Difference between revisions of "AWS Cloud Practitioner"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
: https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF
+
* https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF
  
 +
* https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Sample-Questions.pdf
  
<pre>
+
==Domain 1: Cloud Concepts==
Domain 1: Cloud Concepts
+
===1.1 Define the AWS Cloud and its value proposition===
1.1 Define the AWS Cloud and its value proposition
+
Define the benefits of the AWS cloud including:
Define the benefits of the AWS cloud including:
+
* [[Security]]
o Security
+
* [[Reliability]]
o Reliability
+
* [[High Availability]]
o High Availability
+
* [[Elasticity]]
o Elasticity
+
* [[Agility]]
o Agility
+
* [[Pay-as-you go pricing]]
o Pay-as-you go pricing
+
* [[Scalability]]
o Scalability
+
* [[Global Reach]]
o Global Reach
+
* [[Economy of scale]]
o Economy of scale
+
 
Explain how the AWS cloud allows users to focus on business value
+
Explain how the AWS cloud allows users to focus on business value
o Shifting technical resources to revenue-generating activities as opposed to managing
+
* Shifting technical resources to revenue-generating activities as opposed to managing
 
infrastructure
 
infrastructure
1.2 Identify aspects of AWS Cloud economics
+
 
Define items that would be part of a Total Cost of Ownership proposal
+
===1.2 Identify aspects of AWS Cloud economics===
o Understand the role of operational expenses (OpEx)
+
Define items that would be part of a Total Cost of Ownership proposal
o Understand the role of capital expenses (CapEx)
+
 
o Understand labor costs associated with on-premises operations
+
* Understand the role of operational expenses ([[OpEx]])
o Understand the impact of software licensing costs when moving to the cloud
+
* Understand the role of capital expenses ([[CapEx]])
Identify which operations will reduce costs by moving to the cloud
+
* Understand labor costs associated with on-premises operations
o Right-sized infrastructure
+
* Understand the impact of software licensing costs when moving to the cloud
o Benefits of automation
+
 
o Reduce compliance scope (for example, reporting)
+
Identify which operations will reduce costs by moving to the cloud:
o Managed services (for example, RDS, ECS, EKS, DynamoDB)
+
* Right-sized infrastructure
1.3 Explain the different cloud architecture design principles
+
* Benefits of automation
Explain the design principles
+
* Reduce compliance scope (for example, reporting)
o Design for failure
+
* Managed services (for example, [[RDS]], [[ECS]], [[EKS]], [[DynamoDB]])
o Decouple components versus monolithic architecture
+
 
o Implement elasticity in the cloud versus on-premises
+
===1.3 Explain the different cloud architecture design principles===
o Think parallel
+
Explain the design principles:
Version 2.1 CLF-C01 4 | PAGE
+
 
Domain 2: Security and Compliance
+
* Design for failure
2.1 Define the AWS shared responsibility model
+
* Decouple components versus monolithic architecture
Recognize the elements of the Shared Responsibility Model
+
* Implement elasticity in the cloud versus [[on-premises]]
Describe the customer’s responsibly on AWS
+
* Think parallel
o Describe how the customer’s responsibilities may shift depending on the service used
+
 
(for example with RDS, Lambda, or EC2)
+
==Domain 2: Security and Compliance==
Describe AWS responsibilities
+
===2.1 Define the AWS shared responsibility model===
2.2 Define AWS Cloud security and compliance concepts
+
Recognize the elements of the Shared Responsibility Model
Identify where to find AWS compliance information
+
Describe the customer’s responsibility on [[AWS]]
o Locations of lists of recognized available compliance controls (for example, HIPPA,
+
 
SOCs)
+
* Describe how the customer’s responsibilities may shift depending on the service used
o Recognize that compliance requirements vary among AWS services
+
(for example with [[RDS]], [[Lambda]], or [[EC2]])
At a high level, describe how customers achieve compliance on AWS
+
 
o Identify different encryption options on AWS (for example, In transit, At rest)
+
* Describe AWS responsibilities
Describe who enables encryption on AWS for a given service
+
 
Recognize there are services that will aid in auditing and reporting
+
===2.2 Define AWS Cloud security and compliance concepts===
o Recognize that logs exist for auditing and monitoring (do not have to understand the
+
Identify where to find AWS compliance information:
 +
*Locations of lists of recognized available compliance controls (for example, [[HIPPA]],
 +
[[SOCs]])
 +
* Recognize that compliance requirements vary among AWS services
 +
 
 +
At a high level, describe how customers achieve compliance on AWS
 +
* Identify different [[encryption]] options on AWS (for example, [[In transit]], [[At rest]])
 +
 
 +
Describe who enables encryption on AWS for a given service
 +
 
 +
Recognize there are services that will aid in auditing and reporting
 +
* Recognize that logs exist for auditing and monitoring (do not have to understand the
 
logs)
 
logs)
o Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
+
* Define [[Amazon CloudWatch]], [[AWS Config]], and [[AWS CloudTrail]]
Explain the concept of least privileged access
+
Explain the concept of least privileged access
2.3 Identify AWS access management capabilities
+
 
Understand the purpose of User and Identity Management
+
===2.3 Identify AWS access management capabilities===
o Access keys and password policies (rotation, complexity)
+
Understand the purpose of User and Identity Management:
o Multi-Factor Authentication (MFA)
+
* Access keys and password policies (rotation, complexity)
o AWS Identity and Access Management (IAM)
+
* [[Multi-Factor Authentication]] (MFA)
Groups/users
+
* [[AWS Identity and Access Management]] (IAM)
Roles
+
** [[Groups]]/[[users]]
Policies, managed policies compared to custom policies
+
** [[Roles]]
o Tasks that require use of root accounts
+
** [[Policies]], managed policies compared to custom policies
 +
* Tasks that require use of root accounts
 +
 
 
Protection of root accounts
 
Protection of root accounts
2.4 Identify resources for security support
+
 
Recognize there are different network security capabilities
+
===2.4 Identify resources for security support===
o Native AWS services (for example, security groups, Network ACLs, AWS WAF)
+
Recognize there are different network security capabilities:
o 3
+
*Native [[AWS services]] (for example, [[security groups]], [[Network ACLs]], [[AWS WAF]])
rd party security products from the AWS Marketplace
+
* 3
Recognize there is documentation and where to find it (for example, best practices,
+
rd party security products from the [[AWS Marketplace]]
 +
* Recognize there is documentation and where to find it (for example, best practices,
 
whitepapers, official documents)
 
whitepapers, official documents)
o AWS Knowledge Center, Security Center, security forum, and security blogs
+
* AWS Knowledge Center, Security Center, security forum, and security blogs
o Partner Systems Integrators
+
* [[Partner Systems Integrators]]
Know that security checks are a component of AWS Trusted Advisor
+
 
+
Know that security checks are a component of [[AWS Trusted Advisor]]
Version 2.1 CLF-C01 5 | PAGE
+
 
Domain 3: Technology
+
==Domain 3: Technology==
3.1 Define methods of deploying and operating in the AWS Cloud
+
===3.1 Define methods of deploying and operating in the AWS Cloud===
Identify at a high level different ways of provisioning and operating in the AWS cloud
+
Identify at a high level different ways of provisioning and operating in the AWS cloud:
o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as
+
* Programmatic access, [[APIs]], [[SDKs]], [[AWS Management Console]], [[CLI]], [[Infrastructure as Code]]
Code
+
 
Identify different types of cloud deployment models
+
Identify different types of cloud deployment models:
o All in with cloud/cloud native
+
* All in with cloud/cloud native
o Hybrid
+
* [[Hybrid]]
o On-premises
+
* [[On-premises]]
Identify connectivity options
+
 
o VPN
+
Identify connectivity options:
o AWS Direct Connect
+
* [[VPN]]
o Public internet
+
* [[AWS Direct Connect]]
3.2 Define the AWS global infrastructure
+
* Public internet
Describe the relationships among Regions, Availability Zones, and Edge Locations
+
 
Describe how to achieve high availability through the use of multiple Availability Zones
+
===3.2 Define the AWS global infrastructure===
o Recall that high availability is achieved by using multiple Availability Zones
+
Describe the relationships among [[Regions]], [[Availability Zones]], and [[Edge Locations]].
o Recognize that Availability Zones do not share single points of failure
+
 
Describe when to consider the use of multiple AWS Regions
+
Describe how to achieve high availability through the use of multiple Availability Zones:
o Disaster recovery/business continuity
+
* Recall that high availability is achieved by using multiple [[Availability Zones]]
o Low latency for end-users
+
* Recognize that Availability Zones do not share single points of failure
o Data sovereignty
+
 
Describe at a high level the benefits of Edge Locations
+
Describe when to consider the use of multiple AWS Regions:
o Amazon CloudFront
+
* [[Disaster recovery]]/business continuity
o AWS Global Accelerator
+
* [[Low latency]] for end-users
3.3 Identify the core AWS services
+
* [[Data sovereignty]]
Describe the categories of services on AWS (compute, storage, network, database)
+
 
