Оглавление
Ben Piper. CompTIA Cloud+ Study Guide
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
CompTIA® Cloud+® Study Guide. Exam CV0-003
Acknowledgments
About the Author
About the Technical Editor
Introduction
Why Should You Become Certified in Cloud Technologies?
What Does This Book Cover?
Interactive Online Learning Environment and Test Bank
How to Use This Book
How Do You Go About Taking the Exam?
Certification Exam Policies
Tips for Taking Your Cloud+ Exam
Cloud+ Exam Renewal
CompTIA Cloud+ Study Guide: Exam CV0-003 Objective Map
1.0 Cloud Architecture and Design
2.0 Security
3.0 Deployment
4.0 Operations and Support
5.0 Troubleshooting
Reader Support for This Book
Assessment Test
Answers to Assessment Test
Chapter 1 Introducing Cloud Computing Configurations and Deployments
Introducing Cloud Computing
Virtualization
Machine Virtualization
Network Virtualization
Cloud Service Models
Software as a Service
Infrastructure as a Service
Platform as a Service
Communications as a Service
Database as a Service
Desktop as a Service
Business Process as a Service
Anything as a Service
Cloud Reference Designs and Delivery Models
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
Introducing Cloud Concepts and Components
Applications
Automation
Compute
Networking
Security
Storage
Connecting the Cloud to the Outside World
Deciding Whether to Move to the Cloud
Selecting Cloud Compute Resources
Hypervisor Affinity Rules
Validating and Preparing for the Move to the Cloud
Choosing Elements and Objects in the Cloud
Internet of Things
Machine Learning/Artificial Intelligence (AI)
Supervised Learning
Unsupervised Learning
Creating and Validating a Cloud Deployment
The Cloud Shared Resource Pooling Model
Compute Pools
Network Pools
Storage Pools
Organizational Uses of the Cloud
Production
Quality Assurance/Test
Staging
Development
Scaling and Architecting Cloud Systems Based on Requirements
Understanding Cloud Performance
Delivering High Availability Operations
Managing and Connecting to Your Cloud Resources
Managing Your Cloud Resources
Web Management Interface
Command-Line Interface, APIs, and SDKs
Connecting to Your Cloud Resources
Internet
VPN Access
Dedicated Private Connections
Is My Data Safe? (Replication and Synchronization)
Understanding Load Balancers
Cloud Testing
Vulnerability Testing
Penetration Testing
Performance Testing
Regression Testing
Functional Testing
Usability Testing
Verifying System Requirements
Correct Scaling for Your Requirements
Making Sure the Cloud Is Always Available
Regions
Availability Zones
Cluster Placement
Remote Management of VMs
Monitoring Your Cloud Resources
Writing It All Down (Documentation)
Creating Baselines
Shared Responsibility Model
IaaS
PaaS
SaaS
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2 Cloud Deployments
Executing a Cloud Deployment
Cloud vs. Data Center Operations
Understanding Deployment and Change Management
Change Management
Obtaining Buy-In from All Involved Parties
Setting a Realistic Migration Timeline
Documenting and Following Procedures
What Is a Cloud Workflow?
Setting Up Your Cloud for Automation
What Are Cloud Tools and Management Systems?
Cloud Deployment Models
Public
Private
Hybrid
Community
Network Deployment Considerations
Network Protocols
Network Ports
Network Configurations
Virtual Private Networks
Firewalls and Microsegmentation
Web Application Firewalls
Application Delivery Controllers
Watching Out for the Bad Guys: Understanding IDSs/IPSs
Demilitarized Zone
VXLAN Deployments
GENEVE
IP Address Management
Network Packet Brokers
Content Delivery Networks
Service Level Agreements
Matching Data Center Resources to Cloud Resources
What Are Available and Proposed Hardware Resources?
