Azure Solutions Architect Expert Certification Questions And Answers Dumps

Azure Solutions Architect Expert Exam Preparation

This exam measures your ability to accomplish the following technical tasks: design identity, governance, and monitoring solutions; design data storage solutions; design business continuity solutions; and design infrastructure solutions.

This blog covers the Designing Microsoft Azure Infrastructure Solutions.

A candidate for this certification should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platforms, and governance. A professional in this role should manage how decisions in each area affect an overall solution. In addition, they should have experience in Azure administration, Azure development, and DevOps processes.

2022 AWS Cloud Practitioner Exam Preparation

Skills measured

  • Design identity, governance, and monitoring solutions (25-30%)
  • Design data storage solutions (25-30%)
  • Design business continuity solutions (10-15%)
  • Design infrastructure solutions (25-30%)

Below are the top 50 Questions and Answers for AZ303, AZ304 and AZ305 Certification Exam:

What is one reason to regularly review Azure role assignments?

A. ensure naming conventions are properly applied.

B. To reduce the risk associated with stale role assignments.

C. To eliminate extra distribution groups that are no longer used.

Answer: B:  You should regularly review access of privileged Azure resource roles to reduce the risk associated with stale role assignment

What is an access package?

A. An access package is a group of users with the access they need to work on a project or perform a task.

B. An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task.

C. An access package is a used to create a transitive trust between B2B organizations.

Answer: B:  An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task. For example, you may want to create an Access Package that includes all the applications that developers in your organization need, or all applications to which external users should have access.

How can Discovery and insights for privileged identity management help an organization?

A. Discovery and insights can find privileged role assignments across Azure AD, and then provide recommendations on how to secure them using Azure AD governance features like Privileged Identity Management (PIM).

B. Discovery and insights can find when guest’s access resources across Azure AD.


Save 65% on select product(s) with promo code 65ZDS44X on Amazon.com

C. Discovery and insights can find security group assignments across Azure AD, and then provide recommendations on how to secure them using Azure AD governance features like Privileged Identity Management (PIM).


D. N/A


Answer: A – Discovery and insights can find privileged role assignments across Azure AD, and then provide recommendations on how to secure them using Azure AD governance features like Privileged Identity Management (PIM).

Whether to assign a role to a group instead of to individual users is a strategic decision. When planning, consider assigning a role to a group to manage role assignments when the desired outcome is to delegate assigning the role and what else?

A. You want to use Conditional Access policies.

B. Many Azure resources need to be managed.

C. Many users are assigned to a role.

D. N/A


Answer: C – Management of one group is much easier than management many individual users.

Which roles can only be assigned using Privileged Identity Management?

A. Permanently active roles.

B. Eligible roles.

C. Transient roles.

D. N/A


Answer: B. – Permanently active roles are the normal roles assigned through Azure Active Directory and Azure resources while eligible roles can only be assigned in Privileged Identity Management.

What is the purpose of the audit logs?

A. Azure AD audit logs provide a comparison of budgeted Azure usage compared to actual.

B. Azure AD audit logs provide records of system activities for compliance reporting.

C. Azure AD audit logs allow customer to monitor activity when provisioning new services within Azure.

D. N/A


Answer: B. – An audit log has a default list view that shows data, like the date and time of the occurrence, the service that logged the occurrence, the category and name of the activity (what), the status of the activity (success or failure), the target, and the initiator/actor (who) of an activity.

Can Azure export logging data to third-party SIEM tools?

A. Yes, Azure supports exporting log data to several common third-party SIEM tools.

B. No, Azure only supports the export to Azure Sentinel.


C. Yes, Splunk is the 3rd Party SIEM Azure can export to.

D. N/A


Answer: A. – Azure can export to many of the most popular SIEM tools. The most common are Splunk, IBM QRadar, and ArcSight.

A Solutions Architect wants to configure email notifications to be sent from Azure AD Domain Services when issues are detected. In Azure, where this would be configured?

A. Azure Microsoft Portal > Azure Active Directory > Monitoring > Notifications > Add email recipient.

B. Azure Microsoft Portal > Azure AD Domain Services > Notification settings > Add email recipient.

C. Azure Microsoft Portal > Notification Hubs > Azure Active Directory > Add email recipient.

D. N/A


Answer: B – The health of an Azure Active Directory Domain Services (Azure AD DS) managed domain is monitored by the Azure platform. The health status page in the Azure Microsoft Portal shows any alerts for the managed domain. To make sure issues are responded to in a timely manner, email notifications can be configured to report on health alerts as soon as they’re detected in the Azure AD DS managed domain.

You are architecting a web application that constantly reads and writes important medical imaging data in blob storage.

To ensure the web application is resilient, you have been asked to configure Azure Storage as follows:

  • Protect against a regional disaster.
  • Leverage synchronous replication of storage data across multiple data centers.

How would you configure Azure Storage to meet these requirements?

GZRS provides asynchronous replication to a single physical location in the secondary region. Additionally, this includes synchronous replication across three availability zones within the primary region (ZRS).

Video for reference: Storage Account Replication

 

You need to ensure your virtual machine boot and data volumes are encrypted. Your virtual machine is already deployed using an Azure marketplace Windows OS image and managed disks. Which  tasks should you complete to enable the required encryption?

Configure a Key Vault Access Policy: A Key Vault Access Policy will be required to allow Azure Disk Encryption for volume encryption.

Create an Azure Key Vault: Azure Disk Encryption leverages a Key Vault for the secure storage of cryptographic information.

Video for reference: Azure Disk Encryption

You have configured Azure multi-factor authentication (MFA) for your company. Some staff have reported they are receiving MFA verification requests, even when they didn’t initiate any authentication themselves. They believe this might be hackers.
Which feature would you enable to help protect against this type of security issue?

Fraud alert helps users to protect against MFA verification requests they did not initiate. It provides the ability to report fraudulent attempts, as well as the ability to automatically block users who report fraud.

Reference: Fraud Alert

You are configuring a new storage account using PowerShell. The storage account must support Queue storage. The PowerShell command you are using is as follows:

New-AzStorageAccount -name "tpcstore01" -ResourceGroupName "rg1" -location "auseast" -SkuName "standard_lrs"

Which two arguments could you use to complete the PowerShell command to meet the above requirements?

-Kind "Storage"

General Purpose v1 supports blob, file, queue, table, and disk.

-Kind "StorageV2"

General Purpose v2 supports blob, file, queue, table, disk, and data lake.

You need to ensure your virtual machine boot and data volumes are encrypted. Your virtual machine is already deployed using an Azure marketplace Linux OS image and managed disks.
Which  two commands would you use to enable the required encryption?

New-AzKeyvault

Azure Disk Encryption leverages a Key Vault for the secure storage of cryptographic information.

Set-AzVMDiskEncryptionExtension

Azure Disk Encryption leverages a VM extension to enable BitLocker (Windows) or DM-Crypt (Linux) to encrypt boot/OS/data volumes.

CompanyA is planning on making some significant changes to their governance solution. They have asked for your assistance with recommendations and questions. Here are the specific requirements.

– Consistency across subscriptions. It appears each subscription has different policies for the creation of virtual machines. The IT department would like to standardize the policies across the Azure subscriptions.

– Ensure critical storage is highly available. There are several critical applications that use storage. The IT department wants to ensure the storage is made highly available across regions.

– Identify R&D costs. The CTO wants to know how much a new project is costing. The costs are spread out across multiple departments.

– ISO compliance. CompanyA wants to certify that it complies with the ISO 27001 standard. The standard will require resources groups, policy assignments, and templates.

How can CompanyA to ensure policies are implemented across multiple subscriptions?

Create a management group and place all the relevant subscriptions in the new management group.
A management group could include all the subscriptions. Then a policy could be scoped to the management group and applied to all the subscriptions.

How can CompanyA ensure applications use geo-redundancy to create highly available storage applications?

Add an Azure policy that requires geo-redundant storage.
An Azure policy can enforce different rules over your resource configurations.

How can CompanyA report all the costs associated with a new product?

Add a resource tag to identify which resources are used for the new product.
Resource tagging provides extra information, or metadata, about your resources. You could then run a cost report on all resources with that tag.

