Difference between revisions of "AWS Cloud Practitioner"
Tags: Mobile web edit, Mobile edit |
|||
(22 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | * https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF | |
+ | |||
+ | * https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Sample-Questions.pdf | ||
==Domain 1: Cloud Concepts== | ==Domain 1: Cloud Concepts== | ||
Line 37: | Line 39: | ||
* Design for failure | * Design for failure | ||
* Decouple components versus monolithic architecture | * Decouple components versus monolithic architecture | ||
− | * Implement elasticity in the cloud versus on-premises | + | * Implement elasticity in the cloud versus [[on-premises]] |
* Think parallel | * Think parallel | ||
− | |||
==Domain 2: Security and Compliance== | ==Domain 2: Security and Compliance== | ||
===2.1 Define the AWS shared responsibility model=== | ===2.1 Define the AWS shared responsibility model=== | ||
Recognize the elements of the Shared Responsibility Model | Recognize the elements of the Shared Responsibility Model | ||
− | Describe the customer’s responsibility on AWS | + | Describe the customer’s responsibility on [[AWS]] |
* Describe how the customer’s responsibilities may shift depending on the service used | * Describe how the customer’s responsibilities may shift depending on the service used | ||
− | (for example with RDS, Lambda, or EC2) | + | (for example with [[RDS]], [[Lambda]], or [[EC2]]) |
* Describe AWS responsibilities | * Describe AWS responsibilities | ||
Line 53: | Line 54: | ||
===2.2 Define AWS Cloud security and compliance concepts=== | ===2.2 Define AWS Cloud security and compliance concepts=== | ||
Identify where to find AWS compliance information: | Identify where to find AWS compliance information: | ||
− | *Locations of lists of recognized available compliance controls (for example, HIPPA, | + | *Locations of lists of recognized available compliance controls (for example, [[HIPPA]], |
− | SOCs) | + | [[SOCs]]) |
* Recognize that compliance requirements vary among AWS services | * Recognize that compliance requirements vary among AWS services | ||
At a high level, describe how customers achieve compliance on AWS | At a high level, describe how customers achieve compliance on AWS | ||
− | * Identify different encryption options on AWS (for example, In transit, At rest) | + | * Identify different [[encryption]] options on AWS (for example, [[In transit]], [[At rest]]) |
Describe who enables encryption on AWS for a given service | Describe who enables encryption on AWS for a given service | ||
Line 65: | Line 66: | ||
* Recognize that logs exist for auditing and monitoring (do not have to understand the | * Recognize that logs exist for auditing and monitoring (do not have to understand the | ||
logs) | logs) | ||
− | * Define Amazon CloudWatch, AWS Config, and AWS CloudTrail | + | * Define [[Amazon CloudWatch]], [[AWS Config]], and [[AWS CloudTrail]] |
Explain the concept of least privileged access | Explain the concept of least privileged access | ||
Line 73: | Line 74: | ||
* [[Multi-Factor Authentication]] (MFA) | * [[Multi-Factor Authentication]] (MFA) | ||
* [[AWS Identity and Access Management]] (IAM) | * [[AWS Identity and Access Management]] (IAM) | ||
− | ** Groups/users | + | ** [[Groups]]/[[users]] |
− | ** Roles | + | ** [[Roles]] |
− | ** Policies, managed policies compared to custom policies | + | ** [[Policies]], managed policies compared to custom policies |
* Tasks that require use of root accounts | * Tasks that require use of root accounts | ||
Line 82: | Line 83: | ||
===2.4 Identify resources for security support=== | ===2.4 Identify resources for security support=== | ||
Recognize there are different network security capabilities: | Recognize there are different network security capabilities: | ||
− | *Native AWS services (for example, security groups, Network ACLs, AWS WAF) | + | *Native [[AWS services]] (for example, [[security groups]], [[Network ACLs]], [[AWS WAF]]) |
* 3 | * 3 | ||
− | rd party security products from the AWS Marketplace | + | rd party security products from the [[AWS Marketplace]] |
* Recognize there is documentation and where to find it (for example, best practices, | * Recognize there is documentation and where to find it (for example, best practices, | ||
whitepapers, official documents) | whitepapers, official documents) | ||
* AWS Knowledge Center, Security Center, security forum, and security blogs | * AWS Knowledge Center, Security Center, security forum, and security blogs | ||
− | * Partner Systems Integrators | + | * [[Partner Systems Integrators]] |
− | Know that security checks are a component of AWS Trusted Advisor | + | Know that security checks are a component of [[AWS Trusted Advisor]] |
− | |||
− | |||
==Domain 3: Technology== | ==Domain 3: Technology== | ||
===3.1 Define methods of deploying and operating in the AWS Cloud=== | ===3.1 Define methods of deploying and operating in the AWS Cloud=== | ||
Identify at a high level different ways of provisioning and operating in the AWS cloud: | Identify at a high level different ways of provisioning and operating in the AWS cloud: | ||
− | *Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as | + | * Programmatic access, [[APIs]], [[SDKs]], [[AWS Management Console]], [[CLI]], [[Infrastructure as Code]] |
− | Code | ||
Identify different types of cloud deployment models: | Identify different types of cloud deployment models: | ||
* All in with cloud/cloud native | * All in with cloud/cloud native | ||
− | * Hybrid | + | * [[Hybrid]] |
− | * On-premises | + | * [[On-premises]] |
Identify connectivity options: | Identify connectivity options: | ||
− | * VPN | + | * [[VPN]] |
− | * AWS Direct Connect | + | * [[AWS Direct Connect]] |
* Public internet | * Public internet | ||
===3.2 Define the AWS global infrastructure=== | ===3.2 Define the AWS global infrastructure=== | ||
− | Describe the relationships among Regions, Availability Zones, and Edge Locations. | + | Describe the relationships among [[Regions]], [[Availability Zones]], and [[Edge Locations]]. |
Describe how to achieve high availability through the use of multiple Availability Zones: | Describe how to achieve high availability through the use of multiple Availability Zones: | ||
− | * Recall that high availability is achieved by using multiple Availability Zones | + | * Recall that high availability is achieved by using multiple [[Availability Zones]] |
* Recognize that Availability Zones do not share single points of failure | * Recognize that Availability Zones do not share single points of failure | ||
Describe when to consider the use of multiple AWS Regions: | Describe when to consider the use of multiple AWS Regions: | ||
− | * Disaster recovery/business continuity | + | * [[Disaster recovery]]/business continuity |
− | * Low latency for end-users | + | * [[Low latency]] for end-users |
− | * Data sovereignty | + | * [[Data sovereignty]] |
Describe at a high level the benefits of Edge Locations: | Describe at a high level the benefits of Edge Locations: | ||
− | * Amazon CloudFront | + | * [[Amazon CloudFront]] |
− | * AWS Global Accelerator | + | * [[AWS Global Accelerator]] |
===3.3 Identify the core AWS services=== | ===3.3 Identify the core AWS services=== | ||
− | + | Describe the categories of services on AWS (compute, storage, network, database). | |
− | + | ||
− | + | Identify AWS compute services: | |
− | + | * Recognize there are different compute families | |
− | compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.) | + | * Recognize the different services that provide compute (for example, [[AWS Lambda ]] |
− | + | compared to Amazon Elastic Container Service (Amazon [[ECS]]), or Amazon [[EC2]], etc.) | |
− | + | * Recognize that elasticity is achieved through [[Auto Scaling]] | |
− | + | * Identify the purpose of load balancers | |
− | + | ||
− | + | Identify different AWS storage services: | |
− | + | * Describe [[Amazon S3]] | |
− | + | * Describe [[Amazon Elastic Block Store]] (Amazon EBS) | |
− | + | * Describe [[Amazon S3 Glacier]] | |
− | + | * Describe [[AWS Snowball]] | |
− | + | * Describe [[Amazon Elastic File System]] (Amazon EFS) | |
− | + | * Describe [[AWS Storage Gateway]] | |
− | + | ||
− | + | Identify AWS networking services: | |
− | + | * Identify [[VPC]] | |
− | + | * Identify [[security groups]] | |
− | + | * Identify the purpose of [[Amazon Route 53]] | |
+ | * Identify [[VPN]], [[AWS Direct Connect]] | ||
+ | |||
+ | Identify different AWS database services: | ||
+ | * Install databases on Amazon EC2 compared to AWS managed database | ||
== See also == | == See also == |
Latest revision as of 04:35, 10 September 2021
Contents
Domain 1: Cloud Concepts[edit]
1.1 Define the AWS Cloud and its value proposition[edit]
Define the benefits of the AWS cloud including:
- Security
- Reliability
- High Availability
- Elasticity
- Agility
- Pay-as-you go pricing
- Scalability
- Global Reach
- Economy of scale
Explain how the AWS cloud allows users to focus on business value
- Shifting technical resources to revenue-generating activities as opposed to managing
infrastructure
1.2 Identify aspects of AWS Cloud economics[edit]
Define items that would be part of a Total Cost of Ownership proposal
- Understand the role of operational expenses (OpEx)
- Understand the role of capital expenses (CapEx)
- Understand labor costs associated with on-premises operations
- Understand the impact of software licensing costs when moving to the cloud
Identify which operations will reduce costs by moving to the cloud:
- Right-sized infrastructure
- Benefits of automation
- Reduce compliance scope (for example, reporting)
- Managed services (for example, RDS, ECS, EKS, DynamoDB)
1.3 Explain the different cloud architecture design principles[edit]
Explain the design principles:
