Aws certified solutions architect pdf download

An in-memory cache Which of the following statements about Amazon DynamoDB secondary indexes is true? There can be many per table, and they can be created at any time. There can only be one per table, and it must be created when the table is created. What is the primary use case of Amazon Kinesis Firehose?

Ingest huge streams of data and allow custom processing of data in flight. Generate a huge stream of data from an Amazon S3 bucket. Generate a huge stream of data from Amazon DynamoDB. Your company has 17TB of financial trading records that need to be stored for seven years by law.

Experience has shown that any record more than a year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost- efficient manner? Store the data on Amazon Simple Storage Service Amazon S3 with lifecycle policies that change the storage class to Amazon Glacier after one year, and delete the object after seven years.

Store the data in Amazon DynamoDB, and delete data older than seven years. Store the data in an Amazon Glacier Vault Lock. Enable Amazon CloudWatch logs. Enable versioning on the bucket. Enable website hosting on the bucket.

Enable server access logs on the bucket. For what kinds of operations is it possible to get stale data as a result of eventual consistency? Data is automatically replicated to other regions. Data is automatically replicated to different Availability Zones within a region.

Data is replicated only if versioning is enabled on the bucket. Data is automatically backed up on tape and restored if needed. Your company needs to provide streaming access to videos to authenticated users around the world. What is a good way to accomplish this? Which of the following are true about the AWS shared responsibility model?

The customer is responsible for the components from the guest operating system upward including updates, security patches, and antivirus software.

While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Decider B. Activity worker C. Workflow starter D. Business rule The instance is disassociated from its Elastic IP address and must be re-attached when the instance is restarted. The instance remains associated with its Elastic IP address.

The Elastic IP address is released from your account. The instance is disassociated from the Elastic IP address temporarily while you restart the instance. Spot instances B. Reserved instance C. On Demand instances D.

Dedicated instances The associated security groups are changed. The instance is stopped or rebooted. The instance is rebooted or terminated. The instance is stopped or terminated. Auto Scaling may cause you to reach limits of other services, such as the default number of Amazon EC2 instances you can currently launch within a region, which is A and B. Amazon CloudWatch has two plans: basic and detailed. There are no diagnostic, precognitive, or retroactive monitoring plans for Amazon CloudWatch.

B, C, and E. Create a subnet route table rule to send all non-local traffic for example, 0. Configure your network ACLs and security group rules to allow relevant traffic to flow to and from your instance. A, D, and E. If a security group is not specified at launch, then an Amazon EC2 instance will be launched into the default security group for the Amazon VPC. The default security group allows communication between all resources within the security group, allows all outbound traffic, and denies all other traffic.

B and D. To protect data in transit from the clients to the web application, HTTPS with server certificate authentication should be used. Don't create an IAM user or an IAM group and pass the user's credentials to the application or embed the credentials in the application. Instead, create an IAM role that you attach to the Amazon EC2 instance to give applications running on the instance temporary security credentials. The credentials have the permissions specified in the policies attached to the role.

A directory is not an identity object in IAM. B, C, and D. When a request is made, the AWS service decides whether a given request should be allowed or denied.

The evaluation logic follows these rules: 1 By default, all requests are denied in general, requests made using the account credentials for resources in the account are always allowed. Hive, Pig, and HBase are packages that run on top of Hadoop. An environment tier whose web application runs background jobs is known as a worker tier.

An environment tier whose web application processes web requests is known as a web server tier. Database and batch are not valid environment tiers. Multi-AZ deployment uses synchronous replication to a different Availability Zone so that operations can continue on the replica if the master database stops responding for any reason.

Automated backups provide disaster recovery, not high availability. Security groups, while important, have no effect on availability.

Maintenance windows are actually times when the database may not be available. A, B, and D. Anything within the database software schema, user accounts, and so on is the responsibility of the customer. Amazon Redshift is a petabyte-scale data warehouse. It is not well suited for unstructured NoSQL data or highly dynamic transactional data. It is in no way a cache. There can be one secondary index per table, and it must be created when the table is created.