Identify AWS compute services
+
Describe at a high level the benefits of Edge Locations:
o Recognize there are different compute families
+
* [[Amazon CloudFront]]
o Recognize the different services that provide compute (for example, AWS Lambda
+
* [[AWS Global Accelerator]]
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
+
 
o Recognize that elasticity is achieved through Auto Scaling
+
===3.3 Identify the core AWS services===
o Identify the purpose of load balancers
+
Describe the categories of services on AWS (compute, storage, network, database).
Identify different AWS storage services
+
 
o Describe Amazon S3
+
Identify AWS compute services:
o Describe Amazon Elastic Block Store (Amazon EBS)
+
* Recognize there are different compute families
o Describe Amazon S3 Glacier
+
* Recognize the different services that provide compute (for example, [[AWS Lambda ]]
o Describe AWS Snowball
+
compared to Amazon Elastic Container Service (Amazon [[ECS]]), or Amazon [[EC2]], etc.)
o Describe Amazon Elastic File System (Amazon EFS)
+
* Recognize that elasticity is achieved through [[Auto Scaling]]
o Describe AWS Storage Gateway
+
* Identify the purpose of load balancers
Identify AWS networking services
+
 
o Identify VPC
+
Identify different AWS storage services:
o Identify security groups
+
* Describe [[Amazon S3]]
o Identify the purpose of Amazon Route 53
+
* Describe [[Amazon Elastic Block Store]] (Amazon EBS)
o Identify VPN, AWS Direct Connect
+
* Describe [[Amazon S3 Glacier]]
Identify different AWS database services
+
* Describe [[AWS Snowball]]
o Install databases on Amazon EC2 compared to AWS managed database
+
* Describe [[Amazon Elastic File System]] (Amazon EFS)
</pre>
+
* Describe [[AWS Storage Gateway]]
 +
 
 +
Identify AWS networking services:
 +
* Identify [[VPC]]
 +
* Identify [[security groups]]
 +
* Identify the purpose of [[Amazon Route 53]]
 +
* Identify [[VPN]], [[AWS Direct Connect]]
 +
 
 +
Identify different AWS database services:
 +
* Install databases on Amazon EC2 compared to AWS managed database
  
 
== See also ==
 
== See also ==

Latest revision as of 04:35, 10 September 2021

Domain 1: Cloud Concepts[edit]

1.1 Define the AWS Cloud and its value proposition[edit]

Define the benefits of the AWS cloud including:

Explain how the AWS cloud allows users to focus on business value

  • Shifting technical resources to revenue-generating activities as opposed to managing

infrastructure

1.2 Identify aspects of AWS Cloud economics[edit]

Define items that would be part of a Total Cost of Ownership proposal

  • Understand the role of operational expenses (OpEx)
  • Understand the role of capital expenses (CapEx)
  • Understand labor costs associated with on-premises operations
  • Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:

  • Right-sized infrastructure
  • Benefits of automation
  • Reduce compliance scope (for example, reporting)
  • Managed services (for example, RDS, ECS, EKS, DynamoDB)

1.3 Explain the different cloud architecture design principles[edit]

Explain the design principles:

  • Design for failure
  • Decouple components versus monolithic architecture
  • Implement elasticity in the cloud versus on-premises
  • Think parallel

Domain 2: Security and Compliance[edit]

2.1 Define the AWS shared responsibility model[edit]

Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS

  • Describe how the customer’s responsibilities may shift depending on the service used

(for example with RDS, Lambda, or EC2)

  • Describe AWS responsibilities

2.2 Define AWS Cloud security and compliance concepts[edit]

Identify where to find AWS compliance information:

  • Locations of lists of recognized available compliance controls (for example, HIPPA,

SOCs)

  • Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the

logs)

Explain the concept of least privileged access

2.3 Identify AWS access management capabilities[edit]

Understand the purpose of User and Identity Management:

Protection of root accounts

2.4 Identify resources for security support[edit]

Recognize there are different network security capabilities:

rd party security products from the AWS Marketplace

  • Recognize there is documentation and where to find it (for example, best practices,

whitepapers, official documents)

Know that security checks are a component of AWS Trusted Advisor

Domain 3: Technology[edit]

3.1 Define methods of deploying and operating in the AWS Cloud[edit]

Identify at a high level different ways of provisioning and operating in the AWS cloud:

Identify different types of cloud deployment models:

Identify connectivity options:

3.2 Define the AWS global infrastructure[edit]

Describe the relationships among Regions, Availability Zones, and Edge Locations.

Describe how to achieve high availability through the use of multiple Availability Zones:

  • Recall that high availability is achieved by using multiple Availability Zones
  • Recognize that Availability Zones do not share single points of failure

Describe when to consider the use of multiple AWS Regions:

Describe at a high level the benefits of Edge Locations:

3.3 Identify the core AWS services[edit]

Describe the categories of services on AWS (compute, storage, network, database).

Identify AWS compute services:

  • Recognize there are different compute families
  • Recognize the different services that provide compute (for example, AWS Lambda

compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)

  • Recognize that elasticity is achieved through Auto Scaling
  • Identify the purpose of load balancers

Identify different AWS storage services:

Identify AWS networking services:

Identify different AWS database services:

  • Install databases on Amazon EC2 compared to AWS managed database

See also[edit]

Advertising: