AWS Cloud Practitioner Certification - Short Training notes

I have been preparing for my AWS cloud practitioner certification for the last few weeks and prepared few notes that helped me to revise just before the certification. I would like to share my notes here so that I hope it will be helpful for others.

  • Encrypt Customer data - KMS
  • Hardware device for data encryption in cloud - Cloud HSM
  • Securely deliver content with low latency and high transfer speeds, edge compute capabilities - CloudFront
  • Unpredictable access - S3 Intelligent Tiering
  • No constraint on minimum storage duration - S3 standard.
  • S3 Data transferred in from the internet, data transferred out to ec2 in same region - is not chargeable.
  • Interactive Query service - Athena. (Serverless)
  • Consistent uptime is not required - EC2 Spot instance. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications.
  • EC2 dedicated hosts - allows software licenses.
  • Temporary access to AWS resources - IAM roles
  • Beanstalk is PAAS, Cloud formation is IAC and EC2 is IAAS
  • Performance issue on micro-service architecture, distributed services, production environment - X-Ray
  • Resource specific change history management and audit - AWS Config
  • Account specific activity audit - Cloud Trail
  • EC2 instance terminated - check CloudTrail logs
  • Online tool, real time guidance, help reduce cost, increase performance and security, fault tolerance, service limits,  advices, underutilized EBS volume or EC2 instance - Trusted advisor
  • Automates security assessments, assess for vulnerability and deviation from aws practice - Inspector
  • Monitor malicious activity and threat detection- GuardDuty.
  • Analyzes trillions of events from multiple data sources such as VPC Flow Logs, AWS CloudTrail logs, and Amazon GuardDuty findings and automatically creates a graph model that provides you with a unified, interactive view of your resources, users -Amazon Detective.
  • Protect web application from common attacks (SQL injection) - WAF. It can block all request except one that you provide. It is layer 7. It cannot be deployed on Amazon EC2 instances directly.
  • Monitor HTTP/HTTPS requests forwarded to CloudFront - WAF.
  • WAF can be deployed on Application Load balancer, API GW and CloudFront.
  • AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the following resources: Amazon Elastic Compute Cloud, Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53, AWS Global Accelerator.
  • Amazon API Gateway can execute AWS Lambda functions, start AWS Step Functions state machines, or call HTTP endpoints hosted on AWS Elastic Beanstalk, Amazon EC2, and also non-AWS hosted HTTP based operations that are accessible via the public Internet, expose an API method in API Gateway that sends data directly to Amazon Kinesis.
  • Amazon API Gateway - service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs
  • Well Architected framework - Operational Excellence, Performance efficiency, Security, Reliability and Cost optimization.
  • Computing resources efficiently, while considering the right resource types and sizes based on workload requirements - Performance efficiency.
  • ELB and Autoscaling group(ASG) - Multi AZ - same Region
    Multi AZ - to enhance availability
    Multi Region - disaster recovery and local performance.
  • Free services - IAM, VPC, consolidated billing, EBstalk.
  • All traffic between AZ is encrypted
  • RDS in read replica - to improve scalability, read performance and disaster recovery.
  • Budget - Alert when cost exceeds
    Cost Explorer - View, visualise and analyse cost and usage, forecast usage.
  • EFS - can be directly used with onprem systems and aws cloud.
  • EBS - can be mounted only of EC2.
  • Block level storage - Instance store and EBS.
  • EBS volume - attach to one or more instance in same AZ.
  • EFS -  attach to one or more instance in multi AZ.
  • Shared NFS - EFS
  • CloudWatch + SNS can be used to send alerts.
  • Install app code automatically to EC2 instance - Code deploy.
  • EC2 instance connect - secure way to connect to your EC2 instance.
  • Patching network infrastructure - AWS responsiblity.
  • Lower pay as you go - Massive economies of scale.
  • Reserved instance pricing is available for - EC2 and RDS and DynamoDB.
  • The performance of AWS managed RDS instance is better than a customer-managed database instance.
  • The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations.
