Cloud + Flashcards

Question

Software Based VPN

Answer 1

A type of VPN implementation that relies on dedicated VPN client software to establish secure connections between remote networks or individuals device. Uses IPSEC for secure communications.

Answer 2

A type of VPN implementation that utilizes Multiprotocol Label Switching to create virtual pathways or tunnels that ensure the privacy and isolation of data traffic between the connected sites. MPLS reduces routing complexity and lookups by substituting labels for network paths instead of using long IP address notations that may require complex routing table lookups. MPLS can increase the efficiency of routing network traffic. Access to and from cloud data centers, as well as access within an organization's network, may involve many routers. Creating greater efficiency may enhance network performance. Uses IPSEC for secure communications.

Answer 3

1. Client: Means of access to cloud services for consumer. Cloud services may include storage, email, e-commerce, office suites, and development environmnets. Users may access these services from phones, tablets, traditional computers, IoT devices, and servers. The cloud client devices may be any device with a network connection. The major operating systems on the client devices include Windows, macOS, Linux, iOS, and Android. 2. CSP Datacenter: Hosts cloud services. Major CSPs (AWS, MS, Google) have a great many datacenters distributed across the world. These datacenters are redundant, have extremely reliable access to power, have extremely reliable Internet access, and ae physically secure. Cloud services are hosted within the walls of these datacenters. 3. Network: Path between cloud services and client devices. In some deployment models, the network connection may be wholly owned and operated by your company. In other cases, the Internet may be the network path to cloud services. Access may also come via cell connections. In some cases, all three network connection types may be used.

Answer 4

Public cloud is a type of computing where resources are offered by a third-party provider via the internet and shared by organizations and individuals who want to use or purchase them. Some public cloud computing resources are available for free, while customers may pay for other resources through subscription or pay-per-usage pricing models.

Answer 5

Private cloud is defined as computing services offered either over the Internet or a private internal network and only to select users instead of the general public. Also called an internal or corporate cloud, private cloud computing gives businesses many of the benefits of a public cloud - including self service, scalability, and elasticity - with the added control and customization available from dedicated resources over a computing infrastructure hosted on-premises. There are three main types of Private Clouds: 1. On-premises Private Cloud 2. Managed Private Cloud 3. Virtual Private Cloud

Answer 6

An on-premises private cloud is one that you can deploy on your own resources in an internal data center. You must purchase the resources, maintain and upgrade them, and ensure security. On-premises private cloud management is expensive and requires heavy initial investment and ongoing expensive.

Answer 7

A managed private cloud is a single-tenant environment fully managed by a third party. For example, the IT infrastructure for your organization could be purchased and maintained by a third-party organization in it's data center. The third party provides maintenance, upgrades, support, and remote management of your private cloud resources. While managed private clouds are expensive, they are more convenient than on-premises solutions.

Answer 8

A virtual private cloud is a private cloud that you can deploy within a public cloud infrastructure. It is a secure, isolated environment where private cloud users can run code, host websites, store data, and perform other tasks that require a traditional data center. Virtual Private Clouds efficiently give you the convenience and scalability of public cloud computing resources along with additional control and security. Also known as Cloud Within a Cloud.

Answer 9

Community cloud computing refers to a shared cloud computing service environment that is targeted to a limited set of organizations or employees. The organizing principle for the community will vary, but the members of the community generally share similar security, privacy, performance and compliance requirements.

Answer 10

There is a combination of two or more private, public, or community deployments. For example, an organization may choose to utilize some services offered via a CSP's public cloud while hosting other services in a private cloud environment. The services in the public cloud portion may be cheaper, and security may be less of a concern. The services hosted in the private cloud may be more secure, but deployment is more expensive.

Answer 11

A cloud model where CSP resources are shared among multiple clients (tenants), and is the concept behind public cloud deployments. Multiple consumers, known as tenants, share computing resources owned and managed by the CSP. This is the opposite idea from a VPC deployment. It is multitenancy that provides the cost benefits behind shared resource utilization.

Answer 12

Multicloud is when an organization uses cloud computing services from at least two cloud providers to run their applications. Instead of using a single-cloud stack, multi-cloud environments typically include a combination of two or more public clouds, two or more private clouds, or some combination of both. Multi-cloud deployments reduce reliance on a single vendor, provide greater service flexibility and choice, permit improved geographic control of data, and help manage disaster mitigation.

Answer 13

Digital Ocean is a cloud hosting provider that offers cloud computing services and IaaS. Known for it's pricing and scalability, teams can deploy Digital Ocean in seconds for cheap. This structure can help anyone get up and running quickly in the cloud.

Answer 14

Rackspace is a cloud storage service provider, which includes Cloud Files, Cloud Block Storage, and Cloud Backup. Services such as cloud servers, database platforms, load balancers, storage, and other services to organizations are all provided by Rackspace. Users connect to it with the REST API.

Answer 15

Red Hat, originally known for it's enterprise Linux operating system and supporting services, offers Red Hat Cloud Suite for cloud services. The suite consists of four key products: OpenStack Platform (for building public and private clouds), Virtualization, Satellite (for cloud services management), and OpenShift ( for Kubernetes container management).

Answer 16

OpenStack is an open source platform that uses pooled virtual resources to build and manage private and public clouds. The tools that comprise the OpenStack platform, called "projects", handle the core cloud-computing service of compute, networking, storage, identity, and image services.

Answer 17

OpenShift is a cloud-based Kubernetes platform that helps developers build applications. It offers automated installation, upgrades, and life cycle management throughout the container stack - the operating system, Kubernetes and cluster services, and applications - on any cloud.

Answer 18

IoT refers to a combination of network connectivity and smart devices that facilitate the collection and analysis of data. These devices may include software, sensors, and robotics that exchange data and instructions over the Internet or internal networks. The IoT is enabled by nearly global network connectivity, low-cost sensors to collect data, and cloud management platforms. Common uses for IoT products include: - Smart Homes - Medical Monitoring - Agriculture Management - Energy Management - Manufacturing

Answer 19

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances. Serverless computing still utilizes compute resources, contrary to what the name implies. Compute resources are allocated on demand to applications, and no resources are reserved when the application is not in use. Billing reflects the application's use of resources. Serverless environments require no configuration, monitoring, or capacity planning.

Answer 20

The science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention. AI is concerned with simulating human intelligence by providing structured, semi-structured, and unstructured data and solving complex problems. AI accomplishes this by using a set of rules to manage it's analysis.

Answer 21

A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions. The goal of ML is to make accurate predictions by extracting data based on learned information and experience. ML systems are not explicitly programmed to find a particular outcome. Instead, they are programmed to learn from provided data and then make accurate decisions based on what they’ve learned. Insights are gained with minimal human interaction.

Answer 22

A refinement of machine learning that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions. DL provides a greater degree of accuracy when analyzing unstructured data.

Answer 23

Amazon S3 is a program built to store, protect, and retrieve data from "buckets" at any time from anywhere on any device. Organizations of any size and industry can use this service. Use cases include websites, mobile apps, archiving, data backups and restorations, IoT devices, enterprise application storage, and providing underlying storage layer for a data lake. Organizing and retrieving data in Amazon S3 focuses on two key components: Buckets and Objects. These components work together to create the storage system. As AWS describes it, an S3 environment is a flat structure - a user creates a bucket; the bucket stores the objects in the cloud.

Answer 24

Scalability: AWS allows you to scale resources up and down, while only charging you for the amount of resources you use. Durability and Accessibility: S3 is designed for 11 "9's" worth of durability, meaning it is extremely reliable. The service automatically creates and stores your S3 objects across multiple systems, meaning your data is protected and you can access it quickly whenever you need it. Cost Effective: Data stored in S3 is done so in ranges, allowing frequently and data needed to be accessed immediately to be stored on hot storage, while lesser needed data can be supplanted onto warm or even cold storage. S3 will determine data priority through ongoing access patterns, to allow for cost optimization. Versioning: This is a setting that allows for multiple variants of the same file or object to exist in the same bucket. This provides an opportunity to roll back or recover a deleted object.

Answer 25

Amazon EC2 provides scalable computing capacity in the AWS cloud. Leveraging it enables organizations to develop and deploy applications faster, without needing to invest in hardware upfront. Users can launch virtual servers, configure security and networking, and manage cookies from an intuitive dashboard. AWS EC2 is important, as it does not require any hardware units, and is easily scalable (up or down). With EC2, you only pay for what you use, and you are given full control of your cloud environment. EC2 is highly secure, as well as highly available.

Answer 26

Virtual Machines, known as Instances. Preconfigured Templates, known as Amazon Machine Images (AMIs), that package the bits you need for your server (including OS and software) Various hardware configurations. Secure login through use of key pairs. Storage volumes for temporary volatile data that is discarded when stopped, hibernated, or instance is terminated, known as instance store volumes. Persistent storage volumes for your data using Amazon EBS Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as Regions and Availability Zones. A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups. Use of Elastic IP Addresses. Metadata, known as "Tags", that you can create and assign to your Amazon EC2 resources. Use of VPC

Answer 27

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capavity provisioning and automatic scaling, and logging. With Lambda, all you need to do is supply your code in one of the language runtimes that Lambda supports. You organize your code into Lambda functions. The Lambda service runs your function only when needed and scales automatically. You only pay for the compute time that you consume - there is no charge when your code is not running.

Answer 28

Amazon S3 Glacier is a secure and durable service for low cost data archiving and long-term backup. With S3 Glacier, you can store your data cost effectively for months, years, or even decades. S3 Glacier helps you offload the administrative burdens of operating and scaling storage to AWS , so you don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure and recovery, or time-consuming hardware migrations. S3 Glacier can be divided into three storage classes: - Instant Retrieval (Hot Storage) - Flexible Retrieval (Warm Storage) - Deep Archive (Cold Storage)

Answer 29

Amazon S3 Glacier is a secure and durable service for low cost data archiving and long-term backup. With S3 Glacier, you can store your data cost effectively for months, years, or even decades. S3 Glacier helps you offload the administrative burdens of operating and scaling storage to AWS , so you don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure and recovery, or time-consuming hardware migrations. S3 Glacier can be divided into three storage classes: - Instant Retrieval (Hot Storage) - Flexible Retrieval (Warm Storage) - Deep Archive (Cold Storage)

Answer 30

Amazon SNS is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a "topic", which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported endpoint type, such as Amazon SQS, AWS Lambda, email, push notifications, etc.

Answer 31

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and images files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined - such as an Amazon S3 bucket, or an HTTP Server, that you have identified as the source for the definitive version of your content.

Answer 32

Visual Studio is a powerful developer tool that you can use to complete the entire development cycle in one place. It is a comprehensive integrated development environment (IDE) that you can use to write, edit, debug, and build code, and then deploy your app. Beyond code editing and debugging, Visual Studio includes compilers, code completion tools, source control, extensions, and many more features to enhance every stage of the software development process. Visual Studio provides developers a feature rich development environment to develop high-quality code efficiently and collaboratively. Some features include: - Workload-based Installer (install only what you need) - Powerful coding tools and features - Multiple coding language support - Cross-platform development (build apps for any platform) - Version control integration (collaborate on code with teammates)

Answer 33

The Azure Backup service provides simple, secure, and cost-effective solutions to back up your data and recover it from the Azure Cloud.

Answer 34

Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. Azure SQL Database is always running on the latest stable version of the SQL Server database engine and patched OS with 99.99% availability. PaaS capabilities built into Azure SQL Database enable you to focus on the domain-specific database administration and optimization activities that are critical for your business. With Azure SQL Database, you can create a highly available and high-performance data storage layer for the applications and solutions in Azure. SQL Database can be the right choice for a variety of modern cloud applications because it enables you to process both relational data and non-relational structures, such as graphs, JSON, spatial, and XML.

Answer 35

Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development. Azure Cosmos DB offers single-digit millisecond response times, automatic and instant scalability, along with guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security.

Answer 36

A MSP is a company that remotely manages a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model. The terms "cloud service provider" and "managed service provider" are sometimes used as synonyms when the provider's service is supported by a SLA and is delivered over the internet. There are also MSPs who are independent of the CSP. Your organization may choose to outsource cloud design, migration, deployment, and management solutions to these companies, relying on their expertise and experience. Many CSPs also offer management services for their products. For example, AWS offers AWS Managed Services.

Answer 37

The Shared Responsibility Model is a security and compliance framework that outlines the responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment, including hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS), network controls and access rights. As Amazon puts it "CSPs are responsible for the security of the cloud; the consumer is responsible for security in the cloud"

Answer 38

Refers to the pricing and billing structure that cloud service providers use to offer their services to customers. Instead of purchasing software or hardware upfront, customers pay a recurring fee to access and use cloud-based resources.

Answer 39

Identity and Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For enterprises with complex organizational structures, hundreds of workgroups, and many projects. IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes. IAM provides tools to manage resource permissions with minimum fuss and high automation. Map job functions withni your company to groups and roles. Users get access only to what they need to get the job done, and admins can easily grant default permissions to entire groups of users. Create more granular access control policies to resources based on attributes like device security status, IP address, resource type, and data / time.

Answer 40

The process of deploying an application to the target environment, such as enterprise desktops, mobile devices, or cloud infrastructure. Provisioning is one of several steps in the cloud services deployment process. The term refers to the allocation of cloud resources in the overall enterprise infrastructure. The provisioning process is governed by objectives, policies, and procedures for deploying services and data. Provisioning is usually self-service, reflecting one of the NIST cloud characteristics discussed earlier.

Answer 41

With cloud applications, the installation and processing occur in the cloud, rather than on local workstations or servers. The cloud may be a private or public network. The applications are accessed over the network. One advantage of cloud applications is a consistent experience for all users, whether they use the same workstation platform or mobile device.

Answer 42

Virtualization allocates hardware resources among one or more VMs. The VMs then have an operating system and one or more applications installed on them. The VM participates on the network as a regular node, providing database, authentication, storage, or other services. VMs have greater access to hardware resources and can be provided with redundancy to increase high availability. VMs are a key component of cloud-based IaaS services, such as AWS EC2 or Azure Virtual Machines.

Answer 43

Containerization is a form of virtualization, but it is significantly different than VMs. Containers virtualize at the OS layer, rather than the hardware layer. A container holds a single application and everything it needs to run. This narrow focus allows containers to excel with technologies such as microservices. Containers are very lightweight, share a single OS (usually Linux), and provide a single function. GCP, Azure, and AWS all offer cloud-based container services.

Answer 44

A virtual machine template is a master copy of a virtual machine that usually includes the guest OS, a set of applications, and a specific VM configuration. Virtual machine templates are used when you need to deploy many VMs and ensure that they are consistent and standardized. CSPs also use templates to offer flexible but standardized VM configurations to customers.

Answer 45

Post-deployment validation ensures that deployed apps or services meet required service levels. Depending on the service, this may be handled through regression or functionality testing. If possible, automate post-deployment validation for efficiency and consistency.

Answer 46

Auto-scaling takes advantage of automated deployments and virtualizations to provide appropriate resources for the current demand. Resources can be scaled up or down to manage costs. Your organization only pays for the resources that it consumes. Auto-scaling is useful when your resource utilization is difficult to predict or is seasonal. Resources may be scaled up (more compute power, such as RAM, given to a single virtual server) or scaled out (more virtual servers deployed). When demand is reduced, the resources are reduced, saving money.

Answer 47

Hyper-convergence is an IT framework that combines storage, computing and networking into a single system in an effort to reduce data center complexity and increase scalability. Hyper-converged platforms include a hypervisor for virtualized computing, software-defined storage, and virtualized networking, and they typically run on standard servers. Multiple nodes can be clustered together to create pools of shared compute and storage resources, designed for convenient consumption.

Answer 48

1. Identify the problem 2. Determine the scope of the problem 3. Establish a theory of probable cause, or question the obvious. 4. Test the theory to determine the cause. 5. Establish a plan of action 6. Implement the solution, or escalate. 7. Verify full system functionality 8. Implement preventative measures 9. Perform a root cause analysis 10. Document findings, actions, and outcomes throughout the process

Answer 49

A contract between the provider of a service and a user of that service, specifying the level of service that will be provided.

Answer 50

Users typically are concerned with front-end needs such as applications, network performance, technical support, etc. Businesses are typically concerned with costs, integration with existing services, compliance, and data storage.

Answer 51

The spending of business funds to buy or maintain fixed business assets, such as datacenters, servers, buildings, and so on.

