Showing posts with label aws exam cheat sheet. Show all posts
Showing posts with label aws exam cheat sheet. Show all posts

AWS Security and Compliance Crash Course

In this post we will provide you gist of the AWS security and compliance model.

Shared Security Model

 AWS is responsible for securing the underlying infra. While customer is responsible for anything you put on the cloud or connect to the cloud.
Amazon is responsible for the security config of it's product that are considered managed services e.g. dynamoDB, Amazon RDS, Amazon redshift, Amazon workspaces, Amazon EMR.

IAAS :- Amazon EC2 and Amazon VPC are completely under customer's control and thus customer has to take steps to make them secure and compliant.

Storage decommissioning :-

 AWS uses the technique detailed in DoD 5220.22-M and NIST 800-88 to destroy data as part of decommissioning process.


AWS Services to secure the cloud 

  • AWS Config :- Manage configuration history and change notifications to enable security.
  • AWS Service catalog :- Catalog allows you to centrally manage commonly-deployed IT services thus enabling users to deploy approved IT services in your organization.
  • AWS Guard Duty:- Offers threat detection and continuous monitoring and malicious behaviors in your AWS accounts.
  • AWS CloudHSM :- Protect your encryption keys with hardware security modules (HSM).
  • Server-side Encryption :- If you prefer S3 to manage encryption process for you.
  • AWS IAM  :- Secure access through IAM Users, Groups and Roles. IAM roles can be mapped to AD groups also.
  • Amazon Macie :- Use Machine learning to automatically discover and protect sensitive data.
  • AWS CloudTrail :- Records all API calls to your AWS account either programmatically or through console. 
 
AWS Artifact :- To get details of all the AWS compliance reports from third-party auditors.

Network security

  • You can connect to AWS access point via http or https using SSL.
  • AWS DirectConnect :- Private connectivity between yours and AWS datacenter.
  • For customer who require additional security amazon provides Amazon VPC which provide private subnet within AWS cloud and the ability to use an IPsec VPN(Virtual private network) device to provide an encrypted tunnel between the amazon vpc and your data center.
  • Amazon corporate network segregation:- Logically the amazon prod network is segregated from amazon corporate network by means of a complex set of network security/segregation devices.
Network Monitoring and Protection

Amazon protects from different type of attacks:-
DDoS:- A Denial of Service (DoS) attack is a malicious attempt to affect the availability of a targeted system, such as a website or application, to legitimate end users. Typically, attackers generate large volumes of packets or requests ultimately overwhelming the target system. In case of a Distributed Denial of Service (DDoS) attack, and the attacker uses multiple compromised or controlled sources to generate the attack.

Man in the Middle attacks(MITM) :- In cryptography and computer security, a man-in-the-middle attack (often abbreviated MitM, MiM attack, MitMA or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

 IP spoofing :- IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.

Port Scanning :- Port scanner is an application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify services running on a host and exploit vulnerabilities.


 AWS credentials types:-

  • password
  • Multi factor authentication (MFA)
  • AWS Microsoft AD 
  • IAM roles
  • access keys
  • key pairs
  • X.509 certificates:- X.509 are only used to sign SOAP-based requests . You can have AWS create a x.509 certificate and a private key that you can download, or you can upload your own certificate by using the security credentials page.

Automation :-

Amazon Inspector :- It's an automated security assessment service. It can be very helpful in finding vulnerabilities on OS and suggesting the patches.


Source: https://aws.amazon.com/
Posted by No comments:
Labels: ,

AWS DynamoDB Cheat Sheet


DynamoDB is fast and flexible noSQL DB service for all application that need consistent single digit millisecond latency at any scale. It is a fully managed DB and support both document and key value data models.It is great for IoT, mobile/web gaming, and many other apps.

Quick facts of dynamodb
  • Stored on SSD storage
  • Spread across 3 geo distinct Ds.
  • Eventual consistent reads:- Consistency across all copies is usually reached within a sec. Repeating a read after short time should return the updated data.(Best Read perf)
  • Strongly consistent reads:- It returns a result that reflects all writes that received successful response prior to the read.

Table
Items(Like row of data in a table)
Attributes(Like column of data in a table)


Here everything between brackets {} is Item and 1587, Alan etc. are attributes.

{
"ID" : 1587,
"Name" : "Alan"
"Phone": "555-5555"
}


Two types of primary keys available:-
Single Attribute(Think unique ID)
Partition Key (Hash Key) composed of one attribute.

