- IaaS
- Infrastructure as a Service: the provider supplies compute, storage, and networking; you manage the OS, runtime, and apps. Example: virtual machines.
- PaaS
- Platform as a Service: the provider manages the OS and runtime; you deploy and manage only your application and data.
- SaaS
- Software as a Service: the provider manages everything; you just use the application over the internet. Example: webmail, CRM.
- FaaS
- Function as a Service: run individual functions on demand without managing servers (serverless); you are billed per invocation/execution.
- Shared responsibility model
- A split of security duties: the cloud provider secures the cloud (hardware, host, network); the customer secures what is in the cloud (data, config, access).
- Region
- A separate geographic area of a cloud provider's infrastructure, made up of multiple availability zones.
- Availability zone (AZ)
- One or more isolated data centers within a region, with independent power and networking, used to build high availability.
- Cloud bursting
- A hybrid pattern where a private cloud overflows extra workload into a public cloud during demand spikes.
- Edge computing
- Processing data near where it is generated (the network edge) to reduce latency and bandwidth use.
- Multicloud
- Using services from two or more cloud providers, often to avoid vendor lock-in and improve resilience.
- RTO (Recovery Time Objective)
- The maximum acceptable time to restore a service after an outage.
- RPO (Recovery Point Objective)
- The maximum acceptable amount of data loss, measured as time since the last good backup.
- Hot site
- A fully equipped, always-running standby site that can take over almost immediately; the most expensive DR option.
- Warm site
- A partially configured standby site with some equipment ready; faster than cold, cheaper than hot.
- Cold site
- A basic facility (space, power) with no running systems; the cheapest, slowest DR option.
- Object storage
- Stores data as objects with metadata in a flat namespace; ideal for unstructured data and massive scale (e.g., S3-style).
- Block storage
- Storage presented as raw volumes (blocks) attached to a VM, like a virtual disk; low latency for databases.
- File storage
- Storage presented as a shared file system (NFS/SMB) accessible by multiple clients.
- Hot storage tier
- Frequently accessed data on fast, higher-cost storage.
- Cold storage tier
- Infrequently accessed data on cheaper, slower storage.
- Archive storage tier
- Rarely accessed, long-retention data at the lowest cost with the slowest retrieval.
- SSD vs HDD
- SSD (solid-state) is faster with no moving parts and higher cost; HDD (hard disk) is slower and cheaper per GB.
- Managed service
- A cloud-provided service (e.g., managed database) where the provider handles patching, scaling, and availability for you.
- Microservices
- An architecture that breaks an application into small, independently deployable services that communicate over APIs.
- Loosely coupled architecture
- A design where components depend minimally on each other, so one can change or fail without breaking the others.
- Fan-out
- A messaging pattern where one message is delivered to many subscribers/consumers in parallel.
- Service discovery
- A mechanism that lets services automatically find and connect to each other (e.g., via a registry or DNS).
- Container
- A lightweight, portable unit that packages an app with its dependencies, sharing the host OS kernel; faster and smaller than a VM.
- Workload orchestration
- Automating the deployment, scaling, networking, and lifecycle of containers (e.g., Kubernetes).
- Image registry
- A repository that stores and distributes container images (public or private).
- Persistent volume
- Container storage that survives the container's lifecycle, keeping data after the container stops.
- Ephemeral storage
- Temporary container storage that is deleted when the container stops.
- Virtualization
- Running multiple virtual machines on one physical host via a hypervisor, each with its own guest OS.
- Hypervisor
- Software that creates and runs virtual machines by abstracting and sharing physical hardware.
- Clustering
- Grouping multiple hosts/nodes so they act as one system for high availability and load distribution.
- Host affinity
- A rule that controls which physical host a VM runs on (affinity keeps VMs together; anti-affinity keeps them apart).
- Hardware pass-through
- Giving a VM direct access to a physical device (e.g., GPU) for better performance.
- Overlay network
- A virtual network built on top of a physical network (e.g., VXLAN) to connect VMs/containers across hosts.
- SAN
- Storage Area Network: high-speed block storage shared over a dedicated network.
- NAS
- Network-Attached Storage: file-level storage shared over a standard network.
- Pay-as-you-go
- A billing model charging only for the resources you actually consume.
- Reserved instances
- Discounted capacity committed for a fixed term (e.g., 1-3 years) in exchange for lower rates.
- Spot instance
- Spare cloud capacity offered at a steep discount that the provider can reclaim with little notice.
