Cloud Security and Data Management Essentials

Questions and Answers

What benefit does the distributed architecture of virtual block storage provide?

Increased cost of storage management

Enhanced data loss due to hardware faults

Data can be quickly migrated or restored (correct)

Dependent on single hardware performance

What can be configured on the management console for ECSs and EVS disks?

Network bandwidth monitoring

User access levels

Backup policies (correct)

Data encryption methods

Which security service is mentioned as part of the multi-dimensional protection for ECSs?

Data loss prevention

Identity theft protection

Web Application Firewall (correct)

Malware removal tool

What is recommended during a security evaluation of cloud environments?

Review of security configurations

Which of the following best describes the deployment of ECSs?

In multiple Availability Zones (AZs)

What is the purpose of configuring a whitelist in intelligent process management?

To control which programs can run

What type of scanning service is offered as part of vulnerability scanning?

Web vulnerability scanning

How does deployment in multiple AZs affect data reliability?

Other AZs remain unaffected if one fails.

What is a key feature that provides security within a VPC?

Network ACLs and security groups

What prevents two different VPCs from communicating by default?

Logical isolation

Which configuration allows for communication with the Internet from a VPC?

NAT Gateway or Direct Connect

What is a limitation of the high-speed network in relation to security features?

Does not support security groups

What is the minimum bandwidth provided by an enhanced high-speed network?

10 Gbit/s

Which of the following is true regarding the restrictions on using high-speed networks?

They cannot overlap with standard NICs during creation.

What aspect of high-speed network interconnectivity is emphasized?

Carries only east-west traffic

What technology allows for automatic failover in a VPC?

Dynamic BGP connections

What is the primary disadvantage of physical servers compared to cloud computing?

They have a longer deployment time and complex O&M.

Which type of high-performance computing system uses 2nd Gen Intel® Xeon® scalable processors?

High-performance ECS

Why might enterprises choose not to use virtual machines (ECSs) for core databases?

ECSs cannot provide the performance required by core applications.

What advantage does BMS provide over traditional physical servers?

Access to cloud capabilities like online delivery.

What is a characteristic of high-performance computing networks for users?

They provide secure, isolated virtual networks.

What is a common reason for enterprises to avoid virtualization?

They are concerned about performance loss due to virtualization overhead.

What distinguishes high-performance BMS from ECS?

BMSs have higher EDR InfiniBand NICs bandwidth.

What is a key limitation of cloud-based ECS compared to physical servers?

ECS can incur performance loss due to virtualization.

What is a characteristic of a private image?

It can include custom applications added by the creator.

Which of the following best describes a public image?

It contains a standard OS and is available to all users.

What type of image provides third-party applications as part of its offerings?

Marketplace image

Which service is recommended when using certain public images?

Host Security Service (HSS)

What is a full-ECS image composed of?

An OS, pre-installed software, and service data.

What feature is tied to the Host Security Service (HSS) for secure logins?

Two-factor authentication

Which option best describes a shared image?

A private image that has been shared with another user.

What type of image contains only service data?

Data disk image

What is one of the primary benefits of using Auto Scaling (AS) for resource management?

It ensures system stability by adjusting resources according to demand.

How does Auto Scaling assist in cost management?

By using instances and bandwidth on demand, thereby optimizing utilization.

What does Auto Scaling do when it detects an unhealthy instance?

It automatically replaces the unhealthy instance to maintain performance.

Which of the following can be configured as scaling actions in Auto Scaling?

Alarm-based, scheduled, and periodic actions.

When working with Elastic Load Balancing (ELB), what happens to newly added instances in the Auto Scaling group?

ELB automatically associates a load balancer listener with them.

What allows for greater flexibility in scaling actions within Auto Scaling?

Setting configurable thresholds and schedules for scaling actions.

Which factors can be monitored for alarm-based scaling in Auto Scaling?

vCPU, memory, disk, and inbound traffic.

What is one of the key purposes of the Auto Scaling architecture?

To automatically adjust compute resources based on service demands.

Study Notes

### Reliable Data

• Virtual Block Storage uses a distributed architecture to ensure data can be quickly migrated or restored
• This architecture prevents data loss caused by a single hardware failure

Backup and Restoration

• ECSs and EVS disks can be backed up using the management console or API
• Users can set up backup policies to run periodically or at specific times

Security

• A range of security services provide multi-dimensional protection
• Services like Web Application Firewall and Vulnerability Scan Service protect ECSs
• The security of cloud environments is evaluated to help identify vulnerabilities and threats quickly
• Security configurations are reviewed and suggestions for improvement are provided
• Recommendations are made to reduce or avoid losses from viruses or malicious attacks

### Intelligent Process Management

• Users can configure a whitelist to control which programs are allowed to run
• Comprehensive vulnerability scanning services are offered, including general web, third-party application, port detection, and fingerprint identification

ECS Architecture

• ECSs are deployed across multiple Availability Zones (AZs) connected by an intranet
• If one AZ fails, other AZs in the region are unaffected
• ECS works with other products and services for computing, storage, network, and image installation functions

High Performance Computing (HPC)

• Compute-intensive ECSs use 2nd Gen Intel® Xeon® scalable processors for performance and Huawei-developed high-speed NICs for high bandwidth and low latency networks
• High-performance BMSs provide excellent computing performance with no virtualization overhead
• Secure, isolated virtual networks are provided for HPC users on the public cloud

Comparisons Between BMS, ECS, and Physical Servers

• Physical servers are considered the best for performance but lack flexibility, are complex to manage, take a long time to deploy, and are difficult to rebuild
• VMs (ECSs) may not offer the performance required by core databases or may need core application adjustments
• BMS solves this dilemma by providing physical servers dedicated to an enterprise, eliminating performance or resource isolation compromise, while offering cloud capabilities

Advantages of VPC

• VPCs can be flexibly configured with security groups, VPNs, IP address segments, and bandwidth
• Subnets are protected by Network ACLs and ECSs by security groups
• By default, VPCs are logically isolated and cannot communicate with each other, but connections can be made through EIP, ELB, NAT Gateway, VPN, and Direct Connect
• High-speed access is provided by dynamic BGP connections to multiple carriers, providing automatic failover

BMS Network: High-Speed Network

• A high-speed internal network between BMSs provides high bandwidth for connecting BMSs in the same AZ
• High-speed networks share the same physical plane with VPCs
• Only east-west traffic is carried and layer-2 communication is supported
• High-speed networks have the following restrictions:
  • Network segment used by standard NICs cannot overlap with that used by high-speed NICs
  • Security groups, EIPs, DNS, VPNs, or Direct Connect connections are not supported
  • Different high-speed networks must be selected for different high-speed NICs configured for a BMS
  • High-speed networks cannot be configured after a BMS is provisioned

BMS Network: Enhanced High-Speed Network

• Enhanced high-speed network is a high-quality, high-speed network for BMS communication
• Enhanced high-speed networks use upgraded hardware and software to allow communication between BMSs in different PODs
• Advantages over high-speed networks include:
  • Bandwidth of at least 10 Gbit/s
  • Customizable number of network planes
  • Support for up to 4,000 subnets

### Image Management System (IMS)

• Users can manage images through the management console or using APIs
• IMS provides a self-service platform for managing and maintaining images
• Public images offer tested, secure, and stable services with multiple mainstream OSs (Windows Server, Ubuntu, CentOS)

Image Types

• Public images are provided by the cloud platform and contain an OS and public applications
• If a public image lacks the required application environment or software, users can create an ECS and install the necessary software
• Private images are only accessible to the creator and contain an OS, service data, preinstalled public and custom applications
• Shared images are private images shared with other users
• Marketplace images are third-party images published in the Marketplace with preinstalled OS, application environment, and software

Automatic Scaling (AS)

• AS automatically adjusts compute resources based on service demands and configured policies
• The number of ECS instances changes to match service demands, ensuring service availability
• Scaling control allows specifying thresholds and scheduling for scaling actions
• Scaling actions can be triggered by repeating schedules, specific times, or configured thresholds
• Users can configure alarm-based, scheduled, and periodic policies:
• Alarm-based policies can be set for vCPU, memory, disk, and inbound traffic
• Scheduled policies allow scheduling actions at a specific time
• Periodic policies configure scaling actions at scheduled intervals, times, or within time ranges

AS Architecture

• AS automatically adjusts compute resources based on service demands and configured AS policies
• AS allows adjustments to the number of ECSs in an AS group and EIP bandwidths bound to the ECSs
• AS monitors instance status in an AS group and replaces unhealthy instances
• When working with ELB, AS automatically associates a load balancing listener with newly added instances in the AS group, improving system availability

Description

This quiz covers essential concepts in cloud security, backup systems, and intelligent process management. Learn about the distributed architecture of virtual block storage, effective backup strategies, and how to enhance security in cloud environments. Test your understanding of the measures needed to protect and manage data efficiently.