' \
  --output text)

# Attach VPC
aws ec2 create-transit-gateway-vpc-attachment \
  --transit-gateway-id $TG \
  --vpc-id vpc-123 \
  --subnet-ids subnet-123 subnet-456

Q432: How do you create Transit Gateway route?

Answer:

# Create route
aws ec2 create-transit-gateway-route \
  --destination-cidr-block 10.0.0.0/8 \
  --transit-gateway-route-table-id tgw-rtb-123 \
  --transit-gateway-attachment-id tgw-attach-456

---

AWS Direct Connect

Q433: How do you create Direct Connect connection?

Answer:

# Create connection request
aws directconnect create-connection \
  --location "EqDC2" \
  --bandwidth 1Gbps \
  --connection-name my-connection

Q434: How do you create Virtual Private Gateway?

Answer:

# Create VPG
VPG=$(aws ec2 create-vpn-gateway \
  --type ipsec.1 \
  --query 'VpnGateway.VpnGatewayId' \
  --output text)

# Attach to VPC
aws ec2 attach-vpn-gateway \
  --vpn-gateway-id $VPG \
  --vpc-id vpc-123

---

AWS VPN

Q435: How do you create Site-to-Site VPN?

Answer:

# Create Customer Gateway
CGW=$(aws ec2 create-customer-gateway \
  --type ipsec.1 \
  --public-ip 203.0.113.1 \
  --bgp-asn 65001 \
  --query 'CustomerGateway.CustomerGatewayId' \
  --output text)

# Create VPN Connection
aws ec2 create-vpn-connection \
  --customer-gateway-id $CGW \
  --type ipsec.1 \
  --vpn-gateway-id vpg-123

---

AWS Client VPN

Q436: How do you create Client VPN endpoint?

Answer:

# Create Client VPN endpoint
aws ec2 create-client-vpn-endpoint \
  --client-cidr-block 10.0.0.0/22 \
  --server-certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/cert-id \
  --authentication-options '[{"Type": "certificate-authentication"}]' \
  --vpn-port 443

---

AWS Route 53

Q437: How do you create hosted zone?

Answer:

# Create hosted zone
aws route53 create-hosted-zone \
  --name example.com \
  --caller-reference "my-zone-$(date +%s)"

Q438: How do you create record set?

Answer:

# Create A record
aws route53 change-resource-record-sets \
  --hosted-zone-id Z1234567890ABC \
  --change-batch '{
    "Changes": [{
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "www.example.com",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [{"Value": "1.2.3.4"}]
      }
    }]
  }'

Q439: How do you create weighted routing?

Answer:

# Create weighted records
aws route53 change-resource-record-sets \
  --hosted-zone-id Z1234567890ABC \
  --change-batch '{
    "Changes": [{
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "example.com",
        "Type": "A",
        "SetIdentifier": "primary",
        "Weight": 80,
        "TTL": 300,
        "ResourceRecords": [{"Value": "1.2.3.4"}]
      }
    }]
  }'

Q440: How do you create failover routing?

Answer:

# Create failover records
aws route53 change-resource-record-sets \
  --hosted-zone-id Z1234567890ABC \
  --change-batch '{
    "Changes": [{
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "example.com",
        "Type": "A",
        "Failover": "PRIMARY",
        "SetIdentifier": "primary",
        "TTL": 60,
        "ResourceRecords": [{"Value": "1.2.3.4"}]
      }
    }]
  }'

---

AWS CloudFront

Q441: How do you create CloudFront distribution?

Answer:

# Create distribution
aws cloudfront create-distribution \
  --origin-domain-name my-bucket.s3.amazonaws.com \
  --default-cache-behavior '{
    "TargetOriginId": "my-bucket",
    "ViewerProtocolPolicy": "redirect-to-https",
    "MinTTL": 0,
    "ForwardedValues": {
      "QueryString": false,
      "Cookies": {"Forward": "none"}
    }
  }'

Q442: How do you create origin access identity?