- Dedicated host
- A physical server reserved for a single customer's use, often for licensing or compliance.
- Tagging
- Labeling cloud resources with key-value metadata for cost allocation, automation, and organization.
- Rightsizing
- Matching resource size/type to actual workload demand to cut waste and cost.
- Resource metering
- Measuring resource usage so it can be billed, monitored, or charged back.
- Relational database
- A database that stores data in tables with defined schemas and relationships, queried with SQL.
- Non-relational (NoSQL) database
- A database for flexible/unstructured data (key-value, document, column, graph) that scales horizontally.
- Serverless
- A compute model where the provider runs your code on demand and handles all server management; you pay per execution.
- IOPS
- Input/Output Operations Per Second: a measure of storage performance (how many reads/writes per second).
- VPC
- Virtual Private Cloud: an isolated, logically private section of a public cloud where you launch resources.
- VPC peering
- A direct, private connection between two VPCs so they can route traffic to each other.
- Transit gateway
- A hub that connects many VPCs and on-premises networks through a single gateway.
- CDN
- Content Delivery Network: distributed edge servers that cache content close to users to cut latency.
- Application load balancer (ALB)
- A Layer 7 load balancer that routes HTTP/HTTPS traffic based on content (URL, headers).
- Network load balancer (NLB)
- A Layer 4 load balancer that distributes TCP/UDP traffic at high performance and low latency.
- IoT
- Internet of Things: networks of sensors and devices that collect and transmit data, often via gateways, to the cloud.
- Generative AI
- AI that creates new content (text, images, code) from learned patterns; an evolving cloud-delivered capability.
- Cloud computing
- On-demand delivery of compute, storage, and services over the internet with pay-per-use pricing and elasticity.
- Elasticity
- The ability to automatically grow and shrink resources to match demand.
- On-demand self-service
- A user can provision resources automatically without human interaction from the provider.
- Resource pooling
- Provider resources are shared among multiple tenants and dynamically assigned (multitenancy).
- Measured service
- Usage is metered and reported transparently so customers pay for what they use.
- Multitenancy
- A single instance of software/hardware serves multiple isolated customers (tenants).
- Orchestration
- Automating the arrangement, coordination, and management of complex systems and services.
- Cloud-native
- Applications designed specifically for the cloud: containerized, microservices-based, and dynamically managed.
- Tiered storage
- Placing data on hot, warm, cold, or archive tiers based on access frequency and cost.
- Application gateway
- A managed entry point that routes and secures application traffic, often with Layer 7 features.
- Firewall (cloud)
- A virtual control that permits or blocks network traffic by rules to protect cloud resources.
- Route table
- A set of rules that determines where network traffic in a VPC/subnet is directed.
- Subnet
- A logical subdivision of a network/VPC, typically public (internet-facing) or private.
- Dedicated connection
- A private, high-bandwidth link from on-premises to a cloud provider (e.g., Direct Connect).
- Availability monitoring
- Continuously checking that services/resources are reachable and healthy.
- Cost implications (storage)
- Faster tiers (SSD, hot) cost more; slower tiers (HDD, archive) cost less per GB.
- Provider-managed database
- A database where the cloud provider handles patching, backups, and scaling (DBaaS).
- Self-managed database
- A database the customer installs and operates on cloud compute, retaining full control.
- Port mapping
- Exposing a container's internal port on the host so external traffic can reach it.
- Machine learning service
- A cloud-delivered capability for text/visual recognition, sentiment, and voice tasks.
- Public cloud
- Cloud infrastructure owned by a provider and shared by many tenants over the internet.
- Private cloud
- Cloud infrastructure dedicated to a single organization, on-premises or hosted.
- Hybrid cloud
- A mix of public and private cloud (and/or on-prem) connected so workloads and data can move between them.
- Community cloud
- Cloud infrastructure shared by several organizations with common requirements (e.g., compliance).
- Blue-green deployment
- Run two identical environments (blue=current, green=new); switch all traffic to green at once, with instant rollback to blue.
- Canary deployment
- Release a new version to a small subset of users first; expand gradually if it is healthy.
- Rolling deployment
- Update instances in batches so the service stays available throughout the rollout.
- In-place deployment
- Update the existing servers directly rather than spinning up new ones; simpler but riskier.
- Rehost (lift and shift)
- Migrate an application to the cloud with little or no change.
- Replatform
- Migrate with minor optimizations (e.g., move to a managed database) without changing the core architecture.
- Refactor / re-architect
- Significantly redesign an application to be cloud-native (e.g., microservices, serverless).
- Retire
- Decommission an application that is no longer needed during a migration.
- Retain
- Keep an application where it is (on-prem) rather than migrating it.
- Vendor lock-in
- Dependence on one provider's proprietary services that makes switching costly or difficult.
- Infrastructure as Code (IaC)
- Defining and provisioning infrastructure through machine-readable files instead of manual setup; repeatable and version-controlled.
- Configuration as Code (CaC)
- Managing system/app configuration in version-controlled code so environments are consistent and repeatable.
- Drift detection
- Identifying when running infrastructure no longer matches its declared (code) state.
- Idempotency / repeatability
- Applying the same IaC repeatedly yields the same result, with no unintended changes.
- JSON
- JavaScript Object Notation: a lightweight, human-readable data format used for config and APIs.
- YAML
- YAML Ain't Markup Language: a human-readable, indentation-based data format common in IaC and CI/CD.
- Cloud-to-cloud migration
- Moving workloads from one cloud provider to another.
- Versioning (IaC)
- Tracking changes to infrastructure code over time so you can review, roll back, and audit.
- Provisioning to requirements
- Selecting resource size and type based on storage, performance, security, cost, availability, and compliance needs.
- On-premises
- Computing resources hosted in an organization's own data center rather than in the cloud.
- Scripting variable
- A named placeholder that stores a value reused throughout deployment code.
- Conditional logic
- Code that runs different actions based on whether a condition is true (if/else) during provisioning.
- Migration (on-prem to cloud)
- Moving workloads from a local data center into the cloud.
- Resource allocation (migration)
- Assigning the right compute, storage, and network capacity to migrated workloads.
- Platform compatibility
- Ensuring the target cloud supports the OS, software, and dependencies being migrated.
- Management overhead
- The ongoing effort to operate a workload; a key migration trade-off.
- Regulatory/compliance (migration)
- Legal and standards requirements that constrain where and how workloads can move.
- Environmental considerations
- Factors like power and cooling that affect migration and placement decisions.
- Scripting operators
- Symbols (e.g., +, ==, &&) used to compute and compare values in deployment code.
- Data types (scripting)
- Categories of values (string, integer, boolean, list) used in scripts.
- Functions (scripting)
- Reusable named blocks of code that perform a task, reducing duplication.
- Testing (IaC)
- Validating infrastructure code before applying it to catch errors and drift.
- Documentation (IaC)
- Recording infrastructure design and code so it is maintainable and auditable.
- Public deployment model
- Resources hosted by a provider and shared across many organizations.
- Cloud-to-on-prem migration
- Repatriating workloads from the cloud back to a local data center.
- Security requirements (provisioning)
- Provisioning resources to meet required encryption, access, and isolation controls.
- Compliance requirements (provisioning)
- Sizing/placing resources to satisfy regulatory and contractual obligations.
- Observability
- The ability to understand a system's internal state from its outputs: logs, metrics, and traces.
- Logging
- Recording discrete events from systems and applications, then collecting, aggregating, and retaining them.
- Metrics
- Numeric measurements over time (CPU, latency, request rate) used for monitoring and alerting.
- Tracing
- Following a single request as it moves across services to find bottlenecks and failures.
- Monitoring
- Continuously observing metrics and health to detect problems and verify performance.
- Alerting
- Notifying responders when a metric crosses a threshold, including triage and response.
- Log aggregation
- Centralizing logs from many sources into one searchable system.
- Log retention
- The policy for how long logs are kept before deletion, balancing cost and compliance.
- Horizontal scaling
- Adding or removing instances (scaling out/in) to handle load; the cloud-preferred approach.
- Vertical scaling
- Increasing or decreasing the size of an instance (scaling up/down), e.g., more CPU/RAM.
- Auto-scaling
- Automatically adjusting capacity based on triggers like load, schedule, or events.
- Triggered scaling
- Scaling driven by a condition such as trending demand, current load, or a specific event.
- Scheduled scaling
- Scaling capacity ahead of known time-based demand (e.g., business hours).
- Full backup
- A complete copy of all selected data; largest and slowest to create, fastest to restore.
- Incremental backup
- Backs up only data changed since the last backup of any type; small and fast, slower restore.
- Differential backup
- Backs up all data changed since the last full backup; bigger than incremental, simpler restore.
- Replication
- Continuously copying data to another location for availability and disaster recovery.
- Backup testing
- Verifying backups by checking recoverability and integrity, not just that they ran.
- In-place recovery
- Restoring data over the original/existing system.
