cloud practitioner

Question 1

what are the types of certifications can you get?

Answer 1

1 - foundation cloud practitioner
2- associate solutions architect, sysops administrator, developer
3- professional solutions architect, devops engineer
speciality

Question 2

how does web work?

Answer 2

we have a client and a server and they communicate with sending packets to one another using a network and to be able to do that the client and the server must have an ip address so that they can find each other

Question 3

what is a server composed of?

Answer 3

cpu
ram
hard drive
database
network: router,dns server,switch

Question 4

what is a network?

Answer 4

cables, routers, and servers connected together

Question 5

what is a router?

Answer 5

a networking device that forwards data packets between computer networks . they know where to send packets on the internet. they send it to a switch

Question 6

what is a switch?

Answer 6

takes a packet from the router and sends it to the correct server or client on your network

Question 7

what is cloud computing?

Answer 7

it’s an on-demand deliver of compute powers, storage, database and applications and it resources

Question 8

what are the types of clouds?

Answer 8

private: rackspace
public: azure, google cloud, aws
hybrid: a mix of private infrastructure and aws

Question 9

what are the types of cloud computing?

Answer 9

1 - infrastucture as a service Iaas
2 - platform as a service Paas
3 - software as a service Saas

Question 10

what is managed by on premises computing?

Answer 10

1 - applications
2- data
3- runtime
4- middle ware
5- o/s
6-virtualization
7-servers
8-storage
9-networking

Question 11

what is managed by Iaas?

Answer 11

1- applications
2- data
3 - runtime
4 - middle ware
5 - o/s

Question 12

what is managed by Paas?

Answer 12

1 - applications

2 - data

Question 13

what is managed by Saas?

Answer 13

nothing it’s all managed by aws

Question 14

what are some services for each cloud computing type?

Answer 14

Iaas: aws EC2, digital ocean
Paas: elastic beanstalk aws, heroku,windows azure
Saas: gmail,dropbox,zoom

Question 15

what is the pricing of the cloud?

Answer 15

pay as you go model:
compute: pay for compute time
storage: pay for data stored in cloud
data transfer out of cloud
data transfer in is free

Question 16

what is aws global infrastructre?

Answer 16

regions
availability zones
data centers
points of presence

Question 17

what is an aws region?

Answer 17

regions are all around the world
names can be us-east
a regions is a cluster of data centers
most aws services are regions scoped meaning if we use a service in a region and try to use it in another region it will be like a new time of using the service

Question 18

what is aws availability zones?

Answer 18

each region has availability zones
min 2 max 6 usually 3
each availability zone has it’s own discrete one or more data center which are isolated from other availability zones to avoid disasters
they are connected with a network

Question 19

what are the points of presence in aws?

Answer 19

they help deliver to end users in low latency

Question 20

do aws only has region based services?

Answer 20

no they also have global services like IAM

Question 21

what is the shared responsibility model?

Answer 21

customer is responsible for the security inside the cloud

aws is responsible for the security of the cloud and services themselves

Question 22

what is IAM service?

Answer 22

it’s a global service that is used to create groups and users
identity and access management

Question 23

should you use the root user?

Answer 23

no you should not use it instead create a new group and a user to use using IAM

Question 24

what does a group contain?

Answer 24

it contains users and cannot contain another group

Question 25

what is the config of a user belonging to a group?

Answer 25

a user can belong to multiple groups at once

a user can belong to no groups although it’s not recommended

Question 26

what are policies in IAM?

Answer 26

they are the permissions that we give to the user

users or groups can be assigned JSON documents called policies

Question 27

what is a principle we use with IAM

Answer 27

least privilege principle

Question 28

what is the least privilege principle?

Answer 28

don’t give more permissions than a user needs

Question 29

what is a password policy in IAM?

Answer 29

it’s a way to protect users accounts like requiring the user to have a minimum number of letters or alpha numeric characters in their password

Question 30

what is MFA in IAM?

Answer 30

multi factor authentication
password you know plus the device you own
even if the password is stolen the account is not compromised

Question 31

what are the types of MFA devices?

Answer 31

1 - virtual MFA device
a - google authenticator phone only
b - authy multiple deviced
supports multiple tokens on a single device
2 - U2F universal second factor security key (3 rd party)
a - yubikey
support for multiple users using a single security key
3 - hardware key fob mfa device
a - provided by gemalto 3rd party
4 - hardware key fob mfa device for aws govcloud US
a - provided by surepassid 3rd party

Question 32

what are the options that a user can access AWS?

Answer 32

1 - AWS management console protected by password and mfa
2 - AWS command line interface CLI protected by access keys
3 - AWS software developer kit SDK protected by access key

Question 33

how are access keys generated?

Answer 33

through AWS console

Question 34

what is an access key?

Answer 34

it’s just like a password
access key ID username
secret access key password

Question 35

what are IAM roles?