Answer:

# Create OAI
OAI=$(aws cloudfront create-cloud-front-origin-access-identity \
  --cloud-front-origin-access-identity-config '{
    "CallerReference": "my-oai",
    "Comment": "Access for my-bucket"
  }' \
  --query 'CloudFrontOriginAccessIdentity.Id' \
  --output text)

# Update S3 bucket policy
aws s3api put-bucket-policy \
  --bucket my-bucket \
  --policy '{
    "Version": "2008-10-17",
    "Statement": [{
      "Sid": "CloudFront",
      "Effect": "Allow",
      "Principal": {"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity '${OAI}'"},
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }]
  }'

Q443: How do you set up Lambda@Edge?

Answer:

# Create Lambda function and publish version
aws lambda publish-version --function-name my-function

# Add trigger to CloudFront
aws cloudfront create-distribution \
  --origin-domain-name my-bucket.s3.amazonaws.com \
  --default-cache-behavior '{
    "TargetOriginId": "my-bucket",
    "LambdaFunctionAssociations": [{
      "EventType": "origin-request",
      "LambdaFunctionARN": "arn:aws:lambda:us-east-1:123456789012:function:my-function:1"
    }]
  }'

---

AWS S3 Advanced Features

Q444: How do you enable S3 Access Points?

Answer:

# Create access point
aws s3control create-access-point \
  --account-id 123456789012 \
  --name my-access-point \
  --bucket my-bucket

Q445: How do you enable S3 Multi-Region Access Points?

Answer:

# Create multi-region access point
aws s3control create-multi-region-access-point \
  --account-id 123456789012 \
  --region us-east-1 \
  --bucket my-bucket

Q446: How do you set up S3 Inventory?

Answer:

# Create inventory configuration
aws s3api put-bucket-inventory-configuration \
  --bucket my-bucket \
  --id daily-inventory \
  --inventory-configuration '{
    "Destination": {
      "S3BucketDestination": {
        "Format": "Parquet",
        "Bucket": "arn:aws:s3:::inventory-bucket"
      }
    },
    "Schedule": {"Frequency": "Daily"},
    "IncludedObjectVersions": "Current"
  }'

---

AWS Lambda Edge Cases

Q447: How do you handle Lambda cold start?

Answer:

import json
import boto3

# Use provisioned concurrency
lambda_client = boto3.client('lambda')

# Pre-warm function
response = lambda_client.put_function_concurrency(
    FunctionName='my-function',
    ProvisionedConcurrentExecutions=5
)

Q448: How do you handle Lambda timeout?

Answer:

import json

def handler(event, context):
    # Set custom timeout in boto3 client
    # Or use AWS X-Ray for tracing
    pass

Q449: How do you secure Lambda environment?

Answer:

• Use VPC for sensitive workloads
• Use Secrets Manager for sensitive data
• Implement proper IAM roles
• Enable encryption at rest
• Use Layers for shared code

---

AWS ECS Deep Dive

Q450: How do you implement blue-green deployment in ECS?

Answer:

# Create new task definition
aws ecs register-task-definition \
  --family my-app \
  --network-mode awsvpc \
  --container-definitions '[{"name":"web","image":"my-app:v2"}]'

# Update service with new task definition
aws ecs update-service \
  --cluster my-cluster \
  --service my-service \
  --task-definition my-app:v2 \
  --deployment-configuration '{
    "minimumHealthyPercent": 50,
    "maximumPercent": 200
  }'

Q451: How do you implement service discovery in ECS?

Answer:

# Create private namespace
aws servicediscovery create-private-dns-namespace \
  --name local \
  --vpc vpc-123

# Create service with service discovery
aws ecs create-service \
  --cluster my-cluster \
  --service-name my-service \
  --launch-type FARGATE \
  --service-registries '[{"registryArn":"arn:aws:servicediscovery:us-east-1:123456789012:service/srv-123"}]'

---

AWS EKS Deep Dive

Q452: How do you configure EBS CSI driver in EKS?

Answer:

# Add EBS CSI driver addon
aws eks create-addon \
  --cluster-name my-cluster \
  --addon-name aws-ebs-csi-driver

Q453: How do you configure EFS CSI driver in EKS?

Answer:

# Add EFS CSI driver addon
aws eks create-addon \
  --cluster-name my-cluster \
  --addon-name aws-efs-csi-driver

Q454: How do you enable RBAC in EKS?

Answer:

# Create RoleBinding
kubectl create rolebinding admin-binding \
  --clusterrole=admin \
  --user=user@example.com \
  --namespace=default

---

AWS RDS Deep Dive

Q455: How do you set up read replica?

Answer:

# Create read replica
aws rds create-db-instance-read-replica \
  --db-instance-identifier my-replica \
  --source-db-instance-arn arn:aws:rds:us-east-1:123456789012:db:primary \
  --db-instance-class db.t3.medium

Q456: How do you set up Multi-AZ?

Answer:

# Modify to Multi-AZ
aws rds modify-db-instance \
  --db-instance-identifier my-db \
  --multi-az \
  --apply-immediately

Q457: How do you enable Performance Insights?

Answer:

# Enable Performance Insights
aws rds modify-db-instance \
  --db-instance-identifier my-db \
  --enable-performance-insights \
  --performance-insights-kms-key-id key-id

---

AWS Aurora Deep Dive

Q458: How do you create Aurora cluster?

Answer:

# Create Aurora cluster
aws rds create-db-cluster \
  --db-cluster-identifier my-cluster \
  --engine aurora-mysql \
  --engine-version 8.0 \
  --master-username admin \
  --master-user-password mypassword123 \
  --db-cluster-parameter-group-name aurora-mysql8.0 \
  --vpc-security-group-ids sg-123

# Create instances
aws rds create-db-instance \
  --db-cluster-identifier my-cluster \
  --db-instance-class db.t3.medium \
  --db-instance-identifier writer

Q459: How do you set up Aurora Serverless?

Answer:

# Create serverless cluster
aws rds create-db-cluster \
  --db-cluster-identifier my-serverless \
  --engine aurora-postgresql \
  --engine-mode serverless \
  --scaling-configuration '{
    "MinCapacity": 2,
    "MaxCapacity": 64,
    "AutoPause": true,
    "SecondsUntilPause": 300
  }'

Q460: How do you create Aurora Global Database?

Answer:

# Add secondary region
aws rds create-db-cluster \
  --db-cluster-identifier secondary-cluster \
  --engine aurora \
  --global-cluster-identifier global-cluster \
  --replication-source-arn primary-arn

---

AWS DynamoDB Deep Dive

Q461: How do you create GSI?

Answer:

# Create table with GSI
aws dynamodb create-table \
  --table-name Orders \
  --attribute-definitions \
    AttributeName=OrderID,AttributeType=S \
    AttributeName=CustomerID,AttributeType=S \
  --key-schema AttributeName=OrderID,KeyType=HASH \
  --global-secondary-indexes '[
    {
      "IndexName": "CustomerIDIndex",
      "KeySchema": [{"AttributeName":"CustomerID","KeyType":"HASH"}],
      "Projection": {"ProjectionType":"ALL"},
      "ProvisionedThroughput": {"ReadCapacityUnits":5,"WriteCapacityUnits":5}
    }
  ]'

Q462: How do you enable DAX?

Answer:

# Create DAX cluster
aws dax create-cluster \
  --cluster-name my-dax \
  --node-type dax.r5.large \
  --replication-factor 3 \
  --iam-role-arn role-arn

Q463: How do you implement TTL?

Answer:

# Enable TTL
aws dynamodb update-time-to-live \
  --table-name Orders \
  --time-to-live-specification '{
    "Enabled": true,
    "AttributeName": "ExpiryTime"
  }'

---

AWS ElastiCache Deep Dive

Q464: How do you create Redis cluster?

