Cloud Computing Characteristics

Questions and Answers

What is the main characteristic of 'Measured service' in cloud computing?

Resources can be scaled up or down rapidly

Resources are shared among users

Resources usage is monitored and measured (correct)

Users can provision and manage resources

Which type of cloud deployment model is suitable for high-security and critical systems?

Community Cloud

Private Cloud (correct)

Hybrid Cloud

Public Cloud

What is the main benefit of a Hybrid Cloud?

Cost efficiency

High security

Economical compared to a private cloud

Utilizing private/community cloud for critical data and public cloud for cost efficiency (correct)

What is the concept of 'Multi-tenancy' in cloud computing?

Resources are shared among multiple organizations

What is the primary advantage of a Community Cloud?

Serves a specific community with a common goal

Which cloud deployment model is open to the public and remotely accessed?

Public Cloud

What is DynamoDB's primary key's main function?

To uniquely identify items

What is the primary reason IAM becomes critical in cloud computing?

Due to the lack of network control

What is the purpose of IAM groups in AWS?

To facilitate easier user management

What is the function of IAM policies in AWS?

To define resource access and permissions

What is the benefit of auto-partitioning in DynamoDB?

Scalability as dataset size grows

What is the purpose of IAM in AWS?

To manage access to AWS resources

What is the maximum size of an object that can be stored in an Amazon S3 bucket?

5 TB

Which Amazon S3 storage class is designed for frequently accessed data?

Standard

What is the primary benefit of using Amazon S3 Intelligent-Tiering storage class?

Automated cost-effective tiering based on access patterns

What is a key consideration when designing a database?

Scalability

What is an example of a use case for Cloud Object Storage?

Media Hosting

What is the primary benefit of using Amazon S3 Glacier Deep Archive storage class?

Low-cost storage for long-term retention and digital preservation

What is the primary function of a Security Group?

To filter traffic to instances

What is the default behavior of a Security Group?

Deny all inbound, allow all outbound

What is the primary difference between a NAT Gateway and a NAT Instance?

NAT Gateways have better availability and less administrative effort

What is the primary function of an Internet Gateway?

To facilitate communication between VPC instances and the internet

What is the relationship between a subnet and a Network Access Control List (ACL)?

Each subnet must be associated with one Network ACL

What is the default behavior of a Network Access Control List (ACL)?

Allow all IPv4 traffic

What is a benefit of caching in apps?

Reduces the time users wait for a response from the app

At which layers can caching be used to speed up an app?

At multiple layers, including operating systems, networks, web apps, and databases

What is the purpose of a CDN like Amazon CloudFront?

To store copies of data closer to users

What type of attack can CloudFront protect apps on AWS from?

DDoS mitigation

What is the role of a DNS service like Amazon Route 53?

To connect users to CloudFront

What is an example of content that can be cached in an edge cache?

Web content

Study Notes

Route Tables and Routes

• Route tables define rules for managing network traffic within a subnet.
• Each route table includes a default local route, facilitating intra-VPC communication.

VPC Networking

• Internet Gateways: Allow VPC instances to communicate with the internet and serve as the target for internet-routable traffic in route tables.
• NAT Gateway: Enables internet access for private subnet instances. It's a managed service, ensuring high availability and reducing administrative tasks.
• NAT Instances: Less preferred option for providing internet access in public subnets, featuring lower availability and higher maintenance.

Security Groups

• Function as virtual firewalls at the instance level, regulating inbound and outbound traffic.
• Each instance can have multiple security groups within the same subnet, facilitating tailored access controls.
• Default settings deny all inbound traffic while permitting all outbound traffic.

Network Access Control Lists (NACLs)

• Provide an extra security layer for VPCs, functioning as subnet firewalls.
• Each subnet must be associated with a NACL, which can have multiple subnets linked to it but only one associated NACL.
• NACLs have separate inbound and outbound rules, allowing specific traffic management.

Amazon S3 (Simple Storage Service)

• Offers object-level storage with exceptional durability (11 nines).
• Supports virtually unlimited objects per bucket, with individual object sizes up to 5 TB.
• Features different storage classes tailored for specific data use cases.

Amazon S3 Storage Classes

• Standard: Optimal for frequently accessed data with high durability and availability.
• Intelligent-Tiering: Automatically adjusts to the most cost-effective tier based on access patterns.
• Standard-IA: Cost-effective for infrequent access yet allows quick retrieval.
• One Zone-IA: Low-cost alternative with storage located in a single Availability Zone.
• Glacier and Glacier Deep Archive: Designed for secure, durable long-term data archiving, with Glacier Deep Archive offering the lowest costs.

Common Use Cases of Cloud Object Storage

• Backup and storage solutions, application and media hosting, software delivery.

Database Considerations

• Scalability: Essential for handling increased data and traffic without degrading performance.
• Total storage requirements: Determined by overall data volume and space needs.
• Key features of DynamoDB:
  • NoSQL tables with flexible attributes.
  • Supports high requests per second via auto-partitioning.
  • Allows querying with Global and Local Secondary Indexes.

IAM Basics

• Covers identification management, authentication, authorization, access management, accountability, and user activity monitoring.
• Embodies critical importance in cloud environments due to extended trust boundaries into cloud service providers.

AWS IAM

• Comprehensive service for managing resource access in AWS.
• Includes users, groups, policies, and roles to facilitate streamlined permission management.

Cloud Deployment Models

• Public Cloud: Open-access infrastructure managed by vendors (e.g., AWS, Google Cloud).
• Private Cloud: Restrained access, typically for organizational needs, located on-premises or off-premises.
• Community Cloud: Shared infrastructure among organizations with a common goal, often more economical than private clouds.
• Hybrid Cloud: Combines private/community cloud benefits with public cloud scalability and cost efficiency.

Benefits of Caching

• Enhances application speed by storing frequently accessed data in memory, reducing response times.
• Lowers processing time for data access, beneficial for apps with high read frequencies (e.g., social networks).

Caching Across Data Journey

• Implements caching at multiple stages (operating systems, networks, applications) to expedite responses.
• Utilizes CDNs and DNS for faster content delivery and data access.

Edge Caching

• Involves using CDNs like Amazon CloudFront to store copies of data closer to users, accelerating request fulfillment and reducing latency.
• Protects applications from DDoS attacks by monitoring unusual traffic and maintaining uninterrupted service through services like Amazon Route 53.

Description

This quiz covers the essential characteristics of cloud computing, including rapid elasticity, measured service, on-demand self-service, and resource pooling. Test your knowledge of cloud computing concepts and multi-tenancy in cloud security. Explore the different cloud deployment models, including public, private, and hybrid clouds.