Answer 35

they are permissions assigned to a service as some services need to perform some actions on AWS on your behalf
1 - EC2 instance roles
2 - lambda function roles
3 - roles for cloud formations

Question 36

what are IAM security tools (Audit tools)?

Answer 36

1 - IAM credential report account level

2 - IAM access advisor user level

Question 37

what is IAM credential reports?

Answer 37

a report that lists all of your accounts users and the status of their various credentials

Question 38

what is IAM access advisor?

Answer 38

shows the service permissions granted to a user and when those services were last accessed and you can use this information to revise your policies

Question 39

how to control your spending in AWS?

Answer 39

by using a budget

Question 40

what is amazon’s EC2?

Answer 40

it’s one of the most popular services

elastic compute cloud = Iaas

Question 41

what does EC2 mainly consist of?

Answer 41

1 - renting virtual machines EC2
2 - storing data on virtual drives EBS
3 - distributing load across machines ELB
4 - scaling the services using an auto scaling group ASG

Question 42

what is EC2 sizing and configurations?

Answer 42

1 - o/s linux of windows
2 - cpu
3 - ram
4 - storage space (network attached EPS , EFS or hardware EC2 instance store)
5 - network card speed and ip addresss
6 - firewall rules: security group
7 - bootstrap script to configure at first launch: EC2 User data

Question 43

what is amazon machine image? AMI

Answer 43

it’s a template for creating EC2 instance

Question 44

what are security groups in EC2?

Answer 44

1 - they control how traffic is allowed in or out EC2 instance
2 - they only contain allow groups
3 - security groups can reference by IP or by security group
4 - they act as the firewall as they regulate
5 - access to ports
6 - authorised IP ranged
7 - control inbound network
8 - control outbound network

Question 45

what are some important ports?

Answer 45

1 - SSH   22   log into linux instance
2 - FTP   21    upload files
3 - SFTP  22  upload files using SSH
4 - HTTP  80   access unsecured websites
5 - HTTPS  443  access secured websites
6 -  RDP     3389 remote desktop protocol   log into windows instance

Question 46

what should be the permission of your EC2 private key?

Answer 46

not 0644 but 0400

Question 47

what is EC2 instance connect?

Answer 47

another way to access SSH from the console of AWS

Question 48

why shouldn’t you run aws configure on EC2 instance connect?

Answer 48

because any other user that has access to EC2 instance connect will also have these permissions as it’s only one EC2 instance connect to all users but what we can do is give the instance a role to access IAM for instance

Question 49

what are EC2 purchasing options?

Answer 49

1 - on demand instances: short workload, predictable pricing
2 - Reserved: minimum one year
a - reserved instances: long workloads
b - convertible reserved instances: long workloads with flexible instances
c - scheduled reserved instances: every monday from 3 - 6 PM
3 - spot instances: short workloads, cheap, can lose instances (less reliable)
4 - dedicated hosts: book an entire physical server, control instance placement

Question 50

what is EC2 on demand purchase options?

Answer 50

1 - pay for what you use:
a- linux billing per second after first minute
b - all other operating systems billing per hour
2 - has the highest cost but no upfront payment
3 - no long-term commitment
4 - recommended for short-term and un-interrupted workloads, where you can’t predict how the application will behave

Question 51

what is EC2 reserved instance purchase options?

Answer 51

1 - up to 75% discount compared to on-demand
2 - reservation period: 1 year , 3 years and increase in discount per year
3 - purchase options: upfront , partial , no upfront
upfront is best discount
4 - reserve a specific instance type
5 - recommended for steady-state usage applications like database

Question 52

what is EC2 convertible reserved instance purchase options?

Answer 52

1 - can change the EC2 instance type

2 - up to 54% discount

Question 53

what is EC2 scheduled reserved instance purchase options?

Answer 53

1 - launch within the time window you reserve

2 - when you require a fraction of day / week / month

Question 54

what is EC2 spot instance purchase options?

Answer 54

1 - can get discount up to 90% compared to on demand
2 - instances that you can lose at any point of time if your max price is less than the current spot price
3 - the most cost-efficient instances in AWS

Question 55

what are useful workloads for EC2 spot instances?

Answer 55

1 - batch jobs
2 - data analysis
3 - image processing
4 - any distributed workloads
5 - workloads with a flexible start and end time

Question 56

what workloads should you never do with EC2 spot instances?

Answer 56

critical jobs like database

Question 57

what is EC2 dedicated host?

Answer 57

it’s a physical server with EC2 instance capacity fully dedicated to your use. dedicated hosts can help address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses

it’s allocated for 3 years
more expensive
used for companies with complicated licensing model (BYOL - bring your own license)

Question 58

what is EC2 dedicated instance?

Answer 58

1 - instance running on hardware that is dedicated to you
2 - may share hardware with other instances in the same account
3 - no control over instance placement (can move hardware after stop or start)