AWS Cloud Practitioner

From wikieduonline
Revision as of 13:25, 9 September 2021 by Welcome (talk | contribs)
Jump to navigation Jump to search
https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practitioner_Exam_Guide_v1.4_FINAL.PDF


Domain 1: Cloud Concepts
1.1 Define the AWS Cloud and its value proposition
 Define the benefits of the AWS cloud including:
o Security
o Reliability
o High Availability
o Elasticity
o Agility
o Pay-as-you go pricing
o Scalability
o Global Reach
o Economy of scale
 Explain how the AWS cloud allows users to focus on business value
o Shifting technical resources to revenue-generating activities as opposed to managing
infrastructure
1.2 Identify aspects of AWS Cloud economics
 Define items that would be part of a Total Cost of Ownership proposal
o Understand the role of operational expenses (OpEx)
o Understand the role of capital expenses (CapEx)
o Understand labor costs associated with on-premises operations
o Understand the impact of software licensing costs when moving to the cloud
 Identify which operations will reduce costs by moving to the cloud
o Right-sized infrastructure
o Benefits of automation
o Reduce compliance scope (for example, reporting)
o Managed services (for example, RDS, ECS, EKS, DynamoDB)
1.3 Explain the different cloud architecture design principles
 Explain the design principles
o Design for failure
o Decouple components versus monolithic architecture
o Implement elasticity in the cloud versus on-premises
o Think parallel
Version 2.1 CLF-C01 4 | PAGE
Domain 2: Security and Compliance
2.1 Define the AWS shared responsibility model
 Recognize the elements of the Shared Responsibility Model
 Describe the customer’s responsibly on AWS
o Describe how the customer’s responsibilities may shift depending on the service used
(for example with RDS, Lambda, or EC2)
 Describe AWS responsibilities
2.2 Define AWS Cloud security and compliance concepts
 Identify where to find AWS compliance information
o Locations of lists of recognized available compliance controls (for example, HIPPA,
SOCs)
o Recognize that compliance requirements vary among AWS services
 At a high level, describe how customers achieve compliance on AWS
o Identify different encryption options on AWS (for example, In transit, At rest)
 Describe who enables encryption on AWS for a given service
 Recognize there are services that will aid in auditing and reporting
o Recognize that logs exist for auditing and monitoring (do not have to understand the
logs)
o Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
 Explain the concept of least privileged access
2.3 Identify AWS access management capabilities
 Understand the purpose of User and Identity Management
o Access keys and password policies (rotation, complexity)
o Multi-Factor Authentication (MFA)
o AWS Identity and Access Management (IAM)
• Groups/users
• Roles
• Policies, managed policies compared to custom policies
o Tasks that require use of root accounts
Protection of root accounts
2.4 Identify resources for security support
 Recognize there are different network security capabilities
o Native AWS services (for example, security groups, Network ACLs, AWS WAF)
o 3
rd party security products from the AWS Marketplace
 Recognize there is documentation and where to find it (for example, best practices,
whitepapers, official documents)
o AWS Knowledge Center, Security Center, security forum, and security blogs
o Partner Systems Integrators
 Know that security checks are a component of AWS Trusted Advisor
 
Version 2.1 CLF-C01 5 | PAGE
Domain 3: Technology
3.1 Define methods of deploying and operating in the AWS Cloud
 Identify at a high level different ways of provisioning and operating in the AWS cloud
o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as
Code
 Identify different types of cloud deployment models
o All in with cloud/cloud native
o Hybrid
o On-premises
 Identify connectivity options
o VPN
o AWS Direct Connect
o Public internet
3.2 Define the AWS global infrastructure
 Describe the relationships among Regions, Availability Zones, and Edge Locations
 Describe how to achieve high availability through the use of multiple Availability Zones
o Recall that high availability is achieved by using multiple Availability Zones
o Recognize that Availability Zones do not share single points of failure
 Describe when to consider the use of multiple AWS Regions
o Disaster recovery/business continuity
o Low latency for end-users
o Data sovereignty
 Describe at a high level the benefits of Edge Locations
o Amazon CloudFront
o AWS Global Accelerator
3.3 Identify the core AWS services
 Describe the categories of services on AWS (compute, storage, network, database)
 Identify AWS compute services
o Recognize there are different compute families
o Recognize the different services that provide compute (for example, AWS Lambda
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
o Recognize that elasticity is achieved through Auto Scaling
o Identify the purpose of load balancers
 Identify different AWS storage services
o Describe Amazon S3
o Describe Amazon Elastic Block Store (Amazon EBS)
o Describe Amazon S3 Glacier
o Describe AWS Snowball
o Describe Amazon Elastic File System (Amazon EFS)
o Describe AWS Storage Gateway
 Identify AWS networking services
o Identify VPC
o Identify security groups
o Identify the purpose of Amazon Route 53
o Identify VPN, AWS Direct Connect
 Identify different AWS database services
o Install databases on Amazon EC2 compared to AWS managed database

See also

Advertising: