Hành Trình Học Tập

AWS Cloud Practitioner

Nhật ký học tập công khai.

YouTube (14h) ↗·Bắt đầu April 8, 2026·6 buổi đã ghi lại

Storage, Networking, and Databases Deep Dive

134/329

Apr 13, 2026

A broad sweep through AWS storage options, VPC networking fundamentals, and the full landscape of AWS database services.

Nội dung

Edge & Hybrid Computing: Outposts (physical rack in datacenter), Wavelength (5G telecom datacenter), VMware Cloud on AWS, Local Zones
Cost & Capacity compute: EC2 Spot/Reserved/Savings Plans, AWS Batch, Compute Optimizer, Auto Scaling Groups, ELB, Elastic Beanstalk
Storage types: EBS (block, one VM), EFS (cloud-native NFS, multi-instance), S3 (object, unlimited, up to 5TB per object)
S3 storage classes: Standard, Intelligent Tiering, Standard-IA, One Zone-IA, Glacier Instant, Glacier Flexible, Glacier Deep Archive (12hr retrieval)
AWS Snow Family: Snowcone (8/14TB), Snowball Edge (50-80TB), Snowmobile (100PB) - physical devices for when internet is too slow or costly
Storage services: Storage Gateway (File/Volume/Tape), AWS Backup, CloudEndure Disaster Recovery, Amazon FSx (Windows SMB + Lustre)
VPC networking: CIDR ranges, public/private subnets, Route Tables, Internet Gateway, Security Groups vs NACLs
Enterprise networking: DirectConnect (dedicated gigabit), AWS VPN, PrivateLink
Database types: Relational vs Non-relational, Data Warehouses (column-oriented analytics), Key/Value stores, Document stores
AWS database services: DynamoDB, DocumentDB, Keyspaces, Redshift, ElastiCache (Redis/Memcached), Neptune, Timestreams, QLDB, DMS

Điểm chính

NACLs vs Security Groups: NACLs fire at the subnet level with Allow + Deny rules; Security Groups fire at the instance level with Allow-only rules

S3 is serverless object storage - pay for what you store, no filesystem management; Glacier Deep Archive is the cheapest at 12-hour retrieval

Snow Family is for when internet transfer is too slow or costly - physically ship your data to AWS

DynamoDB is AWS's go-to for any massively scalable database need; DocumentDB is the 'we built MongoDB ourselves' option

Bài kiểm tra

1. You need to run an application with ultra-low latency for 5G mobile users. Which AWS service puts your compute closest to the end user?

AAWS Outposts

BAWS Local Zones

CAWS Wavelength

DAWS Direct Connect

AWS Wavelength builds and launches applications inside a telecom datacenter, pushed over the 5G network to be as close as possible to end users. Local Zones reduce latency for populated areas but are not tied to 5G telecom infrastructure.

2. Which S3 storage class automatically moves objects between tiers based on access patterns, with no retrieval fee?

AS3 Standard-IA

BS3 One Zone-IA

CS3 Intelligent Tiering

DS3 Glacier Instant

S3 Intelligent Tiering uses machine learning to automatically move objects to the most cost-effective tier based on access patterns. Unlike Standard-IA or Glacier, there is no retrieval fee when data is accessed.

3. Your company needs to migrate 80TB of on-premise data to AWS. The internet connection is too slow. Which Snow Family device is the right fit?

ASnowcone (14TB)

BSnowball Edge (50-80TB)

CSnowmobile (100PB)

DAWS DataSync

Snowball Edge handles 50-80TB and is designed for briefcase-size data migration jobs. Snowcone is too small at 14TB, and Snowmobile (a semi-trailer) is overkill for 80TB - it is used for petabyte-scale migrations.

4. A Security Group and a NACL are both protecting an EC2 instance. Which statement is correct?

ABoth support Allow and Deny rules

BSecurity Groups act at the subnet level; NACLs act at the instance level

CNACLs support Allow and Deny; Security Groups support Allow only

DSecurity Groups support Allow and Deny; NACLs support Allow onlyCâu trả lời của tôi

NACLs act as firewalls at the subnet level and support both Allow and Deny rules - useful for blocking a specific abusive IP. Security Groups act at the instance level and only support Allow rules; you cannot block a single IP address with a Security Group.

5. Your VPC has CIDR range 10.0.0.0/16. A subnet is created with CIDR 10.0.0.0/24. How many IP addresses does the subnet have?

A65,536

B1,024

C512

D256

A /24 CIDR block contains 256 IP addresses. The VPC's /16 gives 65,536 addresses total. Subnets partition the VPC's IP range into smaller segments and must have a smaller CIDR range than the VPC.

6. You want a dedicated, private gigabit connection from your on-premise datacenter to AWS - not over the public internet. Which service provides this?

AAWS VPN

BAWS PrivateLink

CAWS Direct Connect

DAWS Transit Gateway

AWS Direct Connect provides a dedicated gigabit connection from on-premise directly to AWS, bypassing the public internet entirely. AWS VPN is secure but still traverses the internet. PrivateLink keeps AWS-to-AWS traffic off the internet.

7. Which AWS database service is described as the 'flagship' NoSQL option, designed to scale to billions of records with guaranteed sub-second response?

AAmazon DocumentDB

BAmazon DynamoDB

CAmazon Keyspaces

DAmazon ElastiCache

DynamoDB is AWS's flagship database service for any massively scalable workload. Amazon themselves migrated 7,500 Oracle databases to DynamoDB in 2019, cutting costs by 60% and latency by 40%.

8. You need to run analytics on terabytes of data and generate reports once or twice a day. The data rarely changes. Which AWS service is purpose-built for this?

AAmazon RDS

BAmazon DynamoDB

CAmazon Redshift

DAmazon ElastiCache

Redshift is a petabyte-scale data warehouse designed for OLAP (Online Analytical Processing). It is column-oriented, optimized for aggregation queries, and keeps data HOT for fast reporting - perfect for infrequent but heavy analytics workloads.

9. Your application is slowing down because the relational database is overwhelmed with read requests. You want to add a caching layer in front of it. Which service fits?

AAmazon Neptune

BAmazon ElastiCache

CAmazon Keyspaces

DAmazon Timestreams

ElastiCache is a managed in-memory caching service (Redis or Memcached). It sits in front of a database to absorb repeated read requests, dramatically improving application performance without hitting the database every time.

10. Which AWS storage service is a cloud-native NFS file system that can be mounted simultaneously by multiple EC2 instances?

AElastic Block Store (EBS)

BAmazon S3

CElastic File Storage (EFS)

DAmazon FSx for Lustre

EFS is a cloud-native NFS file system service. Unlike EBS which attaches to a single EC2 instance, EFS can be mounted by multiple EC2 instances at the same time - ideal for shared file storage across a fleet of servers.

Access Keys, Shared Responsibility & Compute

108/329

Apr 12, 2026

Covered programmatic AWS access via Access Keys, the Shared Responsibility Model across all service types, and an overview of AWS compute services from EC2 to serverless and high-performance computing.

Nội dung

Access Keys = key + secret for programmatic/API access to AWS (aka AWS Credentials)
Keys stored in ~/.aws/credentials (TOML format), default profile + named profiles, aws configure command
Never share or commit Access Keys - they carry whatever IAM permissions the user has
AWS Documentation at docs.aws.amazon.com - authoritative source for all services and certifications
Shared Responsibility Model - customer owns security IN the cloud (data, config); AWS owns security OF the cloud (hardware, infrastructure)
Customer responsibilities: OS, Network, Firewall, IAM, client/server-side encryption, customer data
AWS responsibilities: Compute, Storage, Database, Networking software; Regions, AZs, Edge Locations, Physical Security
Responsibility shifts by service type - IaaS (customer manages OS+), PaaS (customer manages code+), SaaS/FaaS (customer manages code or data only)
Compute-specific examples: Bare Metal EC2, EC2 VMs, ECS Containers (IaaS); Elastic Beanstalk (PaaS); WorkDocs (SaaS); Lambda (FaaS)
EC2 = Elastic Compute Cloud, highly configurable VMs, AMI = predefined VM configuration, backbone of AWS (S3/RDS/DynamoDB/Lambda all run on EC2)
Computing services: LightSail (managed VMs, beginner-friendly), ECS, ECR, ECS Fargate (serverless containers), EKS (managed Kubernetes), Lambda
Nitro System = dedicated hardware + lightweight hypervisor, all new EC2 types use it; Bare Metal instances (M5, R5) skip the hypervisor entirely
Bottlerocket - Linux OS built by AWS for running containers; HPC clusters + AWS ParallelCluster for supercomputing workloads

