devops-exercises/certificates/cloud-practitioner.md
2020-04-25 17:10:45 +03:00

5.4 KiB

AWS - Cloud Practitioner

A summary of what you need to know for the exam can be found here

Cloud 101

What types of Cloud Computing services are there?

IAAS PAAS SAAS

Explain each of the following and give an example:
  • IAAS
  • PAAS
  • SAAS

What types of clouds (or cloud deployments) are there?
  • Public
  • Hybrid
  • Private
Explain each of the following Cloud Computing Deployments:
  • Public
  • Hybrid
  • Private

AWS Global Infrastructure

Explain the following
  • Availability zone
  • Region
  • Edge location

AWS regions are data centers hosted across different geographical locations worldwide, each region is completely independent of one another.

Within each region, there are multiple isolated locations known as Availability Zones. Multiple availability zones ensure high availability in case one of them goes down.

Edge locations are basically content delivery network which caches data and insures lower latency and faster delivery to the users in any location. They are located in major cities in the world.

AWS Networking

What is AWS Direct Connect?

Allows you to connect your corporate network to AWS network.

What is Route 53?

"Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service"

More on Route 53 here

What is VPC?

"A logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define" Read more about it here.

True or False? Subnets belong to the same VPC, can be in different availability zones

True. Just to clarify, a subnet must reside entirely in one AZ.

What is an Internet Gateway?

"component that allows communication between instances in your VPC and the internet" (AWS docs). Read more about it here

Multiple Internet Gateways can be attached to one VPC

False. Only one internet gateway can be attached to a single VPC.

Explain Security Groups and Network ACLs
  • NACL - security layer on the subnet level.
  • Security Group - security layer on the instance level.

Read more about it here and here

AWS EC2

What is EC2?

AWS Storage

Explain what is AWS S3?

S3 stands for 3 S, Simple Storage Service. S3 is a object storage service which is fast, scalable and durable. S3 enables customers to upload, download or store any file or object that is up to 5 TB in size. While having a maximum size of 5 GB per file (multipart upload if more than 5 GB in size).

What is a bucket?
An S3 bucket is a resource which is similar to folders in a file system and allows storing objects, which consist of data and its meta data.
True or False? A bucket name must be globally unique
True

AWS IAM

What is IAM? What are some of its features?

Full explanation is here In short: it's used for managing users, groups, access policies & roles

True or False? IAM configuration is defined globally and not per region

True

Given an example of IAM best practices?
  • Set up MFA
  • Delete root account access keys
  • Create IAM users instead of using root for daily management
What are Roles?

A way for allowing a service of AWS to use another service of AWS. You assign roles to AWS resources. For example, you can make use of a role which allows EC2 service to acesses s3 buckets (read and write).

What are Policies?

Policies documents used to give permissions as to what a user, group or role are able to do. Their format is JSON.

A user is unable to access an s3 bucket. What might be the problem?

There can be several reasons for that. One of them is lack of policy. To solve that, the admin has to attach the user with a policy what allows him to access the s3 bucket.

What should you use to:
  • Grant access between two services/resources?

  • Grant user access to resources/services?


  • Role

  • Policy

  • What permissions does a new user have?

    Only a login access.

    Final Note

    Good luck! You can do it :)