Answer:

# Create Redis cluster
aws elasticache create-cache-cluster \
  --cache-cluster-id my-redis \
  --cache-node-type cache.t3.medium \
  --engine redis \
  --num-cache-nodes 2 \
  --replication-group-id my-group

Q465: How do you enable auto-failover?

Answer:

# Create replication group with auto-failover
aws elasticache create-replication-group \
  --replication-group-id my-group \
  --replication-group-description "Primary and Replica" \
  --num-cache-clusters 2 \
  --cache-node-type cache.t3.medium \
  --engine redis \
  --automatic-failover-enabled \
  --multi-az-enabled

---

AWS SQS Advanced Patterns

Q466: How do you implement dead letter queue pattern?

Answer:

import boto3
import json

sqs = boto3.client('sqs')

def process_message(message):
    try:
        # Process message
        pass
    except Exception as e:
        # Move to DLQ
        dlq_url = sqs.get_queue_url(QueueName='my-dlq')['QueueUrl']
        sqs.send_message(
            QueueUrl=dlq_url,
            MessageBody=message['Body']
        )
        raise

Q467: How do you implement delayed queue?

Answer:

# Create queue with delay
sqs.create_queue(
    QueueName='delayed-queue',
    Attributes={
        'DelaySeconds': '300'
    }
)

---

AWS SNS Advanced Patterns

Q468: How do you implement fanout pattern?

Answer:

import boto3

sns = boto3.client('sns')

# Create topic
topic = sns.create_topic(Name='fanout-topic')

# Subscribe multiple endpoints
for endpoint in endpoints:
    sns.subscribe(
        TopicArn=topic['TopicArn'],
        Protocol='lambda',
        NotificationEndpoint=endpoint
    )

---

AWS Kinesis Data Streams

Q469: How do you create Kinesis stream?

Answer:

# Create stream
aws kinesis create-stream \
  --stream-name my-stream \
  --shard-count 2

Q470: How do you read from Kinesis?

Answer:

import boto3
import json

kinesis = boto3.client('kinesis')

def read_shard(shard_iterator):
    response = kinesis.get_records(ShardIterator=shard_iterator)
    for record in response['Records']:
        data = json.loads(record['Data'])
        process(data)
    return response['NextShardIterator']

---

AWS EventBridge Advanced

Q471: How do you implement event bus?

Answer:

# Create event bus
aws events create-event-bus \
  --name my-event-bus

# Add rule
aws events put-rule \
  --name my-rule \
  --event-bus-name my-event-bus \
  --event-pattern '{"source":["myapp"]}'

---

AWS Step Functions Advanced

Q472: How do you implement parallel execution?

Answer:

{
  "Comment": "Parallel execution",
  "StartAt": "Parallel",
  "States": {
    "Parallel": {
      "Type": "Parallel",
      "Branches": [
        {"StartAt": "Task1", "States": {"Task1": {"Type": "Pass", "End": true}}},
        {"StartAt": "Task2", "States": {"Task2": {"Type": "Pass", "End": true}}}
      ],
      "End": true
    }
  }
}

Q473: How do you implement wait callback?

Answer:

{
  "WaitForTaskToken": {
    "Type": "WaitForTaskToken",
    "Resource": "arn:aws:states:::lambda:invoke.waitForTaskToken",
    "Parameters": {
      "FunctionName": "my-function",
      "Payload": {
        "token.$": "$$.Task.Token",
        "input.$": "$"
      }
    },
    "Next": "NextState"
  }
}

---

AWS CloudFormation Advanced

Q474: How do you use nested stacks?

Answer:

# Parent stack
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  VPCStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/templates/vpc.yaml
      Parameters:
        VPCCidr: 10.0.0.0/16

Q475: How do you use stack sets for cross-account?

