一周拿下 SAP-C02

证书

学习过程

由于之前已考过 SAA,所以这次只打算快速复习一下 AWS 的内容,快速刷一下课程,udemy 的 Stephane Maarek 老师的课程。 然后开始刷题,把题库的题最好刷两遍以上。遇到不懂的服务名称去查资料,把他弄懂。

最后一天看看别人整理的笔记及自己的错题。笔记:https://github.com/SwaroopGiri/AWS-SAP-C02-Notes

答题笔记

做考题时,我会把比较不清楚的概念整理笔记如下,在考前做最后复习:

1.服务可用性是由 resource 可用性层级最弱环节决定,需提升资源可用性到 region-level提高可用性。Regional & global service 要了解。
2.若是题目问选择最少 operation overhead 的选项,则 managed service > 需要针对既有设计做改变的选项 > 需要写 script 耗费人工的选项。
3.组织及身分存取:

AWS Control Tower: Provides a set of “strongly recommended guardrails” that can be enabled to implement governance and policy enforcement.
Service control policies (SCPs): 需 AWS Organization,不授权,只拒绝。
AWS SSO: must first set up the AWS Organizations service and have All features set to enabled.

5.数据分析:需要即时处理的找 AWS Kinesis Data Streams,收集到大数据平台作后续分析的找 Kinesis Firehose。
6. 储存:

降低成本放到 Glacier 需考虑 RTO。
S3 Replication Time Control (S3 RTC): Replicates most objects that you upload to Amazon S3 in seconds, and 99.99 percent of those objects within 15 minutes.
Bucket keys can reduce costs for AWS KMS requests by up to 99%.

8. 搬迁:

AWS Application Discovery Agent: Gather information about running processes on the servers and provide detailed metrics.
AWS Migration Evaluator: Analyze data about on-premises environment, including servers, storage, networking, and applications. It then provides a report that outlines the recommended AWS services and configurations that best match existing infrastructure and applications.
Migrate NFS storage arrays to S3、EFS、FSx with encryption = AWS DataSync + DataSync agent
Migrate databases to AWS with minimal downtime= **AWS Database Migration Service (DMS)**。
Replicate Amazon FSx for Windows File Server data between AWS Regions=AWS DataSync.

10.An RDS proxy: Allows you to pool and share connections to an RDS database. Applications can automatically reconnect to the database after a failover event, without the need to restart the application.
11.Compute Savings plan 支援 EC2、Fargate、Lambda,需套用到 Organization management account。
12.Security:

To prevent users from directly accessing an Application Load Balancer: 

1.Configure CloudFront to add a custom HTTP header to requests that it sends to the Application Load Balancer. 
2.Configure the Application Load Balancer to only forward requests that contain the custom HTTP header.

AWS WAF: 可透过 Geographic match rule statement 管理来源国家或地区的web requests
AWS Shield Advanced: 24/7 availability, a dedicated DDoS response team, and advanced attack analytics and reporting.

14.AWS Elastic Disaster Recovery (DRS) vs AWS Data Lifecycle Manager (DLM) vs AWS Backup.

DLM: Automate the creation, retention, and deletion of EBS snapshots.
AWS Backup: Manage and monitor backups across the AWS services you use, including EBS volumes, from a single place.
AWS DRS: recover all of your applications and databases that run on supported Windows and Linux operating system versions. This includes critical databases such as Oracle, MySQL, and SQL Server, and enterprise applications such as SAP

16.Connectivity:

AWS PrivateLink: Create an endpoint service to share their internal application with other accounts securely using private IP addresses. 
Transit Gateway=Regional, managed 巨大路由器
AD Connector: Use it join an EC2 to On-prem AD

考试当天

由于考试长达 3 小时,建议以每小时完成 25 题为目标进行配速答题,不论出去上厕所、喝水,时间都会照样计算,不过还是建议中间可以去上厕所休息一下,不然 3 小时的考试很容易考到后来注意力涣散。

考试完成绩没当场显示成绩,考试结果 5 个工作日内会发送到邮箱。我的实际考试完 1 个小时内就发邮件了。