- Parallel recovery
- Restoring to a separate system running alongside the original.
- Patching
- Applying vendor fixes to software/systems to resolve bugs and security flaws.
- Major vs minor update
- Major updates add significant features/changes; minor updates are small fixes or improvements.
- Decommissioning
- Retiring a resource at end of life or end of support, including data handling and cleanup.
- Ephemeral data
- Temporary data that does not need to survive a resource's lifecycle.
- Persistent data
- Data that must be retained beyond a resource's lifecycle and is stored durably.
- Backup schedule
- How often backups run (e.g., hourly, daily), balancing protection and cost.
- Backup retention
- How long backups are kept before being deleted, often set by policy/compliance.
- Backup encryption
- Encrypting backup data so it is protected at rest and in transit.
- On-site vs off-site backup
- On-site backups restore fast; off-site backups protect against site-wide disasters.
- Bulk vs granular recovery
- Bulk recovery restores everything at once; granular recovery restores specific items.
- Recoverability testing
- Confirming a backup can actually be restored to a working state.
- Integrity testing
- Verifying backup data is not corrupted.
- Manual scaling
- An operator changes capacity by hand rather than automatically.
- Trending trigger
- Scaling based on a sustained upward/downward usage trend.
- Load trigger
- Scaling when a metric (CPU, requests) crosses a threshold.
- Event trigger
- Scaling in response to a discrete event (e.g., a queue depth spike).
- Lifecycle management
- Managing resources from provisioning through patching, updates, and decommissioning.
- End of life vs end of support
- End of life: product retired; end of support: no more patches/help, raising risk.
- Log collection
- Gathering log data from sources before aggregation and analysis.
- Response (alerting)
- The action taken after triage to resolve or mitigate an alert.
- Zero Trust
- A security model that trusts no user or device by default and verifies every request (identity, posture, least privilege).
- Least privilege
- Granting users and services only the minimum access needed to do their job.
- Vulnerability management
- The cycle of defining scanning scope, identifying, assessing, and remediating weaknesses.
- CVE
- Common Vulnerabilities and Exposures: a public catalog of known security flaws, each with a unique ID.
- IAM
- Identity and Access Management: controlling who (or what) can access which cloud resources and actions.
- RBAC
- Role-Based Access Control: permissions assigned to roles, and roles assigned to users.
- MFA
- Multifactor Authentication: requiring two or more factors (something you know/have/are) to sign in.
- Federation
- Letting users authenticate with one trusted identity provider to access multiple systems (e.g., via SAML).
- SAML
- Security Assertion Markup Language: an XML standard for exchanging authentication/authorization between identity and service providers.
- OAuth 2.0
- An authorization framework that lets an app access resources on a user's behalf without sharing their password.
- OpenID Connect
- An identity layer built on OAuth 2.0 that adds authentication (verifying who the user is).
- Encryption in transit
- Protecting data as it moves across networks, typically with TLS.
- Encryption at rest
- Protecting stored data by encrypting it on disk so it is unreadable if stolen.
- Secrets management
- Securely storing and controlling access to credentials, keys, and tokens (e.g., a vault).
- API security
- Protecting APIs with authentication, authorization, rate limiting, and input validation.
- Data sovereignty
- The principle that data is subject to the laws of the country where it is stored.
- Data classification
- Labeling data by sensitivity (e.g., public, confidential) to apply the right controls.
- SOC 2
- An audit framework reporting on a service organization's security, availability, and confidentiality controls.
- PCI DSS
- Payment Card Industry Data Security Standard: rules for protecting cardholder data.
- ISO 27001
- An international standard for an information security management system (ISMS).
- DLP
- Data Loss Prevention: tools that detect and block sensitive data from leaving the organization.
- IDS / IPS
- Intrusion Detection System (alerts) and Intrusion Prevention System (alerts and blocks) for malicious traffic.
- WAF
- Web Application Firewall: filters HTTP traffic to block web attacks like SQL injection and XSS.
- Network security group
- A virtual firewall of allow/deny rules controlling traffic to cloud resources.
- DDoS protection
- Defenses that absorb or filter distributed denial-of-service floods to keep services available.
- Endpoint protection
- Security software on hosts/VMs/devices to detect and stop malware and intrusions.
- Hardening
- Reducing attack surface by removing unneeded services, closing ports, and applying secure configs.
- CIS Benchmark
- Center for Internet Security configuration guidelines for securely hardening systems.
- Bastion host
- A hardened, monitored jump server that provides controlled access into a private network.
- Phishing
- A social-engineering attack that tricks users into revealing credentials or running malware.
- Ransomware
- Malware that encrypts data and demands payment for the decryption key.
- Cryptojacking
- Unauthorized use of cloud resources to mine cryptocurrency.
- Zombie instance
- A running cloud resource that is unused, unmonitored, or compromised, wasting cost and adding risk.
- Privilege escalation
- An attacker gaining higher permissions than they were granted.
- Audit trail
- An immutable record of who did what and when, supporting accountability and investigations.
- Container security
- Securing images and runtime: prefer unprivileged containers, scan images, and limit file permissions.
- CIA triad
- Confidentiality, Integrity, and Availability: the three core goals of information security.
- Confidentiality
- Ensuring data is accessible only to authorized parties.
- Integrity
- Ensuring data is accurate and unaltered by unauthorized changes.
- Availability
- Ensuring systems and data are accessible when needed.
- Authentication vs authorization
- Authentication verifies who you are; authorization determines what you may access.
- Token-based authentication
- Issuing a signed token after login so the user need not resend credentials each request.
- Directory-based authentication
- Verifying identities against a central directory (e.g., LDAP/Active Directory).
- Discretionary access control
- The resource owner decides who gets access.
- Group-based access control
- Granting permissions to groups, then placing users in groups.
- Data ownership
- Defining who is accountable for specific data and its protection.
- Data locality
- Where data physically resides, which affects performance and legal jurisdiction.
- Data retention (legal)
- Keeping data for required periods, including litigation hold, contractual, and regulatory drivers.
- Cloud Security Alliance
- An organization that publishes cloud security best practices and frameworks.
- Scanning scope
- Defining which assets and systems a vulnerability scan will assess.
- Remediation
- Fixing identified vulnerabilities by patching, reconfiguring, or mitigating.
- Privileged container
- A container with elevated host access; risky and discouraged in favor of unprivileged ones.
- Object/file storage security
- Protecting stored data with access policies, encryption, and least-privilege permissions.
- Event monitoring
- Watching security-relevant events to detect suspicious activity.
- Deviation from baseline
- Activity that differs from normal patterns, signaling a possible attack.
- Unnecessary open ports
- Exposed ports that widen the attack surface and should be closed.
- Social engineering
- Manipulating people into revealing information or granting access.
- Vulnerability exploitation
- Attacking a known weakness, often from human error or outdated software.
- DevOps
- A culture and practice that unites development and operations to deliver software faster and more reliably through automation.
- Version control
- Tracking and managing changes to source code over time (e.g., with Git).
- Git
- A distributed version-control system that tracks code changes and supports branching and merging.
- Pull request
- A proposal to merge code changes, enabling review and discussion before integration.
- Code review
- Peers examining proposed changes for quality, security, and correctness before merge.
- Branch management
- Organizing parallel lines of development (branches) and merging them back safely.
- CI (Continuous Integration)
- Frequently merging code and automatically building and testing it to catch issues early.
- CD (Continuous Delivery/Deployment)
- Automatically delivering tested code to staging (delivery) or production (deployment).
- CI/CD pipeline
- An automated workflow that builds, tests, and deploys code through defined stages.
- Build artifact
- The packaged output of a build (e.g., a container image or zip) that gets deployed.
- Container image
- A read-only template containing an app and its dependencies, used to run containers.
- Artifact repository
- A store for build artifacts and packages (public or private).
- REST
- Representational State Transfer: a stateless web-service style using HTTP verbs and resources.
- SOAP
- Simple Object Access Protocol: a strict, XML-based web-service protocol.
- RPC
- Remote Procedure Call: invoking a function on a remote system as if it were local.
- GraphQL
- A query language for APIs that lets clients request exactly the data they need in one call.
- Event-driven architecture
- A design where services react to events/messages asynchronously, enabling loose coupling.
- WebSocket
- A protocol providing a persistent, two-way connection between client and server.
- Docker
- A platform for building, shipping, and running applications in containers.
- Kubernetes
- An open-source platform that automates deploying, scaling, and managing containers.
- Terraform
- An IaC tool that provisions infrastructure across providers using declarative config.
- Ansible
- An agentless automation tool for configuration management and app deployment.
- Jenkins
- An automation server widely used to build CI/CD pipelines.
- GitHub Actions
- A CI/CD platform built into GitHub that automates workflows on repository events.
- ELK stack
- Elasticsearch, Logstash, and Kibana: a toolset for collecting, storing, and visualizing logs.
