AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf
Document Details
Uploaded by FastGrowingBaltimore5920
Tags
Related
Full Transcript
AWS Certified Cloud Practitioner (CLF-C02) Exam Guide Introduction The AWS Certified Cloud Practitioner (CLF-C02) exam is intended for individuals who can effectively demonstrate overall knowledge of the AWS Cloud, independent of a specific job role. The exam validates a candidate’s abil...
AWS Certified Cloud Practitioner (CLF-C02) Exam Guide Introduction The AWS Certified Cloud Practitioner (CLF-C02) exam is intended for individuals who can effectively demonstrate overall knowledge of the AWS Cloud, independent of a specific job role. The exam validates a candidate’s ability to complete the following tasks: Explain the value of the AWS Cloud. Understand and explain the AWS shared responsibility model. Understand security best practices. Understand AWS Cloud costs, economics, and billing practices. Describe and position the core AWS services, including compute, network, database, and storage services. Identify AWS services for common use cases. Target candidate description The target candidate has up to 6 months of exposure to AWS Cloud design, implementation, and/or operations. This certification is ideal for candidates who are from non-IT backgrounds. These candidates might be in the early stages of pursuing an AWS Cloud career or might work with people in AWS Cloud roles. Recommended AWS knowledge The target candidate should have AWS knowledge in the following areas: AWS Cloud concepts Security and compliance in the AWS Cloud Core AWS services Economics of the AWS Cloud Version 1.0 CLF-C02 1 | PAGE Job tasks that are out of scope for the target candidate The following list contains job tasks that the target candidate is not expected to be able to perform. This list is non-exhaustive. These tasks are out of scope for the exam: Coding Cloud architecture design Troubleshooting Implementation Load and performance testing Refer to Appendix A for a list of technologies and concepts that might appear on the exam, a list of in-scope AWS services and features, and a list of out-of-scope AWS services and features. Exam content Response types There are two types of questions on the exam: Multiple choice: Has one correct response and three incorrect responses (distractors) Multiple response: Has two or more correct responses out of five or more response options Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose. Distractors are generally plausible responses that match the content area. Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that affect your score. Unscored content The exam includes 15 unscored questions that do not affect your score. AWS collects information about performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam. Version 1.0 CLF-C02 2 | PAGE Exam results The AWS Certified Cloud Practitioner (CLF-C02) exam has a pass or fail designation. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines. Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 700. Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels. Your score report could contain a table of classifications of your performance at each section level. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam. Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table of classifications contains general information that highlights your strengths and weaknesses. Use caution when you interpret section-level feedback. Content outline This CLF-C02 exam guide includes weightings, content domains, and task statements for the exam. Refer to Appendix B for a comparison of the previous version (CLF-C01) and current version (CLF-C02) of the exam. This guide does not provide a comprehensive list of the content on the exam. However, additional context for each task statement is available to help you prepare for the exam. The exam has the following content domains and weightings: Domain 1: Cloud Concepts (24% of scored content) Domain 2: Security and Compliance (30% of scored content) Domain 3: Cloud Technology and Services (34% of scored content) Domain 4: Billing, Pricing, and Support (12% of scored content) Version 1.0 CLF-C02 3 | PAGE Domain 1: Cloud Concepts Task Statement 1.1: Define the benefits of the AWS Cloud. Knowledge of: Value proposition of the AWS Cloud Skills in: Understanding the economies of scale (for example, cost savings) Understanding the benefits of global infrastructure (for example, speed of deployment, global reach) Understanding the advantages of high availability, elasticity, and agility Task Statement 1.2: Identify design principles of the AWS Cloud. Knowledge of: AWS Well-Architected Framework Skills in: Understanding the pillars of the Well-Architected Framework (for example, operational excellence, security, reliability, performance efficiency, cost optimization, sustainability) Identifying differences between the pillars of the Well-Architected Framework Task Statement 1.3: Understand the benefits of and strategies for migration to the AWS Cloud. Knowledge of: Cloud adoption