Exam (elaborations) TEST BANK FOR AWS Certified SysOps Administrator Official Study Guide By Stephen Cole et. al

Exam (elaborations) TEST BANK FOR AWS Certified SysOps Administrator Official Study Guide By Stephen Cole et. al AWS Certified SysOps Administrator Official Study Guide - Associate Exam Stephen Cole, Gareth Digby, Christopher Fitch, Steve Friedberg, Shaun Qualheim, Jerry Rhoads, Michael Roth, Blaine Sundrud Contents at a Glance Foreword xix Introduction xxi Assessment Test xxvi Chapter 1 Introduction to Systems Operations on AWS 1 Chapter 2 Working with AWS Cloud Services 23 Chapter 3 Security and AWS Identity and Access Management (IAM) 41 Chapter 4 Compute 107 Chapter 5 Networking 151 Chapter 6 Storage Systems 207 Chapter 7 Databases 249 Chapter 8 Application Deployment and Management 313 Chapter 9 Monitoring and Metrics 363 Chapter 10 High Availability 441 Appendix Answers to the Review Questions 481 Index 499 Contents Foreword xix Introduction xxi Assessment Test xxvi Chapter 1 Introduction to Systems Operations on AWS 1 Systems Operators 2 Deploying Systems 2 Monitoring Systems 2 Optimizing Systems 3 Fortifying Systems 3 Securing Systems 3 AWS Certified SysOps Administrator - Associate 4 Which AWS Services Should You Study? 4 Reference Architecture: The Three-Tier Design 5 Introduction to the Three-Tier Design 5 Sample Scenario 6 Reference Architecture: The Serverless Design 14 Key Product: Serverless Design 17 Summary 18 Exam Essentials 18 Key Pieces to Study 19 Review Questions 20 Chapter 2 Working with AWS Cloud Services 23 Introduction to AWS Cloud Services 24 Systems Operations Using the AWS Toolset 24 AWS Software Development Kits (SDKs) 30 AWS Internet of Things (IoT) and Mobile Software Development Kits (SDKs) 33 Summary 34 Exam Essentials 35 Resources to Review 35 Exercises 35 Review Questions 38 Chapter 3 Security and AWS Identity and Access Management (IAM) 41 Security on AWS 43 Shared Responsibility Model 43 AWS Security Responsibilities 43 x Contents Customer Security Responsibilities 44 AWS Global Infrastructure Security 44 Physical and Environmental Security 46 Business Continuity Management 47 Network Security 48 Network Monitoring and Protection 49 AWS Compliance Program 50 Securing Your AWS Account with AWS Identity and Access Management (IAM) 51 IAM User 52 IAM Groups 56 IAM Policies 56 IAM Roles 57 Best Practices for Securing Your AWS Account 58 Securing Your AWS Cloud Services 59 Key Pairs 59 Monitoring to Enhance Security 62 AWS CloudTrail 62 Amazon Virtual Private Cloud (Amazon VPC) Flow Logs 62 Amazon CloudWatch 63 AWS Config 63 Amazon Inspector 64 AWS Certificate Manager 64 AWS Web Application Firewall (AWS WAF) 64 AWS Trusted Advisor 64 AWS Cloud Service-Specific Security 65 Compute Services 65 Networking 69 Storage 75 AWS Storage Gateway Security 80 Database 80 Application Services 88 Analytics Services 89 Deployment and Management Services 91 Mobile Services 92 Applications 94 Summary 95 Exam Essentials 96 Exercises 98 Review Questions 103 Chapter 4 Compute 107 Introduction to AWS Compute Services 109 Amazon Elastic Compute Cloud (Amazon EC2) 111 Implementation 111 Management 117 Security 122 Contents xi Amazon EC2 Container Service (Amazon ECS) 123 Implementation 124 Management 124 Security 125 AWS Elastic Beanstalk 125 Languages Supported in AWS Elastic Beanstalk 126 Services that AWS Elastic Beanstalk Deploys 126 Management 126 Security 127 AWS Lambda 128 Implementation 128 Management 130 Security 130 Amazon Lightsail 130 Implementation 131 Management 131 Security 133 AWS Batch 133 Implementation 133 Management 135 Security 135 Summary 135 Exam Essentials 136 Resources to Review 139 Exercises 140 Review Questions 146 Chapter 5 Networking 151 Introduction to Networking on AWS 153 Amazon Virtual Private Cloud (Amazon VPC) 154 Amazon VPC Implementation 154 Amazon VPC Management 164 AWS Direct Connect 166 AWS Direct Connect Implementation 167 AWS Direct Connect Management 169 AWS Direct Connect Security 170 Load Balancing 171 Load Balancing Implementation 172 Load Balancing Management 176 Load Balancing Security 178 Virtual Private Network (VPN) 178 VPN Installation 178 VPN Management 179 Amazon Route 53 179 Amazon Route 53 Implementation 180 Amazon Route 53 Management 185 xii Contents Amazon CloudFront 185 Amazon CloudFront Implementation 186 Amazon CloudFront Management 194 Amazon CloudFront Security 194 Summary 195 Resources to Review 195 Exam Essentials 196 Exercises 198 Review Questions 201 Chapter 6 Storage Systems 207 Understanding Different Storage Options 209 Block Storage vs. Object Storage 209 Block Storage Basics 210 Object Storage Basics 210 Retrieval Times (Hot vs. Cold Storage) 211 Cost Efficiency 211 Block Storage on AWS 212 Amazon Elastic Block Store (Amazon EBS) 212 Instance Store 221 Amazon Elastic File System (Amazon EFS) 222 Object Storage on AWS 224 Amazon Simple Storage Service (Amazon S3) 224 Amazon Glacier 230 Systems Operator Scenario: The Newspaper 232 Storage Needs 233 Solution Breakdown 233 Additional Storage Solutions 234 Amazon CloudFront 234 AWS Storage Gateway 235 AWS Snowball 235 Summary 236 Resources to Review 236 Exam Essentials 237 Exercises 239 Review Questions 244 Chapter 7 Databases 249 Introduction to AWS Databases 250 SQL vs. NoSQL 251 Relational Databases Overview 252 Relational Database Design 252 Non-Relational Database Overview 253 Amazon RDS Features and Benefits 254 Amazon Aurora 256 Contents xiii Monitoring Amazon RDS 278 Monitoring Tools 278 Amazon RDS Pricing 282 Non-Relational Databases 283 Amazon DynamoDB 283 Amazon DynamoDB Core Components 284 Amazon Redshift 292 Cluster Management 293 Cluster Access and Security 293 Databases 294 Monitoring Clusters 295 Amazon ElastiCache 296 Summary 298 Resources to Review 298 Exam Essentials 299 Exercises 300 Review Questions 307 Chapter 8 Application Deployment and Management 313 Introduction to Application Deployment and Management 314 Deployment Strategies 314 Provisioning Infrastructure 314 Deploying Applications 315 Configuration Management 315 Scalability Capabilities 318 Monitoring Resources 318 Continuous Deployment 319 Deployment Services 322 AWS Elastic Beanstalk 323 Amazon EC2 Container Service 325 AWS OpsWorks Stacks 328 AWS CloudFormation 330 AWS Command Line Interface (AWS CLI) 345 Summary 346 Resources to Review 347 Exam Essentials 347 Exercises 349 Review Questions 358 Chapter 9 Monitoring and Metrics 363 Introduction to Monitoring and Metrics 364 An Overview of Monitoring 364 Why Monitor? 364 Amazon CloudWatch 365 AWS CloudTrail 365 xiv Contents AWS Config 365 AWS Trusted Advisor 366 AWS Service Health Dashboard 366 AWS Personal Health Dashboard 367 Amazon CloudWatch 367 Metrics 369 Custom Metrics 369 Amazon CloudWatch Metrics Retention 370 Namespaces 371 Dimensions 372 Statistics 373 Units 374 Periods 374 Aggregation 375 Dashboards 376 Percentiles 376 Monitoring Baselines 377 Amazon EC2 Status Checks 378 Authentication and Access Control 379 AWS Cloud Services Integration 382 Amazon CloudWatch Limits 382 Amazon CloudWatch Alarms 384 Alarms and Thresholds 384 Missing Data Points 386 Common Amazon CloudWatch Metrics 386 Amazon CloudWatch Events 395 Events 396 Rules 397 Targets 397 Metrics and Dimensions 398 Amazon CloudWatch Logs 399 Archived Data 400 Log Monitoring 400 Amazon CloudWatch Logs: Agents and IAM 401 Searching and Filtering Log Data 403 Monitoring AWS Charges 406 Detailed Billing 407 Cost Explorer 409 AWS Billing and Cost Management Metrics and Dimensions 410 AWS CloudTrail 411 What Are Trails? 411 Types of Trails 411 Multiple Trails per Region 412 Encryption 412 Contents xv AWS CloudTrail Log Delivery 412 Overview: Creating a Trail 413 Monitoring with AWS CloudTrail 413 AWS CloudTrail vs. Amazon CloudWatch 414 AWS CloudTrail: Trail Naming Requirements 414 Getting and Viewing AWS CloudTrail Log Files 414 AWS Config 417 Ways to Use AWS Config 418 AWS Config Rules 419 AWS Config and AWS CloudTrail 420 Pricing 421 Summary 421 Resources to Review 422 Exam Essentials 423 Exercises 425 Review Questions 438 Chapter 10 High Availability 441 Introduction to High Availability 443 Amazon Simple Queue Service 444 Using Amazon Simple Queue Service to Decouple an Application 444 Standard Queues 448 First-In, First-Out Queues 448 Dead Letter Queues 449 Shared Queues 449 Amazon Simple Notification Service 450 Mobile Push Messaging 451 Amazon SNS Fan-Out Scenario 451 Highly Available Architectures 452 Network Address Translation (NAT) Gateways 453 Elastic Load Balancing 453 Auto Scaling 454 Session State Management 455 Amazon Elastic Compute Cloud Auto Recovery 455 Scaling Your Amazon Relational Database Service Deployment 456 Multi-Region High Availability 457 Amazon Simple Storage Service 457 Amazon DynamoDB 457 Amazon Route 53 457 Highly Available Connectivity Options 463 Redundant Active-Active VPN Connections 463 Redundant Active-Active AWS Direct Connect Connections 465 AWS Direct Connect with Backup VPN Connection 466 xvi Contents Disaster Recovery 467 Backup and Restore Method 467 Pilot Light Method 468 Warm-Standby Method 470 Multi-Site Solution Method 470 Failing Back from a Disaster 471 Summary 472 Resources to Review 473 Exam Essentials 473 Exercises 474 Review Questions 478 Appendix Answers to the Review Questions 481 Chapter 1: Introduction to Systems Operations on AWS 482 Chapter 2: Working with AWS Cloud Services 483 Chapter 3: Security and AWS Identity and Access Management (IAM) 483 Chapter 4: Compute 485 Chapter 5: Networking 486 Chapter 6: Storage Systems 488 Chapter 7: Databases 490 Chapter 8: Application Deployment and Management 492 Chapter 9: Monitoring and Metrics 494 Chapter 10: High Availability 496 Index 499 Table of Exercises Exercise 2.1 Install and Configure AWS CLI on Linux or Mac 36 Exercise 2.2 Install and Configure AWS CLI on Windows with MSI 36 Exercise 3.1 Creating AWS Identity and Access Management (IAM) Users . 99 Exercise 3.2 Create IAM Credentials . 99 Exercise 3.3 Create IAM Groups 100 Exercise 3.4 Working with IAM Policies 101 Exercise 3.5 Working with IAM Roles 101 Exercise 4.1 Create a Linux Instance via the AWS Management Console 141 Exercise 4.2 Create a Windows Instance via the AWS Management Console . 142 Exercise 4.3 Create a Linux Instance via the AWS CLI 142 Exercise 4.4 Create a Windows Instance via the AWS CLI 143 Exercise 4.5 Inspect the AWS Service Health Dashboards 143 Exercise 4.6 Use the Elastic IP Addresses 144 Exercise 4.7 Work with Metadata 144 Exercise 4.8 Attach an AWS IAM Role to an Instance . 145 Exercise 5.1 Create an Elastic IP (EIP) . 198 Exercise 5.2 Create an Amazon VPC . 198 Exercise 5.3 Tag Your Amazon VPC and Subnets . 199 Exercise 5.4 Create an Elastic Network Interface (ENI) 199 Exercise 5.5 Associate the ENI 200 Exercise 5.6 Test Your ENI . 200 Exercise 5.7 Delete VPC . 200 Exercise 6.1 Create an Encrypted Amazon EBS Volume . 240 Exercise 6.2 Monitor Amazon EBS Using Amazon CloudWatch 240 Exercise 6.3 Create and Attach an Amazon EFS Volume 240 Exercise 6.4 Create and Use an Amazon S3 Bucket 241 Exercise 6.5 Enable Amazon S3 Versioning . 242 Exercise 6.6 Enable Cross-Region Replication . 242 Exercise 6.7 Create an Amazon Glacier Vault . 242 Exercise 6.8 Enable Lifecycle Rules . 243 Exercise 7.1 Create a New Option Group Using the Console . 300 Exercise 7.2 Create an Amazon DynamoDB Table from the AWS CLI . 301 xviii Table of Exercises Exercise 7.3 Add Items to the Amazon DynamoDB Table MusicCollection Using the AWS CLI . 302 Exercise 7.4 Create a MySQL Amazon RDS DB Instance . 303 Exercise 8.1 Create an AWS Elastic Beanstalk Environment 349 Exercise 8.2 Manage Application Versions with AWS Elastic Beanstalk 349 Exercise 8.3 Perform a Blue/Green Deployment with AWS Elastic Beanstalk . 350 Exercise 8.4 Create an Amazon ECS Cluster 350 Exercise 8.5 Launch an Amazon EC2 Instance Optimized for Amazon ECS . 351 Exercise 8.6 Use Amazon ECR 352 Exercise 8.7 Work with Amazon ECS Task Definitions 352 Exercise 8.8 Work with Amazon ECS Services . 354 Exercise 8.9 Create an AWS OpsWorks Stack 355 Exercise 8.10 Make a Layer in AWS OpsWorks Stacks 355 Exercise 8.11 Add an Amazon EC2 Instance to an AWS OpsWorks Stacks Layer . 356 Exercise 8.12 Add an Application to AWS OpsWorks Stacks . 356 Exercise 8.13 Create an AWS CloudFormation Stack 357 Exercise 8.14 Delete an AWS CloudFormation Stack 357 Exercise 9.1 Search for Available Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425 Exercise 9.2 View Available Metrics for Running Amazon EC2 Instances by Namespace and Dimension Using the Amazon CloudWatch Console . 