AZ-900 1.3: Cloud Service Types (Study Guide) Flashcards
What is a common marketing practice regarding cloud products that can lead to confusion?
Many cloud products are branded as “something as a service,” which can be confusing because the differences between these services can be unclear. This branding often focuses on marketing hype rather than specific service distinctions, making it difficult to understand what each service truly does.
1.3.1
What are the three core cloud service types?
The three core cloud service types are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These categories provide clear divisions in responsibility and flexibility between the cloud vendor and the customer.
1.3.1
How does the level of control over a cloud solution relate to customer responsibility?
Generally, the more control a customer wants over their cloud solution, the more responsibility they must take on for managing it. Higher control and customization often involve more aspects of the service that the customer needs to oversee and maintain themselves.
1.3.1
What types of services are managed by the cloud vendor in Infrastructure as a Service (IaaS)?
In IaaS, the cloud vendor manages all the physical infrastructure, including data centers, network cabling, and physical servers. This means that customers don’t have to worry about the hardware, but they are responsible for managing everything within that infrastructure.
1.3.1
What additional responsibilities are often offloaded to the cloud vendor in Platform as a Service (PaaS), compared to IaaS?
Compared to IaaS, PaaS offloads the responsibility for managing operating systems, software licensing, development tools, management, databases, and business analytics. This provides a more comprehensive set of tools without requiring direct oversight of these core systems.
1.3.1
What is the primary focus of Software as a Service (SaaS)?
The primary focus of SaaS is the end-user experience by offering ready-to-use applications that customers can access and start using right away. The goal is to provide a functional application that customers can subscribe to and utilize without the need for in-depth configuration.
1.3.1
What are the main characteristics of IaaS regarding control and customer responsibility?
IaaS provides the greatest level of control and customization, allowing users to tailor their infrastructure to specific needs. However, this also means that customers have significantly more responsibility for managing their allocated resources, such as the operating system.
1.3.1
How is PaaS described in terms of its nature and payment model?
PaaS is described as prepackaged cloud solutions designed to meet specific requirements for application or solution deployment, with a pay-for-what-you-use or need to consume payment model. This approach provides less control than IaaS but also requires less management overhead.
1.3.1
How is the user experience different between PaaS and SaaS?
With PaaS, users usually still need to develop and configure their applications, using the prepackaged platform provided. In contrast, SaaS focuses entirely on the end-user experience with ready-to-use applications, requiring no development on the customer’s part.
1.3.1
How does SaaS compare to IaaS and PaaS in terms of management overhead?
SaaS requires the least amount of management overhead among the three cloud service types. Since applications are fully hosted and ready for use, the customer’s involvement is primarily in the usage rather than the management of the system.
1.3.1
What is the core idea behind Infrastructure as a Service (IaaS)?
IaaS is essentially a pay-as-you-go managed IT infrastructure, focusing on providing access to virtualized computing resources over the internet. It is the base layer for other cloud services, and the key term is “infrastructure”.
1.3.2
What does a cloud vendor manage in an IaaS model?
In an IaaS model, the cloud vendor is responsible for all the physical infrastructure, including the physical data center, networking, and servers (hypervisors).
1.3.2
What is a virtual machine (VM)?
A virtual machine (VM) is a virtualized version of a physical computer. It has all the necessary components of a physical computer, such as CPU, memory, and storage.
1.3.2
What components does a virtual machine have?
A VM includes components like CPU, memory, disk storage for the operating system and data, networking capabilities for communication, and an operating system (typically Windows or Linux).
1.3.2
What is a hypervisor, and what is its purpose?
A hypervisor is a physical server that hosts multiple virtual machines. Its purpose is to manage and provide the resources needed for all the VMs running on it.
1.3.2
Who manages the physical server (hypervisor) in a cloud-based IaaS model?
In a cloud-based IaaS model, the cloud vendor manages the physical server (hypervisor), including hardware and maintenance.
1.3.2
Are the virtual machines on the same hypervisor aware of each other?
No, the virtual machines on the same hypervisor are completely isolated from each other, existing as independent entities.
1.3.2
What are the main capabilities of a VM?
VMs have almost all the same capabilities as a physical computer. Any software that can run on a physical machine can also run on a VM, unless you need physical ports.
1.3.2
What is a customer responsible for when using IaaS?
A customer using IaaS is responsible for managing almost everything else besides physical infrastructure, including the operating system, software updates, user access, and network configurations (firewalls).
1.3.2
What is the trade-off of using IaaS in terms of control and responsibility?
IaaS provides a high level of control and customization but this comes with more responsibility, in terms of managing the VM’s software and configurations.
1.3.2
What is the primary difference in management responsibility between Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)?
PaaS takes on management of the operating system, development tools, databases, and other services, whereas IaaS focuses primarily on the physical hardware and virtualization. This means the customer manages less with PaaS.
1.3.3
Explain why PaaS is described as a “managed” service.
PaaS is described as managed because the cloud vendor manages the underlying infrastructure including the operating system, which simplifies the customer’s responsibilities by having the vendor handle key maintenance tasks such as updates.
1.3.3
Give three common examples of PaaS cloud services.
Common examples include managed databases, software development tools (DevOps), and web app deployment services which allow customers to easily deploy software applications.
1.3.3
How does serverless computing differ from traditional PaaS offerings?
Serverless computing abstracts away all resource management, allowing users to run code in response to events without thinking about infrastructure. Traditional PaaS still may require some resource management by the customer.
1.3.3
What is a major trade-off of using PaaS compared to using IaaS?
The major trade-off of using PaaS is reduced control and flexibility over the infrastructure. This can limit deep customizations that might be needed for some applications or compliance requirements.
1.3.3
Explain the shared responsibility model in PaaS.
The shared responsibility model in PaaS varies depending on the specific service, but generally, the cloud vendor handles the underlying OS management, while the customer may have responsibility for parts of the network, applications, and identity management.
1.3.3
What role do prepackaged services play in PaaS offerings?
Prepackaged services in PaaS provide ready-to-use solutions for specific use cases such as databases, storage, and security. These solutions allow customers to focus on developing apps or solutions instead of building infrastructure.
1.3.3
How does PaaS contribute to faster application development?
PaaS contributes to faster development by removing the need to manage infrastructure aspects of application development. This allows developers to focus more on their specific applications.
1.3.3
How does PaaS help businesses manage and analyze data?
PaaS offers business analytics and intelligence tools that enable businesses to analyze large amounts of data to find patterns and insights for better decision making.
1.3.3
Describe a pricing advantage of serverless computing.
Serverless computing is often priced on a pay-per-use model, meaning you are only charged when the code runs, reducing costs compared to paying for idle resources.
1.3.3
What is the core technical definition of Software as a Service (SaaS)?
Software as a Service is a cloud-based application. It is fully functional software that is hosted and accessed over the internet.
1.3.4
What is the typical pricing model for SaaS products, and how does it differ from traditional software licensing?
The typical pricing model for SaaS products is subscription-based, where users pay a monthly or yearly fee for access, unlike traditional software which often involves a one-time purchase.
1.3.4
According to the shared responsibility model, what are the primary responsibilities of the cloud vendor in a SaaS offering?
In SaaS, the vendor manages all physical infrastructure, operating systems, development tools, middleware, and the application itself. They handle all the hosting and scaling of the application.
1.3.4
According to the shared responsibility model, what are the primary responsibilities of the customer when utilizing SaaS?
The customer is responsible for managing user accounts and identities, authentication requirements (including MFA), devices accessing the software, and data stored within the application.
1.3.4
What is the relationship between SaaS and the other cloud service models like Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)?
SaaS applications are built upon and hosted using underlying IaaS and PaaS services. SaaS does not exist independently from IaaS and PaaS.
1.3.4
Give three examples of popular SaaS applications mentioned in the source.
Microsoft 365, Zoom, Salesforce, and Slack are examples of popular SaaS applications.
1.3.4
What are the key benefits of using SaaS for an end user or organization, and how is it different from traditional software?
Key benefits include instant access, scalability, pre-configuration, and no hosting responsibilities for the user, making it more convenient than traditional software that might require downloads and updates.
1.3.4
What does it mean that SaaS is “ready to use out of the box”?
“Ready to use out of the box” means that SaaS applications are preconfigured and functional immediately after access, with minimal configuration needed by the user, often simply needing login credentials.
1.3.4
What are the trade-offs for the customer when it comes to licensing in the SaaS model?
While SaaS licensing is simple with subscription models, customers do not own the software. They are essentially renting the software for as long as they pay the subscription fee.
1.3.4
Explain how a SaaS product is a “complete software solution.”
A SaaS product is a complete software solution because it includes all the necessary components from the application to the hosting and access. The end-user need not worry about anything except usage.
1.3.4
What is the primary objective of implementing a defense in depth strategy?
The primary objective of defense in depth is to protect data from being accessed by unauthorized users or malicious actors. This involves implementing multiple layers of security to prevent data breaches.
1.3.5
Explain how the medieval castle analogy helps to illustrate the concept of defense in depth.
The medieval castle analogy represents multiple layers of defense with a moat, walls, guards, and other fortifications. These overlapping defenses illustrate how multiple obstacles can protect the central asset (the king, or in technology, data).
1.3.5
Why is physical security considered the first line of defense in a defense in depth strategy?
Physical security acts as the first line of defense by guarding access to the physical hardware where data is stored. In cloud computing, this is typically handled by the vendor, ensuring secure access to data centers and servers.
1.3.5
What is the primary focus of the identity and access layer within a security framework?
The identity and access layer focuses on securing user identities on a network. This includes granting access only on a need-to-know basis, and properly managing user credentials.
1.3.5
What kind of network-based attacks does the perimeter layer typically protect against?
The perimeter layer typically protects against attacks from the internet edge, such as DDoS attacks, and utilizes firewalls to identify and block potential network threats.
1.3.5
How does the network layer differ from the perimeter layer in the context of defense in depth?
While both deal with networks, the perimeter layer focuses on the outer edge or public internet while the network layer focuses on limiting communication within the network. It manages connections between resources and secure connections to on-premises resources.
1.3.5
What is the primary focus of the compute layer in a defense in depth strategy?
The compute layer focuses on securing virtual machines, which includes protecting the individual machines, operating systems, and associated software, and is especially important within Infrastructure-as-a-Service models.
1.3.5
What are the main concerns of the application layer in a defense in depth strategy?
The application layer addresses vulnerabilities in the applications themselves and is focused on securing access through secure secrets management. It also incorporates building applications from the ground up with security in mind.
1.3.5
Why is the data layer considered the most important layer of defense in depth?
The data layer is considered the most important because data is the ultimate target of attackers, so the goal of any layered defense is to ultimately protect that data by controlling access, limiting exposure, and securing storage, whether in databases, disks, or software-as-a-service applications.
1.3.5
Explain how the concept of shared responsibility relates to the different layers of defense in the cloud.
The shared responsibility model dictates that the cloud vendor and the user share security responsibilities depending on the service type. For instance, vendors handle physical security while users may be responsible for application or data security.
1.3.5