- Design for failure
- Decouple components versus monolithic architecture
- Implement elasticity in the cloud versus on-premises
- Think parallel
Domain 2: Security and Compliance[edit]
[edit]
Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS
- Describe how the customer’s responsibilities may shift depending on the service used
(for example with RDS, Lambda, or EC2)
- Describe AWS responsibilities
2.2 Define AWS Cloud security and compliance concepts[edit]
Identify where to find AWS compliance information:
- Locations of lists of recognized available compliance controls (for example, HIPPA,
SOCs)
- Recognize that compliance requirements vary among AWS services
At a high level, describe how customers achieve compliance on AWS
- Identify different encryption options on AWS (for example, In transit, At rest)
Describe who enables encryption on AWS for a given service
Recognize there are services that will aid in auditing and reporting
- Recognize that logs exist for auditing and monitoring (do not have to understand the
logs)
- Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
Explain the concept of least privileged access
2.3 Identify AWS access management capabilities[edit]
Understand the purpose of User and Identity Management:
- Access keys and password policies (rotation, complexity)
- Multi-Factor Authentication (MFA)
- AWS Identity and Access Management (IAM)
- Tasks that require use of root accounts
Protection of root accounts
2.4 Identify resources for security support[edit]
Recognize there are different network security capabilities:
- Native AWS services (for example, security groups, Network ACLs, AWS WAF)
- 3
rd party security products from the AWS Marketplace
- Recognize there is documentation and where to find it (for example, best practices,
whitepapers, official documents)
- AWS Knowledge Center, Security Center, security forum, and security blogs
- Partner Systems Integrators
Know that security checks are a component of AWS Trusted Advisor
Domain 3: Technology[edit]
3.1 Define methods of deploying and operating in the AWS Cloud[edit]
Identify at a high level different ways of provisioning and operating in the AWS cloud:
- Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as Code
Identify different types of cloud deployment models:
- All in with cloud/cloud native
- Hybrid
- On-premises
Identify connectivity options:
- VPN
- AWS Direct Connect
- Public internet
3.2 Define the AWS global infrastructure[edit]
Describe the relationships among Regions, Availability Zones, and Edge Locations.
Describe how to achieve high availability through the use of multiple Availability Zones:
- Recall that high availability is achieved by using multiple Availability Zones
- Recognize that Availability Zones do not share single points of failure
Describe when to consider the use of multiple AWS Regions:
- Disaster recovery/business continuity
- Low latency for end-users
- Data sovereignty
Describe at a high level the benefits of Edge Locations:
3.3 Identify the core AWS services[edit]
Describe the categories of services on AWS (compute, storage, network, database).
Identify AWS compute services:
- Recognize there are different compute families
- Recognize the different services that provide compute (for example, AWS Lambda
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
- Recognize that elasticity is achieved through Auto Scaling
- Identify the purpose of load balancers
Identify different AWS storage services:
- Describe Amazon S3
- Describe Amazon Elastic Block Store (Amazon EBS)
- Describe Amazon S3 Glacier
- Describe AWS Snowball
- Describe Amazon Elastic File System (Amazon EFS)
- Describe AWS Storage Gateway
Identify AWS networking services:
- Identify VPC
- Identify security groups
- Identify the purpose of Amazon Route 53
- Identify VPN, AWS Direct Connect
Identify different AWS database services:
- Install databases on Amazon EC2 compared to AWS managed database
See also[edit]
- AWS, Amazon Managed Services, AWS Management & Governance, computing, security, networking, AWS compliance, AWS Outposts AWS Free Tier, AWS certifications, AWS Trusted Advisor, AWS Systems Manager, AWS Config, IAM Access Analyzer, AWS Cost Explorer, AWS Cost Management, AWS Budgets, AWS Organizations, AWS dev: (CodeStar, Cloud9), AWS Partner Network (APN), AWS Resource Access Manager, AWS Quick Starts, AWS Global Accelerator, AWS Elemental MediaStore, AWS Enterprise support, AWS support, AWS Professional Services Consultants, AWS Cloud Map, AWS Marketplace, AWS CLI, AWS Management Console, AWS acceptable use policy, amazonaws.com, Quotas, AWS Support plans, AWS Resource Explorer, AWS Managed Services (AMS), AWS savings, AWS Nitro System, AWS Activate, Serverless, AWS timeline
- Certifications: Security certifications, Enterprise architecture, Coursera, AWS certifications, CertiProf, Pearson VUE, Terraform Associate, Freecram, ExamLabs
Advertising: