Difference between revisions of "AWS Cloud Practitioner"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
: https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF
+
* https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF
 +
 
 +
* https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Sample-Questions.pdf
  
 
==Domain 1: Cloud Concepts==
 
==Domain 1: Cloud Concepts==
Line 37: Line 39:
 
* Design for failure
 
* Design for failure
 
* Decouple components versus monolithic architecture
 
* Decouple components versus monolithic architecture
* Implement elasticity in the cloud versus on-premises
+
* Implement elasticity in the cloud versus [[on-premises]]
 
* Think parallel
 
* Think parallel
Version 2.1 CLF-C01 4 | PAGE
 
  
 
==Domain 2: Security and Compliance==
 
==Domain 2: Security and Compliance==
 
===2.1 Define the AWS shared responsibility model===
 
===2.1 Define the AWS shared responsibility model===
 
Recognize the elements of the Shared Responsibility Model
 
Recognize the elements of the Shared Responsibility Model
Describe the customer’s responsibility on AWS
+
Describe the customer’s responsibility on [[AWS]]
  
 
* Describe how the customer’s responsibilities may shift depending on the service used
 
* Describe how the customer’s responsibilities may shift depending on the service used
(for example with RDS, Lambda, or EC2)
+
(for example with [[RDS]], [[Lambda]], or [[EC2]])
  
 
* Describe AWS responsibilities
 
* Describe AWS responsibilities
Line 53: Line 54:
 
===2.2 Define AWS Cloud security and compliance concepts===
 
===2.2 Define AWS Cloud security and compliance concepts===
 
Identify where to find AWS compliance information:
 
Identify where to find AWS compliance information:
*Locations of lists of recognized available compliance controls (for example, HIPPA,
+
*Locations of lists of recognized available compliance controls (for example, [[HIPPA]],
SOCs)
+
[[SOCs]])
 
* Recognize that compliance requirements vary among AWS services
 
* Recognize that compliance requirements vary among AWS services
  
 
At a high level, describe how customers achieve compliance on AWS
 
At a high level, describe how customers achieve compliance on AWS
* Identify different encryption options on AWS (for example, In transit, At rest)
+
* Identify different [[encryption]] options on AWS (for example, [[In transit]], [[At rest]])
  
 
Describe who enables encryption on AWS for a given service
 
Describe who enables encryption on AWS for a given service
Line 65: Line 66:
 
* Recognize that logs exist for auditing and monitoring (do not have to understand the
 
* Recognize that logs exist for auditing and monitoring (do not have to understand the
 
logs)
 
logs)
* Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
+
* Define [[Amazon CloudWatch]], [[AWS Config]], and [[AWS CloudTrail]]
 
Explain the concept of least privileged access
 
Explain the concept of least privileged access
  
Line 73: Line 74:
 
* [[Multi-Factor Authentication]] (MFA)
 
* [[Multi-Factor Authentication]] (MFA)
 
* [[AWS Identity and Access Management]] (IAM)
 
* [[AWS Identity and Access Management]] (IAM)
** Groups/users
+
** [[Groups]]/[[users]]
** Roles
+
** [[Roles]]
** Policies, managed policies compared to custom policies
+
** [[Policies]], managed policies compared to custom policies
 
* Tasks that require use of root accounts
 
* Tasks that require use of root accounts
  
Line 82: Line 83:
 
===2.4 Identify resources for security support===
 
===2.4 Identify resources for security support===
 
Recognize there are different network security capabilities:
 
Recognize there are different network security capabilities:
*Native AWS services (for example, security groups, Network ACLs, [[AWS WAF]])
+
*Native [[AWS services]] (for example, [[security groups]], [[Network ACLs]], [[AWS WAF]])
 
* 3
 
* 3
rd party security products from the AWS Marketplace
+
rd party security products from the [[AWS Marketplace]]
 
* Recognize there is documentation and where to find it (for example, best practices,
 