Composite(Think unique ID and date Range)
Partition key and Sort key (hash & Range) composed of 2 attributes


Partition key
  • Dynamodb uses the partition key 's value as input to an internal hash function. The output from the hash function determines the partition(this is simply the physical location in which the data is stored)
  • No two items in a table can have the same partition key value.


Partition Key and Sort Key
  • Dynamodb uses the partition key 's value as input to an internal hash function. The output from the hash function determines the partition(this is simply the physical location in which the data is stored)
  • Two items in a table can have the same partition key , but they must have a different sort key.
  • All items with the same partition key are sorted together , in sorted order by sorted key value

Local secondary index
  • It has the same partition key but different sort key
  • Can only be created when creating a table. they cannot be removed or modified later.


Global secondary index:
  • It has different partition key and different sort key.
  • Can be created at table creation or added later.


DynamoDB streams
  • If a new item is added to the table, the stream captures an image of the entire item, including all of its attributes
  • If an item is updated, the stream captures the before and after image of any attributes that were modified in the item.
  • If an item is deleted from the table, the stream captures an image of an entire item before it was deleted.

Query:-
A query operations find items in a table using only primary key attribute values. You must provide a partition attribute name and a distinct value to search for. You can optionally provide a sort key attribute name and value, and use a comparison operator to refine search results.
By default, a query returns all of the data attributes for the items with specified primary key(s) however you can use the ProjectionExpression parameter so that the query only returns some of the attributes, rather than all of them.

Query results are always sorted by the sort key. If the data type of the sort key is a number the results are returned in numeric order. Otherwise, the results are returned in order of ascii character code values. By default the sort order is ascending. To reverse the order set the ScanIndexForward parameter to false.

By default is eventually consistent but can be changed to strongly consistent.

SCAN:-
A Scan operation examines every item in the table. By default, a scan returns all of the data attributes of every item however you can use the ProjectionExpression parameter so that the scan only returns some of the attributes, rather than all of them.

 Hope you find this quick glance of DynamoDB useful. Do let us know in comments if you have any query or suggestion.

 Today we also want to share with you a good news that our blog is now included by Feedspot in the list of AWS Top 10 blogs . We would like to thank you all for your help and support in achieving this.
Posted by No comments:
Labels: , ,

AWS certification exam cheat sheets

AWS certification exams grill you on vast topics and lot of services. In this post we have consolidated major services and topics of different exams so that you can access them from a single location.

Below links will give you better info on which topics and services are important for each exam and how to best prepare for them.

Read more »
Posted by No comments:
Labels: , , ,

How to prepare for AWS Certified SysOps Administrator – Associate

In one of our earlier post we have detailed about which AWS certification is suitable for you ?
If you are from System Admin or DevOps background the  AWS Certified SysOps Administrator – Associate certification will be a good plus for you.
If you are  an absolute beginner on AWS you can start with free labs from AWS . To practice further you can create free AWS account. These two actions will get you started on AWS.
Beware that if you go beyond free tier limits you will be billed. Best practice is to create a billing alert.  This alert can save you from unexpected bill shocker.
If you want to learn further you can opt for either classroom course or online course. The classroom course is generally expensive and range between USD 600 to 2000. While the online course can cost you anything between USD 10 to USD 300 depending on which course you choose.
Our personal opinion is that you should go for online courses as they are cheaper and if you follow their labs honestly(yeah not just seeing him do it but actually doing the labs yourself 😉 ) they can be as good as classroom training.
In online courses we found courses from two providers acloudguru and linux academy  to be good. Earlier the Linux Academy course was only available through their site using a monthly plan but the same course is now available on Udemy too. The acloudguru course is already available on Udemy from longtime.  Though both these courses are available to purchase from their respective site under monthly subscription but, if you buy these courses from Udemy you pay only once and get lifetime access to same courses.  And many times Udemy provide heavy discounts on courses which can get you a good bargain.
The acloudguru course is delivered by Ryan who is enthusiastic and teach you really well. Though sometime he can get a bit click happy and can quickly zip past few topics. But, you always have the option to rewind and go through the topic again 🙂 .
The labs in the course are very useful and helps you get deep understanding of topic. The course also has quizzes to check your knowledge.
Overall we found the acloudguru course to be beneficial in getting you exam ready.
However do note that the course alone is not enough to clear the exam. You should go through whitepapers and FAQs of atleast below services .
  • EC2
  • S3
  • VPC
  • Route 53
  • CloudWatch
  • OpsWorks
  • Billing
Exam pattern
Exam has Multiple-choice and multiple-answer questions. Exam is of 80 minutes. You can download the exam blueprint here.
Practice Exam Questions
To get a good evaluation of your preparation you can go through another course  for sample exam questions on Udemy  .
Exam Cost
Exam will cost you USD 150. AWS also gives you an option to book a practice exam for USD 20 before you go for actual exam.
How to book exam
To book an exam you will have to create an account in AWS Training and Certification Portal .
Passing score
AWS doesn’t reveal minimum passing score and it keeps on changing. But we have observed that generally people who score above 70% passed the exam. You will immediately see the score on you screen once you finish the test and will also get a report on your mail within 1 hour.
Exam Tips
  • Get good sleep and keep calm during the exam.
  • You won’t get more than 3 mins per question.
  • You may find some very long questions in exam. Best strategy to tackle them is to read the answer options first and then check for relevant info in question.
  • Since it’s an AWS exam so look for AWS related options in the answers.  Chances are high that  Non-AWS related option in answer will be wrong.
  • AWS exams generally don’t focus on mugging their datasheets. So you won’t get a question like “How much RAM does a C3.xlarge offer?” .
That’s all folks! Best of luck for the exam!
Do let us know in comments section if you have any query.
Posted by No comments:
Labels: , , ,

How to prepare for AWS Certified Developer - Associate certificationexam

In one of our earlier post we have detailed about which AWS certification is suitable for you ?
If you have decided to go for AWS Certified Developer – Associate certification this post is for you.
If you are  an absolute beginner you can start with free labs from AWS . To practice further you can create free AWS account. These two actions will get you started on AWS.
Beware that if you go beyond free tier limits you will be billed. Best practice is to create a billing alert.  This alert can save you from unexpected bill shockers.
To further hone your skills you can either go for AWS classroom training or go for online courses. The classroom training will cost you from USD 800 to USD 2000. While the online courses can cost you from USD 10 to USD 300, depending on which course you choose.
Our personal opinion is that you should go for online courses as they are cheaper and if you follow their labs honestly they can be as good as classroom training.
In online courses we recommend two providers acloudguru and Linux Academy.  Both have monthly plans to buy the courses but they can become bit costly if you can’t complete the course in 1 month.
We have observed that acloudguru also provide the same course on Udemy where you get lifetime access to course with just one time payment. Also, Udemy provide heavy discounts on courses during sale which can get you a good bargain.
Thus, we recommend this AWS Certified Developer – Associate course  of acloudguru on Udemy . Also, once you buy this course on Udemy you will get access of the same course on acloudguru website also.
The acloudguru course instructor Ryan is an industry expert and deliver the course really well. The course will cover almost all the main topics which are asked in exam.  (Though we have observed that as of Apr-18 it was missing a session on AWS lambda for which the questions have started appearing in exam. Hope they update the course soon.) Currently you can learn about lambda from Ryan’s other course on AWS Lambda .
It’s a good idea to follow all the labs with the instructor and once you get confidence redo the labs independently. Don’t forget to complete the practice quizzes to check your knowledge.
This course will give you good base for the exam. But, the course itself is not enough to clear the exam.  You should go through whitepapers and FAQs of atleast below service .
  • EC2
  • S3
  • SQS
  • RDS
  • DynamoDB
  • Lambda
Exam pattern
Exam has Multiple-choice and multiple-answer questions. Exam is of 80 minutes.
Practice Exam Questions
To get a good evaluation of your preparation you can go through another course of  acloudguru sample exam questions on Udemy  .  Many test takers have said that they got similar questions in exam.
Exam Cost
Exam will cost you USD 150. AWS also gives you an option to book a practice exam for USD 20 before you go for actual exam.
How to book exam
To book an exam you will have to create an account in AWS Training and Certification Portal .
Passing score
AWS doesn’t reveal minimum passing score and it keeps on changing. But we have observed that generally people who score above 80% passed the exam. You will immediately see the score on you screen once you finish the test and will also get a report on your mail within 1 hour.
Exam Tips
  • Get good sleep and keep calm during the exam.
  • You won’t get more than 3 mins per question.
  • You may find some very long questions in exam. Best strategy to tackle them is to read the answer options first and than check for relevant info in question.
  • Since it’s an AWS exam so look for AWS related options in the answers.  Chances are high that  Non-AWS related option in answer will be wrong.
  • AWS exams generally don’t focus on mugging their datasheets. So you won’t get a question like “How much RAM does a C3.xlarge offer?” .
That’s all folks! Best of luck for the exam!
Do let us know in comments section if you have any query.
Posted by No comments:
Labels: , , , , ,

How to prepare for AWS Certified Solutions Architect - Professional

Hello!
In this post we will discuss how to prepare for AWS Certified Solutions Architect – Professional certification.
Pre-requisite
Only pre-requisite to appear for the professional exam is that you clear  AWS Certified Solutions Architect – Associate certification.  You can check here about how to prepare for associate certification.
Once you have cleared the associate exam you can start preparation of  AWS Certified Solutions Architect – Professional certification.
Many of the topics in the professional exam are same as that of the associate exam. So in professional exam you may actually see few questions are repeated from associate exam itself.
But still it has a lot of new topics also. Below are the topics on which you can expect most questions in exam.
Exam Topics
  • VPC
  • EC2
  • S3
  • Amazon Elasticache
  • Redshift
  • Cloudfront
  • Elastic Transcoder
  • AWS Data Pipeline
  • RDS
  • Cloudsearch
  • EMR
  • DynamoDB
  • SQS
  • CloudTrail
  • KMS
  • Kinesis
  • Opsworks
  • Auto Scaling
  • ELB
  • VPC peering
  • Direct Connect
  • Cross Account Access
Preparation
As you can see the list above contains a wide range of topics and reading about them can be overwhelming. You can also see the official exam blueprint here . It is good if you have at least 1 year of experience with these AWS technologies.
You can start your preparation by attending AWS  classroom training or you can go for online courses. I personally liked the contents of two online courses one was from acloudguru and  other from linux academy .
Both the courses are good but I chose acloudguru course as the course allowed you lifetime access. While for linux academy you have to pay monthly fee. I knew that with full-time job it may take me more than a month to prepare for this exam so I decided to opt for the acloudguru course.
The acloudguru course is comprehensive and the trainer Ryan covers the topics in a decent way. The course alone is not enough to clear the exam but it will give you a good understanding of the exam topics.
Apart from the course you should also refer to the AWS FAQs  which are very helpful during scenario based questions.
Also Linuxacademy gives you 7 days free trial so you can use that period to do their practice exams which also has lot of good questions.
Exam pattern
  • Multiple choice and multiple answer questions.
  • You will be given scenarios and questions will be based on that. Only few will be direct questions.
  • Exam will be of 170 minutes
  • And you can expect approx 80 questions
Cost
Exam cost is USD 300
You also have an option to appear for practice exam from Amazon. It costs you USD 40. Many people have told me that the actual exam is easier in comparison to the practice exam. So, if you score good in practice exam you can be sure about your preparation.
Sample Questions
You can refer to some sample exam questions here and on Udemy.
Hope the above info is helpful to you. Do let me know if you have any query.
Best of Luck for the exam!
Posted by No comments:
Labels: , , , , ,

Which AWS certification is suitable for me?

Many people have asked me which AWS certification should they do that can help in their career in near future.
AWS provides below certifications
Beginner
AWS Certified Cloud Practitioner
Associate level
AWS Certified Developer – Associate
AWS Certified SysOps Administrator – Associate
AWS Certified Solutions Architect – Associate
Professional level
AWS Certified DevOps Engineer – Professional
AWS Certified Solutions Architect – Professional
Specialty Certifications
AWS Certified Big Data – Specialty
AWS Certified Advanced Networking – Specialty
Now coming to the point which AWS certification is best for you.
If you are a fresher you should go for either AWS Certified Cloud Practitioner or  AWS Certified Developer – Associate . These are easiest of all AWS exams and will give you a good base.
If you have less than 5 to 6 years of experience in IT industry and you are from development background in that case you should go for AWS Certified Developer – Associate certification.
Similarly, if you have less than 5 to 6 years of experience in IT industry and you are from system admin background you should go for AWS Certified SysOps Administrator – Associate certification.
If you have 8 to 9+ years of experience in IT industry you can go for AWS Certified Solutions Architect – Associate certification. Reason for more experience in Architect certification is that generally you can’t send a 2-3 years experience person in front of the client as an Architect. Because client may not accept such a young person to be given responsibility of designing their environment. However, exceptions are always there but this is generally the trend we have seen.
Also, if you are from pre-sales and sales background you can go for AWS Certified Cloud Practitioner and later to Architect exam.
If you are from Database Admin background then going for AWS Certified Big Data – Specialty certification will be a natural progression and a big plus in your resume.
If you are from networking background then AWS Certified Advanced Networking – Specialty certification will be a good choice and natural progression for you.
Once you have gained approximately 2 years of experience with AWS you can go for professional certifications. Dev and SysOps guys can go for AWS Certified DevOps Engineer – Professional and Architects can naturally move to AWS Certified Solutions Architect – Professional.
Learning about all of the above certification will be a huge advantage but to start with above approach should be a good beginning.
We have recently seen a trend where jobs are being posted only for Redshift Architect or IAM Architect so things may change in future when people will look for specialists in only one or two AWS services.
If you want to have a quick snapshot of AWS services you can refer to our free AWS Crash Course.
Do let me know what you think about this and if you have any query or suggestions ask in comments section.
Posted by No comments:
Labels: ,

How to become an AWS Certified Solution Architect in 30 days ?

In this post we will be discussing on how to clear the “AWS Certified Solutions Architect – Associate” exam in 30 days .
AWS exams are not restricted to any version as you see in other exams like RHCSA on RHEL 6.
The syllabus is vast and keep on changing as AWS keep on adding new services. So, hard work alone won’t help. Also, your prior experience on few specific AWS services won’t help you clear the exam easily. As the questions in exam are on wide range of services.
Below I am listing a smart plan which can get you ready for the exam in 30 days.
First 7 days.
If you are looking for very quick overview of all services so  that you can sound familiar with AWS you can refer this post.
You can also refer to our free AWS Crash Course  if you want to go little deeper. It will give you good knowledge of key topics in short time.
Later go through the online training and videos. You can look at AWS re:invent videos. But if you are new to AWS it’s recommended that you buy an online course. Content of both acloudguru and linuxacademy is good but I used the acloudguru course on Udemy as it provide lifetime access to the course. You can read my complete review for the acloudguru course here .
TIP:- We found that buying the acloudguru course from  Udemy is cheaper in comparison to  acloud.guru website. It’s the same course AWS Certified Solutions Architect – Associate on Udemy at cheaper rate, as generally Udemy provide heavy discounts on courses.
Day 8 to 14
For the next seven days repeat the exercises in the course doing hands on in your own AWS account.
TIP:- Create a billing alert in the account. It will remind you if you are going above the free tier limits and save you from unpleasant surprises.
To see how to create a billing alert refer here.
Day 15 to 21
Online course will give you a good base. As you don’t have to worry about the syllabus. Next step is to go through the listed AWS white papers.
  • Overview of Amazon Web Services
  • Storage Options in the Cloud
  • Overview of Security Processes
  • AWS Risk & Compliance Whitepaper
  • Architecting for the AWS Cloud: Best Practices
Here you can get all the AWS Whitepapers .
Day 22 to 30
Finally go through FAQs of AWS services. Here I am listing few key services from which you can expect most questions.
  • EC2
  • S3
  • EBS
  • RDS
  • VPC
  • ELB
  • Route 53
  • Glacier
  • Cloudfront
  • Direct Connect
    Tips for the exam:-
  • You won’t get more than 3 mins per question.
  • You may find some very long questions in exam. Best strategy to tackle them is to read the answer options first and than check for relevant info in question.
  • If you find a question confusing, better to mark it for review and check it later.
  • Since it’s an AWS exam so look for AWS related options in the answers.  Chances are high that  Non-AWS related option in answer will be wrong.
  • AWS exams generally don’t focus on mugging their datasheets. So you won’t get a question like “How much RAM does a C3.xlarge offer?” .
  • For cost optimization Spot instances are best. If you are confused about option between dedicated and spot, choose spot if question talks about cost.
You can check out the exam blue print here. And can refer to sample exam questions here.
Once you are done with Associate level and you want to move to the next level check How to prepare for AWS Certified Solutions Architect – Professional .
Hope this post helps you in your preparation. Do let me know if you have any query.
Posted by No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)