Cloud Computing: Basics and Models

Questions and Answers

Which cloud delivery model provides the most management control to the user?

• SaaS
• IaaS (correct)
• XaaS
• PaaS

Which storage type is most suitable for storing unstructured data like images and videos in a cloud environment?

• Block Storage
• SAN Storage
• Object Storage (correct)
• DAS Storage

What is the primary purpose of an Application Pool in IIS?

• To install server features
• To isolate web applications for improved reliability and security (correct)
• To configure website bindings
• To manage virtual directories

Which component is essential for running containers on Windows Server 2019?

Docker EE (A)

What is the function of LinuxKit in the context of Windows Server 2019?

To build minimal Linux OS for containers (D)

Which type of GPO configuration applies during computer startup?

Computer Configuration (B)

In PKI, what is the role of a Root CA?

To serve as the top-level authority that must be trusted (D)

What protocol does 802.1X use to authenticate clients before granting network access?

RADIUS (C)

Which Microsoft Defender feature helps prevent ransomware attacks?

Controlled Folder Access (B)

Why are hashes and checksums used in server administration?

To verify file integrity (A)

Which cloud delivery model allows developers to focus solely on application development without managing servers or infrastructure?

PaaS (B)

What is the purpose of Continuous Deployment (CD) in DevOps workflows?

To automate the process of building, testing, and deploying code (C)

Which IIS component acts as an alias mapped to a physical directory on the server?

Virtual Directory (A)

What is the significance of WebDAV in the context of IIS?

It enables web-based file editing and management (D)

What is the purpose of a Container Image in Docker?

To act as a read-only snapshot used to create containers (A)

What type of container is required for Nano Server images in Windows Server 2019?

Hyper-V Containers (A)

What is the primary function of Windows Subsystem for Linux (WSL)?

To run Linux distributions directly on Windows (D)

How do Group Policy Preferences differ from Group Policy Policies?

Preferences are flexible and can be overridden by users, while policies are enforced (A)

What is the purpose of a Public Key Certificate in PKI?

To bind a public key to an identity (D)

What is the function of a CRL (Certificate Revocation List) in PKI?

To check the revocation status of certificates (A)

Which authentication protocol provides an encrypted tunnel for secure authentication in 802.1X?

PEAP (C)

What is the primary function of WSUS (Windows Server Update Services)?

To provide local management of Windows updates (A)

Which component of Microsoft Defender combines antivirus, firewall, and IPSec functionalities?

Microsoft Defender (C)

How can Windows Defender Firewall be configured?

Via Group Policy or Windows Defender Firewall with Advanced Security (B)

What is the purpose of WMI filters in Group Policy?

To target GPOs based on system attributes (C)

Which of the following is an example of a SaaS (Software as a Service) offering?

Microsoft 365 (C)

What is the main advantage of using Block Storage over Object Storage for databases?

Faster performance (D)

Which of the following is a key requirement for implementing Continuous Deployment?

Code repositories (C)

What is the function of the IIS Manager?

To configure IIS settings through a GUI (B)

Which protocol is primarily used for real-time communication in web applications?

WebSocket (A)

Nano Server images require Hyper-V isolation primarily for what reason?

Security and isolation (A)

What is a 'distribution' (or 'distro') in the context of Linux containers?

A version of a Linux operating system (D)

What is the purpose of the 'docker' command?

To pull images, run containers, and manage applications (B)

Which of the following best describes the term 'XaaS'?

A catch-all term for 'Anything as a Service' (D)

What role does the Docker Hub play in containerization?

It is an online registry for container images (D)

When would you typically use a subordinate CA in a PKI hierarchy?

To issue certificates on behalf of the root CA (D)

What is the purpose of auto-enrollment in the context of certificates?

To automatically distribute certificates via GPO (B)

Which of the following is a function of the tool known as the 'Certificate Templates Console'?

To manage certificate templates (D)

What information can be used to target GPOs when applying WMI filters?

Operating System Version (D)

Which technology is used by WSUS for its internal database?

Windows Internal Database (WID) (C)

Flashcards

Cloud

A global collection of internet-accessible servers, used for hosting Web apps and services, accessed via Web servers.

Cloud Providers

Examples include AWS, Azure, and Google Cloud, that host apps/services.