* Recognize there is documentation and where to find it (for example, best practices,
 
whitepapers, official documents)
 
whitepapers, official documents)
 
* AWS Knowledge Center, Security Center, security forum, and security blogs
 
* AWS Knowledge Center, Security Center, security forum, and security blogs
* Partner Systems Integrators
+
* [[Partner Systems Integrators]]
  
 
Know that security checks are a component of [[AWS Trusted Advisor]]
 
Know that security checks are a component of [[AWS Trusted Advisor]]
Line 95: Line 96:
 
===3.1 Define methods of deploying and operating in the AWS Cloud===
 
===3.1 Define methods of deploying and operating in the AWS Cloud===
 
Identify at a high level different ways of provisioning and operating in the AWS cloud:
 
Identify at a high level different ways of provisioning and operating in the AWS cloud:
*Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as
+
* Programmatic access, [[APIs]], [[SDKs]], [[AWS Management Console]], [[CLI]], [[Infrastructure as Code]]
Code
 
  
 
Identify different types of cloud deployment models:
 
Identify different types of cloud deployment models:
 
* All in with cloud/cloud native
 
* All in with cloud/cloud native
* Hybrid
+
* [[Hybrid]]
* On-premises
+
* [[On-premises]]
  
 
Identify connectivity options:
 
Identify connectivity options:
* VPN
+
* [[VPN]]
* AWS Direct Connect
+
* [[AWS Direct Connect]]
 
* Public internet
 
* Public internet
  
 
===3.2 Define the AWS global infrastructure===
 
===3.2 Define the AWS global infrastructure===
Describe the relationships among Regions, Availability Zones, and Edge Locations.
+
Describe the relationships among [[Regions]], [[Availability Zones]], and [[Edge Locations]].
  
 
Describe how to achieve high availability through the use of multiple Availability Zones:
 
Describe how to achieve high availability through the use of multiple Availability Zones:
* Recall that high availability is achieved by using multiple Availability Zones
+
* Recall that high availability is achieved by using multiple [[Availability Zones]]
 
* Recognize that Availability Zones do not share single points of failure
 
* Recognize that Availability Zones do not share single points of failure
  
 
Describe when to consider the use of multiple AWS Regions:
 
Describe when to consider the use of multiple AWS Regions:
* Disaster recovery/business continuity
+
* [[Disaster recovery]]/business continuity
* Low latency for end-users
+
* [[Low latency]] for end-users
* Data sovereignty
+
* [[Data sovereignty]]
  
 
Describe at a high level the benefits of Edge Locations:
 
Describe at a high level the benefits of Edge Locations:
* Amazon CloudFront
+
* [[Amazon CloudFront]]
* AWS Global Accelerator
+
* [[AWS Global Accelerator]]
  
 
===3.3 Identify the core AWS services===
 
===3.3 Identify the core AWS services===
Line 129: Line 129:
 
Identify AWS compute services:
 
Identify AWS compute services:
 
* Recognize there are different compute families
 
* Recognize there are different compute families
* Recognize the different services that provide compute (for example, AWS Lambda  
+
* Recognize the different services that provide compute (for example, [[AWS Lambda ]]
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
+
compared to Amazon Elastic Container Service (Amazon [[ECS]]), or Amazon [[EC2]], etc.)
* Recognize that elasticity is achieved through Auto Scaling
+
* Recognize that elasticity is achieved through [[Auto Scaling]]
 
* Identify the purpose of load balancers
 
* Identify the purpose of load balancers
  
 
Identify different AWS storage services:
 
Identify different AWS storage services:
* Describe Amazon S3
+
* Describe [[Amazon S3]]
* Describe Amazon Elastic Block Store (Amazon EBS)
+
* Describe [[Amazon Elastic Block Store]] (Amazon EBS)
* Describe Amazon S3 Glacier
+
* Describe [[Amazon S3 Glacier]]
* Describe AWS Snowball
+
* Describe [[AWS Snowball]]
* Describe Amazon Elastic File System (Amazon EFS)
+
* Describe [[Amazon Elastic File System]] (Amazon EFS)
* Describe AWS Storage Gateway
+
* Describe [[AWS Storage Gateway]]
  
 
Identify AWS networking services:
 
Identify AWS networking services:
* Identify VPC
+
* Identify [[VPC]]
* Identify security groups
+
* Identify [[security groups]]
* Identify the purpose of Amazon Route 53
+
* Identify the purpose of [[Amazon Route 53]]
* Identify VPN, AWS Direct Connect
+
* Identify [[VPN]], [[AWS Direct Connect]]
  
 
Identify different AWS database services:
 
Identify different AWS database services:

Latest revision as of 04:35, 10 September 2021

Domain 1: Cloud Concepts[edit]

1.1 Define the AWS Cloud and its value proposition[edit]

Define the benefits of the AWS cloud including:

Explain how the AWS cloud allows users to focus on business value

  • Shifting technical resources to revenue-generating activities as opposed to managing

infrastructure

1.2 Identify aspects of AWS Cloud economics[edit]

Define items that would be part of a Total Cost of Ownership proposal

  • Understand the role of operational expenses (OpEx)
  • Understand the role of capital expenses (CapEx)
  • Understand labor costs associated with on-premises operations
  • Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:

  • Right-sized infrastructure
  • Benefits of automation
  • Reduce compliance scope (for example, reporting)
  • Managed services (for example, RDS, ECS, EKS, DynamoDB)

1.3 Explain the different cloud architecture design principles[edit]

Explain the design principles:

  • Design for failure
  • Decouple components versus monolithic architecture
  • Implement elasticity in the cloud versus on-premises
  • Think parallel

Domain 2: Security and Compliance[edit]

2.1 Define the AWS shared responsibility model[edit]

Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS

  • Describe how the customer’s responsibilities may shift depending on the service used

(for example with RDS, Lambda, or EC2)

  • Describe AWS responsibilities

2.2 Define AWS Cloud security and compliance concepts[edit]

Identify where to find AWS compliance information:

  • Locations of lists of recognized available compliance controls (for example, HIPPA,

SOCs)

  • Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the

logs)

Explain the concept of least privileged access

2.3 Identify AWS access management capabilities[edit]

Understand the purpose of User and Identity Management:

Protection of root accounts

2.4 Identify resources for security support[edit]

Recognize there are different network security capabilities:

rd party security products from the AWS Marketplace

  • Recognize there is documentation and where to find it (for example, best practices,

whitepapers, official documents)

Know that security checks are a component of AWS Trusted Advisor

Domain 3: Technology[edit]

3.1 Define methods of deploying and operating in the AWS Cloud[edit]

Identify at a high level different ways of provisioning and operating in the AWS cloud:

Identify different types of cloud deployment models:

Identify connectivity options:

3.2 Define the AWS global infrastructure[edit]

Describe the relationships among Regions, Availability Zones, and Edge Locations.

Describe how to achieve high availability through the use of multiple Availability Zones:

  • Recall that high availability is achieved by using multiple Availability Zones
  • Recognize that Availability Zones do not share single points of failure

Describe when to consider the use of multiple AWS Regions:

Describe at a high level the benefits of Edge Locations:

3.3 Identify the core AWS services[edit]

Describe the categories of services on AWS (compute, storage, network, database).

Identify AWS compute services:

  • Recognize there are different compute families
  • Recognize the different services that provide compute (for example, AWS Lambda

compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)

  • Recognize that elasticity is achieved through Auto Scaling
  • Identify the purpose of load balancers

Identify different AWS storage services:

Identify AWS networking services:

Identify different AWS database services:

  • Install databases on Amazon EC2 compared to AWS managed database

See also[edit]

Advertising: