Unlocking AWS CCP CLF-C02 in 2023: Testimonials, Tips, and Key Resources

Unlocking AWS CCP CLF-C02 in 2023

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Unlocking AWS CCP CLF-C02 in 2023: Testimonials, Tips, and Key Resources

Welcome to the “Djamgatech Education” podcast and blog – your ultimate educational hub. Get ready to dive deep into an ocean of knowledge as we explore a wide range of topics, from cutting-edge Artificial Intelligence and expansive Cloud technologies, to fundamental subjects like Mathematics, History, Geography, Economics, and Science. But that’s not all – our platform is designed for learners of all ages and stages, making us your go-to resource for child education, extracurricular activities, and continuing education across a multitude of subjects. Our mission is to ignite your curiosity, foster lifelong learning, and keep you up to date with the latest trends in education. So, stay curious, stay informed, and tune in to Djamgatech Education for enlightening conversations that break down complex topics into easily digestible discussions. In today’s episode, we’ll cover the foundational AWS Certified Cloud Practitioner certification, testimonials from recent exam passers, tips for studying and passing the exam, changes in the exam structure and content, and a comprehensive guide for preparing for the 2023 AWS CCP exam.

Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam (2023)
Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam (2023)

Unlocking AWS CCP in 2023: Starting Point

The AWS Certified Cloud Practitioner is a great starting point for individuals with no prior IT or cloud experience who are looking to switch to a career in the cloud or for those line-of-business employees who want to gain foundational cloud literacy. It validates your foundational, high-level understanding of AWS Cloud, services, and terminology. The exam is 90 minutes long and consists of 65 questions that are either multiple choice or multiple response.

Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam: Prepare and Ace the AWS Cloud Practitioner Certification CCP CLF-C02: Practice Exam, Quizzes, Detailed Answers, Cheat Sheets, Flashcards
Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam: Prepare and Ace the AWS Cloud Practitioner Certification CCP CLF-C02: Practice Exam, Quizzes, Detailed Answers, Cheat Sheets, Flashcards

Unlocking AWS CCP  in 2023: Cost

The exam fee is $100, and it is offered in multiple languages including English, Japanese, Korean, Simplified Chinese, Traditional Chinese, Bahasa (Indonesian), Spanish (Spain), Spanish (Latin America), French (France), German, Italian, and Portuguese (Brazil).


Unlocking AWS CCP in 2023: Prerequisites

There are no prerequisites to prepare for and take the AWS Certified Cloud Practitioner exam. The content outline is designed for candidates new to Cloud who may not have an IT background. While having up to 6 months of exposure to AWS Cloud can be helpful, it is not required.

Unlocking AWS CCP CLF-C02 in 2023: What comes after

Earning this certification can greatly benefit your career. It serves as an entry point to a cloud career for candidates from non-IT backgrounds, and job listings requiring AWS Certified Cloud Practitioner have increased by 84%.

After obtaining the AWS Certified Cloud Practitioner certification, you can consider taking the AWS Certified Solutions Architect – Associate, AWS Certified Developer – Associate, or AWS Certified SysOps Administrator – Associate certifications to further advance your career in roles such as cloud architect, cloud engineer, developer, and systems administrator.


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

Unlocking AWS CCP CLF-C02 in 2023: Validity

The AWS Certified Cloud Practitioner certification is valid for 3 years. Before it expires, you can recertify by retaking the latest version of the exam or by upgrading to any of the Associate or Professional-level certifications.

Unlocking AWS CCP CLF-C02 in 2023: Testimonials1

I recently came across some testimonials, tips, and key resources from individuals who have recently passed the AWS Certified Cloud Practitioner (CCP) exam. It seems like a lot of people found success in their preparation and were able to pass with varying levels of prior experience.

One person mentioned that they prepared hard for the exam, despite never having any AWS Cloud experience. He dedicatedly studied for 15 days, with intermittent preparation over the course of 3-6 months, then he found resources like Stephen Mark’s Udemy course, Tutorial Dojo’s Udemy practice sets, Tutorial Dojo cheatsheets, and their own notes to be helpful. He advised focusing on storage classes, VPC, and CAF practical applications. The exam covered topics like Kendra, carbon footprint, and instance types.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Unlocking AWS CCP CLF-C02 in 2023: Testimonials2

Another individual passed the CCP exam without any prior AWS or cloud experience. Their preparation involved repeatedly reading the relevant product information on the AWS website and matching keywords in the exam questions to the closest available product. They emphasized the importance of memorizing the exam objectives to pass.

Unlocking AWS CCP CLF-C02 in 2023: Testimonials3

Another testimonial shared an interesting experience where they accidentally rescheduled their exam and ended up with only 2 days to cram. Despite this, they managed to pass. They had about a month of previous experience with AWS in a non-professional setting. They purchased Nea Davis’ CCP course and worked through 6 practice exams from Stephane Maarek. Although they initially scored lower on the practice exams, they were able to answer a few questions from the practice exams on the real exam. They also noted that the exam covered some questions on the Cloud Adoption Framework.

Unlocking AWS CCP CLF-C02 in 2023: Testimonials4

Another successful exam taker mentioned resources like Tutorial Dojo’s CCP practice exams, Digital Cloud’s CCP practice exams, and Stephane Maarek’s videos. They mentioned that due to time constraints (working full-time and having kids), they were unable to finish all of the videos but found them helpful. They wrote hand notes on services, mainly focusing on areas where they struggled, and combined it with cheat sheets and slides.

In summary, it seems that a combination of studying resources like Udemy courses, practice exams, reading AWS documentation, and taking notes on important concepts helped these individuals pass the CCP exam. Despite varying levels of experience, they all highlighted the importance of understanding the baseline knowledge required for this exam.

Unlocking AWS CCP CLF-C02 in 2023: Testimonials5

So, guess what? I finally took the AWS CCP exam and guess what? I passed! Woohoo!

Now, let me tell you something. I work in tech, but I had absolutely zero experience with AWS or IT in general, so everything was completely new to me. I decided to start off by taking the “AWS for non-engineers” course on LinkedIn Learning. It was an alright introduction, but honestly, it didn’t cover everything I needed to know. There was a lot of filler content that didn’t hit the mark.

Practice Exams

After that, I tried out Stephane Maarek’s first practice exam, and let’s just say I scored a whopping 46%. Yeah, not so great. But I didn’t give up. I scheduled the actual exam for two weeks later and signed up for Stephane’s full Udemy CCP course. After that, I managed to get through the first 11 sections, doing about one to two sections per day after work.  After each section, I made sure to do all the section summary quizzes multiple times and reviewed all the wrong answers.

I also took all six of Stephane’s practice tests, consistently scoring anywhere from the low 60s to mid 70s. I was prepared to fail and reschedule the exam for a later date, but guess what? The actual exam questions were way easier than I expected. I might have even gotten a little lucky, but Stephane’s practice tests were definitely harder. There were some questions about the well-architected framework that I found quite easy, but I did stumble a bit on a few AWS Outposts questions.

Tips and Tricks

Overall, the exam was foundational, with a mix of tricky and easy questions. But here’s the interesting part – I actually had some time left over. That’s pretty cool, right?

Now, let me share with you the resources that really helped me out. First, I made use of the AWS training and AWS Skill Builder, as well as watching some helpful videos on AWS Twitch. I also purchased Adrian Cantrill’s SAA and Developer Associate courses, since I already had some of his other courses. I revisited some sections that I needed to brush up on.

To further enhance my knowledge, I dived into the AWS white papers on the six pillars of the Well-Architected Framework and Billing and Pricing. And let’s not forget about ACloudGuru. My work actually had a business plan subscription, so I had access to their CCP and practice exams. Talk about winning, right?

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

So there you have it. I passed my AWS CCP exam and I couldn’t be happier. It was definitely a journey, but with the right resources and a bit of perseverance, it’s definitely doable.

CLF-C02 coming soon

Hey there! Have you heard the news? AWS has just announced a new version of the AWS Certified Cloud Practitioner exam, called CLF-C02. In this podcast, we’ll dive into the changes and discuss what topics are covered in the updated exam, along with tips on how to prepare for success.

Let’s start with some quick facts. The CLF-C02 exam is replacing the previous CLF-C01 exam, and the last day to take the old exam is September 18th, 2023. The new exam will be available from September 19th, 2023, and registration opens on August 22nd.

So, what’s different about the new exam? Well, it now includes new AWS services and features, keeping you up to date with the latest advancements in cloud computing.

CLF-C01 vs CLF-C02: Exam Structure

Unlocking AWS CCP CLF-C02 in 2023
CLF-C01 vs CLF-C02

Now, let’s talk about the exam structure. The AWS Certified Cloud Practitioner exam consists of 65 multiple-choice and multiple-response questions. Out of these, only 50 will be graded, while the remaining 15 will be used for data collection purposes. Unfortunately, you won’t know which questions are graded or ungraded.

You’ll have 90 minutes to complete the exam, and a passing score of 700 out of 1000 is required. The exam fee is $100 USD.

CLF-C01 vs CLF-C02: Exam Changes

Moving on to the exam changes, the new CLF-C02 exam focuses on various areas, including threat detection and incident response, security logging and monitoring, identity and access management, and data protection.

There have been some adjustments in domain percentages as well. The Cloud Concepts domain has decreased from 26% to 24%, while Security and Compliance have increased from 25% to 30%. Cloud Technology and Services have gone up from 33% to 34%, and Billing, Pricing, and Support have decreased from 16% to 12%.

CLF-C01 vs CLF-C02: Exam Topics

Keep in mind that “Migration” and “Business applications” are no longer out-of-scope in this version of the exam. Also, the new exam places greater emphasis on understanding Cloud Design principles within the context of the AWS Well-Architected Framework.

There have been several additions to the exam, such as migration strategies, AWS IAM Identity Center, AWS Wavelength Zones, database migration, edge services like CloudFront and Global Accelerator, storage classes, AI/ML services, and more. However, it’s important to note that this exam focuses on general concept knowledge of AWS services and their functionalities, rather than the design and implementation aspects.

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

So, if you’re planning to take the AWS Certified Cloud Practitioner exam, make sure to understand these changes, study the updated topics, and utilize the suggested resources for preparation. Good luck on your cloud journey!

Reference Book

Before we move forward, I want to take a minute to give a shout-out to our amazing sponsor for today’s episode. If you’re on the path to becoming an AWS Cloud Practitioner and need a solid study resource, you’ve come to the right place. Introducing Etienne Noumen’s comprehensive guide, ‘AWS Cloud Practitioner Certification Practice Exam Prep‘.

Now, what makes this resource truly special is that it’s tailor-made for the 2023 AWS CCP exam. You won’t find any outdated information here! This guide is jam-packed with practice tests that closely resemble the current format and content of the exam. So, when test day arrives, you’ll be ready for anything that comes your way.

Etienne Noumen, our expert in all things cloud computing, has poured his heart and soul into creating this book. He understands the ins and outs of the AWS ecosystem like nobody else. And his dedication to making complex concepts easy to grasp truly shines through in his explanations and walkthroughs.

Each chapter of this guide delves deep into the key concepts and principles that are essential for the AWS Cloud Practitioner exam. It’s more than just memorization, though. Etienne emphasizes understanding the ‘why’ behind each concept, which will set you apart from the rest of the pack.

Whether you’re a beginner just dipping your toes into the world of cloud computing, or a professional looking to expand your knowledge, this practice exam prep has got you covered. No more scrambling to gather resources from different places – everything you need is right here within this comprehensive guide.

Where to get the Reference Book?

Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam (2023)
Prepare and Ace the AWS Cloud Practitioner Certification CCP CLF-C02: Practice Exam, Quizzes for each Exam Category, Detailed Answers, FAQs, I Passed AWS CCP Testimonials, Top 10 Tips and Tricks to help you ace the AWS CCP exam

And the best part? You can find it conveniently on platforms like Amazon, Apple, Google, Barnes and noble,  and Shopify. So, no matter which platform you prefer, you can easily access this valuable resource.

Ready to take your AWS Cloud Practitioner journey to the next level? Simply click the link in our show notes and make your preparation more effective and less stressful.

Remember, success is just a few pages away with ‘AWS Cloud Practitioner Certification Practice Exam Prep‘ by Etienne Noumen. Alright, let’s now dive back into our episode.

In this episode, we covered the foundational AWS Certified Cloud Practitioner certification, heard testimonials from recent exam passers, shared tips for studying, discussed upcoming changes to the exam, and recommended a comprehensive exam prep guide – thanks for listening to today’s episode, I’ll see you guys at the next one and don’t forget to subscribe!

References:

1- AWS Certifications on Reddit

2- Djamgatech Education Podcast

3- Exam Guide on AWS

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions

AWS Certified Cloud Practitioner Exam Preparation

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions

AWS certifications are becoming increasingly popular as the demand for AWS-skilled workers continues to grow. AWS certifications show that an individual has the necessary skills to work with AWS technologies, which can be beneficial for both job seekers and employers. AWS-certified individuals can often command higher salaries and are more likely to be hired for AWS-related positions. So, what are the top 10 AWS jobs that you can get with an AWS certification?

1. AWS Solutions Architect / Cloud Architect:

AWS solutions architects are responsible for designing, implementing, and managing AWS solutions. They work closely with other teams to ensure that AWS solutions are designed and implemented correctly.

AWS Architects, AWS Cloud Architects, and AWS solutions architects spend their time architecting, building, and maintaining highly available, cost-efficient, and scalable AWS cloud environments. They also make recommendations regarding AWS toolsets and keep up with the latest in cloud computing.

Professional AWS cloud architects deliver technical architectures and lead implementation efforts, ensuring new technologies are successfully integrated into customer environments. This role works directly with customers and engineers, providing both technical leadership and an interface with client-side stakeholders.

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions
AWS SAA-C02 SAA-C03 Exam Prep

Average yearly salary: $148,000-$158,000 USD


2. AWS SysOps Administrator / Cloud System Administrators:

AWS sysops administrators are responsible for managing and operating AWS systems. They work closely with AWS developers to ensure that systems are running smoothly and efficiently.

A Cloud Systems Administrator, or AWS SysOps administrator, is responsible for the effective provisioning, installation/configuration, operation, and maintenance of virtual systems, software, and related infrastructures. They also maintain analytics software and build dashboards for reporting.

Average yearly salary: $97,000-$107,000 USD


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

3. AWS DevOps Engineer:

AWS devops engineers are responsible for designing and implementing automated processes for Amazon Web Services. They work closely with other teams to ensure that processes are efficient and effective.

AWS DevOps engineers design AWS cloud solutions that impact and improve the business. They also perform server maintenance and implement any debugging or patching that may be necessary. Among other DevOps things!

Average yearly salary: $118,000-$138,000 USD

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions
AWS Developer Associate DVA-C01 Exam Prep

4. AWS Cloud Engineer:

AWS cloud engineers are responsible for designing, implementing, and managing cloud-based solutions using AWS technologies. They work closely with other teams to ensure that solutions are designed and implemented correctly.

5. AWS Network Engineer:

AWS network engineers are responsible for designing, implementing, and managing networking solutions using AWS technologies. They work closely with other teams to ensure that networking solutions are designed and implemented correctly.

Cloud network specialists, engineers, and architects help organizations successfully design, build, and maintain cloud-native and hybrid networking infrastructures, including integrating existing networks with AWS cloud resources.

Average yearly salary: $107,000-$127,000 USD

6. AWS Security Engineer:

AWS security engineers are responsible for ensuring the security of Amazon Web Services environments. They work closely with other teams to identify security risks and implement controls to mitigate those risks.

Cloud security engineers provide security for AWS systems, protect sensitive and confidential data, and ensure regulatory compliance by designing and implementing security controls according to the latest security best practices.

Average yearly salary: $132,000-$152,000 USD

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions
AWS Certified Security Specialty

7. AWS Database administrator:

As a database administrator on Amazon Web Services (AWS), you’ll be responsible for setting up, maintaining, and securing databases hosted on the Amazon cloud platform. You’ll work closely with other teams to ensure that databases are properly configured and secured.

8. Cloud Support Engineer:

Support engineers are responsible for providing technical support to AWS customers. They work closely with customers to troubleshoot problems and provide resolution within agreed upon SLAs.

9. Sales Engineer:

Sales engineers are responsible for working with sales teams to generate new business opportunities through the use of AWS products and services .They must have a deep understanding of AWS products and how they can be used by potential customers to solve their business problems .

10. Cloud Developer

An AWS Developer builds software services and enterprise-level applications. Generally, previous experience working as a software developer and a working knowledge of the most common cloud orchestration tools is required to get and succeed at an AWS cloud developer job

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

Average yearly salary: $132,000 USD

11. Cloud Consultant

Cloud consultants provide organizations with technical expertise and strategy in designing and deploying AWS cloud solutions or in consulting on specific issues such as performance, security, or data migration.

Average yearly salary: $104,000-$124,000

12. Cloud Data Architect

Cloud data architects and data engineers may be cloud database administrators or data analytics professionals who know how to leverage AWS database resources, technologies, and services to unlock the value of enterprise data.

Average yearly salary: $130,000-$140,000 USD

What are the Top 10 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions
AWS Data analytics DAS-C01 Exam Prep

Getting a job after getting an AWS certification

The field of cloud computing will continue to grow and even more different types of jobs will surface in the future.

AWS certified professionals are in high demand across a variety of industries. AWS certs can open the door to a number of AWS jobs, including cloud engineer, solutions architect, and DevOps engineer.

Through studying and practice, any of the listed jobs could becoming available to you if you pass your AWS certification exams. Educating yourself on AWS concepts plays a key role in furthering your career and receiving not only a higher salary, but a more engaging position.

Source: 8 AWS jobs you can get with an AWS certification

AWS Tech Jobs  Interview Questions in 2022

Graphs

1) Process Ordering – LeetCode link…

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

2) Number of Islands – LeetCode link…

3) k Jumps on Grid – Loading…)

Sort

1) Finding Prefix in Dictionary – LeetCode Link…

Tree

1) Binary Tree Top Down View – LeetCode link…

2) Traversing binary tree in an outward manner.

3) Diameter of a binary tree [Path is needed] – Diameter of a Binary Tree – GeeksforGeeks

Sliding window

1) Contains Duplicates III – LeetCode link…

2) Minimum Window Substring [Variation of this question] – LeetCode link..

Linked List

1) Reverse a Linked List II – LeetCode link…

2) Remove Loop From Linked List – Remove Loop in Linked List

3) Reverse a Linked List in k-groups – LeetCode link…

Binary Search

1) Search In rotate sorted Array – LeetCode link…

Solution:

def pivotedBinarySearch(arr, n, key):
 
    pivot = findPivot(arr, 0, n-1)
 
    # If we didn't find a pivot,
    # then array is not rotated at all
    if pivot == -1:
        return binarySearch(arr, 0, n-1, key)
 
    # If we found a pivot, then first
    # compare with pivot and then
    # search in two subarrays around pivot
    if arr[pivot] == key:
        return pivot
    if arr[0] <= key:
        return binarySearch(arr, 0, pivot-1, key)
    return binarySearch(arr, pivot + 1, n-1, key)
 
 
# Function to get pivot. For array
# 3, 4, 5, 6, 1, 2 it returns 3
# (index of 6)
def findPivot(arr, low, high):
 
    # base cases
    if high < low:
        return -1
    if high == low:
        return low
 
    # low + (high - low)/2;
    mid = int((low + high)/2)
 
    if mid < high and arr[mid] > arr[mid + 1]:
        return mid
    if mid > low and arr[mid] < arr[mid - 1]:
        return (mid-1)
    if arr[low] >= arr[mid]:
        return findPivot(arr, low, mid-1)
    return findPivot(arr, mid + 1, high)
 
# Standard Binary Search function
def binarySearch(arr, low, high, key):
 
    if high < low:
        return -1
 
    # low + (high - low)/2;
    mid = int((low + high)/2)
 
    if key == arr[mid]:
        return mid
    if key > arr[mid]:
        return binarySearch(arr, (mid + 1), high,
                            key)
    return binarySearch(arr, low, (mid - 1), key)
 
# Driver program to check above functions
# Let us search 3 in below array
if __name__ == '__main__':
    arr1 = [5, 6, 7, 8, 9, 10, 1, 2, 3]
    n = len(arr1)
    key = 3
    print("Index of the element is : ", \
          pivotedBinarySearch(arr1, n, key))
 
# This is contributed by Smitha Dinesh Semwal

Arrays

1) Max bandWidth [Priority Queue, Sorting] – Loading…

2) Next permutation – Loading…

3) Largest Rectangle in Histogram – Loading…

Content by – Sandeep Kumar

#AWS #interviews #leetcode #questions #array #sorting #queue #loop #tree #graphs #amazon #sde —-#interviewpreparation #coding #computerscience #softwareengineer

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

AWS Azure Google Cloud Certifications Testimonials and Dumps

Do you want to become a Professional DevOps Engineer, a cloud Solutions Architect, a Cloud Engineer or a modern Developer or IT Professional, a versatile Product Manager, a hip Project Manager? Therefore Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career.

85% of hiring managers say cloud certifications make a candidate more attractive.

Build the skills that’ll drive your career into six figures.

In this blog, we are going to feed you with AWS Azure and GCP Cloud Certification testimonials and Frequently Asked Questions and Answers Dumps.


https://apps.apple.com/ca/app/djamgatech-pro/id1574297762
AWS Azure Google Cloud Certifications Testimonials and Dumps
AWS Developer Associates DVA-C01 PRO
 

PASSED AWS CCP (2022)

AWS Cloud Practitioner CCP CLF-C01 Certification Exam Prep

Went through the entire CloudAcademy course. Most of the info went out the other ear. Got a 67% on their final exam. Took the ExamPro free exam, got 69%.

Was going to take it last Saturday, but I bought TutorialDojo’s exams on Udemy. Did one Friday night, got a 50% and rescheduled it a week later to today Sunday.


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

Took 4 total TD exams. Got a 50%, 54%, 67%, and 64%. Even up until last night I hated the TD exams with a passion, I thought they were covering way too much stuff that didn’t even pop up in study guides I read. Their wording for some problems were also atrocious. But looking back, the bulk of my “studying” was going through their pretty well written explanations, and their links to the white papers allowed me to know what and where to read.

Not sure what score I got yet on the exam. As someone who always hated testing, I’m pretty proud of myself. I also had to take a dump really bad starting at around question 25. Thanks to TutorialsDojo Jon Bonso for completely destroying my confidence before the exam, forcing me to up my game. It’s better to walk in way over prepared than underprepared.

Just Passed My CCP exam today (within 2 weeks)

I would like to thank this community for recommendations about exam preparation. It was wayyyy easier than I expected (also way easier than TD practice exams scenario-based questions-a lot less wordy on real exam). I felt so unready before the exam that I rescheduled the exam twice. Quick tip: if you have limited time to prepare for this exam, I would recommend scheduling the exam beforehand so that you don’t procrastinate fully.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Resources:

-Stephane’s course on Udemy (I have seen people saying to skip hands-on videos but I found them extremely helpful to understand most of the concepts-so try to not skip those hands-on)

-Tutorials Dojo practice exams (I did only 3.5 practice tests out of 5 and already got 8-10 EXACTLY worded questions on my real exam)

Previous Aws knowledge:

-Very little to no experience (deployed my group’s app to cloud via Elastic beanstalk in college-had 0 clue at the time about what I was doing-had clear guidelines)

Preparation duration: -2 weeks (honestly watched videos for 12 days and then went over summary and practice tests on the last two days)

Links to resources:

https://www.udemy.com/course/aws-certified-cloud-practitioner-new/

https://tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/

I used Stephane Maarek on Udemy. Purchased his course and the 6 Practice Exams. Also got Neal Davis’ 500 practice questions on Udemy. I took Stephane’s class over 2 days, then spent the next 2 weeks going over the tests (3~4 per day) till I was constantly getting over 80% – passed my exam with a 882.

Passed – CCP CLF-C01

 

What an adventure, I’ve never really gieven though to getting a cert until one day it just dawned on me that it’s one of the few resources that are globally accepted. So you can approach any company and basically prove you know what’s up on AWS 😀

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

Passed with two weeks of prep (after work and weekends)

Resources Used:

  • https://www.exampro.co/

    • This was just a nice structured presentation that also gives you the powerpoint slides plus cheatsheets and a nice overview of what is said in each video lecture.

  • Udemy – AWS Certified Cloud Practitioner Practice Exams, created by Jon Bonso**, Tutorials Dojo**

    • These are some good prep exams, they ask the questions in a way that actually make you think about the related AWS Service. With only a few “Bullshit! That was asked in a confusing way” questions that popped up.

Pass AWS CCP. The score is beyond expected

I took CCP 2 days ago and got the pass notification right after submitting the answers. In about the next 3 hours I got an email from Credly for the badge. This morning I got an official email from AWS congratulating me on passing, the score is much higher than I expected. I took Stephane Maarek’s CCP course and his 6 demo exams, then Neal Davis’ 500 questions also. On all the demo exams, I took 1 fail and all passes with about 700-800. But in the real exam, I got 860. The questions in the real exam are kind of less verbose IMO, but I don’t truly agree with some people I see on this sub saying that they are easier.
Just a little bit of sharing, now I’ll find something to continue ^^

Good luck with your own exams.

Passed the exam! Spent 25 minutes answering all the questions. Another 10 to review. I might come back and update this post with my actual score.

Background

– A year of experience working with AWS (e.g., EC2, Elastic Beanstalk, Route 53, and Amplify).

– Cloud development on AWS is not my strong suit. I just Google everything, so my knowledge is very spotty. Less so now since I studied for this exam.

Study stats

– Spent three weeks studying for the exam.

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

– Studied an hour to two every day.

– Solved 800-1000 practice questions.

– Took 450 screenshots of practice questions and technology/service descriptions as reference notes to quickly swift through on my phone and computer for review. Screenshots were of questions that I either didn’t know, knew but was iffy on, or those I believed I’d easily forget.

– Made 15-20 pages of notes. Chill. Nothing crazy. This is on A4 paper. Free-form note taking. With big diagrams. Around 60-80 words per page.

– I was getting low-to-mid 70%s on Neal Davis’s and Stephane Maarek’s practice exams. Highest score I got was an 80%.

– I got a 67(?)% on one of Stephane Maarek’s exams. The only sub-70% I ever got on any practice test. I got slightly anxious. But given how much harder Maarek’s exams are compared to the actual exam, the anxiety was undue.

– Finishing the practice exams on time was never a problem for me. I would finish all of them comfortably within 35 minutes.

Resources used

– AWS Cloud Practitioner Essentials on the AWS Training and Certification Portal

– AWS Certified Cloud Practitioner Practice Tests (Book) by Neal Davis

– 6 Practice Exams | AWS Certified Cloud Practitioner CLF-C01 by Stephane Maarek*

– Certified Cloud Practitioner Course by Exam Pro (Paid Version)**

– One or two free practice exams found by a quick Google search

*Regarding Exam Pro: I went through about 40% of the video lectures. I went through all the videos in the first few sections but felt that watching the lectures was too slow and laborious even at 1.5-2x speed. (The creator, for the most part, reads off of the slides, adding brief comments here and there.) So, I decided to only watch the video lectures for sections I didn’t have a good grasp on. (I believe the video lectures provided in the course are just split versions of the full length course available for free on YouTube under the freeCodeCamp channel, here.) The online course provides five practice exams. I did not take any of them.

**Regarding Stephane Maarek: I only took his practice exams. I did not take his study guide course.

Notes

– My study regimen (i.e., an hour to two every day for three weeks) was overkill.

– The questions on the practice exams created by Neal Davis and Stephane Maarek were significantly harder than those on the actual exam. I believe I could’ve passed without touching any of these resources.

– I retook one or two practice exams out of the 10+ I’ve taken. I don’t think there’s a need to retake the exams as long as you are diligent about studying the questions and underlying concepts you got wrong. I reviewed all the questions I missed on every practice exam the day before.

What would I do differently?

– Focus on practice tests only. No video lectures.

– Focus on the technologies domain. You can intuit your way through questions in the other domains.

– Chill

What are the Top 100 AWS jobs you can get with an AWS certification in 2022 plus AWS Interview Questions
AWS SAA-C02 SAA-C03 Exam Prep

Just passed SAA-C03, thoughts on it

 
  • Lots of the comments here about networking / VPC questions being prevalent are true. Also so many damn Aurora questions, it was like a presales chat.

  • The questions are actually quite detailed; as some had already mentioned. So pay close attention to the minute details Some questions you definitely have to flag for re-review.

  • It is by far harder than the Developer Associate exam, despite it having a broader scope. The DVA-C02 exam was like doing a speedrun but this felt like finishing off Sigrun on GoW. Ya gotta take your time.

I took the TJ practice exams. It somewhat helped, but having intimate knowledge of VPC and DB concepts would help more.

Passed SAA-C03 – Feedback

Just passed the SAA-C03 exam (864) and wanted to provide some feedback since that was helpful for me when I was browsing here before the exam.

I come from an IT background and have a strong knowledge in the VPC portion so that section was a breeze for me in the preparation process (I had never used AWS before this so everything else was new, but the concepts were somewhat familiar considering my background). I started my preparation about a month ago, and used the Mareek class on Udemy. Once I finished the class and reviewed my notes I moved to Mareek’s 6 practice exams (on Udemy). I wasn’t doing extremely well on the PEs (I passed on 4/6 of the exams with 70s grades) I reviewed the exam questions after each exam and moved on to the next. I also purchased Tutorial Dojo’s 6 exams set but only ended up taking one out of 6 (which I passed).

Overall the practice exams ended up being a lot harder than the real exam which had mostly the regular/base topics: a LOT of S3 stuff and storage in general, a decent amount of migration questions, only a couple questions on VPCs and no ML/AI stuff.

My Study Guide for passing the SAA-C03 exam

Sharing the study guide that I followed when I prepared for the AWS Certified Solutions Architect Associate SAA-C03 exam. I passed this test and thought of sharing a real exam experience in taking this challenging test.

First off: my background – I have 8 years of development.experience and been doing AWS for several project, both personally and at work. Studied for a total of 2 months. Focused on the official Exam Guide, and carefully studied the Task Statements and related AWS services.

SAA-C03 Exam Prep

For my exam prep, I bought the adrian cantrill video coursetutorialsdojo (TD) video course and practice exams. Adrian’s course is just right and highly educational but like others has said, the content is long and cover more than just the exam. Did all of the hands-on labs too and played around some machine learning services in my AWS account.

TD video course is short and a good overall summary of the topics items you’ve just learned. One TD lesson covers multiple topics so the content is highly concise. After I completed doing Adrian’s video course, I used TD’s video course as a refresher, did a couple of their hands-on labs then head on to their practice exams.

For the TD practice exams, I took the exam in chronologically and didn’t jumped back and forth until I completed all tests. I first tried all of the 7 timed-mode tests, and review every wrong ones I got on every attempt., then the 6 review-mode tests and the section/topic-based tests. I took the final-test mode roughly 3 times and this is by far one of the helpful feature of the website IMO. The final-test mode generates a unique set from all TD question bank, so every attempt is challenging for me. I also noticed that the course progress doesn’t move if I failed a specific test, so I used to retake the test that I failed.

The Actual SAA-C03 Exam

The actual AWS exam is almost the same with the ones in the TD tests where:

  • All of the questions are scenario-based

  • There are two (or more) valid solutions in the question, e.g:

    • Need SSL: options are ACM and self-signed URL

    • Need to store DB credentials: options are SSM Parameter Store and Secrets Manager

  • The scenarios are long-winded and asks for:

    • MOST Operationally efficient solution

    • MOST cost-effective

    • LEAST amount overhead

Overall, I enjoyed the exam and felt fully prepared while taking the test, thanks to Adrian and TD, but it doesn’t mean the whole darn thing is easy. You really need to put some elbow grease and keep your head lights on when preparing for this exam. Good luck to all and I hope my study guide helped out anyone who is struggling.

Another Passed SAA-C03?

Just another thread about passing the general exam? I passed SAA-C03 yesterday, would like to share my experience on how I earned the examination.

Background:

– graduate with networking background

– working experience on on-premise infrastructure automation, mainly using ansible, python, zabbix and etc.

– cloud experience, short period like 3-6 months with practice

– provisioned cloud application using terraform in azure and aws

Course that I used fully:

– AWS Certified Solutions Architect – Associate (SAA-C03) | learn.cantri (cantrill.io)

– AWS Certified Solutions Architect Associate Exam – SAA-C03 Study Path (tutorialsdojo.com)

Course that I used partially or little:

– Ultimate AWS Certified Solutions Architect Associate (SAA) | Udemy

– Practice Exams | AWS Certified Solutions Architect Associate | Udemy

Lab that I used:

– Free tier account with cantrill instruction

– Acloudguru lab and sandbox

– Percepio lab

Comment on course:

cantrill course is depth and lot of practical knowledge, like email alias and etc.. check in to know more

tutorialdojo practice exam help me filter the answer and guide me on correct answer. If I am wrong in specific topic, I rewatch cantrill video. However, there is some topics that not covered by cantrill but the guideline/review in practice exam will provide pretty much detail. I did all the other mode before the timed-based, after that get average 850 in timed-based exam, while scoring the final practice exam with 63/65. However, real examination is harder compared to practice exam in my opinion.

udemy course and practice exam, I go through some of them but I think the practice exam is quite hard compared to tutorialdojo.

lab – just get hand dirty and they will make your knowledge deep dive in your brain, my advice is try not only to do copy and paste lab but really read the description for each parameter in aws portal

Advice:

you need to know some general exam topics like how to:

– s3 private access

– ec2 availability

– kinesis product including firehose, data stream, blabla

– iam

My next target will be AWS SAP and CKA, still searching suitable material for AWS SAP but proposed mainly using acloudguru sandbox and homelab to learn the subject, practice with acantrill lab in github.

Good luck anyone!

Passed SAA

I wanted to give my personal experience. I have a background in IT, but I have never worked in AWS previous to 5 weeks ago. I got my Cloud Practitioner in a week and SAA after another 4 weeks of studying (2-4 hours a day). I used Cantril’s Course and Tutorials Dojo Practice Exams. I highly, highly recommend this combo. I don’t think I would have passed without the practice exams, as they are quite difficult. In my opinion, they are much more difficult than the actual exam. They really hit the mark on what kind of content you will see. I got a 777, and that’s with getting 70-80%’s on the practice exams. I probably could have done better, but I had a really rough night of sleep and I came down with a cold. I was really on the struggle bus halfway through the test.

I only had a couple of questions on ML / AI, so make sure you know the differences between them all. Lot’s of S3 and EC2. You really need to know these in and out.

My company is offering stipend’s for each certification, so I’m going straight to developer next.

Recently passed SAA-C03

Just passed my SAA-C03 yesterday with 961 points. My first time doing AWS certification. I used Cantrill’s course. Went through the course materials twice, and took around 6 months to study, but that’s mostly due to my busy schedule. I found his materials very detailed and probably go beyond what you’d need for the actual exam.

I also used Stephane’s practice exams on Udemy. I’d say it’s instrumental in my passing doing these to get used to the type of questions in the actual exams and review missing knowledge. Would not have passed otherwise.

Just a heads-up, there are a few things popped up that I did not see in the course materials or practice exams:

* Lake Formation: question about pooling data from RDS and S3, as well as controlling access.

* S3 Requester Pays: question about minimizing S3 data cost when sharing with a partner.

* Pinpoint journey: question about customer replying to SMS sent-out and then storing their feedback.

Not sure if they are graded or Amazon testing out new parts.

Cheers.

Another SAP-C01-Pass

Received my notification this morning that I passed 811.

Prep Time: 10 weeks 2hrs a day

Materials: Neil Davis videos/practice exam Jon Bonso practice exams White papers Misc YouTube videos Some hands on

Prof Experience: 4 years AWS using main services as architect

AWS Certs: CCP-SSA-DVA-SAP(now)

Thoughts: Exam was way more familiar to me than the Developer Exam. I use very little AWS developer tools but mainly use core AWS services. Neil’s videos were very straightforward, easy to digest, and on point. I was able to watch most of the videos on a plane flight to Vegas.

After video series I started to hit his section based exams, main exam, notes, and followed up with some hands on. I was getting destroyed on some of the exams early on and had to rewatch and research the topics, writing notes. There is a lot of nuance and fine details on the topics, you’ll see this when you take the practice exam. These little details matter.

Bonso’s exam were nothing less than awesome as per usual. Same difficulty and quality as Neil Davis. Followed the same routine with section based followed by final exam. I believe Neil said to aim for 80’s on his final exams to sit for the exam. I’d agree because that’s where I was hitting a week before the exam (mid 80’s). Both Neil and Jon exams were on par with exam difficulty if not a shade more difficult.

The exam itself was very straightforward. My experience is the questions were not overly verbose and were straight to the point as compared to the practice exams I took. I was able to quickly narrow down the questions and make a selection. Flagged 8 questions along the way and had 30min to review all my answers. Unlike some people, I didn’t feel like it was a brain melter and actually enjoyed the challenge. Maybe I’m a sadist who knows.

Advice: Follow Neil’s plan, bone up on weak areas and be confident. These questions have a pattern based upon the domain. Doing the practice exams enough will allow you to see the pattern and then research will confirm your suspicions. You can pass this exam!

Good luck to those preparing now and god speed.

 
AWS Developer Associate DVA-C01 Exam Prep
 
 
 

I Passed AWS Developer Associate Certification DVA-C01 Testimonials

AWS Developer and Deployment Theory: Facts and Summaries and Questions/Answers
AWS Developer Associate DVA-C01 Exam Prep

Passed DVA-C01

Passed the certified developer associate this week.

Primary study was Stephane Maarek’s course on Udemy.

I also used the Practice Exams by Stephane Maarek and Abhishek Singh.

I used Stephane’s course and practice exams for the Solutions Architect Associate as well, and find his course does a good job preparing you to pass the exams.

The practice exams were more challenging than the actual exam, so they are a good gauge to see if you are ready for the exam.

Haven’t decided if I’ll do another associate level certification next or try for the solutions architect professional.

Cleared AWS Certified Developer – Associate (DVA-C01)

 

I cleared Developer associate exam yesterday. I scored 873.
Actual Exam Exp: More questions were focused on mainly on Lambda, API, Dynamodb, cloudfront, cognito(must know proper difference between user pool and identity pool)
3 questions I found were just for redis vs memecached (so maybe you can focus more here also to know exact use case& difference.) other topic were cloudformation, beanstalk, sts, ec2. Exam was mix of too easy and too tough for me. some questions were one liner and somewhere too long.

Resources: The main resources I used was udemy. Course of Stéphane Maarek and practice exams of Neal Davis and Stéphane Maarek. These exams proved really good and they even helped me in focusing the area which I lacked. And they are up to the level to actual exam, I found 3-4 exact same questions in actual exam(This might be just luck ! ). so I feel, the course of stephane is more than sufficient and you can trust it. I have achieved solution architect associate previously so I knew basic things, so I took around 2 weeks for preparation and revised the Stephen’s course as much as possible. Parallelly I gave the mentioned exams as well, which guided me where to focus more.

Thanks to all of you and feel free to comment/DM me, if you think I can help you in anyway for achieving the same.

Another Passed Associate Developer Exam (DVA-C01)

Already had passed the Associate Architect Exam (SA-C03) 3 months ago, so I got much more relaxed to the exam, I did the exam with Pearson Vue at home with no problems. Used Adrian Cantrill for the course together with the TD exams.

Studied 2 weeks a 1-2 hours since there is a big overlap with the associate architect couse, even tho the exam has a different approach, more focused on the Serverless side of AWS. Lots of DynamoDB, Lambda, API Gateway, KMS, CloudFormation, SAM, SSO, Cognito (User Pool and Identity Pool), and IAM role/credentials best practices.

I do think in terms of difficulty it was a bit easier than the Associate Architect, maybe it is made up on my mind as it was my second exam so I went in a bit more relaxed.

Next step is going for the Associate Sys-Ops, I will use Adrian Cantrill and Stephane Mareek courses as it is been said that its the most difficult associate exam.

Passed the SCS-C01 Security Specialty 

Passed the SCS-C01 Security Specialty
Passed the SCS-C01 Security Specialty

Mixture of Tutorial Dojo practice exams, A Cloud Guru course, Neal Davis course & exams helped a lot. Some unexpected questions caught me off guard but with educated guessing, due to the material I studied I was able to overcome them. It’s important to understand:

  1. KMS Keys

    1. AWS Owned Keys

    2. AWS Managed KMS keys

    3. Customer Managed Keys

    4. asymmetrical

    5. symmetrical

    6. Imported key material

    7. What services can use AWS Managed Keys

  2. KMS Rotation Policies

    1. Depending on the key matters the rotation that can be applied (if possible)

  3. Key Policies

    1. Grants (temporary access)

    2. Cross-account grants

    3. Permanent Policys

    4. How permissions are distributed depending on the assigned principle

  4. IAM Policy format

    1. Principles (supported principles)

    2. Conditions

    3. Actions

    4. Allow to a service (ARN or public AWS URL)

    5. Roles

  5. Secrets Management

    1. Credential Rotation

    2. Secure String types

    3. Parameter Store

    4. AWS Secrets Manager

  6. Route 53

    1. DNSSEC

    2. DNS Logging

  7. Network

    1. AWS Network Firewall

    2. AWS WAF (some questions try to trick you into thinking AWS Shield is needed instead)

    3. AWS Shield

    4. Security Groups (Stateful)

    5. NACL (Stateless)

    6. Ephemeral Ports

    7. VPC FlowLogs

  8. AWS Config

    1. Rules

    2. Remediation (custom or AWS managed)

  9. AWS CloudTrail

    1. AWS Organization Trails

    2. Multi-Region Trails

    3. Centralized S3 Bucket for multi-account log aggregation

  10. AWS GuardDuty vs AWS Macie vs AWS Inspector vs AWS Detective vs AWS Security Hub

It gets more in depth, I’m willing to help anyone out that has questions. If you don’t mind joining my Discord to discuss amongst others to help each other out will be great. A study group community. Thanks. I had to repost because of a typo 🙁

https://discord.gg/pZbEnhuEY9

Passed the Security Specialty

Passed Security Specialty yesterday.

Resources used were:

Adrian (for the labs), Jon (For the Test Bank),

Total time spent studying was about a week due to the overlap with the SA Pro I passed a couple weeks ago.

Now working on getting Networking Specialty before the year ends.

My longer term goal is to have all the certs by end of next year.

 

Advanced Networking - Specialty

Advanced Networking – Specialty

Passed AWS Certified advanced networking – Specialty ANS-C01 2 days ago

 

This was a tough exam.

Here’s what I used to get prepped:

Exam guide book by Kam Agahian and group of authors – this just got released and has all you need in a concise manual, it also included 3 practice exams, this is a must buy for future reference and covers ALL current exam topics including container networking, SD-WAN etc.

Stephane Maarek’s Udemy course – it is mostly up-to-date with the main exam topics including TGW, network firewall etc. To the point lectures with lots of hands-on demos which gives you just what you need, highly recommended as well!

Tutorial Dojos practice tests to drive it home – this helped me get an idea of the question wording, so I could train myself to read fast, pick out key words, compare similar answers and build confidence in my knowledge.

Crammed daily for 4 weeks (after work, I have a full time job + family) and went in and nailed it. I do have networking background (15+ years) and I am currently working as a cloud security engineer and I’m working with AWS daily, especially EKS, TGW, GWLB etc.

For those not from a networking background – it would definitely take longer to prep.

Good luck!

 
 
 
 
Azure Fundamentals AZ900 Certification Exam Prep
Azure Fundamentals AZ900 Certification Exam Prep
#Azure #AzureFundamentals #AZ900 #AzureTraining #LeranAzure #Djamgatech

 

Passed AZ-900, SC-900, AI-900, and DP-900 within 6 weeks!

 
Achievement Celebration

What an exciting journey. I think AZ-900 is the hardest probably because it is my first Microsoft certification. Afterwards, the others are fair enough. AI-900 is the easiest.

I generally used Microsoft Virtual Training Day, Cloud Ready Skills, Measureup and John Savill’s videos. Having built a fundamental knowledge of the Cloud, I am planning to do AWS CCP next. Wish me luck!

Passed Azure Fundamentals

 
Learning Material

Hi all,

I passed my Azure fundamentals exam a couple of days ago, with a score of 900/1000. Been meaning to take the exam for a few months but I kept putting it off for various reasons. The exam was a lot easier than I thought and easier than the official Microsoft practice exams.

Study materials;

  • A Cloud Guru AZ-900 fundamentals course with practice exams

  • Official Microsoft practice exams

  • MS learning path

  • John Savill’s AZ-900 study cram, started this a day or two before my exam. (Highly Recommended) https://www.youtube.com/watch?v=tQp1YkB2Tgs&t=4s

Will be taking my AZ-104 exam next.

Azure Administrator AZ104 Certification Exam Prep
Azure Administrator AZ104 Certification Exam Prep

Passed AZ-104 with about a 6 weeks prep

 
Learning Material

Resources =

John Savill’s AZ-104 Exam Cram + Master Class Tutorials Dojo Practice Exams

John’s content is the best out there right now for this exam IMHO. I watched the cram, then the entire master class, followed by the cram again.

The Tutorials Dojo practice exams are essential. Some questions on the actual exam where almost word-for-word what I saw on the exam.

Question:

What’s everyone using for the AZ-305? Obviously, already using John’s content, and from what I’ve read the 305 isn’t too bad.

Thoughts?

Passed the AZ-140 today!!

 
Achievement Celebration

I passed the (updated?) AZ-140, AVD specialty exam today with an 844. First MS certification in the bag!

Edited to add: This video series from Azure Academy was a TON of help.

https://youtube.com/playlist?list=PL-V4YVm6AmwW1DBM25pwWYd1Lxs84ILZT

Passed DP-900

 
Achievement Celebration

I am pretty proud of this one. Databases are an area of IT where I haven’t spent a lot of time, and what time I have spent has been with SQL or MySQL with old school relational databases. NoSQL was kinda breaking my brain for a while.

Study Materials:

  1. Microsoft Virtual Training Day, got the voucher for the free exam. I know several people on here said that was enough for them to pass the test, but that most certainly was not enough for me.

  2. Exampro.co DP-900 course and practice test. They include virtual flashcards which I really liked.

  3. Whizlabs.com practice tests. I also used the course to fill in gaps in my testing.

Passed AI-900! Tips & Resources Included!!

Azure AI Fundamentals AI-900 Exam Prep
Azure AI Fundamentals AI-900 Exam Prep
 
Achievement Celebration

Huge thanks to this subreddit for helping me kick start my Azure journey. I have over 2 decades of experience in IT and this is my 3rd Azure certification as I already have AZ-900 and DP-900.

Here’s the order in which I passed my AWS and Azure certifications:

SAA>DVA>SOA>DOP>SAP>CLF|AZ-900>DP-900>AI-900

I have no plans to take this certification now but had to as the free voucher is expiring in a couple of days. So I started preparing on Friday and took the exam on Sunday. But give it more time if you can.

Here’s my study plan for AZ-900 and DP-900 exams:

  • finish a popular video course aimed at the cert

  • watch John Savill’s study/exam cram

  • take multiple practice exams scoring in 90s

This is what I used for AI-900:

  • Alan Rodrigues’ video course (includes 2 practice exams) 👌

  • John Savill’s study cram 💪

  • practice exams by Scott Duffy and in 28Minutes Official 👍

  • knowledge checks in AI modules from MS learn docs 🙌

I also found the below notes to be extremely useful as a refresher. It can be played multiple times throughout your preparation as the exam cram part is just around 20 minutes.

https://youtu.be/utknpvV40L0 👏

Just be clear on the topics explained by the above video and you’ll pass AI-900. I advise you to watch this video at the start, middle and end of your preparation. All the best in your exam

Just passed AZ-104

 
Achievement Celebration

I recommend to study networking as almost all of the questions are related to this topic. Also, AAD is a big one. Lots of load balancers, VNET, NSGs.

Received very little of this:

  • Containers

  • Storage

  • Monitoring

I passed with a 710 but a pass is a pass haha.

Used tutorial dojos but the closest questions I found where in the Udemy testing exams.

Regards,

Passed GCP Professional Cloud Architect

Google Professional Cloud Architect Practice Exam 2022
Google Professional Cloud Architect Practice Exam 2022
 

First of all, I would like to start with the fact that I already have around 1 year of experience with GCP in depth, where I was working on GKE, IAM, storage and so on. I also obtained GCP Associate Cloud Engineer certification back in June as well, which helps with the preparation.

I started with Dan Sullivan’s Udemy course for Professional Cloud Architect and did some refresher on the topics I was not familiar with such as BigTable, BigQuery, DataFlow and all that. His videos on the case studies helps a lot to understand what each case study scenario requires for designing the best cost-effective architecture.

In order to understand the services in depth, I also went through the GCP documentation for each service at least once. It’s quite useful for knowing the syntax of the GCP commands and some miscellaneous information.

As for practice exam, I definitely recommend Whizlabs. It helped me prepare for the areas I was weak at and helped me grasp the topics a lot faster than reading through the documentation. It will also help you understand what kind of questions will appear for the exam.

I used TutorialsDojo (Jon Bonso) for preparation for Associate Cloud Engineer before and I can attest that Whizlabs is not that good. However, Whizlabs still helps a lot in tackling the tough questions that you will come across during the examination.

One thing to note is that, there wasn’t even a single question that was similar to the ones from Whizlabs practice tests. I am saying this from the perspective of the content of the questions. I got totally different scenarios for both case study and non case study questions. Many questions focused on App Engine, Data analytics and networking. There were some Kubernetes questions based on Anthos, and cluster networking. I got a tough question regarding storage as well.

I initially thought I would fail, but I pushed on and started tackling the multiple-choices based on process of elimination using the keywords in the questions. 50 questions in 2 hours is a tough one, especially due to the lengthy questions and multiple choices. I do not know how this compares to AWS Solutions Architect Professional exam in toughness. But some people do say GCP professional is tougher than AWS.

All in all, I still recommend this certification to people who are working with GCP. It’s a tough one to crack and could be useful for future prospects. It’s a bummer that it’s only valid for 2 years.

GCP Associate Cloud Engineer Exam Prep

Passed GCP: Cloud Digital Leader

Hi everyone,

First, thanks for all the posts people share. It helps me prep for my own exam. I passed the GCP: Cloud Digital Leader exam today and wanted to share a few things about my experience.

Preparation

I have access to ACloudGuru (AGU)and Udemy through work. I started one of the Udemy courses first, but it was clear the course was going beyond the scope of the Cloud Digital Leader certification. I switched over AGU and enjoyed the content a lot more. The videos were short and the instructor hit all the topics on the Google exam requirements sheet.

AGU also has three – 50 question practices test. The practice tests are harder than the actual exam (and the practice tests aren’t that hard).

I don’t know if someone could pass the test if they just watched the videos on Google Cloud’s certification site, especially if you had no experience with GCP.

Overall, I would say I spent 20 hrs preparing for the exam. I have my CISSP and I’m working on my CCSP. After taking the test, I realized I way over prepared.

Exam Center

It was my first time at this testing center and I wasn’t happy with the experience. A few of the issues I had are:

– My personal items (phone, keys) were placed in an unlocked filing cabinet

– My desk are was dirty. There were eraser shreds (or something similar) and I had to move the keyboard and mouse and brush all the debris out of my work space

– The laminated sheet they gave me looked like someone had spilled Kool-Aid on it

– They only offered earplugs, instead of noise cancelling headphones

Exam

My recommendation for the exam is to know the Digital Transformation piece as well as you know all the GCP services and what they do.

I wish you all luck on your future exams. Onto GCP: Associate Cloud Engineer.

Passed the Google Cloud: Associate Cloud Engineer

Hey all, I was able to pass the Google Cloud: Associate Cloud Engineer exam in 27 days.

I studied about 3-5 hours every single day.

I created this note to share with the resources I used to pass the exam.

Happy studying!

GCP ACE Exam Aced

Hi folks,

I am glad to share with you that I have cleared by GCP ACE exam today and would like to share my preparation with you:

1)I completed these courses from Coursera:

1.1 Google Cloud Platform Fundamentals – Core Infrastructure

1.2 Essential Cloud Infrastructure: Foundation

1.3 Essential Cloud Infrastructure: Core Services

1.4 Elastic Google Cloud Infrastructure: Scaling and Automation

Post these courses, I did couple of QwikLab courses as listed in orderly manner:

2 Getting Started: Create and Manage Cloud Resources (Qwiklabs Quest)

   2.1 A Tour of Qwiklabs and Google Cloud

   2.2 Creating a Virtual Machine

   2.2 Compute Engine: Qwik Start – Windows

   2.3 Getting Started with Cloud Shell and gcloud

   2.4 Kubernetes Engine: Qwik Start

   2.5 Set Up Network and HTTP Load Balancers

   2.6 Create and Manage Cloud Resources: Challenge Lab

 3 Set up and Configure a Cloud Environment in Google Cloud (Qwiklabs Quest)

   3.1 Cloud IAM: Qwik Start

   3.2 Introduction to SQL for BigQuery and Cloud SQL

   3.3 Multiple VPC Networks

   3.4 Cloud Monitoring: Qwik Start

   3.5 Deployment Manager – Full Production [ACE]

   3.6 Managing Deployments Using Kubernetes Engine

   3.7 Set Up and Configure a Cloud Environment in Google Cloud: Challenge Lab

 4 Kubernetes in Google Cloud (Qwiklabs Quest)

   4.1 Introduction to Docker

   4.2 Kubernetes Engine: Qwik Start

   4.3 Orchestrating the Cloud with Kubernetes

   4.4 Managing Deployments Using Kubernetes Engine

   4.5 Continuous Delivery with Jenkins in Kubernetes Engine

Post these courses I did the following for mock exam preparation:

  1. Jon Bonso Tutorial Dojo -GCP ACE preparation

  2. Udemy course:

https://www.udemy.com/course/google-associate-cloud-engineer-practice-exams-2021-d/learn/quiz/5278722/results?expanded=591254338#overview

And yes folks this took me 3 months to prepare. So take your time and prepare it.

#djamgatech #aws #azure #gcp #ccp #az900 #saac02 #saac03 #az104 #azai #dasc01 #mlsc01 #scsc01 #azurefundamentals #awscloudpractitioner #solutionsarchitect #datascience #machinelearning #azuredevops #awsdevops #az305 #ai900 #DP900 #GCPACE

Comparison of AWS vs Azure vs Google

Cloud computing has revolutionized the way companies develop applications. Most of the modern applications are now cloud native. Undoubtedly, the cloud offers immense benefits like reduced infrastructure maintenance, increased availability, cost reduction, and many others.

However, which cloud vendor to choose, is a challenge in itself. If we look at the horizon of cloud computing, the three main providers that come to mind are AWS, Azure, and Google cloud. Today, we will compare the top three cloud giants and see how they differ. We will compare their services, specialty, and pros and cons. After reading this article, you will be able to decide which cloud vendor is best suited to your needs and why.

History and establishment

AWS

AWS is the oldest player in the market, operating since 2006. Here’s a brief history of AWS and how computing has changed. Being the first in the cloud industry, it has gained a particular advantage over its competitors. It offers more than 200+ services to its users. Some of its notable clients include:

  • Netflix
  • Expedia
  • Airbnb
  • Coursera
  • FDA
  • Coca Cola

Azure

Azure by Microsoft started in 2010. Although it started four years later than AWS, it is catching up quite fast. Azure is Microsoft’s public cloud platform which is why many companies prefer to use Azure for their Microsoft-based applications. It also offers more than 200 services and products. Some of its prominent clients include:

  • HP
  • Asus
  • Mitsubishi
  • 3M
  • Starbucks
  • CDC (Center of Disease Control) USA
  • National health service (NHS) UK

Google

Google Cloud also started in 2010. Its arsenal of cloud services is relatively smaller compared to AWS or Azure. It offers around 100+ services. However, its services are robust, and many companies embrace Google cloud for its specialty services. Some of its noteworthy clients include:

  • PayPal
  • UPS
  • Toyota
  • Twitter
  • Spotify
  • Unilever

Market share & growth rate

If you look at the market share and growth chart below, you will notice that AWS has been leading for more than four years. Azure is also expanding fast, but it is still has a long way to go to catch up with AWS.

However, in terms of revenue, Azure is ahead of AWS. In Q1 2022, AWS revenue was $18.44 billion; Azure earned $23.4 billion, while Google cloud earned $5.8 billion.

Availability Zones (Data Centers)

When comparing cloud vendors, it is essential to see how many regions and availability zones are offered. Here is a quick comparison between all three cloud vendors in terms of regions and data centers:

AWS

AWS operates in 25 regions and 81 availability zones. It offers 218+ edge locations and 12 regional edge caches as well. You can utilize the edge location and edge caches in services like AWS Cloudfront and global accelerator, etc.

Azure

Azure has 66 regions worldwide and a minimum of three availability zones in each region. It also offers more than 116 edge locations.

Google

Google has a presence in 27 regions and 82 availability zones. It also offers 146 edge locations.

Although all three cloud giants are continuously expanding. Both AWS and Azure offer data centers in China to specifically cater for Chinese consumers. At the same time, Azure seems to have broader coverage than its competitors.

Comparison of common cloud services

Let’s look at the standard cloud services offered by these vendors.

Compute

Amazon’s primary compute offering is EC2 instances, which are very easy to operate. Amazon also provides a low-cost option called “Amazon lightsail” which is a perfect fit for those who are new to computing and have a limited budget. AWS charges for EC2 instances only when you are using them. Azure’s compute offering is also based on virtual machines. Google is no different and offers virtual machines in Google’s data centers. Here’s a brief comparison of compute offerings of all three vendors:

Storage

All three vendors offer various forms of storage, including object-based storage, cold storage, file-based storage, and block-based storage. Here’s a brief comparison of all three:

Database

All three vendors support managed services for databases. They also offer NoSQL as well as document-based databases. AWS also provides a proprietary RDBMS named “Aurora”, a highly scalable and fast database offering for both MySQL and PostGreSQL. Here’s a brief comparison of all three vendors:

Comparison of Specialized services

All three major cloud providers are competing with each other in the latest technologies. Some notable areas of competition include ML/AI, robotics, DevOps, IoT, VR/Gaming, etc. Here are some of the key specialties of all three vendors.

AWS

Being the first and only one in the cloud market has many benefits, and Amazon has certainly taken advantage of that. Amazon has advanced specifically in AI and machine learning related tools. AWS DeepLens is an AI-powered camera that you can use to develop and deploy machine learning algorithms. It helps you with OCR and image recognition. Similarly, Amazon has launched an open source library called “Gluon” which helps with deep learning and neural networks. You can use this library to learn how neural networks work, even if you lack any technical background. Another service that Amazon offers is SageMaker. You can use SageMaker to train and deploy your machine learning models. It contains the Lex conversational interface, which is the backbone of Alexa, Lambda, and Greengrass IoT messaging services.

Another unique (and recent) offering from AWS is IoT twinmaker. This service can create digital twins of real-world systems like factories, buildings, production lines, etc.

AWS is even providing a service for Quantum computing called AWS Braket.

Azure

Azure excels where you are already using some Microsoft products, especially on-premises Microsoft products. Organizations already using Microsoft products prefer to use Azure instead of other cloud vendors because Azure offers a better and more robust integration with Microsoft products.

Azure has excellent services related to ML/AI and cognitive services. Some notable services include Bing web search API, Face API, Computer vision API, text analytics API, etc.

Google

Google is the current leader of all cloud providers regarding AI. This is because of their open-source Google library TensorFlow, the most popular library for developing machine learning applications. Vertex AI and BigQueryOmni are also beneficial services offered lately. Similarly, Google offers rich services for NLP, translation, speech, etc.

Pros and Cons

Let’s summarize the pros and cons for all three cloud vendors:

AWS

Pros:

  • An extensive list of services
  • Huge market share
  • Support for large businesses
  • Global reach

Cons:

  • Pricing model. Many companies struggle to understand the cost structure. Although AWS has improved the UX of its cost-related reporting in the AWS console, many companies still hesitate to use AWS because of a perceived lack of cost transparency

Azure

Pros:

  • Excellent integration with Microsoft tools and software
  • Broader feature set
  • Support for open source

Cons:

  • Geared towards enterprise customers

Google

Pros:

  • Strong integration with open source tools
  • Flexible contracts
  • Good DevOps services
  • The most cost-efficient
  • The preferred choice for startups
  • Good ML/AI-based services

Cons:

  • A limited number of services as compared to AWS and Azure
  • Limited support for enterprise use cases

Career Prospects

Keen to learn which vendor’s cloud certification you should go for ? Here is a brief comparison of the top three cloud certifications and their related career prospects:

AWS

As mentioned earlier, AWS has the largest market share compared to other cloud vendors. That means more companies are using AWS, and there are more vacancies in the market for AWS-certified professionals. Here are main reasons why you would choose to learn AWS:

Azure

Azure is the second largest cloud service provider. It is ideal for companies that are already using Microsoft products. Here are the top reasons why you would choose to learn Azure:

  • Ideal for experienced user of Microsoft services
  • Azure certifications rank among the top paying IT certifications
  • If you’re applying for a company that primarily uses Microsoft Services

Google

Although Google is considered an underdog in the cloud market, it is slowly catching up. Here’s why you may choose to learn GCP.

  • While there are fewer job postings, there is also less competition in the market
  • GCP certifications rank among the top paying IT certifications

Most valuable IT Certifications

Keen to learn about the top paying cloud certifications and jobs? If you look at the annual salary figures below, you can see the average salary for different cloud vendors and IT companies, no wonder AWS is on top. A GCP cloud architect is also one of the top five. The Azure architect comes at #9.

Which cloud certification to choose depends mainly on your career goals and what type of organization you want to work for. No cloud certification path is better than the other. What matters most is getting started and making progress towards your career goals. Even if you decide at a later point in time to switch to a different cloud provider, you’ll still benefit from what you previously learned.

Over time, you may decide to get certified in all three – so you can provide solutions that vary from one cloud service provider to the next.

Don’t get stuck in analysis-paralysis! If in doubt, simply get started with AWS certifications that are the most sought-after in the market – especially if you are at the very beginning of your cloud journey. The good news is that you can become an AWS expert when enrolling in our value-packed training.

