Difference between revisions of "AWS Cloud Practitioner"

From wikieduonline
Jump to navigation Jump to search
Line 90: Line 90:
 
* Partner Systems Integrators
 
* Partner Systems Integrators
  
Know that security checks are a component of AWS Trusted Advisor
+
Know that security checks are a component of [[AWS Trusted Advisor]]
  
 
==Domain 3: Technology==
 
==Domain 3: Technology==

Revision as of 13:39, 9 September 2021

https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF

Domain 1: Cloud Concepts

1.1 Define the AWS Cloud and its value proposition

Define the benefits of the AWS cloud including:

Explain how the AWS cloud allows users to focus on business value

  • Shifting technical resources to revenue-generating activities as opposed to managing

infrastructure

1.2 Identify aspects of AWS Cloud economics

Define items that would be part of a Total Cost of Ownership proposal

  • Understand the role of operational expenses (OpEx)
  • Understand the role of capital expenses (CapEx)
  • Understand labor costs associated with on-premises operations
  • Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:

  • Right-sized infrastructure
  • Benefits of automation
  • Reduce compliance scope (for example, reporting)
  • Managed services (for example, RDS, ECS, EKS, DynamoDB)

1.3 Explain the different cloud architecture design principles

Explain the design principles:

  • Design for failure
  • Decouple components versus monolithic architecture
  • Implement elasticity in the cloud versus on-premises
  • Think parallel

Version 2.1 CLF-C01 4 | PAGE

Domain 2: Security and Compliance

2.1 Define the AWS shared responsibility model

Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS

  • Describe how the customer’s responsibilities may shift depending on the service used

(for example with RDS, Lambda, or EC2)

  • Describe AWS responsibilities

2.2 Define AWS Cloud security and compliance concepts

Identify where to find AWS compliance information:

  • Locations of lists of recognized available compliance controls (for example, HIPPA,

SOCs)

  • Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS

  • Identify different encryption options on AWS (for example, In transit, At rest)

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the

logs)

  • Define Amazon CloudWatch, AWS Config, and AWS CloudTrail

Explain the concept of least privileged access

2.3 Identify AWS access management capabilities

Understand the purpose of User and Identity Management:

Protection of root accounts

2.4 Identify resources for security support

Recognize there are different network security capabilities:

  • Native AWS services (for example, security groups, Network ACLs, AWS WAF)
  • 3

rd party security products from the AWS Marketplace

  • Recognize there is documentation and where to find it (for example, best practices,

whitepapers, official documents)

  • AWS Knowledge Center, Security Center, security forum, and security blogs
  • Partner Systems Integrators

Know that security checks are a component of AWS Trusted Advisor

Domain 3: Technology

3.1 Define methods of deploying and operating in the AWS Cloud

Identify at a high level different ways of provisioning and operating in the AWS cloud:

  • Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as

Code

Identify different types of cloud deployment models:

  • All in with cloud/cloud native
  • Hybrid
  • On-premises

Identify connectivity options:

  • VPN
  • AWS Direct Connect
  • Public internet

3.2 Define the AWS global infrastructure

Describe the relationships among Regions, Availability Zones, and Edge Locations.

Describe how to achieve high availability through the use of multiple Availability Zones:

  • Recall that high availability is achieved by using multiple Availability Zones
  • Recognize that Availability Zones do not share single points of failure

Describe when to consider the use of multiple AWS Regions:

  • Disaster recovery/business continuity
  • Low latency for end-users
  • Data sovereignty

Describe at a high level the benefits of Edge Locations:

  • Amazon CloudFront
  • AWS Global Accelerator

3.3 Identify the core AWS services

 Describe the categories of services on AWS (compute, storage, network, database)  Identify AWS compute services o Recognize there are different compute families o Recognize the different services that provide compute (for example, AWS Lambda compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.) o Recognize that elasticity is achieved through Auto Scaling o Identify the purpose of load balancers  Identify different AWS storage services o Describe Amazon S3 o Describe Amazon Elastic Block Store (Amazon EBS) o Describe Amazon S3 Glacier o Describe AWS Snowball o Describe Amazon Elastic File System (Amazon EFS) o Describe AWS Storage Gateway  Identify AWS networking services o Identify VPC o Identify security groups o Identify the purpose of Amazon Route 53 o Identify VPN, AWS Direct Connect  Identify different AWS database services o Install databases on Amazon EC2 compared to AWS managed database

See also

Advertising: