Week 2: AWS Compute and Networking

by
Contents hide
1 INTRODUCTION
2 WEEK 2 QUIZ
3 CONCLUSION
Spread the love

INTRODUCTION

In this week, you shall have a close look into what makes compute services AWS different from other AWS services. You shall cover all the basic components of the architecture of Amazon Elastic Compute Cloud (Amazon EC2). One will also learn how they distinguish one from the other, that is, between containers and virtual machine. One will further be involved in the feature and benefit of serverless technologies, fundamental concepts of networking, and the feature of Amazon Virtual Private Cloud.

Learning Objectives

  • To differentiate AWS compute services from other AWS services.
  • Learn the components of EC2 architecture.
  • Differentiate between a container and a virtual machine.
  • Survey the characteristics and advantages of serverless technologies.
  • Define basic concepts of Networking.
  • Understand the Features of Amazon Virtual Private Cloud (VPC).
  • A VPC will be configured.
 

WEEK 2 QUIZ

1. Which information is needed to create a virtual private cloud (VPC)?

  • The group of subnets that the VPC will reside in.
  • The Availability Zone that the VPC will reside in.
  • The subnet that the VPC will reside in.
  • The AWS Region that the VPC will reside in. (CORRECT)

Correct: When a solutions architect creates a VPC, he will have to specify the region in which it will be built, the range of IPs that it will cover and the name of the VPC. For more information, refer to the Introduction to Amazon VPC video.

2. Which of the following can a route table be attached to?

  • AWS Accounts
  • Availability Zone
  • Subnets (CORRECT)
  • Regions

Correct: Routing tables have two characteristics: they are for routing traffic to a virtual private cloud (VPC) or to routing traffic within a subnet. To learn more about this service, check out the video entitled Amazon VPC Routing on YouTube.

3. A company wants to allow resources in a public subnet to communicate with the internet. Which of the following must the company do to meet this requirement?

  • Create a route to a private subnet
  • Attach an internet gateway to their VPC
  • Create a route in a route table to the internet gateway
  • A and B
  • B and C (CORRECT)

Correct: With an internet gateway attached to a virtual private cloud (VPC), a company can configure a route table and route all network traffic through the internet gateway once it has created an internet gateway. In addition, an internet gateway is highly available and much more scalable compared to a home modem that would either go down or come offline.

4. What is the compute as a service (CaaS) model?

  • The CaaS model requires that users purchase virtual machines and manually provision servers to run a workload.
  • The CaaS model offers computing resources (such as virtual machines that run on servers in data centers) on demand, by using virtual services. (CORRECT)
  • The CaaS model offers large discounts for computing resources. However, users must run the workload from the server that is stored on-premises.
  • The CaaS model delivers cloud-based applications to users across the globe, over the internet.

Correct: CaaS or Compute as a Service entails on demand virtual computing resources that offer demand and flexible scalability of computing power. See Compute as a Service on AWS video for further details.

5. Which statement about the default settings of a security group is TRUE?

  • Allows all inbound traffic and blocks all outbound traffic by default.
  • Blocks all inbound traffic and allows all outbound traffic by default. (CORRECT)
  • Allows all inbound and outbound traffic by default.
  • Blocks all inbound and outbound traffic by default.

Correct: Security groups filter the coming and outgoings traffic of the instances to which they are attached. By default, they deny all incoming traffic but allow all outbound traffic. Refer to the Secure Your Network with Amazon VPC Security video for more information.

6. What does an Amazon Elastic Compute Cloud (Amazon EC2) instance type indicate?

  • Instance placement and instance size
  • Instance tenancy and instance billing
  • Instance family and instance size (CORRECT)
  • Instance Amazon Machine Image (AMI) and networking speed

Correct: Based on the instance generation, family, additional capabilities, and size of the instance, instance types have been named. That is, these names give the idea of the specifications and performance of an instance. For more information, please visit the Introduction to Amazon EC2 video.   

7. What is the relationship between Amazon Machine Images (AMIs) and Amazon Elastic Compute Cloud (Amazon EC2) instances?

  • When launching an EC2 instance, the first setting that users configure is the operating system (OS) that they want. Then, they select an AMI and manually install the OS, drives, and installation wizard.
  • The AMI is a virtual server that hosts a workload, but the EC2 instance is a template that models and defines an instance. One advantage of using EC2 instances is that they are reusable.
  • An AMI is a template that contains the software that is required to launch an instance. EC2 instances are live instantiations of what is defined in an AMI, much like a cake is a live instantiation of a cake recipe. (CORRECT)
  • An AMI is a collection of unique EC2 instances. Each time users create an EC2 instance, they must set up a new AMI template for their instance.

Correct: Image of Amazon Machine contains a template for software configuration. An instance of it is a virtual cloud server that is configured copy model with the AMI supplied by the user upon launch. For further details refer to Reading: Introduction to Amazon Elastic Compute Cloud.

8. What is the difference between using AWS Fargate or Amazon Elastic Compute Cloud (Amazon EC2) as the compute platform for Amazon Elastic Container Service (Amazon ECS)?

  • With AWS Fargate, users need to manage cluster capacity and scaling.
  • With Amazon ECS on Amazon EC2, AWS manages and provisions the underlying EC2 instance for containers.
  • With AWS Fargate, AWS manages and provisions the underlying infrastructure for hosting containers. (CORRECT)
  • With Amazon ECS on Amazon EC2, users need to upload only the source code. Amazon ECS takes care of the rest.

