Coding 4 Bread
Cloud Engineering

Cloud Fundamentals Quiz

Cloud Fundamentals Quiz — Study Guide

Cloud Fundamentals: Networking, Compute, Security & More

Cloud computing powers nearly every modern application — from streaming services to banking apps. Understanding how cloud infrastructure works isn't just for DevOps engineers; it's essential knowledge for any developer who wants to build reliable, scalable, and secure systems. This guide covers the core concepts you'll need to ace the Cloud Fundamentals Quiz.

Networking in the Cloud

VPC (Virtual Private Cloud)

A VPC is your own isolated network within a cloud provider. Think of it like renting a private floor in a massive office building — you share the building (the cloud), but your floor is completely yours to configure.

  • VPCs contain subnets (public or private), route tables, and internet gateways
  • Public subnets can communicate with the internet; private subnets cannot directly
  • Resources in private subnets use a NAT Gateway to initiate outbound internet traffic *without* being reachable from the internet

    • Analogy: A NAT Gateway is like a receptionist — internal employees can call out, but outside callers can't reach internal staff directly.

    OSI Layers & Load Balancing

    The OSI model describes how network communication is layered. For cloud quizzes, focus on:

    OSI LayerNameExample
    Layer 4TransportTCP/UDP traffic (NLB)
    Layer 7ApplicationHTTP/HTTPS traffic (ALB)
    An Application Load Balancer (ALB) operates at Layer 7, meaning it can inspect HTTP headers, paths, and hostnames to route traffic intelligently (e.g., /api goes to one service, /images goes to another).

    A Network Load Balancer (NLB) operates at Layer 4 — faster, but less routing intelligence.

    Compute: From Servers to Serverless

    Traditional Compute

    Cloud compute starts with virtual machines (VMs). On AWS these are EC2 instances; on GCP they're Compute Engine instances. You choose CPU, RAM, and storage, and you're responsible for the OS and runtime.

    Serverless Compute

    Serverless means you write code and let the cloud handle the infrastructure entirely. You don't manage servers, scaling, or patching.

  • AWS Lambda — runs code in response to events (HTTP request, file upload, database change)
  • Google Cloud Functions — GCP's equivalent
  • Billed per invocation and execution time, not idle time

    • # Example AWS Lambda function handler
def lambda_handler(event, context):
    name = event.get("name", "World")
    return {
        "statusCode": 200,
        "body": f"Hello, {name}!"
    }

    Serverless is ideal for event-driven workloads, but has cold start latency and execution time limits.

    Storage: S3, EBS, and Beyond

    Storage TypeServiceUse Case
    Object StorageAWS S3Files, images, backups, static sites
    Block StorageAWS EBSOS disks, databases attached to EC2
    File StorageAWS EFS / GCP FilestoreShared file systems
  • S3 (Simple Storage Service) stores objects in buckets. Each object has a key (filename), value (data), and metadata. S3 is globally accessible and infinitely scalable.
  • EBS (Elastic Block Store) is like a hard drive attached to a single EC2 instance. It persists data even when the instance stops, but is tied to one availability zone.

    • Scaling & Availability

    Scaling Strategies

  • Vertical scaling — make the server bigger (more CPU/RAM). Has limits.
  • Horizontal scaling — add more servers. Preferred for cloud-native apps.

    • Auto Scaling Groups on AWS automatically add or remove EC2 instances based on demand (CPU usage, request count, etc.).

    Availability Zones & Regions

  • A Region is a geographic area (e.g., us-east-1)
  • Each region contains multiple Availability Zones (AZs) — isolated data centers
  • Deploying across multiple AZs protects against single data center failures

    • High availability means designing your system so that one component failing doesn't take down the whole application.

    Security & IAM

    Principle of Least Privilege

    The principle of least privilege means every user, service, or system should have *only* the permissions it needs — nothing more. If a Lambda function only reads from S3, it should not have write or delete permissions.

    IAM (Identity and Access Management)

    IAM controls *who* can do *what* on your cloud resources.

  • Users — human identities with credentials
  • Roles — identities assumed by services or applications (no long-term credentials)
  • Policies — JSON documents defining allowed/denied actions

    • {
  "Effect": "Allow",
  "Action": ["s3:GetObject"],
  "Resource": "arn:aws:s3:::my-bucket/*"
}

    GCP Service Accounts

    In GCP, a service account is a special identity used by applications and VMs — not humans. It allows a GCP resource (like a Cloud Function) to authenticate and interact with other GCP services securely, following least privilege principles.

    CDN (Content Delivery Network)

    A CDN caches content at edge locations around the world, serving users from the nearest location instead of a distant origin server.

  • AWS CloudFront is AWS's CDN
  • Reduces latency, offloads traffic from origin servers
  • Ideal for static assets: images, JavaScript, CSS, videos

    • Analogy: Instead of everyone in Tokyo downloading a file from a server in Virginia, a CDN stores a copy in a Tokyo edge location.

    Infrastructure as Code (IaC)

    IaC means defining your cloud infrastructure in code files instead of clicking through a console. This makes infrastructure repeatable, version-controlled, and reviewable.

    Popular tools:

  • Terraform — cloud-agnostic, uses HCL syntax
  • AWS CloudFormation — AWS-native, uses YAML/JSON
  • Google Cloud Deployment Manager — GCP-native

    • # Terraform example: create an S3 bucket
resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-unique-bucket-name"
}

    IaC is a cornerstone of modern cloud architecture and DevOps practices.

    Architecture Patterns

    Good cloud architecture balances cost, performance, reliability, and security. Key patterns include:

  • Decoupled architecture — use queues (SQS) or events to separate components
  • Multi-AZ deployments — survive data center failures
  • Stateless services — store session data externally so any instance can serve any request
  • Defense in depth — layer security controls (VPC, security groups, IAM, encryption)

    • Key Takeaways

  • ALB operates at OSI Layer 7 (application/HTTP), while NLB operates at Layer 4 (transport/TCP). This distinction matters for routing decisions.
  • NAT Gateways allow private subnet resources to reach the internet outbound without exposing them to inbound connections.
  • The principle of least privilege is the foundation of cloud security — always grant minimum necessary permissions, whether for IAM users, roles, or GCP service accounts.
  • Serverless (AWS Lambda) abstracts infrastructure entirely and runs code in response to events — you only pay for actual execution time.
  • IaC tools like Terraform let you define, version, and automate your entire cloud infrastructure, making environments reproducible and auditable.