Cloud computing Flashcards
1
Q
What is Virtualisation
A
It is an abstraction of computing resources, a middle layer decoupling the underlying hardware from the software layer
2
Q
What is a hypervisor
A
Software that allows virtualisation by managing the resource capabilities from the hardware to the virtual machine.
3
Q
What are the types of hypervisors
A
Bare metal - Hypervisor runs over the physical device hardware (ESX, Microsoft Hyper V)
Hosted Hypervisor - The hypervisor is run over the OS of the host system, and guest Virtual machines on top of the hypervisor. (VMware workstation, Microsoft VPC)
4
Q
What are the benefits of cloud computing
A
Economies of scale - more user, less money
Cost effective
Increase speed and agility
5
Q
What are the main features of cloud security
A
Design for failure (availability), redundancy
6
Q
What are the types of databases
A
Relational, non relational
7
Q
What is an advantage of automatic scaling and monitoring
A
No need to predict resources
8
Q
What components does AMI have?
A
Root volume, launch permissions and what block volumes to attach
9
Q
What is the AWS EC2
A
Elastic Cloud Compute - it is a compute resource
10
Q
How is security implemented in your VPC
A
Security groups, Network Access Control Lists (ACLs), Access and identity management, Key Pairs
11
Q
What OS can you create an EC2 instance for?
A
Linux and Windows
12
Q
When launching an EC2 instance from an AMI you can
A
Launch multiple instances of the same type
13
Q
What can you configure in a VPC
A
IP range selection
Subnet creation
Route table configurations
Network gateways
14
Q
What does Amazon S3 store data as
A
Objects, within resources called buckets
15
Q
What does Elastic Beanstalk do?
A
Deploys, manages and scales web applications
16
Q
What does Amazon EC2 do?
A
Virtual Machines in the cloud. Gives you complete control over resources
17
Q
Define types of cloud computing models
A
Hybrid, On site and cloud computing
18
Q
Why is AWS more economical than traditional data centers for applications with varying compute workloads?
A
The resource based pay as you go service provided by AWS makes it more economical as services can be to scale and on demand, and it is billed monthly
19
Q
What are the AWS drivers of cost, and how are they billed?
A
Compute (Per second or hour)
Data transfer (per gb)
Storage (per gb)
20
Q
How do you pay for AWS?
A
Pay for what you use
Pay less when you reserve
Pay less as you use more
21
Q
What are the reserved instance types?
A
Reserved capacity saves 75% over on demand capacity.
NURI - no upfront payment reserved instance
PURI - partial upfront payment reserved instance
AURI - all upfront payment reserved instance
22
Q
What services can reserved instances be used for?
A
Amazon EC2 and RDS (relational database service)
23
Q
What are some free AWS services and what are they used for?
A
AWS IAM (Identity access management) allows you to control user access to services and resources
Amazon VPC (virtual private cloud) allows you to create a virtual network to deploy and run your applications in isolation
Elastic Beanstalk (deploy and manage applications)
24
Q
What are the differences between on premises vs cloud costs
A
Fixed costs in on premises are constant with the maintenance and space to have physical equipment
Cloud has pay as you go, scalability and no upfront expense
Things to think about are Server, storage, network and labour costs
25
What does the AWS Pricing calculator do?
It estimates monthly costs of use cases, opportunities to reduce them
26
What does AWS Organisations do?
Groups AWS accounts into a centrally managed organisation with consolidated billing. The account management can be group based, policy based and automated with APIs
27
What is the structure of a root AWS Organisation
Organisation has organisational units. Units have accounts. Service Control Policies are attached to either units or individual accounts
28
What do IAM policies control access to?
AWS Services, individual resources, API actions - to IAM groups, users or roles
29
What is the difference between AWS Organisation service control policies and IAM policies?
Organisation SCPs control access to services and specify the MAXIMUM permissions for an organisation, whereas IAM Policies control access to AWS services, individual resources and API Actions to users, groups and roles.
30
What are the ways of accessing AWS resources
GUI or AWS Management console
AWS CLI or Command Line Interface
Software Development Kits
HTTP Query APIs
31
What is the AWS Cost management service and what are its tools?
AWS Billing and Cost Managemen - AWS Cost and usage report, Budgets, and cost explorer
32
What are the three AWS Support tools?
TAM (Technical Account Manager)
AWS Trusted Advisor
AWS Support Concierge
33
What does TAM or technical account manager do?
Proactive guidance to plan, deploy and optimize
34
What does AWS Trusted Advisor do?
Best Practices to increase performance, security, cost optimization and fault tolerance
35
What are the four AWS Support plans?
Basic, Developer, Business (production), Enterprise (business and mission-critical)
36
What does AWS Support Concierge do?
Billing and Account expert
37
Describe the AWS Cloud infrastructure
The AWS Cloud is built on 22 regions. Each region has multiple availability zones. Each availability zone has multiple data centers
38
What factors should be considered when selecting a region?
Proximity due to law, latency, cost and services available within region
39
What is recommended to do across Availability zones to improve resilience
Replicate data and resources
40
How are Availability zones connected?
