Cantrill Slides Flashcards
1
Q
What are the 5 key features of Cloud Computing?
A
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity
- measured service
2
Q
What is Hybrid Cloud?
A
Using Public Cloud and Private Cloud
3
Q
What is private cloud?
A
Using on-remises cloud, Ie, AWS Outposts
4
Q
What are the 9 parts of the infrastructure stack?
A
- Application
- Data
- Runtime
- Container
- O/S
- Virtualisation
- Servers
- Infrastructure
- Facilities
5
Q
What level of the infrastructure stack is IaaS?
A
O/S
6
Q
What level of the infrastructure stack is PaaS?
A
Runtime
7
Q
What level of the infrastructure stack is SaaS?
A
Application
8
Q
What are the parts of the OSI 7-Layer model?
A
- Layer 7 - Application (Host Layer)
- Layer 6 - Presentation (Host Layer)
- Layer 5 - Session (Host Layer)
- Layer 4 - Transport (Host Layer)
- Layer 3 - Network (Media Layer)
- Layer 2 - Data Link(Media Layer)
- Layer 1 - Physical (Media Layer)
9
Q
What are three different network zones?
A
- “Public Internet” zone
- “AWS Public” zone
- “AWS Private” zone
10
Q
3 features on AWS Regions
A
- Geographic separation
- Geopolitical separation
- location control
11
Q
3 levels of service resilience
A
- Globally resilient
- region resilient
- AZ resilient
12
Q
How many accounts and regions can a VPC be within?
A
1 and 1
13
Q
What is the default VPC CIDR?
A
172.31.0.0/16
14
Q
True or False; Default VPC subnets assign public IPv4 addresses?
A
True
15
Q
What … as a Service is EC2?
A
IaaS
16
Q
How are on-demand EC2 instances billed?
A
per second
17
Q
What 3 things does an AMI contain?
A
- Permissions
- Root volume
- Block device mapping
18
Q
In S3 what are the key and values?
A
Key = name of file
Value = content being stored
19
Q
4 S3 bucket name rules
A
- Must be globally unique
- 3 - 63 characters, all lower case, no underscores
- start with a lowercase letter or a number
- can’t be IP formatted e.g. 1.1.1.1
20
Q
How many S3 buckets can you have?
A
- 100 soft limit
- 1,000 hard limit per account
21
Q
How many objects can you have in an S3 bucket?
A
Unlimited
22
Q
What type of storage is S3?
A
Object store
23
Q
Are S3 buckets mountable?
A
No
24
Q
What does CloudWatch do?
A
Collects and manages operational data
25
What is High-Availability?
Short: Minimise any outages
Long:
HA aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period
26
What is Fault Tolerance (FT)?
Short: Operate through faults
Long: FT is the property that enable a system to continue operating properly in the event of the failure of some (one or more faults within) of its components
27
What is Disaster Recovery (DR)?
Short: Used when high availability and fault-tolerance don't work
Long: a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster
28
Route53 basic tasks (2):
1- Register domains
2 - Host Zones... managed nameservers
29
What do A records refer to?
IPv4
30
What do AAAA records refer to?
IPv6
31
What are IAM users and when are they used?
IAM Users are an identity used for anything requiring long-term AWS access, e.g. Humans, Applications or Service Accounts
32
What does an Amazon Resource Name (ARN) do?
Uniquely identify resources within any AWS accounts
33
What is the max number of IAM users per account?
5,000
34
How many groups can a IAM user be a member of?
10 groups
35
What are IAM Groups
IAM Groups are containers for IAM Users
36
True or False; Group are not a true identity?
True, they can't be referenced as a principle in a policy
37
What are Service Control Policies (SCPs)?
- Account permissions boundaries, they limit what the account (including account root user) can do.
- They don't grant any permissions
38
Are service control policies allow or deny?
Both
39
What does CloudTrail do?
Logs API calls/activities as a CloudTrail Event
40
How long is CloudTrail data stored by default in Event History?
90 days
41
Is CloudTrail realtime?
No
42
What is AWS Control Tower?
It provides quick and easy setup of a multi-account environment and orchestrates other AWS services to provide this functionality
43
What are Control Tower Guard Rails?
They Detect/Mandate rules/standards across all accounts
44
What is Control Tower Account Factory?
It Automates and Standardises new account creation
45
What 3 AWS services are used to build AWS Control Tower - Landing Zone?
- AWS Organisations
- AWS Config
- AWS CloudFormation
46
True or False; S3 is private by default?
True
47
Are bucket policies allow or deny?
Both
48
What is Key Management Service (KMS)?
- a Regional and Public service
- create, store and manage keys
49
True or False; with KMS, keys never leave KMS?
True
50
What is the max data size that can be used for KMS keys?
4KB
51
True or False; S3 buckets can be encrypted?
False; Buckets aren't encrypted, objects are
52
What is the S3 default bucket encryption?
AES256
53
How are you charged for S3 standard?
- GB/m fee for data stored
- $ per GB for transfer out
- price per 1,000 requests
54
How many AZs is S3 data replicated over?
3 AZs
55
When to use S3 standard?
For frequently accessed data which is important and non-replaceable
56
How are you charged for S3 Standard IA?
per GB data retrieval fee
57
True or False; S3 Standard IA has a minimum duration charge?
True, 30 days
58
When to use S3 Standard IA?
For long-lived data, which is important but where access is infrequent
59
How are you charged for S3 One Zone-IA?
per GB of data retrieval fee
60
True or False; S3 One Zone-IA has a minimum duration charge?
True, 30 days
61
When should you use S3 One Zone-IA?
long-lived data which is non-critical and replaceable and where access is infrequent
62
How are you charged for S3 Glacier Instant?
per GB data retrieval fee
63
True or False; S3 Glacier instance has a minimum duration charge?
True, 90 days
64
When should you use S3 Glacier Instant?
for long-lived data, accessed once per quarter with millisecond access
65
True or False S3 Glacier Flexible object can be made publicly accessible?
False
66
When should you use S3 Glacier Flexible?
For archival data where frequent or realtime access isn't needed (eg yearly), with retrieval time of minutes to hours
67
True or False S3 Glacier Deep Archive object can be made publicly accessible?
False
68
When should you use S3 Glacier Deep Archive?
For archival data that rarely if ever needs to be accessed - hours or days for retrieval
69
What is S3 Intelligent Tiering?
Intelligent Tiering monitors and automatically moves any objects not accessed for 30 days to a low cost infrequent access tier, and eventually to archive instant access, archive access or deep archive tiers
70
True or False; with S3 Intelligent Tiering, as objects are accessed, they are moved back to the frequent access tier?
True
71
How are you charged for S3 Intelligent Tiering?
monitoring and automation costs per 1,000 objects
72
When should S3 intelligent tiering be used?
For long-lived data, with changing or unknown patterns
73
Why use Same Region Replication (SRR)?
- Log aggregation
- Prod & Test sync
- Resilience with strict sovereignity
74
Why use Cross Region Replication?
- Global Resilience Improvement
- Latency Reduction
75
For S3 presignedURLs, what permissions are granted?
The permissions match the identity which generated it
76
True or False; you can create a presignedURL for an object you have no access to?
True
77
For S3 presignedURLs, what could access denied mean?
the generating ID:
- never had access ... or
- doesn't have access now
78
What is S3/Glacier Select?
Let's you use SQL-like statements to select part of the object, pre-filtered by S3. So you don't need to retrieve the entire object (quicker retrieval and uses less data)
79
What are S3 Event Notifications?
Notification generated when events occur in a bucket
80
What is WORM?
Write-Once-Read-Many
81
True or False; S3 Object Lock requires versioning?
True
82
True or False; the account root user can modify S3 object that have object lock enabled?
False, the root user can't adjust, delete or overwrite until retention expires
83
What does an S3 Legal Hold do?
It locks an object version until the legal hold is removed, no deletes or changes can be made
84
What are the two types of S3 Object Lock?
- Compliance
- Governance
85
What is S3 Object Lock Compliance mode?
- Object version can't be deleted or updated
- Retention period can't be shortened
- Compliance mode can't be changed, even by the root user
86
What is S3 Object Lock Governance mode?
An object version is locked until the retention period expires, except special permissions can be granted allowing lock settings to be adjusted:
s3:BypassGovernanceRetention
87
What is an Internet Gateway?
A region resilient gateway attached for a VPC that runs from within the AWS Public Zone