Answer 52

The spending of business funds for ongoing business costs, such as utilities, payroll, and so on. Cloud subscriptions are usually an OpEx.

Answer 53

A programming and query language common to many large-scale database systems.

Answer 54

A non-relational database for storing unstructured data, common with big data technologies.

Answer 55

Large stores of unstructured and semi-structured information. As well as volume, big data is often described as having velocity, as it may involve the capture and analysis of high bandwidth network links.

Answer 56

The document defining a project's scope, success factors, constraints, and other information to achieve project goals. Business analysts will help develop BRDs that provide the answers to "What?"' and "Why?" questions reharding services and applications to ensure the business will benefit from projects such as cloud migrations and web app development.

Answer 57

Development is the act of programming an application or other piece of code that executes on a computer. The development environment is where programmers code projects, detect bugs, manage code versions, and implement code-level security. In a cloud deployment, this environment may be a combination of PaaS (for actual development work) and IaaS (for testing).

Answer 58

Staging is a user testing environment that is a copy of the production environment. The staging environment (which is also the quality assurance environment) is where QA testers validate cloud applications and services. This validation may include security and performance testing. The tests may be automated or manual (or both). The cloud may provide an IaaS environment for staging. This environment may need to scale significantly as part of performance testing, so costs here may not reflect anticipated costs in the production environment.

Answer 59

Production is an IT environment available to consumer for normal, day-to-day use. The production environment is available to end-users. Security is in place to protect data and availability. If the production environment is hosted in the cloud, scalability may be a concern too. Monitoring and availability must be assured here, probably at a higher level than in the other two environment.

Answer 60

A variation of the model of the separate development, staging, and production environments is the blue-green release model. In this model, two identical environments are available, one labeled "blue", and the other "green". At any given time, only one of these is hosting the production environment. The idle environment serves as the staging area for the next release of the software or service. Final testing and QA is performed, and users are gradually migrated to the new environment with the canary deployment model. The blue environment is the production environment, while the green environment serves as the staging environment.

Answer 61

The deployment model that gradually moves users from an old deployment to a new one, rather than an immediate switchover of all users. The Canary model is similar to the Blue-Green Model, except that users are gradually migrated from the older environment to the newer environment to the newer environment, instead of the complete and immediate migration used with the blue-green model.

Answer 62

An evaluation of system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system. Vulnerability Testing empirically identifies, quantifies, and ranks vulnerabilities in networks, operating systems, services and applications. The goal is to identify the vulnerability do that it can be mitigated.

Answer 63

A test that uses active tools and security utilities to evaluate security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Such testing begins with an analysis of available resources, looking for older, unpatched, or vulnerable software. The testing also includes an analysis of business practices. Penetration testing may help meet several strategic goals: - Compliance - Identify weaknesses in processes and configurations - Identify vulnerabilities in software and operating systems.

Answer 64

A test that shows an application's ability to function under a given workload in order to confirm performance and scalability. For cloud services, this information is useful for determining scalability settings. For example, scaling can be done via scale-up (more resources, such as memory, given to a VM) or scale-out (more VMs deployed). Applications may respond better to one or the other of these scaling practices.

Answer 65

The process of testing an application after changes are made to see is these changes have triggered problems in older areas of code.

Answer 66

A test method used in QA to confirm that a solution meets the required needs. Functional testing evaluates whether a system or application meets it's specification - does it do what it is supposed to do?

Answer 67

A testing method where end-users provide direct feedback on requirements and usability. Usability Testing is accomplished by end-users and provides direct feedback on the interface, features, and practical use. Usabilty testing helps ensure the application or server meets requirements and will actually be useful upon release.

Answer 68

Capacity planning is the process of determining and optimizing the resources required to meet the demands of an organization. It involves forecasting future needs, evaluating existing capacities, and making strategic decisions to ensure that sufficient resources are available to support business operations efficiently. Capacity Planning is concerned with the following questions: - What is the current baseline or service level? - What is the current capacity? - What future needs can we predict, based on upcoming business initiatives? - Are there consolidation opportunities for services, applications, or data sources? - What recommendations can be made, and what actions can be taken? Capacity planning helps organizations avoid overprovisioning or underprovisioning of resources. Overprovisioning can lead to unnecessary expenses and underutilization, while underprovisioning can result in performance degradation and user dissatisfaction. By accurately forecasting capacity needs, organizations can optimize resource allocation, improve system performance, enhance scalability, and ensure that service levels are maintained.

Answer 69

Defines the criteria for a solution to a given problem that software or services are expected to meet. The requirements define what needs to happen without specifying how the solution will be met. For cloud services, a solution requirements document might specify that content is quickly available to users. The solution might be a content delivery network, but that is selected later in the process.

Answer 70

The document containing solutions that must be found in order for the organization to achieve it's strategic goals. Such goals might include decreasing costs, increasing revenue, increasing a customer base, or increasing operational effectiveness. Many organizations believe they need to migrate to the cloud so they are not left behind technologically, but they don’t have a good understanding of why (or if) the migration is useful or what (if any) benefits they can expect from cloud services. A business needs analysis will identify a specific business problem for which cloud service might provide a solution.

Answer 71

Per User: One license for each user that consumes the software or service Sock based: One license for each CPU that attaches to the socket of a motherboard, regardless of the number of cores the CPU contains Core Based: One license for each core in a server's CPU. Volume Based: One license that permits a specified number of installations, for example, installation of the software on up to 100 computers. Perpetual: One-time fee for a license that may include additional support costs; however, the license is good for the life of the software. Subscription: Periodic cost; usually includes at least basic technical support, maintenance, and possibly upgrades.

Answer 72

A measure of how busy the system's CPU is over a period of time. The load is usually reported over three points in time: one minute, five minutes, and 15 minutes. While there are usually counters for CPU utilization itself, the system load is better measured by using CPU queue length. That value tracks processes currently being run by the CPU as well as those that are awaiting the CPU's attention. Typically, the queue length value should not exceed the number of logical processors (cores) in the system. Operating systems such as Linux and Windows Server have tools to display the CPU queue length. These tools include "top" in Linux and "Performance Monitor" in Windows Server. Cloud administrators can watch these values on cloud-based VMs to ensure performance expectations are met.

Answer 73

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events. The results acquired are used for capacity planning and system scaling. Trend analysis can help the IT staff understand what to move to the cloud and when.

Answer 74

The point from which something varies. A configuration baseline is the original or recommended settings for a device while a performance baseline is the originally measured throughput.

Answer 75

A free tool offered by cloud service providers to estimate the costs of cloud services with various configurations. They break the costs out into sections to help your organization better understand how changes to resources impact OpEx

Answer 76

A common cloud subscription for managing file storage for both home users and businesses. Data stored using STaaS is available from any device, adding a significant layer of convenience. Examples include: - Dropbox - MS OneDrive - iCloud - Google Drive - AWS Backup

Answer 77

A virtualization implementation that separates the personal computing environment from a user's physical computer. The desktops can be accessed from any device over a web-based connection and from any location. IT management of the desktops may be easier and less expensive due to centralization. A new patch or application is deployed only on the centralized server, and any desktop instance launched includes the update. VDI is a subset of the desktop as a service (DaaS) concept. There are other ways of implementing remote desktops.

Answer 78

An authentication technology that enables a user to authenticate once and receive authorizations for multiple services. Users may be assigned preconfigured roles that grant a given level of access to cloud-based resources. These roles are usually created based on the principle of least privilege and help ensure regulatory compliance.

Answer 79

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications. The terms IAM and IdM are (at the time) used interchangeably.

Answer 80

In cloud architecture, the resources that provide processing functionality and services, often in the context of an isolated container or VM. Compute resources encompass CPU, memory, storage, and network allocations. Compute functions rely on computing I/O functionality to accomplish calculation-based tasks. Administrators will create compute solutions to meet specific needs.

Answer 81

The software or firmware that creates a virtual machine on the host hardware and provides virtualization services. This layer manages the hardware allocations and control VM access to hardware. VMs can be restored to a given point in time with snapshots and replicated among host machines for high availability. Finally, adjustments can be made to the allocated hardware, allowing administrators to scale VM capacity depending on the workload.

Answer 82

A preconfigured OS ready for deployment with required settings and applications. Composed of configurations files that specify all of the hardware allocations - CPU information, RAM quantities, network options, storage - for the VM.