IaaS (Infrastructure as a Service)

You rent virtualized computing resources (VMs, storage, networks). You manage OS, middleware, runtime, apps, and data.

PaaS (Platform as a Service)

You focus on the application; the provider manages everything else. Examples: Azure App Services, Google App Engine.

SaaS (Software as a Service)

Fully managed software you access via web (e.g., Google Workspace, Microsoft 365).

XaaS

Catch-all term for "Anything as a Service."

Cloud Providers

Host services publicly or privately, can offer hybrid cloud environments combining on-premises infrastructure with public cloud.

Block Storage

Structured like a virtual hard drive. Faster, better for databases and VMs.

Object Storage (BLOB)

Stores files as objects with metadata. Ideal for unstructured data like images, videos.

Continuous Deployment (CD)

Automated process to build, test, and deploy code.

IIS (Internet Information Services)

Web server software for hosting websites + web apps on Windows Server.

Virtual Directory

Logical pointer to a physical folder on disk, allowing Web apps to be accessed via structured URLs.

Application Pools

Isolate apps for reliability/security. Each pool has its own worker process (w3wp.exe).

CGI, ISAPI, ODBC

Support for dynamic content in IIS.

SSI

Includes external content in pages on IIS.

WebSocket

For persistent two-way communication in IIS.

WebDAV

Web-based file management in IIS.

Docker EE (Enterprise Edition)

Required to run containers on Windows Server 2019.

Docker client

CLI tool to interact with Docker.

Docker daemon

Manages containers/images.

Docker Hub

Public registry for images.

Container Images

Immutable and executable blueprint for creating containers.

LCOW (Linux Containers on Windows)

Run Linux containers on Windows with LinuxKit.

LinuxKit

Toolkit to build minimal Linux OS for containers.

WSL (Windows Subsystem for Linux)

Run Linux distros directly on Windows. Great for Linux-native Web apps.

GPOs (Group Policy Objects)

Control configuration of users and computers.

Computer Configuration

Applies during boot. Affects system-level settings.

User Configuration

Applies at logon. Affects user profiles.

Software Settings

Install/manage applications via GPO.

Windows Settings

Scripts, security settings, folder redirection via GPO.

Administrative Templates

Registry-based policies via GPO.

Preferences

User can override; more flexible.

Policies

Enforced; user cannot override.

Public Key Infrastructure (PKI)

Uses certificates to establish trust.

CA (Certificate Authority)

Issues and verifies certs.

Root CA

Top-level CA, must be trusted.

Subordinate CA

Issues certs on behalf of root CA.

Public Key Certificate

Binds a public key to an identity.

Digital Signature

Verifies authenticity/integrity.

Study Notes

Cloud Basics

• Cloud refers to a global network of internet accessible servers
• These servers are used for hosting web apps and services
• Access is facilitated through web servers, such as IIS, operating on cloud virtual machines (VMs)

Cloud Providers

• Examples of cloud providers: AWS, Azure, and Google Cloud
• Cloud providers host applications and services through IaaS, PaaS, and SaaS
• They can host services publicly or privately
• Hybrid cloud environments, combining on-premises infrastructure with public cloud, are also an option

Cloud Delivery Models

• IaaS (Infrastructure as a Service): Requires renting virtualized computing resources like VMs, storage, and networks, while managing the OS, middleware, runtime, apps, and data (e.g., Azure VM)
• PaaS (Platform as a Service): Focuses on application development, with the provider managing everything else like Azure App Services and Google App Engine
• SaaS (Software as a Service): Provides fully managed software accessed via the web, exemplified by Google Workspace and Microsoft 365
• XaaS: Is a general term for "Anything as a Service"

Cloud Storage Types

• Block Storage: Structured like a virtual hard drive, faster performance making it ideal for databases and virtual machines
• Object Storage (BLOB): Stores files as objects with metadata and is suitable for unstructured data like images and videos
• Binary Large Object (BLOB): File types stored in object storage, such as audio and images

Continuous Deployment (CD)

• Automated to build, test, and deploy code
• Requires code repositories (e.g., GitHub), build automation tools (e.g., Jenkins, GitLab CI), and orchestration tools
• CD is a key part of DevOps workflows

Internet Information Services (IIS)

• Web server software to host websites and apps on Windows Server
• Installed via Server Manager or PowerShell
• IIS Manager provides a GUI for configuration
• Supports protocols like HTTP/S, FTP, WebDAV and WebSocket
• An open-source alternative to IIS is Apache Web Server

IIS components

• Virtual Directory: Logical pointer to a physical folder on disk, allowing web apps to be accessed via structured URLs.
• Application Pools: Isolate apps for reliability and security where each pool has its own worker process (w3wp.exe).