Điểm chính

Never share or commit Access Keys - they carry whatever permissions the IAM user has; rotate immediately if exposed

The 'in' vs 'of' distinction is the core of Shared Responsibility - exam tests this phrasing directly

The more managed the service (IaaS > PaaS > SaaS > FaaS), the less the customer is responsible for

EC2 is the backbone of AWS - S3, RDS, DynamoDB, and Lambda all run on EC2 underneath

Bài kiểm tra

1. Where are AWS Access Keys stored on your local machine by default?

A/etc/aws/config

B~/.aws/credentials

C~/.ssh/aws_keys

D/usr/local/aws/credentials

AWS Access Keys are stored in ~/.aws/credentials in TOML format. The default profile is used when no profile is specified, and named profiles let you store multiple sets of credentials.

2. A developer accidentally commits their AWS Access Key to a public GitHub repo. Why is this so dangerous?

AGitHub will automatically rotate the key

BAnyone who finds it can make API calls with whatever IAM permissions that user has

CThe key only works from the developer's IP address, so exposure is limited

DAWS will immediately disable the key before anyone can use it

Access Keys carry the full IAM permissions of the user they belong to. Anyone with the key + secret can call the AWS API as that user, potentially reading data, launching resources, or causing serious damage.

3. The AWS Shared Responsibility Model uses the phrase 'security IN the cloud' vs 'security OF the cloud.' Which side does AWS own?

ASecurity IN the cloud - data and configuration

BSecurity OF the cloud - hardware, global infrastructure, and managed service operations

CBoth sides equally

DNeither - security is fully the customer's responsibility

AWS is responsible for security OF the cloud - the hardware, physical security, global infrastructure (Regions, AZs, Edge Locations), and the underlying software (Compute, Storage, Database, Networking). Customers are responsible for what they put IN the cloud.

4. You are running an EC2 instance (IaaS). Which of the following is YOUR responsibility as the customer?

AThe physical data center where the server runs

BThe hypervisor that runs underneath your VM

CThe guest OS configuration on your instance

DThe networking hardware between Availability Zones

In IaaS, the customer is responsible for everything above the hypervisor - the guest OS, middleware, runtime, applications, and data. AWS owns the physical hardware and hypervisor layer.

5. A company uses On-Premise, IaaS, PaaS, and SaaS for different workloads. For which model is the customer responsible for the MOST layers?

ASaaS

BPaaS

CIaaS

DOn-Premise

On-Premise means the customer owns and manages every layer - Applications, Data, Runtime, Middleware, OS, Virtualization, Servers, Storage, and Networking. As you move toward SaaS, the CSP takes on more and more layers.

6. You are running containers on AWS ECS (not Fargate). What is AWS responsible for in this model?

AConfiguration of containers

BDeployment strategies for containers

CThe OS, Hypervisor, and Container Runtime

DStorage of container images

With ECS (IaaS containers), AWS manages the OS, Hypervisor, and Container Runtime. The customer is responsible for configuring, deploying, and storing their containers. This is why it's still considered IaaS - you manage the container layer.

7. You upload a Python function to AWS Lambda. What is the customer responsible for in the FaaS model?

AOS configuration and runtime management

BUploading code only

CContainer configuration and deployment

DServer scaling and maintenance

Lambda is FaaS - the customer only uploads code. AWS handles deployment, container runtime, networking, storage, security, and the physical machine. You choose memory and max duration, then AWS handles everything else.

8. What is an AMI (Amazon Machine Image)?

AA virtual hard-drive attached to an EC2 instance for persistent storage

BA network interface card assigned to a running EC2 instance

CA predefined configuration for a Virtual Machine including OS, CPU, memory, and storage settings

DA snapshot of a running EC2 instance's memory stateCâu trả lời của tôi

An AMI is a predefined configuration template for a VM - it defines the OS (e.g. Ubuntu, Amazon Linux 2), and can include pre-installed software. You select an AMI when launching an EC2 instance. It is not a memory snapshot.

9. EC2 is called the 'backbone of AWS.' Which of the following services specifically runs on EC2 underneath?

ARoute 53, CloudFront, and IAM

BS3, RDS, DynamoDB, and Lambda

CVPC, Direct Connect, and CloudFormation

DCloudWatch, Organizations, and Trusted AdvisorCâu trả lời của tôi

S3, RDS, DynamoDB, and Lambda all use EC2 as their underlying infrastructure - that is why EC2 is called the backbone. Route 53, IAM, and CloudFront are global services with their own infrastructure. CloudWatch and Organizations are management-layer services.

