What is an egress charge in cloud pricing?

Egress charges are fees for data transfer out of the cloud provider's network.

How do you prevent DDoS attacks in the cloud?

• Use AWS Shield, Azure DDoS Protection, Cloudflare WAF.
• Implement Rate Limiting on API endpoints.

What are the best practices for cloud security?

• Least Privilege Access (IAM policies).
• Encrypt Data at Rest & Transit (KMS, SSL/TLS).
• Enable Multi-Factor Authentication (MFA).

What are the risks of vendor lock-in, and how do you mitigate them?

Vendor lock-in occurs when a company becomes dependent on a single cloud provider, making migration difficult due to high costs or compatibility issues.
Mitigation strategies:

• Use multi-cloud strategies to distribute workloads.
• Adopt open-source and portable tools (e.g., Kubernetes, Terraform).
• Design applications with cloud-agnostic architectures using containerization and microservices.

What is Kubernetes pod affinity and anti-affinity?

Pod affinity and anti-affinity define rules for where Kubernetes pods should be scheduled based on labels.

• Pod Affinity: Ensures pods are scheduled together (e.g., for performance reasons).

• Pod Anti-Affinity: Ensures pods are placed on different nodes (e.g., for high availability).

• Example YAML:

  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - backend
          topologyKey: "kubernetes.io/hostname"

How do you prevent DDoS attacks in cloud environments?

To prevent DDoS (Distributed Denial of Service) attacks, use:

• Web Application Firewalls (WAF): AWS WAF, Azure WAF.
• DDoS Protection Services: AWS Shield, Azure DDoS Protection, Cloudflare.
• Rate Limiting & Traffic Throttling: Block excessive requests from suspicious IPs.
• Network ACLs & Security Groups: Restrict unnecessary traffic at the firewall level.

What is confidential computing in the cloud?

Confidential computing encrypts data even while it is being processed to enhance security.

• Uses Trusted Execution Environments (TEEs) to protect data.
• Examples:
  • AWS Nitro Enclaves
  • Azure Confidential Computing
  • Google Cloud Confidential VMs

What is a policy-as-code approach in cloud security?

Policy-as-Code (PaC) automates security and compliance checks using code-based policies.

• Tools:
  • AWS Config, Azure Policy
  • OPA (Open Policy Agent)
  • HashiCorp Sentinel
• Example: Enforce that all S3 buckets must be encrypted.

How do you implement cloud governance?

Cloud governance ensures compliance, security, and cost control.

• Identity & Access Control: Enforce least-privilege access.
• Budget & Cost Management: Use AWS Budgets, Azure Cost Management.
• Automated Compliance Checks: Use AWS Config, Azure Policy.

What are the best practices for cloud security?

• Identity & Access Management (IAM): Enforce least privilege access.
• Data Encryption: Encrypt at rest (AES-256) and in transit (TLS).
• Multi-Factor Authentication (MFA): Require MFA for user accounts.
• Network Security: Implement firewalls, VPNs, and private subnets.
• Logging & Monitoring: Enable AWS CloudTrail, Azure Monitor, Google Cloud Logging for real-time threat detection.

How do you design for high availability in the cloud?

High availability design principles include:

• Multi-AZ Deployments: Deploy across multiple availability zones
• Auto-Scaling: Automatically adjust capacity based on demand
• Load Balancing: Distribute traffic across multiple instances
• Failover Systems: Implement automatic failover mechanisms
• Data Replication: Maintain synchronized copies of data

What is cloud-native architecture?

Cloud-native architecture principles include:

• Microservices: Breaking applications into small, independent services
• Containers: Using containerization for consistency
• DevOps: Implementing automated CI/CD pipelines
• Scalability: Building for automatic scaling
• Resilience: Designing for failure and recovery

How do you implement disaster recovery in the cloud?

Disaster recovery strategies include:

• Backup and Restore: Regular data backups and testing
• Pilot Light: Minimal version of app running in cloud
• Warm Standby: Scaled-down version of full environment
• Multi-Site: Full production environment in multiple regions
• Recovery Time Objective (RTO) and Recovery Point Objective (RPO) planning

What is FinOps in cloud computing?

FinOps (Cloud Financial Operations) involves:

• Cost Optimization: Identifying and eliminating waste
• Resource Allocation: Matching resources to business needs
• Chargeback Models: Implementing internal billing systems
• Budget Management: Setting and monitoring cloud budgets
• Cost Forecasting: Predicting future cloud expenses

How do you implement service mesh in cloud environments?

Service mesh implementation includes:

• Proxy Deployment: Sidecar pattern with Envoy/Linkerd
• Traffic Management: Routing and load balancing
• Security: mTLS and access policies
• Observability: Metrics, logging, and tracing
• Tools: Istio, Consul, Linkerd

What are advanced container orchestration patterns?

Advanced patterns include:

• Init Containers: Setup and validation
• Sidecar Patterns: Auxiliary services
• Ambassador Pattern: Proxy to external services
• Adapter Pattern: Standardizing output
• Multi-Container Pod Design: Shared resources and communication

How do you implement GitOps in cloud environments?

GitOps implementation includes:

• Infrastructure as Code: Using Git as single source of truth
• Automated Synchronization: Continuous reconciliation
• Pull-Based Deployment: Cluster-initiated updates
• Tools: ArgoCD, Flux, Jenkins X
• Version Control: Managing infrastructure changes

What is cloud infrastructure automation?

Infrastructure automation involves:

• Infrastructure as Code (IaC): Using tools like Terraform, CloudFormation
• Configuration Management: Ansible, Chef, Puppet
• CI/CD Integration: Automated deployment pipelines
• Testing: Infrastructure testing frameworks
• Version Control: Managing infrastructure code