Cloud computing

Question 1

What is Virtualisation

Answer 1

It is an abstraction of computing resources, a middle layer decoupling the underlying hardware from the software layer

Question 2

What is a hypervisor

Answer 2

Software that allows virtualisation by managing the resource capabilities from the hardware to the virtual machine.

Question 3

What are the types of hypervisors

Answer 3

Bare metal - Hypervisor runs over the physical device hardware (ESX, Microsoft Hyper V)

Hosted Hypervisor - The hypervisor is run over the OS of the host system, and guest Virtual machines on top of the hypervisor. (VMware workstation, Microsoft VPC)

Question 4

What are the benefits of cloud computing

Answer 4

Economies of scale - more user, less money
Cost effective
Increase speed and agility

Question 5

What are the main features of cloud security

Answer 5

Design for failure (availability), redundancy

Question 6

What are the types of databases

Answer 6

Relational, non relational

Question 7

What is an advantage of automatic scaling and monitoring

Answer 7

No need to predict resources

Question 8

What components does AMI have?

Answer 8

Root volume, launch permissions and what block volumes to attach

Question 9

What is the AWS EC2

Answer 9

Elastic Cloud Compute - it is a compute resource

Question 10

How is security implemented in your VPC

Answer 10

Security groups, Network Access Control Lists (ACLs), Access and identity management, Key Pairs

Question 11

What OS can you create an EC2 instance for?

Answer 11

Linux and Windows

Question 12

When launching an EC2 instance from an AMI you can

Answer 12

Launch multiple instances of the same type

Question 13

What can you configure in a VPC

Answer 13

IP range selection
Subnet creation
Route table configurations
Network gateways

Question 14

What does Amazon S3 store data as

Answer 14

Objects, within resources called buckets

Question 15

What does Elastic Beanstalk do?

Answer 15

Deploys, manages and scales web applications

Question 16

What does Amazon EC2 do?

Answer 16

Virtual Machines in the cloud. Gives you complete control over resources

Question 17

Define types of cloud computing models

Answer 17

Hybrid, On site and cloud computing

Question 18

Why is AWS more economical than traditional data centers for applications with varying compute workloads?

Answer 18

The resource based pay as you go service provided by AWS makes it more economical as services can be to scale and on demand, and it is billed monthly

Question 19

What are the AWS drivers of cost, and how are they billed?

Answer 19

Compute (Per second or hour)
Data transfer (per gb)
Storage (per gb)

Question 20

How do you pay for AWS?

Answer 20

Pay for what you use
Pay less when you reserve
Pay less as you use more

Question 21

What are the reserved instance types?

Answer 21

Reserved capacity saves 75% over on demand capacity.
NURI - no upfront payment reserved instance
PURI - partial upfront payment reserved instance
AURI - all upfront payment reserved instance

Question 22

What services can reserved instances be used for?

Answer 22

Amazon EC2 and RDS (relational database service)

Question 23

What are some free AWS services and what are they used for?

Answer 23

AWS IAM (Identity access management) allows you to control user access to services and resources

Amazon VPC (virtual private cloud) allows you to create a virtual network to deploy and run your applications in isolation

Elastic Beanstalk (deploy and manage applications)

Question 24

What are the differences between on premises vs cloud costs

Answer 24

Fixed costs in on premises are constant with the maintenance and space to have physical equipment

Cloud has pay as you go, scalability and no upfront expense

Things to think about are Server, storage, network and labour costs

Question 25

What does the AWS Pricing calculator do?

Answer 25

It estimates monthly costs of use cases, opportunities to reduce them

Question 26

What does AWS Organisations do?

Answer 26

Groups AWS accounts into a centrally managed organisation with consolidated billing. The account management can be group based, policy based and automated with APIs

Question 27

What is the structure of a root AWS Organisation

Answer 27

Organisation has organisational units. Units have accounts. Service Control Policies are attached to either units or individual accounts

Question 28

What do IAM policies control access to?

Answer 28

AWS Services, individual resources, API actions - to IAM groups, users or roles

Question 29

What is the difference between AWS Organisation service control policies and IAM policies?

Answer 29

Organisation SCPs control access to services and specify the MAXIMUM permissions for an organisation, whereas IAM Policies control access to AWS services, individual resources and API Actions to users, groups and roles.

Question 30

What are the ways of accessing AWS resources

Answer 30

GUI or AWS Management console
AWS CLI or Command Line Interface
Software Development Kits
HTTP Query APIs

Question 31

What is the AWS Cost management service and what are its tools?

