SY0-701 Domain 3

  1. Infrastructure as a Service (IaaS): The Cloud Service provider will provide virtualized computing resources like servers, storage, and networking, while customers manage the operating system, applications, and data. (Analogy: renting an unfurnished apartment)

  2. Platform as a Service (PaaS): Provides a fully managed platform, including the infrastructure and runtime environment for application development. Customers only manage the applications and data, while the provider handles the OS, middleware, and infrastructure. (Analogy: Renting a furnished apartment)

  3. Software as Service (SaaS): customer remains responsible for configuring access, CSP provides all management, and customer uses the software (Analogy: staying at a hotel)

  4. IaaS: CSP provides building like networking, storage and computer

  5. PaaS: Customer is responsible for deployment and management of apps. CSP manages provisioning, configuration, hardware and OS

  6. SaaS: Customer configures features, CSP is responsible for management, operation and service availability

  7. Cloud Computing: cost effective, global, secure, scalable, elastic, and always current

  8. Public Cloud: everything runs on your cloud provider’s hardware. it is cost effective, Scalable, No maintenance, Global availability, Wide range of services, High reliability, Fast deployment, low skills

  9. Private Cloud: cloud computing environment that is dedicated solely to one organization. Advantage is legacy support, control, compliance

  10. Hybrid Cloud: combines both public and private clouds, allowing you to run apps in the right location. Advantages include flexibility in legacy, compliance and scalability

  11. Community Cloud: similar to private clouds in that they are not open to general public, shared by several related organizations in a common community

  12. Multi-Cloud: the use of multiple cloud computing services from different providers (e.g., AWS, Azure, Google Cloud) within a single architecture. It allows businesses to distribute workloads across different clouds to avoid vendor lock-in, enhance flexibility, and optimize performance, cost, and security

  13. Third Party: CSPs are considered in the cloud infrastructure

  14. Third Party (Logical): design of datacenter is an abstraction, customers utilize software and services provided by the CSP

  15. Third Party (Logical) should: create tenant partitioning or isolation, limit and secure remote access, monitor the cloud infrastructure, allow patching and updating of systems

  16. Third Party (Multitenancy): logical isolation in this CSP makes cloud computing more affordable, but create some security and privacy concerns

  17. Third Party (Multitenancy): business centers physically housed multiple tenants, colocation data centers supporting multiple customers

  18. Third Party (Multitenancy): risk in these scenarios is largely physical

  19. Infrastructure as Code (IaC): is the practice of managing and setting up IT infrastructure (like servers and networks) described in code

  20. IaC: a key DevOps practice and used with continuous integration and continuous delivery (CI/CD)

  21. Characteristics of IAC to improve resiliency in IaaS and PaaS: Declarative(IaC must know its current state) and Idempotent(Deployment of IaC template can be applied multiple times without changing its results)

    1. Serverless: cloud model where you run applications without managing servers. The cloud provider automatically handles infrastructure, scaling, and maintenance.

    2. Difference between PaaS and Serverless: PaaS has more control over deployment environment. Serverless has less control over the deployment environment. In PaaS, application has to be configured to auto-scale. In serverless, application scales automatically (scaling means that system can increase or decrease resources (like CPU, memory, or instances) In PaaS, application taes a while to spin up, while Serverless application code only executes when invoked (code runs only when triggered by an event instead of running continuously)

    3. What PaaS and Serverless have in common: Devs have to write code and No server management

    4. Microservices: collection of small, independent services that communicate with each other. Each service handles a specific function and can be developed, deployed, and scaled separately.

    5. Air Gap: where a system or network is physically isolated from external networks, including the internet, to prevent unauthorized access or cyberattacks. (Physical isolation)

    6. Logical Segmentation: segmenting the network without additional physical hardware

    7. Virtual Local Area Network (VLAN): logically segments a local area network into subnetworks, occurs in layer 2 (logical segmentation)

    8. Virtual Private Network (VPN): creating an encrypted tunnel between devices or networks to pass traffic, using protocols like IPsec (logical segmentation)

    9. Virtual Routing and Forwarding (VRF): a single router/switch to function as multiple virtual routers/switches. S

    10. ACL: in Virtual Routing and Forwarding, subnet divides large IP ranges to smaller ranges which can segment using ____________

    11. Software Defined Networks: a network architecture approach that enables the network to be intelligently and centrally controlled/programmed using software and has capacity to reprogram the data plan any time

    12. Man in the middle attack and DoS: SDN vulnerabilities

    13. On premises: organization retains complete control of the full stack

    14. Off Premises: offloads responsibility and infrastructure and management functions to the CSP

    15. What happens when moving to Cloud?: some ****responsibilities are shifted to the CSP and IT shifts from capital expense to operational expense

    16. Advantages of Cloud:

    • Scalability

    • Cost-Effective

    • No Maintenance

    • Accessibility

    • High Availability

    • Quick Deployment

    1. Advantages of On Premises:

    • Complete Control

    • Customization

    • Security

    • Data Privacy

    • Compliance

    1. Centralized: A system where control and decision-making are managed by a single authority or location, making it easier to manage but vulnerable to single points of failure.

    2. Decentralized: A system where control is distributed across multiple nodes or locations, improving redundancy and fault tolerance but making management more complex.

    3. Containerization: A lightweight virtualization method to package an application for multiple platforms. Reduces overhead of server virtualization by enabling containerized apps to run on a shared OS kernel. Containers do not have their own Operating System.

    4. Concerns of server virtualization: isolation at host, process, network, and storage levels

    5. Virtual Machine: each _____ has its own OS kernel and memory, resulting more overhead

    6. Containers: are isolated but share a SINGLE OS kernel as well as bins/libs where possible

    7. Container Hosts: cloud based virtual machines

    8. Virtualization: server _________ is the process of dividing a physical server into multiple unique and isolated virtual servers by means of a software application

    9. VM Escape: when attacker gains access to VM and attacks the host machine or any other VMs

    10. VM Sprawl: unmanaged VMs have been deployed in the network

    11. Type 1 Hypervisor “bare metal”: has no OS, reduced attack surface, commonly used for QA, load testing and production scenarios

    12. Type 2 Hypervisor ‘hosted’: has an OS, less secure than type 1, increased attacked surface, less expensive

    13. Internet of Things (IoT): class of devices connect to the internet in order to provide automation, remote control. or AI processing in a home/business setting. Often have limited compute resources and often limited ability to patch.

    14. Supervisory Control and Data Acquisition (SCADA)/ Industrial Control System (ICS): system used to monitor and control industrial processes remotely, such as power plants, water treatment, and manufacturing. Usually do not have direct internet access for greater security

    15. Real time operating system (RTOS): An OS designed to process tasks with precise timing and reliability, commonly used in wearables and embedded systems like in cars. Security of these devices is important, but difficult to know what is running inside the embedded systems. They process data immediately, and if a task or process does not complete within a certain time, the process will fail

    16. Embedded System: a full computer system embedded inside of another larger system (eg: printers, GPS, drones, modern vehicles), need to be managed and patched like a computer

    17. Availability: ensuring system or service is accessible to authorized users when needed

    18. Resilience: an organization's ability to withstand, recover, and adapt to cyber threats, system failures, or disruptions without impacting availability

    19. Cost: financial expenses, staffing, other associated cost.

    20. Responsiveness: system/service’s ability to respond to user requests

    21. Scalability: ability of a system to handle increased workloads by adding resources without performance loss.

    22. Ease of Deployment: refers to how quickly and efficiently a system, application, or security measure can be implemented and operationalized with minimal effort.

    23. Risk transference: security risks mitigated by transferring some responsibility to third parties through insurance, security contracts or service agreement

    24. Ease of Recovery: recovery time and effort are crucial for availability and resilience

    25. Patch Availability and Vendor Support: evaluates how often patching is required and the vendor’s support responsiveness

    26. Inability to Patch: patching might not be feasible due to downtime

    27. Power: power consumption significant factor in data center design and contributes to ongoing costs

    28. Compute: drives ongoing costs both in cloud (pay as you go) and for on premises (replacing hardwares)