Answer 83

The process of quickly duplicating a virtual machine's configuration when several identical machines are needed immediately. Building from templates is useful for deploying machines that reflect a standardized initial deployment configuration.

Answer 84

A complete template that includes multiple virtual servers, various services, and network configurations. Solutions templates include complete VM, network, and storage configurations to deploy an entire solution to a consumer. Once deployed, the consumer will manage the structure themselves.

Answer 85

A complete VM, storage, and network configuration managed by IT staff. Managed templates also include a complete VM, network, and storage configuration; however. you or your IT staff will manage the structure on behalf of the customer.

Answer 86

An operating system virtualization deployment containing everything required to run a service, application, or microservice. A container is a complete, portable solution, It contains the application code, runtime, libraries, settings, and other components - everything needed for the software to run. This complete package is portable and will run on any platform hosting a container solution. Containerized software developed on a Linux workstation runs the same way on a Windows cloud-based VM. Containers are typically very quick and reliable. Containers may be deployed on physical, on-premises servers or a cloud infrastructure. They can even be used on individual workstations. Deploying containers in the cloud provides all the usual cloud benefits: scalability, HA, and quick deployments. Popular container solutions include: - Docker - Kubernetes - Hyper-V and Windows Containers - Podman

Answer 87

A duplicate of an operating system installation (including installed software, settings, and user data) stored on removable media. Windows make use of image-based backups and they are also used for deploying Windows to multiple PCs rapidly.

Answer 88

A container variable is a programming concept that refers to a variable that can hold multiple values or objects. It is often used to group related data together or to store collections of items.

Answer 89

Container secrets refer to sensitive information, such as passwords, API keys, database credentials, or other confidential data, that are securely stored and accessed by containers within a cloud or container orchestration platform. Managing secrets is important to protect sensitive information from unauthorized access or exposure.

Answer 90

By default, Docker containers do not persistently store data. Data generated by the container exists in the container and disappears when the container is stopped. However, containers can be configured to store data on the host system.

Answer 91

The dynamic and automated method by which cloud compute capacity is scaled up or down to satisfy workload demand. Auto-Scaling provides cost savings, solves the issue of too many or too few resources available, and detects unhealthy instance and replaces them, resulting in HA.

Answer 92

Adding compute resources to an existing instance. Also known as vertical scaling.

Answer 93

Adding more VM instances to an auto-scaling group. Also known as horizontal scaling.

Answer 94

A hypervisor that runs directly on server hardware without an intermediate operating system. Very efficient, they have direct access to the hardware, without having to go through a configuration layer (such as a type 2 hypervisor). In this deployment, there is not a host operating system, such as Windows Server or RHEL. Advantages: - Greater performance - Greater security (no host OS vulnerabilities) Disadvantages: - Requires a management interface, usually on a different host

Answer 95

A hypervisor that runs an application within an operating system. These are very common for workstation or developer deployments and less common for production servers. For example, developers might create applications on an Ubuntu Linux workstation and use Windows 10 and RHEL 8 VMs to test the applications. Advantages: - Easy access to multiple operating systems - Independent of the host operating system Disadvantages: - Additional latency and security problems by having the host OS between the hypervisor virtualization layer and hardware

Answer 96

A CPU design to manage more than one processing thread.

Answer 97

Hyper threading exposes two or more logical processors to the OS, delivering performance benefits similar to SMP

Answer 98

The allocation of compute resources to consumers with the assumption that not all resources will be required. Involves allocating more resources than the physical server actually has. Private cloud administrators might do this based on the anticipated workload for a given set of VMs. For example, a physical server might have 16 GB RAM, but a toal of 24 GB might be allocated to six VMs that reside on the hardware. The hypervisor layer is responsible for allocating memory based on actual utilization at any given time by running VMs. Clearly, this is not a good choice if all VMs will consume their fully allocated memory quantities. However, if well planned, over-allocation can permit maximization of hardware utilization.

Answer 99

A vCPU represents a portion of a physical CPU that is allocated to a virtual machine (VM) or a container. In virtualized environments, a physical CPU is divided into multiple virtual CPUs, each of which behaves as if it were a separate physical CPU. These virtual CPUs are assigned to different VMs or containers to enable them to run concurrently on the same physical hardware. The concept of vCPU allows for efficient utilization of computing resources by allowing multiple virtual machines or containers to share the processing power of a single physical CPU. Each vCPU is capable of executing instructions and performing computations, similar to a physical CPU core. It's important to note that while vCPUs provide isolation and resource allocation for virtual machines or containers, they are not equivalent to physical CPU cores in terms of performance. The actual performance of a vCPU depends on various factors, including the underlying physical hardware, the hypervisor or virtualization layer, and the workload characteristics.

Answer 100

A specialized electronic circuit or chip designed to handle and accelerate the processing of computer graphics and visual data. Originally developed for rendering images, videos, and 3D graphics, GPUs have evolved to become powerful processors that excel at parallel processing and performing complex mathematical computations. While GPUs are commonly associated with graphics-intensive applications, such as gaming and video editing, they have found extensive use in various other fields, including scientific research, machine learning, data analysis, and cryptocurrency mining. The ability of GPUs to perform large-scale parallel computations makes them valuable for tasks that involve massive amounts of data and require intensive mathematical calculations.

Answer 101

refers to a virtualized instance of a GPU that is allocated to a virtual machine (VM) in a virtualized or cloud computing environment. vGPU technology allows multiple VMs to share the processing power and capabilities of a physical GPU. vGPU technology enables the partitioning of a physical GPU into multiple virtual GPUs, which can be assigned to different VMs. Each VM with a vGPU has the illusion of having a dedicated GPU, allowing it to perform graphics-intensive tasks and take advantage of GPU acceleration.

Answer 102

A virtualization configuration that provides a virtual machine with direct access to GPU resources, bypassing the hypervisor. While this makes hardware management more difficult, this configuration provides for predictable and excellent performance

Answer 103

A common measurement for CPUs, it is the average number of instructions executed per clock cycle. Also known as clock speed. Optimizing clock speed can allow for greater time efficiency.

Answer 104

A method where a hypervisor reclaims unused memory from a VM if the host is low on RAM. The VMs may still attempt to use that space, at which point other memory management tricks, such as swapping or paging, will occur. Ballooning is an indication that your host does not have enough memory, and your best rescourse is to add RAM (or reduce the host's workload). however, if increasing the host's memory is not possible, ballooning can help maintain performance until the underlying situation can be resolved.

Answer 105

Reducing the amount of space that a file takes up on a disk using a various algorithms to describe it more efficiently. File storage compression uses lossless techniques. NTFS-formatted drives can compress files automatically while ZIP compression adds files to a compressed archive. Lossy compression, such as that used by JPEG and MPEG image and video formats, discards some information in the file more or less aggressively, allowing for a trade-off between picture quality and file size. This strategy is particularly useful for stored data that is not frequently accessed because decompressing the information takes CPU time.

Answer 106

A technique for removing duplicate copies of repeated data. In SIEM, the removal of redundant information provided by several monitored systems. Data deduplication removes duplicate file chunks, replacing the content with pointers to a definitive copy. Depending on the stored data, deduplication can result in immense storage savings.

Answer 107

Provisioning of storage that dynamically grows to meet storage capacity needs up to a maximum size. Thin storage can grow on demand, up to the maximum capacity, but the organization will be charged only for the storage space actually used. Keep in mind, however, that dynamically growing the storage capacity on demand can result in a performance degradation.

Answer 108

Provisioning of storage that reserves the entire specified storage capacity immediately, whether it is needed or not.

Answer 109

Storage Filesystem: Filesystems such as Microsoft NTFS support storage quotas on a per-user/ per-group basis. Storage Device: Windows disk partitions support quotas to limit the total space users can consume on the partition Cloud Filesystems: Cloud storage supports quotas to limit the total space users can consume.

Answer 110

The storage limitation is not enforced. Typically, a notification will be sent to the user or the administrator or placed in log files.

Answer 111

The storage limitation is enforced, and the user may not store additional data until space is freed or the quota is extended.

Answer 112

Persistent mass storage devices implemented using flash memory. SSDs are the standard in end-user workstations and servers and are becoming more common in servers. SSD technology has taken a long time to catch up to HDD capacity, but the gap is closing. While SSD is more expensive, the performance trade-off is often worth the extra cost.

