「備考歸納2023新版|Aws certified cloud practitioner(CLF-C02)
報考須知
請直接到AWS官網報考(巨匠不提供協助報名之服務),建議選擇「實體」考試,如果您想要「線上」考試的話,需要先下載測試軟體,測試看看您的電腦環境是否可行。
網址如下:
AWS training and certification
如果您英文閱讀會影響到作答時間的話,建議直接報考「繁體中文」,翻譯的品質還可以接受,此外,在測試平台上可以是可以單題切換「英文」,所以有的專有名詞或者服務,您可以切換直接閱讀英文。
備考事前準備(實體)
- 請準備雙證件(含有英文名之證件,如:護照)
- 平靜的心
進考場前,會被要求檢查口袋,此外,貴重物品也不能帶入試場,試場外有櫃子可以上鎖。
過去版本 (CLF-C01) 和現有版本 (CLF-C02) 的比較
{{< image src="https://cdn.jyi.io/img/028e804878bdfff5b3f903b29c37125b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="圖片來源:https://d1.awsstatic.com/zh_TW/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf" title="CLF-C02考試指南">}}
考試範圍
領域 1: 雲端概念 (佔計分內容的 24%) 領域 2: 安全性和合規性 (佔計分內容的 30%) 領域 3: 雲端技術與服務 (佔計分內容的 34%) 領域 4: 帳單、定價和支援 (佔計分內容的 12%)
重點歸納
雲端概念
AWS(Amazon Web Services):
- 成立於 2002 年。
- 超過 100 萬活躍用戶。
- 亞馬遜超過 10% 營收來自 AWS。
- 透過互聯網以按需計價模式提供 IT 基礎設施服務,節省時間、金錢和人力。
AWS 服務分為 23 個 Service Groups: 其中最常用的是 Compute、Storage 和 Database。
上雲的優勢:
- 無需實體伺服器和接線,免除建置伺服機房和維護的麻煩。
- 免去硬體更換和採購的困擾。
雲端計算概念: 雲端計算提供客戶可隨需使用的計算、儲存、資料庫、應用程式等 IT 資源。
雲端收費模式: 按使用量支付,靈活彈性。
虛擬機器監視器 Hypervisor: 用於建立和執行虛擬機器的軟硬體與韌體。
雲端的優勢:
- 資本支出轉為變動費用。
- 從大規模經濟中受益。
- 不需猜測備載容量。
- 提升速度與靈活性。
- 快速進入全球市場。
雲端特點: 彈性、擴展性、經濟實惠。
雲端計算的三種模型:
- IaaS:基礎設施即服務(最大控制權)
- PaaS:平台即服務(次大控制權)
- SaaS:軟體即服務(最小控制權)
雲端安全
推薦的安全實踐: 資安責任區分模型、Well-Architected Framework 的五個支柱、最低權限原則。 {{< image src="https://cdn.jyi.io/img/d52b8a99912253ffe1ded0fa35cc840b.png" ratio="16x9" wrapper="col-12 mx-auto" caption="(圖片來源:https://aws.amazon.com/tw/compliance/shared-responsibility-model/)" title="hared-responsibility-model">}}
AWS 法遵守則:https://aws.amazon.com/compliance
AWS 法遵計畫:https://aws.amazon.com/compliance/programs
AWS 資安責任區分模型:
- 客戶負責雲端內的安全。
- AWS 負責雲端本身的安全。
AWS 安全服務: IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty。
Well-Architected Framework:
五個支柱:
- operational excellence
- security
- reliability
- performance efficiency
- cost optimization
安全:
- IAM
- Detective control
- Infrastructure protection
- Incident response
- Data protection
IAM(身份與存取管理):
- 免費服務。
- 最低權限原則。
- 用於管理用戶、聯合用戶和 IAM 角色。
Security 考試重點:
- 資安責任區分模型
- Well-Architected Framework 的五個支柱
- 最低權限原則
- 安全服務(IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty)
計費與帳務
AWS Billing and Cost Management Dashboard:
- 估計和規劃 AWS 費用。
- 多重帳號可合併帳單。
- 發送費用接近臨界值的告警。
- 使用 Cost Explorer 圖形化呈現費用。
- 按標籤搜尋帳單。
AWS 主要的帳單費用來源:
- Compute(每小時計費的 EC2)
- Storage(每 GB 計費的 S3)
- 出站資料傳輸
費用的計算器:
- TCO 計算器:由於無需購置先期基礎設施,TCO 會降低。
- Pricing Calculator:估算雲端解決方案的費用。
AWS 免費方案:
- Always Free:例如 Lambda(每月 100 萬請求)。
- 12-month Free:例如 EC2(每月 750 小時)。
- Trials試用:例如 SageMaker(每月 250 小時)。
AWS 支援計畫:
- Basic Support Plan:免費,僅處理帳戶和計費問題。
- Developer Support Plan:無限次技術問題,每月 29 美元。
- Business Support Plan:每月 100 美元或帳單的 3-10%,提供無限次且多人支援。
- Enterprise Support Plan:全天候無限次且多人支援,15 分鐘回應。
建議的 AWS 使用計劃:
- Basic 計劃適合免費客戶。
- Developer 計劃適用於測試和原型製作。
- Business 計劃適用於上線產品。
- Enterprise 計劃提供全套 AWS Trusted Advisor 檢查。"
AWS服務彙整
Category | Service | Explanation |
---|---|---|
分析 | ||
Amazon Athena | Interactive query service | |
AWS Data Exchange | Easily find, subscribe to, and use third-party data | |
Amazon EMR | Big data processing framework | |
AWS Glue | ETL (Extract, Transform, Load) service | |
Amazon Kinesis | Real-time data streaming | |
Amazon MSK | Managed streaming for Apache Kafka | |
Amazon OpenSearch Service | Managed Elasticsearch service | |
Amazon QuickSight | Business Intelligence tool | |
Amazon Redshift | Fully managed data warehouse | |
應用程式整合 | ||
Amazon EventBridge | Serverless event bus for application integration | |
Amazon SNS | Fully managed pub/sub messaging | |
Amazon SQS | Fully managed message queuing service | |
AWS Step Functions | Serverless orchestration service | |
商業應用程式 | ||
Amazon Connect | Cloud-based contact center service | |
