AWS solution architect associate考试资料合集.pdf-资料库

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第1页.png

第1页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第2页.png

第2页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第3页.png

第3页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第4页.png

第4页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第5页.png

第5页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第6页.png

第6页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第7页.png

第7页 / 共165页

a41ea9d7-05a7-4115-a3cc-453a146185a8.pdf-第8页.png

第8页 / 共165页

Amazon Certified Solutions Architect Exam Official Information Links Books (CSDN) Online Lectures (迅雷) Practise Questions & Flash Cards AWS Global Infrastructure Infrastructure Support Plans AWS Design Principles AWS Security Well-Architected Framework Consolidated Billing Compute EC2: Elastic Compute Cloud Lambda EC2 Container Service Elastic Beanstalk Server Migration Storage & Content Delivery EBS: Elastic Block Store S3: Simple Storage Service Glacier CloudFront CDN Storage Gateway Import/Export Snowball EFS: Elastic File System Database Data Warehouse RDS: Relational Database Services DynamoDB RedShift Elasticache DMS: Database Migration Service 3 3 3 3 3 5 5 5 6 6 8 12 13 13 18 19 19 19 20 20 22 25 26 26 27 27 28 29 29 30 31 32 32

Aurora Networking DNS: Domain Name Service Route53 (DNS) VPC: Virtual Private Cloud Direct Connect ELB: Elastic Load Balancer Developer Tools CodeCommit CodePipeline CodeDeploy Management Tools CloudFormation CloudWatch CloudTrail Auto Scaling Config Service Catalog Trusted Advisor Resource Groups OpsWorks Security & Identity IAM: Identity & Access Management WAF: Web Application Firewall Inspector Directory Service Analytics EMR Kinesis Data Pipeline Machine Learning Internet Of Things AWS IoT Mobile Services Cognito Device Farm 32 33 34 34 35 41 41 43 44 44 44 45 45 45 45 46 46 46 46 46 47 47 48 49 49 49 49 49 50 50 50 51 51 52 52 52

Mobile Hub Mobile Analytics SNS: Simple Notification Service Application Services API Gateway SQS: Simple Queue Service SWF: Simple Workflow Service AppStream Elastic Transcoder SES CloudSearch Game Development Enterprise Applications WorkSpaces (VDI) WorkDocs WorkMail Questions & Answers Official Information Links 52 52 52 54 54 54 54 54 54 55 55 56 57 57 57 57 58 - - https://aws.amazon.com/certification/certification-prep/ http://awstrainingandcertification.s3.amazonaws.com/production/AWS_certified_solution s_architect_associate_blueprint.pdf Books (CSDN) - AWS Certified Solutions Architect Official Study Guide: Associate Exam (2016, Sybex) - www.wiley.com/go/sybextestprep (questions: 368, flashcards: 100) Online Lectures (迅雷) - ACloudGuru AWS Solutions Architect Exam Prep Course (udemy) - Linuxacademy AWS Solutions Architect - CBTNugggets AWS Solutions Architect Practise Questions & Flash Cards - www.wiley.com/go/sybextestprep (questions: 368, flashcards: 100)

- - - - - - http://thecertschool.com/category/aws/ http://www.dennyzhang.com/aws_associate_cert/ http://blog.flux7.com/blogs/quizzes/cloud-computing-quiz-1-check-your-knowledge-on-a ws http://searchaws.techtarget.com/quiz/Amazon-Web-Services-Security-Quiz http://searchaws.techtarget.com/quiz/Test-your-knowledge-Amazon-Simple-Storage-Ser vice-quiz http://searchaws.techtarget.com/quiz/Take-our-quiz-to-find-out-what-you-know-about-A WS-IaaS http://www.silicon.co.uk/quiz/amazon-web-services-145-1 http://searchaws.techtarget.com/quiz/Test-your-knowledge-Amazon-Redshift-quiz http://www.awsomeblog.com/aws-certified-solutions-architect-exam-sample-quiz/ http://www.cloudsolutionsbook.com/amazon-cloud-solutions/june-20th-2015 http://www.huangbowen.net/blog/2014/10/22/aws-cert-sample-question/ http://quizlet.com/35935418/detailed-questions-flash-cards/ - - - - - - - CramFLASH Study Flashcards for AWS Developer Associate Exam: 60 “cards” are included - CramFLASH Study Flashcards for AWS SysOps Admin Associate Exam: 50 flashcards included - AWS Solutions Architect Apps on Android

AWS Global Infrastructure Infrastructure - >16 Regions: - - a region is a geographical area consisting 2 or more availability zones complete independent and isolated from other regions - - - - - - - resources aren't replicated across regions unless organizations choose to do so data locality sovereignty concerns located close to end users, minimize latency far from primary facilities to satisfy disaster recovery and compliance needs foundation for meeting location dependent privacy and compliance requirements customer has full control - AWS does not move customer’s resources - >42 Availability Zones - - - simply a data center connected via an inexpensive, low latency network distinct locations engineered to be insulated from failures in other availability zones isolated, but AZs in a region are connected through low-latency links - - AZs in a region are physically separated within a typical metropolitan region - - - - HA: deploy across multiple AZs located in lower-risk flood plains uses UPS and on-site backup generators redundantly connected to multiple tier-1 transit providers - >54 Edge Locations - CDN endpoints for CloudFront - many more than regions - AWS cloud service model: IaaS (infrastructure-as-a-service) - other models:PaaS, SaaS - AWS access: - Management Console - CLI - SDK (API) Support Plans - Basic, Developer, Business, Enterprise - Response Times: - - general guidance: <24h system impaired: <12h

- - - production system impaired: <4h (business, enterprise) production system down: <1h (business, enterprise) business-critical system down: <15min (enterprise) - Trusted Advisor: basic+developer: 4 core set of checks only AWS Design Principles - Deployment Models: - - all-in cloud-based application: fully deployed in the cloud - - public private hybrid deployment: connects infrastructure between cloud-based resources and existing data center. leverage dedicated connectivity, identity federation, and integrated tools - Design for failure: - - - assume things will fail recovery strategies during design time: - - design automated recovery from failure assume more than the expected number of requests per second some day decouple components - Implement Elasticity: - - - proactive cyclic scaling: periodic scaling at fixed interval (daily, weekly, …) proactive event-based scaling: scaling when expecting a big surge of traffic due to a scheduled business event (e.g. new product launch, marketing campaigns) auto-scaling based on demand: take actions to scale up or down based on metrics (e.g. cpu load, network I/O) - Advantages of Cloud: - almost zero upfront infrastructure investment: trade capital expense for “variable expense” benefit from massive “economies of scale” - - more efficient resource utilization: stop guessing about capacity - - - just-in-time infrastructure: increase speed and agility usage-based costing: stop spending money running and maintaining data centers reduced time-to-market: go global in minutes - Technical benefits: automation: scriptable infrastructure automated elasticity and scalability proactive scaling - - - - more efficient development lifecycle - - improved testability disaster recovery and business continuity

AWS Security - - - - electronic surveillance and multi-factor access control systems 24x7 staffed by security guards access is authorised on a “least privilege basis” shared security model: - AWS: responsible for securing the underlying infrastructure - - - global infrastructure services offered in the cloud security configuration, patches, antivirus etc. of managed services (e.g. DynamoDB, RDS, Redshift, EMR, WorkSpaces) - Customer: responsible for anything you put on the cloud or connect to the cloud - full root access on guest operating system - AWS does not have any access rights to the guest OS - available on instance types from M3, C3, R3 and G2: encrypted EBS volumes and snapshots with AES-256 - IAAS: security configuration and management tasks on EC2, VPC, S3 - managed services: account management and user access control (e.g. MFA, SSL/TLS, user activity logging with CloudTrail) - Physical and environmental security: fire detection and suppression redundant and maintainable power systems climate and temperature control preventive monitoring - - - - - Storage Decommissioning: - - prevents customer data from being exposed to unauthorized individuals all decommissioned magnetic storage devices are degaussed and physically destroyed - DoD 5220.22-M (national industrial security program operating manual) - NIST 800-88: guidelines for media sanitization - Business continuity management - - - availability: data centers built in clusters in various global regions incident response: 7x24h coverage to detect incidents and to manage the impact and resolution communication: training programs, service health dashboard - Network security: - Secure network architecture - network ACLs - Secure access points: - monitored HTTP/HTTPS API endpoints - redundant ISP connections - Transmission protection: - HTTPS using SSL

- VPC: private subnet - ELB: SSL termination on the load balancer is supported - Monitoring and protection: - DDoS (Distributed denial of service) attacks - MITM: man in the middle attacks - IP spoofing: firewall denials instance sending traffic with a source IP or MAC address other than its own - Port scanning: attacks such as ARP cache poisoning do not work within EC2 and VPC - Packet Sniffing by other tenants: it is not possible for a virtual instance running in promiscuous mode to receive or sniff traffic that is intended for a different virtual instance - AWS regularly scans all internet facing IP addresses for vulnerabilities (not include customer instances) regular vulnerability threat assessments by independent security firms - - - IPsec VPN: encrypted tunnel between VPC and your data center Logically the AWS production network is segregated from the Amazon Corporate network - AWS acceptable use policy: - you must request a vulnerability scan in advance - Direct Connect: dedicated connection using 802.1q VLAN - Trusted Advisor: - makes recommendations to save money, improve performance and close security gaps, e.g. open ports public access to S3 buckets enable user activity logging (CloudTrail) - - - - MFA on root account - VPC security: - API access encrypted with SSL and signed by secret access key - - - - - - subnets and route tables firewall (security groups) network ACLs virtual private gateway: private connectivity between VPC and another network internet gateway dedicated instances: physically isolated - EC2 security: - multiple levels of security: OS of host platform, guest OS, firewall and signed API calls hypervisor: highly customized Xen hypervisor Instances Isolation: - - - customers’ instances → hypervisor → virtual interfaces → security groups → firewall → physical interfaces

资料库

AWS solution architect associate考试资料合集.pdf

相关推荐

考试认证

热门标签

最新资料