考前加強：雲端重要概念

雲端架構重要概念

• AWS Well-Architected Framework
• AWS global infrastructure
• Regions and Availability Zones
• 6 Strategies for Migrating Applications to the Cloud
• AWS shared responsibility model

術語

帳單

• AWS Cost Explorer 
• Create custom reports to analyze their AWS cost and usage data
• AWS Budgets 
• Set custom alerts that will notify individuals when a service usage exceeds (or is forecasted to exceed) the amount that has been budgeted
• AWS Pricing Calculator

技術支援

• Whitepaper: An Overview of the AWS Cloud Adoption Framework
• Operations 
• principles for operating in the cloud by using agile best practices
• recovering IT workloads to meet the requirements of business stakeholders
• Business
• helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy.
• People
• helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
• Governance
• provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.
• Technical Account Manager (TAM) 
• A resource that provides guidance, architectural reviews, and ongoing communication with companies as they plan, deploy, and optimize their applications
• AWS Support 
• A resource that can answer questions about best practices and assist with troubleshooting issues
• AWS Trusted Advisor
• 最佳化成本、改善效能並解決安全性差距 (Best practice)
• 所有 AWS 帳戶計畫皆可存取 56 項 AWS Trusted Advisor 檢查。
• Business Support 及更高版本可解鎖額外的 426 項檢查，總共有 482 項 Trusted Advisor 檢查。
• An online tool that inspects an AWS environment and provides real-time guidance in accordance with AWS best practices

AWS 帳號、管理

• AWS Organizations (統一管理多個 AWS 帳號)
• 在您擴展 AWS 資源時集中管理您的環境
• AWS IAM Identity Center
• 連接現有的員工身分識別來源，並集中管理 AWS 存取權
• AWS Identity and Access Management (IAM)
• 安全地管理身分以及對 AWS 服務和資源的存取
• Amazon Cognito
• 實作安全、順暢的客戶身分和可擴展的存取管理
• 客戶身分和存取管理 (CIAM)
• AWS CloudTrail 
• View a complete history of user activity and API calls for their applications and resources
• AWS Managed Services
• 雲端中的卓越營運
• AWS Directory Service
• 將依賴 AD 的工作負載無縫遷移至具有安全性和可擴展性的 AWS
• AWS Systems Manager
• 大規模管理 AWS 與多重雲端和混合式環境中的節點
• AWS Audit Manager
• 持續稽核您的 AWS 用量，以簡化風險與合規評估
• AWS Certificate Manager
• 透過 AWS 服務和連接的資源來佈建和管理 SSL/TLS 憑證

監控、安全、合規

• AWS Artifact 
• 存取 AWS 和 (預覽) ISV 安全和合規報告
• Access AWS security and compliance reports and special online agreements
• Amazon CloudWatch 
• 觀察和監控 AWS、內部部署和其他雲端中的資源與應用程式 (alert)
• A service that provides data for monitoring applications, optimize resource utilization, and respond to system-wide performance changes
• Amazon Inspector 
• 大規模的自動化和持續漏洞管理
• A service that checks applications for security vulnerabilities and deviations from security best practices
• Amazon Detective
• 分析並視覺化安全資料，以調查潛在安全問題
• 自動從您的 AWS 資源中收集日誌資料，並使用 ML、統計分析和圖論來建置資料集，讓您能夠更有效地進行安全調查。
• Amazon GuardDuty 
• 使用智慧威脅偵測服務保護您的 AWS 帳戶、工作負載和資料
• A service that provides intelligent threat detection for AWS infrastructure and resources
• AWS Shield
• 透過受管的 DDoS 保護，最大限度地提高應用程式可用性和回應能力
• A service that helps protect applications against distributed denial-of-service (DDoS) attacks
• AWS WAF 
• 保護您的 Web 應用程式免受常見 Web 入侵程式的危害
• A service that monitors network requests for web applications
• 借助 AWS WAF，您可以建立安全規則來控制機器人流量，並阻止常見的攻擊模式，如：SQL injection (SQL注入), cross-site scripting (XSS, 跨網站指令碼)
• Amazon Macie
• 大規模探索及保護您的敏感資料
• AWS Config
• 評估、稽核和評定資源的組態
• AWS Control Tower
• 設定並管控安全的多帳戶 AWS 環境
• AWS Security Hub
• 自動化 AWS 安全檢查並集中安全提醒
• 透過 Security Hub 與 Amazon EventBridge 的整合，自動豐富調查結果、對其進行修復，或將其傳送至票務系統。

網路、自動擴展

• AWS Direct Connect
• 建立 AWS 專用網路連線
• 傳輸過程中，您的網路流量保留在 AWS 全球網路上，永遠不會接觸公共網際網路。
• Amazon Route 53
• Connect user requests to infrastructure in AWS and outside of AWS.
• Manage DNS records for domain names. 
• Amazon Virtual Private Cloud (Amazon VPC) 
• 在邏輯隔離的虛擬網路中定義和啟動 AWS 資源
• Provision an isolated section of the AWS Cloud to launch resources in a virtual network that a person defines
• AWS Auto Scaling 
• A service that monitors applications and automatically adds or removes capacity from resource groups in response to changing demand
• Elastic Load Balancing 
• A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances
• AWS App Mesh
• 適用於所有服務的應用程式層級網路
• 透過提供一致的可見性、控制每個服務的網路流量以及協助您交付安全服務，更輕鬆執行服務。

軟體開發

• Amazon CodeGuru Security
• 使用 ML 和自動推理功能，在開發週期中的任何位置偵測、追蹤及修正程式碼安全漏洞
• AWS CodeCommit
• 在私有 Git 儲存庫存放程式碼
• AWS CodeBuild
• 建立和測試程式碼
• AWS Cloud9
• 在雲端 IDE 上撰寫、執行和偵錯程式碼
• AWS CodeArtifact
• 針對軟體開發的安全、可擴展且符合成本效益的套件管理
• AWS Step Functions
• 分散式應用程式的視覺化工作流程
• AWS Application Migration Service (AWS MGN)
• 將應用程式遷移至 AWS

資料庫

• AWS Database Migration Service (AWS DMS)
• 一項受管遷移和複寫服務，可協助您將資料庫和分析工作負載快速、安全地遷移至 AWS，並且將停機時間和資料遺失降至最低。AWS DMS 支援 20 多種資料庫和分析引擎之間的遷移
• Amazon DynamoDB (key-value database)
• Amazon Aurora 
• An enterprise-class relational database

其他 AWS 服務

• AWS Snow Family 
• 加快移動離線資料或從遠端將離線資料儲存到雲端的速度
• AWS Snowball: a device that transfers large amounts of data into and out of AWS
• AWS Outposts 
• A service that runs infrastructure in a hybrid cloud approach
• AWS CloudFormation
• Provision resources by using programming languages or a text file
• AWS Elastic Beanstalk
• 部署和擴展 Web 應用程式
• 只要上傳您的程式碼，Elastic Beanstalk 就能為您自動處理容量佈建、負載平衡、自動調整規模及應用程式運作狀態監控等多項部署作業。
• Amazon Lex 
• A service that builds conversational interfaces using voice and text
• Amazon Comprehend
• 從文件內的文字中擷取並了解有價值的洞察 (NLP, 自然語言處理)
• Amazon Polly
• AI 語音產生器 (text-to-speech)
• 部署數十種語言的高品質、自然的人聲
• Amazon Augmented AI (Amazon A2I) 
• Builds the workflows that are required for human review of machine learning predictions
• Amazon ElastiCache 
• A service that provides the capability to create, manage, and scale a distributed in-memory or cache environment in the cloud
• AWS Quick Starts
• Automate the deployment of workloads into an AWS environment
• AWS Cloud Map
• 雲端資源探索服務
• Amazon EventBridge
• 跨 AWS、現有系統或 SaaS 應用程式大規模建置事件驅動型應用程式

考古題

Q: Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements? 

A: Performance Efficiency

• The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value. 
• The Security pillar focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads.
• The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions.

Q: Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances?

A: Security group

• A subnet is a section of a VPC in which a person can group resources based on security or operational needs.
• A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.

Q: Which service is used to transfer up to 100 PB of data to AWS?

A: AWS Snowmobile

• Amazon Neptune is a graph database service. Amazon Neptune provides the capability to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
• Amazon CloudFront is a content delivery service.
• AWS DeepRacer is an autonomous 1/18 scale race car that tests reinforcement learning models.

Q: Which tool provides the capability to visualize, understand, and manage AWS costs and usage over time?

A: AWS Cost Explorer

Q: Which component or service establishes a dedicated private connection between an on-premises data center and virtual private cloud (VPC)?

A: AWS Direct Connect

• Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.
• A virtual private gateway establishes a virtual private network (VPN) connection between a VPC and a private network, such as an on-premises data center or internal corporate network. A virtual private gateway allows traffic into the VPC only if it is coming from an approved network.
• An internet gateway is a connection between a VPC and the internet. It allows public traffic from the internet to access a VPC.

Q: Which service provides the capability to quickly deploy and scale applications on AWS?

A: AWS Elastic Beanstalk

Q: Which AWS Trusted Advisor category includes checks for high-utilization EC2 instances?

A: Performance

• The Security category includes checks that review permissions and identify which AWS security features to enable.
• The Cost Optimization category includes checks for unused or idle resources that could be eliminated and provide cost savings.
• The Fault Tolerance category includes checks to help improve an application's availability and redundancy.

Q: Which Amazon EC2 pricing option reduces costs when a business makes an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?

A: EC2 Instance Savings Plans

Q: Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?

A: Refactoring

• Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.
• Rehosting involves moving an application to the cloud with little to no modifications to the application itself. It is also known as “lift and shift.”
• Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.”

Q: Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of business stakeholders?

A: Operations Perspective

• The Business Perspective helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy.
• The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
• The Governance Perspective provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.

Q: Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)

A: Enterprise, Business

• The Basic and Developer Support plans provide access to a limited selection of AWS Trusted Advisor checks.
• The AWS Free Tier is not a Support plan. It is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

Q: Which statement best describes an Availability Zone?

A: A fully isolated portion of the AWS global infrastructure

• Region: A separate geographical location with multiple locations that are isolated from each other
• Origin: The server from which Amazon CloudFront gets files