Amazon SES | Email sending and receiving service | |
雲端財務管理 | ||
AWS Billing Conductor | Automated billing and cost management | |
AWS Budgets | Set custom cost and usage budgets | |
AWS Cost and Usage Report | Detailed cost and usage information | |
AWS Cost Explorer | Visualize, understand, and manage AWS costs | |
AWS Marketplace | Online software store for buying and selling | |
運算 | ||
AWS Batch | Run batch computing workloads | |
Amazon EC2 | Virtual servers in the cloud | |
AWS Elastic Beanstalk | Easy deployment and scaling of applications | |
Amazon Lightsail | Easy compute instances for small applications | |
AWS Local Zones | Extend AWS to specific geographic areas | |
AWS Outposts | Extend AWS infrastructure to on-premises | |
AWS Wavelength | Ultra-low latency applications at the edge | |
容器 | ||
Amazon ECR | Docker container registry | |
Amazon ECS | Container orchestration service | |
Amazon EKS | Managed Kubernetes service | |
客户參與 | ||
AWS Activate for Startups | Credits, training, technical support for startups | |
AWS IQ | Connects customers with AWS Certified freelancers | |
AWS Managed Services (AMS) | Operate AWS infrastructure on behalf of customers | |
AWS Support | Subscriptions for access to AWS support | |
資料庫 | ||
Amazon Aurora | MySQL and PostgreSQL-compatible relational DB | |
Amazon DynamoDB | NoSQL database service | |
Amazon MemoryDB for Redis | Fully managed Redis-compatible in-memory database | |
Amazon Neptune | Fully managed graph database service | |
Amazon RDS | Relational Database Service | |
開發人員工具 | ||
AWS AppConfig | Create, deploy, and manage application configurations | |
AWS CLI | Command-line interface for AWS | |
AWS Cloud9 | Cloud-based integrated development environment | |
AWS CloudShell | Browser-based command-line interface | |
AWS CodeArtifact | Software package repository service | |
AWS CodeBuild | Fully managed build service | |
AWS CodeCommit | Source control service using Git | |
AWS CodeDeploy | Automated deployment service | |
AWS CodePipeline | Continuous integration and continuous delivery | |
AWS CodeStar | Develop, build, and deploy applications on AWS | |
AWS X-Ray | Distributed tracing for applications | |
終端使用者運算 | ||
Amazon AppStream 2.0 | Stream desktop applications to users | |
Amazon WorkSpaces | Desktop-as-a-Service (DaaS) | |
Amazon WorkSpaces Web | Web access to virtual desktops | |
前端 Web 和行動應用 | ||
AWS Amplify | Build scalable and secure cloud-powered applications | |
AWS AppSync | Managed GraphQL service | |
AWS Device Farm | Test Android, iOS, and web apps on real devices | |
物聯網 (IoT) | ||
AWS IoT Core | Secure, scalable IoT communication | |
AWS IoT Greengrass | Extend AWS IoT functionality to edge devices | |
機器學習 | ||
Amazon Comprehend | Natural language processing service | |
Amazon Kendra | Enterprise search service | |
Amazon Lex | Build chatbots and conversational interfaces | |
Amazon Polly | Text-to-speech service | |
Amazon Rekognition | Image and video analysis service | |
Amazon SageMaker | Build, train, and deploy machine learning models | |
Amazon Textract | Extract text, forms, and tables from documents | |
Amazon Transcribe | Automatic speech recognition service | |
Amazon Translate | Neural machine translation service | |
管理與控管 | ||
AWS Auto Scaling | Automatically adjust capacity based on demand | |
AWS CloudFormation | Infrastructure as Code (IaC) service | |
AWS CloudTrail | Record and monitor AWS API requests | |
Amazon CloudWatch | Monitor resources and applications | |
AWS Compute Optimizer | Recommend optimal AWS resources | |
AWS Config | Assess, audit, and evaluate configurations | |
AWS Control Tower | Set up and govern a secure, multi-account AWS environment | |