The Amazon Kinesis family of services provides functionality to ingest large streams of data. Amazon Kinesis Firehose is specifically designed to ingest a stream and save it to any of the three storage services listed in Response B.

Amazon S3 and Amazon Glacier are the most cost-effective storage services. After a year, when the objects are unlikely to be accessed, you can save costs by transferring the objects to Amazon Glacier where the retrieval time is three to five hours. Server access logs provide a record of any access to an object in Amazon S3. Response C changes the existing object so that a subsequent GET may fetch the previous and inconsistent object.

AWS will never transfer data between regions unless directed to by you. Durability in Amazon S3 is achieved by replicating your data geographically to different Availability Zones regardless of the versioning configuration. AWS doesn't use tapes. Amazon CloudFront provides the best user experience by delivering the data from a geographically advantageous edge location. Signed URLs allow you to control access to authenticated users.

In the AWS shared responsibility model, customers retain control of what security they choose to implement to protect their own content, platform, applications, systems, and networks, no differently than they would for applications in an on-site data center. An activity worker is a process or thread that performs the activity tasks that are part of your workflow.

After receiving a task, the activity worker processes the task to completion and then reports to Amazon SWF that the task was completed and provides the result. The activity task represents one of the tasks that you identified in your application. You pay a set hourly price for an On Demand instance from when you launch it until you explicitly stop or terminate it.

Spot instances can be terminated when the spot price goes above your bid price. Reserved instances involve paying for an instance over a one- or three-year term. Dedicated instances run on hardware dedicated to your account and are not a pricing model. The data in an instance store persists only during the lifetime of its associated instance.

If an instance is stopped or terminated, then the instance store does not persist. Rebooting an instance does not shut down the instance; if an instance reboots intentionally or unintentionally , data on the instance store persists. Security groups have nothing to do with the lifetime of an instance and have no effect here.

Content may include the following: Operate and extend service management in a hybrid IT architecture. Configure services to support compliance requirements in the cloud. Launch instances across the AWS global infrastructure. In , Amazon Web Services, Inc. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business.

With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster.

Today, AWS provides a highly reliable, scalable, and low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in more than countries around the world. This chapter provides an introduction to the AWS Cloud computing platform. What Is Cloud Computing? Cloud computing is the on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing.

Whether you run applications that share photos to millions of mobile users or deliver services that support the critical operations of your business, the cloud provides rapid access to flexible and low-cost IT resources. Instead, you can provision exactly the right type and size of computing resources you need to power your newest bright idea or operate your IT department. With cloud computing, you can access as many resources as you need, almost instantly, and only pay for what you use.

In its simplest form, cloud computing provides an easy way to access servers, storage, databases, and a broad set of application services over the Internet. Cloud computing providers such as AWS own and maintain the network-connected hardware required for these application services, while you provision and use what you need for your workloads.

Advantages of Cloud Computing Cloud computing introduces a revolutionary shift in how technology is obtained, used, and managed, and in how organizations budget and pay for technology services. With the ability to reconfigure the computing environment quickly to adapt to changing business requirements, organizations can optimize spending. Capacity can be automatically scaled up or down to meet fluctuating usage patterns.

Services can be temporarily taken offline or shut down permanently as business demands dictate. In addition, with pay-per-use billing, AWS Cloud services become an operational expense instead of a capital expense.

While each organization experiences a unique journey to the cloud with numerous benefits, six advantages become apparent time and time again, as illustrated in Figure 1. Economies of Scale Another advantage of cloud computing is that organizations benefit from massive economies of scale. By using cloud computing, you can achieve a lower variable cost than you would get on your own.

Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower prices. Stop Guessing Capacity When you make a capacity decision prior to deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity.