Further Reading

You may also be interested in the following articles:

https://digitalcloud.training/entry-level-cloud-computing-jobs-roles-and-responsibilities/https://digitalcloud.training/aws-vs-azure-vs-google-cloud-certifications-which-is-better/https://digitalcloud.training/10-tips-on-how-to-enter-the-cloud-computing-industry/https://digitalcloud.training/top-paying-cloud-certifications-and-jobs/https://digitalcloud.training/are-aws-certifications-worth-it/

Source:

https://digitalcloud.training/comparison-of-aws-vs-azure-vs-google/


Get it on Apple Books
Get it on Apple Books

  • Free Google Cloud associate cloud engineer,professional cloud architect,security engineer practice tests.
    by /u/Just_Reaction_4469 (Google Cloud Platform Certification) on March 18, 2024 at 5:31 pm

    https://karaniph.com/google-cloud-associate-cloud-engineer-free-practice-test/ https://karaniph.com/google-cloud-professional-architect-free-practice-test/ https://karaniph.com/google-cloud-professional-cloud-security-engineer-practice-test/ submitted by /u/Just_Reaction_4469 [link] [comments]

  • The future of infrastructure modernization: how Google Cloud Innovators are embracing the cloud
    by (Training & Certifications) on March 18, 2024 at 4:00 pm

    Google Cloud Champion Innovators is a global network of roughly 600 external professionals who are technical experts in Google Cloud products and services. Each Champion specializes in one of nine different technical categories including Coud AI/ML, Data Analytics, Databases, Hybrid Multi-Cloud, Modern Architecture, Security and Networking, Serverless App Development, Storage, or Google Workspace. In this ongoing interview series we sit down with Champion Innovators across the world to learn more about their journeys, technology focus, and what excites them. Today we're talking to Rohan Singh, a Senior Cloud Infrastructure Engineer at SADA - An Insight Company, and a Google Cloud Champion Innovator specializing in Modern Architecture. He focuses on infrastructure modernization and migration, applying his expertise to help organizations embrace the transformative power of cloud technologies. Natalie Tack: What technology area are you most fascinated with, and why?  Rohan Singh: Quite simply, I'm passionate about the cloud and DevOps: every day brings fresh developments, and there's always something new to learn. As a Senior Cloud Infrastructure Engineer, my work involves helping clients with their application infrastructure, focusing on strategy planning and choosing the best approach to their specific modernization and migration needs. A lot of companies are still working with legacy infrastructure, and finding the right strategy for them is a challenge that I really enjoy. Containerization is really big at the moment, so I’m doing a lot of work with Google Kubernetes Engine (GKE) and Anthos and using Migrate for Compute Engine to transition VMs from on-premise to the Cloud.  NT: What are some upcoming trends you’re enthusiastic about? RS: I’m seeing more and more interest in Infrastructure as a Code (IaC). IaC enables you to increase your level of control over infrastructure implementation and design and improves resource management and code versioning. Google recently launched Infrastructure Manager, which uses Terraform and allows you to manage your Google Cloud infrastructure through IaC. As a Champion Innovator, I attended an internal session with the Google team where they presented the product and answered any queries we had. This was really useful, as I believe IaC is set to be a significant shift for the industry.  I’m also really excited about the potential of generative AI. As a Champion Innovator, I was granted early access to Duet AI in Google Cloud, which I see as a sort of personal assistant who’s on call 24/7 to answer my queries and help me solve any code challenges. I'm looking forward to finding out more about the potential integration of generative AI with Google Cloud’s native DevOps tools for infrastructure and applications. It’s early days, but the potential to leverage generative AI to deliver improved solutions to clients, enhance our solution architecture and troubleshoot issues is thrilling.  NT: How do you like to learn new services, applications and technologies? RS: My main resources are Google Cloud blogs, documentation, and my company's internal channels, where we continuously discuss cloud migration and modernization. Google Cloud release notes are great as the information is coming straight from the source. Google Cloud blog articles and Medium posts are also really useful. The Innovators program has gathered a wealth of technical expertise from Google Cloud itself and other Innovators around the world.  Being an Innovator also gives me the opportunity to practice extensively on Google Cloud, which is great as I’m a strong believer in learning by doing. As soon as I find out about something new, I like to put it into practice straight away. But while passion is crucial, so is paying attention to your wellbeing. I focus on my mental health because it keeps me and my family happy and enhances my productivity. When my mind is at peace, I can think more clearly and provide better solutions to our clients. NT: How has being part of the Innovators program impacted your personal and professional development? RS: Access to internal and Innovators-only training and certifications has really helped shape my approach to infrastructure modernization and migration. Another huge advantage is the robust community support. You’re connected with dozens of cloud enthusiasts and seasoned professionals who are there to support you.  Joining the program has also really expanded my horizons. I come from a small town where there aren’t many opportunities to interact with outsiders. Being an Innovator has boosted my confidence as well as my interpersonal and communication skills. I've also learned to articulate complex technical concepts in simple terms, which is really useful when working with non-technical colleagues and clients.  Having “Google Cloud Champion Innovator for Modern Architecture” in your bio also makes a real difference. People pay far more attention to what you’re saying! Since joining the program, my global reach on LinkedIn and Medium, and the queries I receive, have increased threefold.  NT: How important is community to you?  RS: Very important! I’m a strong advocate for community engagement. Cloud communities and programs like Innovators emphasize collaboration and knowledge sharing and connect people from diverse backgrounds. Regular interactions with others provide insights into challenges we’re all facing and are a great way to gain perspective.  I actively seek to share my stories and experiences and help people on the Google Cloud community page and via my Medium blog, where I run an interview series called “Silly Sit-Downs(SSD) with Rohan” with people from the industry irrespective of their domain. Video and podcasts are really big these days, but I truly believe in the power of reading and writing. Reading sparks the imagination, and it’s accessible to people everywhere as it doesn’t require a strong internet connection. I see myself as a mentor now, communicating globally without barriers. I’m not interested in follower numbers per se, but when I get messages from people saying my content has helped them it really makes my day.  NT: What advice would you give to budding Innovators?  RS: Pursue knowledge and skills, not titles. Don't choose a technology like cloud computing just because your friends are doing it or because you think you can make good money. Explore it first and if it interests you, start with the basics. Don't stress yourself out with unrealistic expectations, such as becoming a cloud expert in six months. Take your time to learn and grow at your own pace, stay active, travel, learn new things beyond technology, talk to people, and take breaks when necessary. Just getting started is difficult in its own right. For even more insight into how organizations are innovating with generative AI, check out our growing Innovators community – we appreciate ideas from like-minded Google Cloud users who want to take their journey to the next level.

  • A pass is a pass. DP-600
    by /u/Raging-Loner (Microsoft Azure Certifications) on March 18, 2024 at 1:21 pm

    submitted by /u/Raging-Loner [link] [comments]

  • MS-102 vs SC-400
    by /u/lighthills (Microsoft Azure Certifications) on March 18, 2024 at 1:44 am

    How does DLP and Compliance content compare between the two? What are the main differences between the purposes of the certifications? submitted by /u/lighthills [link] [comments]

  • Where to take practice exams for Az-900 fundamentals?
    by /u/elipr787 (Microsoft Azure Certifications) on March 18, 2024 at 12:12 am

    I finished the Microsoft Modules and started watching john savill course on yt but i have a lot of experience with Azure on my job and wanna start taking practice exams. Where can i take practice exams that are closest to the real thing? submitted by /u/elipr787 [link] [comments]

  • Is it possible for someone to determine if I used accommodation or not?
    by /u/Alex_df_300 (Microsoft Azure Certifications) on March 17, 2024 at 6:30 pm

    Exams are not available in my native language and according to this web page I can request additional time as an accommodation. At the same time, I would rather not request that accommodation if someone would be able able to determine that I have used it during exam (information on the certificate or any other way). My question is: Is it possible for someone to determine if I used accommodation or not? submitted by /u/Alex_df_300 [link] [comments]

  • After Az900: AZ104 or Az204 (with a developer background)
    by /u/maujavier91 (Microsoft Azure Certifications) on March 17, 2024 at 3:44 pm

    I'm new to azure and already passes AZ900, I want to get an associate cert I'm interested more in Az204, I'm a software developer and haven't done much system administration, which of AZ104 and Az204 would be the easiest to get next, I've read that as a dev it would be easier to get Az204 but a cloud guru recommends to get first the AZ104 first and then go for the Az204, is the knowledge of AZ104 needed to make the Az204 easier or viceversa, I plan to get both in the end but I would like to take them in order of difficulty submitted by /u/maujavier91 [link] [comments]

  • How to create AZ-104 and AZ-305 study plans?
    by /u/StarryBlep (Microsoft Azure Certifications) on March 17, 2024 at 2:29 pm

    Hello! I’m currently working on creating a study plan for AZ-104 and AZ-305 for 1-2 months. For context, i don’t have a tech background and am unfamiliar with these things. To clarify, i won’t be the one taking the exam; just the one drafting up the study plans. I’ve read through some of the threads here and did my own research; as i understand, the self-paced learning paths on the Microsoft website seem to downplay the difficulty of these exams. I’ve also seen a plethora of learning resources like John Savill’s videos, etc. But hoping to ask if anyone can help me figure out how i can jumpstart the plan, or how to structure it? TIA! submitted by /u/StarryBlep [link] [comments]

  • DP100 - Sources for study
    by /u/dorkmotter (Microsoft Azure Certifications) on March 17, 2024 at 7:10 am

    I am preparing for dp100. I saw on internet that MS Learn, Coursera and Udemy are all outdated. I am really stressed and confused. Is there a clear resource that can be used to prepare for the exam? submitted by /u/dorkmotter [link] [comments]

  • Student discount help
    by /u/PXE590t (Microsoft Azure Certifications) on March 17, 2024 at 1:55 am

    I’ve posted in the Microsoft support forum and they just repeat the same robotic answer. Just wondered if anyone has had this issue? Verified myself as a student but doesn’t show discount at checkout. Does AZ-900 not get a discount? I’ve attached a few screenshots, maybe I’m missing something? https://imgur.com/a/gNkcFal https://imgur.com/a/gekNktb https://imgur.com/a/75LbItV https://imgur.com/a/wwaR8t5 ​ submitted by /u/PXE590t [link] [comments]

  • Practice Exam Providers
    by /u/T-cona204 (Microsoft Azure Certifications) on March 16, 2024 at 8:11 pm

    In the end, the exam prep providers do a decent job with with the practice exams they offer, I find they are worth purchasing and the time I spend on these provider's test platforms has helped me pass every exam I wrote the first time. I however find that some of the things they add into the practice exams are not needed. Maybe they do this to pad numbers, it is impressive in advertising to offer up to 300+ prep exam questions only to discover that 10-15% of the questions are on topics the CURRENT cert exam does not cover. I suppose I provide this post for others to add their impressions and feedback on the exam prep providers they have used. Here's hoping we can all help each other be wiser to find the best materials from the best sources to help anybody, from a new IT tech to the veteran, learn and use. submitted by /u/T-cona204 [link] [comments]

  • Azure Admin Certified!
    by /u/Mammoth_Cry_711 (Microsoft Azure Certifications) on March 16, 2024 at 5:01 pm

    Successfully passed the AZ104 Azure Administrator on my first attempt with over 3 years experience. Tutorials Dojo was by far and away the best resource I’ve used in attempting this feat. Scott Duffy’s course on Udemy is also a great resource for those who don’t know where or how to start but it’s a nice refresher for those in the field currently. submitted by /u/Mammoth_Cry_711 [link] [comments]

  • Feel like I’m vastly underestimating ms-102
    by /u/ITnewb30 (Microsoft Azure Certifications) on March 16, 2024 at 4:50 pm

    I recently finished John Christopher’s ms-102 course on Udemy. I understand this is only one source, but the entire time I felt like I already knew how to do everything that he was covering in the course. I’ve worked in Azure/365 for two years and do a lot of labbing on top of it. I’m not a stranger to IT certifications. I have a lot of CompTIA certs and ITIL, Sscp and another Linux cert. I have never taken a Microsoft cert so I don’t really know what to expect. Are there better sources that anyone else used to study for this exam? I plan to go through the Learn material too, I just wanted to do a third party course first. submitted by /u/ITnewb30 [link] [comments]

  • SC-300 Unlocked!
    by /u/slash0514 (Microsoft Azure Certifications) on March 16, 2024 at 9:45 am

    Just passed SC-300. Ready for SC-100. ​ submitted by /u/slash0514 [link] [comments]

  • Passed the AZ-305 exam
    by /u/egbur (Microsoft Azure Certifications) on March 16, 2024 at 5:10 am

    After doing a bit of Azure-related work following my AZ-104 last month, I decided to take the plunge and do my AZ-305 while the content was still fresh in memory. I was really not confident because there is so much more content to learn, but I am glad that I did. My score was 880, and the speed at which I could answer questions that were very similar to the ones you would expect form AZ-104 definitely helped. My test had 53 questions and started with a case study which I think was 6 or 7 questions. I finished everything with about 50 minutes to spare, and I used another 15 to review the ones I wasn't so sure about. I wasn't aiming for a perfect score and I do wonder which ones I did not get right, but I did change a few answers based on what I found in MS Learn so the extra time was useful. Resources-wise, I completed the Microsoft Challenge by doing all the modules it asked. This came with a bonus 50% discount on the exam cost. Aside from that, I also did the Microsoft Press course in LinkedIn Learning. I have free access to that through my local library so that was helpful. I also did some practice exams from TD and MS Learn, and of course viewed the study cram and DP900 videos by u/JohnSavill, which are both great. Now I might take a breather before I decide what to focus on next. submitted by /u/egbur [link] [comments]

  • AZ-104 Labs & ARM Template on GitHub
    by /u/MARS822a (Microsoft Azure Certifications) on March 15, 2024 at 8:36 pm

    It's VERY possible that I'm missing something, but I believe this ARM template on GitHub for this lab is wrong. Am I crazy or does it only create one vnet, while the lab requires three. Some of the resource names are incorrect too. I went back through the commits and three weeks ago a template was deleted that appeared to contain the correct vnets. Am I just missing something or is the template actually broken? TIA for any insights! submitted by /u/MARS822a [link] [comments]

  • Shifting to Microsoft
    by /u/sevenfoldnomad (Microsoft Azure Certifications) on March 15, 2024 at 8:14 pm

    Hi, I am a network engineer with 6 years experience in both project implementation and operations support. I moved to a new area and it seems that networking related jobs are not in demand here (checked on job sites). I am seeing tech support/sysadmin roles (AD, DNS, DHCP, Azure). I don't have any experience on any desktop support related jobs or sysadmin. I took MD-102 since it is an entry level microsoft certification, thinking also that it could help me land a job here in my area. I am planning to take AZ-104. My question is, is it worth it to take AZ-104? Considering that it will be a mismatch with my background and experience. And employers will question it somehow if I have an Azure cert and yet 0 experience. submitted by /u/sevenfoldnomad [link] [comments]

  • Certification Renewal Exam
    by /u/BA-94 (Microsoft Azure Certifications) on March 15, 2024 at 6:15 pm

    Has anybody else found the certification renewal assessment more difficult than the original exam? Took me three attempts to renew my Az-104 certification. submitted by /u/BA-94 [link] [comments]

  • Clarifying user administrator role permissions - Can a user administrator add devices to a resource group? Asking because of a question on whizlabs for a practice AZ 104 exam which is saying they can in the solutions...
    by /u/grmahs (Microsoft Azure Certifications) on March 15, 2024 at 3:08 pm

    submitted by /u/grmahs [link] [comments]

  • Taking the online exam overseas
    by /u/FrozenFury12 (Microsoft Azure Certifications) on March 15, 2024 at 11:25 am

    Does anyone have an experience taking the exam using Pearson Vue overseas? Since it says " Price based on the country or region in which the exam is proctored. " would I be paying the price of where I am currently located ? Or should I be entering my home address ? ​ submitted by /u/FrozenFury12 [link] [comments]


Top-paying Cloud certifications:

Google Certified Professional Cloud Architect — $175,761/year
AWS Certified Solutions Architect – Associate — $149,446/year
Azure/Microsoft Cloud Solution Architect – $141,748/yr
Google Cloud Associate Engineer – $145,769/yr
AWS Certified Cloud Practitioner — $131,465/year
Microsoft Certified: Azure Fundamentals — $126,653/year
Microsoft Certified: Azure Administrator Associate — $125,993/year

Top 100 AWS Solutions Architect Associate Certification Exam Questions and Answers Dump SAA-C03

How do we know that the Top 3 Voice Recognition Devices like Siri Alexa and Ok Google are not spying on us?

Djamgatech: Multilingual and Platform Independent Cloud Certification and Education App for AWS, Azure, Google Cloud

Djamgatech: AI Driven Continuing Education and Certification Preparation Platform

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Djamgatech – Multilingual and Platform Independent Cloud Certification and Education App for AWS Azure Google Cloud

Djamgatech is the ultimate Cloud Education Certification App. It is an EduFlix App for AWS, Azure, Google Cloud Certification Prep, School Subjects, Python, Math, SAT, etc. [Android, iOS]

Technology is changing and is moving towards the cloud. The cloud will power most businesses in the coming years and is not taught in schools. How do we ensure that our kids and youth and ourselves are best prepared for this challenge?

Building mobile educational apps that work offline and on any device can help greatly in that sense.

The ability to tab on a button and learn the cloud fundamentals and take quizzes is a great opportunity to help our children and youth to boost their job prospects and be more productive at work.


The App covers the following certifications :
AWS Cloud Practitioner Exam Prep CCP CLF-C01, Azure Fundamentals AZ 900 Exam Prep, AWS Certified Solution Architect Associate SAA-C02 Exam Prep, AWS Certified Developer Associate DVA-C01 Exam Prep, Azure Administrator AZ 104 Exam Prep, Google Associate Cloud Engineer Exam Prep, Data Analytics for AWS DAS-C01, Machine Learning for AWS and Google, AWS Certified Security – Specialty (SCS-C01), AWS Certified Machine Learning – Specialty (MLS-C01), Google Cloud Professional Machine Learning Engineer and more… [Android, iOS]

Djamgatech: Multilingual and Platform Independent Cloud Certification and Education App for AWS, Azure, Google Cloud
Djamgatech: Multilingual and Platform Independent Cloud Certification and Education App for AWS, Azure, Google Cloud

The App covers the following cloud categories:

AWS Technology, AWS Security and Compliance, AWS Cloud Concepts, AWS Billing and Pricing , AWS Design High Performing Architectures, AWS Design Cost Optimized Architectures, AWS Specify Secure Applications And Architectures, AWS Design Resilient Architecture, Development With AWS, AWS Deployment, AWS Security, AWS Monitoring, AWS Troubleshooting, AWS Refactoring, Azure Pricing and Support, Azure Cloud Concepts , Azure Identity, governance, and compliance, Azure Services , Implement and Manage Azure Storage, Deploy and Manage Azure Compute Resources, Configure and Manage Azure Networking Services, Monitor and Backup Azure Resources, GCP Plan and configure a cloud solution, GCP Deploy and implement a cloud solution, GCP Ensure successful operation of a cloud solution, GCP Configure access and security, GCP Setting up a cloud solution environment, AWS Incident Response, AWS Logging and Monitoring, AWS Infrastructure Security, AWS Identity and Access Management, AWS Data Protection, AWS Data Engineering, AWS Exploratory Data Analysis, AWS Modeling, AWS Machine Learning Implementation and Operations, GCP Frame ML problems, GCP Architect ML solutions, GCP Prepare and process data, GCP Develop ML models, GCP Automate & orchestrate ML pipelines, GCP Monitor, optimize, and maintain ML solutions, etc.. [Android, iOS]


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

Cloud Education and Certification

The App covers the following Cloud Services, Framework and technologies:

AWS: VPC, S3, DynamoDB, EC2, ECS, Lambda, API Gateway, CloudWatch, CloudTrail, Code Pipeline, Code Deploy, TCO Calculator, SES, EBS, ELB, AWS Autoscaling , RDS, Aurora, Route 53, Amazon CodeGuru, Amazon Bracket, AWS Billing and Pricing, Simply Monthly Calculator, cost calculator, Ec2 pricing on-demand, IAM, AWS Pricing, Pay As You Go, No Upfront Cost, Cost Explorer, AWS Organizations, Consolidated billing, Instance Scheduler, on-demand instances, Reserved instances, Spot Instances, CloudFront, Workspace, S3 storage classes, Regions, Availability Zones, Placement Groups, Amazon lightsail, Redshift, EC2 G4ad instances, DAAS, PAAS, IAAS, SAAS, NAAS, Machine Learning, Key Pairs, AWS CloudFormation, Amazon Macie, Amazon Textract, Glacier Deep Archive, 99.999999999% durability, AWS Codestar, Amazon Neptune, S3 Bucket, EMR, SNS, Desktop As A Service, Emazon EC2 for Mac, Aurora Postgres SQL, Kubernetes, Containers, Cluster.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Azure: Virtual Machines, Azure App Services, Azure Container Instances (ACI), Azure Kubernetes Service (AKS), and Windows Virtual Desktop, Virtual Networks, VPN Gateway, Virtual Network peering, and ExpressRoute, Container (Blob) Storage, Disk Storage, File Storage, and storage tiers, Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, and SQL Managed Instance, Azure Marketplace, Azure consumption-based mode, management groups, resources and RG, Geographic distribution concepts such as Azure regions, region pairs, and AZ Internet of Things (IoT) Hub, IoT Central, and Azure Sphere, Azure Synapse Analytics, HDInsight, and Azure Databricks, Azure Machine Learning, Cognitive Services and Azure Bot Service, Serverless computing solutions that include Azure Functions and Logic Apps, Azure DevOps, GitHub, GitHub Actions, and Azure DevTest Labs, Azure Mobile, Azure Advisor, Azure Resource Manager (ARM) templates, Azure Security, Privacy and Workloads, General security and network security, Azure security features, Azure Security Centre, policy compliance, security alerts, secure score, and resource hygiene, Key Vault, Azure Sentinel, Azure Dedicated Hosts, Concept of defense in depth, NSG, Azure Firewall, Azure DDoS protection, Identity, governance, Conditional Access, Multi-Factor Authentication (MFA), and Single Sign-On (SSO),Azure Services, Core Azure architectural components, Management Groups, Azure Resource Manager,

Google Cloud Platform: Compute Engine, App Engine, BigQuery, Bigtable, Pub/Sub, flow logs, CORS, CLI, pod, Firebase, Cloud Run, Cloud Firestore, Cloud CDN, Cloud Storage, Persistent Disk, Kubernetes engine, Container registry, Cloud Load Balancing, Cloud Dataflow, gsutils, Cloud SQL,

2022 AWS Cloud Practitioner Exam Preparation

Cloud Education Certification: Eduflix App for Cloud Education and Certification (AWS, Azure, Google Cloud) [Android, iOS]

Features:
– Practice exams
– 1000+ Q&A updated frequently.
– 3+ Practice exams per Certification
– Scorecard / Scoreboard to track your progress
– Quizzes with score tracking, progress bar, countdown timer.
– Can only see scoreboard after completing the quiz.
– FAQs for most popular Cloud services
– Cheat Sheets
– Flashcards
– works offline

Note and disclaimer: We are not affiliated with AWS, Azure, Microsoft or Google. The questions are put together based on the certification study guide and materials available online. The questions in this app should help you pass the exam but it is not guaranteed. We are not responsible for any exam you did not pass.