  • An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. This is a good option when you need storage with very low latency, but you don't need the data to persist when the instance terminates or you can take advantage of fault-tolerant architectures. For this use-case, the computation application itself has a fault tolerant architecture, so it can automatically handle any failures of Instance.
  • A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms - CloudTrail.
  • TCO - Compare cost during Migration from on-prem to AWS.
  • Data warehousing - Redshift
  • Hadoop cluster - EMR
  • OLAP(Analytics) - Redshift
  • OLTP(Transaction) - RDS
  • NACL - Stateless, Security group - Statefull
  • Review PCI reports - Artifact.
  • Global acceralator - for non HTTP use case, provides static IP act as a fixed entry point to your apps.
  • Part of VPC - Subnet and Internet GW.
  • S3 and DynamoDB support VPC Endpoint GW. All others VPC interface endpoint.
  • Connect VPC to SQS - VPC interface endpoint.
  • Database that provides a centrally verifiable history of all changes made to data residing in it - Quantum ledger DB.
  • Security group - specify allow rules but not deny rules.
  • Serverless - Lambda, Fargate, SNS, SQS, DynamoDB, Aurora, Step function.
  • Regional Scope - Lambda.
  • Global - CloudFront, IAM, Route53,WAF, workspace.
  • Flexible Schema - DynamoDB.
  • On-prem to access or store  data in AWS - AWS Storage GW
  • Federation - Enable user to sign into AWS account with corporate credentials.
  • Cloudfront, WAF and Shield is integrated together to protect against attacks.
  • Key value format - DynamoDB
  • Key value based Object storage, stores data in flat non-hierarchical structure - S3.
  • RDS - Doesn't autoscale, only Aurora does.
  • DynamoDB - Autoscales.
  • Customer interconnect all VPCs - AWS Transit Gateway
  • CAF - Cloud adaption framework
  • Developer access - one contact to open unlimited access
  • Speech to text - Transcibe
  • Text to Speech - Polly
  • Chatbot - Lex
  • Each region - two or more AZ
  • Each AZ - one or more Datacenter
  • Type of GW - Tape, File and Volume
  • Server images up-to-date  - EC2 image builder
  • Snowball - petabyte-scale data transport solution to transfer large amounts of data into and out of AWS. More than 10TB -then Snowmobile
  • Snowmobile - Exabyte-scale data transport solution to transfer large amounts of data to AWS, usually in a truck.
  • AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices.
  • AWS OpsHub is a graphical user interface you can use to manage your AWS Snowball devices.
  • AWS CodeStar and Cloud9 - write, run and debug your code.
  • CodePipeline uses AWS cloud watch events to detect changes in CodeCommit.
  • Savings plan - Compute savings plan(66%), EC2 instance savings plan(72%)
  • Amazon Sumerian is a managed service that lets you create and run 3D, Augmented Reality (AR) and Virtual Reality (VR) applications
  • Amazon AppStream 2.0 is a fully managed non-persistent application and desktop streaming service. (desktop applications available to the employees from browsers on their devices/laptops)
  • Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution.
  • AWS IoT Core lets you connect IoT devices to the AWS cloud without the need to provision or manage servers.
  • Real-time processing of streaming big data for their ad-tech platform- Kinesis datastream.
  • Help you organize your AWS resources, manage and automate tasks on large numbers of resources at a time- AWS resource group.
  • AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources, run commands.
  • Lambda price - no. of request and duration of code execution.
  • HTTP/HTTPS load balance - Application load balancing.
  • Date retrieval from S3 is charged only for - S3-IA, S3-1IA, S3 Glacier and deep archieve.
  • No retrival fee - S3 intelligent tiering and S3 standard.
  • Secondary backup copies storage - cost optimal - S3 one zone IA.
  • What ensure right amount of capacity to handle traffic - Autoscaling.
  • AWS shield - AWS responsibility. Automatically enabled for all.
  • AWS WAF - Customer responsibility. Customer has to enable.
  • Automate operations on his on-premises environment using Chef and Puppet - AWS opworks.
  • Subscribe to an RSS feed to be notified of the status of all AWS service interruptions - Service health dashboard.
  • 15mins response time - Enterprise support.
  • Central user portal to log in to third party - AWS single sign on(SSO).
  • Discover, prepare, and combine data for analytics - Glue.
  • Quickly embed interactive dashboards (BI) into your applications, websites, and portals - QuickSight.
  • AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.
  • CloudTrail logs, AWS S3 glacier, AWS storage GW - Encryped by default.
  • Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
  • Code Artifact - artifact repository service, securely store, publish, and share software packages used in their software development process.
  • Machine Learning models for its projects - Sagemaker.
  • Restrict account privileges in Organisation and mange permissions- SCP.
  • Quickly deploy a popular technology on AWS- AWS quick start reference.
  • EBS volumes pricing is based on - Provisioned IOPS, volume type.
  • S3 Object Lock - users with special permissions can make changes to the Lock policy and delete the data.
  • S3 Glacier Vault Lock - After you lock the policy, the policy becomes immutable.
  • Elastic beanstalk - quickly deploy and manage applications, no need to worry about infrastructure, no additional charge. EBS health monitoring can determine that ASG is available and atleast one instance is available, has basic health reporting, doesn't publish any metrics.
  • Virtualy unlimited throughput and storage - DynamoDB
  • AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations and execute your event confidently with AWS experts by your side.
  • Data replication across regions - S3 and RDS.
  • How to save cost - Delete all unused ELB, EC2 and EBS attached to them and unused elastic IP.
  • RDS pricing depends on number of input and data transfer.
  • CDN pricing is different for regions.
  • User - add to group, add a policy, add another user's permissions.
  • Role - add temporary permission for an another user in another account which is trusted.
  • Policy - json document can be attached to user, group or role.
  • Group - collection of users.
  • VPC spans accross all AZ in region, subnet spans accross a single AZ.
  • A developer doesn't know about the configuration like VPC and wants to deploy application automatically - Elastic bean stalk.
  • Datawarehouse - RedShift.
  • Resource specific change - AWS Config.
  • Underutilised EC2 instance - Trusted advisor.
  • Interactive dashboard / Business inteligence - QuickSight.
  • EC2 wants to access the s3 bucket -  Create an IAM role
  • One year contract - Reserved Instance
  • One month  - On demand
  • AWS Connect- Virtual contact center
  • Event driven - lambda
  • On-prem to AWS storage - aws storage GW
  • Long term storage of reports low cost - Glacier
  • Infracsturce as code is part of which pillar - Operation excellence
  • Origanisation consolidated billing use - Volume pricing qualification.
  • Convertible EC2 instance.- Enables you to modify Availability Zone, scope, networking type, and instance size (within the same instance type) of your Reserved Instance, enables you to exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy.  Cannot be sold in the Reserved Instance Marketplace.
  • Relaiblity pillar - testing recovery procedures
  • Each AZ - one or more Datacenter
  • On prem to AWS VPC public connection - VPN
  • Service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3 - GuardDuty
  • Reports that break down your costs by the hour and  publish your AWS billing reports to an Amazon Simple Storage Service - Cost and usage report.
  • Queing service,first in first out - SQS

Test your Knowledge

  • Which of the following is used for Centraly manage VPC? AWS firewall or WAF?
  • Where to check for billing? AWS consolidted billing or AWS cost and billing console?
  • What lets to verify if your account is as per best practices? Well architech tool or personal health dashboard?
  • How to make your APP globaly reachable? CloudFront or Global accelerator ?
  • How to manage multiple account? Control tower  or resource manager?
  • How to prevent accidental delete/rewrites to S3 bucket? Bucket Versions or Lifecycle policy?
  • Which are the user auth services? cognito/IAM?
  • What is AWS Abuse used for? Port scan/DDos?
  • What are the available options for RDS DB - sysbase, postgres, MSSQL,ibmbd2, dynamodb,mangodb ?
  • How to generate heavy report in aws RDS without impacting RDS performance?
  • Which of the following is not a global service? S3/Shield/Cloudfront?
  • Service used to Connect all VPC?

Asha

Asha

I am a self mentored web enthusiast who likes to inspect element everything I see on the web.
Nithya Binoy

Nithya Binoy