「備考歸納2023新版|Aws certified cloud practitioner(CLF-C02)
報考須知
請直接到AWS官網報考(巨匠不提供協助報名之服務),建議選擇「實體」考試,如果您想要「線上」考試的話,需要先下載測試軟體,測試看看您的電腦環境是否可行。
網址如下:
AWS training and certification
如果您英文閱讀會影響到作答時間的話,建議直接報考「繁體中文」,翻譯的品質還可以接受,此外,在測試平台上可以是可以單題切換「英文」,所以有的專有名詞或者服務,您可以切換直接閱讀英文。
備考事前準備(實體)
- 請準備雙證件(含有英文名之證件,如:護照)
- 平靜的心
進考場前,會被要求檢查口袋,此外,貴重物品也不能帶入試場,試場外有櫃子可以上鎖。
過去版本 (CLF-C01) 和現有版本 (CLF-C02) 的比較
{{< image src="https://cdn.jyi.io/img/028e804878bdfff5b3f903b29c37125b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="圖片來源:https://d1.awsstatic.com/zh_TW/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf" title="CLF-C02考試指南">}}
考試範圍
領域 1: 雲端概念 (佔計分內容的 24%) 領域 2: 安全性和合規性 (佔計分內容的 30%) 領域 3: 雲端技術與服務 (佔計分內容的 34%) 領域 4: 帳單、定價和支援 (佔計分內容的 12%)
重點歸納
雲端概念
AWS(Amazon Web Services):
- 成立於 2002 年。
- 超過 100 萬活躍用戶。
- 亞馬遜超過 10% 營收來自 AWS。
- 透過互聯網以按需計價模式提供 IT 基礎設施服務,節省時間、金錢和人力。
AWS 服務分為 23 個 Service Groups: 其中最常用的是 Compute、Storage 和 Database。
上雲的優勢:
- 無需實體伺服器和接線,免除建置伺服機房和維護的麻煩。
- 免去硬體更換和採購的困擾。
雲端計算概念: 雲端計算提供客戶可隨需使用的計算、儲存、資料庫、應用程式等 IT 資源。
雲端收費模式: 按使用量支付,靈活彈性。
虛擬機器監視器 Hypervisor: 用於建立和執行虛擬機器的軟硬體與韌體。
雲端的優勢:
- 資本支出轉為變動費用。
- 從大規模經濟中受益。
- 不需猜測備載容量。
- 提升速度與靈活性。
- 快速進入全球市場。
雲端特點: 彈性、擴展性、經濟實惠。
雲端計算的三種模型:
- IaaS:基礎設施即服務(最大控制權)
- PaaS:平台即服務(次大控制權)
- SaaS:軟體即服務(最小控制權)
雲端安全
推薦的安全實踐: 資安責任區分模型、Well-Architected Framework 的五個支柱、最低權限原則。 {{< image src="https://cdn.jyi.io/img/d52b8a99912253ffe1ded0fa35cc840b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="(圖片來源:https://aws.amazon.com/tw/compliance/shared-responsibility-model/)" title="hared-responsibility-model">}}
AWS 法遵守則:https://aws.amazon.com/compliance
AWS 法遵計畫:https://aws.amazon.com/compliance/programs
AWS 資安責任區分模型:
- 客戶負責雲端內的安全。
- AWS 負責雲端本身的安全。
AWS 安全服務: IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty。
Well-Architected Framework:
五個支柱:
- operational excellence
- security
- reliability
- performance efficiency
- cost optimization
安全:
- IAM
- Detective control
- Infrastructure protection
- Incident response
- Data protection
IAM(身份與存取管理):
- 免費服務。
- 最低權限原則。
- 用於管理用戶、聯合用戶和 IAM 角色。
Security 考試重點:
- 資安責任區分模型
- Well-Architected Framework 的五個支柱
- 最低權限原則
- 安全服務(IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty)
計費與帳務
AWS Billing and Cost Management Dashboard:
- 估計和規劃 AWS 費用。
- 多重帳號可合併帳單。
- 發送費用接近臨界值的告警。
- 使用 Cost Explorer 圖形化呈現費用。
- 按標籤搜尋帳單。
AWS 主要的帳單費用來源:
- Compute(每小時計費的 EC2)
- Storage(每 GB 計費的 S3)
- 出站資料傳輸
費用的計算器:
- TCO 計算器:由於無需購置先期基礎設施,TCO 會降低。
- Pricing Calculator:估算雲端解決方案的費用。
AWS 免費方案:
- Always Free:例如 Lambda(每月 100 萬請求)。
- 12-month Free:例如 EC2(每月 750 小時)。
- Trials試用:例如 SageMaker(每月 250 小時)。
AWS 支援計畫:
- Basic Support Plan:免費,僅處理帳戶和計費問題。
- Developer Support Plan:無限次技術問題,每月 29 美元。
- Business Support Plan:每月 100 美元或帳單的 3-10%,提供無限次且多人支援。
- Enterprise Support Plan:全天候無限次且多人支援,15 分鐘回應。
建議的 AWS 使用計劃:
- Basic 計劃適合免費客戶。
- Developer 計劃適用於測試和原型製作。
- Business 計劃適用於上線產品。
- Enterprise 計劃提供全套 AWS Trusted Advisor 檢查。"
AWS服務彙整
| Category | Service | Explanation |
|---|---|---|
| 分析 | ||
| Amazon Athena | Interactive query service | |
| AWS Data Exchange | Easily find, subscribe to, and use third-party data | |
| Amazon EMR | Big data processing framework | |
| AWS Glue | ETL (Extract, Transform, Load) service | |
| Amazon Kinesis | Real-time data streaming | |
| Amazon MSK | Managed streaming for Apache Kafka | |
| Amazon OpenSearch Service | Managed Elasticsearch service | |
| Amazon QuickSight | Business Intelligence tool | |
| Amazon Redshift | Fully managed data warehouse | |
| 應用程式整合 | ||
| Amazon EventBridge | Serverless event bus for application integration | |
| Amazon SNS | Fully managed pub/sub messaging | |
| Amazon SQS | Fully managed message queuing service | |
| AWS Step Functions | Serverless orchestration service | |
| 商業應用程式 | ||
| Amazon Connect | Cloud-based contact center service | |
| Amazon SES | Email sending and receiving service | |