- Grafana
- An open-source tool for visualizing metrics and building monitoring dashboards.
- Source control concepts
- Managing code changes: commit, push, merge, pull request, review, and branching.
- Code commit
- Saving a set of changes to the version-control repository with a message.
- Code merge
- Combining changes from one branch into another.
- Automation (CI/CD)
- Using tooling to run builds, tests, and deployments without manual steps.
- Code integration
- Combining developers' code frequently and verifying it builds and passes tests.
- Build stage
- The pipeline step that compiles/packages code into a deployable artifact.
- Pipeline security
- Scanning code and dependencies for vulnerabilities within the CI/CD workflow.
- Public vs private repository
- Public repos are open to all; private repos restrict access to authorized users.
- VM image vs container image
- A VM image includes a full OS; a container image shares the host kernel and is smaller.
- Web service
- An application component exposed over a network via standard protocols (REST, SOAP, RPC).
- Flat file
- A simple file (e.g., CSV) with no structured relationships, sometimes used as an artifact/data.
- RPM / Debian packages
- Linux software package formats (RPM for Red Hat, .deb for Debian/Ubuntu).
- API throttling
- A provider limiting the rate of API calls; exceeding it causes errors until requests slow down.
- Service quota
- A provider-imposed limit on resources (e.g., max instances) that can block new deployments when hit.
- Oversubscription
- Allocating more virtual resources than the physical hardware can provide, causing contention.
- Resource misconfiguration
- Incorrect settings (allocation, permissions, sizing) that cause a deployment to fail or underperform.
- Deprecation
- Removal or end-of-support of a feature/version that breaks dependent deployments.
- Regional service availability
- A service or feature not being offered in a particular region, breaking a deployment there.
- DHCP failure
- Clients cannot obtain IP settings, often shown by scope exhaustion or no address; breaks connectivity.
- DNS failure
- Name resolution fails, so hosts can reach IPs but not names; a classic 'site is down' cause.
- NTP issue
- Clock drift from a failed time service can break authentication, certificates, and logging.
- Scope exhaustion
- A DHCP pool runs out of addresses, so new clients cannot get an IP.
- Network overlap
- Two networks using the same IP range, causing routing conflicts after a migration or peering.
- Missing route
- A routing table lacks a path to a destination, so traffic is dropped.
- Misconfigured route
- A routing entry sends traffic the wrong way, causing unreachable resources or loops.
- VLAN tag misconfiguration
- Wrong 802.1Q tags or access-vs-trunk port settings break Layer 2 segmentation and connectivity.
- Latency issue
- High delay between request and response, often from distance, congestion, or under-provisioning.
- Bandwidth/throughput issue
- Insufficient capacity for the traffic volume, causing slowness or drops.
- HTTP 4xx vs 5xx
- 4xx errors indicate a client problem (e.g., 403 forbidden, 404 not found); 5xx indicate a server-side error.
- Cipher suite deprecation
- Old encryption algorithms being disabled, breaking TLS connections that still rely on them.
- Leaked credentials
- Exposed keys/passwords that enable unauthorized access until rotated/revoked.
- Unauthorized access
- Access by an entity without proper permission, often from misconfigured authorization.
- Software vulnerability
- A flaw in software that attackers can exploit; remediated by patching or updating.
- Unauthorized software
- Unapproved applications running in the environment, creating risk and policy violations.
- Protocol incompatibility
- Two systems unable to communicate because they use incompatible protocols/versions.
- Outage (full vs partial)
- A complete service failure (full) versus degraded or partial loss of functionality.
- Incompatibility (deployment)
- A component that does not work with others, causing a failed deployment.
- Outdated component definition
- An old template/definition causing a deployment to use deprecated or wrong resources.
- Permission misconfiguration
- Wrong access settings that block or over-expose a deployed resource.
- Sizing issue
- Under- or over-provisioning resources, causing failure or wasted cost.
- NAT issue
- Failed address translation breaking outbound/inbound connectivity for private hosts.
- Network device misconfiguration
- Incorrect settings on a router/switch/firewall that disrupt traffic.
- Protocol deprecation
- An older protocol/version being disabled, breaking systems that still use it.
- Access vs trunk port
- Access ports carry one VLAN; trunk ports carry multiple tagged VLANs; mixing them breaks connectivity.
- Authorization issue
- A failure or misconfiguration in what an authenticated entity is allowed to do.
- Authentication issue
- A failure to verify identity, sometimes caused by leaked or expired credentials.