Physical and Virtual Processors
Physical and Virtual Memory
Overcommitting Your Memory Resources
Bursting and Ballooning—How Memory Is Handled
Understanding Hyperthreading in a CPU
Hypervisor CPU Optimization with AMD-V and Intel VT-x
CPU Overcommitment Ratios
Single Root I/O Virtualization
Templates and Images
Physical Resource High Availability
Introducing Disaster Recovery
Physical Hardware Performance Benchmarks
Cost Savings When Using the Cloud
Energy Savings in the Cloud
Shared vs. Dedicated Hardware Resources in a Cloud Data Center
Microservices
Containers
Working with Containers
Secrets
Configuring and Deploying Storage
Identifying Storage Configurations
Network-Attached Storage
Direct-Attached Storage
Storage Area Networks
Object/File Storage
Software-Defined Storage
Storage Provisioning
Thick Provisioning
Thin Provisioning
Storage Overcommitment
Physical to Physical
Encrypting Your Data at Rest
Token Models
Input/Output Operations per Second
Compression and Deduplication
Storage Priorities: Understanding Storage Tiers
Tier 1
Tier 2
Tier 3
Managing and Protecting Your Stored Data
High Availability and Failover
Cross-Region Replication
Replication Types: Understanding Synchronous and Asynchronous Replications
Using Mirrors in Cloud-Based Storage Systems
Cloning Your Stored Data
Using RAID for Redundancy
RAID 0
RAID 1
RAID 1+0
RAID 0+1
RAID 5
RAID 6
Quotas and Expiration
Storage Security Considerations
Access Control for Your Cloud-Based Storage
Understanding Obfuscation
Storage Area Networking, Zoning, and LUN Masking
Hyperconverged Appliances
Data Loss Prevention
Accessing Your Storage in the Cloud
Performing a Server Migration
Different Types of Server Migrations
Physical to Virtual
Virtual to Virtual
Virtual to Physical
Online or Offline
Migrating Your Storage Data
Addressing Application Portability
Workload Migration Common Procedures
Examining Infrastructure Capable of Supporting a Migration
Available Network Capacity
Downtime During the Migration
Legal Questions About Migrating to the Cloud
Local Time Zones and Follow-the-Sun Migration Constraints
Managing User Identities and Roles
RBAC: Identifying Users and What Their Roles Are
What Happens When You Authenticate?
Understanding Federation
Single Sign-On Systems
Understanding Infrastructure Services
Domain Name System
Dynamic Host Configuration Protocol
Certificate Services
Load Balancing
Multifactor Authentication
Firewall Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3 Security in the Cloud
Cloud Security Compliance and Configurations
Establishing Your Company's Security Policies
Selecting and Applying the Security Policies to Your Cloud Operations
Some Common Regulatory Requirements
Protecting Your Data
Performing Compliance Audits
Vulnerability Assessments
Encrypting Your Data
IP Security
Transport Layer Security
Other Common Ciphers
File Integrity
Understanding Public Key Infrastructure
Remote Access Protocols
Generic Routing Encapsulation
Layer 2 Tunneling Protocol
Point-to-Point Tunneling Protocol
Automating Cloud Security
Log and Event Monitoring
Distributed Denial-of-Service Protection
Security Best Practices
Securing Accounts
Disabling Unused Accounts
Disabling Unused Services
Disable/Rename Default Accounts
Host-Based Firewall Security
Antivirus Protection
Keeping Your Servers Up-to-Date by Applying the Latest Patches
Proxies
Access Control
Accessing Cloud-Based Objects
The Authentication and Authorization Processes
User Accounts
User Groups
Network-Based Access Control
Cloud Service Models and Security
Cloud Deployment Models and Security
Role-Based Access Control
Mandatory Access Control
Discretionary Access Control
Multifactor Authentication
Single Sign-On
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4 Implementing Cloud Security
Implementing Security in the Cloud
Data Classification
Segmenting Your Deployment
Storage Segmentation
Computing Segmentation
Implementing Encryption
Applying Multifactor Authentication
Regulatory and Compliance Issues During Implementation
Cloud Access Security Broker
Automating Cloud Security
Automation Tools