Which governance tool should CompanyA use for the ISO 27001 requirements?

Azure blueprints.
Azure blueprints will deploy all the artifacts for ISO 27001 compliance.

You are configuring an Azure Automation runbook using the Azure sandbox.
For your runbook to work, you need to install a PowerShell module. You would like to minimize the administrative overhead for maintaining and operating your runbook.
Which option should you choose to install an additional PowerShell module?

Navigate to Shared Resources > Modules, and configure the additional module.
Additional PowerShell modules can be added to the sandbox environment for use by your runbooks.

CompanyA is planning on making some significant changes to their identity and access management solution. They have asked for your assistance on some recommendations and questions. Here are the specific requirements.

– Device access to company applications. The CTO has agreed to allow some level of device access. Employees at the company’s retail stores will now be able to access certain company applications. This access, however, should be restricted to only approved devices.

– Company reorganization. A company-wide reorganization has affected many employees. These employees are now in new roles. The IT team needs to ensure users have the correct access based on their new jobs.

– External developer accounts. A new development project requires external software developers to access company data files. The IT team needs to create user accounts for approximately five developers.

– User sign-in attempts. A recent audit of user sign-ins attempts revealed anonymous IP addresses and unusual locations. The IT team wants to require multifactor authentication for these attempted sign-ins.

How can CompanyA ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

Conditional access: Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

What should CompanyA do to ensure employees have the correct permissions for their job role?

Require an access review: An access review would give managers an opportunity to validate the employees access.

What should CompanyA do to give access to the partner developers?

Invite the developers as guest users to their directory: In Business-to-Business scenarios guest user accounts are created. You can then apply the appropriate permissions

What solution would be best for the user sign-in attempts requirement?

Create a sign-in risk policy: That’s correct. A sign-in risk policy can identify anonymous IP and atypical locations. Secondary multifactor authentication can then be required.

You are working as a network administrator, managing the following virtual networks:

VNET1

  • Location: Australia East

  • Resource groupRG1

  • Address space: 10.1.0.0/16

    VNET2

  • Location: Australia Southeast

  • Resource groupRG2

  • Address space: 10.1.0.0/16

You have been asked to connect VNET1 and VNET2, to allow private communication between resources in each virtual network. Do you need to modify either of the two virtual networks before virtual network peering is supported?

Yes: IP address ranges cannot overlap. One of the virtual networks must have their address space changed before VNet peering would be able to be configured.


You are architecting identity management for a hybrid environment, and you plan to use Azure AD Connect with password hash sync (PHS).
It is important that you design the solution to be highly available. How would you implement high availability for the synchronization service?

Configure an additional server with Azure AD Connect in staging mode.

Azure AD Connect can be configured in staging mode, which helps with high availability.

You are responsible for monitoring a major web application for your company. The application is implemented using Azure App Service Web Apps and Application Insights.
The chief marketing officer has asked you to provide information to help analyze user behavior based on a group of characteristics. To start with, it will be a simple query looking at all active users from Australia.
Which of the following would you use to provide this information?

Cohorts leverage analytics queries to analyze users, sessions, events, or operations that have something in common (e.g., location, event, etc.). Reference: App insights

You work for a company with multiple Active Directory domains: exampledomain1.com and test.lab.com. Your company would like to use Azure AD Connect to synchronize your on-premises Active Directory domain, exampledomain1.com, with Azure AD. You do not wish to synchronize test.lab.com.

Which tasks should you complete, requiring minimal administrative effort and causing the least disruption to the existing environment?

Run the Azure AD Connect wizard, and configure Domain and OU filtering.

You are architecting a mission-critical processing solution for your company. The solution will leverage virtual machines for the processing tier, and it is critical that high performance levels are maintained at all times.
You need to leverage a managed disk that guarantees up to 900 MB/s throughput and 2,000 IOPS — but also minimizes costs.
Which of the following would you use within your solution?

Premium SSD Managed Disks:  Premium SSDs provide high performance and low latency, and include guaranteed capacity, IOPS, and throughput.

