Skip to content

Portal | Level: L1: Foundations | Domain: DevOps & Tooling

Cloud Basics - Skill Check

Mental model (bottom-up)

Cloud is: API control plane creating/controlling data plane resources (compute/storage/network). You're paying for: running capacity, stored bytes, and moved bytes.

Visual guide

Control plane (APIs/IAM)  --> creates -->  Data plane (VMs, disks, VPC, LBs)

Glossary

  • control plane - APIs that manage resources (create/update/delete)
  • data plane - actual running resources that handle traffic/work
  • region/AZ - geography vs isolated datacenter group
  • IAM - identity + policies controlling who can do what
  • SG/NACL - stateful instance rules vs stateless subnet rules (concept)
  • egress - traffic leaving a network/provider; often billed

Core internals (why design looks like it does)

  • Virtualization isolates tenants (hypervisors, VMs, network overlays).
  • APIs make infra scriptable (everything is CRUD + eventual consistency).
  • Identity is the real perimeter (keys/tokens/policies beat "trusted network").

Visual: typical VPC layout

Internet
  |
[Public Subnet]  (LB / Bastion)
  |
[NAT] --> outbound-only for
  |
[Private Subnet] (App)
  |
[Private Subnet] (DB)

Roadmap core (10, easy -> hard)

  • What is "cloud" in one line?
  • On-demand infrastructure APIs (compute/storage/network) with metering.
  • Compute vs storage vs networking?
  • VMs/containers; disks/objects; routing/firewalls/IPs/DNS.
  • IaaS vs PaaS vs SaaS?
  • Infra building blocks vs managed platforms vs finished apps.
  • Region vs AZ?
  • Region = geographic area; AZ = isolated datacenter group in region.
  • Security group vs NACL (conceptually)?
  • Instance-level stateful rules vs subnet-level stateless rules.
  • Object vs block storage?
  • Objects via HTTP keys; blocks attach as disks with filesystems.
  • IAM basics: auth vs authz?
  • Authentication = who; authorization = what allowed (policy).
  • Shared responsibility model?
  • Provider secures underlying; you secure configs, data, identity.
  • High availability basics?
  • Multi-AZ design + health checks + failover + statelessness.
  • What actually causes big cloud bills?
  • Egress, oversized compute, orphaned storage/snapshots, idle managed services.

Cloud networking (easy -> hard)

  • VPC/VNet in one line?
  • Your isolated network space with subnets, routes, and controls.
  • What's an internet gateway vs NAT gateway?
  • IGW gives public routing; NAT gives outbound-only for private subnets.
  • Why private subnets exist?
  • Keep workloads off the internet; control exposure via LBs/bastions.
  • What is a security group "stateful" effect?
  • Return traffic allowed automatically once a flow is permitted.
  • What's a typical 3-tier VPC layout?
  • Public (LB/bastion), private app, private data.

Identity & secrets (easy -> hard)

  • Why IAM roles beat long-lived keys?
  • Short-lived credentials; easier rotation; reduces leak impact.
  • What is "least privilege" in IAM?
  • Grant only required actions/resources; avoid wildcard policies.
  • What's a common IAM mistake?
  • Overbroad permissions for speed; becomes permanent.
  • Secrets manager vs env vars?
  • Secret manager gives rotation/audit; env vars leak via logs/proc.
  • How do you handle cross-account access?
  • Trust policies + assume role; tight conditions and external IDs.

Resilience & operations (easy -> hard)

  • What's an SLA vs SLO (cloud view)?
  • Provider guarantee vs your internal target.
  • What is "multi-AZ" protecting against?
  • AZ failure, power/network issues, maintenance events.
  • What's "stateless app" mean?
  • State externalized (DB/cache/object store); enables scaling and failover.
  • Backups: RPO vs RTO?
  • Data loss tolerance vs time to restore service.
  • Disaster recovery patterns (rough order)?
  • Backup/restore -> pilot light -> warm standby -> active/active.

Cost & performance (easy -> hard)

  • Why egress surprises people?
  • Cross-AZ/region/internet traffic costs add up fast.
  • Biggest cost levers?
  • Right-size compute; autoscale; storage lifecycle; reduce egress.
  • Spot/preemptible tradeoff?
  • Cheap but interruptible; good for batch and flexible workloads.
  • What's the difference: Reserved vs Savings Plans (concept)?
  • Commit spend/usage for discount; details vary by provider.
  • How to keep bills sane?
  • Budgets/alerts + tagging + monthly cleanup + IaC review.

Sources

  • Official AWS/Azure docs, Well-Architected guidance, Cloud provider security docs.