Application Programming Interfaces
Command Line
Portals and Dashboards
Techniques for Implementing Cloud Security
Orchestration Systems
Script-Based Services
Customized Security Implementation Approaches
Security Services
Firewalls
Antivirus and Malware Prevention
Endpoint Detection and Response
Intrusion Detection and Prevention
Host-Based Intrusion Detection Systems
Physical Security of Cloud Systems
Automation's Impact on Critical Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5 Maintaining Cloud Operations
Applying Security Patches
Patching Cloud Resources
Hypervisors
Virtual Machines
Virtual Appliances
Applications
Storage Systems
Clusters
Patching Methodologies
Production Systems
Development Systems
Quality Assurance
Rolling Updates
Blue-Green
Canary
Clustering and Failover
Patching Order of Operations and Dependencies
Updating Cloud Elements
Hotfix
Patch
Version Update
Rollback
Workflow Automation
Runbooks
Orchestration
Continuous Integration and Continuous Deployment
Virtualization Automation Tools and Activities
Snapshots
Cloning Virtual Devices
Patching Automation
Restarting Systems
Shutting Down Systems
Enabling Maintenance Mode
Enabling/Disabling System Alerts
Storage Operations
Types of Backups
Image Backups
LUN Cloning
File Backups
Snapshots
Database Backups
Application-Level Backups
Full Backups
Differential Backups
Incremental Backups
Synthetic Full Backup
Backup Targets
Replicas
Local Backups
Remote Backups
Backup and Restore Operations
Backup Service Level Agreements
Scheduling
Backup Configurations
Dependencies
Online vs. Offline
Retention
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6 Disaster Recovery, Business Continuity, and Ongoing Maintenance
Implementing a Disaster Recovery and Business Continuity Plan
Service Provider Responsibilities and Capabilities
Recovery Point Objective
Recovery Time Objective
Corporate Policies and Guidelines
Cloud Service Provider Policies and Guidelines
Disaster Recovery Network Capacity
Disaster Recovery ISP Limitations
Disaster Recovery Models and Techniques
Site Mirroring
Replications
Archiving Data
Third-Party Offerings
Business Continuity
Establishing a Business Continuity Plan
Determine Alternate Sites
Define Continuity of Operations
Addressing Network Connectivity
Deploying Edge Sites
Procuring Backup Equipment
Recovery Site Availability
Third-Party Disaster Recovery Vendors
Establishing Service Level Agreements
Cloud Maintenance
Establishing Maintenance Windows
Maintenance Interruptions to Operations
Maintenance Automation Impact and Scope
Common Maintenance Automation Tasks
Log Files Archive and Clearing
Compressing Storage on Drives
Managing and Removing Inactive Accounts
Stale DNS Entries
Orphaned Resources
Outdated Firewall and Security Rules
Reclaiming Resources
Maintaining Access Control Lists
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7 Cloud Management
Cloud Metrics
Monitoring Your Deployment
Baselines
Anomalies
Alert Methods
Alert Triggers
Event Correlation
Forecasting Required Resources
Event Collection Policies
Event Dissemination Policies
Cloud Support Agreements
Standard Cloud Maintenance Responsibilities
Configuration Management Applications and Tools
Change Management Processes
Change Advisory Board
Document Action and Backout Plans
Adding and Removing Cloud Resources
Determining Usage Patterns
Bursting
Migrating Between Cloud Providers
Scaling Resources to Meet Requirements
Vertical and Horizontal Scaling
Auto-Scaling
Community Cloud Scaling
Scaling the Public Cloud
Elasticity
Extending the Scope of the Cloud
Understanding Application Life Cycles
Deployments
Upgrades
Migrations
Feature Additions or Deletions
Replacements
Retirements
Organizational Changes
Mergers, Acquisitions, and Divestitures
Cloud Service Requirement Changes
Regulatory and Law Changes
Managing Account Provisioning
Account Identification
Authentication
Federations and Single Sign-On
Authorization
Lockout Policies
Password Complexity
Account Automation and Orchestration
User Account Creation
Resource-Based and User-Based Policies
Removing Accounts
