AWS Cloud Practitioner Certification (CLF-C02)

Questions and Answers

An organization is considering migrating to the cloud. Which benefit aligns with adopting a strategic approach as promoted by obtaining the AWS Cloud Practitioner certification?

• Understanding programming skills required for cloud workload development.
• Validating the ability to immediately build and deploy cloud workloads.
• Promoting big-picture thinking for identifying trends and opportunities related to cloud adoption. (correct)
• Gaining proficiency in technical diagramming for cloud infrastructure.

A project manager with some cloud experience wants to validate their knowledge of AWS services and cloud concepts without needing to demonstrate hands-on technical skills. Which AWS certification is most appropriate?

• AWS Certified DevOps Engineer - Professional
• AWS Certified Solutions Architect - Associate
• AWS Certified Cloud Practitioner (correct)
• AWS Certified Developer - Associate

An individual with a background in executive management aims to gain strategic insights into cloud computing for better decision-making. How can the AWS Cloud Practitioner certification benefit this individual?

• By validating their ability to design and implement complex cloud solutions architecture.
• By providing in-depth knowledge of specific AWS services' configurations.
• By offering a comprehensive understanding of cloud fundamentals and AWS services, aiding strategic cloud adoption. (correct)
• By enabling them to write code for cloud applications.

A solutions architect with experience in other cloud platforms wants to refresh and broaden their knowledge of AWS services and architecture. Which AWS certification would be most suitable for efficiently achieving this goal?

AWS Certified Cloud Practitioner (D)

An organization is planning to migrate its on-premises infrastructure to AWS. Which of the following strategies aligns with the AWS Cloud Adoption Framework, a key concept covered in the AWS Cloud Practitioner certification?

Developing a comprehensive plan that addresses business, people, governance, platform, security, and operations aspects of cloud adoption. (D)

An IT professional wants to demonstrate a foundational understanding of AWS services, security, and billing. How should this person prioritize their study time based on the exam domains for the AWS Cloud Practitioner certification?

Focus primarily on 'Cloud Technology and Services' and 'Security and Compliance' due to their higher percentage in the exam. (C)

Before taking the AWS Cloud Practitioner exam, a candidate wants to simulate the real exam environment. What is the most effective way to achieve this?

Completing multiple practice exams to become familiar with the question format and time constraints. (D)

An organization with strict compliance requirements is considering using AWS. How does the 'AWS Shared Responsibility Model,' a key concept for the AWS Cloud Practitioner exam, impact their compliance strategy?

AWS and the organization share responsibility for security and compliance, where AWS manages the security 'of' the cloud, and the organization manages security 'in' the cloud. (A)

A company wants to implement a solution that automatically scales resources based on application demand while minimizing management overhead. Which AWS compute service aligns with these requirements?

AWS Lambda (Serverless Compute) (B)

A startup is looking for a cost-effective cloud deployment model that allows them to quickly deploy and manage applications without managing the underlying infrastructure. Which cloud computing service model is most suitable for their needs?

Platform as a Service (PaaS) (D)

Flashcards

AWS Cloud Practitioner (CLF-C02)

Entry-level certification covering cloud fundamentals, AWS services, security, and billing.

AWS Cloud Design Principles

Understanding of high availability, elasticity, and agility in the cloud.

AWS Shared Responsibility Model

Defines security roles and responsibilities between AWS and the customer.

Cloud Computing

Use a network of remote servers to store, manage, and process data.

Cloud Hosting

Multiple physical machines acting as one system; flexible, scalable, secure, low cost and configurable.

Cloud Compute

Virtual computers.

Serverless Compute

Pay for code execution time only; no server maintenance needed.

Software as a Service (SaaS)

Product is run and managed by the cloud service provider.

Hybrid Cloud

Uses both on-premise and a cloud service provider together.

Public Cloud

All workloads, projects and code are built on the cloud service provider.

Study Notes

AWS Cloud Practitioner Certification Overview

• The AWS Cloud Practitioner certification (CLF-C02) is an entry-level certification that introduces cloud fundamentals, core AWS services, security, billing, and more.
• This certification is often referred to as CCP (Certified Cloud Practitioner).
• AWS is the leading cloud service provider globally.
• The Cloud Practitioner certification is a common starting point for individuals entering the cloud computing field.
• The certification provides a broad, expansive view of cloud architecture and AWS, promoting big-picture thinking.
• The Cloud Practitioner exam doesn't validate the ability to build cloud workloads.
• The certification is recommended as an essential study guide for the AWS journey, even for those pursuing other AWS certifications like Solutions Architect.

