Cantrill Slides

Question 1

What are the 5 key features of Cloud Computing?

Answer 1

• On-demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• measured service

Question 2

What is Hybrid Cloud?

Answer 2

Using Public Cloud and Private Cloud

Question 3

What is private cloud?

Answer 3

Using on-remises cloud, Ie, AWS Outposts

Question 4

What are the 9 parts of the infrastructure stack?

Answer 4

• Application
• Data
• Runtime
• Container
• O/S
• Virtualisation
• Servers
• Infrastructure
• Facilities

Question 5

What level of the infrastructure stack is IaaS?

Answer 5

O/S

Question 6

What level of the infrastructure stack is PaaS?

Answer 6

Runtime

Question 7

What level of the infrastructure stack is SaaS?

Answer 7

Application

Question 8

What are the parts of the OSI 7-Layer model?

Answer 8

• Layer 7 - Application (Host Layer)
• Layer 6 - Presentation (Host Layer)
• Layer 5 - Session (Host Layer)
• Layer 4 - Transport (Host Layer)
• Layer 3 - Network (Media Layer)
• Layer 2 - Data Link(Media Layer)
• Layer 1 - Physical (Media Layer)

Question 9

What are three different network zones?

Answer 9

• “Public Internet” zone
• “AWS Public” zone
• “AWS Private” zone

Question 10

3 features on AWS Regions

Answer 10

• Geographic separation
• Geopolitical separation
• location control

Question 11

3 levels of service resilience

Answer 11

• Globally resilient
• region resilient
• AZ resilient

Question 12

How many accounts and regions can a VPC be within?

Answer 12

1 and 1

Question 13

What is the default VPC CIDR?

Answer 13

172.31.0.0/16

Question 14

True or False; Default VPC subnets assign public IPv4 addresses?

Answer 14

True

Question 15

What … as a Service is EC2?

Answer 15

IaaS

Question 16

How are on-demand EC2 instances billed?

Answer 16

per second

Question 17

What 3 things does an AMI contain?

Answer 17

• Permissions
• Root volume
• Block device mapping

Question 18

In S3 what are the key and values?

Answer 18

Key = name of file
Value = content being stored

Question 19

4 S3 bucket name rules

Answer 19

• Must be globally unique
• 3 - 63 characters, all lower case, no underscores
• start with a lowercase letter or a number
• can’t be IP formatted e.g. 1.1.1.1

Question 20

How many S3 buckets can you have?

Answer 20

• 100 soft limit
• 1,000 hard limit per account

Question 21

How many objects can you have in an S3 bucket?

Answer 21

Unlimited

Question 22

What type of storage is S3?

Answer 22

Object store

Question 23

Are S3 buckets mountable?

Answer 23

No

Question 24

What does CloudWatch do?

Answer 24

Collects and manages operational data

Question 25

What is High-Availability?

Answer 25

Short: Minimise any outages

Long:
HA aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period

Question 26

What is Fault Tolerance (FT)?

Answer 26

Short: Operate through faults

Long: FT is the property that enable a system to continue operating properly in the event of the failure of some (one or more faults within) of its components

Question 27

What is Disaster Recovery (DR)?

Answer 27

Short: Used when high availability and fault-tolerance don’t work

Long: a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster

Question 28

Route53 basic tasks (2):

Answer 28

1- Register domains
2 - Host Zones… managed nameservers

Question 29

What do A records refer to?

Answer 29

IPv4

Question 30

What do AAAA records refer to?

Answer 30

IPv6

Question 31

What are IAM users and when are they used?

Answer 31

IAM Users are an identity used for anything requiring long-term AWS access, e.g. Humans, Applications or Service Accounts

Question 32

What does an Amazon Resource Name (ARN) do?

Answer 32

Uniquely identify resources within any AWS accounts

Question 33

What is the max number of IAM users per account?

Answer 33

5,000

Question 34

How many groups can a IAM user be a member of?

Answer 34

10 groups

Question 35

What are IAM Groups

Answer 35

IAM Groups are containers for IAM Users

Question 36

True or False; Group are not a true identity?

Answer 36

True, they can’t be referenced as a principle in a policy

Question 37

What are Service Control Policies (SCPs)?

Answer 37

• Account permissions boundaries, they limit what the account (including account root user) can do.
• They don’t grant any permissions

Question 38

Are service control policies allow or deny?

Answer 38

Both

Question 39

What does CloudTrail do?

Answer 39

Logs API calls/activities as a CloudTrail Event

Question 40

How long is CloudTrail data stored by default in Event History?

Answer 40

90 days

Question 41

Is CloudTrail realtime?

Answer 41

No

Question 42

What is AWS Control Tower?

Answer 42

It provides quick and easy setup of a multi-account environment and orchestrates other AWS services to provide this functionality

Question 43

What are Control Tower Guard Rails?

Answer 43

They Detect/Mandate rules/standards across all accounts

Question 44

What is Control Tower Account Factory?

Answer 44

It Automates and Standardises new account creation

Question 45

What 3 AWS services are used to build AWS Control Tower - Landing Zone?

