AWS Certification Exam Readiness Session:

AWS Certified Solutions Architect – Associate

The Exam
What to expect
AWS Certifications
 Released February 2018
AWS Certified Solution Architect - Associate
(Released February 2018) exam

Exam Questions Multiple-choice and multiple-

response
Number of Questions
65

Time to Complete
130 minutes

Practice Exam Fee

20 USD

Exam Fee
150 USD
Add the 30 minutes benefit!
Things you should know!
Technical concepts
Disaster Recovery (Pilot Light):
Backup & Warm standby in Hot standby
Restore Pilot light AWS (with multi-site)

RPO/RTO: RPO/RTO: RPO/RTO: Seconds RPO/RTO:

Low Hours Minutes Real-time High

§ Lower priority use cases § Meeting lower RTO & RPO § Solutions that require § Auto-failover of your
§ Solutions: S3, Elastic requirements RTO & RPO in minutes environment in AWS
Block Store § Core services § Business critical services § Cost: $$$$
§ Cost: $ § Scale AWS resources in § Cost: $$$
response to a DR event
§ Cost: $$

• Link: https://aws.amazon.com/blogs/aws/new-whitepaper-use-aws-for-
disaster-recovery/
 Conceptos de RPO (Recovery Point Objective)
y RTO (Recovery Time Objective)
Desastre
Punto de Recovery Tiempo de Recovery

Tiempo

Pérdida de datos Fuera de servicio

RPO RTO
 AWS ofrece 4 niveles de DR según la complejidad y tiempos de
recuperación

Backup & Warm standby en Hot standby

Restore Pilot light AWS (with multi-site)

RPO/RTO: RTO: minutos o algunas horas RTO: minutos RTO: tiempo

Bajo Horas real Alto

§ Escenario de baja § Servicios core § Servicios de misión § Failover automático del

prioridad § Escala recursos AWS en crítica ambiente para AWS
§ Costo: $ respuesta a un evento de § Costo: $$$ § Costo: $$$$
DR
§ Costo: $$
Encryption in Transit (RDS):
• You can use SSL from your application to encrypt a connection to a DB
instance running MySQL, MariaDB, SQL Server, Oracle, or PostgreSQL.
Each DB engine has its own process for implementing SSL.

Link: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Encryption at rest:

• Encrypting data at rest is vital for regulatory compliance to ensure that

sensitive data saved on disks is not readable by any user or application
without a valid key. Some compliance regulations such as PCI
DSS and HIPAA require that data at rest be encrypted throughout the data
lifecycle. To this end, AWS provides data-at-rest options and key
management to support the encryption process. For example, you can
encrypt Amazon EBS volumes and configure Amazon S3 buckets for server-
side encryption (SSE) using AES-256 encryption. Additionally, Amazon
RDS supports Transparent Data Encryption (TDE).

• Link: https://aws.amazon.com/es/blogs/security/how-to-protect-data-at-
rest-with-amazon-ec2-instance-store-encryption/
EC2 (Purchasing types):

Links: https://aws.amazon.com/ec2/pricing/

https://aws.amazon.com/ec2/dedicated-hosts/
Security Groups Configuration (ports):

• Link:
https://docs.aws.amazon.com/vp
c/latest/userguide/VPC_SecurityG
roups.html
Security Groups, NACLS

Security Groups Access Control Lists

Specify Port, Protocol, Source IP
Explicit Allow only
Stateful
Applied to instances
Associated with single VPC
Specify Port, Protocol, Source IP
Explicit Allow or Deny
Stateless
Applied to subnets
Associated with single VPC

Links: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-
network-acls.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-
overview.html
 Kinesis (Streams, Firehose and Analytics):

Links: Serverless Streaming Data Processing using Amazon Kinesis Analytics

https://aws.amazon.com/kinesis/
S3 Event Notifications and Multipart Upload:
Links:

https://docs.aws.amazon.com/AmazonS3/l
atest/dev/NotificationHowTo.html

https://docs.aws.amazon.com/AmazonS3/l
atest/dev/mpuoverview.html

https://docs.aws.amazon.com/lambda/late
st/dg/with-s3.html
Multipart Upload
• Upload objects in a single operation—With a single PUT operation,
you can upload objects up to 5 GB in size.
• For more information, see Uploading Objects in a Single Operation.
• Upload objects in parts—Using the multipart upload API, you can
upload large objects, up to 5 TB.
• The multipart upload API is designed to improve the upload
experience for larger objects. You can upload objects in parts. These
object parts can be uploaded independently, in any order, and in
parallel. You can use a multipart upload for objects from 5 MB to 5 TB
in size. For more information, see Uploading Objects Using Multipart
Upload API.
Multipart Upload
• Know how to use multipart upload, and when you should use it vs.
when you must use it. (PUT >100 MB should use multipart upload;
PUTs >5GB *must* use multipart upload.)
• Know how they differ in retrieval times. (Amazon S3 is 10s to 100s of
msecs, while Amazon Glacier is 3–5 hours.)
NAT (Gateway vs Instance):

• Links: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-
gateway.html
 Cognito (SMS MFA):

Links: https://aws.amazon.com/cognito/

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html
ElastiCache:

Link: https://aws.amazon.com/elasticache/faqs/

https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/Scaling.html
 Multi-AZ vs Read Replicas

Links: https://aws.amazon.com/rds/details/read-replicas/

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
WAF (with ALB and CloudFront):

Link: https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/architecture.html
IAM (Roles and Users):

Links: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
CloudFront (Invalidating Files):
If you need to remove a file from CloudFront edge
caches before it expires, you can do one of the
following:

Invalidate the file from edge caches. The next time a

viewer requests the file, CloudFront returns to the
origin to fetch the latest version of the file.
Use file versioning to serve a different version of the
file that has a different name. For more information,
see Updating Existing Files Using Versioned File
Names.

Link:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGui
de/Invalidation.html
 Server Side Encryption Types:

Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
DynamoDB (DAX):

Link: https://aws.amazon.com/dynamodb/dax/
Cross-Origin Resource Sharing (CORS)

• Cross-origin resource sharing (CORS) defines a way for client web

applications that are loaded in one domain to interact with resources
in a different domain. With CORS support, you can build rich client-
side web applications with Amazon S3 and selectively allow cross-
origin access to your Amazon S3 resources.

Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
Thank You!