Who Is the Certification For?

• Individuals new to the cloud who are learning fundamentals.
• Executive management or sales roles requiring strategic information about the cloud.
• Senior cloud engineers or solutions architects seeking to refresh their AWS knowledge.

Benefits of the Certification

• Gain a broad perspective on cloud architecture and AWS.
• Promotes big-picture thinking for trends and opportunities.
• Aids in understanding a strategic approach to cloud adoption.
• Can help short list resumes for interviews, but not enough for technical roles.

Certification Roadmap and Skills

• Certifications do not validate programming, technical diagramming, or code management skills.
• Certifications primarily provide knowledge specific to AWS services.
• Adjacent technical skills are important for securing technical roles.

Study Time & Exam Preparation

• Beginner: Approximately 30 hours of study.
• Experienced: As little as 6 hours of study.
• Average: Around 24 hours of study.
• Study should be split between lectures/labs (50%) and practice exams (50%).
• Consistent study schedule of 1-2 hours a day for 14 days is recommended.
• Memorizing key information and hands-on labs are important for knowledge sustainment.
• Practice exams are essential to simulate the real exam environment.
• ExamPro provides a free practice exam.

Exam Domains and Content

• Cloud Concepts: 24% of questions (15-16 questions).
• Security and Compliance: 30% of questions (19-20 questions).
• Cloud Technology and Services: 34% of questions (22 questions).
• Billing, Pricing, and Support: 12% of questions (8 questions).
• Cloud Technology and Services has the highest percentage, showing it is the most important thing in the exam.

Exam Details

• The exam can be taken at an in-person test center or online.
• AWS delivers exams through Pearson View.
• A proctor supervises the exam process to ensure legitimacy.
• Passing score: 700 out of 1000 points.
• There are 65 questions, with 50 scored and 15 unscored.
• There is no penalty for wrong answers, so always submit an answer.
• The question formats are multiple choice and multiple answer.
• Exam duration: 90 minutes (1.5 hours).
• Total seat time: 120 minutes, including check-in and instructions.
• Certification validity: 36 months (3 years) before recertification.
• Passing an AWS certification grants a 50% discount on the next exam.

Exam Guide Details

• Key Tasks: Explain, understand, describe, and identify.
• Target candidate should have six months of exposure with Cloud design, implementation or operation.
• Coding, Cloud architecture design, load performance and testing are out of scope.
• The exam guide does not exactly represent the exam, in other words not everything in the guide is necessarily on the exam, but almost everything.

Exam Guide: Content Topics

• Cloud Concepts

  • Cloud Value Proposition
  • Economics of scale
  • Global Infrastracture
  • High availability, elasticity and agility
  • AWS Cloud design principles: Well Architected Framework.
  • Cloud adoption strategies: Cloud Adoption Framework.
  • Migration Strategies, Snowball not frequently used.
  • Cloud economics - Cost savings
  • Opex vs capex
  • Right sizing
  • Benefits of automation
  • Managed AWS Services

• Security and Compliance

  • AWS Shared Responsibility Model
  • Compliance governments concepts
  • How customer secure resources
  • Different encryption options
  • Services that aid in governance and compliance
  • IAM
  • Principal of lease privelage
  • Single sign on

Exam Changes:

• Cloud concepts decreased from 26% to 24%.
• The technology section increased.
• Points shuffled for various components.

ExamPro Additional Features

• Free practice exam available.
• It includes a full practice exam.
• It simulates the real exam.
• It Includes case study questions for better comprehension, which is not on the real exam.
• Has validators, these confirm that the resources were deployed to the account.
• Has a validator that uses a CloudFormation template to give the tool access to the users account.
• Validators use the AWS CLI with commands such as S3API list buckets.

What is Cloud Computing?

• Using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or personal computer.

Cloud Hosting Evolution

• Dedicated Server (1995): Physical machine dedicated to a single business, expensive but with high security.
• Virtual Private Server (VPS): Physical machine subdivided into submachines via virtualization; better utilization and isolation of resources.
• Shared Hosting: One physical machine shared by hundreds of businesses; very cheap but limited functionality and poor isolation.
• Cloud Hosting: Multiple physical machines acting as one system (distributed computing); flexible, scalable, secure, low cost, and highly configurable.

Amazon's Role

• Amazon is an American multinational computer technology corporation.
• Founded in 1994 by Jeff Bezos.
• Initially an online bookstore, expanded to cloud computing (AWS), digital streaming, AI, and more.
• Andy Jassy is the current CEO of Amazon, focusing their work on Jeff Bezos space travels.