Important: To succeed with the real exam, do not memorize the answers in this app. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps

AWS Certified Security – Specialty Questions and Answers Dumps

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps

Almost 4.57 billion people were active internet users as of July 2020, encompassing 59 percent of the global population.  94% of enterprises use cloud. 77% of organizations worldwide have at least one application running on the cloud. This results in an exponential growth of cyber attacks. Therefore, CyberSecurity is one  the biggest challenge to individuals and organizations worldwide:  158,727 cyber attacks per hour, 2,645 per minute and 44 every second of every day.  

In this blog, we cover the Top 25 AWS Certified Security Specialty Questions and Answers Dumps and all latest and relevant information about CyberSecurity including:

I- The AWS Certified Security – Specialty (SCS-C01) examination is intended for  individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform.

It validates an examinee’s ability to demonstrate:

An understanding of specialized data classifications and AWS data protection mechanisms.


An understanding of data-encryption methods and AWS mechanisms to implement them.

An understanding of secure Internet protocols and AWS mechanisms to implement them.

A working knowledge of AWS security services and features of services to provide a secure production environment.


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

Competency gained from two or more years of production deployment experience using AWS security services and features.

The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.

CyberSecurity 101 and Top 25  AWS Certified Security Specialty Questions and Answers Dumps
AWS Certified Security Specialty

An understanding of security operations and risks.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Below are the Top 25 AWS Certified Security Specialty Questions and Answers Dumps including Notes, Hint and References:

Question 1:  When requested through an STS API call, credentials are returned with what three components?

A)  Security Token, Access Key ID, Signed URL
B) Security Token, Access Key ID, Secret Access Key
C) Signed URL, Security Token, Username
D) Security Token, Secret Access Key, Personal Pin Code
 

ANSWER1:

B

Notes/Hint1:

Security Token, Access Key ID, Secret Access Key

Reference1: Security Token, Access Key ID, Secret Access Key

Get mobile friendly version of the quiz @ the App Store

Back to Top

Question 2: A company has AWS workloads in multiple geographical locations. A Developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the Developer wants to create the same encrypted database in the us-east-1 Region. Which approach should the Developer take to accomplish this task?

A) Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region and specify a KMS key in the us-east-1 Region. Restore the database from the copied snapshot.
B) Create an unencrypted snapshot of the database in the us-west-1 Region. Copy the snapshot to the useast-1 Region. Restore the database from the copied snapshot and enable encryption using the KMS key from the us-east-1 Region
C) Disable encryption on the database. Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region. Restore the database from the copied snapshot.
D) In the us-east-1 Region, choose to restore the latest automated backup of the database from the us-west1 Region. Enable encryption using a KMS key in the us-east-1 Region
 

ANSWER2:

A

Notes/Hint2:

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region specific. Instead, users must specify a KMS key that is valid in the destination Region

Reference2: copies an encrypted snapshot, KMS Keys are Region-specific

Get mobile friendly version of the quiz @ the App Store

Question 3: A corporate cloud security policy states that communication between the company’s VPC and KMS must travel entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST satisfies this requirement? (Select TWO.) 

A) Add the aws:sourceVpce condition to the AWS KMS key policy referencing the company’s VPC endpoint ID.
 
B) Remove the VPC internet gateway from the VPC and add a virtual private gateway to the VPC to prevent direct, public internet connectivity.
 
C) Create a VPC endpoint for AWS KMS with private DNS enabled.
 
D) Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. E) Add the following condition to the AWS KMS key policy: “aws:SourceIp”: “10.0.0.0/16“.
 

ANSWER3:

A and C

Notes/Hint3: 

An IAM policy can deny access to AWS KMS except through your VPC endpoint with the following condition statement: 
“Condition”:  {
     “StringNotEquals”: { 
             “aws:sourceVpce”: “vpce-0295a3caf8414c94a” 
                 } 
}
 If you select the Enable Private DNS Name option, the standard AWS KMS DNS hostname resolves to your VPC endpoint.

Reference3: AWS KMS

Get mobile friendly version of the quiz @ the App Store

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

Question 4: An application team is designing a solution with two applications. The security team wants the applications’ logs to be captured in two different places, because one of the applications produces logs with sensitive data. Which solution meets the requirement with the LEAST risk and effort? 

A) Use Amazon CloudWatch Logs to capture all logs, write an AWS Lambda function that parses the log file, and move sensitive data to a different log.
 
B) Use Amazon CloudWatch Logs with two log groups, with one for each application, and use an AWS IAM policy to control access to the log groups, as required.
 
C) Aggregate logs into one file, then use Amazon CloudWatch Logs, and then design two CloudWatch metric filters to filter sensitive data from the logs.
 
 D) Add logic to the application that saves sensitive data logs on the Amazon EC2 instances’ local storage, and write a batch script that logs into the Amazon EC2 instances and moves sensitive logs to a secure location.
 

ANSWER4:

B

Notes/Hint4: 

Each application’s log can be configured to send the log to a specific Amazon CloudWatch Logs log group.

Reference4: Amazon CloudWatch Logs log group.

Get mobile friendly version of the quiz @ the App Store

Question 5: A security engineer must set up security group rules for a three-tier application: 

  • Presentation tier – Accessed by users over the web, protected by the security group presentation-sg
  • Logic tier – RESTful API accessed from the presentation tier through HTTPS, protected by the security group logic-sg
  • Data tier – SQL Server database accessed over port 1433 from the logic tier, protected by the security group data-sg
Which combination of the following security group rules will allow the application to be secure and functional? (Select THREE.)
 
A) presentation-sg: Allow ports 80 and 443 from 0.0.0.0/0
B) data-sg: Allow port 1433 from presentation-sg
C) data-sg: Allow port 1433 from logic-sg
D) presentation-sg: Allow port 1433 from data-sg
 E) logic-sg: Allow port 443 from presentation-sg
F) logic-sg: Allow port 443 from 0.0.0.0/0
 

ANSWER5:

A C and E

Notes/Hint5: 

In an n-tier architecture, each tier’s security group allows traffic from the security group sending it traffic only. The presentation tier opens traffic for HTTP and HTTPS from the internet. Since security groups are stateful, only inbound rules are required.

Reference5: n-tier architecture

Get mobile friendly version of the quiz @ the App Store

Question 6: A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the engineer take to enable users to be authenticated into the web application and call APIs? (Select THREE). 

A) Create a custom authorization service using AWS Lambda.
 
B) Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
 
C) Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
 
D) Configure an Amazon Cognito identity pool to integrate with social login providers.
 
E) Update DynamoDB to store the user email addresses and passwords.
 
F) Update API Gateway to use an Amazon Cognito user pool authorizer.

ANSWER6:

B, C and F

Notes/Hint6: 

When Amazon Cognito receives a SAML assertion, it needs to be able to map SAML attributes to user pool attributes. When configuring Amazon Cognito to receive SAML assertions from an identity provider, you need ensure that the identity provider is configured to have Amazon Cognito as a relying party. Amazon API Gateway will need to be able to understand the authorization being passed from Amazon Cognito, which is a configuration step.

Reference6: user pool attributes Amazon API Gateway 

Get mobile friendly version of the quiz @ the App Store

Question 7: A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A security engineer has written the following bucket policy to grant public read access:

Attempts to read an object, however, receive the error: “Action does not apply to any resource(s) in statement.” What should the engineer do to fix the error? 
 
A) Change the IAM permissions by applying PutBucketPolicy permissions.
 
B) Verify that the policy has the same name as the bucket name. If not, make it the same.
 
C) Change the resource section to “arn:aws:s3:::appbucket/*”.
 
D) Add an s3:ListBucket action.
 

ANSWER7:

C

Notes/Hint7: 

The resource section should match with the type of operation. Change the ARN to include /* at the end, as it is an object operation.

Reference7: IAM Policy – Access to S3 bucket

Get mobile friendly version of the quiz @ the App Store

Question 8: A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)

 A) Check to see if the application servers are in a private subnet or public subnet.
B) Check the route tables for the application server subnets for routes to the VPC peering connection.
C) Check the NACLs for the database subnets for rules that allow traffic from the internet.
D) Check the database security groups for rules that allow traffic from the application servers.
E) Check to see if the database VPC has an internet gateway.
 

ANSWER8:

B and D

Notes/Hint8: 

You must configure the route tables in each VPC to route to each other through the peering connection. You also must add rules to the security group for the databases to accept requests from the application server security group in the other VPC. 

Reference8: route tables ,  rules to the security groupsecurity group in the other VPC

Get mobile friendly version of the quiz @ the App Store

Question 9: A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture: 

  • Data must be encrypted in transit. 
  • Data must be encrypted at rest. 
  • The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential. 
Which combination of steps would meet the requirements? (Select TWO.) 
 
A) Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.
 
B) Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.
 
C) Add a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.
 
D) Add a bucket policy with aws:SourceIp to allow uploads and downloads from the corporate intranet only.
 
E) Enable Amazon Macie to monitor and act on changes to the data lake’s S3 bucket.

ANSWER9:

B and C

Notes/Hint9: 

Bucket encryption using KMS will protect both in case disks are stolen as well as if the bucket is public. This is because the AWS KMS key would need to have privileges granted to it for users outside of AWS. HTTPS will protect data in transit.

Reference9: Bucket encryption using KMS, privileges granted data in transit

Get mobile friendly version of the quiz @ the App Store

Question 10: A security engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way? 

A) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket with versioning enabled. Set a lifecycle policy to move the data to Amazon Glacier daily, and expire the data after 90 days.
 
B) Enable AWS CloudTrail logging across all accounts to S3 buckets. Set a lifecycle policy to expire the data in each bucket after 7 years.
 
C) Enable AWS CloudTrail logging across all accounts to Amazon Glacier. Set a lifecycle policy to expire the data after 7 years.
 
D) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket. Set a lifecycle policy to move the data to Amazon Glacier after 90 days, and expire the data after 7 years.
 

ANSWER10:

D

Notes/Hint10: 

Meets all requirements and is cost effective by using lifecycle policies to transition to Amazon Glacier.

Reference10: lifecycle policies

Get mobile friendly version of the quiz @ the App Store

Question 11: A security engineer has been informed that a user’s access key has been found on GitHub. The engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities. Which steps must be taken to perform these tasks? 

A) Review the user’s IAM permissions and delete any unrecognized or unauthorized resources.
B) Delete the user, review Amazon CloudWatch Logs in all regions, and report the abuse.
C) Delete or rotate the user’s key, review the AWS CloudTrail logs in all regions, and delete any unrecognized or unauthorized resources.
D) Instruct the user to remove the key from the GitHub submission, rotate keys, and re-deploy any instances that were launched.
 

ANSWER11:

C

Notes/Hint11: 

 Removes keys and audits the environment for malicious activities.

Reference11: malicious activities

Get mobile friendly version of the quiz @ the App Store

Question 12: You have a CloudFront distribution configured with the following path patterns: When users request objects that start with ‘static2/’, they are receiving 404 response codes. What might be the problem?

A) CloudFront distributions cannot have multiple different origin types

B) The ‘*’ path pattern must appear after the ‘static2/*’ path

C) CloudFront distributions cannot have origins in different AWS regions
 
D) The ‘*’ path pattern must appear before ‘static1/*’ path
        

ANSWER12:

C

Notes/Hint12: 

CloudFront distributions cannot have origins in different AWS regions

Reference12: CloudFront

Get mobile friendly version of the quiz @ the App Store

Question 13: An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?

A) Access the data through an Internet Gateway.”,
B) Access the data through a VPN connection.”,
C) Access the data through a NAT Gateway.”,
D) Access the data through a VPC endpoint for Amazon S3″,
 

ANSWER13:

D

Notes/Hint13: 

VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.

Reference13: S3 VPC Endpoints

Get mobile friendly version of the quiz @ the App Store

Question 14: An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data. How can the organization control which networks can access the cluster?

A) Run the cluster in a different VPC and connect through VPC peering
B) Create a database user inside the Amazon Redshift cluster only for users on the network
 C) Define a cluster security group for the cluster that allows access from the allowed networks
  D) Only allow access to networks that connect with the shared services network via VPN
 

ANSWER14:

C

Notes/Hint14: 

A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic

Reference14: AWS Security best practice

Get mobile friendly version of the quiz @ the App Store

Question 15: From a security perspective, what is a principal?

A) An identity
B) An anonymous user
C) An authenticated user
D) A resource
 

ANSWER15:

B and C

Notes/Hint15: 

An anonymous user falls under the definition of a principal. A principal can be an anonymous user acting on a system.  An authenticated user falls under the definition of a principal. A principal can be an authenticated user acting on a system

Reference15: IAM

Get mobile friendly version of the quiz @ the App Store

Question 16: A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?

A) Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
B) Pass the access key to the instances through instance user data.
C) Obtain the access key from a key server launched in a private subnet
D) Create an IAM role with permissions to access the table, and launch all instances with the new role
 

ANSWER16:

D

Notes/Hint16: 

IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret

Reference16: IAM Roles for EC2

Get mobile friendly version of the quiz @ the App Store

Question 17: While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using ____.”,

A) HTTP
B) Internet Protocol Security(IPsec)
C) TLS (Transport Layer Security)
D) HTTPS
 

ANSWER17:

D

Notes/Hint17: 

REST/ Query requests should use HTTPS

Reference17: Rest API

Get mobile friendly version of the quiz @ the App Store

Question 18: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

A) Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
B) Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
C) Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
D) Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.”,
 

ANSWER18:

D

Notes/Hint18:

With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.

Reference18: KMS

Get mobile friendly version of the quiz @ the App Store

Question 19: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

A) Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
B) Configure S3 bucket tags with your AWS access keys for your bucket hosting your website so that the application can query them for access.
C) Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
D) Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
 

ANSWER2:

C

Notes/Hint19: 

With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used

Reference19: About Web Identity Federation

Get mobile friendly version of the quiz @ the App Store

Question 20: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

A) Cognito Data
B) Cognito Events
C) Cognito Streams
D) Cognito Callbacks
 

ANSWER20:

C

Notes/Hint20: 

Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams

Reference20: Cognito Streams

Question 21: Which of the following statements is correct in relation to kMS / (Choose 2)
A) KMS Encryption keys are regional
B) You cannot export your customer master key
C) You can export your customer master key.
D) KMS encryption Keys are global”,
 

ANSWER21:

A and B

Notes/Hint21:

AWS Key Management Service FAQs: You cannot export your customer master key, KMS Encryption keys are regional

Reference21: AWS Key Management Service FAQs

Question 22: Which of the following statements are correct? (Choose 2)

A) The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
B) The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
C) The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
D) The Customer MasterKey is used to encrypt and decrypt plain text files.
 

ANSWER22:

A and B

Notes/Hint22:

AWS Key Management Service Concepts: The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key, The Envelope Key or Data Key is used to encrypt and decrypt plain text files.

Reference22: KMS

Question 23: Which of the following is an encrypted key used by KMS to encrypt your data
A) Customer Managed Key
 B) Encryption Key
C) Envelope Key
D) Customer Master Key
 

ANSWER23:

C

Notes/Hint23:

Your Data key also known as the Enveloppe key is encrypted using the master key. This approach is known as Envelope encryption. Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key

Reference23: Envelope encryption

Question 24: Which command can you use to encrypt a plain text file using CMK?

A) aws kms-encrypt
B) aws iam encrypt
C) aws kms encrypt
D) aws encrypt
 

ANSWER24:

C

Notes/Hint24:

aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab —plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\\Temp\\ExampleEncryptedFile.base64

Reference24: AWS CLI Encrypt

Question 25: If an EC2 instance uses an instance role, key rotation is automatic and handled by __.

A) A script containing a valid IAM username and password stored on the EC2 instance.
B) ssh-keygen on the EC2 instance
C) The EC2 service
D) IAM/STS
 

ANSWER25:

D

Notes/Hint25:

Instance role key rotation is handled by IAM/STS.

Reference25: IAM/STS

Question 26: A Security engineer must develop an AWS Identity and Access Management (IAM) strategy for a company’s organization in AWS Organizations. The company needs to give developers autonomy to develop and test their applications on AWS, but the company also needs to implement security guardrails to help protect itself. The company creates and distributes applications with different levels of data classification and types. The solution must maximize scalability.

Which combination of steps should the security engineer take to meet these requirements? (Choose three.)

A) Create an SCP to restrict access to highly privileged or unauthorized actions to specific AM principals. Assign the SCP to the appropriate AWS accounts.

B) Create an IAM permissions boundary to allow access to specific actions and IAM principals. Assign the IAM permissions boundary to all AM principals within the organization

C) Create a delegated IAM role that has capabilities to create other IAM roles. Use the delegated IAM role to provision IAM principals by following the principle of least privilege.

D) Create OUs based on data classification and type. Add the AWS accounts to the appropriate OU. Provide developers access to the AWS accounts based on business need.

E) Create IAM groups based on data classification and type. Add only the required developers’ IAM role to the IAM groups within each AWS account.

F) Create IAM policies based on data classification and type. Add the minimum required IAM policies to the developers’ IAM role within each AWS account.

Answer:  A B and C

Notes:

If you look at the choices, there are three related to SCP, which controls services, and three related to IAM and permissions boundaries.

Limiting services doesn’t help with data classification – using boundaries, policies and roles give you the scalability and can solve the problem.

Question 27: A Network Load Balancer (NLB) target instance is not entering the InService state. A security engineer determines that health checks are failing,

Which factors could cause the health check failures? (Choose three.)

A) The target instance’s security group does not allow traffic from the NLB.

B) The target instance’s security group is not attached to the NLB

C) The NLB’s security group is not attached to the target instance.

D) The target instance’s subnet network ACL does not allow traffic from the NLB.

E) The target instance’s security group is not using IP addresses to allow traffic from the NLB.

F) The target network ACL is not attached to the NLB.

B D and E I believe. You have a one to many relationship based on L3 NLB, and it’s unreachable – well architected would put them in same security group, the traffic would have to be allowed on the port that’s sending and receiving. The host points back to NLB as default gateway. Don’t think other ones fit. Plus BDE is a preferred combo for their tests. I remember it with the acronym big dice envy.

Get mobile friendly version of the quiz @ the App Store

Back to Top

II- SOURCES:

0- Djamgatech Cloud Security Playlist on Youtube:

1- Developer Certified Exam Prep Pro App

2- Prepare for Your AWS Certification Exam

Back to Top

CYBERSECURITY KEY TERMS

1- Security Key Terms:

    • Cryptography:  Practice and study of techniques for secure communication in the presence of third parties called adversaries.
    • Hacking: catch-all term for any type of misuse of a computer to break the security of another computing system to steal data, corrupt systems or files, commandeer the environment or disrupt data-related activities in any way.
    • Cyberwarfare: Uuse of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists
    • Penetration testing: Colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.
      • Malwares: Any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware. 
    • Malware Analysis Tool: Any .Run Malware hunting with live access to the heart of an incident https://any.run/Malware Analysis Total:  VirusTotal – Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community https://www.virustotal.com/gui/
    • VPN: A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection.
    • Antivirus: Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
    • DDos: A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack.
    • Fraud Detection: Set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.
    • Spywares: Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device’s security.
    • Spoofing: Disguising a communication from an unknown source as being from a known, trusted source
    • Pharming: Malicious websites that look legitimate and are used to gather usernames and passwords.
    • Catfishing: Creating a fake profile for fraudulent or deceptive purposes
    • SSL: Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
    • Phishing emails: Disguised as trustworthy entity to lure someone into providing sensitive information
    • Intrusion detection System: Device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
    • Encryption: Encryption is the method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
    • MFA: Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
    • Vulnerabilities:vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
    • SQL injections: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
    • Cyber attacks: In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
    • Confidentiality: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
    • Secure channel: In cryptography, a secure channel is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing, but not necessarily resistant to tampering.
    • Tunneling: Communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
    • SSH: Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
    • SSL Certificates: SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information.
    • Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
    • Cybercrime: Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation’s security and financial health.
    • Backdoor: A backdoor is a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
    • Salt and Hash: A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts.
    • Password: A password, sometimes called a passcode,[1] is a memorized secret, typically a string of characters, usually used to confirm the identity of a user.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant’s identity.
    • Fingerprint: fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal.
    • Facial recognition: Facial recognition works better for a person as compared to fingerprint detection. It releases the person from the hassle of moving their thumb or index finger to a particular place on their mobile phone. A user would just have to bring their phone in level with their eye.
    • Asymmetric key ciphers versus symmetric key ciphers (Difference between symmetric and  Asymmetric encryption): The basic difference between these two types of encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.
    • Decryption: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
    • Algorithms: Finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation.
    • DFIR: Digital forensic and incident response: Multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. We’ll discuss those more below.
      • OTP: One Time Password: A one-time password, also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device
    • Proxy Server and Reverse Proxy Server:A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.