CompanyA wants to reduce storage costs by reducing duplicate content and, whenever applicable, migrating it to the cloud. The company would like a solution that centralizes maintenance while still providing nation-wide access for customers. Customers should be able to browse and purchase items online even in a case of a failure affecting an entire Azure region. Here are some specific requirements.

  • Warranty document retention. The company’s risk and legal teams requires warranty documents be kept for three years.

  • New photos and videos. The company would like each product to have a photo or video to demonstrate the product features.

  • External vendor development. A vendor will create and develop some of the online ecommerce features. The developer will need access to the HTML files, but only during the development phase.

  • Product catalog updates. The product catalog is updated every few months. Older versions of the catalog aren’t viewed frequently but must be available immediately if accessed.

What is the best way for CompanyA to protect their warranty information?

Time-based retention policy: With a time-based retention policy, users can set policies to store data for a specified interval. When a time-based retention policy is in place, objects can be created and read, but not modified or deleted.

What type of storage should CompanyA use for their photos and videos?

Blob storage: That’s correct. Blob storage is best for their photos.

What is the best way to provide the developer access to the ecommerce HTML files?

Shared access signatures: That’s correct. Shared access signatures provide secure delegated access. This functionality can be used to define permissions and how long access is allowed.

Which access tier should be used for the older versions of the product catalog?

Cool access tier: That’s correct. The cool access tier is for content that wouldn’t be viewed frequently but must be available immediately if accessed.

What tool would you use to identify underutilized and idle Azure resources in order to help reduce overall spend?

Azure Advisor: Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. Reference

You work as a network administrator for a company. You manage several virtual machines within the following virtual network:

  • NameVNET1
  • Address space: 10.1.0.0/16
  • SubnetSUBNET1 (10.1.1.0/24)

You need to configure DNS for a VM called VM1, that is located in SUBNET1. DNS should be set to 8.8.8.8. All other VMs must keep their existing settings.

What should you do?

Navigate to the network interface of VM1, DNS Servers, and enable Custom DNS Servers and set to 8.8.8.8.

Custom DNS can be set at the network interface level, so that the settings only apply for a specific virtual machine.

You are architecting a web application that constantly reads and writes important medical imaging data in blob storage. To ensure the web application is resilient, you have proposed the use of storage account failover. Management has asked you whether any data loss might occur for this solution, in the event of a failover. How would you respond?

There may be data loss, and the extent of data loss can be estimated using the Last Sync Time.

The Last Sync Time property provides an indication of how far the secondary is behind from the primary. This can be used to estimate the extent of data loss that may occur. 

What storage service should you implement for an application that streams video content?

Azure Blobs: Azure blobs are used for storing large amounts of unstructured data, such as documents, images, and video files. This service is best used for streaming audio and video, particularly over HTTP/S.

What storage service should you implement for an application that needs to access data using SMB?

Azure Files: Azure files allow you to create and maintain highly available file shares that are accessible anywhere. They can be considered as a replacement to traditional file servers. They provide SMB access.

You are architecting a mission-critical solution for your company using virtual machines.
The solution must qualify for a Microsoft service level agreement (SLA) of 99.95%.
You deploy your solution to a single virtual machine in an availability set. The virtual machine uses premium storage. Does this meet the required SLA?

No: The virtual machine does use premium storage; however, this only provides a 99.9% SLA.

You are implementing Azure Backup using the Microsoft Azure Backup Server.
Which of the following would you use to allow the server to register with your recovery services vault?

Vault Credentials: Vault Credentials are used by the Microsoft Azure Backup Server software to register with the vault.

You are developing a solution on a server hosted on-premises. The solution needs to access data within Azure Key Vault.
Which two options would you use to ensure the application has access to Azure Key Vault?

Register the application in Azure AD and use a client secret.
To allow an on-premises application to authenticate with Azure AD, it can be registered in Azure AD and given a client secret (or client certificate). If this application was hosted on a supported Azure service, it could have been possible to use a managed identity instead.

Configure an access policy in Azure Key Vault.
To allow access to Key Vault, any identity (application, user, etc.) must be provided permissions using an Access Policy.

You have a Windows virtual machine within Azure, which must be backed up.
You have the following requirements:
– Back up the virtual machine three times per day
– Include system state backups
You configure a backup to a recovery services vault using the Microsoft Azure Recovery Services (MARS) agent.
Does this fulfill the requirements above?

Yes: The Microsoft Azure Recovery Services (MARS) agent can perform backups of files, folders, and system states up to three times a day.

You are planning a migration of machines to Azure from your on-premises Hyper-V host.
You would like to estimate how much it will cost to migrate your operating machines to Azure. Which of the following two items would you include in your migration solution?
The effort required to estimate pricing, and then ultimately go on to perform a migration, should be minimized.

Azure Migrate Project: All migrations (both assessment and migration) require an Azure Migrate Project for the storage of related metadata.

You are implementing Azure Blueprints to help improve standards and compliance for your Azure environment.
You would like to ensure that when an Azure Blueprint is used, a user is assigned ‘owner’ permissions to a specific resource group defined in the blueprint.
Does Azure Blueprints provide this functionality?

Yes: Azure Blueprints includes several different artifacts, one of which is ‘Role Assignment’. This allows a user to be assigned permissions as part of the blueprint definition.

You are planning a migration from on-premises to Azure.
Your on-premises environment is made up of the following:
– VMware hosted virtual machines
– Hyper-V hosted virtual machines
– Physical servers
Will the Azure Migrate: Server Migration tool provided by Microsoft support your environment for migrations to Azure?

Yes, for VMware, Hyper-V, and physical machines. The Azure Migrate: Server Migration tool support migrating VMware VMs, Hyper-V VMs, and physical servers.

For a new container image you are developing, you need to ensure a local HTML file, index.html, is included in the image. Which command would you include in the Dockerfile?

COPY ./index.html /usr/share/nginx/html

The COPY command can be used within a Dockerfile to copy files and directories from source to destination.

You have developed a financial management application for your company.
It is currently hosted as an Azure App Service Web App within Azure.
To improve security, you need to ensure that the web application is only accessible when users connect from your head-office IP address of 14.78.162.190.
Within the Azure Portal settings for your web app, which section would you use to configure this security?

Networking > Access Restrictions
Access Restrictions allows you to filter inbound connectivity to Azure App service, based on the IP address of the requesting user/service.
This meets the requirements of this scenario, as an Access Restriction could be configured for the Web App. To configure this, an ALLOW rule would be created for the web app (and the management interface, SCM, if needed). Adding the ALLOW rule for the IP address of 13.77.161.179 would automatically create a DENY ALL rule, which will prevent any other network location from accessing this resource.

You are responsible for improving the availability of a web application. The web application has the following characteristics:
– Hosted using Azure App Service.
– Leverages an Azure SQL back-end.
You need to configure Azure SQL Database to meet the following needs:
Must be able to continue operations in the event of a region failure.
Must support automatic failover in the event of failure.
You must recommend a solution that requires the least amount of effort to implement, and can manage in the event of a failover. Which configuration do you recommend?

Azure SQL auto-failover group: Using Azure SQL auto-failover groups provides protection at a geographic scale. By using the read-write listener, an application will seamlessly point to the primary, even in the event of a failover. Azure SQL auto-failover groups simplify the deployment and management of geo-replicated databases. It supports replication, and failover, for one or more databases on Azure SQL Database, or Azure SQL Managed Instances. A key benefit of auto-failover groups, is the built-in management of DNS for read, and read-write listeners.

You have been asked to implement high availability for an Azure SQL Managed Instance.
The solution is critical, and data loss must be minimized. If the data platform fails you must wait 1 hour before automatic failover occurs.
You must determine: (1) How to configure replication. (2) How to configure the 1 hour delay.

Enable replication using Auto-Failover Groups. Enable the 1 hour delay using the Grace Period.
Auto-Failover Groups are supported by Azure SQL Managed Instances, and the Grace Period is used to define how many hours to wait before an automatic read/write failover occurs.

You are helping to architect a social media application.
The solution must ensure that all users read data in the order it has been completely written.
You propose the use of Cosmos DB. What else do you include in your proposal to meet the requirements?

Cosmos DB Strong Consistency: Strong consistency ensures that reads are guaranteed to return the most recent committed write. This is useful when order matters.

You need to configure high availability for Azure SQL Databases.
You would like the service to include the following:
– Automatic failover policy.
– Ability to manually failover.
– DNS management for primary read/write access.
You configure Azure SQL Active Geo-Replication. Does this meet the requirements?

No: Active Geo-Replication does not include DNS automatically managed for primary read/write access. This is a feature of auto-failover groups. The inclusion of DNS for both the primary read/write endpoint, and the secondary read endpoint, reduces the management overhead for ensuring applications are pointing to the correct resources in the event of a disaster.

Pros and Cons of Cloud Computing

Cloud User insurance and Cloud Provider Insurance

Cloud computing is the new big thing in Information Technology. Everyone, every business will sooner or later adopt it, because of hosting cost benefits, scalability and more.

This blog outlines the Pros and Cons of Cloud Computing, Pros and Cons of Cloud Technology, Faqs, Facts, Questions and Answers Dump about cloud computing.

AWS Cloud Practitioner Exam Prep App – Free

AWS Certified Cloud Practitioner Exam Prep App
AWS Certified Cloud Practitioner Exam Prep PWA App

Cloud Practitioner Exam Prep AWS vs Azure vs Google
Cloud Practitioner Exam Prep AWS vs Azure vs Google

2022 AWS Cloud Practitioner Exam Preparation

What is cloud computing?

Cloud computing is an information technology paradigm that enables ubiquitous access to shared pools of configurable system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet. Cloud computing relies on sharing of resources to achieve coherence and economies of scale, similar to a public utility.
Simply put, cloud computing is the delivery of computing services including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale. You typically pay only for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change.

What are the Pros of using cloud computing? What are characteristics of cloud computing?

  • Trade Capital expense for variable expense
  • Benefit from massive economies of scale
  • Stop guessing capacity
  • Increase speed and agility
  • Stop spending money on running and maintaining data centers
  • Go global in minutes
  • Benefits of AWS Cloud Computing
    Benefits of AWS Cloud Computing


  • Cost effective & Time saving: Cloud computing eliminates the capital expense of buying hardware and software and setting up and running on-site datacenters; the racks of servers, the round-the-clock electricity for power and cooling, and the IT experts for managing the infrastructure.
  • The ability to pay only for cloud services you use, helping you lower your operating costs.
  • Powerful server capabilities and Performance: The biggest cloud computing services run on a worldwide network of secure datacenters, which are regularly upgraded to the latest generation of fast and efficient computing hardware. This offers several benefits over a single corporate datacenter, including reduced network latency for applications and greater economies of scale.
  • Powerful and scalable server capabilities: The ability to scale elastically; That means delivering the right amount of IT resources—for example, more or less computing power, storage, bandwidth—right when they’re needed, and from the right geographic location.
  • SaaS ( Software as a service). Software as a service is a method for delivering software applications over the Internet, on demand and typically on a subscription basis. With SaaS, cloud providers host and manage the software application and underlying infrastructure, and handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually with a web browser on their phone, tablet, or PC.
  • PaaS ( Platform as a service). Platform as a service refers to cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications. PaaS is designed to make it easier for developers to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development.
  • IaaS ( Infrastructure as a service). The most basic category of cloud computing services. With IaaS, you rent IT infrastructure—servers and virtual machines (VMs), storage, networks, operating systems—from a cloud provider on a pay-as-you-go basis
  • Serverless: Running complex Applications without a single server. Overlapping with PaaS, serverless computing focuses on building app functionality without spending time continually managing the servers and infrastructure required to do so. The cloud provider handles the setup, capacity planning, and server management for you. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.
  • Infrastructure provisioning as code, helps recreating same infrastructure by re-running the same code in a few click.
  • Automatic and Reliable Data backup and storage of data: Cloud computing makes data backup, disaster recovery, and business continuity easier and less expensive because data can be mirrored at multiple redundant sites on the cloud provider’s network.
  • Increase Productivity: On-site datacenters typically require a lot of “racking and stacking”—hardware setup, software patching, and other time-consuming IT management chores. Cloud computing removes the need for many of these tasks, so IT teams can spend time on achieving more important business goals.
  • Security: Many cloud providers offer a broad set of policies, technologies, and controls that strengthen your security posture overall, helping protect your data, apps, and infrastructure from potential threats.
  • Speed: Most cloud computing services are provided self service and on demand, so even vast amounts of computing resources can be provisioned in minutes, typically with just a few mouse clicks, giving businesses a lot of flexibility and taking the pressure off capacity planning. In a cloud computing environment, new IT resources are only a click away. This means that the time those resources are available to your developers is reduced from weeks to minutes. As a result, the organization experiences a dramatic increase in agility because the cost and time it takes to experiment and develop is lower
  • Go global in minutes
    Easily deploy your application in multiple regions around the world with just a few clicks. This means that you can provide a lower latency and better experience for your customers simply and at minimal cost.