Answer 31

AWS Billing and Cost Managemen - AWS Cost and usage report, Budgets, and cost explorer

Question 32

What are the three AWS Support tools?

Answer 32

TAM (Technical Account Manager)
AWS Trusted Advisor
AWS Support Concierge

Question 33

What does TAM or technical account manager do?

Answer 33

Proactive guidance to plan, deploy and optimize

Question 34

What does AWS Trusted Advisor do?

Answer 34

Best Practices to increase performance, security, cost optimization and fault tolerance

Question 35

What are the four AWS Support plans?

Answer 35

Basic, Developer, Business (production), Enterprise (business and mission-critical)

Question 36

What does AWS Support Concierge do?

Answer 36

Billing and Account expert

Question 37

Describe the AWS Cloud infrastructure

Answer 37

The AWS Cloud is built on 22 regions. Each region has multiple availability zones. Each availability zone has multiple data centers

Question 38

What factors should be considered when selecting a region?

Answer 38

Proximity due to law, latency, cost and services available within region

Question 39

What is recommended to do across Availability zones to improve resilience

Answer 39

Replicate data and resources

Question 40

How are Availability zones connected?

Answer 40

High bandwidth, low latency network with redundant fiber

Question 41

How are data centers secure?

Answer 41

Redundant design, backup of critical systems across zones, secret locations, monitored servicing

Question 42

What do points of presence consist of

Answer 42

Edge locations, regional edge caches to find the best way to route requests

Question 43

What are regional edge caches used for?

Answer 43

Infrequently accessed content

Question 44

What is Amazon CloudFront?

Answer 44

Content Delivery Network used to send data to customers with low latency

Question 45

What is Amazon Route 53

Answer 45

DNS service (Domain name System) to route end users to internet

Question 46

What are the main features of AWS Infrastructure?

Answer 46

Elasticity and Scalability
Fault Tolerance
High Availability

Question 47

Name the Amazon Storage Services

Answer 47

Amazon S3, EBS, EFS, S3 Glacier

Question 48

What is Amazon S3?

Answer 48

Amazon Simple Storage Service - persistent object storage with scalability, data availability, security, and performance

Question 49

What is Amazon EBS?

Answer 49

Elastic block store - High-performance storage with intensive workloads, used with Amazon EC2.

Question 50

What is Amazon EFS?

Answer 50

Elastic File System - Scalable Network File system to use with Cloud services and on premises resources.

Question 51

What is Amazon Simple Storage Glacier?

Answer 51

Secure, durable low cost S3 cloud storage. For long term data backup

Question 52

Name a few compute services

Answer 52

EC2, EC2 Auto Scaling, ECS, Elastic Beanstalk, AWS Lambda

Question 53

What does Amazon EC2 Auto Scaling do?

Answer 53

Auto add or remove EC2 instances according to defined conditions

Question 54

What does Amazon Elastic Container Service do?

Answer 54

High performance container management for Docker containers

Question 55

What does Amazon elastic container registry do?

Answer 55

Fully managed Docker registry to store, manage and deploy Docker containers

Question 56

What does AWS Lambda do?

Answer 56

Allows running code without provisioning or maintaining servers

Question 57

Name the AWS Database services

Answer 57

Amazon RDS (Relational Database), Amazon Aurora, Amazon Redshift, Amazon DynamoDB

Question 58

What does Amazon RDS do?

Answer 58

Set up, scale and operate a relational database in the cloud.

Question 59

What does Amazon Aurora do?

Answer 59

MySQL and PostgreSQL compatible relational database.

Question 60

What does Amazon Redshift do?

Answer 60

Runs analytic queries against data stored locally in Redshift or S3

Question 61

What does Amazon DynamoDB do?

Answer 61

NoSQL High-speed non relational database service - items in the same table can have different attributes

Question 62

List the networking and content delivery services

Answer 62

Amazon VPC, Elastic Load Balancing, Amazon CloudFront, Amazon Route 53, AWS VPN

Question 63

What does Amazon Elastic Load Balancing do?

Answer 63

Automatically distributes traffic across multiple targets (EC2 instances, IP addresses, containers etc)

Question 64

What does AWS VPN do?

Answer 64

Provides a secure private tunnel from your network to AWS global network

Question 65

List the security, identity and compliance services.

Answer 65

AWS IAM, AWS Organisations, Amazon Cognito, AWS KMS, AWS Shield.

Question 66

What does Amazon Cognito do?

Answer 66

You can add user sign up, sign in and access control to web applications

Question 67

What does Amazon KMS do?