Answer:

# Create stack set
aws cloudformation create-stack-set \
  --stack-set-name cross-account-vpc \
  --template-body file://vpc.yaml \
  --permission-model SELF_MANAGED

# Add accounts
aws cloudformation create-stack-instances \
  --stack-set-name cross-account-vpc \
  --accounts '["111111111111","222222222222"]' \
  --regions '["us-east-1"]'

---

AWS CDK Advanced

Q476: How do you implement custom construct?

Answer:

from aws_cdk import core, aws_ec2 as ec2

class My VPC(core.Construct):
    def __init__(self, scope: core.Construct, id: str, **kwargs):
        super().__init__(scope, id, **kwargs)

        self.vpc = ec2.Vpc(self, "VPC", cidr="10.0.0.0/16")

Q477: How do you use CDK pipelines?

Answer:

from aws_cdk import pipelines

pipeline = pipelines.CodePipeline(
    self, "Pipeline",
    synth=pipelines.ShellStep("Synth",
        commands=["npm ci", "cdk synth"]
    )
)

---

AWS SAM Advanced

Q478: How do you use layers in SAM?

Answer:

template.yaml

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: python3.9
      Layers:
        - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:my-layer:1

Q479: How do you use local testing in SAM?

Answer:

# Start local API
sam local start-api

# Invoke function locally
sam local invoke MyFunction

# Generate sample event
sam local generate-event apigateway http-api-get > event.json

---

AWS CodeCommit

Q480: How do you create repository?

Answer:

# Create repository
aws codecommit create-repository \
  --repository-name my-repo \
  --repository-description "My repository"

---

AWS CodeArtifact

Q481: How do you create CodeArtifact domain?

Answer:

# Create domain
aws codeartifact create-domain \
  --domain my-domain

Q482: How do you create CodeArtifact repository?

Answer:

# Create repository
aws codeartifact create-repository \
  --domain my-domain \
  --repository my-repo

---

AWS X-Ray Advanced

Q483: How do you implement custom sampling?

Answer:

xray.json

{
  "rules": [
    {
      "description": "Sample 10% of requests",
      "fixed_rate": 0.1,
      "host": "*",
      "http_method": "*",
      "url_path": "*",
      "version": 1
    }
  ]
}

---

AWS Cost Anomaly Detection

Q484: How do you set up Cost Anomaly Detection?

Answer:

# Create anomaly monitor
aws cost-explorer create-anomaly-monitor \
  --anomaly-monitor '{
    "MonitorName": "my-monitor",
    "MonitorType": "DIMENSIONAL",
    "MonitorDimension": "SERVICE"
  }'

---

AWS Compute Optimizer

Q485: How do you enable Compute Optimizer?

Answer:

# Opt-in to Compute Optimizer
aws compute-optimizer update-enrollment-status \
  --status Active

---

AWS Trusted Advisor

Q486: How do you check Trusted Advisor?

Answer:

# Get Trusted Advisor checks
aws support describe-trusted-advisor-checks \
  --language en

# Get specific check
aws support describe-trusted-advisor-check-result \
  --check-id check-id \
  --language en

---

AWS Service Health Dashboard

Q487: How do you check service health?

Answer:

# Get health status
aws health describe-events \
  --filter '{"service":"EC2"}'

---

AWS Personal Health Dashboard

Q488: How do you check affected resources?

Answer:

# Get affected entities
aws health describe-affected-entities \
  --filter '{"eventArns":["arn:aws:health:us-east-1::event/"]}'

---

AWS Config Advanced

Q489: How do you use conformance packs?

Answer:

# Create conformance pack
aws configservice put-conformance-pack \
  --conformance-pack-name security-baseline \
  --template-s3-uri s3://bucket/template.yaml

---

AWS Network Manager

Q490: How do you set up Network Manager?

Answer:

# Create global network
aws networkmanager create-global-network \
  --description "My global network"

---

Questions 491-600 continue with more hands-on scenarios and real-world examples…