Cloud Concepts

Question 1

AWS Well-Architected Framework

Answer 1

Purpose is to design and operate reliable, secure, efficient, and cost-effective systems in the cloud.

The six pillars are:
1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization
6. Sustainability

The six design principles are:
1. Stop guessing your capacity needs
2. Test systems at production scale
3. Automate to make architectural experimentation easier
4. Allow for evolutionary architectures
5. Drive architectures using data
6. Improve through game days

Question 2

AWS Well-Architected Framework: Operational Excellence

Answer 2

Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Recommends Infrastructure as Code (IaC).

In the cloud, you can define your entire workload as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events.

Performing monthly game days on your AWS environment is recommended.

Question 3

AWS Well-Architected Framework: Cost Optimization

Answer 3

Focuses on avoiding un-needed costs. Key topics include understanding and controlling where the money is being spent, selecting the most appropriate and right number of resource types, analysing spend over time, and scaling to meet business needs without overspending.

Question 4

AWS Well-Architected Framework: Performance Efficiency

Answer 4

Focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

Question 5

AWS Well-Architected Framework: Security

Answer 5

Focuses on protecting information & systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

Question 6

AWS Well-Architected Framework: Reliability

Answer 6

Focuses on designing a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Question 7

AWS Well-Architected Framework: Sustainability

Answer 7

Focuses on the long-term environmental, economic, and societal impact of your business activities.

Question 8

VPC peering connection

Answer 8

It’s a networking connection between two VPC’s that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your VPC’s, with a VPC in another AWS account, or with a VPC in a different AWS Region.

Question 9

AWS Site-to-Site VPN

Answer 9

Creates a secure connection between your data centre or branch office and your AWS cloud resources. This connection goes over the public internet.

Can’t be used to interconnect VPC’s.

Question 10

VPC Endpoint

Answer 10

Lets you privately connect your VPC to supports AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Can’t be used to connect two VPC’s.

Question 11

AWS Partner Network (APN)

Answer 11

The global partner programme for technology and consulting businesses that leverage AWS to build solutions and services for customers.

Question 12

APN Consulting Partners

Answer 12

Professional service firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.

Question 13

APN Technology Partners

Answer 13

Provides hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud.

Can’t help migrate to AWS and manage application on AWS Cloud.

Question 14

Concierge Support Team

Answer 14

They’re AWS billing and account experts that specialise in working with enterprise accounts. They’ll quickly and efficiently assist you with your billing and account inquiries. Only available for the Enterprise Support plan.

Can’t help with AWS migration and managing applications on AWS Cloud.

Question 15

Hybrid deployment

Answer 15

A way to connect your on-premises infrastructure to the cloud. Most common method is linking the cloud and existing on-premises infrastructure to extend an organisation’s infrastructure into the cloud while connecting cloud resources to internal systems.

Question 16

Cloud deployment

Answer 16

In this approach, a cloud-based application is fully deployed in the cloud, and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing.

Question 17

Private Deployment

Answer 17

Resources are deployed on-premises using virtualisation technologies. Doesn’t have many of the cloud computing benefits, but does have dedicated resources.

Question 18

AWS Cloud Adoption Framework (AWS CAF)

Answer 18

Uses AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. It identifies specific organisational capabilities that underpin successful cloud transformations. These capabilities provide best practice guidance that helps you improve your cloud readiness. Helps with assessing the feasibility of cloud migration.

It groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.

Common stakeholders include: Chief Technology Officer (CTO), technology leaders, architects, and engineers.

It’s capabilities are: Platform Architecture, Data Architecture, Platform Engineering, Data Engineering, Provisioning & Orchestration, Modern App Development, CI/CD.

The four stages in the cycle are:
1. Envison - see how cloud services can help achieve business goals.
2. Align - identify capability gaps and cross-organisational dependencies.
3. Scale - expand production pilots and business value of your cloud infrastructure.
4. Launch - delivering pilots in production and demonstrating incremental business value.

Question 19

AWS Auto Scaling

Answer 19

It monitors your applications and automatically adjusts the capacity to maintain steady, predictable performance at the lowest possible cost.

It’s available free of charge, but you do pay for the AWS resources needed to run your applications and Amazon CloudWatch Monitoring fees.

Question 20

Amazon S3 (Simple Storage Service)

Answer 20

It’s an object storage service that has great scalability, data availability, security, and performance.

Not free and cost is dependent on storage class. Not suited f or rapidly changing data.

When Consolidated Billing is enabled, volume discounts are offered.

Question 21

Six Advantages of Cloud Computing

Answer 21

1. Trade capital expense for variable expense.
2. Benefit from massive economies of scale.
3. Stop guessing capacity
4. Increase speed and agility
5. Stop spending money running and maintaining data centres
6. Go global in minutes

Question 22

High Availability

Answer 22

When a system can deliver the designed functionality at a given point in time. Highly available systems can withstand some measure of degradation while still remaining available. Multi-AZ deployment can help achieve high availability.

Question 23

AWS Acceptable Use Policy

Answer 23

Describes prohibited uses of AWS services and AWS affiliates.

Question 24

Fault Tolerance

Answer 24

When a system can continue to operate without interruption when one or more of its components fail.

Question 25

Agility

Answer 25

The ability to access and implement new IT resources.

Question 26

Serverless Architecture

Answer 26

The native architecture of the cloud. It increases your agility and innovation. You can build and run applications and services without focusing on servers. It removes infrastructure management tasks such as server or cluster provisioning, patching, OS maintenance, and capacity provisioning.

Question 27

Network Load Balancer

Answer 27

Best for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic where extreme performances is required.

Doesn’t support path-based or host-based routing.

Question 28

Application Load Balancer

Answer 28

Is the single point of contact for clients. It distributes incoming application traffic across multiple targets, such as EC2 Instances, in multiple AZ’s.

It supports path-based routing, host-based routing, and WebSockets. It also supports containerised applications.

Can register Lambda functions as targets and configure a listener rule to forward requests to the target group for the Lambda Function. When activated, the Lambda function is run and the output is the generated content in JSON format.

Question 29

IaaS (Infrastructure as a Service)

Answer 29

A cloud computing model where a provider gives fundamental computing resources such as servers, storage, and networking infrastructure to customers.

EC2 is an example.

Vendor manages:
- Virtualization
- Servers
- Storage
- Networking

You manage:
- Applications
- Data
- Runtime
- Middleware
- O/S

Question 30

PaaS (Platform as a Service)

Answer 30

When a provider delivers a cloud-based platform for developers to build, run, and manage applications.

AWS Elastic Beanstalk is an example.

Vendor manages:
- Middleware
- O/S
- Virtualization
- Servers
- Storage
- Networking

You manage:
- Applications
- Data
- Runtime

Question 31

SaaS (Software as a Service)

Answer 31

Where a provider delivers software applications over the internet to customers.

Vendor manages:
- Data
- Runtime
- Middleware
- O/S
- Virtualization
- Servers
- Storage
- Networking

You manage:
- Applications

Question 32

IaC (Infrastructure as Code)

Answer 32

Using code to define and manage resources.

CloudFormation is an example.

Question 33

EC2 Image Builder

Answer 33

A fully managed AWS service that helps you automate the creation, management, and deployment of customised, secure, and up-to-date server images. Can use the AWS Management Console, AWS CLI, or API’s to create custom images in your AWS account.

Question 34

AWS Well-Architected Tool

Answer 34

A tool that gives a consistent process for measuring your architecture using AWS best practices and against the AWS Well-Architected Framework.

Question 35

AWS Launch Wizard

Answer 35

Guides the way of sizing, configuring, and deploying AWS resources for third-party applications.

Question 36

AWS Migration Hub

Answer 36

Used by customers when migration is already happening. Has a single place to discover existing servers, plan migrations, and track the status of each application migration.

Question 37

Technical Account Management

Answer 37

A part of AWS Enterprise Support, which provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts and product teams, and proactively keep your AWS environment operationally healthy.

Question 38

AWS Elastic Load Balancing

Answer 38

It automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 Instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single AZ or across multiple AZ’s.

Need a minimum of 2 AZ’s to build a highly available architecture that can use load balancing.

The main types of load balancers are:
1. Application Load Balancer
2. Network Load Balancer
3. Gateway Load Balancer

Question 39

Gateway Load Balancer

Answer 39

Has both Layer 3 gateway and Layer 4 load balancing capabilities. It’s a transparent bump-in-the-wire device that doesn’t change any part of the packet. It’s architected to handle millions of requests/second, volatile traffic patterns, and introduces extremely low latency.

Doesn’t support path-based or host-based routing.

Question 40

AWS Professional Services

Answer 40

It shares a set of offerings to help achieve specific outcomes related to cloud adoption. Each offering has a set of activities, best practices, and documentation reflecting AWS’ experience supporting customers in AWS Cloud adoption.

They created the AWS CAF.

Question 41

AWS Enterprise Support

Answer 41

Provides 24/7 technical support from high-quality engineers, tools, and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programmes and AWS subject matter experts.

Question 42

AWS Artifact

Answer 42

Central resource for compliance-related information that matters to you. Has on-demand access to AWS’ security and compliance reports and select online agreements. Reports available include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies around the world.

Question 43

AWS Snowcone

Answer 43

A physical device for edge computing, edge storage, and data transfer, weighing it at 2.1 kg (4.5 lbs) and has 8 TB of usable storage. Great for use beyond a traditional data centre.

Can ship the device to AWS for offline data transfer, or transfer data online with AWS DataSync from edge locations.

Question 44

AWS Snowmobile

Answer 44

A data truck that can store up to 100 PB of data, can move exabytes of data to AWS in a matter of weeks.

Question 45

Internet Gateway

Answer 45

A horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.

It has two purposes:
1. To provide a target in your VPC route tables for internet-routable traffic.
2. To perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Question 46

ELB Health Check

Answer 46

It’s viewable in the ELB dashboard, and shows whether an instance is healthy or not. If the instance is unhealthy under the load balancer, then it won’t receive any traffic.

Question 47

Amazon VPC (Virtual Private Cloud)

Answer 47

Can launch AWS resources in a logically isolated virtual network that you’ve defined. Similar to a traditional network that you’d operate in your own data centre, with the benefits of using the scalable infrastructure AWS.

It’s a regional service.

Question 48

VPC Subnet

Answer 48

It’s a range of IP addresses in a VPC. A subnet must be in a single AZ. After you add subnets, you can deploy AWS resources in your VPC.

Question 49

AWS CAF: Business Perspective

Answer 49

Main capabilities:
1. Strategy Management
2. Product Management
3. Business Insights
4. Portfolio Management
5. Strategic Partnership
6. Data Science
7. Innovation Management
8. Data Monetization

Question 50

AWS CAF: People Perspective

Answer 50

Main capabilities:
1. Culture Evolution
2. Workforce Transformation
3. Transformational Leadership
4. Change Acceleration
5. Organizational Alignment
6. Cloud Fluency
7. Organization Design

Question 51

AWS CAF: Governance Perspective

Answer 51

Main Capabilities:
1. Program and Project Management
2. Cloud Financial Management
3. Benefits Management
4. Application Portfolio Management
5. Data Curation
6. Risk Management
7. Data Governance

Question 52

AWS CAF: Platform Perspective

Answer 52

Main Capabilities:
1. Platform Architecture
2. Data Architecture
3. Platform Engineering
4. Data Engineering
5. Provisioning and Orchestration
6. Modern Application Development
7. Continuous Integration and Continuous Delivery

Question 53

AWS CAF: Security Perspective

Answer 53

Main Capabilities:
1. Security Governance
2. Threat Detection
3. Data Protection
4. Security Assurance
5. Vulnerability Management
6. Application Security
Identity and Access Management
7. Infrastructure Protection
8. Incident Response

Question 54

AWS CAF: Operations Perspective

Answer 54

Main Capabilities:
1. Event Management (AiOps)
2. Incident and Problem Management
3. Change and Release Management
4. Performance and Capacity
5. Configuration Management
6. Patch Management
7. Availability and Continuity
8. Application and Management

Question 55

Storage Device at End of Lifespan

Answer 55

There is a strict decommissioning process, and the device is treated as Critical and high impact.