Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 7: Glossary

  • ACID: (Atomicity, Consistency, Isolation, Durability) A set of properties of database transactions intended to guarantee data validity despite errors, power failures, and other mishaps. (Note: While not directly networking, often relevant in application context for network design.)
  • ALB (Application Load Balancer): A type of Elastic Load Balancer that operates at Layer 7 (application layer) and supports content-based routing.
  • Anycast: A network addressing and routing method in which a single destination address is shared by devices (servers) in multiple locations.
  • API Gateway: An AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. (Note: While not directly networking, often relevant in application context for network design.)
  • AS_PATH Prepending: A BGP attribute manipulation technique used to influence inbound routing by making a path appear longer, thus less preferred.
  • Auto Scaling Group (ASG): An Amazon EC2 service that automatically adjusts the number of EC2 instances in a group based on demand or a schedule. (Note: While not directly networking, relevant for network HA/scalability.)
  • Availability Zone (AZ): A distinct location within an AWS Region that is isolated from failures in other Availability Zones.
  • AWS Artifact: An AWS service that provides on-demand access to AWS security and compliance reports and select online agreements. (Note: Relevant for compliance context.)
  • AWS Audit Manager: An AWS service that automates the collection of evidence to help you prepare for audits. (Note: Relevant for compliance context.)
  • AWS Batch: A fully managed service that enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. (Note: While not directly networking, relevant for compute context.)
  • AWS Certificate Manager (ACM): An AWS service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources. (Note: Relevant for network security/encryption.)
  • AWS CloudFormation: An AWS service that helps you model and set up your AWS resources, spend less time managing those resources, and more time focusing on your applications that run in AWS. (Note: Relevant for network automation/IaC.)
  • AWS CloudHSM: A cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on FIPS 140-2 Level 3 validated hardware. (Note: Relevant for network security/encryption.)
  • AWS CloudTrail: An AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. (Note: Relevant for network auditing.)
  • AWS Cloud Development Kit (CDK): An open-source software development framework to define your cloud application resources using familiar programming languages. (Note: Relevant for network automation/IaC.)
  • AWS Client VPN: A managed client-based VPN service that enables you to securely access your AWS resources and resources in your on-premises network from any location.
  • AWS Config: An AWS service that enables you to assess, audit, and evaluate the configurations of your AWS resources. (Note: Relevant for network compliance.)
  • AWS Control Tower: An AWS service that provides an easy way to set up and govern a secure, multi-account AWS environment. (Note: Relevant for network governance.)
  • AWS DataSync: A data transfer service that simplifies, automates, and accelerates moving data between on-premises storage and AWS storage services. (Note: Relevant for hybrid data transfer.)
  • AWS Database Migration Service (DMS): An AWS service that helps you migrate databases to AWS quickly and securely. (Note: While not directly networking, relevant for hybrid data transfer.)
  • AWS Detective: An AWS service that automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data. (Note: Relevant for network security/auditing.)
  • AWS Direct Connect (DX): A cloud service solution that links your internal network to AWS over a dedicated, private connection.
  • AWS Elastic Beanstalk: An easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. (Note: While not directly networking, relevant for compute context.)
  • AWS Fault Injection Simulator (FIS): A fully managed service for running chaos engineering experiments on AWS. (Note: Relevant for network resiliency testing.)
  • AWS Fargate: A serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). (Note: While not directly networking, relevant for compute context.)
  • AWS Global Accelerator: A networking service that improves the availability and performance of your applications with a static, fixed entry point.
  • AWS Glue: A serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. (Note: While not directly networking, relevant for data context.)
  • AWS GuardDuty: An intelligent threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. (Note: Relevant for network security.)
  • AWS Health Dashboard: Provides personalized view of AWS service health and alerts you to events that might affect your resources. (Note: Relevant for network monitoring.)
  • AWS IAM Identity Center (SSO): A cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. (Note: Relevant for network governance.)
  • AWS Key Management Service (KMS): An AWS service that makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. (Note: Relevant for network security/encryption.)
  • AWS Lambda: A serverless compute service that lets you run code without provisioning or managing servers. (Note: While not directly networking, relevant for network automation.)
  • AWS Migration Hub: Provides a single location to track the progress of application migrations across multiple AWS and partner solutions. (Note: Relevant for migration context.)