Answer 113

Device providing persistent mass storage. Data is stored using platters with a magnetic coating that are spun under disks heads that can read and write to locations on each platter (sectors).

Answer 114

Hybrid disks use a mix of SSD and HDD technologies to attempt to maximize performance and cost. Frequently accessed data is stored on the flash memory portion of the disk, while less commonly used information is stored on the spinning disks.

Answer 115

The storage method that breaks data into chunks and distributes the chunks across available storage space (and even across several storage devices), independent of the server's filesystem. Block storage organizes data for the benefit of the data itself, whereas file storage organizes data for the system's benefit. Block storage can be very efficient, but it can also be very expensive. Block storage is used with SANs, which can also be difficult and expensive to implement. It can be very effective for larger chunks of data that are modified frequently, such as databases. Block storage such as AWS EBS provides high availability and redundancy by replicating data within the availability zone that hosts the EBS storage. This implementation differs from S3 data storage, which may be replicated between availability zones. EC2 instances must reside in the same zone as the EBS storage. AWS Block Storage = AWS EBS Azure = Azure Disk Storage GCP = GCP Persistent Disk

Answer 116

A storage method where data is managed as a discrete file within an operating system's filesystem. Common on workstations, servers, and NAS devices. Information about retrieving data is stored in filesystem metadata. This type of storage is inexpensive and useful for relatively small pieces of data. Access is provided via shared filesystems, such as network file system (NFS) and common Internet file system (CIFS). The file storage type is essentially a cloud-based NAS that shares folders to client computers, whether they are on premises or in the cloud infrastructure. Cloud-based file services are scalable, simple, and inexpensive. They are also usually familiar to Windows and Linux server administrators.

Answer 117

A storage method where data is broken into chunks and managed with detailed metadata. It is very scalable and is best for data that is written once and read often. Object Storage is comprised of Tenants and Buckets. Tenants are members of the public cloud that share the existing environment. For security, tenant IDs uniquely label the consumer and help filter access to resources. Tenant IDs are assigned to namespaces within which storage buckets are created to provide further data management. Buckets are the primary storage unit for data objects. When you begin working with cloud storage, you will create one or more buckets. You can then store data in these buckets. Buckets are created in a region selected by you (usually the one nearest to your location). Buckets are given a globally unique name and location when they are created. Before data can be stored, you must assign a storage class (Hot, Warm, Cold).

Answer 118

A storage performance indicator that measures the time taken to complete read / write operations. The drive's own technology limits IOPS, although throughput also impacts performance.

Answer 119

Throughput is the amount of data that the network can transfer in typical conditions. This can be measured in various ways with different software applications. Measured in megabytes per second (MB/sec), or the number of bits read or written per second. Throughput is the critical value for large file transactions and therefore may be the better choice for those workloads. Goodput is typically used to refer to the actual "useful" data rate at the application layer (less overhead from headers and lost packets).

Answer 120

Remote file access protocol used principally on UNIX and Linux networks. Standard NFS configuration uses the /etc/exports file to list what directories should be shared and what access levels should be enforced. Client computers then use the mount command to attach to the exported directories. While NFSv4 is the underlying protocol for directory access in cloud storage, it is configured differently than with local file servers. In the case of AWS, NFS is provided via Elastic File System (EFS). Using the web-based EFS Management Console, administrators create and name a filesystem, connect it to a VPC, and then manage any performance settings. When this is complete, mount targets are created that allow administrators to connect to the resources and manage access controls.

Answer 121

NFS feature that allows administrators to connect to resources and manage access controls.

Answer 122

This protocol is used for requesting files from Windows servers and delivering them to clients. SMB allows machines to share files and printers, thus making them available for other machines to use. SMB client software is available for UNIX-based systems. Samba software allows UNIX and Linux servers or NAS appliances to run SMB services for Windows clients. Access controls are enabled to manage who has permissions to the resources. Microsoft Azure offers Azure Files as another way of managing stored data. Azure Files is a serverless file-sharing service that makes shared data available via SMB or NFS protocols. A service such as Azure Files helps eliminate on-premises file servers. Cloud-stored data can be easily accessed by any authorized user from any type of device.

Answer 123

A network dedicated to data storage, typically consisting of storage devices and servers connected to switches via host bus adapters. SANs provide greater flexibility, fault tolerance, and performance than do NAS devices. SANs however, are also significantly more complex and more expensive. While the SAN is technically the supporting network between the servers and the storage devices, a complete SAN solution is made up of three primary components, in addition to the client workstations. The first component is one or more servers that manage access to data. The second component is an isolated network between the servers and the storage infrastructure. The final component is the storage infrastructure itself. SANs allow organizations to connect disparate types of storage, such as tapes and optical media. SANs also connect data storage across physical boundaries, such as remote datacenters. The SAN infrastructure is transparent to the end user. In the case of a Windows user, they may simply have a drive mapped on their computer and will have no idea what the storage structure actually looks like. There are two primary communication protocols used to support SAN solutions: Fibre Channel and iSCSI

Answer 124

IP tunneling protocol that enables the transfer of SCSI data over an IP-based network to create a SAN. Common solution for small to medium size organizations. iSCSI implementations have a client component and a target component. The client component may be a software-based iSCSI initiator.Such software is often integrated into the server OS. It is inexpensive and relatively easy to configure. An HBA may be added to the server itself and provides a hardware solution. HBA implementations are faster, more complex, and more expensive. The target component is the iSCSI target. This is the storage device itself, or the target for the iSCSI connection from the initiator or HBA.

Answer 125

IP tunneling protocol that enables the transfer of SCSI data over an IP-based network to create a SAN. Common solution for small to medium size organizations. iSCSI implementations have a client component and a target component. The client component may be a software-based iSCSI initiator.Such software is often integrated into the server OS. It is inexpensive and relatively easy to configure. An HBA may be added to the server itself and provides a hardware solution. HBA implementations are faster, more complex, and more expensive. The target component is the iSCSI target. This is the storage device itself, or the target for the iSCSI connection from the initiator or HBA. iSCSI performance relies on the underlying network infrastructure.

Answer 126

Fibre Channel protocols carry SCSI commands over fiber optic cables. This implementation requires specialized network devices. This is the most common SAN structure. Fibre Channel is a protocol that provides block-level data transfers over optical media. The Fibre Channel protocol carries SCSI or NVMe commands between server nodes and storage devices. Fibre Channel SANs may be organized in a point-to-point (direct) or switched topology.

Answer 127

Standard allowing for a mixed use Ethernet and Fibre network with both ordinary data and storage network traffic. The FC protocol is embedded in Ethernet frames. There are fewer specialized devices, a single standardized Ethernet cable in the datacenter, and an overall lower cost.

Answer 128

iSCSI: - Cost is an issue - You're connecting many hosts to one storage target (several servers storing different data on a single storage server) - Training is not available to your IT staff for the complexities of a Fibre Channel solution - You need or want a less complex infrastructure Fibre Channel: - Performance is paramount - SAN components are widely distributed

Answer 129

"Non-Volatile Memory Express" (NVMe) is a technology designed to improve the performance of storage devices, particularly solid-state drives (SSDs). It allows for faster data transfer and lower latency compared to traditional storage protocols. "Fabrics" refers to network fabrics, which are the underlying infrastructure that connects devices in a network. It could be Ethernet, InfiniBand, or Fibre Channel, among others. Now, when we say NVMe-oF, we are referring to the extension of NVMe technology over a network fabric. In other words, it enables the communication of NVMe storage devices, such as SSDs, over a network, rather than being directly connected to a server. NVMe-oF allows multiple servers to access and share NVMe storage devices over the network, providing high-performance storage capabilities. It's like extending the speed and efficiency of NVMe-based storage to multiple computers, enabling them to access and utilize the storage resources more effectively.

Answer 130

RAID 0, also known as "striping," is a data storage configuration that splits data across multiple drives, increasing performance by allowing data to be read from and written to multiple drives simultaneously. However, RAID 0 offers no data redundancy or fault tolerance, meaning that if one drive fails, all data stored across the array may be lost. Requires a minimum of two disks.

Answer 131

RAID 1, also known as "mirroring," is a data storage configuration that duplicates data across multiple drives, providing data redundancy and fault tolerance. Each drive in the array contains an exact copy of the data, ensuring that if one drive fails, the data remains accessible from the other drive. Data is not efficiently used, as two copies of data are made in order for redundancy). Requires a minimum of two disks.

Answer 132

RAID 5 is a data storage configuration that uses striping with parity. It distributes data and parity information across multiple drives, providing a balance between performance, data redundancy, and storage efficiency. If one drive fails, the remaining drives can use the parity information to reconstruct the lost data, maintaining data integrity and allowing continued access to the stored information. Requires a minimum of 3 HDDs

Answer 133

RAID 6 is a data storage configuration that offers higher data protection compared to RAID 5. It utilizes striping with double parity, distributing data and two sets of parity information across multiple drives. This redundancy allows for the failure of two drives without losing data, ensuring better fault tolerance and data integrity in the event of multiple drive failures. Requires a minimum of 4 HDDs.

Answer 134

RAID 10, also known as RAID 1+0 or "striped mirroring," combines the features of RAID 1 (mirroring) and RAID 0 (striping). It creates a mirrored set of drives and then stripes data across them. This configuration offers both data redundancy and improved performance by leveraging the benefits of both mirroring and striping. If a drive fails, the mirrored drive ensures data availability, while the striping enhances read and write speeds.

Answer 135

Software RAID relies on the OS to manage the RAID array, First, this assumes the OS is capable of doing so - most server OSs can, but most client systems cannot. The computer's primary processing power handles the array. However, software RAID is usually cheaper than hardware RAID. Hardware RAID relies on a separate controller to manage the array. This RAID solution does not consume resources from the system. It is typically faster, more reliable, and more flexible. Those advantages lead to a higher cost.

Answer 136

RAID configurations are approached differently in cloud storage than with traditional physical servers and disk drives. The process is to attach cloud-based disks to the VM you’re managing, and then use the VM operating system to manage the configuration. For example, with Linux, you could configure Logical Volume Manager (LVM), and with Windows, you could use Storage Spaces. Microsoft Azure offers Managed Disks for VM storage. These disks can be attached to VMs and configured for RAID. Sometimes RAID configurations that provide performance increases, such as RAID 0, can be used to configure less expensive disks for greater speed. Architects and administrators working in datacenters and deploying private clouds need to be familiar with RAID options, including controllers and the best use of SSD and HDD storage. Hardware management such as this is offloaded to CSPs for public clouds.

Answer 137

APIs and compatible hardware / virtual appliances allowing for programmable network appliances and systems. SDN manage network devices differently. First, it defines two management planes: the data plane and the control plane. The data plane is the compute level that controls packet management tasks such as the actual forwarding or filtering of networking traffic within and between segments. A layer of programmable or configurable control of multiple network devices that is decoupled from the individual network devices. It provides the devices with the information needed for packet forwarding at the IP and MAC address layers. The control plane is hosted on a controller that permits network administrators to manage configurations for multiple devices, such as routers, switches, and load balancers. Furthermore, this configuration management is automated.

Answer 138

Virtual network design; consists of basic and limited SDN support for platform services.

Answer 139

Virtual network design that consists of a cloud-specific SDN without reliance on physical on-premises networks.

Answer 140

Virtual network design that consists of perimeter network with tightly controlled access between your cloud network deployment and your on-premises physical network.

Answer 141

Virtual network design that centrally manages connectivity and services with isolated networks for specific workloads.

Answer 142

The service that maps names to IP addresses on most TCP / IP networks, to include the Internet. Each server, workstation, or other network node has an entry in the database. When a user requests access to a resource by name, their computer queries DNS to discover the related IP address. Network traffic is then addressed to that IP address. DNS is one of the most critical services on the network. Public Internet resources are discovered the same way. Websites, for example, are requested by users with a URL, but they are actually contacted via IP address. CSPs offer DNS services for the networks they host. Your organization can use these services to organize cloud resources and provide connectivity. Cloud DNS can integrate with your on-premises name resolution services to provide a more consistent infrastructure that’s easier to manage. Both public and private DNS zones are supported.

Answer 143

Provide DNS resolution for Internet-facing services, such as your organization's public website

Answer 144

Private Zones provide DNS services to internal resources, such as your company's VPC of internal servers, printers, and databases.

Answer 145

A feature in DNS that allows a DNS server to forward DNS queries to another DNS server. It is typically used when a DNS server does not have the necessary information to resolve a domain name and needs to pass the query to another server that may have the required information.

Answer 146

Also known as reverse DNS or rDNS, this is a process that translates an IP address to a domain name. While regular DNS resolves domain names to IP addresses, reverse lookups perform the opposite function by providing the domain name associated with a given IP address.

Answer 147

Also known as DNS interconnect, is a mechanism used by network operators and ISPs to exchange DNS traffic directly between their DNS infrastructure. It involves establishing direct connections between DNS servers of different networks to exchange DNS queries and responses efficiently.

Answer 148

DNS protocol that adds security features to DNS. It aims to provide data integrity, authenticity, and authentication mechanisms for DNS queries and responses, mitigating various DNS-based attacks and ensuring the trustworthiness of DNS information.

Answer 149

Specifies the exact location of a specific host or resource within the DNS hierarchy. FQDN consists of two main components: 1. Hostname: represents the unique name assigned to a specific device or resource within a domain. It could be a computer, server, or any networked device. For example, "www" for a web server 2. Domain Name: The domain name represents the hierarchical structure of the DNS and identifies the organization, network, or entity to which the host belongs. It consists of one or more domain labels separated by dots. For example "example.com" To form an FQDN, the hostname is appended to the domain name, creating a fully qualified and unique address for a specific resource.

Answer 150

A protocol used to automatically assign IP addressing information to hosts that have not been configured manually. Such configuration is automatic, making it less prone to mistakes and less time consuming for administrators. However, network devices and services that must be easily and consistently found on the network should not be DHCP clients, because their IP address may change over time.

Answer 151

1. Client sends a DHCPDiscover broadcast, which is heard by the DHCP server. 2. DHCP server sends a DHCPOffer broadcast, which is heard by the client. 3. Clients sends a DHCPRequest broadcast, accepting the offer, which is heard by the DHCP server. 4. The DHCP server sends a DHCPAck broadcast, which is heard by the client, finalizing the process.

Answer 152

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

Answer 153

TCP/IP application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123. Clients and servers that experience time drift (unsynchronized and different time settings) may have difficulty communicating, users may not be able to authenticate, and time-sensitive applications may not run correctly. In cloud environments, AWS EC2 and Azure VMs receive the definitive time from their hardware host by default.

Answer 154

A distributed network of servers strategically located in different geographic locations to deliver web content and other digital assets to end-users with improved performance, reliability, and scalability . CDNs work by caching and serving content from edge servers that are geographically closer to the users, reducing latency and network congestion.

Answer 155

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header. Primarily used with Windows OS

Answer 156

OpenVPN is an open-source VPN software that provides secure and encrypted connections between devices over the internet. It allows users to establish a private and encrypted tunnel between their device and a remote server, enabling secure communication and data transfer.

Answer 157

A protocol within IPsec that sets up a Security Association using certificates to establish a secure network session. Open source protocol, strong security, fast

Answer 158

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

Answer 159

Permits multiple isolated routing tables to exist on the same router, each associated with different interfaces. VRF provides virtualization within a physical router. The result is the ability to manage multiple routing tables on the router. Each routing table directs traffic for a different route, eliminating the need for individual routes.

Answer 160

Implements the physical and data link connection between a host and transmission media. An OS deployed on that physical server accesses the network via the NIC.

Answer 161

Connections between a virtual machine instance and a physical network interface card in the host server. Also called virtual NIC or vNICs

Answer 162

The practice of dividing a single network into two or more smaller networks by using subnet masks. The goal could be performance or security (or both). Most cloud network configurations begin with the VPC. From there, the VPC can host one or more subnets. Instances can be added to the subnets as appropriate.

Answer 163

A type of switch or router that distributes client requests between different resources, such as communications links or similarly configured servers. This provides fault tolerance and improves throughput.

Answer 164

A firewall designed to specifically protect software running on web servers and their backend databases from code injection and DoS attacks. WAF filtering protects cloud resources from Internet threats. Isolating VPC traffic within a cloud deployment is accomplished by using security groups and network ACLs. When a new VM instance is created, it is associated with a security group. Such an association is used to control access to the instance. Segments within a VPC can be filtered by using newtork ACLSs, and logs are generated that report on permitted and denied traffic.

Answer 165

A private network segment made available to a single cloud consumer on a public cloud. VPCs allow organizations to achieve greater security within a public cloud. Traditional public cloud IaaS deployments do isolate customer data by subnets and VLANs, but VPCs go further, implementing a single-tenant structure within the CSP's multi-tenant environment. VPCs add VPN connectivity and isolation to regular public cloud implementations.

Answer 166

Network connectivity that permits instances to communicate between two virtual private clouds using reversed IP addresses. The virtual networks appear to consumers as a single network. In addition, fast connectivity is provided between the two networks, making data and resource access very efficient. Peering is used in the hub-and-spoke model to connect the spoke networks with the hub network. Not that the spoke networks are not peered to each other in the hub-and-spoke model.

Answer 167

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate. A VLAN segments the network at Layer 2, accomplished by tagging data frames with VLAN membership information.

Answer 168

A method for overcoming VLAN shortfalls by providing a great number of available segments. VXLANs extend the functionality of VLANs by adding increased scalability that is appropriate for cloud, on-premises, and hybrid networks. VXLANs support up to 16 million separate networks.

Answer 169

A network virtualization standard used with VXLANs, NVGRE, and STT. GENEVE is a combined standard for VXLANs and network virtualization using generic routing encapsulation (NVGRE), a competing standard. The use of GENEVE may be required across multi-cloud deployments.

Answer 170

Enable users to visualize and understand how data moves through a network infrastructure. The diagram displays the flow of data through any internal and external nodes, network devices (such as routers), and cloud services.

Answer 171

Refers to the concept of extending a network across multiple locations or sites, typically over a wide geographical area. It involves connecting multiple network segments or subnets in different physical locations to create a single logical network.

Answer 172

Network microsegmentation is a security technique that involves dividing a network into smaller segments or subnetworks to enhance security and control network traffic. In traditional network architectures, all devices within a network share the same security perimeter, making it easier for threats to move laterally once they gain access to the network. Microsegmentation addresses this vulnerability by creating smaller security zones within the network, where each segment has its own security policies and controls. This allows for granular control over network traffic and restricts the lateral movement of threats. To implement network microsegmentation, organizations often leverage technologies such as virtual local area networks (VLANs), software-defined networking (SDN), network virtualization, or firewall-based segmentation solutions. These technologies enable the creation and enforcement of security policies at a more detailed level, improving network security and reducing the impact of potential security incidents.

Answer 173

A separation of server roles into tiers to facilitate management

Answer 174

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Answer 175

Tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network. Does not use encryption that does not use encryption unless combined with IPsec and should be avoided for any secure communications.

Answer 176

The DNS name resolution service that uses HTTPS to encrypt communications between the client and server to ensure privacy and confidentiality.

Answer 177

The DNS name resolution service that uses TLS to encrypt communications between the client and server to ensure privacy and confidentiality.

Answer 178

A stateful firewall is a network security device that monitors and filters incoming and outgoing network traffic based on the context and state of the network connections. Unlike traditional packet-filtering firewalls, which examine individual network packets in isolation, stateful firewalls maintain knowledge about the ongoing sessions and connections passing through them. Stateful firewalls are widely used in network security architectures to provide robust protection against unauthorized access, malicious activities, and network-based threats. They are a fundamental component of network security infrastructure, along with other security measures such as intrusion prevention systems (IPS), virtual private networks (VPNs), and secure web gateways.

Answer 179

A stateless firewall, also known as a packet-filtering firewall, is a network security device or software that examines individual network packets without maintaining information about the state or context of network connections. Stateless firewalls make decisions about packet filtering based solely on the information contained in the packet headers, such as source and destination IP addresses, port numbers, and protocol types. Stateless firewalls are often used in scenarios where simplicity, efficiency, and basic packet filtering functionality are sufficient for network security requirements. They are commonly implemented at network perimeters, where they can act as a first line of defense by blocking or allowing traffic based on predetermined rules. However, for more advanced security needs or when deeper inspection and context-aware filtering are required, stateful firewalls or other security solutions may be more appropriate.

Answer 180

A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing that trusted site, circumventing the browser's security model of trusted zones.

Answer 181

A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser.

Answer 182

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

Answer 183

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Answer 184

Addresses vulnerabilities at the WAF layer rather than in the application layer. May serve as a permanent fix or a temporary solution until the application's code is updated.

Answer 185

A multifunctional device that provides load balancing, traffic flow, SSL offloading, and other optimization functions for web apps.

Answer 186

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. IDSs are passive devices that match network traffic and patterns against known vulnerabilities. They monitor the network environment. An IDS does not sit "in-line" (traffic does not flow through).

Answer 187

An IDS that can actively block attacks. IDS devices are active, actually controlling the network traffic flow. IPS devices are the common standard on today's networks.

Answer 188

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized network. There are several ways to manage data loss, including examination of data at rest, in transit, and in use. DLP is often used to manage data security for authorized users who may deliberately or accidentally attempt to copy or otherwise remove data from the secured environment.

Answer 189

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level. Examples: Workstation security (endpoints): anti-virus, anti-spyware, patching, and vulnerability scans Authentication: single sign-on and multifactor authentication Network security: firewalls, network IDS, patching, and updated anti-virus definitions

Answer 190

A service that gathers and exposes network information to security tools. NPBs exist between the network infrastructure and infrastructure security tools to gather information and expose that information to the appropriate tools. Without an NPB, each network analysis tool is individually configured to collect information, placing a strain on systems and gathering a great deal of undesired information. NPBs gather all of the network information and then expose it to the appropriate tool.

Answer 191

A key exchange that verifies the identity of a source time server and the integrity of the time synchronization information received from it.

Answer 192

Refers to software instructions stored semi-permanently (embedded) on a hardware device. Modern types of firmware are stored in flash memory and can be updated more easily than legacy programmable (ROM) types. Not as easy to patch as operating systems or applications; however, periodically, vendors will offer firmware updates. Typically, these updates will provide three possible benefits: - Security fix - Performance update - New feature release

Answer 193

An intermediary service for web browsing that provides content filtering. May exist between users and web-based resources, and DLP solutions can be used to analyze this traffic and mitigate data exfiltration. analysis and control are managed by allow lists and/or blocklists.

Answer 194

Load balancing technique where workloads are assigned to servers in sequence, with no regard for the current work assignment. Advantages include simplicity and equal distribution of traffic. Additionally, it can handle different types of traffic, and is suitable for environments where all servers or devices have similar capabilities. Disadvantages include the lack of consideration for actual capacity or current workload of each server or device. If some servers or devices are more powerful or have higher performance than others, they may end up handling more requests or traffic, leading to potential imbalances. To address this, more advanced load balancing techniques, such as weight Round Robin or dynamic load balancing algorithms, can be employed.

Answer 195

The workload is evenly distributed among servers (best for workloads that rarely change).

Answer 196

Load balancing technique where the least busy server is given the next work cycle (best for variable workloads).

Answer 197

The default gateway is an IP configuration parameter that identifies the location of a router on the local subnet that the host can use to contact other networks.

Answer 198

Network Address Translation (NAT) is a technique used in computer networks to modify IP addresses and/or port numbers in IP packet headers as they pass through a network device, such as a router or firewall. NAT allows multiple devices within a private network to share a single public IP address, enabling them to access the Internet. The primary purpose of NAT is to conserve public IP addresses, as the number of available IPv4 addresses is limited. By using NAT, a private network with private IP addresses can communicate with external networks using a single public IP address.

Answer 199

Assessment: Understanding what services and applications exist and which are candidates for migration Planning: The planning phase of your migration Implementation: Actual transfer of data, services, and servers to the cloud. The implementation is likely to be accomplished in phases. Optimization and Security: optimization of services and processes to ensure they are functioning as efficiently and as cost effectively as possible.

Answer 200

No modification, application is cloud ready for cloud migration. Typically the fastest and easiest migration. The software involved is cloud ready, meaning that it can take advantage of cloud computing benefits, it can run in a virtualized environment.

Answer 201

Application requires some modification before cloud migration. This method relies on some modification or optimization of the application in order to take advantage of cloud benefits. The bulk of the application does not are to be freshly developed, but some changes are necessary.

Answer 202

Application will be entirely rearchitected to be cloud ready. Thiis method requires a great deal of development time and may be quite expensive.

Answer 203

Application is retired and replaced by a modern, cloud-ready application. This is very common for legacy applications that cannot run in virtualized or cloud-based environments. The legacy application is retired, and a new application is selected and purchased. This method may be more cost effective than others because the new application will be cloud ready from the start.

Answer 204

Application is retired and not replaced upon cloud migration.

Answer 205

Describes a mix of any of the six cloud migration types: - Rehost - Replatform - Refactor - Repurchase - Retire - Retain

Answer 206

Administrators create a VM, install an OS and applications, and copy data.

Answer 207

A migration tool assists with some aspects of physical to virtual migration, such as hardware specifications and data migration.

Answer 208

A migration tool manages the entire process of physical to virtual migration.

Answer 209

Cloud native refers to a modern approach to building and running applications that takes full advantage of cloud computing and its characteristics. It involves designing applications specifically for deployment and operation in cloud environments, such as public or private clouds.

Answer 210

Software development method combining app and platform updates, which are rapidly committed to production, with code updates, which are rapidly committed to a code repository or build server. This approach addresses configuration drift and decentralized management, which is often inconsistent. Code-based deployments are easier to test, faster to deploy, more accurate to scale up (or down), and repeatable.

Answer 211

A combination of software development and systems operations, and refers to the practice of integrating one discipline with the other.

Answer 212

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration. One of the most important aspects of IaC is that all changes are made in code and then applied to the devices. Manual changes should never be made directly on individual devices. Any alteration of the desired state is implemented through code. There are two approaches to managing IaC: imperative and declarative Benefits include: - Quicker Deployments - Quicker Configuration Changes - Quicker Recovery - Consistency and less config drift - Re usability of code - Version control - Visibility of configuration settings

Answer 213

A configuration method that specifies step by step exactly how the target machine will be configured. Specific commands are defined that execute and configure the device.

Answer 214

A configuration method that declares a desired configuration that the target machine configures itself to match. The desired state is defined, and the automation tool matches it on the device.

Answer 215

An API is a set of rules and protocols that allows different software applications to communicate and interact with each other. It defines how different components of software systems can interact, exchange data, and request services from each other. APIs provide a standardized way for software developers to access the functionality of a system, whether it's an operating system, a database, a web service, or any other software component. They define the methods, parameters, and data formats that developers use when making requests and receiving responses.

Answer 216

The automation of multiple steps in a deployment process. The workflow is launched once, and then each process is started in order. When one process is completed, the next one begins without any interaction by the administrator. Orchestration Sequencing refers to running the components of the workflow in the proper order. Care must be taken by the system admin to ensure that the orchestration workflow has a way of testing each automated step. For example, when an instance is deployed and the next automated task should be run, the existence of the instance must be confirmed by the management tool.

Answer 217

The process through which an organization's information systems components are kept in a controlled state that meet's the organization's requirements, including those for security and compliance

Answer 218

Ansible is an open-source automation tool that provides a simple and powerful way to automate IT infrastructure tasks, including configuration management, application deployment, and orchestration. It is designed to be agentless, meaning it doesn't require any software to be installed on the managed hosts. Instead, it uses SSH or WinRM protocols to connect to remote systems and execute tasks. Ansible uses a declarative language called YAML (YAML Ain't Markup Language) to define playbooks, which are files containing a set of instructions that define the desired state of the system. Playbooks describe the tasks to be performed, the hosts on which to execute those tasks, and any required variables or conditions. It allows you to streamline repetitive and complex tasks, reduce human error, and promote consistency across your IT infrastructure.

Answer 219

A common markup language for configuration files and applications such as Ansible.

Answer 220

Automation platform that transforms complex infrastructure into code, and automates how applications are configured, deployed, and managed. Chef uses a client-server structure to deliver configuration requirements. the configurations are written in the Ruby programming language and stored in Recipes. Recipes are definitions of configuration settings written in Ruby and included in a Chef configuration cookbook. Chef uses a pull configuration. The Chef clients periodically check in with the Chef server to see if there have been changes. The Chef server stroes the configuration information. Typically, the Chef server is managed via a Chef workstation, where the recipes are created.

Answer 221

An open-source configuration management tool designed to manage the configuration of Unix-like and Microsoft Windows systems declaratively. Puppet uses a client-server model. Puppet relies on an agent called the puppet-client to get configuration information from the Puppet Master server. Like Chef, Puppet files are written with Ruby. Puppet supports all of the common operating systems and may be used with physical machines, VMs, and Cloud Instances.

Answer 222

A command shell and scripting language built on the .NET Framework, can be used to run common commands on single Window's systems. Native PowerShell commands use a verb-noun syntax and are referred to as cmdlets. PowerShell can execute cmdlets on remote systems. Finally, PowerShell can be configured to deliver a file containing a desired state for the destination remote system. PowerShell can also be used as a config manager by enabling and using PowerShell Desired State Configuration (DSC)

Answer 223

A declarative configuration management tool that uses PowerShell to manage the target systems. Relies on a Managed Object Format (MOF) file that holds the configurations. The service can be used with both Windows and Linux clients to configure physical servers and Azure-based instances

Answer 224

A configuration file using Common Information Model classes to define a desired configuration to be implemented via PowerShell Desired State Configuration.

Answer 225

A container virtualization engine that can be installed on Linux, Windows, macOS, and other platforms to run containers. Docker containers can be managed and automated by Docker's own Swarm (Docker service used to create a cluster of Docker Engine hosts), or a third-party solution. Docker hosts DockerHub, an online repository for storing container images. Your organization's staff can access the repositories and use images stored there. The repository is kept current by using automation. Docker supports automated builds that create a new build when updated code is sent to a repository. Docker containers are built by using a Dockerfile. This text files contains the necessary commands to construct and configure the container. It is very easy to quickly build containers by storing these settings in a Dockerfile.

Answer 226

Type of version tracking software used primarily with collaborative development projects to ensure integrity and version control. Git is the de facto standard for code management. Git software manages code versioning in collaborative development environments.It can actually be used to manage code or files in many different contexts. Functions by storing code in a central repository. The code can then be copied, or "cloned", to a developer's local workstation for work. The updated code is then pushed back up to the repository to be integrated with the rest of the project. Branches of code are created for additional work. Once Git is installed on a workstation and a local repository (folder) exists, project files can be created. These might be files that make up code for an application or even plain text files. The files can then be uploaded to a Git repository stored at GitHub.

Answer 227

A host or network account that is designed to run a background service rather than to log on interactively. The service accounts are given a very narrow scope of access—just enough to run the service or application and no more.

Answer 228

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Answer 229

A type of software that reviews systems files to ensure that they have not been tampered with.

Answer 230

The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and / or applicable laws and regulations.

Answer 231

Storage media used to maintain the integrity of the data being compiled by preventing modification.

Answer 232

The process of controlling data throughout it's lifecycle. Includes the following: - Versioning - Retention - Destruction

Answer 233

CASB software observes the data flow between the on-premises network and the cloud, looking for potential data loss incidents. A CASB uses rules to determine legitimate and illegitimate exchanges of information. The rules can be established for specific users or entire departments. CASB solutions have become increasingly important with the growth of cloud services, especially cloud storage. Third-party CASB software is available on the AWS Marketplace. Microsoft offers Cloud App Security to help organizations manage DLP. Cloud App Security combines Azure DLP, EDR, and IAM solutions to manage data security.

Answer 234

Method to track the lifecycle phase of one or more hardware, service, or software systems in an organization. It tracks four primary phases: - Development - Deployment - Maintenance - Reprecation

Answer 235

Stores information about hardware and software deployed throughout the company. Entries in the database are referred to as configuration items. The role of the CMDB has changed with the increased use of virtualization and cloud services. The original CMDB concept emphasized asset and inventory tracking. With virtualization, whether on premises or in the cloud, there are new challenges to managing the CMDB.

Answer 236

Cloud resource labels that provide tracking for governance and cost management. Tag labels are used to generate billing and utilization reports in tools such as the AWS Billing and Cost Management console.

Answer 237

Reports that display the utilization of services without billing the business unit that consumed the resources.

Answer 238

Linux tool used for drive encryption.

Cloud + Flashcards

(262 cards)