10. What is the key difference between ECS Fargate and standard ECS?

AFargate only supports Windows containers; ECS supports Linux

BWith Fargate, AWS manages the underlying EC2 server so you don't have to scale or upgrade it

CStandard ECS is serverless; Fargate requires you to provision servers

DFargate is for Kubernetes workloads; ECS is for DockerCâu trả lời của tôi

Fargate is a serverless container service - it runs the same ECS workloads but AWS manages the underlying server so you pay per container run and never need to maintain EC2. EKS (not Fargate) is the Kubernetes service.

AWS Interaction Methods & IaC

70-91/329

Apr 11, 2026

Covered all the ways to interact with AWS - API, Console, CLI, SDK, CloudShell, and PowerShell - plus an introduction to Infrastructure as Code with CloudFormation and CDK.

Nội dung

AWS API - HTTP API with per-service endpoints, signed requests required, action + parameters as payload
AWS Management Console - web-based ClickOps UI at console.aws.amazon.com, per-service and umbrella consoles
AWS Account ID - unique 12-digit identifier, used in IAM, cross-account roles, and support cases
AWS Tools for PowerShell - .NET-based Cmdlets (capitalized verb-and-noun) for interacting with AWS API
Amazon Resource Names (ARNs) - globally unique identifiers in format arn:partition:service:region:account-id:resource
AWS CLI - Python executable (`aws`), single/multi-line commands in any shell (Bash, Zsh, PowerShell)
AWS SDK - installable collection of dev tools supporting 9+ languages (Python, Node.js, Java, Go, .NET, etc.)
AWS CloudShell - browser-based shell, free, 1 GB storage per region, preinstalled tools, persists across sessions
Infrastructure as Code (IaC) - CloudFormation (declarative, JSON/YAML) vs CDK (imperative, Python/TypeScript/etc.)
CloudFormation - CDK compiles down to CFN, so understanding CFN is still essential for debugging IaC

Điểm chính

Every AWS interaction method (Console, CLI, SDK, CloudShell) ultimately calls the same AWS API under the hood

S3 ARNs omit region and account-id fields because S3 is a global service - `arn:aws:s3:::my-bucket`

CloudFormation is declarative (what you want); CDK is imperative (how to get it) - CDK still generates CFN underneath

AWS CloudShell is free and browser-based with preinstalled tools - no setup needed for quick CLI work

Bài kiểm tra

1. You want to interact with AWS programmatically using HTTPS requests without installing any software. Which tool allows you to send raw HTTP requests to AWS Service Endpoints?

AAWS CLI

BAWS SDK

CAWS API (via a tool like Postman)

DAWS CloudShell

The AWS API is an HTTP API - any tool that can send HTTPS requests (like Postman) can interact with it directly. The CLI and SDK are wrappers around the API that require installation.

2. When making a request to the AWS API, what does a 'signed request' require you to do?

ASign in to the AWS Management Console first

BMake a separate request with your AWS credentials to generate a token

CEnable MFA on your account before each request

DUse an SSH key pair to encrypt the payload

To authorize an AWS API request, you generate a signed request by making a separate call with your AWS credentials to receive a token. This token is then included in the Authorization header of your actual request.

3. What is the AWS Management Console also informally called due to its point-and-click nature?

AClickOps

BDashboard Mode

CVisual CLI

DConsole Ops

The AWS Management Console is nicknamed ClickOps because you can configure and launch AWS resources with limited programming knowledge just by pointing and clicking.

4. Which of the following is an example of an 'umbrella console' - a single AWS console that contains multiple AWS services?

AS3 Console

BLambda ConsoleCâu trả lời của tôi

CCloudWatch Console

DRoute 53 Console

CloudWatch is an umbrella console containing multiple AWS services. The full list from the course: VPC, EC2, Systems Manager, SageMaker, and CloudWatch. Lambda and S3 are single-service consoles.

5. How many digits make up an AWS Account ID?

B10

C12

D16

Every AWS Account ID is exactly 12 digits long (e.g. 123456789012). It appears in the top-right navigation of the Management Console and is used in IAM policies, ARNs, and cross-account configurations.