Answer 45

• AWS Organisations
• AWS Config
• AWS CloudFormation

Question 46

True or False; S3 is private by default?

Answer 46

True

Question 47

Are bucket policies allow or deny?

Answer 47

Both

Question 48

What is Key Management Service (KMS)?

Answer 48

• a Regional and Public service
• create, store and manage keys

Question 49

True or False; with KMS, keys never leave KMS?

Answer 49

True

Question 50

What is the max data size that can be used for KMS keys?

Answer 50

4KB

Question 51

True or False; S3 buckets can be encrypted?

Answer 51

False; Buckets aren’t encrypted, objects are

Question 52

What is the S3 default bucket encryption?

Answer 52

AES256

Question 53

How are you charged for S3 standard?

Answer 53

• GB/m fee for data stored
• $ per GB for transfer out
• price per 1,000 requests

Question 54

How many AZs is S3 data replicated over?

Answer 54

3 AZs

Question 55

When to use S3 standard?

Answer 55

For frequently accessed data which is important and non-replaceable

Question 56

How are you charged for S3 Standard IA?

Answer 56

per GB data retrieval fee

Question 57

True or False; S3 Standard IA has a minimum duration charge?

Answer 57

True, 30 days

Question 58

When to use S3 Standard IA?

Answer 58

For long-lived data, which is important but where access is infrequent

Question 59

How are you charged for S3 One Zone-IA?

Answer 59

per GB of data retrieval fee

Question 60

True or False; S3 One Zone-IA has a minimum duration charge?

Answer 60

True, 30 days

Question 61

When should you use S3 One Zone-IA?

Answer 61

long-lived data which is non-critical and replaceable and where access is infrequent

Question 62

How are you charged for S3 Glacier Instant?

Answer 62

per GB data retrieval fee

Question 63

True or False; S3 Glacier instance has a minimum duration charge?

Answer 63

True, 90 days

Question 64

When should you use S3 Glacier Instant?

Answer 64

for long-lived data, accessed once per quarter with millisecond access

Question 65

True or False S3 Glacier Flexible object can be made publicly accessible?

Answer 65

False

Question 66

When should you use S3 Glacier Flexible?

Answer 66

For archival data where frequent or realtime access isn’t needed (eg yearly), with retrieval time of minutes to hours

Question 67

True or False S3 Glacier Deep Archive object can be made publicly accessible?

Answer 67

False

Question 68

When should you use S3 Glacier Deep Archive?

Answer 68

For archival data that rarely if ever needs to be accessed - hours or days for retrieval

Question 69

What is S3 Intelligent Tiering?

Answer 69

Intelligent Tiering monitors and automatically moves any objects not accessed for 30 days to a low cost infrequent access tier, and eventually to archive instant access, archive access or deep archive tiers

Question 70

True or False; with S3 Intelligent Tiering, as objects are accessed, they are moved back to the frequent access tier?

Answer 70

True

Question 71

How are you charged for S3 Intelligent Tiering?

Answer 71

monitoring and automation costs per 1,000 objects

Question 72

When should S3 intelligent tiering be used?

Answer 72

For long-lived data, with changing or unknown patterns

Question 73

Why use Same Region Replication (SRR)?

Answer 73

• Log aggregation
• Prod & Test sync
• Resilience with strict sovereignity

Question 74

Why use Cross Region Replication?

Answer 74

• Global Resilience Improvement
• Latency Reduction

Question 75

For S3 presignedURLs, what permissions are granted?

Answer 75

The permissions match the identity which generated it

Question 76

True or False; you can create a presignedURL for an object you have no access to?

Answer 76

True

Question 77

For S3 presignedURLs, what could access denied mean?

Answer 77

the generating ID:
- never had access … or
- doesn’t have access now

Question 78

What is S3/Glacier Select?

Answer 78

Let’s you use SQL-like statements to select part of the object, pre-filtered by S3. So you don’t need to retrieve the entire object (quicker retrieval and uses less data)

Question 79

What are S3 Event Notifications?

Answer 79

Notification generated when events occur in a bucket

Question 80

What is WORM?

Answer 80

Write-Once-Read-Many

Question 81

True or False; S3 Object Lock requires versioning?

Answer 81

True

Question 82

True or False; the account root user can modify S3 object that have object lock enabled?

Answer 82

False, the root user can’t adjust, delete or overwrite until retention expires

Question 83

What does an S3 Legal Hold do?

Answer 83

It locks an object version until the legal hold is removed, no deletes or changes can be made

Question 84

What are the two types of S3 Object Lock?

Answer 84

• Compliance
• Governance

Question 85

What is S3 Object Lock Compliance mode?

Answer 85

• Object version can’t be deleted or updated
• Retention period can’t be shortened
• Compliance mode can’t be changed, even by the root user

Question 86

What is S3 Object Lock Governance mode?

Answer 86

An object version is locked until the retention period expires, except special permissions can be granted allowing lock settings to be adjusted:
s3:BypassGovernanceRetention

Question 87

What is an Internet Gateway?

Answer 87

A region resilient gateway attached for a VPC that runs from within the AWS Public Zone