LATEST CYBER SECURITY NEWS

Cybersecurity Certification

cybersecurity certification roadmap
cybersecurity certification roadmap

WireShark Cheat Sheet

Wireshark Cheat Sheet
Wireshark Cheat Sheet

HACKING TOOLS CHEAT SHEET

hacking Cheat Sheet
hacking Cheat Sheet

Top CyberSecurity All Time Posts

Show All Around Defender Primers

Show Offensive * Exploit Database

Offensive * Exploit Database – The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. https://www.exploit-db.com/

CYBERSECURITY NEWS

  • Krebs On Security In depth security news and investigation https://krebsonsecurity.com/
  • Dark Reading Cyber security’s comprehensive news site is now an online community for security professionals. https://www.darkreading.com/
  • The Hacker News – The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts. https://thehackernews.com
  • SecuriTeam – A free and independent source of vulnerability information. https://securiteam.com/
  • SANS NewsBites – “A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.” Published for free on Tuesdays and Fridays. https://www.sans.org/newsletters/newsbites

CYBERSECURITY YOUTUBE CHANNELS

YouTube Channels

This list was originally forked/curated from here: https://wportal.xyz/collection/cybersec-yt1 on (7/29/2020) Attribution and appreciation to d4rckh

CYBERSECURITY PODCASTS:

Podcasts

  • Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
  • Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
  • Security Now – Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
  • Daily Information Security Podcast (“StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
  • ShadowTalk Threat Intelligence Podcast by Digital Shadow_. The weekly podcast highlights key findings of primary-source research our Intelligence Team is conducting, along with guest speakers discussing the latest threat actors, campaigns, security events and industry news. https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk
  • Don’t Panic – The Unit 42 Podcast Don’t Panic! is the official podcast from Unit 42 at Palo Alto Networks. We find the big issues that are frustrating cyber security practitioners and help simplify them so they don’t need to panic. https://unit42.libsyn.com/
  • Recorded Future Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. https://www.recordedfuture.com/resources/podcast/
  • The Cybrary Podcast Listen in to the Cybrary Podcast where we discuss a range topics from DevSecOps and Ransomware attacks to diversity and how to retain of talent. Entrepreneurs at all stages of their startup companies join us to share their stories and experience, including how to get funding, hiring the best talent, driving sales, and choosing where to base your business. https://www.cybrary.it/info/cybrary-podcast/
  • Cyber Life The Cyber Life podcast is for cyber security (InfoSec) professionals, people trying to break into the industry, or business owners looking to learn how to secure their data. We will talk about many things, like how to get jobs, cover breakdowns of hot topics, and have special guest interviews with the men and women “in the trenches” of the industry. https://redcircle.com/shows/cyber-life
  • Career Notes Cybersecurity professionals share their personal career journeys and offer tips and advice in this brief, weekly podcast from The CyberWire. https://www.thecyberwire.com/podcasts/career-notes

Below podcasts Added from here: https://infosec-conferences.com/cybersecurity-podcasts/

  • Down the Security Rabbithole http://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
  • The Privacy, Security, & OSINT Show https://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
  • Defensive Security Podcast https://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
  • Darknet Diaries https://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
  • Brakeing Down Security https://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
  • Open Source Security Podcast https://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
  • Cyber Motherboard https://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
  • Hak5 https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
  • Threatpost Podcast Series https://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
  • CISO-Security Vendor Relationship Podcast https://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.
  • Getting Into Infosec Podcast Stories of how Infosec and Cybersecurity pros got jobs in the field so you can be inspired, motivated, and educated on your journey. – https://gettingintoinfosec.com/
  • Unsupervised Learning Weekly podcasts and biweekly newsletters as a curated summary intersection of security, technology, and humans, or a standalone idea to provoke thought, by Daniel Miessler. https://danielmiessler.com/podcast/

SECURITY BOOKS:

CYBERSECURITY TRAINING:

Training

  • WebSecurity Academy Free online web security training from the creators of Burp Suite https://portswigger.net/web-security
  • Mosse Cyber Security Institute Introduction to cybersecurity free certification with 100+ hours of training, no expiry/renewals, https://www.mosse-institute.com/certifications/mics-introduction-to-cyber-security.html
  • BugCrowd University Free bug hunting resources and methodologies in form of webinars, education and training. https://www.bugcrowd.com/hackers/bugcrowd-university/
  • Certified Network Security Specialist Certification and training; Expires Aug 31 2020 Use coupon code #StaySafeHome during checkout to claim your free access. Offer is valid till 31/08/2020. £500.00 Value https://www.icsi.co.uk/courses/icsi-cnss-certified-network-security-specialist-covid-19
  • Metasploit Unleashed Most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. https://www.offensive-security.com/metasploit-unleashed/
  • AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
  • SANS Faculty Free Tools List of OSS developed by SANS staff. https://www.sans.org/media/free/free-faculty-tools.pdf?msc=sans-free-lp
  • “Using ATT&CK for Cyber Threat Intelligence Training” – 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
  • Coursera -“Coursera Together: Free online learning during COVID-19” Lots of different types of free training. https://blog.coursera.org/coursera-together-free-online-learning-during-covid-19/
  • Fortinet Security Appliance Training Free access to the FortiGate Essentials Training Course and Network Security Expert courses 1 and 2 https://www.fortinet.com/training/cybersecurity-professionals.html
  • Chief Information Security Officer (CISO) Workshop Training – The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
  • CLARK Center Plan C – Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
  • Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
  • Hacker101 – Free classes for web security – https://www.hacker101.com/
  • ElasticStack – Free on-demand Elastic Stack, observability, and security courses. https://training.elastic.co/learn-from-home
  • Hoppers Roppers – Community built around a series of free courses that provide training to beginners in the security field. https://www.hoppersroppers.org/training.html
  • IBM Security Learning Academy Free technical training for IBM Security products. https://www.securitylearningacademy.com/
  • M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
  • Open P-TECH Free digital learning on the tech skills of tomorrow. https://www.ptech.org/open-p-tech/
  • Udemy – Online learning course platform “collection from the free courses in our learning marketplace” https://www.udemy.com/courses/free/
  • Enroll Now Free: PCAP Programming Essentials in Python https://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
  • Packt Web Development Course Web Development Get to grips with the fundamentals of the modern web Unlock one year of free online access. https://courses.packtpub.com/pages/free?fbclid=IwAR1FtKQcYK8ycCmBMXaBGvW_7SgPVDMKMaRVwXYcSbiwvMfp75gazxRZlzY
  • Stanford University Webinar – Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: — The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
  • Stanford University Webinar – Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
  • Kill Chain: The Cyber War on America’s Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
  • Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
  • Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
  • Pluralsight and Microsoft Partnership to help you become an expert in Azure. With skill assessments and over 200+ courses, 40+ Skill IQs and 8 Role IQs, you can focus your time on understanding your strengths and skill gaps and learn Azure as quickly as possible.https://www.pluralsight.com/partners/microsoft/azure
  • Blackhat Webcast Series Monthly webcast of varying cyber topics. I will post specific ones in the training section below sometimes, but this is worth bookmarking and checking back. They always have top tier speakers on relevant, current topics. https://www.blackhat.com/html/webcast/webcast-home.html
  • Federal Virtual Training Environment – US Govt sponsored free courses. There are 6 available, no login required. They are 101 Coding for the Public, 101 Critical Infrastructure Protection for the Public, Cryptocurrency for Law Enforcement for the Public, Cyber Supply Chain Risk Management for the Public, 101 Reverse Engineering for the Public, Fundamentals of Cyber Risk Management. https://fedvte.usalearning.gov/public_fedvte.php
  • Harrisburg University CyberSecurity Collection of 18 curated talks. Scroll down to CYBER SECURITY section. You will see there are 4 categories Resource Sharing, Tools & Techniques, Red Team (Offensive Security) and Blue Teaming (Defensive Security). Lot of content in here; something for everyone. https://professionaled.harrisburgu.edu/online-content/
  • OnRamp 101-Level ICS Security Workshop Starts this 4/28. 10 videos, Q&A / discussion, bonus audio, great links. Get up to speed fast on ICS security. It runs for 5 weeks. 2 videos per week. Then we keep it open for another 3 weeks for 8 in total. https://onramp-3.s4xevents.com
  • HackXOR WebApp CTF Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I’ve personally found while doing pentests, bug bounty hunting, and research. https://hackxor.net/
  • Suricata Training 5-part training module using a simulation as a backdrop to teach how to use Suricata. https://rangeforce.com/resource/suricata-challenge-reg/
  • flAWS System Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). Multiple levels, “Buckets” of fun. http://flaws.cloud/
  • Stanford CS 253 Web Security A free course from Stanford providing a comprehensive overview of web security. The course begins with an introduction to the fundamentals of web security and proceeds to discuss the most common methods for web attacks and their countermeasures. The course includes video lectures, slides, and links to online reading assignments. https://web.stanford.edu/class/cs253
  • Linux Journey A free, handy guide for learning Linux. Coverage begins with the fundamentals of command line navigation and basic text manipulation. It then extends to more advanced topics, such as file systems and networking. The site is well organized and includes many examples along with code snippets. Exercises and quizzes are provided as well. https://linuxjourney.com
  • Ryan’s Tutorials A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions. https://ryanstutorials.net
  • The Ultimate List of SANS Cheat Sheets Massive collection of free cybersecurity cheat sheets for quick reference (login with free SANS account required for some penetration testing resources). https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
  • CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn:The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise. How to use TI to respond to and minimize impact of cyber incidents. How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers. https://www.shadowscape.io/cyber-intelligence-analytics-operat
  • Linux Command Line for Beginners 25 hours of training – In this course, you’ll learn from one of Fullstack’s top instructors, Corey Greenwald, as he guides you through learning the basics of the command line through short, digestible video lectures. Then you’ll use Fullstack’s CyberLab platform to hone your new technical skills while working through a Capture the Flag game, a special kind of cybersecurity game designed to challenge participants to solve computer security problems by solving puzzles. Finally, through a list of carefully curated resources through a series of curated resources, we’ll introduce you to some important cybersecurity topics so that you can understand some of the common language, concepts and tools used in the industry. https://prep.fullstackacademy.com/
  • Hacking 101 6 hours of free training – First, you’ll take a tour of the world and watch videos of hackers in action across various platforms (including computers, smartphones, and the power grid). You may be shocked to learn what techniques the good guys are using to fight the bad guys (and which side is winning). Then you’ll learn what it’s like to work in this world, as we show you the different career paths open to you and the (significant) income you could make as a cybersecurity professional. https://cyber.fullstackacademy.com/prepare/hacking-101
  • Choose Your Own Cyber Adventure Series: Entry Level Cyber Jobs Explained YouTube Playlist (videos from my channel #simplyCyber) This playlist is a collection of various roles within the information security field, mostly entry level, so folks can understand what different opportunities are out there. https://www.youtube.com/playlist?list=PL4Q-ttyNIRAqog96mt8C8lKWzTjW6f38F
  • NETINSTRUCT.COM Free Cybersecurity, IT and Leadership Courses – Includes OS and networking basics. Critical to any Cyber job. https://netinstruct.com/courses
  • HackerSploit – HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. https://hackersploit.org/
  • Resources for getting started (Free and Paid)Practice
    • DetectionLab (Free)
    • LetsDefend.io (Free/Paid)
    • DetectionLabELK (Free)

    Log Analysis

    Network Monitoring

    Linux Distributions

    Memory Analysis Tools

    Professional Training

    • FOR578: Cyber Threat Intelligence (Paid)
    • SEC511: Continuous Monitoring & Security Operations (Paid)
    • SEC445: SIEM Design & Implementation (Paid)
    • AEGIS Certification (Paid)

    Conferences

CYBERSECURITY COURSES: (Multi-week w/Enrollment)

College Courses

  • Computer Science courses with video lectures Intent of this list is to act as Online bookmarks/lookup table for freely available online video courses. Focus would be to keep the list concise so that it is easy to browse. It would be easier to skim through 15 page list, find the course and start learning than having to read 60 pages of text. If you are student or from non-CS background, please try few courses to decide for yourself as to which course suits your learning curve best. https://github.com/Developer-Y/cs-video-courses?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
  • Cryptography I -offered by Stanford University – Rolling enrollment – Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. https://www.coursera.org/learn/crypto
  • Software Security Rolling enrollment -offered by University of Maryland, College Park via Coursera – This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. https://www.coursera.org/learn/software-security
  • Intro to Information Security Georgia Institute of Technology via Udacity – Rolling Enrollment. This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming knowledge — both undergraduate and graduate — understand this important priority in society today. Offered at Georgia Tech as CS 6035 https://www.udacity.com/course/intro-to-information-security–ud459
  • Cyber-Physical Systems Security Georgia Institute of Technology via Udacity – This course provides an introduction to security issues relating to various cyber-physical systems including industrial control systems and those considered critical infrastructure systems. 16 week course – Offered at Georgia Tech as CS 8803 https://www.udacity.com/course/cyber-physical-systems-security–ud279
  • Finding Your Cybersecurity Career Path – University of Washington via edX – 4 weeks long – self paced – In this course, you will focus on the pathways to cybersecurity career success. You will determine your own incoming skills, talent, and deep interests to apply toward a meaningful and informed exploration of 32 Digital Pathways of Cybersecurity. https://www.edx.org/course/finding-your-cybersecurity-career-path
  • Building a Cybersecurity Toolkit – University of Washington via edX – 4 weeks self-paced The purpose of this course is to give learners insight into these type of characteristics and skills needed for cybersecurity jobs and to provide a realistic outlook on what they really need to add to their “toolkits” – a set of skills that is constantly evolving, not all technical, but fundamentally rooted in problem-solving. https://www.edx.org/course/building-a-cybersecurity-toolkit
  • Cybersecurity: The CISO’s View – University of Washington via edX – 4 weeks long self-paced – This course delves into the role that the CISO plays in cybersecurity operations. Throughout the lessons, learners will explore answers to the following questions: How does cybersecurity work across industries? What is the professionals’ point of view? How do we keep information secure https://www.edx.org/course/cybersecurity-the-cisos-view
  • Introduction to Cybersecurity – University of Washington via edX – In this course, you will gain an overview of the cybersecurity landscape as well as national (USA) and international perspectives on the field. We will cover the legal environment that impacts cybersecurity as well as predominant threat actors. – https://www.edx.org/course/introduction-to-cybersecurity
  • Cyber Attack Countermeasures New York University (NYU) via Coursera – This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. – https://www.coursera.org/learn/cyber-attack-countermeasures
  • Introduction to Cyber Attacks New York University (NYU) via Coursera – This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. https://www.coursera.org/learn/intro-cyber-attacks
  • Enterprise and Infrastructure Security New York University (NYU) via Coursera – This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. https://www.coursera.org/learn/enterprise-infrastructure-security
  • Network Security Georgia Institute of Technology via Udacity – This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas. – https://www.udacity.com/course/network-security–ud199
  • Real-Time Cyber Threat Detection and Mitigation – New York University (NYU) via Coursera This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. https://www.coursera.org/learn/real-time-cyber-threat-detection

CYBERSECURITY JOBS:

 CYBERSECURITY Cheat sheets

SANS Massive List of Cheat Sheets Curated from here: https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/

General IT Security * Windows and Linux Terminals & Command Lines https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltea7de5267932e94b/5eb08aafcf88d36e47cf0644/Cheatsheet_SEC301-401_R7.pdf

Digital Forensics and Incident Response

Penetration Testing * Swiss Army Knife collection of PenTesting Cheatsheets https://github.com/swisskyrepo/PayloadsAllTheThings

Cloud Security Cheat sheets

CYBERSECURITY Q&A

 

‎AWS Certified Developer A. PRO

Source: What is the best cheap Wi-Fi cracking/hacking adapter?

Hey everyone, I’ve started getting into hacking, and would like to know the cheapest but best Wi-Fi cracking/deauthing/hacking adapter. I’m on a fairly tight budget of 20AUD and am willing to compromise if needed. Priority is a card with monitor mode, then cracking capabilities, then deauthing, etc. Thank you guys! By the way, if there are any beginner tips you are willing to give, please let me know!

 

 

How SSL Certificates Work

  • A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
  • The web server sends the browser/server a copy of its SSL certificate.
  • The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
  • The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
  • Encrypted data is shared between the browser/server and the web server.

diagram of how ssl certificates work

There are many benefits to using SSL certificates. Namely, SSL customers can:

  • Utilize HTTPs, which elicits a stronger Google ranking
  • Create safer experiences for your customers
  • Build customer trust and improve conversions
  • Protect both customer and internal data
  • Encrypt browser-to-server and server-to-server communication
  • Increase security of your mobile and cloud apps

Penetration Testing Terms

Penetration Testing Terms to know:

  • Authentication — The process of checking if a user is allowed to gain access to a system. eg. Login forms with username and password.
  • Authorization — Checking if the authenticated user has access to perform an action. eg. user, admin, super admin roles.
  • Audit — Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
  • Access Control List — A list that contains users and their level of access to a system.
  • Aircrack-ng — Wifi penetration testing software suite. Contains sniffing, password cracking, and general wireless attacking tools.
  • Backdoor — A piece of code that lets hackers get into the system easily after it has been compromised.
  • Burp Suite — Web application security software, helps test web apps for vulnerabilities. Used in bug bounty hunting.
  • Banner Grabbing — Capturing basic information about a server like the type of web server software (eg. apache) and services running on it.
  • Botnet — A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
  • Brute-Force Attack — An attack where the hacker tries different login combinations to gain access. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
  • Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other buffers (memory partitions) corrupting existing data.
  • Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
  • Cipher — Cryptographic algorithm for encrypting and decrypting data.
  • Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
  • Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
  • Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
  • Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
  • Dumpster Diving — Looking into a company’s trash cans for useful information.
  • Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
  • DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
  • Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
  • Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
  • DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
  • Encryption — Encoding a message with a key so that only the parties with the key can read the message.
  • Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
  • Enumeration — Mapping out all the components of a network by gaining access to a single system.
  • Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
  • Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
  • Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
  • Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
  • Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
  • Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
  • Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
  • Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
  • HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
  • Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
  • Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
  • Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
  • IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
  • John The Ripper — Brilliant password cracking tool, runs on all major platforms.
  • Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
  • KeyLogger — A software program that captures all keystrokes that a user performs on the system.
  • Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
  • Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
  • Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
  • MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
  • Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
  • MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
  • Metasploit — All in one penetration testing framework that helps to successfully exploit vulnerabilities and gain access to target systems.
  • Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
  • Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
  • Network Interface Card(NIC) — Hardware that helps a device connect to a network.
  • Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
  • Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
  • Netcat — Simple but powerful tool that can view and record data on a TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
  • Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
  • Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
  • Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
  • Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
  • Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
  • Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
  • Phishing — Building fake web sites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
  • Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
  • Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
  • Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
  • Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
  • Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
  • PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
  • Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
  • Rainbow Table — Pre calculated password hashes that will help you crack password hashes of the target easily.
  • Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
  • Reverse Engineering — Rebuilding a piece of software based on its functions.
  • Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
  • Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
  • Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
  • Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to login to remote servers and perform system administration.
  • Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
  • Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
  • Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
  • Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare with another hash, you cannot re-hash it to its earlier format.
  • Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
  • Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
  • Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
  • Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
  • Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
  • SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
  • Trojan — A malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
  • Traceroute — Tool that maps the route a packet takes between the source and destination.
  • Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
  • Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
  • Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. autoplaying a USB drive.
  • Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
  • War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
  • WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
  • Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
  • Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to built a botnet. Unlike Viruses, Worms don’t need a trigger.
  • Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
  • Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
  • Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerabilities since there is no possible way to protect against one.
  • Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.

CyberSecurity Post COVID-19

How does Covid19 affect cyber risk?

  1. Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
  2. Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
  3. Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector – security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
  4. With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.

Re-evaluate your approach to cyber

    • Which cyber scenarios your organization appears to be preparing for or is prepared?
    •  Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
    • What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
  • What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?

The organizations should reflect the following scenarios at a minimum and consider:

    • Which cyber scenarios your organization appears to be preparing for or is prepared?
    •  Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
    • What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
    • What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
  • To tackle the outcome from the above scenarios, the following measures are the key:

Inoculation through education: Educate and / or remind your employees about –

    • Your organization’s defense – remote work cyber security policies and best practices
    • Potential threats to your organization and how will it attack – with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
  • Assisting remote employees with enabling MFA across the organization assets

Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:

    • Set intelligence collection priorities
    • Share threat intelligence with other organizations
    • Use intelligence to move at the speed of the threat
  • Focus on known tactics, such as phishing and C-suite fraud.
  • Prioritize unpatched critical systems and common vulnerabilities.

Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:

    • Protect key systems through isolation
    • Fully understand and contain the incident
    • Eradicate any malware
    • Implement appropriate protection measures to improve overall system posture
    • Identify and prioritize the recovery of key business processes to deliver operations
  • Implement a prioritized recovery plan

Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:

    • Secure and monitor your cloud environments and remote working applications
    • Increase monitoring to identify threats from shadow IT
  • Analyze behavior patterns to improve detection content

Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.

Critical actions to address

At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:

    • Getting a seat at the table
    • Understanding the risk prioritization:
    • Remote workforce/technology performance
    • Operational and financial implications
    • Emerging insider and external threats
  • Business continuity capabilities

Assessing cyber governance and security awareness in the new operating environment

Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.

Keeping leadership and the Board apprised of ever-changing risk profile

Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.

CyberSecurity: Protect Yourself on Internet

    • Use two factor authentication when possible. If not possible, use strong unique passwords that are difficult to guess or crack. This means avoiding passwords that use of common words, your birthdate, your SSN, names and birthdays of close associates, etc.
    • Make sure the devices you are using are up-to-date and have some form of reputable anti-virus/malware software installed.
    • Never open emails, attachments, programs unless they are from a trusted source (i.e., a source that can be verified). Also disregard email or web requests that ask you to share your personal or account information unless you are sure the request and requestor are legitimate.
    • Try to only use websites that are encrypted. To do this, look for either the trusted security lock symbol before the website address and/or the extra “s” at the end of http in the URL address bar.
    • Avoid using an administrator level account when using the internet.
    • Only enable cookies when absolutely required by a website.
    • Make social media accounts private or don’t use social media at all.
    • Consider using VPNs and encrypting any folders/data that contains sensitive data.
  • Stay away from using unprotected public Wi-Fi networks.
    • Social media is genetically engineered in Area 51 to harvest as much data from you as possible. Far beyond just having your name and age and photograph.

    • Never use the same username twice anywhere, or the same password twice anywhere.

    • Use Tor/Tor Browser whenever possible. It’s not perfect, but it is a decent default attempt at anonymity.

    • Use a VPN. Using VPN and Tor can be even better.

    • Search engines like DuckDuckGo offer better privacy (assuming they’re honest, which you can never be certain of) than Google which, like social media, works extremely hard to harvest every bit of data from you that they can.

    • Never give your real details anywhere. Certainly not things like your name or pictures of yourself, but even less obvious things like your age or country of origin. Even things like how you spell words and grammatical quirks can reveal where you’re from.

    • Erase your comments from websites after a few days/weeks. It might not erase them from the website’s servers, but it will at least remove them from public view. If you don’t, you can forget they exist and you never know how or when they can and will be used against you.

  • With Reddit, you can create an account fairly easily over Tor using no real information. Also, regularly nuke your accounts in case Reddit or some crazy stalker is monitoring your posts to build a profile of who you might be. Source: Reddit

 Notable Hackers

  • Adrian Lamo – gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
  • Albert Gonzales – an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
  • Andrew Auernheimer (known as Weev) – Went to jail for using math against AT&T website.
  • Barnaby Jack – was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
  • Benjamin Delpy – Mimikatz
  • DVD-Jon – He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement.
  • Eric Corley (known as Emmanuel Goldstein) – 2600
  • Gary McKinnon – a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
  • George Hotz aka geohot – “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
  • Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
  • Hector Monsegur (known as Sabu) – an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
  • Jacob Appelbaum – an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
  • James Forshaw – one of the world’s foremost bug bounty huners
  • Jeanson James Ancheta – On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
  • Jeremy Hammond – He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
  • John Draper – also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
  • Kevin Mitnick – Free Kevin
  • Kimberley Vanvaeck (known as Gigabyte) – a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also created a Sharp virus (also called “Sharpei”), credited as being the first virus to be written in C#.
  • Lauri Love – a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
  • Michael Calce (known as MafiaBoy) – a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
  • Mudge – Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
  • Phineas Fisher – vigilante hacker god
  • PRAGMA – Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
  • The 414s – The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
  • The Shadow Brokers – is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.

Notable Viruses & Worms

History

  • The Strange History of Ransomware
    The first ransomware virus predates e-mail, even the Internet as we know it, and was distributed on floppy disk by the postal service. It sounds quaint, but in some ways this horse-and-buggy version was even more insidious than its modern descendants. Contemporary ransomware tends to bait victims using legitimate-looking email attachments — a fake invoice from UPS, or a receipt from Delta airlines. But the 20,000 disks dispatched to 90 countries in December of 1989 were masquerading as something far more evil: AIDS education software.

How to protect sensitive data for its entire lifecycle in AWS

How to protect sensitive data for its entire lifecycle in AWS
How to protect sensitive data for its entire lifecycle in AWS

You can protect data in-transit over individual communications channels using transport layer security (TLS), and at-rest in individual storage silos using volume encryption, object encryption or database table encryption. However, if you have sensitive workloads, you might need additional protection that can follow the data as it moves through the application stack. Fine-grained data protection techniques such as field-level encryption allow for the protection of sensitive data fields in larger application payloads while leaving non-sensitive fields in plaintext. This approach lets an application perform business functions on non-sensitive fields without the overhead of encryption, and allows fine-grained control over what fields can be accessed by what parts of the application. Read m ore here…

I Passed AWS Security Specialty SCS-C01 Testimonials

Passing the SCS-C01 AWS Certified Security Specialty exam

I’ve been studying for both DevOps DOP-C01 and Security Specialty SCS-C01 tests but opted to just focus on SCS-C01 since the DevOps exam seems like a tough one to pass. I’m planning to take the DevOps one next but I read that there’s a new DOP-C02 version just came out so I might postpone it until for a couple of months.

This AWS Certified Security Specialty exam is easier than the SAA exam since the main focus is all about security. The official Exam Guide has been my ultimate guide in knowing the particular AWS services to focus for the test. Once I got 90% on all my practice tests attempts from TD, I went ahead and booked my exam.

Here’s a compilation of all the helpful SCS-C01 posts that helped me:

https://www.reddit.com/r/AWSCertifications/comments/xpwtiv/aws_certified_security_specialty_pretty/

https://www.reddit.com/r/AWSCertifications/comments/x56trw/recommendations_for_preparing_to_take_aws/

https://www.reddit.com/r/AWSCertifications/comments/u1y4ik/passed_the_aws_certified_security_specialty_exam/

https://www.reddit.com/r/AWSCertifications/comments/syn0lr/aws_certified_security_specialty_scsc01_exam_pass/

The Exam Readiness: AWS Certified Security Specialty course provides a good summary of all the relevant topics that are about to be asked in the exam. Prepare to see topics in Key Management Infrastructure, IPS/IDS, network security, EKS/ECS container security and many more.

Cybersecurity Breaking News – Top Stories

  • Goal - intro experience with Nessus. “Tenable Nessus Fundamentals Course” - $250. Can I skip this 2.5 hour course if I’ve already s+, cysa+, and I’m a security analyst? And go straight to the advanced course?
    by /u/Away_Bath6417 (cybersecurity) on March 18, 2024 at 3:14 pm

    Looks like the topics are basic for the fundamentals course. I’d like to skip it and pay just 100 for the advanced course. https://www.tenable.com/education/courses/nessus-advanced Better yet. Anyone have a link to the 2.5 hours of fundamental content so I can save 250 bucks? Not seeing a torrent out there. Or maybe someone has video access they can share with me for 2 hours or perhaps documentation that captures it all ? I’ll pay you! submitted by /u/Away_Bath6417 [link] [comments]

  • Going to federal to get my foot in the door
    by /u/No-Internet-o (cybersecurity) on March 18, 2024 at 3:03 pm

    Anyone work in federal? I’m SWE(3 years of experience) in financial industry looking to get into cybersecurity for a while. It has been difficult to get out of my current role and break into cyber. I also got MS in software engineering focused in cybersecurity last summer. I got an offer for one of the development programs in federal which I applied when I had just started my masters. The role has like 3 different rotations within cyber and I’ll be in that program for 3 years. I’ll have to move from one coast to the other and also think that I’ll be restarting as an entry level. I plan to negotiate my salary and role. I’m not sure if it is worth it but I also think that this will get my foot in the door for cyber. Can someone please shed some light if you’re in cyber in federal? How is it like working in federal? Any tips on how to bring up the fact that I have 3 years of experience now and should not be considered as an entry level and ask for what other options/opportunities I have? Is it difficult to move out of federal back to private sector? Any other factors I should consider? submitted by /u/No-Internet-o [link] [comments]

  • Fujitsu found malware on IT systems, confirms data breach
    by /u/outerlimtz (cybersecurity) on March 18, 2024 at 2:16 pm

    submitted by /u/outerlimtz [link] [comments]

  • How to go from MLE/DS to Cyber Security?
    by /u/Math_wizard369 (cybersecurity) on March 18, 2024 at 1:31 pm

    Hello.A little background.I've been working in machine learning for about five years. I have a B.S in Computer Science. I started as a research assistant at my university in the robotics lab and then I worked in various aspects of machine learning from audio data to image data and then natural language processing for text and code and time series for biomedical data. All this was mostly at startups. I've moved around a lot and kind of seen a lot of different perspectives from machine learning but I have a good foundation on the basics and theory. I would also say that I'm a pretty good Python Coder. I've been coding for about 10 years and I'm a fairly decent software engineer, at least in that space. Recently I've been struggling to advance my career in machine learning and I've been thinking that I want to specialize in something I find important which is cybersecurity. I'm not expecting to get one of the top jobs in the field at the start, but I want to find a way to not completely throw away everything that I've learned over the past five years. I don't know much about cyber security in terms of Pen testing and networks, though I do know a little bit, that's why I'm asking here but just kind of thinking about the field I assume things like using NLP for log/port analysis in combination with SQL would be useful. Also stuff like binaries classification, clustering and outlier detection would be useful. I have some projects where I utilized LibCST to topic model code bases, as well as predict node/operator types from model embeddings. I apologize for the wall of text. To get to the point, I'm curious what people think the roadmap for someone in my situation would be. Should I focus on getting certifications? Should I focus on learning all that I can about networks? Should I stop coding Python all the time and learn some more C/C++? Essentially how much do I have to add to my resume in terms of certs and projects to at least be considered for an interview? How long do you think it will be to break in and get an entry-level job? Is it feasible to do it within three months? I will be unemployed in 2 months so I will most likely be a full time learner. Thank you. Any advice or guidance would be appreciated. ​ submitted by /u/Math_wizard369 [link] [comments]

  • A major cyber leak has occurred in China's Strategic Support Force
    by /u/JidongLiu (cybersecurity) on March 18, 2024 at 1:26 pm

    An investigation by China's Ministry of State Security found that China Far East International Tendering Co. Ltd. illegally transferred a large number of classified information through Internet mailboxes and stored a large number of classified documents on non-classified computers while undertaking the mission of the People's Liberation Army Strategic Support Force, leading to major online leaks. In addition, I have learned from Chinese counterintelligence that the leaked military data may have been obtained by U.S. military intelligence. The following is a news report on the incident:https://www.scmp.com/news/china/military/article/3255255/chinas-military-disqualifies-procurement-company-serious-risks-leaked-secrets submitted by /u/JidongLiu [link] [comments]

  • RedLine malware top credential stealer of last 6 months followed by Vidar and Raccoon Stealer
    by /u/CYRISMA_Buddy (cybersecurity) on March 18, 2024 at 1:19 pm

    submitted by /u/CYRISMA_Buddy [link] [comments]

  • Cybersecurity team staff exempt from device management?
    by /u/lighthills (cybersecurity) on March 18, 2024 at 1:16 pm

    Is this normal or even recommended for internal cybersecurity staff to use unmanaged laptops (not joined to domain, no MDM) so they are not hampered by the same security policies that they monitor for everyone else? Is there a specific exemption for this that doesn’t flag this practice as a problem by external audits? submitted by /u/lighthills [link] [comments]

  • 'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
    by /u/CYRISMA_Buddy (cybersecurity) on March 18, 2024 at 1:14 pm

    submitted by /u/CYRISMA_Buddy [link] [comments]

  • Is SOC manager a stressful job?
    by /u/gettingtherequick (cybersecurity) on March 18, 2024 at 12:59 pm

    I've seen some having drinking issue, family issue... submitted by /u/gettingtherequick [link] [comments]

  • Did the AI advancements in the last couple of years change your workflows so far?
    by /u/Vyalkuran (cybersecurity) on March 18, 2024 at 12:34 pm

    As a SWE, code suggestions and analysis is a blessing, being able to research bugs and errors way faster than any google search makes the life a lot easier. Of course, never take the suggestion at face value and you should always conduct your own research into the docs, but having a concrete starting point is way better than having no clue what to look for in the first place, especially when working with technologies you've never worked before. That being said, how is the landscape of AI in your field of work? Do you make use of tools like Copilot CLI, Copilot for Security (This seems to release next month??) etc? Do you find them useful or a hindrance? Any particular tool you've enjoyed using so far? submitted by /u/Vyalkuran [link] [comments]

  • Linux level
    by /u/77necam77 (cybersecurity) on March 18, 2024 at 12:08 pm

    Hello guys, I am curious to know what is the level of linux needed to work in the industry. I had a subject while i was studying (Linux administration), but i not sure that level is sufficent. Do you know how to test my linux knowledge, are there any resources for that? submitted by /u/77necam77 [link] [comments]

  • US is still chasing down pieces of Chinese hacking operation, NSA official says
    by /u/Specialist_Mix_22 (cybersecurity) on March 18, 2024 at 12:01 pm

    submitted by /u/Specialist_Mix_22 [link] [comments]

  • ICS/OT Penetration Testing of Siemens Simatic S7–1200: A Beginner’s Guide
    by /u/wijnandsj (cybersecurity) on March 18, 2024 at 10:34 am

    submitted by /u/wijnandsj [link] [comments]

  • What is the current situation with maritime cybersecurity?
    by /u/Pale_Cookie4134 (cybersecurity) on March 18, 2024 at 9:59 am

    submitted by /u/Pale_Cookie4134 [link] [comments]

  • WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
    by info@thehackernews.com (The Hacker News) (The Hacker News) on March 18, 2024 at 9:46 am

    WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.2) Web

  • Mintlify's disclosure about their recent incident
    by /u/arunsivadasan (cybersecurity) on March 18, 2024 at 9:26 am

    Mintlify is a popular documentation platform and the Github access tokens stored in their database were hacked recently. I find their post about the incident to be quite transparent and includes all the remediations they have taken so far. Good template for other companies to follow: https://mintlify.com/blog/incident-march-13 submitted by /u/arunsivadasan [link] [comments]

  • Return Oriented Programming Buffer Overflow exploitation Part 1 - In Lab Exercise
    by /u/Accomplished-Mud1210 (cybersecurity) on March 18, 2024 at 6:31 am

    submitted by /u/Accomplished-Mud1210 [link] [comments]

  • How to score "non-sensitive information leakage" using CVSS
    by /u/kontolohot (cybersecurity) on March 18, 2024 at 6:07 am

    I have a task from school to do simple testing to a website which divided in multiple testing category and then score it using CVSS v3.1 On the category of Information Gathering, I found 2 vulnerabilities: - Its manual book, which explains all capabilities of each user-roles, is publicly available. In the website, the manual is only available for admin. - Some of its error pages is showing backend error-message, like "this error happens in X module, you can change it in blablabla". And these pages is being indexed by Google. Now I need to score those two as one, under the category of Information Gathering, using CVSS v3.1. And this is the score that I came up with: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H - Score: 6; Medium (See calculator) Personally I think the score above is not accurate (too high) because the vulnerability is only not-so-sensitive information leakage. So what do you think? How would you score it and why? Additionally, when we're about to count the CVSS score of a vulnerability, how far do we have to assume about its worst possible exploitation and impact? Because I think I assume about "the worst" too far.. submitted by /u/kontolohot [link] [comments]

  • APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
    by info@thehackernews.com (The Hacker News) (The Hacker News) on March 18, 2024 at 5:59 am

    The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated

  • Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns
    by /u/astralqt (cybersecurity) on March 18, 2024 at 5:43 am

    submitted by /u/astralqt [link] [comments]

Smartphone 101 – Pick a smartphone for me – android or iOS – Apple iPhone or Samsung Galaxy or Huawei or Xaomi or Google Pixel

Top 100 AWS Solutions Architect Associate Certification Exam Questions and Answers Dump SAA-C03

Big Data and Data Analytics 101 – Top 100 AWS Certified Data Analytics Specialty Certification Questions and Answers Dumps

AWS Certified Security – Specialty Questions and Answers Dumps

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Top 100 AWS Certified Data Analytics Specialty Certification Questions and Answers Dumps

 

If you’re looking to take your data analytics career to the next level, then this AWS Data Analytics Specialty Certification Exam Preparation blog is a must-read! With over 100 exam questions and answers, plus data science and data analytics interview questions, cheat sheets and more, you’ll be fully prepared to ace the DAS-C01 exam. 

In this blog, we talk about big data and data analytics; we also give you the last updated top 100 AWS Certified Data Analytics – Specialty Questions and Answers Dumps

Top 100 AWS Certified Data Analytics Specialty Certification Questions and Answers Dumps
AWS Data analytics DAS-C01 Exam Prep

The AWS Certified Data Analytics – Specialty (DAS-C01) examination is intended for individuals who perform in a data analytics-focused role. This exam validates an examinee’s comprehensive understanding of using AWS services to design, build, secure, and maintain analytics solutions that provide insight from data.

Download the App for an interactive experience:

AWS DAS-C01 Exam Prep on iOS


AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

The AWS Certified Data Analytics – Specialty (DAS-C01) covers the following domains:

Domain 1: Collection 18%

Domain 2: Storage and Data Management 22%

Domain 3: Processing 24%

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Domain 4: Analysis and Visualization 18%

Domain 5: Security 18%

data analytics specialty
data analytics specialty

Below are the Top 100 AWS Certified Data Analytics – Specialty Questions and Answers Dumps and References

https://enoumen.com/2021/11/07/top-100-data-science-and-data-analytics-interview-questions-and-answers/

 
 

Question1: What combination of services do you need for the following requirements: accelerate petabyte-scale data transfers, load streaming data, and the ability to create scalable, private connections. Select the correct answer order.

A) Snowball, Kinesis Firehose, Direct Connect

B) Data Migration Services, Kinesis Firehose, Direct Connect

C) Snowball, Data Migration Services, Direct Connect

D) Snowball, Direct Connection, Kinesis Firehose

ANSWER1:

A

Notes/Hint1:

AWS has many options to help get data into the cloud, including secure devices like AWS Import/Export Snowball to accelerate petabyte-scale data transfers, Amazon Kinesis Firehose to load streaming data, and scalable private connections through AWS Direct Connect.

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

Reference1: Big Data Analytics Options 

AWS Data Analytics Specialty Certification Exam Preparation App is a great way to prepare for your upcoming AWS Data Analytics Specialty Certification Exam. The app provides you with over 300 questions and answers, detailed explanations of each answer, a scorecard to track your progress, and a countdown timer to help keep you on track. You can also find data science and data analytics interview questions and detailed answers, cheat sheets, and flashcards to help you study. The app is very similar to the real exam, so you will be well-prepared when it comes time to take the test.

AWS Data analytics DAS-C01 Exam Prep

 

ANSWER2:

C

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

Notes/Hint2:

Reference1: Relationalize PySpark

 

Question 3: There is a five-day car rally race across Europe. The race coordinators are using a Kinesis stream and IoT sensors to monitor the movement of the cars. Each car has a sensor and data is getting back to the stream with the default stream settings. On the last day of the rally, data is sent to S3. When you go to interpret the data in S3, there is only data for the last day and nothing for the first 4 days. Which of the following is the most probable cause of this?

A) You did not have versioning enabled and would need to create individual buckets to prevent the data from being overwritten.

B) Data records are only accessible for a default of 24 hours from the time they are added to a stream.

C) One of the sensors failed, so there was no data to record.

D) You needed to use EMR to send the data to S3; Kinesis Streams are only compatible with DynamoDB.

ANSWER3:

B

Notes/Hint3: 

Streams support changes to the data record retention period of your stream. An Amazon Kinesis stream is an ordered sequence of data records, meant to be written to and read from in real-time. Data records are therefore stored in shards in your stream temporarily. The period from when a record is added to when it is no longer accessible is called the retention period. An Amazon Kinesis stream stores records for 24 hours by default, up to 168 hours.

Reference3: Kinesis Extended Reading

AWS Data analytics DAS-C01 Exam Prep

 

Question 4:  A publisher website captures user activity and sends clickstream data to Amazon Kinesis Data Streams. The publisher wants to design a cost-effective solution to process the data to create a timeline of user activity within a session. The solution must be able to scale depending on the number of active sessions.
Which solution meets these requirements?

A) Include a variable in the clickstream data from the publisher website to maintain a counter for the number of active user sessions. Use a timestamp for the partition key for the stream. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the counter. Deploy the consumer application on Amazon EC2 instances in an EC2 Auto Scaling group.

B) Include a variable in the clickstream to maintain a counter for each user action during their session. Use the action type as the partition key for the stream. Use the Kinesis Client Library (KCL) in the consumer application to retrieve the data from the stream and perform the processing. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the
counter. Deploy the consumer application on AWS Lambda.

C) Include a session identifier in the clickstream data from the publisher website and use as the partition key for the stream. Use the Kinesis Client Library (KCL) in the consumer application to retrieve the data from the stream and perform the processing. Deploy the consumer application on Amazon EC2 instances in an
EC2 Auto Scaling group. Use an AWS Lambda function to reshard the stream based upon Amazon CloudWatch alarms.

D) Include a variable in the clickstream data from the publisher website to maintain a counter for the number of active user sessions. Use a timestamp for the partition key for the stream. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the counter. Deploy the consumer application on AWS Lambda.

ANSWER4:

C

Notes/Hint4: 

Partitioning by the session ID will allow a single processor to process all the actions for a user session in order. An AWS Lambda function can call the UpdateShardCount API action to change the number of shards in the stream. The KCL will automatically manage the number of processors to match the number of shards. Amazon EC2 Auto Scaling will assure the correct number of instances are running to meet the processing load.

Reference4: UpdateShardCount API

 

Question 5: Your company has two batch processing applications that consume financial data about the day’s stock transactions. Each transaction needs to be stored durably and guarantee that a record of each application is delivered so the audit and billing batch processing applications can process the data. However, the two applications run separately and several hours apart and need access to the same transaction information. After reviewing the transaction information for the day, the information no longer needs to be stored. What is the best way to architect this application?

A) Use SQS for storing the transaction messages; when the billing batch process performs first and consumes the message, write the code in a way that does not remove the message after consumed, so it is available for the audit application several hours later. The audit application can consume the SQS message and remove it from the queue when completed.

B)  Use Kinesis to store the transaction information. The billing application will consume data from the stream and the audit application can consume the same data several hours later.

C) Store the transaction information in a DynamoDB table. The billing application can read the rows while the audit application will read the rows then remove the data.

D) Use SQS for storing the transaction messages. When the billing batch process consumes each message, have the application create an identical message and place it in a different SQS for the audit application to use several hours later.

SQS would make this more difficult because the data does not need to persist after a full day.

ANSWER5:

B

Notes/Hint5: 

Kinesis appears to be the best solution that allows multiple consumers to easily interact with the records.

