Show Menu
Cheatography

AWS CCP CLF-C02 Cheat Sheet (DRAFT) by

AWS CCP Study Guide CLF-C02 https://aws.amazon.com/certification/certified-cloud-practitioner/?c=sec&sec=resources

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Free Resources

Not sure where to Start?

Take a look at the possible routes below. Try making your own!
Get a Baseline- Start by taking a practice test before doing any studying to see where you are at. Then, based on the result from your practice exam, start studying foreign concepts.
Hands on Learning - Start by visiting aws workshops and start a lab and learn along the way. take notes and refer back to the exam criteria to make sure you are on track.
Study Buddy - Work with a friend to set up regular sessions to study for the exam and quiz each other on what you learned throughout the week. Compile your notes together for an intera­ctive study experience
Q&A - Browse any of the free resources and start to take written notes. Once you complete your notes, come up with your own exam questions. Come back to them later and see if you know the answer or share with a friend

Acronyms

ACL
CDN
ECS
HVM
OLA
RAID
SLR
ABAC
CG
EFA
IAM
OLTP
RDS
SNI
ACM
CIDR
EIP
IFS
OSI
RPO
SNS
AMI
CMK
ELB
IKE
PaaS/S­aaS­/IaaS
RRS
SQS
AMZN
CRR
EMR
IOPS
PhD
RTO
WSFC
API
DDoS
ENA
J2EE
PIOPS
SAM
STS
ASG
DNS
ENI
JSON
PKE
SAML
TAM
ASN
EBS
FPS
KMS
PKI
SAN
TCO
AWS
EC2
HIDS
MFA
PV
SET
VIF
AZ
ECR
HSM
NAT
QLDB
SES
VPC
WAF
VPS
VPS
SIA
SHD
SG
VPG
SSH
HTTPS
HTTP
KP
SIP
SID
VLAN

Paid Resources

Video recs

Practice Tests

Content Outline

This CLF-C02 cheat sheet is short and not all inclusive for the content on the exam.

However, additional context for each task statement is available to help you prepare for the exam.

The exam has the following content domains and weight­ings:
• Domain 1: Cloud Concepts (24% of scored content)
• Domain 2: Security and Compliance (30% of scored content)
• Domain 3: Cloud Technology and Services (34% of scored content)
• Domain 4: Billing, Pricing, and Support (12% of scored content)

The most up to date info regarding this exam can be found at https:­//d­1.a­wss­tat­ic.c­om­/tr­ain­ing­-an­d-c­ert­ifi­cat­ion­/do­cs-­clo­ud-­pra­cti­tio­ner­/AW­S-C­ert­ifi­ed-­Clo­ud-­Pra­cti­tio­ner­_Ex­am-­Gui­de.pdf

Chapter 4: Shared Respon­sib­ility Model

Chapter 7: Core Compute Services

 
pg 120-135
Domains 3.1, 3.3, 4.1-4.2

Chapter 6 part 3

 
Domains 2.2, 2.4, 3.1,3.3­-3.6, 4.2
pgs 82-118

Chapter 6 part 2

 
Domains 2.2, 2.4, 3.1,3.3­-3.6, 4.2
pgs 82-118

Chapter 6 part 1

 
Domains 2.2, 2.4, 3.1,3.3­-3.6, 4.2
pgs 82-118

Chapter 5 cont - AWS Sec and Compliance Tools

AWS Compliance
AMZ Inspector
AMZ GuardDuty
AWS Secret Manager
AMZ Detective
AWS Audit Manager
AWS Cloud HSM
AWS RAM
AWS Security Hub
AMZ = Amazon
RAM = Resource Access Manager
HSM = Hardware Security Module

Chapter 5: 2.2, 2.3 IAM

Root User
Auth for expenses, launching resources. Protect w MFA, complex pass, use IAM user not root if possible. Should NEVER be assigned keys
Best Practices
Access keys used for remote log ins. Key pair likely required
 
You can configure your own password policy
 
something you know, something you have,
 
U2F - Universal 2nd factor
 
Users/­Gro­ups­/Roles should be used for efficiency and security (trusted entity for a rolecan be a service, 3rd party IDP, or specific AWS acc)
Access Keys (not MFA)
AWS mngmt console can generate them, keys are only shown once. Never show in plaintext. You can deactivate keys
SSH - Secure Shell Protocol
tool for encrypting remote sessions. Encryption can be decrypted with a key, ssh managed both de/enc­ryption as long as compatible keys are present at both sides of connection
 
to luanch a new EC2 linux instance user existing or new SSH pair. only one opp to download
 
must be invoked in connection cmd. You can launch actively in windows machines
Federated Access
SAML can be used, or AD. SSO can be used if prior are integr­ated. AWS Directory Service can be used. Can download user reports
Encryption
KMS - AWS Key Management Service. This will apply encryption using a CMK (customer master key). Can add/remove keys through KMS dashboard
 