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8 Cloud Management Baselines, Performance, and SLAs
Measuring Your Deployment Against the Baseline
Object Tracking for Baseline Validation
Application Versions
CPU Usage
Enabling the Audit Process
Management Tool Compliance
Network Utilization
Patch Versions
RAM Usage
Storage Utilization
Baseline Validation
Applying Changes to the Cloud to Meet Baseline Requirements
Performance Trending
Service Level Agreement Attainment
Compute Tuning
Network Changes
Storage Tuning
Service/Application Changes
Changing Operations to Meet Expected Performance/Capacity Requirements
Vertical Scaling
Horizontal Scaling
Cloud Accounting, Chargeback, and Reporting
Company Policy Reporting
Reporting Based on SLAs
Using the Cloud Dashboard
Tags
Costs
Elasticity Usage
Connectivity
Latency
Capacity and Utilization
Incident and Health Reports
Uptime and Downtime Reporting
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9 Troubleshooting
Incident Management
Incident Types
Automation
Cloud Interoperability
Interconnections
Licensing
Networking
Resource Contention and Starvation
Service Outages
Logging Incidents
Prioritizing Incidents
Preparation
Documentation
Call Trees
Tabletops
Documented Incident Types
Templates
Time Synchronization
Workflow
Troubleshooting Cloud Capacity Issues
Capacity Boundaries in the Cloud
API Request Capacity
Bandwidth
Cloud Batch Job Scheduling
Compute Resources
Network Addressing
Storage Capacity
Variance in Number of Users
Troubleshooting Automation and Orchestration
Process and Workflow Issues
Account Mismatch
Change Management Breakdowns
DNS and Server Name Changes
Version Incompatibility
IP Address Changes
Location Changes
Deployment Model Change
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10 Troubleshooting Networking and Security Issues and Understanding Methodologies
Troubleshooting Cloud Networking Issues
Identifying the Common Networking Issues in the Cloud
Incorrect Subnet Issues
Incorrect IP Addressing
Incorrect Default Gateways and Routing
Network Infrastructure Troubleshooting
Network Latency Troubleshooting
Domain Name System
Quality of Service
Maximum Transmission Units
Available Bandwidth
Validating Firewall and Proxy Configurations
VLAN and VXLAN Issues
Network Troubleshooting and Connectivity Tools
ARP
ipconfig/ifconfig
Netstat
nslookup/dig
Ping
route
SSH
Telnet
tcpdump
tracert/traceroute
Remote Access Tools
Console Port
HTTP
RDP
SSH
Troubleshooting Security Issues
Account Privilege Escalation
Network Access Issues
Authentication
Authorization
Federations
Certificate Configuration Issues
Device-Hardening Settings
External Attacks
Internal Attacks
Maintain Sufficient Security Controls and Processes
Network Access Tunneling and Encryption
Troubleshooting Methodology
Identifying the Problem
Establishing a Theory
Testing the Theory
Creating and Implementing a Plan of Action
Verifying the Resolution
Documenting the Ordeal
Summary
Exam Essentials
Written Lab
Review Questions
Appendix A Answers to Review Questions
Chapter 1: Introducing Cloud Computing Configurations and Deployments
Chapter 2: Cloud Deployments
Chapter 3: Security in the Cloud
Chapter 4: Implementing Cloud Security
Chapter 5: Maintaining Cloud Operations
Chapter 6: Disaster Recovery, Business Continuity, and Ongoing Maintenance
Chapter 7: Cloud Management
Chapter 8: Cloud Management Baselines, Performance, and SLAs
Chapter 9: Troubleshooting
Chapter 10: Troubleshooting Networking and Security Issues and Understanding Methodologies
Appendix B Answers to Written Labs
Chapter 1: Introducing Cloud Computing Configurations and Deployments
Chapter 2: Cloud Deployments
Chapter 3: Security in the Cloud
Chapter 4: Implementing Cloud Security
Chapter 5: Maintaining Cloud Operations
Chapter 6: Disaster Recovery, Business Continuity, and Ongoing Maintenance
Chapter 7: Cloud Management
Chapter 8: Cloud Management Baselines, Performance, and SLAs
Chapter 9: Troubleshooting
Chapter 10: Troubleshooting Networking and Security Issues and Understanding Methodologies
Index
WILEY END USER LICENSE AGREEMENT