6. Given the ARN `arn:aws:s3:::my-bucket`, which component is missing compared to a full EC2 ARN?

APartition

BService

CRegion and Account ID

DResource type

S3 is a globally scoped service, so its ARNs intentionally omit the region and account-id fields - leaving them blank (`:::`). An EC2 ARN would include both, e.g. `arn:aws:ec2:us-east-1:123456789012:instance/i-abc`.

7. What is a Cmdlet in AWS Tools for PowerShell, and what is an example of one?

AA bash alias for AWS CLI commands - e.g. `aws-s3-create`

BA capitalized verb-and-noun command - e.g. `New-S3Bucket`

CA Python function that wraps the AWS SDK - e.g. `create_bucket()`

DA JSON template for CloudFormation - e.g. `AWS::S3::Bucket`

A Cmdlet is PowerShell's special command format: capitalized verb-and-noun. AWS Tools for PowerShell exposes the full AWS API as Cmdlets, e.g. `New-S3Bucket` creates an S3 bucket without writing any code.

8. The AWS CLI is described as a Python executable program. What is the name of the CLI program itself?

A`awscli`

B`amazon`

C`aws`

D`boto`

The AWS CLI program is named `aws`. Python is required to install it, but once installed you interact with it using the `aws` command (e.g. `aws ec2 describe-instances`). Boto3 is the Python SDK, not the CLI.

9. AWS CloudShell gives you free storage per region. How much?

A512 MBCâu trả lời của tôi

B1 GB

C5 GB

D10 GB

CloudShell provides 1 GB of persistent storage per AWS region at no cost. Files saved in your home directory persist across sessions in the same region.

10. A DevOps engineer with no programming background needs to write Infrastructure as Code. They prefer explicit, verbose configuration over writing code. Which AWS IaC tool is better suited for them?

AAWS CDK - because it supports more languages

BAWS CloudFormation - because it is declarative and uses JSON/YAML

CAWS CDK - because it generates less code to write

DAWS CloudFormation - because it is imperative and supports Python

CloudFormation is declarative - you describe what you want in JSON or YAML and AWS handles the rest. CDK is imperative and requires programming knowledge. CloudFormation is the better fit for someone without a dev background.

Global Infrastructure and Cloud Architecture Fundamentals

69/329

Apr 10, 2026

Finished the global infrastructure module covering edge and specialty deployments, then moved into cloud architecture terminology including the five pillars of resilience and disaster recovery planning.

Nội dung

Wavelength Zones - edge computing on 5G networks via Telecom partners (Verizon, KDDI, Vodafone, SK Telecom)
Data Residency, Compliance Boundaries, and Data Sovereignty
AWS for Government and GovCloud (US) - FedRAMP, CJIS, ITAR, EAR, DoD compliance, US-citizen-operated only
AWS in China - separate domain (amazonaws.cn), requires ICP license, two regions (Ningxia + Beijing), no Route53
AWS Sustainability - Climate Pledge (Net-Zero by 2040), 100% renewable energy by 2025, 3.6x cloud efficiency, water stewardship
AWS Ground Station - managed satellite communications service
AWS Outposts - on-premises racks in 42U, 1U, and 2U form factors
Cloud architecture terms: Availability, Scalability (vertical vs horizontal), Elasticity (ASGs), Fault Tolerance (RDS Multi-AZ), Durability (CloudEndure)
Business Continuity Plan (BCP), RPO vs RTO
Four disaster recovery options: Backup & Restore, Pilot Light, Warm Standby, Multi-site Active/Active

Điểm chính

GovCloud is completely separate from standard AWS - only US citizens on US soil can operate it, and only US entities/screened root account holders can access it

Elasticity is specifically about automatic scaling - ASGs do this; scalability can be manual

The DR options spectrum trades cost for recovery speed - Backup & Restore is cheapest/slowest, Multi-site Active/Active is most expensive/near-zero downtime

RPO = how much data you're willing to lose, RTO = how much downtime you're willing to accept

Bài kiểm tra

1. What is the primary purpose of AWS Wavelength Zones?

ATo extend AWS into government-controlled data centers

BTo provide edge computing on 5G networks, reducing latency for mobile users

CTo replicate data across multiple AWS Regions for compliance

DTo allow on-premises servers to run AWS services locally

Wavelength Zones are embedded within Telecom providers' 5G networks, allowing compute to run at the edge - as close as possible to mobile users - for ultra-low latency applications.

2. Which of the following best describes Data Sovereignty?

AThe physical location where an organization's cloud resources reside

BA regulatory requirement that defines where data is allowed to be stored

CThe jurisdictional control or legal authority over data based on its physical location

DA compliance program that certifies cloud providers for government use

Data Sovereignty is the legal or jurisdictional authority that can be asserted over data because of its physical location - it determines which laws govern your data.

3. AWS GovCloud Regions are only operated by employees who are:

AAWS-certified architects with a security clearance

BU.S. citizens, on U.S. soil

CContractors approved by the Department of Defense

DEmployees of U.S. government agencies

GovCloud Regions are exclusively operated by U.S. citizens physically located on U.S. soil, and are only accessible to U.S. entities and root account holders who pass a screening process.

4. A company needs to host workloads that comply with ITAR (International Traffic in Arms Regulations). Which AWS offering should they use?

AAWS Outposts

BAWS Local Zones

CAWS GovCloud

DAWS Wavelength Zones

AWS GovCloud is specifically designed for regulated workloads and supports compliance with ITAR, FedRAMP, CJIS, EAR, and DoD requirements.

5. What is required to operate an AWS account in China?

AAn AWS Enterprise Support plan

BA Chinese Business License (ICP license)

CA GovCloud account with FIPS compliance

DApproval from the AWS Global team

AWS China is completely separate from global AWS. To operate there you need a Chinese Business License (ICP license). Not all services are available, and data must traverse the Great Firewall.

6. AWS has committed to powering its global infrastructure with 100% renewable energy by which year?

A2030

B2040Câu trả lời của tôi

C2025

D2035

AWS's goal is 100% renewable energy by 2025. 2040 is the Net-Zero Carbon / Climate Pledge target - both numbers appear in the same slide, making this a common mix-up.

7. AWS Outposts comes in which of the following form factors?

A42U only

B42U and 1U only

C42U, 1U, and 2U

D1U and 2U only

AWS Outposts comes in three form factors: the full 42U rack, and smaller 1U and 2U options that can be placed into existing racks at your physical site.

8. What is the difference between High Scalability and High Elasticity?

AScalability is automatic; Elasticity requires manual intervention

BScalability increases capacity manually or automatically; Elasticity is specifically about automatic scaling based on demand

CScalability is only vertical; Elasticity is only horizontal

DThey are the same concept with different names

Scalability means you have the ability to increase or decrease resources - it can be manual. Elasticity means that scaling happens automatically in response to current demand, typically through services like Auto Scaling Groups.

9. Your primary RDS database goes down. Traffic is automatically shifted to a standby database in a different Availability Zone with no data loss. Which architecture feature does this describe?

AHigh Scalability with Auto Scaling Groups

BHigh Elasticity with horizontal scaling

CHighly Fault Tolerant with RDS Multi-AZ and fail-over

DHigh Durability with CloudEndure Disaster RecoveryCâu trả lời của tôi

This describes Fault Tolerance - specifically RDS Multi-AZ, where a standby database is kept in sync in another AZ. When the primary fails, traffic automatically fails over to the standby. CloudEndure is a disaster recovery tool used after a broader failure event, not an automatic AZ fail-over mechanism.

10. A company's BCP states they can tolerate losing up to 4 hours of data in a disaster. Which metric does this describe?

ARTO - Recovery Time ObjectiveCâu trả lời của tôi

BRPO - Recovery Point Objective

CBCP - Business Continuity Threshold

DMTD - Maximum Tolerable Downtime

RPO (Recovery Point Objective) is about data loss - how far back in time you can afford to go when restoring. RTO is about downtime - how long the service can be unavailable. '4 hours of data' = RPO.

Cloud Benefits & AWS Global Infrastructure

19-49/329

Apr 9, 2026

Covered the business case for cloud adoption, the three cloud advantage frameworks, and how AWS structures its global infrastructure across regions, availability zones, fault domains, and edge locations.

Nội dung

Innovation Waves (Kondratiev Waves) - Cloud Technology as the latest wave
Burning Platform - abandoning old tech for new driven by survival pressure
Evolution of Computing Power: General (EC2), GPU/Inferentia (50x), Quantum/Bracket (100M x)
9 Benefits of Cloud vs 6 Advantages vs 7 Advantages - three distinct frameworks
Fault Tolerance and Disaster Recovery belong to Cloud Architecture, not Benefits
AWS Global Infrastructure: 25 Regions, 81 AZs, 275+ PoPs, 11 Local Zones
Regions: physically isolated, 4 factors for selection (compliance, cost, services, latency)
Regional vs Global services - S3, CloudFront, Route53, IAM are global
Availability Zones: generally 3 per region, <10ms latency, 100km apart, encrypted inter-AZ traffic
Fault Domains (AZ) vs Fault Levels (Region) - failures don't cascade outside a domain
AWS Global Network - Backbone of AWS, Edge Locations as on/off ramps
Points of Presence: Edge Locations + Regional Edge Caches, CloudFront, S3 Transfer Acceleration, Global Accelerator
AWS Direct Connect: private/dedicated connection, 50Mbps-500Mbps or 1Gbps/10Gbps
Local Zones: single-digit ms latency near dense populations, opt-in required

Điểm chính

Scalable vs Elastic: Scalable means you CAN adjust resources; Elastic means it's AUTOMATED

Fault Domain (AZ) contains failures - they don't cascade to other AZs or the Region (Fault Level)

Direct Connect = physical private line; Global Accelerator = smarter routing over AWS backbone - not the same thing

Benefits of Cloud ≠ Six Advantages ≠ Seven Advantages - the exam treats these as three separate lists

Bài kiểm tra

1. A company is abandoning its legacy on-premise ERP system and migrating everything to cloud - despite uncertainty about success - because leadership believes staying on old tech will kill the business. What concept describes this situation?

AInnovation Wave

BBurning Platform

CDigital Transformation Roadmap

DKondratiev Cycle

Burning Platform describes when a company abandons old technology for new technology under fear and uncertainty, because the organization's survival depends on digital transformation.

2. Which AWS service is designed for quantum computing workloads?

AAWS Inferentia (Inf1)

BAmazon EC2

CAWS Bracket

DAWS Lambda

AWS Bracket (via CalTech) is AWS's quantum computing service. EC2 handles general CPU computing and Inferentia handles GPU/ML workloads.

3. The 'Benefits of Cloud' is described as a reworking of the Six Advantages. Which two concepts are NOT in the Benefits list but belong to Cloud Architecture instead?

AScalability and Elasticity

BFault Tolerance and Disaster Recovery

CHigh Availability and Global Reach

DReliability and Security

Fault Tolerance and Disaster Recovery are Cloud Architecture concepts, not Benefits of Cloud. The nine Benefits include Agility, Pay-as-you-go, Economy of Scale, Global Reach, Security, Reliability, High Availability, Scalability, and Elasticity.

4. Which of the Six Advantages of Cloud addresses the problem of over-provisioning servers 'just in case'?

ATrade capital expense for variable expense

BBenefit from massive economies of scale

CStop guessing capacity

DGo global in minutes

Stop guessing capacity means you scale up or down to meet current need instead of paying for idle or underutilized servers you provisioned speculatively.

5. Among the Seven Advantages to Cloud, which advantage specifically refers to automated scaling during traffic spikes?

AScalableCâu trả lời của tôi

BReliable

CCurrent

DElastic

Elastic means scaling is automated during spikes and drops in demand. Scalable means you have the ability to increase or decrease resources - but it doesn't imply automation. The distinction matters on the exam.

6. AWS currently has 25 launched regions. How many Availability Zones do they have?

A25

B54

C81

D108

AWS has 81 Availability Zones across its 25 launched regions. 108 refers to Direct Connection Locations, a different infrastructure concept.

7. You are launching an EC2 instance. During setup you are asked to choose a Subnet, not an Availability Zone. Why?

AEC2 instances don't need an Availability Zone

BSubnets are associated with AZs - choosing the Subnet implicitly determines the AZ

CAvailability Zones are selected at the Region level, not instance level

DAWS automatically picks the best AZ regardless of your subnet choice

Every subnet belongs to exactly one Availability Zone. When you pick a subnet, you are indirectly selecting which AZ your resource will run in.

8. An AWS Region is considered a Fault Level, and an Availability Zone is considered a Fault Domain. What is the key property of a Fault Domain?

AIt replicates data to other domains automaticallyCâu trả lời của tôi

BIf a failure occurs, it will not cascade outside that domain

CIt spans multiple regions for redundancy

DIt is managed by a separate AWS team

A Fault Domain contains failures - if something fails inside it, that failure won't cascade to other domains. This is the core purpose of the concept. Data replication is a separate concern.

9. Which of the following AWS services uses Points of Presence to generate a special URL, allowing end users to upload files to a nearby Edge Location for faster transfer to S3?

AAWS Global Accelerator

BAmazon CloudFront

CAWS Direct Connect

DS3 Transfer Acceleration

S3 Transfer Acceleration generates a special URL so end users upload to a nearby Edge Location. Once the file hits the Edge Location, it travels the fast AWS backbone network to reach S3 instead of traversing the public internet the whole way.

10. You need a private, dedicated network connection between your on-premise datacenter and AWS with consistent performance for high-traffic workloads. Which service should you use, and what are the available bandwidth options?

AAWS VPN - 50Mbps to 500Mbps

BAWS Direct Connect - 50Mbps-500Mbps or 1Gbps/10Gbps

CAWS Global Accelerator - 1Gbps or 10Gbps onlyCâu trả lời của tôi

DVPC Endpoints - up to 100Gbps

AWS Direct Connect is the private/dedicated physical connection between your datacenter and AWS. It offers two bandwidth tiers: lower (50Mbps-500Mbps) and higher (1Gbps or 10Gbps). Global Accelerator still uses the public internet for the first hop to an Edge Location - it is not a dedicated connection.

Cloud Computing Foundations

1-18/329

Apr 8, 2026

An introduction to cloud computing covering the evolution of hosting models, CSP concepts, compute types, and cloud deployment architectures.

Nội dung

What is cloud computing vs on-premise
Evolution of hosting: Dedicated, VPS, Shared, Cloud
What makes a CSP vs a Cloud Platform (Twilio, HashiCorp, Databricks)
The 4 core IaaS services: Compute, Storage, Database, Networking
AWS has 200+ services across 20+ categories
Evolution of computing: Dedicated, VMs (Hypervisor), Containers (Docker Daemon), Functions (Serverless)
Types of cloud: SaaS (customers), PaaS (developers), IaaS (IT/DevOps)
Deployment models: Public, Private, Hybrid (VPN-connected), Cross-Cloud/Multi-Cloud

Điểm chính

'Private cloud' means who owns the servers, not whether the app is publicly accessible

Hybrid VPN is infrastructure-to-infrastructure - end users never touch it

Serverless/Functions = only pay when code runs, trade-off is cold starts

IaaS always has the 4 core services; 'Cloud Computing' covers all categories, not just compute

Bài kiểm tra

1. What is the key difference between a Cloud Service Provider (CSP) and a Cloud Platform like Twilio or HashiCorp?

ACSPs are cheaper than Cloud Platforms

BCSPs offer a Single Unified API and IaaS; Cloud Platforms don't meet all those requirements

CCloud Platforms have more services than CSPs

DCSPs only provide compute and storage services

A CSP must offer a Single Unified API, metered billing, IaaS, and automation via IaC. Cloud Platforms like Twilio offer multiple services under a single UI but don't meet all these requirements.

2. Which hosting model shares one physical machine among hundreds of businesses, relying on tenants under-utilizing resources?

ADedicated Server

BVirtual Private Server (VPS)

CShared Hosting

DCloud Hosting

Shared Hosting puts hundreds of businesses on one physical machine and is very cheap, but offers limited functionality and poor isolation because it depends on tenants not fully using their allocation.

3. In the evolution of computing, what software layer enables multiple Virtual Machines to run on a single physical server?

ADocker DaemonCâu trả lời của tôi

BGuest OS

CHypervisor

DServerless Runtime

The Hypervisor is the software layer that sits between the Host OS and the VMs, allowing multiple virtual machines to share one physical server. Docker Daemon is similar but operates one level up - it runs containers inside VMs.

4. You deploy your web app on AWS (public cloud) but keep your legacy database on-premise. The two sides are connected via VPN. How do end users access your web app?

AThrough the VPN tunnel

BNormally via the internet - the VPN is only for backend infrastructure communication

CThey need special credentials to access a hybrid app

DThrough the on-premise datacenter directly

The VPN in a hybrid setup is a private tunnel between infrastructure environments, not a user-facing gateway. End users access the public-facing parts of the app via the regular internet, unaware of the VPN.

5. Which type of cloud computing service is best described as: 'You upload code, choose memory and duration, and only pay while the code is running'?

AContainers

BVirtual Machines

CFunctions (Serverless)

DDedicated Servers

Functions (Serverless) are managed VMs running managed containers where you only upload code. VMs spin up only when code needs to execute, so you pay only for that runtime - though this causes cold starts when the VM isn't already warm.