AWS Launch and Key Services

• Amazon Web Services (AWS) launched in 2006.
• Leading cloud service provider.
• Simple Queue Service (SQS) launched in 2004.
• Simple Storage Service (S3) launched in March 2006.
• Elastic Compute Cloud (EC2) launched in 2006.
• Amazon.com's retail sites migrated to AWS in 2010.

Key AWS Executives

• Adam Selipsky: CEO of AWS (former CEO of Tableau).
• Werner Vogels: CTO of AWS.
• Jeff Barr: Chief Evangelist.

Cloud Service Provider (CSP) Definition

• Provides multiple cloud services ranging from tens to hundreds.
• Services can be chained together to create cloud architectures.
• Accessible via a single unified API.
• Utilizes metered billing based on usage.
• Has rich monitoring built-in.
• Offers Infrastructure as a Service (IaaS) including networking, compute, storage, and databases.
• Offers automation via Infrastructure as Code.
• Cloud platforms offer multiple services under a single UI, but lack most/all CSP requirements Examples include: Twilio, HashiCorp, and Databricks.

Cloud Service Provider Landscape (Tiers)

• Top Tier

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Alibaba Cloud

• Mid Tier

  • IBM
  • Oracle
  • Huawei Cloud
  • Tencent Cloud

• Light Tier

  • Vultr
  • Digital Ocean
  • Aemi Connected Cloud

• Private Tier

  • Open Stack
  • Apache Cloud Stack
  • VMware vSphere

Gartner Magic Quadrant

• An IT consulting firm that publishes market research reports.
• Uses qualitative data analysis to demonstrate market trends.
• Diagram includes leaders, challengers, niche players, and visionaries.
• Determined by "Completeness of Vision" and "Ability to Execute."
• Closer to the top corner, better overall position.

Core Cloud Services

• Compute: Virtual computers.
• Networking: Virtual networks.
• Storage: Virtual hard drives.
• Databases: Virtual databases.
• The industry uses "cloud computing" to refer to all categories of cloud services.

AWS Cloud Service Categories

• Four Core: Compute, Storage, Database, Networking
• Additional categories: Analytics, Application Integration, AR/VR, AI, Cost Management, Blockchain, Business Applications, Containers, Customer Engagement, Developer Tools, End User Computing, Game Tech, IoT, Machine Learning, Management/Governance, Media Services, Migration/Transfer, Mobile, Quantum, Robotics, Satellite, Security/Identity/Compliance.

AWS Service Exploration

• The AWS marketing website contains product categories in the top left corner.
• The EC2 compute service, can be explored to find overview, features, and pricing.
• Pricing pages are frequently consulted to estimate AWS service costs.
• The documentation section provides in depth knowledge about each service.
• Logged-in AWS users can explore all services available for utilization.
• Services can be explored via the marketing website for learning or the AWS console for use.

Evolution of Computing

• A cloud service provider offers various computing options to meet different use cases.
• Choosing the right option involves considering space utilization and trade-offs.
• This topic generally involves the utilization of space.

Dedicated Machines

• Physical servers are fully utilized by a single customer (single tenant).
• Google Cloud offers single node clusters and bare metal machines with hypervisor control.
• Capacity must be estimated upfront, leading to potential underutilization.
• Vertically scaling is difficult since hardware upgrades require manual migration.
• The host OS limits apps, and resource sharing can occur if multiple apps run.
• Security, privacy, and resource utilization are guaranteed, but security depends on user skills.
• Ideal for high-performance computing requiring closely located machines.

Virtual Machines

• Run a machine within a machine, using a hypervisor (software layer).
• Cost is shared across multiple customers (multi-tenant), paying for a fraction of the server.
• Virtual machines require allocation of vCPUs and memory, leading to underutilization.
• Guest OS limits, but virtualization allows easier migration.
• Resource sharing conflicts can occur if multiple apps run.
• Easier to export/import images and scale vertically/horizontally.
• Virtual machines are a common and popular compute offering.

Containers

• Run within virtual machines via a container software layer (e.g., Docker daemon).
• Docker is the most popular containerization approach to maximize capacity.
• New containers can be easily added and resized for greater flexibility.
• Containers share the underlying OS but are more efficient than virtual machines.
• Multiple apps can run side by side without OS or resource sharing conflicts.
• Requires more maintenance than virtual machines.

Functions (Serverless Compute)

• Cloud service provider manages containers, removing the need for user maintenance.
• Users only manage code and data, specifying runtime and resource limits.
• Serverless compute eliminates concerns about the OS.
• Cost-effective, as you only pay for the code execution time.
• VMs only run when there is code to be executed.
• "Cold starts" can cause slow initial requests due to machine spin-up time.

Types of Cloud Computing

• Cloud computing is best represented as a stacked pyramid, with SaaS at the top, then PaaS, then IaaS.

Software as a Service (SaaS)

• The product is run and managed by the cloud service provider.
• Users don't have to maintain or manage the service itself.
• Examples: Salesforce, Gmail, Microsoft 365.
• Designed for end-users.

Platform as a Service (PaaS)

• Focuses on the deployment and management of applications.
• Users do not need to configure the hardware or OS.
• Examples: Elastic Beanstalk, Heroku, Google App Engine.
• Intended for developers.

Infrastructure as a Service (IaaS)

• Basic building blocks for the cloud.
• Provides access to networking, computers, and data storage space.
• Users don't worry about IT staff, data centers, and hardware.
• Examples: Microsoft Azure, AWS, Oracle Cloud.
• Designed for administrators.

Cloud Computing Deployment Models

• Types of cloud computer deployment models include public cloud, private cloud, hybrid cloud and cross cloud.

Public Cloud

• All workloads, projects, and code are built on the cloud service provider.
• Everything is contained within the cloud provider's infrastructure.
• Known as being "Cloud Native" or "Cloud First."
• Cloud native can also refer to containers or open-source models being deployed in various places.

Private Cloud

• Everything is built on a company's data center.
• Being built on a data center is also known as "on-premise."
• Cloud services can be used, such as OpenStack.

Hybrid Cloud

• Uses both on-premise and a cloud service provider together.
• Established connection between the private and public infrastructure.
• Utilizes both private and public resources to create a cloud workload.

Cross Cloud

• Also known as "multicloud", but not typically "hybrid cloud".
• Uses multiple cloud providers.
• Example: Azure Arc allows container deployments in Azure, Amazon EKS, and GCP Kubernetes Engine.
• Can also simply mean using multiple providers at the same time.

Deployment Model Companies

• Organizations that may use cloud, hybrid or on-prem deployment.

Cloud Deployment Model companies

• Startups, SaaS offerings, new projects, and companies are most likely to utilize cloud.
• Basecamp, Dropbox, and Squarespace are examples of cloud deployment model companies.

Hybrid Deployment Model companies

• Organizations that started with their own data center.
• Those that cant fully move to the cloud due to effort, migrations or compliance needs.
• Banks, Fintech, Investment Management, and Large Pro services.
• CIBC, Deoe, and CPP Investment board are examples of hybrid deployment model companies.

On-Premise Deployment Model companies

• Organizations can't run on cloud due to compliance, size, or outdated perceptions.
• Public sector, government, and hospitals are examples of on-premise deployment model companies.
• AIG and the government of Canada are also examples of on-premise deployment model companies.

Creating an AWS Account

• To create an AWS account, go to aws.amazon.com.
• The "Sign into the AWS Console" button is in the top right corner.
• Can also search "AWS" in Google and click the aws.amazon.com link.
• Creating an AWS Account and Initial Configuration.

Account Creation

• To create an AWS account, look for a "Create an Account" button, which may vary in appearance.
• If a "Create an Account" button is not immediately visible, try signing in, then select "Create a new account".
• The account creation process requires an email, password, and an AWS account name.
• A credit card is mandatory for creating an AWS account.
• Prepaid credit cards like "koho" (a Visa debit card available in Canada) can be used if a traditional credit card is not available.

AWS Management Console

• After creating an account, you'll access the AWS Management Console, displaying the most recent services used.
• The account name is visible in the top right corner and can be changed in the "My Account" settings.
• To edit the account name, navigate to "My Account," then "Account Settings," and select "Edit".

Logging In and Out

• Log out and back into your account to familiarize yourself with the AWS login process, which differs from other providers.
• When logging in, there are two options: Root User and IAM User.
• The root user logs in with the email used during sign-up.
• The IAM user logs in using the account ID or account alias.

Identity and Access Management (IAM)

• Access IAM by typing "IAM" in the search bar at the top of the AWS Management Console.
• The IAM dashboard provides recommendations, such as adding Multi-Factor Authentication (MFA) and setting an account alias.
• Setting an account alias simplifies the login process, replacing the need to use the account ID.

Creating an IAM User

• Navigate to "Users" in the IAM console to create a new user.
• Enable both programmatic access (for API use) and AWS Management Console access.
• You can either autogenerate a password or set a custom password for the user. The user is forced to create a new password at first sign in.
• Create a new group (e.g., "Admin") and assign policies to it.
• AdministratorAccess provides full access to AWS services and resources, similar to the root user account.
• Other predefined AWS policies like PowerUserAccess can be assigned for users who need extensive permissions without user/group management access.
• After creating the user, the access key ID and secret access key are displayed, enabling programmatic access to AWS.
• The password shown should be copied and stored securely for initial login.

Logging in as IAM User

• Log out and log in as the IAM user for daily use, avoiding the root user account.
• When logging in as an IAM user, you'll be prompted for the account ID (12 digits) or the account alias.
• Enter the IAM username (e.g., Andrew Brown) and the autogenerated password.
• Reset the password upon the first login, using a strong, generated password.
• After logging in successfully, the console displays the IAM username along with the account alias, indicating you're logged in as an IAM user.

Regions

• Select the correct region from the top right corner of the console.
• The default region is based on your location, but you can change it.
• Recommendation is to use US East (N. Virginia) (us-east-1) for consistent access to all AWS services.
• Some services are global and do not require region selection (e.g., CloudFront).

Region Dependency

• Services like EC2 have region dependencies.
• Resources created in one region may not be visible in another.

Metered Billing

• AWS bills on an hourly or per-second basis, creating cost efficiency.
• Overspending can occur due to expensive services being left running or misconfigurations.

Addressing Overspending

• One historical example included launching a Redis instance via Elasticache with a high default instance type.
• Incorrectly configured Elasticache instances could lead to significant unexpected charges.
• AWS is generally lenient with first-time overspending incidents if you request a refund through support.

Support Cases

• Open a support case by going to the support center and look for billing.
• Explain the issue and ask for a refund, especially if it's a misconfiguration.

Setting Up a Budget

• Protect from overspending by setting up a budget in the billing dashboard.
• Navigate to "Budgets" by searching in the console or through the Billing Dashboard.
• Two free budgets are available.
• Budgets can be monthly, daily, quarterly, or annually.
• Monthly budgets with a fixed cost are recommended.

Budget Configuration

• Add filters to the budget to monitor specific regions or services.
• Set up alerts that trigger when spending reaches a certain threshold (e.g., 80%).
• Enter email addresses for receiving alerts.
• AWS budgets can also perform actions based on permissions (IAM).

Review and Start Budget

• Creating the budget provides a view of the amount used, forecasted amount, and current budget.
• Budget-related alarms and alerts are typically delivered via SNS.

Free Tier

• The AWS Free Tier allows new accounts to use certain services for free during the first 12 months.

Finding What's Included in Free Tier

• Search "AWS Free Tier" on Google to find a page detailing the offerings.

Fine Print with Free Tier

• Stipulations and limitations vary, with some services offering limited or temporary free usage (e.g., 750 hours on EC2).

Free Tier Services

• Some services are only available for the first few months.

Maintaining the Free Tier

• In a different account, in the upper right corner, it says Brown.### Monitoring AWS Spending
• Two primary methods exist for monitoring AWS spending: Budgets and Billing Alerts (alarms).
• Billing alerts are an older method but offer more flexibility compared to budgets.

Enabling Free Tier Usage Alerts

• Navigate to the Billing Preferences in the AWS dashboard.
• Enable the "Receive Free Tier Usage Alerts" option.
• Input your email address to receive alerts.
• Also, enable "Receive Billing Alerts" to set up billing alarms.
• Alerts display usage against free tier limits in a panel; however, this does not appear outside of the free tier.

Accessing CloudWatch

• To access billing alerts, search for "CloudWatch" in the AWS services.
• CloudWatch encompasses several services, including alarms, logs, and metrics.
• The AWS interface is subject to frequent updates.

Creating Billing Alarms in CloudWatch

• Navigate to "Alarms" within CloudWatch.
• A dedicated section for billing is available.
• AWS CloudWatch helps monitor charges on your AWS bill.
• The free tier includes 10 free alarms with 1,000 free email notifications each month, but billing alarms can incur costs if limits are exceeded.
• Choose "Create Alarm" and then "Select Metric."
• Select "Billing" and then either "By Service" or "Total Estimated Charge."
• Only USD currency can be selected.
• Set a threshold value (e.g., $50) on the graph to trigger the alarm.
• CloudWatch offers anomaly detection, which monitors spend within a specified range.
• Standard alarms trigger based on a fixed value.
• Choose a period (e.g. 6 hours).
• Configure the alarm to trigger an SNS topic when it enters an "in alarm" state; where you can set the email to recieve a notifcation