AWS Cloud Practitioner

https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF

==Domain 1: Cloud Concepts==
===1.1 Define the AWS Cloud and its value proposition===
Define the benefits of the AWS cloud including:
* Security
* Reliability
* High Availability
* Elasticity
* Agility
* Pay-as-you go pricing
* Scalability
* Global Reach
* Economy of scale

Explain how the AWS cloud allows users to focus on business value
* Shifting technical resources to revenue-generating activities as opposed to managing
infrastructure

===1.2 Identify aspects of AWS Cloud economics===
Define items that would be part of a Total Cost of Ownership proposal

* Understand the role of operational expenses (OpEx)
* Understand the role of capital expenses (CapEx)
* Understand labor costs associated with on-premises operations
* Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:
* Right-sized infrastructure
* Benefits of automation
* Reduce compliance scope (for example, reporting)
* Managed services (for example, RDS, ECS, EKS, DynamoDB)

===1.3 Explain the different cloud architecture design principles===
Explain the design principles:

* Design for failure
* Decouple components versus monolithic architecture
* Implement elasticity in the cloud versus on-premises
* Think parallel
Version 2.1 CLF-C01 4 | PAGE

==Domain 2: Security and Compliance==
===2.1 Define the AWS shared responsibility model===
Recognize the elements of the Shared Responsibility Model
Describe the customer’s responsibility on AWS

* Describe how the customer’s responsibilities may shift depending on the service used
(for example with RDS, Lambda, or EC2)

* Describe AWS responsibilities

===2.2 Define AWS Cloud security and compliance concepts===
Identify where to find AWS compliance information:
*Locations of lists of recognized available compliance controls (for example, HIPPA,
SOCs)
* Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS
* Identify different encryption options on AWS (for example, In transit, At rest)

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting
* Recognize that logs exist for auditing and monitoring (do not have to understand the
logs)
* Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
 Explain the concept of least privileged access
2.3 Identify AWS access management capabilities
 Understand the purpose of User and Identity Management
o Access keys and password policies (rotation, complexity)
o Multi-Factor Authentication (MFA)
o AWS Identity and Access Management (IAM)
• Groups/users
• Roles
• Policies, managed policies compared to custom policies
o Tasks that require use of root accounts
Protection of root accounts
2.4 Identify resources for security support
 Recognize there are different network security capabilities
o Native AWS services (for example, security groups, Network ACLs, AWS WAF)
o 3
rd party security products from the AWS Marketplace
 Recognize there is documentation and where to find it (for example, best practices,
whitepapers, official documents)
o AWS Knowledge Center, Security Center, security forum, and security blogs
o Partner Systems Integrators
 Know that security checks are a component of AWS Trusted Advisor
 
Version 2.1 CLF-C01 5 | PAGE
Domain 3: Technology
3.1 Define methods of deploying and operating in the AWS Cloud
 Identify at a high level different ways of provisioning and operating in the AWS cloud
o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as
Code
 Identify different types of cloud deployment models
o All in with cloud/cloud native
o Hybrid
o On-premises
 Identify connectivity options
o VPN
o AWS Direct Connect
o Public internet
3.2 Define the AWS global infrastructure
 Describe the relationships among Regions, Availability Zones, and Edge Locations
 Describe how to achieve high availability through the use of multiple Availability Zones
o Recall that high availability is achieved by using multiple Availability Zones
o Recognize that Availability Zones do not share single points of failure
 Describe when to consider the use of multiple AWS Regions
o Disaster recovery/business continuity
o Low latency for end-users
o Data sovereignty
 Describe at a high level the benefits of Edge Locations
o Amazon CloudFront
o AWS Global Accelerator
3.3 Identify the core AWS services
 Describe the categories of services on AWS (compute, storage, network, database)
 Identify AWS compute services
o Recognize there are different compute families
o Recognize the different services that provide compute (for example, AWS Lambda
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
o Recognize that elasticity is achieved through Auto Scaling
o Identify the purpose of load balancers
 Identify different AWS storage services
o Describe Amazon S3
o Describe Amazon Elastic Block Store (Amazon EBS)
o Describe Amazon S3 Glacier
o Describe AWS Snowball
o Describe Amazon Elastic File System (Amazon EFS)
o Describe AWS Storage Gateway
 Identify AWS networking services
o Identify VPC
o Identify security groups
o Identify the purpose of Amazon Route 53
o Identify VPN, AWS Direct Connect
 Identify different AWS database services
o Install databases on Amazon EC2 compared to AWS managed database