Any data managed by AWS Service can be encrypted (includes RDS, DynamoDBs, EBS attached to EC2s, S3 only works with server side encryp­tion, not client side. encrypt data before uploading to S3 w/ KMS-ma­naged CMK or client side master key
AWS Artifact
Regulatory Complaince
 
Links and Docs describing various regulatory standards. Various reports
 
ex: FedRAMP, GC, APRA, PCI DSS, AOC, SOC, SOX
pg 67-76

Chapter 4 pt 2: Domains 2.1, 3.1, 3.2

AWS Outposts (on-prem physical AWS instal­led­&m­ain­tained server)
Brings AWS infras­tru­ctu­re/­ser­vices to on prem data center­s/c­olo­cat­ions. Hybrid experi­ence, APIs/AWS services can be run locally. Helps to run low latency, local data proces­sing, or data residency.
Covered Services
EC2, Elastic Block Store, and Amazon File Storage
AWS Local Zones (diff from regions)
33 locations. Designed to serve cities­/metro areas w/ ultra low-la­tency access. Must be run in local zone data centers. Covered services are preferred, not all AWS services are available
AWS Wavelength
addresses need for ultra-low latency and high-b­and­width for mobile users. Does not extend tradit­ional networ­ks/comp infras­tru­cture. Brings to 5G network. AWS co-locates physical infra with telecomms facilities
 
deploying these at the edge of the network dev can run apps in proximity to 5g base stations, decreases net latency. Best for VR or AR deploy­ments
AWS Shared Respon­sib­ility Model
See graphic in cheat sheet
 
Customer is respon­sible for what's IN the cloud. AWS is respon­sible for the cloud itself
 
applies to IaaS, SaaS, PaaS
Managed vs Unmanaged
Managed cloud service - will "­hid­e" backend config­s/admin work to run service. Allows you to focus on outcom­e/b­usiness
 
RDS - stand alone database can be run in this (partially managed service). Could be managed with Elastic Beanstalk (handles instan­ces­/st­ora­ge/DBs)
 
Unmanaged - ex: EC2 - Client cares for op system and everything on it. Sliding scale
 
If you can edit it, you own it
Service Health Status
Good for troubl­esh­ooting. Service Health Dashboard will report outages within 1-2mins of outage
AUP does not tolerate illegal activity
 
 
Of vs In the cloud
pg 55-64

Chapter 4 pt 1: Domains 2.1, 3.1, 3.2

Regionally based services
The hardware for an instance will only use one AWS region, true for all instance types (Lambda, EC2, S3, EBS) Phys host must be in one region. can rul parallel resources in multiple regions (recco­mended for data soveri­gnt­y/d­ura­bil­ity­/ac­cess). Check region status often
 
Dividing resources among regions allows you to locate infras­tucture geogra­phi­cally closer to you w/ low latency, meet reg complaince w/ legal and banking rules, and isolate groups of resources for greatest latency
 
must know how to identify what region you are working in ex:
ec2.us­-ea­st-­1.a­maz­ona­ws.com
vs
rds.eu­-we­st-­3.a­maz­ona­ws.com
Globally Based Services
Resources are not tied to any one region. EX: IAM, CDN, S3
Availa­bility Zones (AZ)
One Region has at least 2 AZs w/ low latency network links. No two AZs will ever share resources from a single phys data center
 
Design­ations: subnet/AZ combo = host enviro­nment. AZs are dispalyed out of order to ensure availa­bility.
 
Be familiar with subnet­ting. Distribute prod over multiple subnets for high availa­bility and low fault tolerance
 
Private IPv4 address range"
192.16­8.0.0
to
192.16­8.2­55.255
. Can be dividied into smaller and smaller subnets. AWS allows 200 subnets per AZ. Other range inclides
172.16.0.0
to
172.31.25­5.255
 
If you see IP address in AWS config dialog box, youre looking at IP address subnet range
AZ cont - High Availa­bility
Hardware will fail at some point. Single point of failure refers to no stored backups. Redundancy is the only effective protection against failure and must also be geo parallel. Cloud resilience is often cheaper.
 