  • AWS Migration Evaluator: Provides migration readiness assessments and total cost of ownership (TCO) analysis. (Note: Relevant for migration context.)
  • AWS Network Firewall: A managed service that makes it easier to deploy network protections for all your Amazon VPCs.
  • AWS Organizations: An AWS service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. (Note: Relevant for network governance.)
  • AWS PrivateLink: A technology that provides private connectivity between VPCs, AWS services, and on-premises applications, securely and directly.
  • AWS Resource Access Manager (RAM): An AWS service that helps you securely share your resources across AWS accounts, within your organization, or with AWS Organizations. (Note: Relevant for network governance.)
  • AWS Resource Groups: An AWS service that allows you to organize your AWS resources into logical groups. (Note: Relevant for network management.)
  • AWS Security Hub: An AWS service that provides a comprehensive view of your security alerts and security posture across your AWS accounts. (Note: Relevant for network security.)
  • AWS Service Catalog: An AWS service that allows organizations to create and manage catalogs of IT services that are approved for use on AWS. (Note: Relevant for network governance.)
  • AWS Shield: A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
  • AWS Site-to-Site VPN: A managed VPN connection that creates an encrypted tunnel between your on-premises network and your Amazon VPC over the public internet.
  • AWS Snow Family: A collection of physical devices that help you to physically transport terabytes to petabytes of data into and out of AWS. (Note: Relevant for hybrid data transfer.)
  • AWS Step Functions: A serverless workflow service that lets you combine AWS Lambda functions and other AWS services to build business-critical applications. (Note: Relevant for network automation.)
  • AWS Storage Gateway: A hybrid cloud storage service that connects an on-premises software appliance with cloud-based storage to provide seamless integration. (Note: Relevant for hybrid data transfer.)
  • AWS Systems Manager: A unified interface for operational data and task automation across your AWS resources. (Note: Relevant for network automation.)
  • AWS Trusted Advisor: An AWS service that provides recommendations that help you follow AWS best practices. (Note: Relevant for network optimization.)
  • AWS WAF (Web Application Firewall): An AWS service that helps protect your web applications or APIs from common web exploits that may affect availability, compromise security, or consume excessive resources.
  • AWS X-Ray: An AWS service that helps developers analyze and debug distributed applications, such as those built using microservices. (Note: Relevant for network monitoring/troubleshooting.)
  • Asymmetric Routing: A network condition where inbound and outbound traffic for a session traverse different network paths. Can cause issues with stateful firewalls.
  • BGP (Border Gateway Protocol): A dynamic routing protocol used to exchange route information between autonomous systems.
  • Blast Radius: The potential impact or damage that a failure or security breach of a component could have on the rest of the system.
  • Blue/Green Deployment: A deployment strategy that involves running two identical production environments, "Blue" (current version) and "Green" (new version), and switching traffic between them. (Note: Relevant for network change management.)
  • Canary Deployment: A deployment strategy that rolls out a new version of an application to a small subset of users first, then gradually to the rest of the users. (Note: Relevant for network change management.)
  • CIDR Block: (Classless Inter-Domain Routing) A method for allocating IP addresses and routing IP packets. Used to define VPCs and subnets.
  • CI/CD: (Continuous Integration/Continuous Deployment/Delivery) The practice of automating the software development lifecycle to deliver code changes more frequently and reliably. (Note: Relevant for network automation.)
  • CloudFront: (Amazon CloudFront) A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency.
  • CloudWatch: (Amazon CloudWatch) A monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
  • CloudTrail: (AWS CloudTrail) An AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account.
  • Cloud Development Kit (CDK): (AWS Cloud Development Kit) An open-source software development framework to define your cloud application resources using familiar programming languages.
  • Cluster Placement Group: An EC2 placement strategy that packs instances close together inside an Availability Zone for low-latency network performance.
  • Configuration Drift: The state where the actual configuration of an environment has diverged from the intended, code-defined configuration.
  • Consolidated Billing: A feature of AWS Organizations that allows you to receive a single bill for all AWS accounts in your organization. (Note: Relevant for network cost optimization.)
  • Cost Allocation Tags: User-defined labels that you apply to AWS resources to categorize and track costs. (Note: Relevant for network cost optimization.)
  • Cost and Usage Report (CUR): The most comprehensive dataset about your AWS costs and usage, containing line items for every unique charge. (Note: Relevant for network cost optimization.)
  • Cost Explorer: (AWS Cost Explorer) A free service that allows you to visualize, understand, and manage your AWS costs and usage over time. (Note: Relevant for network cost optimization.)
  • Customer Gateway: Your on-premises router or firewall device that supports IPsec for VPN connections.
  • DDoS (Distributed Denial of Service): A malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
  • Dedicated Hosts: An Amazon EC2 purchasing option that provides physical EC2 servers dedicated for your use, offering licensing flexibility for existing server-bound software. (Note: While not directly networking, relevant for compute context.)
  • Defense in Depth: A security strategy that uses multiple layers of security controls to protect a system.
  • DNS (Domain Name System): A hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
  • EC2 (Elastic Compute Cloud): A web service that provides resizable compute capacity in the cloud.
  • Edge Computing: A distributed computing paradigm that brings computation and data storage closer to the sources of data.
  • Egress-Only Internet Gateway: A VPC component for IPv6 traffic that allows outbound communication from instances in a private subnet to the internet, but prevents inbound communication.
  • Elastic Load Balancing (ELB): An AWS service that automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses.
  • ENI (Elastic Network Interface): A logical networking component in a VPC that represents a virtual network card.
  • Equal-Cost Multi-Path (ECMP): A routing strategy that allows traffic to be load-balanced across multiple paths if they have equal cost.
  • Event-Driven Architecture: A software architecture pattern that promotes the production, detection, consumption of, and reaction to events. (Note: While not directly networking, relevant for network automation.)
  • Fargate: (AWS Fargate) A serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). (Note: While not directly networking, relevant for compute context.)
  • First Principles: Fundamental truths or basic propositions that cannot be deduced from any other propositions. In networking, understanding the core "why" behind a routing decision or security control.
  • Flashcards: Study aids with information on one side and a question or prompt on the other, used for active recall.
  • FSx: (Amazon FSx) A fully managed service that makes it easy to launch and run feature-rich and high-performance file systems. (Note: While not directly networking, relevant for storage context.)
  • Gateway Load Balancer (GLB): A type of Elastic Load Balancer that operates at Layer 3 (network layer) and Layer 4 (transport layer) and is used to deploy, scale, and manage virtual appliances such as firewalls, intrusion detection systems, and other network functions.
  • Global Accelerator: (AWS Global Accelerator) A networking service that improves the availability and performance of your applications with a static, fixed entry point.
  • High Availability (HA): The ability of a system to remain operational and perform its intended function correctly and consistently when it's expected to, despite component failures.
  • Hybrid Cloud: A cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms.
  • IAM (Identity and Access Management): An AWS service that helps you securely control access to AWS resources. (Note: Relevant for network governance.)
  • IaC (Infrastructure as Code): The process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
  • Immutable Infrastructure: An approach where servers are never modified after being deployed; new versions are deployed from fresh images. (Note: Relevant for network change management.)
  • Internet Gateway (IGW): A VPC component that allows communication between your VPC and the internet.
  • IoT (Internet of Things): The network of physical objects embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. (Note: While not directly networking, relevant for network performance.)
  • IPsec: (Internet Protocol Security) A suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
  • Jumbo Frames: Ethernet frames with a payload greater than the standard MTU (Maximum Transmission Unit) of 1500 bytes, typically 9001 bytes in AWS. Used to increase network throughput.
  • Kubernetes: An open-source container orchestration system for automating deployment, scaling, and management of containerized applications. (Note: While not directly networking, relevant for compute context.)
  • Layered Network Design: A conceptual framework (like the OSI model) that segments network functionality into distinct layers.
  • Least Privilege: A security principle that states that a user or process should be given only the minimum necessary access rights to perform its job.
  • Load Balancer Capacity Units (LCUs): A metric used for pricing Application Load Balancers and Network Load Balancers, based on new connections, active connections, and processed bytes.
  • Managed Service: An AWS service where AWS manages the underlying infrastructure, operating system, and software, reducing the customer's operational burden.
  • Mean Time To Recovery (MTTR): The average time it takes to recover from a product or system failure. (Note: Relevant for network troubleshooting.)
  • Memory Aids: Techniques or tools used to help remember information, such as acronyms, visualizations, or analogies.
  • Microservices: An architectural style that structures an application as a collection of loosely coupled, independently deployable services. (Note: While not directly networking, relevant for network design.)
  • Multi-AZ: (Multi-Availability Zone) A deployment strategy that distributes resources across physically isolated Availability Zones within a single AWS Region for high availability.
  • Multi-Region: A deployment strategy that distributes application components across geographically separate AWS Regions for disaster recovery and global low-latency access.
  • NAT Gateway (Network Address Translation Gateway): A highly available, managed NAT service that allows instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating connections with those instances.
  • Network Access Analyzer: An AWS service that identifies potential network access paths to specific resources, enabling proactive verification of network segmentation.
  • Network Access Control List (NACL): A stateless firewall that controls traffic in and out of one or more subnets.
  • Network Load Balancer (NLB): A type of Elastic Load Balancer that operates at Layer 4 (transport layer) and is optimized for extreme performance and static IP addresses.
  • Network Segmentation: The practice of dividing a computer network into smaller subnetworks.
  • OSI Model (Open Systems Interconnection Model): A conceptual framework that describes network functions in seven layers.
  • Placement Groups: Specific configurations for EC2 instances that control how instances are placed on underlying hardware.
  • Private Hosted Zones: A feature of Amazon Route 53 that allows you to manage custom domain names for your VPC without exposing them to the public internet.
  • Public VIF: A type of Direct Connect Virtual Interface that connects to all public AWS services (e.g., S3, DynamoDB) in all AWS Regions.
  • Private VIF: A type of Direct Connect Virtual Interface that connects to a single VPC using a Virtual Private Gateway (VPG) or to multiple VPCs via an AWS Direct Connect Gateway or Transit Gateway.
  • Reachability Analyzer: A feature in Amazon VPC that analyzes the network path between two resources in your AWS network and determines if they are reachable.
  • Region: A physical location in the world where AWS clusters data centers.
  • Resiliency: The ability of a system to maintain an acceptable level of service in the face of various faults and challenges.
  • Route 53 Resolver: A feature of Amazon Route 53 that enables DNS queries between your VPCs and your on-premises network.
  • Route Tables: A set of rules (routes) that determine where network traffic from a subnet or gateway is sent.
  • Routing: The process of selecting a path across one or more networks.
  • Scaled Score: A raw score that has been converted to a common scale to allow for consistent interpretation across different exam forms.
  • Scenario-Based Questions: Exam questions that present a realistic business or technical problem and ask for the best architectural solution.
  • SCPs (Service Control Policies): A type of policy available in AWS Organizations that you can use to manage permissions in your organization.
  • Security Groups (SGs): A stateful virtual firewall for your EC2 instance to control inbound and outbound traffic.
  • Self-Healing Architectures: Systems designed to automatically detect and remediate anomalies or failures, restoring services to a healthy state with minimal human intervention.
  • Shared Responsibility Model: A framework that outlines what AWS is responsible for (security of the cloud) and what the customer is responsible for (security in the cloud).
  • Shokunin Kishitsu: A Japanese term referring to the "craftsman's spirit," emphasizing meticulous attention to detail, continuous improvement, and a deep sense of responsibility for one's work.
  • Single Point of Failure (SPOF): A part of a system that, if it fails, will stop the entire system from working.
  • Site-to-Site VPN: A managed VPN connection that creates an encrypted tunnel between your on-premises network and your Amazon VPC over the public internet.
  • Subnet: A subdivision of a VPC defined by a CIDR block.
  • Terraform: An open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure. (Note: Relevant for network automation/IaC.)
  • Transit Gateway (TGW): (AWS Transit Gateway) A network transit hub that connects your VPCs and on-premises networks to a single gateway.
  • Transit VIF: A type of Direct Connect Virtual Interface that connects to an AWS Transit Gateway (TGW).
  • Troubleshooting: The process of identifying and resolving problems in a system.
  • VPC (Virtual Private Cloud): A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
  • VPC Endpoints: A feature that allows you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
  • VPC Flow Logs: A feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
  • VPC Peering: A networking connection between two VPCs that enables you to route traffic between them privately.
  • VPN (Virtual Private Network): A technology that creates a secure, encrypted connection over a less secure network, such as the internet.
  • Virtual Private Gateway (VPG): The AWS side of a Site-to-Site VPN connection or a Direct Connect Private VIF.
  • Virtual Interface (VIF): A logical connection created on a Direct Connect connection.
  • Web Application Firewall (WAF): An AWS service that helps protect your web applications or APIs from common web exploits that may affect availability, compromise security, or consume excessive resources.