Enterprise and Cloud Computing 2019
S3 replicates all objects ______. (Select the best answer).
in Multiple availability zones within the same region
Which of the following must be configured on an Elastic Load Balancing load balancer to accept incoming traffic?
A Listener
Which of the following services controls user access to your AWS resources
AWS IAM
fault tolerance
Ability to withstand a certain amount of failure and still remain functional
high availability
Accessible when you need it
Which service would you use to send alerts based on Amazon CloudWatch Alarms?
Amazon Simple Notification Service (Amazon SNS)
_____ is important to enable applications to take advantage of certain cloud characteristics such as flexibility. The related operations eliminate unnecessary dependencies, making the corresponding classes and methods self-contained and order-independent. It also enables scalability.
Atomicity
Minimise discrepancy between IT resources capacity and demand to achieve predictable efficiency and performance.
Capacity Planning
IT environment designed for remotely provisioning scalable and measured IT resources.
Cloud
It delineates areas where different security measures can be applied
Cloud Based
IT environment designed for remotely provisioning scalable and measured IT resources.
Clout
A virtual machine abstracts a complete server including hardware resources like memory, disk and operating system. Instead of a virtual server, another technology can be used to abstract the operating system and provide virtual resources. As they are lighter, you can provide many more units of this technology than of VMs, for the same hardware, though directly access to the operating system/hardware is usually not available or very limited. This technology is known as: _____
Containerisation
What are the pillars of the Well-Architected Framework
Cost Optimisation, Performance Efficiency, Reliabilty, Security
Through IAM you can
Create and Manage AWS users and groups, Use existing corporate identities to grand secure access to AWS resources, Use permissions to allow and deny AWS users
Most successful attacks result from overloading IT resources to the point where they cannot function properly, resulting in service degradation and/or failure.
Denial of service
Which of the following AWS tools help your application scale up or down based on demand (Choose two)
Elastic Load Balancing, Auto Scaling
Ability to add new IT resources by applying scalability strategies.
Elasticity
Cloud computing as we know it now is a relatively new concept, which started to become strong in the last 10-12 years. However, some of the (a) for clouds exist and have been used for much longer than that. In this context, (a) is:
Enabling Technologies
Digital coding system dedicated to preserving the confidentiality and integrity of data by using specific algorithms to encode plaintext data into ciphertext.
Encryption
A failover system is a mechanism used to increase the reliability and availability of IT resources by creating redundant implementations, which can span to more than one geographical area so as to provide increased reliability. In AWS, that could be implemented by having two or more Regions in the same or different Availability Zones, depending on the required level of redundancy. (T/F)
False
A hardened virtual server is a VM created from an image that has been stripped from unnecessary software to reduce potential vulnerabilities. The reasoning behind this security strategy is "what is not there cannot be abused or exploited by attackers". A container is different from a VM. The main difference is that a container provides an abstraction for a complete server, including hardware resources, while a VM provides an abstraction for an operating system instead. Containers are also tailored for a specific application or group of services, supporting only the minimum resources to make applications or services work. Thus, a similar reasoning can be applied to containerisation security, as unused services, libraries and operating system capabilities that are not provided in a container cannot be abused/exploited. (T/F)
False
A router is a mechanism that receives and forward packets from multiple data flows. They are one of the fundamental components of ISP communication. ISPs (Internet Service Providers) are also known as cloud providers in the cloud computing context. TF
False
A stateless object holds data, information, or context that is important across multiple calls on a given instance of that object. This is the reason why statelessness is so important for cloud application design, as all that information is required to develop a quality system. Having this type of stateless implemented also helps cloud applications to better take advantage of the fundamental cloud characteristics. (TF)
False
Because they use most of the same resources and technology, it is correct to say that cloud is just another name for the Internet. TF
False
Both cloud providers and cloud consumers can be cloud service owners. It depends on who legally owns the services being provided. For example, if an organisation owns a website which is hosted in AWS (Amazon Web Services) or Microsoft Azure, either AWS or Azure will be the legal owners of this website, regardless of the service it provides.(TF)
False
By working on-premise or on cloud environments, a company will always be able to work under the same service-level agreements for quality attributes, e.g., usability, performance, security and availability. TF
False
Cloud providers don't need to disclosure the collection and storage of the cloud consumer's usage data for future reporting purposes as the data belongs to the provider. Terms of service are usually helpful and the cloud consumer should pay attention to them as well. TF
False
Confidentiality is the characteristic of not having been altered by an unauthorised party; in the cloud, the main concern is to guarantee that a message sent by the cloud consumer matches the one received by the cloud service which should process that message. TF
False
Containers and micro-services have a higher level of abstraction than virtualisation while multi-tenancy enables multiple users (tenants) to access the same application logic simultaneously. Access to basic operating systems features is allowed in all of the three technologies above to enable proper automated data centre technology. TF
False
Depending on the delivery model, the cloud provider will have more work to do. This varies accordingly to the type of administrative constraints that a particular model encompass. In SaaS, for example, the cloud provider doesn't need to work too hard to keep the services up and running, as the users do most of the work themselves. PaaS is a mixed model with shared responsibilities while IaaS is the model that requires less involvement of the cloud consumer in administrative tasks.(T/F)
False
In AWS, a 192.168.168.0/24 VPC may be placed inside a 192.168.0.0/16 subnet.(T/F)
False
Latency is the amount of time a packet takes to travel from a data node to another. Every intermediary node on the data packet's path will potentially increase latency, specially if there is transmission queues or faults/failures in the node, even though ISPs cannot interfere with latency. Latency can impact the quality of the cloud services. TF
False
Manually installing applications in a VM is never recommended because cloud environments are more frequently created and destroyed, so scripts are much better. Also, the developer should never rely on the cloud topology. Only logs and state information can be locally saved in the VM because they will not be impacted by such problems. TF
False
Moving the company's systems to the Cloud would be only a matter of analysing the available providers by carefully studying tables 1, 2 and 3. Once that is sorted out, the migration would happen smoothly, as project and architectural solutions developed for on premise systems usually work just as well in cloud environments, with the additional benefit of having superior elasticity and availability. (T/F)
False
Multimedia clouds have to deal with different types of devices, with different capabilities for multimedia processing, such as TVs, PCs, and mobile phones. This may require specific cloud resources and careful management of those. Among those resources are CPUs, GPUs, displays, memories, storage, and power. Dealing with this device heterogeneity is easily accomplished by multimedia clouds.
False
Obscure protocols should not be used in cloud applications. It usually pays off choosing reliable technology and/or standards, such as HTTP, SSL, standard database solutions, etc. The only exception is operating systems specific features because changes in operating systems are unlikely and therefore they are more portable and resilient. TF
False
Only fixed-increment capacity allocation is support. TF
False
Performance overheads can be a real issue to implement virtualisation. Monitoring the impact of operating system-based virtualisation can be challenging and does not help in solving hardware compatibility issues.(TF)
False
Provision of IaaS usually includes hardware, network, connectivity, operating systems, programming languages, databases, and other "raw" IT resources, which are typically virtualised. TF
False
SLAs need to specify where monitoring is performed and where measurements are calculated. Monitoring within the cloud firewall is usually a good approach as the metrics will properly reflect the cloud consumer experience in terms of QoS. TF
False
Scaling is the ability of clouds to handle increases or decreases in usage demands for IT resources. Vertical scaling is obtained by simply adding more of the same resources and it is recommended because the new resources will be instantly available. Horizontal scaling is achieved by replacing IT resources by more powerful ones. The latter is specially recommended when equipments in a data centre are reaching technology obsolescence. TF
False
Scaling is the ability of clouds to handle increases or decreases in usage demands for IT resources. Vertical scaling is obtained by simply adding more of the same resources and it is recommended because the new resources will be instantly available. Horizontal scaling is achieved by replacing IT resources by more powerful ones. The latter is specially recommended when equipments in a data centre are reaching technology obsolescence.(TF)
False
Single sign-on (SSO) enables a cloud service consumer to establish a security context that is persisted among different cloud services. SSO cannot be applied to access cloud services residing on different clouds though, because technology restrictions prevent them from sharing the same security broker. TF
False
The Internet topology is quite complex because of the way Internet Service Providers have connected to each other and because they are free to select partners for interconnection. Fortunately, there are no connectivity issues (e.g., internal end user access) related to organisations working on-premise or on the cloud because they all use the same protocols. TF
False
The hypervisor can be used to optimise performance in hardware-based virtual systems. This layer has to be carefully designed to make the most of the hardware resources. Device drivers and system services don't need to be optimised in this case because improving performance is solely a responsibility of the hypervisor.(TF)
False
Virtualisation attack exploits vulnerabilities in the virtualisation platform to jeopardise its confidentiality, integrity, and/or availability. If physical IT resources within a cloud are shared by different cloud service consumers, these cloud service consumers will necessarily have overlapping trust boundaries as there are no effective means to protect them in this situation. This may represent a vulnerability, for example, if an attacker can grant access to the services of a cloud consumer and then use this access to attack other consumers within the same overlapping trust boundaries. TF
False
Virtualisation attack exploits vulnerabilities in the virtualisation platform to jeopardise its confidentiality, integrity, and/or availability. If physical IT resources within a cloud are shared by different cloud service consumers, these cloud service consumers will necessarily have problems related to overlapping trust boundaries as there are no effective means to protect them in this situation. This may represent a vulnerability, for example, if an attacker can grant access to the services of a cloud consumer and then use this access to attack other consumers within the same overlapping trust boundaries. (T/F)
False
Virtualisation can be applied to create virtual servers on top of physical servers. Other types of IT resources cannot be virtualised. (TF)
False
Virtualisation can only be applied to create virtual servers on top of physical servers. Other types of IT resources cannot be virtualised.(TF)
False
Virtualisation technologies enable a number of virtual servers to be created in a single physical server, being the availability of resources (e.g., hardware, network) the only real limitation. It is not very good for performing administrative tasks though, because automation is usually more difficult in virtual environments.(TF)
False
Amazon is the oldest and certainly one of the most reliable cloud providers in the world, even when compared with Azure and Google. However, Innovartus would probably discard Amazon right from the beginning because Amazon is also the most expensive one from them, in all scenarios, and cost should be the ultimate criteria to select a provider.(T/F)
False, also this is blatant advertising for AWS and is garbage.
One-way, non-reversible form of data protection.
Hashing
Example of Cloud Deployment Model
Hybrid
From the cloud provider perspective, virtual servers and storage device mechanisms represent two of the most fundamental IT resources that are delivered as part of a standard rapid provisioning architecture within the cloud delivery model known as: ____.
Infrastructure-as-a-service IaaS
It occurs when access is granted to an attacker erroneously or too broadly, resulting in the attacker getting access to IT resources that are normally protected
Insuficcient Authorisation
Usually, a new system-based product will require more than an insignificant amount of _____ in IT resources (infrastructure). On-demand clouds can help to reduce upfront _____, as the infrastructure cost will grow according to the actual usage. This also simplifies capacity planning.
Investments
_____ can be dynamically allocated in most clouds, which allows better cost-effective solutions for peak variations along pre-determined periods of time (e.g., daily, monthly).
It Resources
What are the minimum elements required to create an Auto Scaling launch configurations? (Choose three)
Launch Configuration Name, Amazon Machine Image (AMI), Instance type
Lack of established standards for cloud computing within the cloud computing industry.
Limited Portability
On-Premises
Local Data Centres
It arises when messages are intercepted and altered by a malicious service agent, thereby potentially compromising the message's confidentiality and/or integrity.
Malicous Intermediary
Which of the following are required elements of an Auto Scaling group? (Choose two)
Minimum size, Launch configuration
VoIP, video conferencing, photo sharing and editing, data streaming, image search, image-based rendering, and video transcoding are different types of:
Multimedia Services
Should the Sixth cheapest cloud provider be considered for this exam?
No, because this exam doesn't test real world skill and uses poor wording
It hosts IT resources in a conventional IT environment within an organisational boundary.
On-Premise
Considering a software system composed of operating system layer, middleware layer and application layer, we can say the cloud provider's responsibility in each cloud model is: (1): usually comprehends the operating system layer and the middleware layer; (2): usually comprises the whole solution; and (3): usually restricted to the provision of resources up to the operating system layer. (1), (2) and (3) are respectively:
PaaS, SaaS, and IaaS
_____ issues may arise because of the extra layers that your VM will have to go through in order to reach the hardware. On the other hand, this process can help solving hardware incompatibilities caused by, for example, unavailability of device drivers.(TF)
Performance
System of protocols, data formats, rules, and practices that enable large-scale systems to securely use public key cryptography.
Public Key Infrastructure
Which of the following can be used as a storage class for an S3 object lifecycle policy?
S3 - Standard Access, Glacier, S3 -infrequent access
There are real concerns about _____ for cloud environments. Among them are the fact that cloud users have to share responsibility on this concern and having such huge amounts of data on the same place increases the potential for damage if an attack is successful.
Security
It occurs when data being transferred to or within a cloud is passively intercepted by a malicious service agent for illegitimate information gathering purposes.
Traffic Eavesdropping
A SLA should define penalties for non-compliance, such as compensation, penalties, reimbursements, or otherwise. If the cloud provider is responsible for monitoring IT resources to ensure compliance with their own SLAs, the tools and practices are being used to carry out the compliance checking process should be disclosed. TF
True
A cloud consumer who does not want to deal with cloud providers directly can hire a cloud broker to intermediate the provision of services. The cloud broker may combine services offered by multiple cloud providers to address the cloud consumer requirements. In that case, the cloud providers may be invisible to the cloud consumer, who will mainly interact with the cloud broker. TF
True
A cloud provider should provide resources for service deployment and orchestration, cloud services management, security and privacy. In terms of services management, in addition to provisioning the services and offering tools for services configuration, the cloud provider must also offer at least some level of support to the cloud consumers. TF
True
A hardened virtual server is a VM created from an image that has been stripped from unnecessary software to reduce potential vulnerabilities. The reasoning behind this security strategy is "what is not there cannot be abused or exploited by attackers". TF
True
A threat is a potential security violation in an attempt to breach privacy and/or cause harm; if a threat is carried out, the result is an attack. Threat agents are entities that pose a threat because they are capable of carrying out an attack. Anonymous attackers, malicious service agents, trusted attackers and malicious insiders are the most common threat agents. TF
True
Access is usually restricted in community clouds and private clouds. The first is usually owned by a community and not even the community members themselves can have free access to the available resources. In the second, only members of a particular organisation have access to the cloud resources. Access to public clouds is usually granted to everyone who can afford their services, usually under measured up resource usage contracts.(T/F)
True
Availability rate metric is the percentage of service up-time and should be calculated cumulatively while outage duration metric measures the duration of a single outage and should be calculated per event. TF
True
Capacity planning is about making sure that computational resources are available when needed. The goal (and the main challenge) is to minimise differences between what is needed and what is available to reduce costs without impacting efficiency and performance, and without negatively interfering in the business outcomes.(TF)
True
Cloud applications should be designed to run on multiple distributed systems. Advanced programming concepts must be well understood and applied whenever possible. Unfortunately, this means that many systems may have to be refactored because they were not designed to take advantage of the cloud real potential, even though they may eventually be able to run on clouds by using virtualisation, for example. TF
True
Cloud services are the IT resources that are available for remote access on a cloud environment. For each service, a SLA has to be established in order to describe features related to the quality of service. A SLA is needed because the cloud user must know what he or she is paying for. TF
True
Cloud services are the IT resources that are available for remote access on cloud environments. For each service, a SLA has to be established in order to describe features related to quality of service. A SLA is needed because the cloud user must know what he or she is paying for.(TF)
True
Cloud storage services can expose cloud storage devices. TF
True
DoS attacks have the purpose to overload IT resources to the point where they cannot function properly, resulting in server degradation and/or failure. Successful DoS attacks are usually based on artificially increasing the workload on cloud services (e.g., with imitation messages or communication requests), artificially overloading the network with traffic to reduce its responsiveness, and by sending multiple cloud service requests to consume memory and processing resources. TF
True
DoS attacks have the purpose to overload IT resources to the point where they cannot function properly, resulting in server degradation and/or failure. Successful DoS attacks are usually based on artificially increasing the workload on cloud services, artificially overloading the network with traffic to reduce its responsiveness, and by sending multiple cloud service requests to consume memory and processing resources. TF
True
Edge locations help lower latency and improve performance for end users by establishing a . (T/F)
True
Even though security is a main issue for cloud computing adoption, small business are an exception and actually have improved security when using public cloud environments. TF
True
From the portability point of view, operating system-based virtualisation is better than hardware-based virtualisation. However, the latter is more efficient in terms of performance because it reduces the layers between the VMs and the hardware by bypassing the operating system. TF
True
From the portability point of view, operating system-based virtualisation is better than hardware-based virtualisation. However, the latter is more efficient in terms of performance because it reduces the layers between the VMs and the hardware by bypassing the operating system.(TF)
True
In AWS, a 192.168.168.0/24 subnet may be placed inside a 192.168.0.0/16 VPC.(T/F)
True
Instances of these devices can be virtualised, similar to how physical servers can spawn virtual server images. TF
True
Insufficient authorisation occurs when access to an IT resource that is normally protected is granted to an attacker. For example, a database can be designed with open, readable passwords -instead of unreadable ones obtained by applying hashing and other security mechanisms- under the assumption that they only would be seen by authorised cloud consumers. TF
True
Latency is the amount of time a packet takes to travel from a data node to another. Every intermediary node on the data packet's path will potentially increase latency, specially if there is transmission queues or faults/failures in the node. Latency can impact QoS in the provision of cloud services.(TF)
True
Latency is the amount of time a packet takes to travel from a data node to another. Every intermediary node on the data packet's path will potentially increase latency, specially if there is transmission queues or faults/failures in the node. Latency can impact QoS on the provision of cloud services.(TF)
True
Lightweight documentation is essential for clouds. Documenting architectural views, operational features and software components is essential. The documentation must provide a map of the application and the required deployment information. TF
True
On premise and cloud-based SLAs can be considerably different, which makes building hybrid distributed solutions that utilize both (on-premise and cloud) very challenging. TF
True
Parallelism is a type of computation where several processes can be executed simultaneously. Most distributed cloud environments allow the usage of parallel resources. However, as statelessness and idempotence, the usage of parallel resources may require the development of tailored code, especially designed to carry out several operations simultaneously. TF
True
Parallelism is a type of computation where several processes can be executed simultaneously. Most distributed cloud environments allow the usage of parallel resources. However, as statelessness and idempotence, the usage of parallel resources may require the development of tailored code, especially designed to carry out several operations simultaneously. Parallel algorithms may also require knowledge of the underlying hardware architecture. TF
True
Pay-per-use mechanism, as in Virtual Servers, can also be provided. TF
True
Reliability is the probability that an IT resource can perform its intended function under pre-defined conditions without experiencing failure. Reliability focuses on how often the service performs as expected, which requires the service to remain in an operational and available state. TF
True
Routers are usually connected to multiple networks. They have the ability to efficiently forward packets because they understand the network topology and can manage traffic conditions. Connectionless packet switching and routers are fundamental technologies for Internet communication. TF
True
S3 is an object storage suitable for the storage of 'flat' files like Word documents, photos, etc. TF
True
SLAs establish the guarantees and usage terms for cloud services. They are fundamental to understand how quality attributes will be addressed in cloud-based software systems. Some important metrics are the ones related to availability, reliability, performance, and security. TF
True
SLAs use service quality metrics to express measurable QoS characteristics. The main service quality metrics are related to service availability, reliability, performance, scalability and resiliency. For each metric, a SLA should provide at least a description, the formula used to calculate the metric and the frequency with which the metric is calculated (e.g., weekly, monthly, yearly). TF
True
Service performance metrics measures the ability on an IT resource to carry out its functions within expected parameters; different metrics may apply, such as network capacity metric and storage device capacity metric. Service scalability metrics are related to the ability on an IT resource to carry out its functions within expected parameters related to IT resource elasticity capacity. TF
True
Standardisation is fundamental to build efficient cloud environments and data centres, as well as high availability, storage and remote operations, among others. TF
True
Symmetric and asymmetric encryption have a few different characteristics and applications. Both are required to implement HTTPS: symmetric encryption is used to exchange data between the web browser and the server while asymmetric encryption is used to securely exchange the symmetric key generated by the browser when HTTPS is established. The reason for this approach is the difference of performance between symmetric encryption and asymmetric encryption, being the first much faster than the latter. TF
True
Virtualisation is among the most important data centre technologies. Operating system-based virtualisation can be implemented with Oracle VM VirtualBox, for example. TF
True
You don't need to use storage devices that are designed specifically for cloud-based provisioning. TF
True
_____ access refers to a property of clouds where supporting different devices, transport protocols, interfaces, and security technologies is mandatory. This property cannot be confused with elasticity, where having the ability to add new IT resources by applying scalability strategies is more important.
Ubiquitous
Iaas
User Manages the Virtual Resources, such as virtual servers
They are part of a logical network perimeter:
Virtual Firewall, Virtual Network
Running a browser from your VM will allow you to do the same things that you could do with a browser installed in the hosting operating systems. If you had access to a container that could run from a browser, you could use that as well. That would be containerisation running on top of _____ and this concept is entirely possible because a VM in this case is simply an abstraction for a computer (which could be a server, your laptop, etc.).
Virtualisation
It happens when weak passwords or shared accounts are used to protect IT resources.
Weak Authentication
The name of an S3 bucket must be unique _________. (Select the best answer)
Worldwide across all AWS accounts
QoS management can be very difficult when different Internet service providers are involved. This is a problem that most _____ users and providers have to deal with, as multiple carriers may be involved and they have, potentially, different SLAs.
cloud
An _____ method is a method that can be executed several times and it always will provide the same outcome without affecting anything else on the system. In other words, after the method call, all variables will have the same value as they had before.
idempotent
Amazon EBS is recommended when data _______ and _______. (Choose two)
must be quickly accessible, requiring long-term persistence, requires an encryption solution