AWS avoids app failure via auto-s­caling and load balancing
Global Infras­tru­cture: Edge Locations
Edge Location is a site where AWS provides low latency user access to Amazon based data by deploying physical server infras­tru­cture. These are different because they do not offer full range of AWS services. Helps direct traffic.
pg 46-54

Chapter 3 Notes; Domains 2.4, 3.8, 4.3

4 Levels of Support Plans
Basic - free plan
 
Developer - starts at $29, includes Core TA checks, 8am-6pm local time web access, general guidance within 24 business hours, system impaired help within 12 business hours
 
Business - starts at $100, general guidance within 24 business hours, 24/7 web chat/phone engineer access, prod sys down help within 1 hr, all TA checks. Can also have IEM for more $$
 
Enterprise - starts at $15k/m­onth. general guidance within 24 business hours, 24/7 web chat/phone engineer access, prod sys down help within 1 hr, all TA checks, Business crit sys down help in 15 mins. A technical account manager (TAM) is a guide/­adv­ocate for your account.
 
AWS Partner Network (APN) - Profes­sional Services Team
Docume­ntation
SDKs are available. Helps users to look into strate­gies, guides, and more
 
Knowledge Center - FAQ page sorted by service. Discussion forums are also available re:Post
Trusted Advisor (ONLY AVAILABLE FOR BUSINESS OR ENTERPRISE SUBSCR­IBERS)
visually confirms if account resource configs are compli­ant­/safe w/ best practice. Alerts across 5 catego­ries: Cost Optimi­zation, Perfor­mance, Security, Fault Tolerance, and Service Limits
 
Basic Support and Dev have service limits w/ some security info, whereas Business and enterprise get all alerts
pg 30-43

Chapter 2 Notes: Domain 4.1-4.3

Free Tier
Can run for up to 750 hrs per month using a t2.micro EC2 instance. Can be used to run light relational database workloads with Amazin Relational Database Services (RDS). Can store up to 5GB in S3 buckets. Lasts for 12 months. Two ways to monitor user: email alerts and tracking tool at bottom of billing dashboard. PUT and GET requests in 23 buckets have limits
 
12 month free: 30GB of magnetic or SSD from EBS, 500MB free storage with ECR, 1 TB of outbound data, 1 million API calls on API Gateway
 
Perman­ently Free:10 monitoring metirc­s/a­larms on Amazon CloudW­atch, 62000 outbound emails­/month w/ SES, 3.2 million seconds of compute time, one million requests w/ Lambda
Budgeting
Rates change with how much storage is needed, pricing varies by regions. For EC2, you can choose between pricing types (on-de­mand, spot, saving­s,r­eserve instances, dedicated host pricing)
 
Can use AWS pricing calculator for estimating cost. 2 main benefits: pricing is real time and can visualize the impacts of each element fiscally
 
Can utilize the billing dashboard, can create one of three budget types: Usage Budgets, cost budgets, reserv­ation instance or coverage budget, or savings plan coverage
 
Other tools: Cost explorer (visua­lizes account's historical usage), Cost/usage reports (show full range of activity), Cost allocation tags (resource tags, cost allocation tags), and AWS Organi­zations (centr­alizes admin of multiple AWS accounts for alloca­tion)
Service Limits
Can only launch 20 reserved instances within EC2 each month so all classes of resources are reliable. Limits are adjustable
Resource requests can be refused.

Exam study guide pgs 14-25

Notes: Domain 1.1-1.3

-AWS allows for sufficient compute, memory, network, and storage resources. Global infras­tru­cture is also efficient
-Lots of redundancy so that if one part fails, there is always a failover
-Alloc­ation of resources is automated via the metered pay model
-CapEx (Capital Expenses) relates to on-prem solutions and hardware. Cloud solutions do not have any CapEx.
-Server virtua­liz­ation. VMs are created and access storag­e/c­omp­uting resources from the host server. Virtua­liz­ation offers two main benefits: Speed/­Eff­iciency
-located in a physical server: Compute to Storage to Hypervisor (VM Admin Software) to the virtual machine. Storage is attached to it
-On prem, IaaS, PaaS, Saas
-Serve­rless workloads allow for users to run on cloud servers. Provided by AWS Lambda server­vices, makes code that is REACTI­ONARY.
-Scala­bility allows apps to grow automa­tically based on organi­zat­ional needs
-Elast­icity matches compute power w/ rising and falling demand. Ex: AWS Auto Scaling. Will operate within its limits