With cloud computing, organizations can stop guessing about capacity requirements for the infrastructure necessary to meet their business needs. This results in a dramatic increase in speed and agility for the organization, because the cost and time it takes to experiment and develop is significantly lower. Focus on Business Differentiators Cloud computing allows organizations to focus on their business priorities, instead of on the heavy lifting of racking, stacking, and powering servers.

By embracing this paradigm shift, organizations can stop spending money on running and maintaining data centers. This allows organizations to focus on projects that differentiate their businesses, such as analyzing petabytes of data, delivering video content, building great mobile applications, or even exploring Mars.

Go Global in Minutes Another advantage of cloud computing is the ability to go global in minutes. Organizations can easily deploy their applications to multiple locations around the world with just a few clicks. This allows organizations to provide redundancy across the globe and to deliver lower latency and better experiences to their customers at minimal cost. Going global used to be something only the largest enterprises could afford to do, but cloud computing democratizes this ability, making it possible for any organization.

While specific questions on these advantages of cloud computing are unlikely to be on the exam, having exposure to these benefits can help rationalize the appropriate answers. It is important to understand how each strategy applies to architectural options and decisions.

An all-in cloud-based application is fully deployed in the cloud, with all components of the application running in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing. Cloud-based applications can be built on low-level infrastructure pieces or can use higher-level services that provide abstraction from the management, architecting, and scaling requirements of core infrastructure.

A hybrid deployment is a common approach taken by many enterprises that connects infrastructure and applications between cloud-based resources and existing resources, typically in an existing data center.

Choosing between an existing investment in infrastructure and moving to the cloud does not need to be a binary decision. Leveraging dedicated connectivity, identity federation, and integrated tools allows organizations to run hybrid applications across on-premises and cloud services.

AWS Fundamentals At its core, AWS provides on-demand delivery of IT resources via the Internet on a secure cloud services platform, offering compute power, storage, databases, content delivery, and other functionality to help businesses scale and grow. Using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator, and it provides the key advantages of cloud computing: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks.

AWS global infrastructure and AWS approach to security and compliance are key foundational concepts to understand as you prepare for the exam. Global Infrastructure AWS serves over one million active customers in more than countries, and it continues to expand its global infrastructure steadily to help organizations achieve lower latency and higher throughput for their business needs.

AWS provides a highly available technology infrastructure platform with multiple locations worldwide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones.

AWS enables the placement of resources and data in multiple locations. Each region is completely independent and is designed to be completely isolated from the other regions. This achieves the greatest possible fault tolerance and stability. Each Availability Zone is also isolated, but the Availability Zones in a region are connected through low-latency links. Availability Zones are physically separated within a typical metropolitan region and are located in lower-risk flood plains specific flood zone categorization varies by region.

In addition to using a discrete uninterruptable power supply UPS and on-site backup generators, they are each fed via different grids from independent utilities when available to reduce single points of failure further. Availability Zones are all redundantly connected to multiple tier-1 transit providers. By placing resources in separate Availability Zones, you can protect your website or application from a service disruption impacting a single location.

You can achieve high availability by deploying your application across multiple Availability Zones. Redundant instances for each tier for example, web, application, and database of an application should be placed in distinct Availability Zones, thereby creating a multisite solution. At a minimum, the goal is to have an independent copy of each application stack in two or more Availability Zones.

Security is a core functional requirement that protects mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion. Helping to protect the confidentiality, integrity, and availability of systems and data is of the utmost importance to AWS, as is maintaining your trust and confidence. This section is intended to provide a very brief introduction to AWS approach to security and compliance.

Security Cloud security at AWS is the number one priority. All AWS customers benefit from data center and network architectures built to satisfy the requirements of the most security- sensitive organizations. AWS and its partners offer hundreds of tools and features to help organizations meet their security objectives for visibility, auditability, controllability, and agility. This means that organizations can have the security they need, but without the capital outlay and with much lower operational overhead than in an on-premises environment.

Organizations leveraging AWS inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive customers. The AWS infrastructure has been designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation.