| 雲端財務管理 | ||
| AWS Billing Conductor | Automated billing and cost management | |
| AWS Budgets | Set custom cost and usage budgets | |
| AWS Cost and Usage Report | Detailed cost and usage information | |
| AWS Cost Explorer | Visualize, understand, and manage AWS costs | |
| AWS Marketplace | Online software store for buying and selling | |
| 運算 | ||
| AWS Batch | Run batch computing workloads | |
| Amazon EC2 | Virtual servers in the cloud | |
| AWS Elastic Beanstalk | Easy deployment and scaling of applications | |
| Amazon Lightsail | Easy compute instances for small applications | |
| AWS Local Zones | Extend AWS to specific geographic areas | |
| AWS Outposts | Extend AWS infrastructure to on-premises | |
| AWS Wavelength | Ultra-low latency applications at the edge | |
| 容器 | ||
| Amazon ECR | Docker container registry | |
| Amazon ECS | Container orchestration service | |
| Amazon EKS | Managed Kubernetes service | |
| 客户參與 | ||
| AWS Activate for Startups | Credits, training, technical support for startups | |
| AWS IQ | Connects customers with AWS Certified freelancers | |
| AWS Managed Services (AMS) | Operate AWS infrastructure on behalf of customers | |
| AWS Support | Subscriptions for access to AWS support | |
| 資料庫 | ||
| Amazon Aurora | MySQL and PostgreSQL-compatible relational DB | |
| Amazon DynamoDB | NoSQL database service | |
| Amazon MemoryDB for Redis | Fully managed Redis-compatible in-memory database | |
| Amazon Neptune | Fully managed graph database service | |
| Amazon RDS | Relational Database Service | |
| 開發人員工具 | ||
| AWS AppConfig | Create, deploy, and manage application configurations | |
| AWS CLI | Command-line interface for AWS | |
| AWS Cloud9 | Cloud-based integrated development environment | |
| AWS CloudShell | Browser-based command-line interface | |
| AWS CodeArtifact | Software package repository service | |
| AWS CodeBuild | Fully managed build service | |
| AWS CodeCommit | Source control service using Git | |
| AWS CodeDeploy | Automated deployment service | |
| AWS CodePipeline | Continuous integration and continuous delivery | |
| AWS CodeStar | Develop, build, and deploy applications on AWS | |
| AWS X-Ray | Distributed tracing for applications | |
| 終端使用者運算 | ||
| Amazon AppStream 2.0 | Stream desktop applications to users | |
| Amazon WorkSpaces | Desktop-as-a-Service (DaaS) | |
| Amazon WorkSpaces Web | Web access to virtual desktops | |
| 前端 Web 和行動應用 | ||
| AWS Amplify | Build scalable and secure cloud-powered applications | |
| AWS AppSync | Managed GraphQL service | |
| AWS Device Farm | Test Android, iOS, and web apps on real devices | |
| 物聯網 (IoT) | ||
| AWS IoT Core | Secure, scalable IoT communication | |
| AWS IoT Greengrass | Extend AWS IoT functionality to edge devices | |
| 機器學習 | ||
| Amazon Comprehend | Natural language processing service | |
| Amazon Kendra | Enterprise search service | |
| Amazon Lex | Build chatbots and conversational interfaces | |
| Amazon Polly | Text-to-speech service | |
| Amazon Rekognition | Image and video analysis service | |
| Amazon SageMaker | Build, train, and deploy machine learning models | |
| Amazon Textract | Extract text, forms, and tables from documents | |
| Amazon Transcribe | Automatic speech recognition service | |
| Amazon Translate | Neural machine translation service | |
| 管理與控管 | ||
| AWS Auto Scaling | Automatically adjust capacity based on demand | |
| AWS CloudFormation | Infrastructure as Code (IaC) service | |
| AWS CloudTrail | Record and monitor AWS API requests | |
| Amazon CloudWatch | Monitor resources and applications | |
| AWS Compute Optimizer | Recommend optimal AWS resources | |
| AWS Config | Assess, audit, and evaluate configurations | |
| AWS Control Tower | Set up and govern a secure, multi-account AWS environment | |
