AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]Feb 03, 2022
AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]
The AWS Certified Solutions Architect – Associate exam is intended for individuals who perform in a solutions architect role. The exam validates a candidate’s ability to design secure and robust solutions by using AWS technologies.
The exam also validates a candidate’s ability to complete the following tasks: Design a solution by using appropriate AWS services and by following architectural principles based on requirements.
Provide implementation guidance based on best practices to the organization throughout the workload lifecycle.
Domain 1: Design Resilient Architectures – 30%
1.1 Design a Multi-tier Architecture Solution
Determine a solution design based on access patterns
Determine a scaling strategy for components used in a design
Select an appropriate database based on requirements
Select an appropriate compute and storage service based on requirements
1.2 Design Highly Available and/or Fault-tolerant Architectures
Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones
Select a highly available configuration to mitigate single points of failure
Apply AWS services to improve the reliability of legacy applications when application changes are not possible
Select an appropriate disaster recovery strategy to meet business requirements
Identify key performance indicators to ensure the high availability of the solution
1.3 Design Decoupling Mechanisms Using AWS Services
Determine which AWS services can be leveraged to achieve loose coupling of components
Determine when to leverage serverless technologies to enable decoupling
1.4 Choose Appropriate Resilient Storage
Define a strategy to ensure the durability of data
Identify how data service consistency will affect the operation of the application
Select data services that will meet the access requirements of the application
Identify storage services that can be used with hybrid or non-cloud-native applications
Domain 2: Design High-performing Architectures – 28%
2.1 Identify Elastic and Scalable Compute Solutions for a Workload
Select the appropriate instance(s) based on Compute, storage, and networking requirements
Choose the appropriate architecture and services that scale to meet performance requirements
Identify metrics to monitor the performance of the solution
2.2 Select High-performing and Scalable Storage Solutions for a Workload
Select a storage service and configuration that meets performance demands
Determine storage services that can scale to accommodate future needs
File system storage
Other Storage solutions for high-performance
2.3 Select High-performing Networking Solutions for a Workload
Select appropriate AWS connectivity options to meet performance demands
Select appropriate features to optimize connectivity to AWS public services
Determine an edge caching strategy to provide performance benefits
Select appropriate data transfer service for migration and/or ingestion
Other AWS networking services for building high-performing networking solutions are:
AWS Global Accelerator
It creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network
AWS Direct Connect
Establishes a dedicated network connection from the on-premises network to the cloud
AWS Virtual Private Network
AWS Transit Gateway
A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.
CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.
For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.
AWS Local Zones
Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.
Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.
2.4 Choose High-performing Database Solutions for a Workload
Select an appropriate database scaling strategy
Determine when database caching is required for performance improvement
Choose a suitable database service to meet performance needs
Other articles for understanding how to choose high-performing database solutions
Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.
A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.
A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.
Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required.
A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.
Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.
Database caching for high performance
Domain 3: Design Secure Applications and Architectures – 24%
3.1 Design Secure Access to AWS Resources
Determine when to choose between users, groups, and roles
Interpret the net effect of a given access policy
Select appropriate techniques to secure a root account
Determine ways to secure credentials using features of AWS IAM
Determine the secure method for an application to access AWS APIs
Select appropriate services to create traceability for access to AWS resources
Other approaches for securing access to AWS resources
a. Secure access credentials
AWS Security Token Service
Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.
IAM Instance profiles
A way for EC2 instances to access AWS APIs.
b. Principle of least privileges
Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.
3.2 Design Secure Application Tiers
Given traffic control requirements, determine when and how to use security groups and network ACLs
Determine a network segmentation strategy using public and private subnets
Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC
Select appropriate AWS services to protect applications from external threats
Other important articles for securing application tiers
3.3 Select Appropriate Data Security Options
Determine the policies that need to be applied to objects based on access patterns
Select appropriate encryption options for data at rest and in transit for AWS services
Select appropriate key management options based on requirements
Different approaches to consider for data security in AWS
a. Data Classification
Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.
Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).
Tokenization defines a token to represent a sensitive piece of information.
c. Secure data at rest
d. Secure data in transit
AWS Certificate Manager
e. Backup/replicate/recover your data
Domain 4: Design Cost-optimized Architectures – 18%
4.1 Identify Cost-effective Storage Solutions
Determine the most cost-effective data storage options based on requirements
Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs
Cost-effective techniques for other AWS services
Amazon Elastic Block Store
4.2 Identify Cost-effective Compute and Database Services
Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload
Determine the most cost-effective database options based on requirements
Select appropriate scaling strategies from a cost perspective
Select and size compute resources that are optimally suited for the workload
Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures
4.3 Design Cost-optimized Network Architectures
Identify when content delivery can be used to reduce costs
Determine strategies to reduce data transfer costs within AWS
Determine the most cost-effective connectivity options between AWS and on-premises environments
Who is the online seminar for
Anyone who wants to learn more about becoming a cloud engineer as fast as possible in a cost-efficient manner
Tuesday, February 8, 2022 9:00 AM EST
Hosted by Joe Holbrook
Some of the Courses on TechCommanders
On Techcommanders, we provide free Accredible Certificates that can be verified and posted online.
Coming in February 8th 2022. Cloud InterviewACE.
The best way to pass the Cloud Computing interviews. Period.
Cloud InterviewACE is an online training program & professional community mentored by industry veteran Joseph Holbrook (“The Cloud Tech Guy“), a pre/post sales guru in cloud.
Learn to pass the technical and even soft skills interviews from the starting basics to advanced topics covering presales, post sales focused objectives such cloud deployment, cloud architecting, cloud engineering, migrations and more. resume tips, preparation strategy, common mistakes, mock interviews, technical deep-dives, must-know tips, offer negotiation, and more. AWS, GCP and Azure will be covered.
Fast-track your career now!
This changes your world, what are you waiting for!
We are TechCommanders…
experts in Next Generation Technology Training.
TechCommanders is an online training platform for both aspiring and veteran IT professionals interested in next generation IT Skills.
TechCommanders is led by Joseph Holbrook, a highly sought-after technology industry veteran.
TechCommanders offers blended learning which allows the students to learn on demand but with live training.
Join TechCommanders Today.
Over 60 Courses and Practice Questions!
Coaching and CloudINterviewACE
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.