Cloud Concepts

Question 1

Define the AWS Cloud and its value proposition

Answer 1

a. Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. These include services that provide compute power, object and file storage, networking capabilities, and more.
b. A shift to pay-as-you-go pricing allows the reallocation of resources to revenue-generating activities as opposed to managing on-premise infrastructure.

Question 2

Identify aspects of AWS Cloud Economics

Answer 2

a. Understand the concept of Total Cost of Ownership (TCO)
b. Understand the role of Operational Expenses (OpEx)
c. Understand the role of Capital Expenses (CapEx)
d. Identify the operations that could reduce costs by moving to the cloud
e. Stop guessing capacity
f. Increase speed and agility
g. Improve security
h. Go global in minutes

Question 3

List the different cloud architecture design principles (refer to the Well-Architected Framework Whitepaper)

Answer 3

a. Scaling
b. Availability
c. Automation
d. Monitoring
e. Security

Question 4

Define the AWS Shared Responsibility Model

Answer 4

1. AWS is responsible for the OF the cloud (datacenters, physical security, hardware networking, etc.)
2. Customer is responsible for everything that goes IN the cloud (data, encryption, IAM, software, etc.)
3. It is crucially important to understand which components and parts of AWS are your responsibility for each service. For example, with EC2 you maintain control over the OS, whereas with RDS, AWS is responsible for the OS. The Shared Responsibility model will show up heavily on the exam. Additional details are available on the AWS website in form of various documentation.

Question 5

Define AWS Cloud security and compliance concepts

Answer 5

1. Concept of least-privilege-access means everyone has the least amount of access needed to perform their roles. Use the IAM service to set up permissions.
2. Always protect external facing resources such as S3 buckets.
3. Use encryption at-rest and in-transit.

Question 6

Identify AWS access management capabilities

Answer 6

1. IAM – Identity and Access Management gives you the ability to define permissions for access for users, groups or roles.
2. Can be used in conjunction with on-premises services like Active Directory or cloud-hosted active-directory

Question 7

Identify resources for Security Support

Answer 7

A. AWS Cloud Trail
B. AWS Config
C. AWS Artifact
D. Amazon Gurad Duty
E. AWS Shield
F. Amazon Macie
G. AWS Security Hub
H. AWS Trusted Advisor

Question 8

Security Support: AWS CloudTrail

Answer 8

Definition: A service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

Question 9

Security Support: AWS Config

Answer 9

Definition: a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Question 10

Security Support: AWS Artifact

Answer 10

Definition: AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Question 11

Security Support: Amazon GuardDuty

Answer 11

Definition: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.

Question 12

Security Support: Amazon Macie

Answer 12

Definition: Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

Question 13

Security Support: AWS Security Hub

Answer 13

Definition:
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from

Question 14

Security Support: AWS Trusted Advisor

Answer 14

Definition: AWS Trusted Advisors provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. You can then follow the check recommendations to optimize your services and resources. (Remember that this includes security checks!)

Question 15

Domain: Technology

1. Define methods of deploying and operating in the AWS Cloud

Answer 15

a. AWS Management Console
b. AWS CLI Command line interface
c. AWS AWS Software Development Kit (SDK
d. AWS CloudFormation

Question 16

AWS Management Console

Answer 16

The AWS Management Console gives you secure login using your AWS or IAM account credentials.

Question 17

AWS CLI : Command Line Interface

Answer 17

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Question 18

AWS Software Development Kit (SDK)

Answer 18

The AWS Software Development Kit (SDK) allows you to access AWS services using most development languages as part of an application.

Question 19

AWS CloudFormation

Answer 19

AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. CloudFormation has no cost, but you pay for the cost of services and resources provisioned.