strategies Resources to support the cloud migration journey Skills in: Understanding the benefits of the AWS Cloud Adoption Framework (AWS CAF) (for example, reduced business risk; improved environmental, social, and governance (ESG) performance; increased revenue; increased operational efficiency) Identifying appropriate migration strategies (for example, database replication, use of AWS Snowball) Version 1.0 CLF-C02 4 | PAGE Task Statement 1.4: Understand concepts of cloud economics. Knowledge of: Aspects of cloud economics Cost savings of moving to the cloud Skills in: Understanding the role of fixed costs compared with variable costs Understanding costs that are associated with on-premises environments Understanding the differences between licensing strategies (for example, Bring Your Own License [BYOL] model compared with included licenses) Understanding the concept of rightsizing Identifying benefits of automation (for example, provisioning and configuration management with AWS CloudFormation) Identifying managed AWS services (for example, Amazon RDS, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Amazon DynamoDB) Domain 2: Security and Compliance Task Statement 2.1: Understand the AWS shared responsibility model. Knowledge of: AWS shared responsibility model Skills in: Recognizing the components of the AWS shared responsibility model Describing the customer’s responsibilities on AWS Describing AWS responsibilities Describing responsibilities that the customer and AWS share Describing how AWS responsibilities and customer responsibilities can shift, depending on the service used (for example, Amazon RDS, AWS Lambda, Amazon EC2) Version 1.0 CLF-C02 5 | PAGE Task Statement 2.2: Understand AWS Cloud security, governance, and compliance concepts. Knowledge of: AWS compliance and governance concepts Benefits of cloud security (for example, encryption) Where to capture and locate logs that are associated with cloud security Skills in: Identifying where to find AWS compliance information (for example, AWS Artifact) Understanding compliance needs among geographic locations or industries (for example, AWS Compliance) Describing how customers secure resources on AWS (for example, Amazon Inspector, AWS Security Hub, Amazon GuardDuty, AWS Shield) Identifying different encryption options (for example, encryption in transit, encryption at rest) Recognizing services that aid in governance and compliance (for example, monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config; reporting with access reports) Recognizing compliance requirements that vary among AWS services Task Statement 2.3: Identify AWS access management capabilities. Knowledge of: Identity and access management (for example, AWS Identity and Access Management [IAM]) Importance of protecting the AWS root user account Principle of least privilege AWS IAM Identity Center (AWS Single Sign-On) Version 1.0 CLF-C02 6 | PAGE Skills in: Understanding access keys, password policies, and credential storage (for example, AWS Secrets Manager, AWS Systems Manager) Identifying authentication methods in AWS (for example, multi-factor authentication [MFA], IAM Identity Center, cross-account IAM roles) Defining groups, users, custom policies, and managed policies in compliance with the principle of least privilege Identifying tasks that only the account root user can perform Understanding which methods can achieve root user protection Understanding the types of identity management (for example, federated) Task Statement 2.4: Identify components and resources for security. Knowledge of: Security capabilities that AWS provides Security-related documentation that AWS provides Skills in: Describing AWS security features and services (for example, security groups, network ACLs, AWS WAF) Understanding that third-party security products are available from AWS Marketplace Identifying where AWS security information is available (for example, AWS Knowledge Center, AWS Security Center, AWS Security Blog) Understanding the use of AWS services for identifying security issues (for example, AWS Trusted Advisor) Domain 3: Cloud Technology and Services Task Statement 3.1: Define methods of deploying and operating in the AWS Cloud. Knowledge of: Different ways of provisioning and operating in the AWS Cloud Different ways to access AWS services Types of cloud deployment models Connectivity options Version 1.0 CLF-C02 7 | PAGE Skills in: Deciding between options such as programmatic access (for example, APIs, SDKs, CLI), the AWS Management Console, and infrastructure as code (IaC) Evaluating requirements to determine whether to use one-time operations or repeatable processes Identifying different deployment models (for example, cloud, hybrid, on- premises) Identifying connectivity options (for example, AWS VPN, AWS Direct Connect, public internet) Task Statement 3.2: Define the AWS global infrastructure. Knowledge of: AWS Regions, Availability Zones, and edge locations High availability Use of multiple Regions Benefits of edge locations AWS Wavelength Zones and AWS Local Zones Skills in: Describing relationships among Regions, Availability Zones, and edge locations Describing how to achieve high availability by using multiple Availability Zones Recognizing that Availability Zones do not share single points of failure Describing when to use multiple Regions (for example, disaster recovery, business continuity, low latency for end users, data sovereignty) Describing at a high level the benefits of edge locations (for example, Amazon CloudFront, AWS Global Accelerator) Task Statement 3.3: Identify AWS compute services. Knowledge of: AWS compute services Version 1.0 CLF-C02 8 | PAGE Skills in: Recognizing the appropriate use of different EC2 instance types (for example, compute optimized, storage optimized) Recognizing the appropriate use of different container options (for example, Amazon ECS, Amazon EKS) Recognizing the appropriate use of different serverless compute options (for example, AWS Fargate, Lambda) Recognizing that auto scaling provides elasticity Identifying the purposes of load balancers Task Statement 3.4: Identify AWS database services. Knowledge of: AWS database services Database migration Skills in: Deciding when to use EC2 hosted databases or AWS managed databases Identifying relational databases (for example, Amazon RDS, Amazon Aurora) Identifying NoSQL databases (for example, DynamoDB) Identifying memory-based databases Identifying database migration tools (for example AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT]) Task Statement 3.5: Identify AWS network services. Knowledge of: AWS network services Skills in: Identifying the components of a VPC (for example, subnets, gateways) Understanding security in a VPC (for example, network ACLs, security groups) Understanding the purpose of Amazon Route 53 Identifying edge services (for example, CloudFront, Global Accelerator) Identifying network connectivity options to AWS (for example AWS VPN, Direct Connect) Version 1.0 CLF-C02 9 | PAGE Task Statement 3.6: Identify AWS storage services. Knowledge of: AWS storage services Skills in: Identifying the uses for object storage Recognizing the differences in Amazon S3 storage classes Identifying block storage solutions (for example, Amazon Elastic Block Store [Amazon EBS], instance store) Identifying file services (for example, Amazon Elastic File System [Amazon EFS], Amazon FSx) Identifying cached file systems (for example, AWS Storage Gateway) Understanding use cases for lifecycle policies Understanding use cases for AWS Backup Task Statement 3.7: Identify AWS artificial intelligence and machine learning (AI/ML) services and analytics services. Knowledge of: AWS AI/ML services AWS analytics services Skills in: Understanding the different AI/ML services and the tasks that they accomplish (for example, Amazon SageMaker, Amazon Lex, Amazon Kendra) Identifying the services for data analytics (for example, Amazon Athena, Amazon Kinesis, AWS Glue, Amazon QuickSight) Version 1.0 CLF-C02 10 | PAGE Task Statement 3.8: Identify services from other in-scope AWS service categories. Knowledge of: Application integration services of Amazon EventBridge, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) Business application services of Amazon Connect and Amazon Simple Email Service (Amazon SES) Customer engagement services of AWS Activate for Startups, AWS IQ, AWS Managed Services (AMS), and AWS Support Developer tool services and capabilities of AWS AppConfig, AWS Cloud9, AWS CloudShell, AWS CodeArtifact, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar, and AWS X-Ray End-user computing services of Amazon AppStream 2.0, Amazon WorkSpaces, and Amazon WorkSpaces Web Frontend web and mobile services of AWS Amplify and AWS AppSync IoT services of AWS IoT Core and AWS IoT Greengrass Skills in: Choosing the appropriate service to deliver messages and to send alerts and notifications Choosing the appropriate service to meet business application needs Choosing the appropriate service for AWS customer support Choosing the appropriate option for business support assistance Identifying the tools to develop, deploy, and troubleshoot applications Identifying the services that can present the output of virtual machines (VMs) on end-user machines Identifying the services that can create and deploy frontend and mobile services Identifying the services that manage IoT devices Version 1.0 CLF-C02 11 | PAGE Domain 4: Billing, Pricing, and Support Task Statement 4.1: Compare AWS pricing models. Knowledge of: Compute purchasing options (for example, On-Demand Instances, Reserved Instances, Spot Instances, Savings Plans, Dedicated Hosts, Dedicated Instances, Capacity Reservations) Data transfer charges Storage options and tiers Skills in: Identifying and comparing when to use various compute purchasing options Describing Reserved Instance flexibility Describing Reserved Instance behavior in AWS Organizations Understanding incoming data transfer costs and outgoing data transfer costs (for example, from one Region to another Region, within the same Region) Understanding different pricing