What are the Cons of using cloud computing?

  • Privacy: Cloud computing poses privacy concerns because the service provider can access the data that is in the cloud at any time. It could accidentally or deliberately alter or delete information.Many cloud providers can share information with third parties if necessary for purposes of law and order without a warrant. That is permitted in their privacy policies, which users must agree to before they start using cloud services.
  • Security: According to the Cloud Security Alliance, the top three threats in the cloud are Insecure Interfaces and API’s, Data Loss & Leakage, and Hardware Failure—which accounted for 29%, 25% and 10% of all cloud security outages respectively. Together, these form shared technology vulnerabilities.
  • Ownership of Data: There is the problem of legal ownership of the data (If a user stores some data in the cloud, can the cloud provider profit from it?). Many Terms of Service agreements are silent on the question of ownership.
  • Limited Customization Options: Cloud computing is cheaper because of economics of scale, and—like any outsourced task—you tend to get what you get. A restaurant with a limited menu is cheaper than a personal chef who can cook anything you want.
  • Downtime: Technical outages are inevitable and occur sometimes when cloud service providers (CSPs) become overwhelmed in the process of serving their clients. This may result to temporary business suspension.
  • Insurance : It can be expensive to insure the customer and business data and infrastructure hosted in the cloud. A cyber insurance is necessary when using the cloud.
  • Other concerns of cloud computing.

      • Users with specific records-keeping requirements, such as public agencies that must retain electronic records according to statute, may encounter complications with using cloud computing and storage. For instance, the U.S. Department of Defense designated the Defense Information Systems Agency (DISA) to maintain a list of records management products that meet all of the records retention, personally identifiable information (PII), and security (Information Assurance; IA) requirements
      • Cloud storage is a rich resource for both hackers and national security agencies. Because the cloud holds data from many different users and organizations, hackers see it as a very valuable target.
    • Piracy and copyright infringement may be enabled by sites that permit filesharing. For example, the CodexCloud ebook storage site has faced litigation from the owners of the intellectual property uploaded and shared there, as have the GrooveShark and YouTube sites it has been compared to.

What are the different types of cloud computing?



Save 65% on select product(s) with promo code 65ZDS44X on Amazon.com

(adsbygoogle = window.adsbygoogle || []).push({});
</br>



  • Public clouds: A cloud is called a “public cloud” when the services are rendered over a network that is open for public use. They are owned and operated by a third-party cloud service providers, which deliver their computing resources, like servers and storage, over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. You access these services and manage your account using a web browser. For infrastructure as a service (IaaS) and platform as a service (PaaS), Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) hold a commanding position among the many cloud companies.
  • Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third party, and hosted either internally or externally. A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private cloud. A private cloud is one in which the services and infrastructure are maintained on a private network.
  • Hybrid cloud is a composition of a public cloud and a private environment, such as a private cloud or on-premise resources, that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect collocation, managed and/or dedicated services with cloud resources. Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives your business greater flexibility, more deployment options, and helps optimize your existing infrastructure, security, and compliance.
  • Community Cloud: A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns, whether managed internally or by a third-party and hosted internally or externally. This is controlled and used by a group of organizations that have shared interest. The costs are spread over fewer users than a public cloud, so only some of the cost savings potential of cloud computing are realized.


Other AWS Facts and Summaries and Questions/Answers Dump

Reference