AWS Health Dashboard | Personalized view of the status of AWS resources | |
AWS Launch Wizard | Simplify launching AWS applications | |
AWS License Manager | Track and manage software licenses | |
AWS 管理主控台 | Centralized management console for AWS | |
AWS Organizations | Consolidate multiple AWS accounts into an organization | |
AWS Resource Groups 和 Tag Editor | Organize and manage resources using tags | |
AWS Service Catalog | Create and manage catalogs of IT services | |
AWS Systems Manager | Gain operational insights and take action | |
AWS Trusted Advisor | Optimize AWS resources for performance and security | |
AWS Well-Architected Tool | Review and improve your workload architecture | |
遷移和傳輸 | ||
AWS Application Discovery Service | Discover and understand enterprise applications | |
AWS Application Migration Service | Migrate applications to AWS | |
AWS Database Migration Service (AWS DMS) | Migrate databases to AWS | |
AWS Migration Hub | Plan and track migrations | |
AWS Schema Conversion Tool (AWS SCT) | Convert database schema to AWS-compatible format | |
AWS Snow Family | Physical devices to transfer data to/from AWS | |
AWS Transfer Family | Securely transfer files to and from AWS | |
連網和內容交付 | ||
Amazon API Gateway | Create, deploy, and manage APIs | |
Amazon CloudFront | Content delivery network (CDN) | |
AWS Direct Connect | Dedicated network connection to AWS | |
AWS Global Accelerator | Improve global application availability and performance | |
Amazon Route 53 | Scalable domain name system (DNS) | |
Amazon VPC | Isolated virtual networks for AWS resources | |
AWS VPN | Securely connect on-premises networks to AWS | |
安全、身分與合規 | ||
AWS Artifact | On-demand access to AWS compliance reports | |
AWS Audit Manager | Simplify the auditing process | |
AWS Certificate Manager (ACM) | Provision, manage, and deploy SSL/TLS certificates | |
AWS CloudHSM | Hardware-based key storage for regulatory compliance | |
Amazon Cognito | Identity and user management for web and mobile apps | |
Amazon Detective | Analyze, investigate, and respond to security issues | |
AWS Directory Service | Managed Active Directory in the cloud | |
AWS Firewall Manager | Centralized management of AWS WAF and security groups | |
Amazon GuardDuty | Threat detection service | |
AWS IAM | Identity and Access Management for AWS resources | |
AWS IAM Identity Center (AWS Single Sign-On) | Cloud Single Sign-On (SSO) service | |
Amazon Inspector | Automated security assessment service | |
AWS KMS | Key management service for creating and controlling cryptographic keys | |
Amazon Macie | Discover, classify, and protect sensitive data | |
AWS Network Firewall | Managed firewall service | |
AWS RAM | Share AWS resources with any AWS account | |
AWS Secrets Manager | Securely store and manage sensitive information | |
AWS Security Hub | Comprehensive view of security alerts and compliance status | |
AWS Shield | DDoS protection service | |
AWS WAF | Web Application Firewall service | |
無伺服器 | ||
AWS Fargate | Run containers without managing the underlying infrastructure | |
AWS Lambda | Run code without provisioning or managing servers | |
儲存 | ||
AWS Backup | Centralized backup service for AWS resources | |
Amazon EBS | Block-level storage volumes for EC2 instances | |
Amazon EFS | Fully managed file storage service | |
AWS Elastic Disaster Recovery | Cost-effective, highly scalable disaster recovery solution | |
Amazon FSx | Fully managed file storage for Windows and Lustre | |
Amazon S3 | Scalable object storage with data durability | |
Amazon S3 Glacier | Low-cost archival storage with configurable retrieval times | |
AWS Storage Gateway | Hybrid cloud storage service |