Misc Facts Flashcards
What is a closed loop system?
In a closed-loop system, a controller is used to compare the output of a system with the required condition and convert the error into a control action designed to reduce the error and bring the output of the system back to the desired response.
In the cloud context, you can implement closed loop systems via automation - e.g. have cloudwatch logs/events/metrics or AWS Config detect deviation -> trigger lambda -> corrective action -> Restore system to desired state.
What’s the difference between an Object and a File?
Objects include the content, metadata describing the content and object and unique address id for l
You can only do simple things: store, copy, retrieve, delete
It is a WORM - not suitable to store data bases
Replications takes time - not suitable for data that constantly changes.
File Stores - has a file structure (files/folders); normally it is NAS (uses NFSv4 e.g. EFS).
What’s the difference between NAS and SAN?
NAS = Network Attached Storage - typically a file server using NFS protocol (e.g. EFS); multiple computers can share NAS
SAN = Storage Area Network - allocated to single user. They can format it and implement a file system in that space. E.g. EBS. Use iSCSI or Fiber Channel protocols.
What is the Diffie-Hellman Key Exchange Process?
It is used for asymmetric encryption.
Used to create a shared symmetric key over an un-trusted medium.
What is WDE/FDE?
FDE/WDE = Full/Whole Disk Encryption (e.g. Bitlocker)
What are the different components of the TLS Protocol?
- TLS Handshake protocol - cipher suite negotiation, authentication of client and server, session key information exchange
- TLS Record protocol - - uses keys setup to secure application data. Actual secure method for transferring data. Verifies integrity.
When AWS says data in transit is triple-encrypted what do they mean?
- Physical layer - data that leaves any AWS data center is automatically encrypted at the physical layer
- Network Layer - data between different instances in a VPC or between VPCs in different regions are encrypted at the network layer (Nitro VPC Card) - but only for supported instance types.
- Application layers - customers have the option to use TLS encryption; AWS supports TLS encrypted endpoints.