AWS manages the underlying infrastructure, and the organization can secure anything it deploys on AWS. This affords each organization the flexibility and agility they need in security controls. This infrastructure is built and managed not only according to security best practices and standards, but also with the unique needs of the cloud in mind.

AWS ensures that these controls are consistently applied in every new data center or service. Compliance When customers move their production workloads to the AWS Cloud, both parties become responsible for managing the IT environment. Customers are responsible for setting up their environment in a secure and controlled manner.

Customers also need to maintain adequate governance over their entire IT control environment. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS enables customers to build on traditional compliance programs.

This helps organizations establish and operate in an AWS security control environment. Organizations retain complete control and ownership over the region in which their data is physically located, allowing them to meet regional compliance and data residency requirements.

The IT infrastructure that AWS provides to organizations is designed and managed in alignment with security best practices and a variety of IT security standards. While being knowledgeable about all the platform services will allow you to be a well-rounded solutions architect, understanding the services and fundamental concepts outlined in this book will help prepare you for the AWS Certified Solutions Architect — Associate exam.

Subsequent chapters provide a deeper view of the services pertinent to the exam. The console provides an intuitive user interface for performing many tasks. The console also provides information about the account and billing. With just one tool to download and configure, you can control multiple services from the command line and automate them through scripts.

The SDKs provide support for many different programming languages and platforms to allow you to work with your preferred language. Compute and Networking Services AWS provides a variety of compute and networking services to deliver core functionality for businesses to develop and run their workloads. These compute and networking services can be leveraged with the storage, database, and application services to provide a complete solution for computing, query processing, and storage across a wide range of applications.

This section offers a high-level description of the core computing and networking services. Organizations can select from a variety of operating systems and resource configurations memory, CPU, storage, and so on that are optimal for the application profile of each workload. Amazon EC2 presents a true virtual computing environment, allowing organizations to launch compute resources with a variety of operating systems, load them with custom applications, and manage network access permissions while maintaining complete control.

Auto Scaling Auto Scaling allows organizations to scale Amazon EC2 capacity up or down automatically according to conditions defined for the particular workload see Figure 1.

Not only can it be used to help maintain application availability and ensure that the desired number of Amazon EC2 instances are running, but it also allows resources to scale in and out to match the demands of dynamic workloads. Instead of provisioning for peak load, organizations can optimize costs and use only the capacity that is actually needed. Elastic Load Balancing Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud.

It enables organizations to achieve greater levels of fault tolerance in their applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.

Developers can simply upload their application code, and the service automatically handles all the details, such as resource provisioning, load balancing, Auto Scaling, and monitoring.

NET, and Go. With AWS Elastic Beanstalk, organizations retain full control over the AWS resources powering the application and can access the underlying resources at any time. In addition, organizations can extend their corporate data center networks to AWS by using hardware or software virtual private network VPN connections or dedicated circuits by using AWS Direct Connect.

Using AWS Direct Connect, organizations can establish private connectivity between AWS and their data center, office, or colocation environment, which in many cases can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based VPN connections.

It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating human readable names, such as www. Amazon Route 53 also serves as domain registrar, allowing you to purchase and manage domains directly from AWS. This section provides an overview of the storage and content delivery services.

Amazon Simple Storage Service Amazon S3 Amazon Simple Storage Service Amazon S3 provides developers and IT teams with highly durable and scalable object storage that handles virtually unlimited amounts of data and large numbers of concurrent users. Organizations can store any number of objects of any type, such as HTML pages, source code files, image files, and encrypted data, and access them using HTTP-based protocols.

Amazon S3 provides cost-effective object storage for a wide variety of use cases, including backup and recovery, nearline archive, big data analytics, disaster recovery, cloud applications, and content distribution. Amazon Glacier Amazon Glacier is a secure, durable, and extremely low-cost storage service for data archiving and long-term backup.

Organizations can reliably store large or small amounts of data for a very low cost per gigabyte per month. To keep costs low for customers, Amazon Glacier is optimized for infrequently accessed data where a retrieval time of several hours is suitable. Amazon S3 integrates closely with Amazon Glacier to allow organizations to choose the right storage tier for their workloads.

By delivering consistent and low-latency performance, Amazon EBS provides the disk storage needed to run a wide variety of workloads. The service supports industry- standard storage protocols that work with existing applications.

It provides low-latency performance by maintaining a cache of frequently accessed data on-premises while securely storing all of your data encrypted in Amazon S3 or Amazon Glacier. It integrates with other AWS Cloud services to give developers and businesses an easy way to distribute content to users across the world with low latency, high data transfer speeds, and no minimum usage commitments.

Amazon CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content, using a global network of edge locations. Requests for content are automatically routed to the nearest edge location, so content is delivered with the best possible performance to end users around the globe.

Database Services AWS provides fully managed relational and NoSQL database services, and in-memory caching as a service and a petabyte-scale data warehouse solution. This section provides an overview of the products that the database services comprise. Because Amazon RDS manages time- consuming administration tasks, including backups, software patching, monitoring, scaling, and replication, organizational resources can focus on revenue-generating applications and business instead of mundane operational tasks.

Its flexible data model and reliable performance make it a great fit for mobile, web, gaming, ad-tech, Internet of Things, and many other applications. Amazon Redshift Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost effective to analyze structured data.

Amazon Redshift provides a standard SQL interface that lets organizations use existing business intelligence tools. The Amazon Redshift architecture allows organizations to automate most of the common administrative tasks associated with provisioning, configuring, and monitoring a cloud data warehouse. Amazon ElastiCache Amazon ElastiCache is a web service that simplifies deployment, operation, and scaling of an in-memory cache in the cloud. The service improves the performance of web applications by allowing organizations to retrieve information from fast, managed, in-memory caches, instead of relying entirely on slower, disk-based databases.

This section provides an overview of the management tools that AWS provides to organizations. It allows organizations to collect and track metrics, collect and monitor log files, and set alarms. By leveraging Amazon CloudWatch, organizations can gain system-wide visibility into resource utilization, application performance, and operational health.

By using these insights, organizations can react, as necessary, to keep applications running smoothly. AWS CloudFormation AWS CloudFormation gives developers and systems administrators an effective way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. Templates can be submitted to AWS CloudFormation and the service will take care of provisioning and configuring those resources in appropriate order see Figure 1.

The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the service. AWS Config AWS Config is a fully managed service that provides organizations with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.

With AWS Config, organizations can discover existing AWS resources, export an inventory of their AWS resources with all configuration details, and determine how a resource was configured at any point in time.

These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. Security and Identity AWS provides security and identity services that help organizations secure their data and systems on the cloud. The following section explores these services at a high level. Organizations can use it to manage users and groups, provide single sign-on to applications and services, create and apply Group Policies, domain join Amazon EC2 instances, and simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.

AWS WAF gives organizations control over which traffic to allow or block to their web applications by defining customizable web security rules. Application Services AWS provides a variety of managed services to use with applications. The following section explores the application services at a high level. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

It is designed to be a highly scalable and cost-effective way for developers and businesses to convert or transcode media files from their source formats into versions that will play back on devices like smartphones, tablets, and PCs. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel.

Subscribers consume or receive the message or notification over one of the supported protocols when they are subscribed to the topic. Identify your strengths and weaknesses and assess your exam readiness. Focus your study on the knowledge areas where you need to most. This pathway will let you pass your AWS exam first time with confidence.

No products in the cart. Sign in. Ubuntu Unleashed Edition, 12th Edition. Please enter your comment! Please enter your name here. You have entered an incorrect email address! Follow Us! Latest Books. How to create the perfect AWS solutions architect job descriptions. How to write an AWS certified solutions architect resume that stands out. Save hours of work and get a resume like this.

Pick a template, fill it in. Quick and easy. I love your resume. Good job guys, keep up the good work!