Cloud and Virtualization

Question 1

A developer is using a cloud service that provides virtual machines, storage, and also includes runtime environments and development tools—but does not include the full application stack. Which cloud model is most likely being used?

Answer 1

PaaS – Platform as a Service, which offers more than IaaS but less than SaaS, typically including OS, middleware, and runtime support for application development.

Question 2

A cloud engineer is tasked with deploying a secure, logically isolated environment within a public cloud. The setup must support automated resource provisioning using scripted orchestration tools. What cloud construct is being used?

Answer 2

Virtual Private Cloud (VPC), which enables isolated infrastructure within a cloud provider’s environment and supports Infrastructure as Code (IaC) for automated deployment.

Question 3

A network engineer is tasked with improving agility and reducing hardware dependency across multiple branch offices. They implement a solution that extracts traditional network functions from physical devices and deploys them as software applications. What technology is being used?

Answer 3

Network Function Virtualization (NFV), which enables flexible, cost-effective deployment of network services by virtualizing functions traditionally tied to hardware.

Question 4

A company wants users to access cloud applications like Salesforce and Office 365 using their corporate login credentials without re-entering passwords. What protocol enables this type of Single Sign-On across platforms?

Answer 4

SAML — allows users to authenticate once with their identity provider and access multiple services.

Question 5

A service provider receives a digitally signed XML message confirming a user’s identity from a trusted identity provider. What protocol is being used to transmit this authentication data securely?

Answer 5

SAML — uses XML-based assertions to securely pass authentication and authorization data.

Question 6

In a SAML-based federated identity system, what roles do Identity Providers (IdPs) and Relying Parties (RPs) play?

Answer 6

IdPs authenticate users and assert their identity; RPs trust the IdPs to verify users and grant access, allowing secure access across multiple organizations without centralizing accounts.

Question 7

Compare NAT Gateway, Internet Gateway, VPN Gateway, and Direct Connect Gateway in a VPC.

Answer 7

NAT Gateway → Private resources access Internet outbound only, not directly reachable

Internet Gateway → Provides full Internet access for public subnets

VPN Gateway → Secure site-to-site VPN to on-premises networks

Direct Connect Gateway → Dedicated private connection from on-prem to cloud

Question 8

What is the VXLAN Network Identifier (VNI) used for?

Answer 8

A 24-bit identifier that differentiates separate VXLAN overlay L2 networks (isolates virtual LANs carried over the same IP underlay).

Question 9

What’s the difference between multitenancy and single-tenancy in cloud environments?

Answer 9

Multitenancy → Multiple customers share the same cloud resources securely.

Single-tenancy → Dedicated resources for one customer; better isolation.

Question 10

How do CDNs store and deliver content?

Answer 10

CDNs cache content from the origin server (like images, videos, scripts) at distributed edge servers. Website owners set caching rules, and the CDN serves cached content to users for faster delivery while fetching uncached items from the origin.

Question 11

Compare VPC, SD-WAN, VXLAN, and VPN.

Answer 11

VPC (Virtual Private Cloud): Isolated cloud network within a public cloud; resources can communicate privately.

SD-WAN: Software-defined WAN; intelligently routes traffic over multiple WAN links for performance and reliability.

VXLAN: Overlay network technology; encapsulates Layer 2 frames in Layer 3 packets to extend VLANs across large networks.

VPN (Virtual Private Network): Secure tunnel over public or shared networks to connect remote devices or sites.

Question 12

What is a snowflake system in IT, and why is it problematic?

Answer 12

A snowflake system is a unique, manually configured server or environment that differs from standard configurations, making it hard to reproduce, maintain, or troubleshoot.

Question 13

In a Platform as a Service (PaaS) model, what is the customer responsible for managing?

Answer 13

The customer is responsible for application development and security, while the cloud provider manages the underlying servers, infrastructure, and platform software.