High bandwidth, low latency network with redundant fiber
41
How are data centers secure?
Redundant design, backup of critical systems across zones, secret locations, monitored servicing
42
What do points of presence consist of
Edge locations, regional edge caches to find the best way to route requests
43
What are regional edge caches used for?
Infrequently accessed content
44
What is Amazon CloudFront?
Content Delivery Network used to send data to customers with low latency
45
What is Amazon Route 53
DNS service (Domain name System) to route end users to internet
46
What are the main features of AWS Infrastructure?
Elasticity and Scalability
Fault Tolerance
High Availability
47
Name the Amazon Storage Services
Amazon S3, EBS, EFS, S3 Glacier
48
What is Amazon S3?
Amazon Simple Storage Service - persistent object storage with scalability, data availability, security, and performance
49
What is Amazon EBS?
Elastic block store - High-performance storage with intensive workloads, used with Amazon EC2.
50
What is Amazon EFS?
Elastic File System - Scalable Network File system to use with Cloud services and on premises resources.
51
What is Amazon Simple Storage Glacier?
Secure, durable low cost S3 cloud storage. For long term data backup
52
Name a few compute services
EC2, EC2 Auto Scaling, ECS, Elastic Beanstalk, AWS Lambda
53
What does Amazon EC2 Auto Scaling do?
Auto add or remove EC2 instances according to defined conditions
54
What does Amazon Elastic Container Service do?
High performance container management for Docker containers
55
What does Amazon elastic container registry do?
Fully managed Docker registry to store, manage and deploy Docker containers
56
What does AWS Lambda do?
Allows running code without provisioning or maintaining servers
57
Name the AWS Database services
Amazon RDS (Relational Database), Amazon Aurora, Amazon Redshift, Amazon DynamoDB
58
What does Amazon RDS do?
Set up, scale and operate a relational database in the cloud.
59
What does Amazon Aurora do?
MySQL and PostgreSQL compatible relational database.
60
What does Amazon Redshift do?
Runs analytic queries against data stored locally in Redshift or S3
61
What does Amazon DynamoDB do?
NoSQL High-speed non relational database service - items in the same table can have different attributes
62
List the networking and content delivery services
Amazon VPC, Elastic Load Balancing, Amazon CloudFront, Amazon Route 53, AWS VPN
63
What does Amazon Elastic Load Balancing do?
Automatically distributes traffic across multiple targets (EC2 instances, IP addresses, containers etc)
64
What does AWS VPN do?
Provides a secure private tunnel from your network to AWS global network
65
List the security, identity and compliance services.
AWS IAM, AWS Organisations, Amazon Cognito, AWS KMS, AWS Shield.
66
What does Amazon Cognito do?
You can add user sign up, sign in and access control to web applications
67
What does Amazon KMS do?
Amazon Key Management Service creates and manages keys to control encryption across services and application
68
What does AWS Shield do?
Managed DDoS protection service to safeguard applications.
69
List the management and governance services
CloudWatch, AWS Management Console, AWS Auto Scaling, AWS CLI, AWS CloudTrail
70
What does AWS Config do?
track resource inventory and changes in configurations.
71
What does Amazon CloudWatch do?
monitor resources and applications through metrics, perform ec2 actions,
72
What does Amazon Cloudtrail do?
Tracks user activity and API usage for 90 days or 3 months
73
What are the Amazon Service categories?
Computing, database, storage, security, network, cost management, management and governance
74
What are the main purposes of Amazon Shared responsibility?
Relieves the customer's operational burden, and gives the customer flexibility and control over resources
75
Who is responsible security OF the cloud - for protecting infrastructure (hardware, software, networking)
AWS
76
Who is responsible for security IN the cloud - encryption of data in rest and transit, security groups, configuration of OS.
Customer
77
What are some services managed by the customer?
IaaS services like EC2, EBS (Elastic Block Storage), Amazon VPC
78
What are some services managed by AWS
PaaS Services - Lambda, Amazon RDS, Elastic Beanstalk
79
What are the types of services offered in IT?
IaaS, PaaS, SaaS - Infrastructure, Platform, Software
80
What are some SaaS in AWS?
AWS CloudWatch, AWS Shield, Trusted Advisor, Redshift
81
What is an IAM user?
Person or application with access to an AWS Account
82
What is an IAM group?
Collection of IAM users with the same permissions
83
What is an IAM policy
Document that governs user/group authorisation to use resources and specific actions within resources
84
What is an IAM role?
IAM identity with specific permissions, assumable by a user, application or service
85
What are the types of accesses for IAM users?
Management console access - username, password, account ID
Programmatic access - Access key ID, secret access key
86
What is IAM MFA?
Increased security - unique authentication code apart from username and password.
87
What is authorisation?
What actions are permitted through an IAM policy
88
What are the principles of authorisation in IAM?
Principle of least privilege
All permissions are implicitly denied by default
89
What are the two types of IAM policies?
Identity based - attached to entity and resource based - attached to resource
90
What are the two types of identity based policies?
