Cloud Computing Midterm Review
According to Larry Ellison, Co-Founder CEO of Oracle in 2008, what percent of "hot air" is Cloud computing?
100
In what year did AWS launch EC2 & S3, the first modern Cloud computing infrastructure?
2006
When you launch a compute instance in a VPC, you can assign a maximum of ______ security groups.
5
Canalys projects Q1 2021 market share for Google ___%, Azure ____%, AWS ___%?
7/19/32
What federal department is NIST under?
Commerce
Selected uses of a key or modification to its policy logs to AWS CloudTrail for auditing purposes.
False
According to Gartner Desktop as a Service (DaaS) is 4th in their top six public Cloud end-user spending 2020 forecast?
False (6th)
Customers maintain the configuration of their infrastructure devices, but AWS is responsible for configuring guest operating systems, databases, and applications.
False (AWS maintains, customers are responsible)
Both Azure and AWS provide dollar credits for services outside of the free tier?
False (Azure and GCP)
Only AWS and GCP offer multi-factor authentication as part of IAM?
False (Azure does as well)
AWS VPC Flow log data can be published to Amazon CloudView Logs or Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination.
False (CloudWatch not CloudView)
AWS EC2 stands for Amazon Elastic Compute.
False (EC2 stands for Amazon Elastic Compute Cloud)
Only Azure and AWS have the concept of groups in IAM?
False (GCP also has the concept)
All three top market share Cloud platforms provide 12-month free trials?
False (GCP offers a 3-month)
The coding of AWS permission policies is in XML format.
False (JSON)
According to NCCP, Cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Managed Service)?
False (Measured Service not managed Service)
An AWS Edge location is always located within an AWS Region?
False (They are a separate edge computing network)
Amazon Resource Names (ARNs) uniquely identify AWS resources and specify a resource unambiguously within regions of AWS.
False (all of AWS not regions)
Recovery Time Objective (RTO) is the amount of downtime a business can't tolerate?
False (can tolerate)
AWS Step Functions does not have built-in fault tolerance and maintains service capacity across multiple Availability Zones in each region to protect applications against individual machine or data center failures.
False (does have)
According to NCCP, the key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, (3) high-performance virtualization for commodity hardware, and (4) inexpensive storage?
False (does not include inexpensive storage)
IAM policies do not require an additional "Decrypt" action for access to encrypted resources.
False (encryption operations)
IAM on AWS, Azure, and GCP refers to an identity access methodology of users?
False (identity access management)
An AWS VPC only supports IPv4 Subnets?
False (it also supports IPv6)
An Elastic IP address changes over time after initially being allocated to your account and then associated with an instance or a network interface.
False (it does not change over time)
An AWS VPC (Virtual Private Cloud) is an isolated network you define on AWS infrastructure (an availability zone construct)?
False (it is a regional construct)
A Pro of the Silo Isolation Model is onboarding automation.
False (it's a con)
AWS-managed policies provide permissions for a handful of everyday use cases.
False (many)
The least secure way to grant "least privilege" is to write a custom policy with only the permissions needed by your team.
False (most secure)
Rejuvenate, Iterate, Innovate, and Pioneer are the dimensions McKinsey research identifies and pools of value for Cloud adoption?
False (not iterate)
Amazon Web Services (AWS) offers approximately 170 fully featured services from data centers globally?
False (over 200)
Operational Excellence & Performance Efficiency are two of the four pillars of the AWS Well-Architected Framework (prior to December 2021)?
False (six pillars)
Authentication and authorization are equal to isolation.
False (they are not equal)
Free tier services rollover from month to month during the trial period?
False (they reset)
It is impossible to develop AWS applications without an AWS Virtual Private Cloud.
False (using serverless you don't need a VPC)
Zones are unique physical locations within a cluster made up of one or more data centers equipped with independent power, cooling, and networking?
False (within a region)
When you create a subnet, you do not have to specify the IPv4 CIDR block for the subnet, which is a subset of the VPC CIDR block.
False (you do have to specify)
Azure account creation requires either a Microsoft or a _______ account credential.
GitHub
For an instance in an AWS VPC to communicate via the Internet a/an_______ gateway and instance _______ are required.
Internet/Routing Table
CloudFormation allows coding in either YAML/______, AWS SAM macros, translation of high-level languages (CDK), or sample templates.
JSON
The best way to get someone to watch a video on IAM is to put ________ in the title?
Ninja
In 2006 AWS launched a new IaaS Cloud Service called EC2 with a unique pricing model called _______?
On-Demand
A reference to a colocation center that supplies rack space for remotely accessible computers with redundant electricity and internet connectivity is known as ping, power, and _______.
Pipe
The four Cloud deployment models are Public, ______, ______ and Hybrid?
Private/Community
According to Google "we consider ________ to be the most critical feature of any production system."
Reliability
AWS EC2 has five pricing structures Free Tier, On-Demand, Savings Plan/Reserved, Dedicated, and _______ instances.
Spot
A KMS key is the same logical resource, regardless of how many times its key material changes. The properties of the KMS key do not change.
True
A Region is a physical location around the world where data centers are clustered?
True
A VPC network performance is sufficient to accomplish synchronous replication between AZs.
True
A processor is virtualizable when access to special operating system instructions causes an error that privileged software can intercept or trap.
True
AWS Encryption SDK supports AWS KMS as a root key provider for developers who need to encrypt/decrypt data locally within their applications.
True
AWS KMS supports three types of CMKs (customer-managed keys): Customer-managed, AWS-managed, and AWS-owned.
True
AWS VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC?
True
AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
True
AWS services for high-performance inter VPC communication is via a transit gateway and remote communication via direct connect?
True
AWS services manage the AWS KMS encryption/decryption mechanics for you, so you don't have to understand the details of how it works.
True
AWS suggests that customers provide internal and external audit teams with cloud-specific learning opportunities by leveraging the Cloud Audit Academy.
True
AZs make partitioning applications for high availability easy. With partitioned applications across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more.
True
Access for both users and applications is critical for public Cloud interaction?
True
According to NCCP (NIST Cloud Computing Program) security, interoperability, and portability are major barriers to Cloud adoption?
True
According to NCCP, Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction?
True
According to NCCP, Clouds have three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private Cloud, Community Cloud, Public Cloud, Hybrid Cloud)?
True
All three top market share Cloud platforms provide free tier services even after the initial free trial period and conversion to a paid account?
True
An AWS Elastic IP address is a static IPv4 address allocated to your AWS account until released. It can mask the failure of an instance or software by rapidly remapping the address to another in your account.
True
An AWS S3 VPC Endpoint allows you to bypass NAT and Internet Gateways (touching the internet) for higher throughout access to S3 that stays on the AWS internal network?
True
An AWS VPC subnet splits an extensive network into smaller efficient networks. Within an AWS VPC, a subnet is an availability zone construct?
True
An AWS security group acts as a virtual firewall for your instance to control inbound and outbound traffic. A VPC has a default used when launching instances.
True
An exercise to help customers determine the distribution of responsibility based on specific use cases is reviewing the security functionality and configuration options of individual AWS services.
True
An organizational unit (OU) is a group of AWS accounts within an organization. An OU can also contain other OUs enabling you to create a hierarchy.
True
Big Data as a Service (BDaaS) is one of Cloud computings "as a services"?
True
CloudWatch dashboards allow sharing with people who do not have direct access to your AWS account.
True
Customer responsibility varies based on many factors, including the AWS services and Regions chosen, integrating those services into their IT environment, and the laws and regulations applicable to their organization and workload.
True
GCP implements a layer of abstraction between zones and the physical clusters where the zones are hosted representing a distinct physical infrastructure that is housed in a data center?
True
Hyper-scalability is an attribute McKinsey notes as part of the "innovate" dimension of value?
True
IAM policies express themselves in terms of "grants" and service control policies (SCPs) in terms of "deny."
True
Larry Ellison, Co-Founder & CEO of Oracle in 2008 called Cloud Computing "Complete Gibberish?"
True
Moore's law posits in 1965 a doubling every year in the number of components per integrated circuit. In 1975, looking forward to the next decade, he revised the forecast to doubling every two years?
True
Nimbus is a type of Cloud just not a computing one?
True
Nitro Enclaves provide a signed attestation document to prove its identity to another party or service.
True
Operational troubleshooting is a use case of CloudWatch Logs.
True
Quantum computing is an example of one of McKinsey's 7 drivers of Cloud computing value "Adoption of emerging technologies?"
True
Recovery Point Objective (RPO) is a measurement of time from the failure, disaster, or comparable loss-causing event. RPOs measure back in time to when your data was preserved in a usable format, usually to the most recent backup?
True
Resource policies help access objects in different accounts typical of larger organizations.
True
Resources that live in a zone are referred to as zonal resources. Other resources, like static external IP addresses, are regional. Regional resources can be used by any resource in that region, regardless of zone, while zonal resources can only be used by other resources in the same zone?
True
The Pool SaaS isolation model enables the resources to scale proportionally to the tenants' actual load.
True
The Pro of the Silo Isolation Model is limited blast radius.
True
The code name for Windows Azure at Microsoft was "Project Red-Dog?"
True
The pillars of the Azure and AWS Well-Architected Frameworks are exactly the same (prior to December 2021)?
True
Today you can purchase Ransomware as a Service?
True
VPC Endpoints use AWS PrivateLink, enabling private access to AWS services outside the VPC using subnet private IP addresses.
True
AWS EC2 has over 350 different instance types.
True (363 as of Sep. 2021)
What is the Best Day to Buy an Airline Ticket?
Tuesday
The service AWS ____ provides free tier usage alerts.
budgets
CloudFormation defines a _______ language that describes how you want your architecture and how resources connect.
declarative
You _____ provide your AWS access keys to make programmatic calls to AWS.
must
An AWS network access control list (ACL) is an ______ layer of security for your VPC that acts as a firewall to control traffic in and out of one or more subnets
optional
An AWS VPC ______ connection is a networking connection between two VPCs that enables you to route traffic between them using the internal AWS Cloud network
peering
Most on premise Cloud migrations happen in phases to minimize risk and speed up time to production. The most common approach is to lift-and-shift (also known as "_____") an application and its data with as few changes as possible?
rehost
The top priority of all public Cloud vendors is _______.
security
AWS network access lists are ________, while security groups are ___________.
stateless/stateful
