Monash University · S1 2026 · FACULTY OF INFORMATION TECHNOLOGY

FIT5225 · Cloud Computing And Security

- one subject, every graph, every model, every mark
50% final exam · hurdle7 Chapters57-page Bible
Our own words - no uploaded lecturer files
Built to mirror S1 2026 · updated this semester
The Complete Exam Bible · S1 2026

Cloud Computing and Security

— one ladder of abstraction, every distinction, every diagram, every config

Cloud Computing and Security climbs a single ladder of abstraction — physical machine → virtual machine → container → orchestrated container → managed service → function — and at each rung asks who controls and who secures the stack. There is no final exam: your mark is two heavy build/deploy projects (70%) — an individual AWS app and a multicloud group deployment — plus two invigilated, conceptual quizzes (15% + 15%). The quizzes reward distinctions, not memory: tell two technologies apart, read a labelled architecture diagram, and recognise a config snippet. This guide drills exactly those distinctions and doubles as your architecture / AWS reference for the builds.

FIT5225 · Monash University
Assessment

How FIT5225 is assessed

ComponentWeightFormat
A2 — Multicloud app (group)40%Build & deploy across more than one cloud · IaC · teamwork + individual report
A1 — CloudEco (individual)30%Build a scalable AWS app · justify the design · model file by student-ID
Quiz 1 (invigilated)15%Conceptual recall + applied reasoning · treat as closed / no bring-in
Quiz 2 (invigilated)15%Conceptual recall + applied reasoning, later weeks · no final exam
Worked example · free

Reading a Dockerfile, line by line — the signature quiz skill

Q [6 marks]. A quiz shows you the Dockerfile below for a small Python web app and asks: (a) what does each instruction do, (b) why is COPY requirements.txt placed before COPY . ., and (c) what is the difference between RUN and CMD?
DOCKERFILEFROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["python", "app.py"]
  • +1FROM / WORKDIR: FROM sets the base image (a slim Python 3.12 layer); WORKDIR sets and creates the working directory for the following instructions.
  • +1COPY then RUN: COPY requirements.txt . brings in just the dependency list, then RUN pip install installs the libraries into a new image layer.
  • +1COPY . . / EXPOSE / CMD: copy the rest of the source, document the listening port, and set the default process the container runs.
  • +2(b) Layer caching: dependencies change rarely, source changes often. Copying requirements.txt first lets Docker cache the pip install layer and skip re-installing on every code edit — a faster rebuild.
  • +1(c) RUN vs CMD: RUN executes at build time and bakes its result into a layer; CMD sets the default command run at container start and does not create a layer.
Each instruction builds one image layer or sets runtime behaviour; requirements.txt is copied first so the pip install layer is cached across source-only changes; RUN runs during the build, CMD runs when the container starts.
Sia tip — The classic trap pairs the quiz loves: COPY vs ADD (ADD also unpacks archives / fetches URLs — prefer COPY), and RUN vs CMD vs ENTRYPOINT (build-time vs default-run vs fixed-run). Know which instructions create layers and you can predict image size and rebuild speed.
Glossary

Key terms

Shared-responsibility model
The split of security duties between provider and customer: the provider secures of the cloud (hardware, virtualisation, global infrastructure), the customer secures in the cloud (data, IAM, OS/network config, app code). The line rises as you move IaaS → PaaS → SaaS but never disappears.
Container
An isolated, OS-level package of an application and its dependencies that shares the host kernel — lighter and faster to start than a VM, which virtualises a whole machine including its own guest OS. Built from a layered, read-only image.
Orchestration
Automated management of many containers across a cluster — scheduling, scaling, self-healing and networking. Kubernetes runs a control plane that continuously reconciles the running state to a declared desired state; Docker Swarm is the simpler alternative.
Idempotent
An operation that has the same effect whether applied once or many times. In REST, GET, PUT and DELETE are idempotent (repeating them does not change the result further) while POST is not; idempotency is also why declarative IaC can safely re-run.
Infrastructure-as-Code (IaC)
Provisioning and managing infrastructure with machine-readable definition files rather than manual clicks. Declarative tools (Terraform, CloudFormation) describe the desired end state; imperative tools (Ansible scripts) describe the steps. The benefits are repeatability, versioning and idempotency.
FAQ

FIT5225 FAQ

Is FIT5225 hard?

It is broad rather than deep: seven topic areas across one semester, two substantial build projects, and two conceptual quizzes. The difficulty is breadth and time management on the projects — start them early — while the quizzes reward crisp distinctions you can drill (VM vs container, SOAP vs REST, SG vs NACL). There is no final exam to backstop a weak piece.

How is FIT5225 assessed?

There is no final exam. Your mark is two build/deploy projects worth about 70% — an individual AWS app (around 30%) and a multicloud group deployment (around 40%) — plus two invigilated, conceptual quizzes worth about 15% each. Each piece stands alone; nothing rescues anything. Confirm this year's exact weights and dates on your own Monash Canvas.

What do the FIT5225 quizzes actually test?

Three things, in order of frequency: (1) concept distinctions — VM vs container, Type-1 vs Type-2, IaaS/PaaS/SaaS, SOAP vs REST, SG vs NACL, User Pool vs Identity Pool; (2) architecture-diagram reading — what each box in a VPC, a Kubernetes cluster or a serverless flow does, and what is mismanaged; (3) config-snippet recognition — a Dockerfile, a kubectl command, an IaC block, an IAM/S3 policy. You read and reason far more often than you author from scratch.

Do I need to be a strong coder for FIT5225?

You need to be able to build and deploy — package an app, write infrastructure-as-code, and stand it up on AWS (and a second cloud for the group project). The quizzes are conceptual, not code-from-blank exams. Most of the marks reward design judgement and the ability to justify why you chose a service or architecture.

Is using AskSia for FIT5225 cheating?

No. AskSia is a study reference written in our own words to mirror what the unit examines — we host none of your lecturer's files, and Sia teaches you the method and the distinctions; it does not complete or sit your assessments. The build projects must be your own work and any GenAI use must follow the unit's disclosure policy.

Study strategy

How to study for the exam

Treat this as two different games. The 70% in the two build projects is won by starting early — pick services, sketch the architecture, get a deployment working, then iterate; nothing here can be crammed the night before. The 30% in the two invigilated quizzes is won by drilling distinctions: every “X vs Y” in this guide is a likely question, so learn the row that separates them, not just what each one is. Practise three quiz skills cold — telling adjacent technologies apart, reading a labelled architecture diagram, and recognising a small config snippet (a Dockerfile, a kubectl command, an IAM policy). Because there is no exam to rescue a weak piece, the safest marks are the comparison tables you can reproduce on demand.

A+Everything unlocked
Unlocks this Bible + all 23 of your Monash University subjects - and 1,000+ Bibles across every Australian university.
Sia - your FIT5225 tutor, unlimited, worked the way the exam marks it
The full 57-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full FIT5225 Bible + 23 Monash University subjects解锁完整 FIT5225 Bible + Monash University 23 门科目
$25/mo