Correct: In fact, with Fargate, there is no need for users to provision, set up, or scale any clusters of virtual machines to run their containers. The virtual machine infrastructure is managed by Fargate for the user, so it frees up users to run and manage their containers. More can be learned about this in Container Services on AWS.

9. Which statement about serverless is TRUE?

  • Users must manually scale serverless resources.
  • Users do not pay for idle resources. (CORRECT)
  • Users must provision and manage servers.
  • Users must manage availability and fault tolerance.

Correct: True, serverless architectures charge only for the time they are in use and resource usage. On this basis, they can be very cost-effective for some kinds of application. Check out What is Serverless for more.

10. True or False: AWS Lambda is always the best solution when running applications on AWS.

  • True
  • False (CORRECT)

Correct: AWS Lambda is a fantastic solution for executing workloads on demand under 15 minutes. It does not require anyone to provision or operate servers. However, it might not be suitable for absolutely every case. Refer to the video: Choose the Right Compute Service for more.

11. Which compute service does Amazon Elastic Compute Cloud (Amazon EC2) provide?

  • Container services
  • Serverless
  • Virtual machines (VMs) (CORRECT)
  • Analytics

Correct: In reality, Amazon EC2 can be explained as Web Service that provides secure, flexible and scalable compute capacity in the cloud so that users can scale the resources on demand at all times. For more information, refer to Reading: Compute as a Service on AWS.

12. Which stage of the instance lifecycle is an instance in when the account starts to accumulate charges?

  • When an instance is in a pending stage
  • When an instance is in a running stage (CORRECT)
  • When an instance is stopped
  • When an instance is terminated

Correct: Users accrue costs for instance usage as soon as an instance begins running. Charges are incurred on the basis of the sound and productive running time of the instance as well as the resources that it consumes. For more details, refer to Amazon EC2 Instance Lifecycle.

13. Which component of the c5.4xlarge instance determines the instance family and generation number?

  • 4x
  • Large
  • 4xlarge
  • c5 (CORRECT)

Correct: Designates the c5 instance type as a compute-optimized instance within the C family, thus very much part of the fifth generation EC2 instance types. These instances are meant to give excellent performance for workloads with high compute demand. Read more: Amazon EC2 Instance Lifecycle.

14. Which container runtime can be used to host a container on an Amazon Elastic Compute Cloud (Amazon EC2) instance?

  • Docker (CORRECT)
  • Container
  • Amazon Simple Storage Service (Amazon S3)
  • Amazon EC2

Correct: Docker serves as a software platform for the development, packaging, deployment, and running of containers. For further knowledge, refer Reading: Container Services on AWS.

15. What is an example of an event that invokes an AWS Lambda function?

  • An AWS API call that is made by an AWS Identity and Access Management (IAM) role
  • An upload of a file to the Amazon Simple Storage Service (Amazon S3) source bucket (CORRECT)
  • An incoming HTTP request to a website that is hosted on Amazon Elastic Compute Cloud (Amazon EC2)
  • A simple WordPress website that has no API integration

Correct: An AWS Lambda can be triggered to function when a file is uploaded from the S3 source bucket. See Introduction to AWS Lambda for more information.

16. True or False: With serverless, users do not need to provision and manage servers.

  • T​rue (CORRECT)
  • ​False

Correct: The serverless architecture is the one that would allow you to create applications and subsequently run them, without managing the relevant infrastructure. Read, Serverless and AWS Lambda for more information.

17. True or False: All AWS services require users to configure a virtual private cloud (VPC).

  • T​rue
  • F​alse (CORRECT)

Correct: AWS does not need a VPC at all for serverless services networking because the infrastructure is abstracted away and managed by AWS. For more details, see Networking on AWS.

18. An engineer is working with networks in the AWS Cloud. What should the engineer use to configure the size of their network?

  • Classless Inter-Domain Routing (CIDR) notation (CORRECT)
  • IPv6 notation
  • IPv4 notation
  • IP addresses

Correct: With CIDR (Classless Inter-Domain Routing) notation, the users of AWS define the size of the network according to their needs. This way, they can state the IP address range for that VPC specifically. For more details, refer to the Reading: Networking on AWS.

19. What is the difference between network access control lists (ACLs) and security groups?

  • By default, network ACLs allow incoming traffic and block outgoing traffic from a subnet. Users can change these settings to provide an additional layer of security. However, the default configurations of security groups block all traffic.
  • By default, network ACLs block all traffic from a subnet. However, the default configurations of security groups allow all inbound and outbound traffic. Users can change these settings to provide an additional layer of security.
  • By default, network ACLs block incoming traffic and allow outgoing traffic. The default configurations of security groups block all traffic. Users can change these settings when they configure networking for their instance.
  • By default, network ACLs allow incoming and outgoing traffic from a subnet. Users can change these settings to provide an additional layer of security. However, the default configurations of security groups block all inbound traffic and allow all outbound traffic. (CORRECT)

Correct: Network ACLs, also known as Access Control Lists, are stateless, which means that they do not keep track of the state of the connection. By default, they allow all traffic from and going into the subnet. However, they can be restricted at the subnet level, both inbound and outbound, by specifying a given protocol for port access. If users assign an inbound port but do not specify an outbound range, the server might respond, but the traffic does not leave the subnet.

Security groups are stateful, while by default all traffic is denied for all ingress ports, and everything going out is OK. When a user opens inbound ports, these security groups would remember whether the initiation of traffic was done by the EC2 instance or other sources on the internet, thus allowing outbound traffic per the instance.

CONCLUSION

TBW

Leave a Comment