Answer 67

Amazon Key Management Service creates and manages keys to control encryption across services and application

Question 68

What does AWS Shield do?

Answer 68

Managed DDoS protection service to safeguard applications.

Question 69

List the management and governance services

Answer 69

CloudWatch, AWS Management Console, AWS Auto Scaling, AWS CLI, AWS CloudTrail

Question 70

What does AWS Config do?

Answer 70

track resource inventory and changes in configurations.

Question 71

What does Amazon CloudWatch do?

Answer 71

monitor resources and applications through metrics, perform ec2 actions,

Question 72

What does Amazon Cloudtrail do?

Answer 72

Tracks user activity and API usage for 90 days or 3 months

Question 73

What are the Amazon Service categories?

Answer 73

Computing, database, storage, security, network, cost management, management and governance

Question 74

What are the main purposes of Amazon Shared responsibility?

Answer 74

Relieves the customer’s operational burden, and gives the customer flexibility and control over resources

Question 75

Who is responsible security OF the cloud - for protecting infrastructure (hardware, software, networking)

Answer 75

AWS

Question 76

Who is responsible for security IN the cloud - encryption of data in rest and transit, security groups, configuration of OS.

Answer 76

Customer

Question 77

What are some services managed by the customer?

Answer 77

IaaS services like EC2, EBS (Elastic Block Storage), Amazon VPC

Question 78

What are some services managed by AWS

Answer 78

PaaS Services - Lambda, Amazon RDS, Elastic Beanstalk

Question 79

What are the types of services offered in IT?

Answer 79

IaaS, PaaS, SaaS - Infrastructure, Platform, Software

Question 80

What are some SaaS in AWS?

Answer 80

AWS CloudWatch, AWS Shield, Trusted Advisor, Redshift

Question 81

What is an IAM user?

Answer 81

Person or application with access to an AWS Account

Question 82

What is an IAM group?

Answer 82

Collection of IAM users with the same permissions

Question 83

What is an IAM policy

Answer 83

Document that governs user/group authorisation to use resources and specific actions within resources

Question 84

What is an IAM role?

Answer 84

IAM identity with specific permissions, assumable by a user, application or service

Question 85

What are the types of accesses for IAM users?

Answer 85

Management console access - username, password, account ID
Programmatic access - Access key ID, secret access key

Question 86

What is IAM MFA?

Answer 86

Increased security - unique authentication code apart from username and password.

Question 87

What is authorisation?

Answer 87

What actions are permitted through an IAM policy

Question 88

What are the principles of authorisation in IAM?

Answer 88

Principle of least privilege
All permissions are implicitly denied by default

Question 89

What are the two types of IAM policies?

Answer 89

Identity based - attached to entity and resource based - attached to resource

Question 90

What are the two types of identity based policies?

Answer 90

Inline policy - Embedded directly into a single user or role
Managed policy - standalone policies that can be attached to an entity

Question 91

Discuss the account root access vs IAM access

Answer 91

Best practice is to never use root user except when necessary as it has full access to all resources

IAM access has integration with all services and secure application access

Question 92

What are the steps to secure a new AWS Account

Answer 92

1. Stop using the root user account
2. Enable Multi Factor Authorisation
3. Use AWS CloudTrail
4. Enable a billing report (AWS cost and usage report)

Question 93

How is security of data in rest managed?

Answer 93

By KMS with secret keys

Question 94

How is security of data in transit managed?

Answer 94

TLS or Transport Layer Security protocol.

Question 95

What are the AWS Compliance categories?

Answer 95

Certificates and Attestations
Laws, regulations and privacy
Alignments and frameworks

Question 96

How are VPCs and Subnets related?

Answer 96

A VPC has a range of network addresses, which can be divided into subnets in each availability zone. Subnets can be public or private

Question 97

What are the largest and smallest CIDR Blocks?

Answer 97

classless inter domain route
/16 and /28 that a VPC is assigned to

Question 98

How many addresses are available to use in each subnet and what are the reserved addresses?

Answer 98

251, as .0, and .255 ar used for network and broadcast, and 1,2,3 are used for internal communication, DNS and future use.

Question 99

What are the public address IP types?

Answer 99

Public address and elastic IPv4 address - can be reallocated at any time

Question 100

What is an elastic network interface?

Answer 100

A virtual network interface that an address can be attached to and configured. They can be attached or detached to instances to direct network traffic

Question 101

What is a route table?

Answer 101

Specifies destination (a vpc cidr block) and target to direct network traffic

Question 102

What is an internet gateway?

Answer 102

Scalable, redundant VPC component to facilitate VPC instance communication with the internet and perform NAT

Question 103

What does VPC sharing do?

Answer 103

Enables customers to share subnets with other accounts in the same organisations. Multiple accounts can create their application resources into centrally managed VPCs.

Question 104

What are the benefits of VPC sharing

Answer 104

Duty seperation
Ownership
Security groups
Efficiency
Optimisation
Fewer, larger centrally managed VPCs

Question 105

What is VPC peering?

Answer 105

A connection between two VPCs to privately route traffic

Question 106

How does site-to-site VPN work?

Answer 106

Subnet -> route table -> Virtual gateway -> internet site to site connection -> customer gateway -> data center

Question 107

What does a VPC endpoint do?

Answer 107

Virtual device that connects VPC to supported resources privately

Question 108

What does AWS TransitGateway do?

Answer 108

Simplifies the networking model by making a single connection from the gateway to each VPC

Question 109

What is a security group in a VPC?

Answer 109

A virtual firewall for an instance to control inbound and outbound traffic

Question 110

What is a Access Control List in a VPC?

Answer 110

Security layer for a subnet to control traffic

Question 111

How does Amazon Route 53 ensure availability?

Answer 111

Configures backup and failover for applications
Enables multi region architectures
Creates health checks

Question 112

What are the benefits of CloudFront?

Answer 112

High speed
Cost effective
Highly programmable

Question 113

What are some example uses of EC2?

Answer 113

Traditional on-premises server uses like App and web servers, Game server, Database server

Question 114

What are some characteristics of EC2 instances?

Answer 114

Can be any size in any availability zone
Launched from AMIs (VM templates)
Launched in minutes
Traffic can be controlled to and from

Question 115

What is an AMI?

Answer 115

A template of a VM, with either Windows or Linux OS and some preinstalled software

Question 116

What do instance types comprise of?

Answer 116

CPU, memory, storage and networking capacities

Question 117

Provide a breakdown of how instance types are named eg t2.micro

Answer 117

t2.micro - T is the family, number is the generation and micro is the size

Question 118

What are the different instance types useful for?

Answer 118

T3 is general purpose, C5 is compute intensive workloads and R5 are memory-intensive.

Question 119

What can user data do?

Answer 119

Automate installation and configuration at launch

Question 120

What are the Amazon EC2 storage options?

Answer 120

Elastic Block Storage (EBS) - durable block storage

EC2 Instance store - Ephemeral storage

Question 121

How can an instance in EC2 be created?

Answer 121

Through the Management console or the AWS CLI

Question 122

What are the four pillars of cost optimization?

Answer 122

Size, Elasticity, Optimal pricing, Optimal storage

Question 123

What is a container?

Answer 123

Method of OS virtualisation - repeatable, sandboxed and fast

Question 124

What is docker?

Answer 124

Software platform to build, test and deploy applications quickly

Question 125

What is the difference between containers and virtual machines

Answer 125

VMs need one instance of EC2 for each system, while containers only need one.

Question 126

What is the difference between block and object storage

Answer 126

Block storage is faster and data can be managed within each block, whereas object storage needs to be fully updated

Question 127

What are EBS features?

Answer 127

Snapshots, encryption, Elasticity

Question 128

What are lifecycle policies

Answer 128

Enable you to delete or move objects based on age (standard - infrequent access - glacier)

Question 129

What database types can be used with RDS

Answer 129

MariaDB, PostgreSQL, mySQL, Microsoft SQLServer and Oracle

Question 130

What is the AWS well architected framework?

Answer 130

Guide for designing secure, high performance, resilient and efficient cloud infrastructure

Question 131

What are the six pillars of the well architected framework

Answer 131

Operational excellence - automate changes, responding and defining daily operations
Security - protect confidentiality, system, aaa
Reliability - recovery planning, distributed systems
Performance Efficiency - meet system requirements, monitor performance, make informed decisions
Cost Optimisation - Avoid unnecessary cost, select resources, control spending
Sustainability
Fault tolerance - Not one singular point of failure

Question 132

What are the design principles of the well architected framework?

Answer 132

Each pillar includes its own set of design principles

Question 133

What is the importance of reliability and high availability?

Answer 133

Reliability is providing functionality when desired: Mean time between failures
High availability is the property of the system withstanding failure while still being available, minimal downtime

Question 134

What are factors that affect availability

Answer 134

Fault tolerance, scaling, recoverability

Question 135

What is design for failure?

Answer 135

Fault Tolerance