options for various storage options and tiers Task Statement 4.2: Understand resources for billing, budget, and cost management. Knowledge of: Billing support and information Pricing information for AWS services AWS Organizations AWS cost allocation tags Skills in: Understanding the appropriate uses and capabilities of AWS Budgets, AWS Cost Explorer, and AWS Billing Conductor Understanding the appropriate uses and capabilities of AWS Pricing Calculator Understanding AWS Organizations consolidated billing and allocation of costs Understanding various types of cost allocation tags and their relation to billing reports (for example, AWS Cost and Usage Report) Version 1.0 CLF-C02 12 | PAGE Task Statement 4.3: Identify AWS technical resources and AWS Support options. Knowledge of: Resources and documentation available on official AWS websites AWS Support plans Role of the AWS Partner Network, including independent software vendors and system integrators AWS Support Center Skills in: Locating AWS whitepapers, blogs, and documentation on official AWS websites Identifying and locating AWS technical resources (for example AWS Prescriptive Guidance, AWS Knowledge Center, AWS re:Post) Identifying AWS Support options for AWS customers (for example, customer service and communities, AWS Developer Support, AWS Business Support, AWS Enterprise On-Ramp Support, AWS Enterprise Support) Identifying the role of Trusted Advisor, AWS Health Dashboard, and the AWS Health API to help manage and monitor environments for cost optimization Identifying the role of the AWS Trust and Safety team to report abuse of AWS resources Understanding the role of AWS Partners (for example AWS Marketplace, independent software vendors, system integrators) Identifying the benefits of being an AWS Partner (for example, partner training and certification, partner events, partner volume discounts) Identifying the key services that AWS Marketplace offers (for example, cost management, governance and entitlement) Identifying technical assistance options available at AWS (for example, AWS Professional Services, AWS Solutions Architects) Version 1.0 CLF-C02 13 | PAGE Appendix A: Technologies and Concepts Technologies and concepts that might appear on the exam The following list contains technologies and concepts that might appear on the exam. This list is non-exhaustive and is subject to change. The order and placement of the items in this list is no indication of their relative weight or importance on the exam: APIs Benefits of migrating to the AWS Cloud AWS Cloud Adoption Framework (AWS CAF) AWS Compliance Compute Cost management Databases Amazon EC2 instance types (for example, Reserved, On-Demand, Spot) AWS global infrastructure (for example, AWS Regions, Availability Zones) Infrastructure as code (IaC) AWS Knowledge Center Machine learning Management and governance Migration and data transfer Network services AWS Partner Network AWS Prescriptive Guidance AWS Pricing Calculator AWS Professional Services AWS re:Post AWS SDKs Security AWS Security Blog AWS Security Center AWS shared responsibility model AWS Solutions Architects Storage Version 1.0 CLF-C02 14 | PAGE AWS Support Center AWS Support plans AWS Well-Architected Framework In-scope AWS services and features The following list contains AWS services and features that are in scope for the exam. This list is non-exhaustive and is subject to change. AWS offerings appear in categories that align with the offerings’ primary functions: Analytics: Amazon Athena AWS Data Exchange Amazon EMR AWS Glue Amazon Kinesis Amazon Managed Streaming for Apache Kafka (Amazon MSK) Amazon OpenSearch Service Amazon QuickSight Amazon Redshift Application Integration: Amazon EventBridge Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) AWS Step Functions Business Applications: Amazon Connect Amazon Simple Email Service (Amazon SES) Version 1.0 CLF-C02 15 | PAGE Cloud Financial Management: AWS Billing Conductor AWS Budgets AWS Cost and Usage Report AWS Cost Explorer AWS Marketplace Compute: AWS Batch Amazon EC2 AWS Elastic Beanstalk Amazon Lightsail AWS Local Zones AWS Outposts AWS Wavelength Containers: Amazon Elastic Container Registry (Amazon ECR) Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Kubernetes Service (Amazon EKS) Customer Engagement: AWS Activate for Startups AWS IQ AWS Managed Services (AMS) AWS Support Database: Amazon Aurora Amazon DynamoDB Amazon MemoryDB for Redis Amazon Neptune Amazon RDS Version 1.0 CLF-C02 16 | PAGE Developer Tools: AWS AppConfig AWS CLI AWS Cloud9 AWS CloudShell AWS CodeArtifact AWS CodeBuild AWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS CodeStar AWS X-Ray End User Computing: Amazon AppStream 2.0 Amazon WorkSpaces Amazon WorkSpaces Web Frontend Web and Mobile: AWS Amplify AWS AppSync AWS Device Farm Internet of Things (IoT): AWS IoT Core AWS IoT Greengrass Machine Learning: Amazon Comprehend Amazon Kendra Amazon Lex Amazon Polly Amazon Rekognition Amazon SageMaker Version 1.0 CLF-C02 17 | PAGE Amazon Textract Amazon Transcribe Amazon Translate Management and Governance: AWS Auto Scaling AWS CloudFormation AWS CloudTrail Amazon CloudWatch AWS Compute Optimizer AWS Config AWS Control Tower AWS Health Dashboard AWS Launch Wizard AWS License Manager AWS Management Console AWS Organizations AWS Resource Groups and Tag Editor AWS Service Catalog AWS Systems Manager AWS Trusted Advisor AWS Well-Architected Tool Migration and Transfer: AWS Application Discovery Service AWS Application Migration Service AWS Database Migration Service (AWS DMS) AWS Migration Hub AWS Schema Conversion Tool (AWS SCT) AWS Snow Family AWS Transfer Family Version 1.0 CLF-C02 18 | PAGE Networking and Content Delivery: Amazon API Gateway Amazon CloudFront AWS Direct Connect AWS Global Accelerator Amazon Route 53 Amazon VPC AWS VPN Security, Identity, and Compliance: AWS Artifact AWS Audit Manager AWS Certificate Manager (ACM) AWS CloudHSM Amazon Cognito Amazon Detective AWS Directory Service AWS Firewall Manager Amazon GuardDuty AWS Identity and Access Management (IAM) AWS IAM Identity Center (AWS Single Sign-On) Amazon Inspector AWS Key Management Service (AWS KMS) Amazon Macie AWS Network Firewall AWS Resource Access Manager (AWS RAM) AWS Secrets Manager AWS Security Hub AWS Shield AWS WAF Serverless: AWS Fargate AWS Lambda Version 1.0 CLF-C02 19 | PAGE Storage: AWS Backup Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS) AWS Elastic Disaster Recovery Amazon FSx Amazon S3 Amazon S3 Glacier AWS Storage Gateway Out-of-scope AWS services and features The following list contains AWS services and features that are out of scope for the exam. This list is non-exhaustive and is subject to change: Game Tech: Amazon GameLift Amazon Lumberyard Media Services: AWS Elemental Appliances and Software AWS Elemental MediaConnect AWS Elemental MediaConvert AWS Elemental MediaLive AWS Elemental MediaPackage AWS Elemental MediaStore AWS Elemental MediaTailor Amazon Interactive Video Service (Amazon IVS) Robotics: AWS RoboMaker Version 1.0 CLF-C02 20 | PAGE Appendix B: Comparison of CLF-C01 and CLF-C02 Side-by-side comparison The following table shows the domains and the percentage of scored questions in each domain for the CLF-C01 exam (in use until September 18, 2023) and the CLF-C02 exam (in use beginning on September 19, 2023). Percent Percent of Scored of Scored C01 Domain Questions C02 Domain Questions 1: Cloud Concepts 26% 1: Cloud Concepts 24% 2: Security and Compliance 25% 2: Security and Compliance 30% 3: Technology 33% 3: Cloud Technology and Services 34% 4: Billing and Pricing 16% 4: Billing, Pricing, and Support 12% Additions of content for CLF-C02 CLF-C02 Task Statement 1.3: Understand the benefits of and strategies for migration to the AWS Cloud. This new task statement includes the AWS Cloud Adoption Framework (AWS CAF). Deletions of content for CLF-C02 No content was deleted from the exam. Recategorizations of content for CLF-C02 Content from the following seven task statements in CLF-C01 has been retained and recategorized into one or more of the tasks in CLF-C02: 1. CLF-C01 Task Statement 1.1: Define the AWS Cloud and its value proposition. 2. CLF-C01 Task Statement 1.2: Identify aspects of AWS Cloud economics. 3. CLF-C01 Task Statement 1.3: Explain the different cloud architecture design principles. 4. CLF-C01 Task Statement 2.2: Define AWS Cloud security and compliance concepts. 5. CLF-C01 Task Statement 3.3: Identify the core AWS services. 6. CLF-C01 Task Statement 3.4: Identify resources for technology support. 7. CLF-C01 Task Statement 4.3: Identify resources available for billing support. Version 1.0 CLF-C02 21 | PAGE CLF-C01 Task Statement 1.1 is mapped to the following tasks in CLF-C02: 1.1: Define the benefits of the AWS Cloud. 1.3: Understand the benefits of and strategies for migration to the AWS Cloud. 1.4: Understand concepts of cloud economics. CLF-C01 Task Statement 1.2 is mapped to the following task in CLF-C02: 1.4: Understand concepts of cloud economics. CLF-C01 Task Statement 1.3 is mapped to the following task in CLF-C02: 1.2: Identify design principles of the AWS Cloud. CLF-C01 Task Statement 2.2 is mapped to the following tasks in CLF-C02: 2.2: Understand AWS Cloud security, governance, and compliance concepts. 2.3: Identify AWS access management capabilities. CLF-C01 Task Statement 3.3 is mapped to the following tasks in CLF C02: 3.3: Identify AWS compute services. 3.4: Identify AWS database services. 3.5: Identify AWS network services. 3.6: Identify AWS storage services. 3.7: Identify AWS artificial intelligence and machine learning (AI/ML) services and analytics services. 3.8: Identify services from other in-scope AWS service categories. CLF-C01 Task Statement 3.4 is mapped to the following task in CLF-C02: 4.3: Identify AWS technical resources and AWS Support options. CLF-C01 Task Statement 4.3 is mapped to the following tasks in CLF-C02: 4.2: Understand resources for billing, budget, and cost management. 4.3: Identify AWS technical resources and AWS Support options. Survey How useful was this exam guide? Let us know by taking our survey. Version 1.0 CLF-C02 22 | PAGE