426 Exercise 9.3 View Available Metrics by Namespace, Dimension, or Metric Using the AWS CLI 429 Exercise 9.4 List All Available Metrics for a Specific Resource 430 Exercise 9.5 List all Resources that Use a Single Metric . 430 Exercise 9.6 Get Statistics for a Specific Resource . 430 Exercise 9.7 Get CPU Utilization for a Single Amazon EC2 Instance from the Command Line . 433 Exercise 9.8 Create a Billing Alert 435 Exercise 9.9 Create a Billing Alarm 435 Exercise 9.10 Create an Amazon CloudWatch Dashboard 436 Exercise 10.1 Create an Amazon SNS Topic . 475 Exercise 10.2 Create a Subscription to Your Topic 475 Exercise 10.3 Publish to Your Topic . 475 Exercise 10.4 Create an Amazon Simple Queue Service (Amazon SQS) 476 Exercise 10.5 Subscribe the Queue to Your Amazon SNS Topic . 476 Exercise 10.6 Deploy Amazon RDS in a Multi-AZ Configuration . 477 Foreword I entered college in 1978, and I immediately found a second home at the computer lab on campus. This lab was home to an IBM mainframe and a roomful of noisy keypunch machines. I punched my code onto a stack of cards, and I handed the stack to a system operator. The operator loaded the cards into the reader, and my job was queued for processing. If things went well and the mainframe was not too busy, I would have my cards and my output back within four hours or so. The operator managed the work queue for the mainframe, adjusting the balance of jobs and priorities, looking for hot spots and slowdowns, and keeping the monolithic mainframe as busy and as productive as possible at all times. As a young, curious student, I always wondered what was happening behind the scenes. As a young, impoverished student, in the days before the Internet, information was not always easy to come by. I found a rack of manuals in the lab, figured out how to order others for free, and even scavenged the trash cans for operating system “builds” to study. That thirst for knowledge, with a focus on understanding how things work at the most fundamental level, has worked really well for me over the intervening four decades. A little over a decade ago, I wrote blog posts to announce the launches of Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2). Those early launches set the tone for what was to come, introducing services that emerged with a minimal feature set that would be enhanced over time in response to customer feedback. At that time, aspiring AWS developers and architects did not need to make very many choices when they set out to build an AWS-powered system. There was one instance type, a couple of Availability Zones in a single Region, and simple access via the AWS CLI and the API. Back in my mainframe days, operations was a hands-on affair. There was little in the way of tooling or automation; the operator was expected to watch the console, check on status, and to deal with issues as they arose. Today, many routine operations are handled automatically. Fault tolerance, automatic scaling, load balancing, and other high-level facilities take on many chores that were once described in detailed run books. With this change, systems operations comes into play much earlier in the system-building process, with the goal of setting up the system for success and high availability. At the same time, the operations role now spans a wider range of tasks and technologies including networking, security, and optimization. With pay-as-you-go services now the norm, people who once focused on technology can now add business skills to their repertoire. If you are about to read this book, I am sure that you know that AWS is far more complex than it was a decade ago. On the Amazon EC2 side alone, there are now dozens of instance types, multiple types of Amazon Elastic Block Storage (Amazon EBS) volumes, and far more moving parts. There are now close to 100 services, each of which can be a valuable addition to your toolbox. The vocabulary itself has changed, with new terms such as containers, microservices, serverless computing, infrastructure as code, and so forth now commonplace. xx Foreword You now face many choices when you set out to design and implement a new system. This book is designed to provide you with detailed information on many aspects of AWS, coupled with the practical knowledge needed to put your new knowledge to use and to earn your AWS certification. Within its chapters, you will find service overviews, sample scenarios, test-taking tips, and exercises. After setting up your AWS tools, you will learn about security, compute services, storage services, networking, databases, and more. Towards the end of the book, you will wrap up by learning about monitoring, metrics, and high availability. As you will soon see, the authors have packed it with the insights that they have gained while putting AWS to use in a wide variety of customer environments. There are no better teachers than those who have actually put their theory into practice. You can choose to study the chapters individually, or you can digest the entire book as-written. Either way, I know that you will be well-prepared to build great systems and to pass your certification exams. I strongly encourage you to get hands-on experience with each service by working through the scenarios and the exercises. I believe in the principle of life-long learning, especially when it comes to technology. The half-life of knowledge is shorter than ever before, and keeping up is far better than catching up. So dive deep and keep on learning! — Jeff Barr, Chief Evangelist, AWS Introduction Preparing to take and pass any certification is a studious process. The AWS Certified SysOps Administrator Official Study Guide - Associate Exam was written to align with the exam blueprint to enable you to study for the exam, perform exercises, and answer review questions to enable you to become a skilled systems operator on the AWS cloud and to take and pass the AWS Certified SysOps Administrator – Associate exam with confidence. This study guide presents the set of topics needed to round out a systems operator/ systems administrator’s hands-on experiences with AWS by covering the relevant AWS cloud services and concepts within the scope of the AWS Certified SysOps Administrator – Associate exam. This study guide begins with an introduction to Systems Operations on AWS, which is then followed by chapters on specific domains covered in the exam. In addition to the material covered on the exam, the chapters go deep into the actual technology. The authors go deep on topics that will serve you in preparing for the exam and the book should make a good desktop reference on AWS systems operations. Each chapter includes specific information on the service or topic covered, followed by an Exam Essentials section that contains key information needed in your exam preparation. The Exam Essentials section is followed by a Test Taking Tip to help you prepare for what you will experience on the exam or at the testing center. Next, each chapter includes an Exercise section with activities designed to help reinforce the topic of the chapter with hands-on learning. Each chapter then contains sample Review Questions to get you accustomed to answering questions about how to use and administer AWS cloud services. Following this up-front section, the book contains a self-assessment exam with 25 questions. Two practice exams with 50 questions each are also available to help you gauge your readiness to take the exam, and flashcards are provided to help you learn and retain key facts needed to prepare for the exam. If you are looking for a targeted book, created by technical trainers and solutions architects who wrote, reviewed, and developed the AWS Certified SysOps Administrator – Associate exam, then this is the book for you. What Does this Book Cover? This book covers topics that you need to know to prepare for the Amazon Web Services (AWS) Certified SysOps Administrator – Associate exam: Chapter 1: Introduction to Systems Operations on AWS This chapter provides an introduction to System Operations on AWS. It provides an overview of the AWS cloud services covered on the AWS Certified SysOps Administrator – Associate exam. Chapter 2: Working with AWS Cloud Services This chapter shows you how to configure your workstation to work with AWS cloud services. You will install the AWS Command xxii Introduction Line Interface (AWS CLI). Topics include AWS CLI, jmespath (a query language for JSON, ), and the Boto software development kit (SDK). Chapter 3: Security and AWS Identity and Access Management (IAM) In this chapter, you will learn about the Shared Responsibility Model and the different layers of security. You will learn how to secure your systems with services such as AWS Key Management Service (AWS KMS), AWS Hard Security Module (AWS HSM), Security Groups, and Network Access Control Lists (nACLs). Furthermore, the chapter covers AWS Identity and Access Management (IAM) and Security Best Practices. Chapter 4: Compute This chapter describes how to use the compute stack on AWS. The topics covered are Amazon Elastic Cloud Compute (Amazon EC2), AWS Lambda, AWS Beanstalk, Amazon Elastic Container Service (Amazon ECS), Amazon Lightsail, and AWS Batch. You will provision an Amazon EC2 instance, assign an Amazon EC2 Role, and work with instance metadata. Chapter 5: Networking In this chapter, you will learn how to deploy Amazon Virtual Private Cloud (Amazon VPC) and the various methods to connect to your Amazon VPC. Additionally. you will learn how to use the Elastic Load Balancing service, Amazon Route 53. and Amazon CloudFront. Chapter 6: Storage Systems This chapter covers deploying and using the various storage options on AWS. The services covered include: Amazon Simple Storage Service (Amazon S3), Amazon Elastic File Service (Amazon EFS), Amazon Elastic Block Service (Amazon EBS), the Amazon EC2 instance store Volumes, Amazon Glacier, AWS Snowball, and AWS Snowmobile. Chapter 7: Databases This chapter covers the use of AWS managed database services: Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon Redshift, and Amazon ElastiCache. You will learn how these managed services simplify the setup and operation of relational databases, NoSQL databases, data warehouses, and inmemory caches. Chapter 8: Application Deployment and Management This chapter focuses on the various methods of deployment of applications and infrastructure; for example, blue/green and rolling deployments. You will learn about AWS OpsWorks, AWS Elastic Beanstalk, Amazon EC2 Container Service, and AWS CloudFormation. Chapter 9: Monitoring and Metrics In this chapter, you will learn about how to monitor your environment with Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Trusted Advisor, and AWS Service Health Dashboard. Chapter 10: High Availability This chapter covers high availability on AWS. You will be introduced to decoupling strategies using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS). The chapter covers deploying your application to multiple Availability Zones and Multiple AWS Regions. Other high availability topics include Auto Scaling, failover with Amazon Route 53, and redundant VPN and AWS Direct Connect connections. Introduction xxiii Interactive Online Learning Environment and Test Bank The authors have worked hard to provide you with some really great tools to help you with your certifi cation process. The interactive online learning environment that accompanies the AWS Certifi ed SysOps Administrator Offi cial Study Guide: Associate Exam provides a test bank with study tools to help you prepare for the certifi cation exam. This will help you increase your chances of passing it the fi rst time! The test bank includes the following: Sample Tests All the questions in the book are provided in the form of review questions that are located at the end of each chapter. There is a 25-question assessment at the end of this introductory section. In addition, there are two practice exams with 50 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices. Flashcards The online test banks include 100 fl ashcards specifi cally written to quiz your knowledge of operations on AWS. After completing all of the exercises, review questions, practice exams, and fl ashcards, you should be more than ready to take the exam. The fl ashcard questions are provided in a digital fl ashcard format (a question followed by a single correct answer with URL links for additional information). You can use the fl ashcards to reinforce your learning and provide last-minute test prep before the exam. Glossary A glossary of key terms from this book is available as a fully searchable PDF. Go to access to this interactive online learning environment and test bank with study tools. Exam Objectives The AWS Certifi ed SysOps Administrator – Associate exam validates technical expertise in deployment, management, and operations on the AWS platform. Exam concepts that you should understand for this exam include the following: ■ Deploying, managing, and operating scalable, highly available, and fault tolerant systems on AWS ■ Migrating an existing on-premises application to AWS ■ Implementing and controlling the flow of data to and from AWS ■ Selecting the appropriate AWS service based on compute, data, or security requirements xxiv Introduction ■■ Identifying appropriate use of AWS operational best practices ■■ Estimating AWS usage costs and identifying operational cost control mechanisms In general, certification candidates should have the following: ■■ One or more years of hands-on experience operating AWS-based applications ■■ Experience provisioning, operating, and maintaining systems running on AWS ■■ Ability to identify and gather requirements to define a solution to be built and operated on AWS ■■ Capabilities to provide AWS operations and deployment guidance and best practices throughout the lifecycle of a project The exam covers seven different domains, with each domain broken down into objectives and subobjectives. Objective Map The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives and subobjectives are covered. Domain Percentage of Exam Chapter Domain 1.0 Monitoring and Metrics 15% 1.1 Demonstrate ability to monitor availability and performance 3, 5, 7, 9, 10 1.2 Demonstrate ability to monitor and manage billing and cost optimization processes 7, 9 Domain 2.0: High Availability 15% 2.1 Implement scalability and elasticity based on scenario 4, 7, 8, 10 2.2 Ensure level of fault tolerance based on business needs 4, 5, 7, 8, 10 Domain 3.0: Analysis 15% 3.1 Optimize the environment to ensure maximum performance 5, 9 Introduction xxv Domain Percentage of Exam Chapter 3.2 Identify performance bottlenecks and implement remedies 9 3.3 Identify potential issues on a given application deployment 9 Domain 4.0: Deployment and Provisioning 15% 4.1 Demonstrate the ability to build the environment to conform with the architected design 1, 4, 6, 7, 8 4.2 Demonstrate the ability to provision cloud resources and manage implementation automation 1, 2, 4, 6, 7, 8 Domain 5.0: Data Management 12% 5.1 Demonstrate ability to create backups for different services 6, 7 5.2 Demonstrate ability to enforce compliance requirements 6 5.3 Manage backup and disaster recovery processes 7, 10 Domain 6.0: Security 15% 6.1 Implement and manage security policies 3, 5, 7 6.2 Ensure data integrity and access controls when using the AWS platform 1, 3, 6, 7, 9 6.3 Demonstrate understanding of the shared responsibility model 3, 4, 7 6.4 Demonstrate ability to prepare for security assessment use of AWS 3, 9 Domain 7.0: Networking 13% 7.1 Demonstrate ability to implement networking features of AWS 1, 5, 10 7.2 Demonstrate ability to implement connectivity features of AWS 5, 7, 10 Assessment Test 1. You notice in the AWS Management Console that your Amazon Elastic Compute Cloud (Amazon EC2) Instance State is Failed. What would cause this? A. Loss of network connectivity B. Loss of System Power C. Incompatible kernel D. Software issues on the physical host 2. What is the difference between a Public Subnet and a Private Subnet in a VPC? A. The Route Table in the Private Subnet has a route to the Network Address Translation (NAT), while the Route Table in a Public Subnet does not. B. The Route Table in the Public Subnet has a route to the Internet Gateway (IGW), while the Route Table in a Private Subnet does not. C. The Public Subnet has NAT server, while a Private Subnet does not.