| AWS Health Dashboard | Personalized view of the status of AWS resources | |
| AWS Launch Wizard | Simplify launching AWS applications | |
| AWS License Manager | Track and manage software licenses | |
| AWS 管理主控台 | Centralized management console for AWS | |
| AWS Organizations | Consolidate multiple AWS accounts into an organization | |
| AWS Resource Groups 和 Tag Editor | Organize and manage resources using tags | |
| AWS Service Catalog | Create and manage catalogs of IT services | |
| AWS Systems Manager | Gain operational insights and take action | |
| AWS Trusted Advisor | Optimize AWS resources for performance and security | |
| AWS Well-Architected Tool | Review and improve your workload architecture | |
| 遷移和傳輸 | ||
| AWS Application Discovery Service | Discover and understand enterprise applications | |
| AWS Application Migration Service | Migrate applications to AWS | |
| AWS Database Migration Service (AWS DMS) | Migrate databases to AWS | |
| AWS Migration Hub | Plan and track migrations | |
| AWS Schema Conversion Tool (AWS SCT) | Convert database schema to AWS-compatible format | |
| AWS Snow Family | Physical devices to transfer data to/from AWS | |
| AWS Transfer Family | Securely transfer files to and from AWS | |
| 連網和內容交付 | ||
| Amazon API Gateway | Create, deploy, and manage APIs | |
| Amazon CloudFront | Content delivery network (CDN) | |
| AWS Direct Connect | Dedicated network connection to AWS | |
| AWS Global Accelerator | Improve global application availability and performance | |
| Amazon Route 53 | Scalable domain name system (DNS) | |
| Amazon VPC | Isolated virtual networks for AWS resources | |
| AWS VPN | Securely connect on-premises networks to AWS | |
| 安全、身分與合規 | ||
| AWS Artifact | On-demand access to AWS compliance reports | |
| AWS Audit Manager | Simplify the auditing process | |
| AWS Certificate Manager (ACM) | Provision, manage, and deploy SSL/TLS certificates | |
| AWS CloudHSM | Hardware-based key storage for regulatory compliance | |
| Amazon Cognito | Identity and user management for web and mobile apps | |
| Amazon Detective | Analyze, investigate, and respond to security issues | |
| AWS Directory Service | Managed Active Directory in the cloud | |
| AWS Firewall Manager | Centralized management of AWS WAF and security groups | |
| Amazon GuardDuty | Threat detection service | |
| AWS IAM | Identity and Access Management for AWS resources | |
| AWS IAM Identity Center (AWS Single Sign-On) | Cloud Single Sign-On (SSO) service | |
| Amazon Inspector | Automated security assessment service | |
| AWS KMS | Key management service for creating and controlling cryptographic keys | |
| Amazon Macie | Discover, classify, and protect sensitive data | |
| AWS Network Firewall | Managed firewall service | |
| AWS RAM | Share AWS resources with any AWS account | |
| AWS Secrets Manager | Securely store and manage sensitive information | |
| AWS Security Hub | Comprehensive view of security alerts and compliance status | |
| AWS Shield | DDoS protection service | |
| AWS WAF | Web Application Firewall service | |
| 無伺服器 | ||
| AWS Fargate | Run containers without managing the underlying infrastructure | |
| AWS Lambda | Run code without provisioning or managing servers | |
| 儲存 | ||
| AWS Backup | Centralized backup service for AWS resources | |
| Amazon EBS | Block-level storage volumes for EC2 instances | |
| Amazon EFS | Fully managed file storage service | |
| AWS Elastic Disaster Recovery | Cost-effective, highly scalable disaster recovery solution | |
| Amazon FSx | Fully managed file storage for Windows and Lustre | |
| Amazon S3 | Scalable object storage with data durability | |
| Amazon S3 Glacier | Low-cost archival storage with configurable retrieval times | |
| AWS Storage Gateway | Hybrid cloud storage service |