Supported Interfaces & Extensions

• CGI, ISAPI, ODBC provide support for dymanic content
• SSI includes extrenal content in pages
• WebSocket allows for persistent two way communication
• WebDAV enables web based file management

Web App Technologies

• Web App Frameworks include: Django, Node.js and ASP.NET
• Web app files include: HTML, CGI and ISAPI

Containers on Windows Server 2019

• Docker EE (Enterprise Edition) is required to run containers
• The docker command in the CLI pulls images, runs containers, and manages apps
• Types of containers are Windows Containers, Hyper-V Containers and Linux Containers on Windows (LCOW)
• Nano Server requires Hyper-V isolation

Docker EE Components

• Docker client is a CLI tool to interact with Docker
• Docker daemon manages containers/images
• Docker Hub is a public registry for images

Container Images

• Container images are immutable and executable
• Container Image is a read only snapshot used to create a container

Linux Containers on Windows (LCOW) & LinuxKit

• LCOW is for running Linux containers on Windows
• LinuxKit is a toolkit to build minimal Linux OS for containers

Windows Subsystem for Linux (WSL)

• Runs Linux distros directly on Windows
• Allows to run Linux native web apps
• Choose a distro (like Ubuntu) via Microsoft Store

Group Policy

• GPOs (Group Policy Objects): Control configuration of users and computers
• Edit using Group Policy Management Editor
• Linked to Sites, Domains, or OUs

Configuration Types

• Computer Configuration: Applies during boot and affects system-level settings
• User Configuration: Applies at logon and affects user profiles

GPO Categories

• Software Settings: Install/manage applications
• Windows Settings: Scripts, security settings, folder redirection
• Administrative Templates: Registry-based policies

Preferences vs Policies

• Preferences: User can override, more flexible
• Policies: Enforced and user cannot override

Certificates and PKI

• PKI (Public Key Infrastructure) establishes trust using certificates

PKI Components

• CA (Certificate Authority): Issues and verifies certs
• Root CA: Top-level, must be trusted
• Subordinate CA: Issues certs on behalf of root

Certificate Concepts

• Public Key Certificate: Binds a public key to an identity
• Digital Signature: Verifies authenticity/integrity
• Auto-Enrollment: Users/computers get certs automatically via GPO

Tools & Concepts

• Certificate Templates Console
• CA Hierarchy: Trust chain structure
• CRL / OCSP: Used to check revocation status

Network Security & Updates

• 802.1X
  • Wired & Wireless security protocol
  • Works with RADIUS to authenticate clients before granting access
  • PEAP is an encrypted authentication tunnel
• WSUS (Windows Server Update Services)
  • Local management of Windows updates
  • GPOs configure when/how clients check WSUS
• Microsoft Defender
  • Antivirus, firewall, and IPSec in one
  • Controlled Folder Access prevents ransomware
  • Core Isolation / Memory Integrity protects from kernel-level threats

Other Important Concepts & Tools

• Windows Defender Firewall
  • Controlled via Group Policy or Windows Defender Firewall with Advanced Security
  • Configure firewall rules, connection security rules (IPSec)
• Windows Installer & Internal Database
  • Used for deploying apps via GPO
  • WID is used by WSUS
• Hashes & Checksums
  • Used for verifying file integrity
  • SHA/MD5 common in digital signatures
• WMI Filters
  • Target GPOs based on system attributes (e.g., OS version)

Key Terms

• Docker EE: Enterprise container platform
• Container Image: Blueprint for creating containers
• Orchestration: Automates deployment/management of containers
• LCOW: Linux Containers on Windows
• WebDAV: Edit/manage files over HTTP
• ISAPI/CGI: Interfaces for server-side processing
• Virtual Directory: Alias to a physical folder in IIS
• Application Pool: Isolated environment for web apps
• BLOB Storage: Stores unstructured data (media, files)
• Distribution (Distro): A version of a Linux OS
• WSL: Run Linux on Windows natively