Inline policy - Embedded directly into a single user or role
Managed policy - standalone policies that can be attached to an entity
91
Discuss the account root access vs IAM access
Best practice is to never use root user except when necessary as it has full access to all resources
IAM access has integration with all services and secure application access
92
What are the steps to secure a new AWS Account
1. Stop using the root user account
2. Enable Multi Factor Authorisation
3. Use AWS CloudTrail
4. Enable a billing report (AWS cost and usage report)
93
How is security of data in rest managed?
By KMS with secret keys
94
How is security of data in transit managed?
TLS or Transport Layer Security protocol.
95
What are the AWS Compliance categories?
Certificates and Attestations
Laws, regulations and privacy
Alignments and frameworks
96
How are VPCs and Subnets related?
A VPC has a range of network addresses, which can be divided into subnets in each availability zone. Subnets can be public or private
97
What are the largest and smallest CIDR Blocks?
classless inter domain route
/16 and /28 that a VPC is assigned to
98
How many addresses are available to use in each subnet and what are the reserved addresses?
251, as .0, and .255 ar used for network and broadcast, and 1,2,3 are used for internal communication, DNS and future use.
99
What are the public address IP types?
Public address and elastic IPv4 address - can be reallocated at any time
100
What is an elastic network interface?
A virtual network interface that an address can be attached to and configured. They can be attached or detached to instances to direct network traffic
101
What is a route table?
Specifies destination (a vpc cidr block) and target to direct network traffic
102
What is an internet gateway?
Scalable, redundant VPC component to facilitate VPC instance communication with the internet and perform NAT
103
What does VPC sharing do?
Enables customers to share subnets with other accounts in the same organisations. Multiple accounts can create their application resources into centrally managed VPCs.
104
What are the benefits of VPC sharing
Duty seperation
Ownership
Security groups
Efficiency
Optimisation
Fewer, larger centrally managed VPCs
105
What is VPC peering?
A connection between two VPCs to privately route traffic
106
How does site-to-site VPN work?
Subnet -> route table -> Virtual gateway -> internet site to site connection -> customer gateway -> data center
107
What does a VPC endpoint do?
Virtual device that connects VPC to supported resources privately
108
What does AWS TransitGateway do?
Simplifies the networking model by making a single connection from the gateway to each VPC
109
What is a security group in a VPC?
A virtual firewall for an instance to control inbound and outbound traffic
110
What is a Access Control List in a VPC?
Security layer for a subnet to control traffic
111
How does Amazon Route 53 ensure availability?
Configures backup and failover for applications
Enables multi region architectures
Creates health checks
112
What are the benefits of CloudFront?
High speed
Cost effective
Highly programmable
113
What are some example uses of EC2?
Traditional on-premises server uses like App and web servers, Game server, Database server
114
What are some characteristics of EC2 instances?
Can be any size in any availability zone
Launched from AMIs (VM templates)
Launched in minutes
Traffic can be controlled to and from
115
What is an AMI?
A template of a VM, with either Windows or Linux OS and some preinstalled software
116
What do instance types comprise of?
CPU, memory, storage and networking capacities
117
Provide a breakdown of how instance types are named eg t2.micro
t2.micro - T is the family, number is the generation and micro is the size
118
What are the different instance types useful for?
T3 is general purpose, C5 is compute intensive workloads and R5 are memory-intensive.
119
What can user data do?
Automate installation and configuration at launch
120
What are the Amazon EC2 storage options?
Elastic Block Storage (EBS) - durable block storage
EC2 Instance store - Ephemeral storage
121
How can an instance in EC2 be created?
Through the Management console or the AWS CLI
122
What are the four pillars of cost optimization?
Size, Elasticity, Optimal pricing, Optimal storage
123
What is a container?
Method of OS virtualisation - repeatable, sandboxed and fast
124
What is docker?
Software platform to build, test and deploy applications quickly
125
What is the difference between containers and virtual machines
VMs need one instance of EC2 for each system, while containers only need one.
126
What is the difference between block and object storage
Block storage is faster and data can be managed within each block, whereas object storage needs to be fully updated
127
What are EBS features?
Snapshots, encryption, Elasticity
128
What are lifecycle policies
Enable you to delete or move objects based on age (standard - infrequent access - glacier)
129
What database types can be used with RDS
MariaDB, PostgreSQL, mySQL, Microsoft SQLServer and Oracle
130
What is the AWS well architected framework?
Guide for designing secure, high performance, resilient and efficient cloud infrastructure
131
What are the six pillars of the well architected framework
Operational excellence - automate changes, responding and defining daily operations
Security - protect confidentiality, system, aaa
Reliability - recovery planning, distributed systems
Performance Efficiency - meet system requirements, monitor performance, make informed decisions
Cost Optimisation - Avoid unnecessary cost, select resources, control spending
Sustainability
Fault tolerance - Not one singular point of failure
132
What are the design principles of the well architected framework?
Each pillar includes its own set of design principles
133
What is the importance of reliability and high availability?
Reliability is providing functionality when desired: Mean time between failures
High availability is the property of the system withstanding failure while still being available, minimal downtime
134
What are factors that affect availability
Fault tolerance, scaling, recoverability
135
What is design for failure?
Fault Tolerance