Reference5: Amazon Kinesis

Get mobile friendly version of the quiz @ the App Store

AWS DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Question 6: A company is currently using Amazon DynamoDB as the database for a user support application. The company is developing a new version of the application that will store a PDF file for each support case ranging in size from 1–10 MB. The file should be retrievable whenever the case is accessed in the application.
How can the company store the file in the MOST cost-effective manner?

A) Store the file in Amazon DocumentDB and the document ID as an attribute in the DynamoDB table.

B) Store the file in Amazon S3 and the object key as an attribute in the DynamoDB table.

C) Split the file into smaller parts and store the parts as multiple items in a separate DynamoDB table.

D) Store the file as an attribute in the DynamoDB table using Base64 encoding.

ANSWER6:

B

Notes/Hint6: 

Use Amazon S3 to store large attribute values that cannot fit in an Amazon DynamoDB item. Store each file as an object in Amazon S3 and then store the object path in the DynamoDB item.

Reference6: S3 Storage Cost –  DynamODB Storage Cost

 

Question 7: Your client has a web app that emits multiple events to Amazon Kinesis Streams for reporting purposes. Critical events need to be immediately captured before processing can continue, but informational events do not need to delay processing. What solution should your client use to record these types of events without unnecessarily slowing the application?

A) Log all events using the Kinesis Producer Library.

B) Log critical events using the Kinesis Producer Library, and log informational events using the PutRecords API method.

C) Log critical events using the PutRecords API method, and log informational events using the Kinesis Producer Library.

D) Log all events using the PutRecords API method.

ANSWER2:

C

Notes/Hint7: 

The PutRecords API can be used in code to be synchronous; it will wait for the API request to complete before the application continues. This means you can use it when you need to wait for the critical events to finish logging before continuing. The Kinesis Producer Library is asynchronous and can send many messages without needing to slow down your application. This makes the KPL ideal for the sending of many non-critical alerts asynchronously.

Reference7: PutRecords API

AWS Data analytics DAS-C01 Exam Prep

 

Question 8: You work for a start-up that tracks commercial delivery trucks via GPS. You receive coordinates that are transmitted from each delivery truck once every 6 seconds. You need to process these coordinates in near real-time from multiple sources and load them into Elasticsearch without significant technical overhead to maintain. Which tool should you use to digest the data?

A) Amazon SQS

B) Amazon EMR

C) AWS Data Pipeline

D) Amazon Kinesis Firehose

ANSWER8:

D

Notes/Hint8: 

Amazon Kinesis Firehose is the easiest way to load streaming data into AWS. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, and Amazon Elasticsearch Service, enabling near real-time analytics with existing business intelligence tools and dashboards.

Reference8: Amazon Kinesis Firehose

 

Question 9: A company needs to implement a near-real-time fraud prevention feature for its ecommerce site. User and order details need to be delivered to an Amazon SageMaker endpoint to flag suspected fraud. The amount of input data needed for the inference could be as much as 1.5 MB.
Which solution meets the requirements with the LOWEST overall latency?

A) Create an Amazon Managed Streaming for Kafka cluster and ingest the data for each order into a topic. Use a Kafka consumer running on Amazon EC2 instances to read these messages and invoke the Amazon SageMaker endpoint.

B) Create an Amazon Kinesis Data Streams stream and ingest the data for each order into the stream. Create an AWS Lambda function to read these messages and invoke the Amazon SageMaker endpoint.

C) Create an Amazon Kinesis Data Firehose delivery stream and ingest the data for each order into the stream. Configure Kinesis Data Firehose to deliver the data to an Amazon S3 bucket. Trigger an AWS Lambda function with an S3 event notification to read the data and invoke the Amazon SageMaker endpoint.

D) Create an Amazon SNS topic and publish the data for each order to the topic. Subscribe the Amazon SageMaker endpoint to the SNS topic.


ANSWER9:

A

Notes/Hint9: 

An Amazon Managed Streaming for Kafka cluster can be used to deliver the messages with very low latency. It has a configurable message size that can handle the 1.5 MB payload.

Reference9: Amazon Managed Streaming for Kafka cluster

 

Question 10: You need to filter and transform incoming messages coming from a smart sensor you have connected with AWS. Once messages are received, you need to store them as time series data in DynamoDB. Which AWS service can you use?

A) IoT Device Shadow Service

B) Redshift

C) Kinesis

D) IoT Rules Engine

ANSWER10:

D

Notes/Hint10: 

The IoT rules engine will allow you to send sensor data over to AWS services like DynamoDB

Reference10: The IoT rules engine

Get mobile friendly version of the quiz @ the App Store

Question 11: A media company is migrating its on-premises legacy Hadoop cluster with its associated data processing scripts and workflow to an Amazon EMR environment running the latest Hadoop release. The developers want to reuse the Java code that was written for data processing jobs for the on-premises cluster.
Which approach meets these requirements?

A) Deploy the existing Oracle Java Archive as a custom bootstrap action and run the job on the EMR cluster.

B) Compile the Java program for the desired Hadoop version and run it using a CUSTOM_JAR step on the EMR cluster.

C) Submit the Java program as an Apache Hive or Apache Spark step for the EMR cluster.

D) Use SSH to connect the master node of the EMR cluster and submit the Java program using the AWS CLI.


ANSWER11:

B

Notes/Hint11: 

A CUSTOM JAR step can be configured to download a JAR file from an Amazon S3 bucket and execute it. Since the Hadoop versions are different, the Java application has to be recompiled.

Reference11:  Automating analytics workflows on EMR

Question 12: You currently have databases running on-site and in another data center off-site. What service allows you to consolidate to one database in Amazon?

A) AWS Kinesis

B) AWS Database Migration Service

C) AWS Data Pipeline

D) AWS RDS Aurora

ANSWER12:

B

Notes/Hint12: 

AWS Database Migration Service can migrate your data to and from most of the widely used commercial and open source databases. It supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora. Migrations can be from on-premises databases to Amazon RDS or Amazon EC2, databases running on EC2 to RDS, or vice versa, as well as from one RDS database to another RDS database.

Reference12: DMS

 

 

Question 13:  An online retail company wants to perform analytics on data in large Amazon S3 objects using Amazon EMR. An Apache Spark job repeatedly queries the same data to populate an analytics dashboard. The analytics team wants to minimize the time to load the data and create the dashboard.
Which approaches could improve the performance? (Select TWO.)


A) Copy the source data into Amazon Redshift and rewrite the Apache Spark code to create analytical reports by querying Amazon Redshift.

B) Copy the source data from Amazon S3 into Hadoop Distributed File System (HDFS) using s3distcp.

C) Load the data into Spark DataFrames.

D) Stream the data into Amazon Kinesis and use the Kinesis Connector Library (KCL) in multiple Spark jobs to perform analytical jobs.

E) Use Amazon S3 Select to retrieve the data necessary for the dashboards from the S3 objects.

ANSWER13:

C and E

Notes/Hint13: 

One of the speed advantages of Apache Spark comes from loading data into immutable dataframes, which can be accessed repeatedly in memory. Spark DataFrames organizes distributed data into columns. This makes summaries and aggregates much quicker to calculate. Also, instead of loading an entire large Amazon S3 object, load only what is needed using Amazon S3 Select. Keeping the data in Amazon S3 avoids loading the large dataset into HDFS.

Reference13: Spark DataFrames 

 

Question 14: You have been hired as a consultant to provide a solution to integrate a client’s on-premises data center to AWS. The customer requires a 300 Mbps dedicated, private connection to their VPC. Which AWS tool do you need?

A) VPC peering

B) Data Pipeline

C) Direct Connect

D) EMR

ANSWER14:

C

Notes/Hint14: 

Direct Connect will provide a dedicated and private connection to an AWS VPC.

Reference14: Direct Connect

AWS Data analytics DAS-C01 Exam Prep

 

Question 15: Your organization has a variety of different services deployed on EC2 and needs to efficiently send application logs over to a central system for processing and analysis. They’ve determined it is best to use a managed AWS service to transfer their data from the EC2 instances into Amazon S3 and they’ve decided to use a solution that will do what?

A) Installs the AWS Direct Connect client on all EC2 instances and uses it to stream the data directly to S3.

B) Leverages the Kinesis Agent to send data to Kinesis Data Streams and output that data in S3.

C) Ingests the data directly from S3 by configuring regular Amazon Snowball transactions.

D) Leverages the Kinesis Agent to send data to Kinesis Firehose and output that data in S3.

ANSWER15:

D

Notes/Hint15: 

Kinesis Firehose is a managed solution, and log files can be sent from EC2 to Firehose to S3 using the Kinesis agent.

Reference15: Kinesis Firehose

 

Question 16: A data engineer needs to create a dashboard to display social media trends during the last hour of a large company event. The dashboard needs to display the associated metrics with a latency of less than 1 minute.
Which solution meets these requirements?

A) Publish the raw social media data to an Amazon Kinesis Data Firehose delivery stream. Use Kinesis Data Analytics for SQL Applications to perform a sliding window analysis to compute the metrics and output the results to a Kinesis Data Streams data stream. Configure an AWS Lambda function to save the stream data to an Amazon DynamoDB table. Deploy a real-time dashboard hosted in an Amazon S3 bucket to read and display the metrics data stored in the DynamoDB table.

B) Publish the raw social media data to an Amazon Kinesis Data Firehose delivery stream. Configure the stream to deliver the data to an Amazon Elasticsearch Service cluster with a buffer interval of 0 seconds. Use Kibana to perform the analysis and display the results.

C) Publish the raw social media data to an Amazon Kinesis Data Streams data stream. Configure an AWS Lambda function to compute the metrics on the stream data and save the results in an Amazon S3 bucket. Configure a dashboard in Amazon QuickSight to query the data using Amazon Athena and display the results.

D) Publish the raw social media data to an Amazon SNS topic. Subscribe an Amazon SQS queue to the topic. Configure Amazon EC2 instances as workers to poll the queue, compute the metrics, and save the results to an Amazon Aurora MySQL database. Configure a dashboard in Amazon QuickSight to query the data in Aurora and display the results.


ANSWER16:

A

Notes/Hint16: 

Amazon Kinesis Data Analytics can query data in a Kinesis Data Firehose delivery stream in near-real time using SQL. A sliding window analysis is appropriate for determining trends in the stream. Amazon S3 can host a static webpage that includes JavaScript that reads the data in Amazon DynamoDB and refreshes the dashboard.

Reference16: Amazon Kinesis Data Analytics can query data in a Kinesis Data Firehose delivery stream in near-real time using SQL

 

Question 17: A real estate company is receiving new property listing data from its agents through .csv files every day and storing these files in Amazon S3. The data analytics team created an Amazon QuickSight visualization report that uses a dataset imported from the S3 files. The data analytics team wants the visualization report to reflect the current data up to the previous day. How can a data analyst meet these requirements?

A) Schedule an AWS Lambda function to drop and re-create the dataset daily.

B) Configure the visualization to query the data in Amazon S3 directly without loading the data into SPICE.

C) Schedule the dataset to refresh daily.

D) Close and open the Amazon QuickSight visualization.

ANSWER17:

B

Notes/Hint17:

Datasets created using Amazon S3 as the data source are automatically imported into SPICE. The Amazon QuickSight console allows for the refresh of SPICE data on a schedule.

Reference17: Amazon QuickSight and SPICE

AWS Data analytics DAS-C01 Exam Prep

Question 18: You need to migrate data to AWS. It is estimated that the data transfer will take over a month via the current AWS Direct Connect connection your company has set up. Which AWS tool should you use?

A) Establish additional Direct Connect connections.

B) Use Data Pipeline to migrate the data in bulk to S3.

C) Use Kinesis Firehose to stream all new and existing data into S3.

D) Snowball

ANSWER18:

D

Notes/Hint18:

As a general rule, if it takes more than one week to upload your data to AWS using the spare capacity of your existing Internet connection, then you should consider using Snowball. For example, if you have a 100 Mb connection that you can solely dedicate to transferring your data and need to transfer 100 TB of data, it takes more than 100 days to complete a data transfer over that connection. You can make the same transfer by using multiple Snowballs in about a week.

Reference18: Snowball

 

Question 19: You currently have an on-premises Oracle database and have decided to leverage AWS and use Aurora. You need to do this as quickly as possible. How do you achieve this?

A) It is not possible to migrate an on-premises database to AWS at this time.

B) Use AWS Data Pipeline to create a target database, migrate the database schema, set up the data replication process, initiate the full load and a subsequent change data capture and apply, and conclude with a switchover of your production environment to the new database once the target database is caught up with the source database.

C) Use AWS Database Migration Services and create a target database, migrate the database schema, set up the data replication process, initiate the full load and a subsequent change data capture and apply, and conclude with a switch-over of your production environment to the new database once the target database is caught up with the source database.

D) Use AWS Glue to crawl the on-premises database schemas and then migrate them into AWS with Data Pipeline jobs.

https://aws.amazon.com/dms/faqs/

ANSWER19:

C

Notes/Hint19: 

DMS can efficiently support this sort of migration using the steps outlined. While AWS Glue can help you crawl schemas and store metadata on them inside of Glue for later use, it isn’t the best tool for actually transitioning a database over to AWS itself. Similarly, while Data Pipeline is great for ETL and ELT jobs, it isn’t the best option to migrate a database over to AWS.

Reference19: DMS

 

Question 20: A financial company uses Amazon EMR for its analytics workloads. During the company’s annual security audit, the security team determined that none of the EMR clusters’ root volumes are encrypted. The security team recommends the company encrypt its EMR clusters’ root volume as soon as possible.
Which solution would meet these requirements?

A) Enable at-rest encryption for EMR File System (EMRFS) data in Amazon S3 in a security configuration. Re-create the cluster using the newly created security configuration.

B) Specify local disk encryption in a security configuration. Re-create the cluster using the newly created security configuration.

C) Detach the Amazon EBS volumes from the master node. Encrypt the EBS volume and attach it back to the master node.

D) Re-create the EMR cluster with LZO encryption enabled on all volumes.

ANSWER20:

B

Notes/Hint20: 

Local disk encryption can be enabled as part of a security configuration to encrypt root and storage volumes.

Reference20: EMR Cluster Local disk encryption

Question 21: A company has a clickstream analytics solution using Amazon Elasticsearch Service. The solution ingests 2 TB of data from Amazon Kinesis Data Firehose and stores the latest data collected within 24 hours in an Amazon ES cluster. The cluster is running on a single index that has 12 data nodes and 3 dedicated master nodes. The cluster is configured with 3,000 shards and each node has 3 TB of EBS storage attached. The Data Analyst noticed that the query performance of Elasticsearch is sluggish, and some intermittent errors are produced by the Kinesis Data Firehose when it tries to write to the index. Upon further investigation, there were occasional JVMMemoryPressure errors found in Amazon ES logs.

What should be done to improve the performance of the Amazon Elasticsearch Service cluster?

A) Improve the cluster performance by increasing the number of master nodes of Amazon Elasticsearch.
 
B) Improve the cluster performance by increasing the number of shards of the Amazon Elasticsearch index.
       
C) Improve the cluster performance by decreasing the number of data nodes of Amazon Elasticsearch.
 
D) Improve the cluster performance by decreasing the number of shards of the Amazon Elasticsearch index.
 
ANSWER21:
D
 
Notes/Hint21:
“Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in AWS Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analysis. With Amazon ES, you get direct access to the Elasticsearch APIs; existing code and applications work seamlessly with the service.
 
Each Elasticsearch index is split into some number of shards. You should decide the shard count before indexing your first document. The overarching goal of choosing a number of shards is to distribute an index evenly across all data nodes in the cluster. However, these shards shouldn’t be too large or too numerous.
 
A good rule of thumb is to try to keep a shard size between 10 – 50 GiB. Large shards can make it difficult for Elasticsearch to recover from failure, but because each shard uses some amount of CPU and memory, having too many small shards can cause performance issues and out of memory errors. In other words, shards should be small enough that the underlying Amazon ES instance can handle them, but not so small that they place needless strain on the hardware. Therefore the correct answer is: Improve the cluster performance by decreasing the number of shards of Amazon Elasticsearch index.
 
Reference:  ElasticsSearch
 

Question 22: A data lake is a central repository that enables which operation?

 
A) Store unstructured data from a single data source
 
B) Store structured data from any data source
 
C)  Store structure and unstructured data from any source
 
D) Store structured and unstructured data from a single source
 
ANSWER22:
C
 
Notes/Hint22:
Data lake is a centralized repository for large amounts of structured and unstructured data to enable direct analytics.
 
 
Reference: Data Lakes
 
 

Question 23: What is the most cost-effective storage option for your data lake?

 
A) Amazon EBS
 
B) Amazon S3
 
C) Amazon RDS
 
D) Amazon Redshift
 
ANSWER23:
B
 
 
Notes/Hint23:
Amazon S3
 

Question 24: Which services are used in the processing layer of a data lake architecture? (SELECT TWO)

 
A. AWS Snowball
 
B. AWS Glue
 
C. Amazon EMR
 
D. Amazon QuickSight
 
ANSWER24:
B and C
 
 
Notes/Hint24:
Amazon Glue and Amazon EMR
 

Question 25: Which services can be used for data ingestion into your data lake? (SELECT TWO)

A) Amazon Kinesis Data Firehose

B) Amazon QuickSight

C) Amazon Athena

D) AWS Storage Gateway

ANSWER25:
A and D
 
 
Notes/Hint25:
Amazon Kinesis Data Firehose and  and Amazon Storage Gateway
 
Reference: Data Lakes
 

Question 26: Which service uses continuous data replication with high availability to consolidate databases into a petabyte-scale data warehouse by streaming data to amazon Redshift and Amazon S3?

A) AWS Storage Gateway

B) AWS Schema Conversion Tool

C) AWS Database Migration Service

D) Amazon Kinesis Data Firehose

ANSWER26:
C
 
 
Notes/Hint26:
AWS Database Migration Service
 
Reference: Data Lakes
 

Question 27: What is the AWS Glue Data Catalog?

A) A fully managed ETL (extract, transform, and load) pipeline service

B) A service to schedule jobs

C) A visual data preparation tool

D) An index to the location, schema, and runtime metrics of your data

ANSWER27:
D
 
 
Notes/Hint27:
An index to the location, schema, and runtime metrics of your data
 
Reference: Data Lakes
 

Questions 28: What AWS Glue feature “catalogs” your data?

A) AWS Glue crawler

B) AWS Glue DataBrew

C) AWS Glue Studio

D) AWS Glue Elastic Views

ANSWER28:
A
 
 
Notes/Hint28:
AWS Glue crawler
 
Reference: Data Lakes
 

Question 29: During your data preparation stage, the raw data has been enriched to support additional insights. You need to improve query performance and reduce costs of the final analytics solution.

Which data formats meet these requirements (SELECT TWO)

ANSWER29:
C and D
 
 
Notes/Hint29:
Apache Parquet and Apache ORC
Reference: Data Lakes
 

Question 30: Your small start-uo company is developing a data analytics solution. You need to clean and normalize large datasets, but you do not have developers with the skill set to write custom scripts. Which tool will help efficiently design and run the data preparation activities?

ANSWER30:
B
 
 
Notes/Hint30:
AWS Glue DataBrew
To be able to run analytics, build reports, or apply machine learning, you need to be sure the data you’re using is clean and in the right format. This data preparation step requires data analysts and data scientists to write custom code and perform many manual activities. When cleaning and normalizing data, it is helpful to first review the dataset to understand which possible values are present. Simple visualizations are helpful for determining whether correlations exist between the columns.
 
AWS Glue DataBrew is a visual data preparation tool that helps you clean and normalize data up to 80% faster so you can focus more on the business value you can get. DataBrew provides a visual interface that quickly connects to your data stored in Amazon S3, Amazon Redshift, Amazon Relational Database Service (RDS), any JDBC-accessible data store, or data indexed by the AWS Glue Data Catalog. You can then explore the data, look for patterns, and apply transformations. For example, you can apply joins and pivots, merge different datasets, or use functions to manipulate data.
Reference: Data Lakes
 

Question 30: In which scenario would you use AWS Glue jobs?

A) Analyze data in real-time as data comes into the data lake

B) Transform data in real-time as data comes into the data lake

C) Analyze data in batches on schedule or on demand

D) Transform data in batches on schedule or on demand.

ANSWER30:
D
 
 
Notes/Hint30:
An AWS Glue job encapsulates a script that connects to your source data, processes it, and then writes it out to your data target. Typically, a job runs extract, transform, and load (ETL) scripts. Jobs can also run general-purpose Python scripts (Python shell jobs.) AWS Glue triggers can start jobs based on a schedule or event, or on demand. You can monitor job runs to understand runtime metrics such as completion status, duration, and start tim

Question 31: Your data resides in multiple data stores, including Amazon S3, Amazon RDS, and Amazon DynamoDB. You need to efficiently query the combined datasets.

Which tool can achieve this, using a single query, without moving data?

A) Amazon Athena Federated Query

B) Amazon Redshift Query Editor

C) SQl Workbench

D) AWS Glue DataBrew

ANSWER31:
A
 
 
Notes/Hint31:
With Amazon Athena Federated Query, you can run SQL queries across a variety of relational, non-relational, and custom data sources. You get a unified way to run SQL queries across various data stores. 
 
Athena uses data source connectors that run on AWS Lambda to run federated queries. A data source connector is a piece of code that can translate between your target data source and Athena. You can think of a connector as an extension of Athena’s query engine. Pre-built Athena data source connectors exist for data sources like Amazon CloudWatch Logs, Amazon DynamoDB, Amazon DocumentDB, Amazon RDS, and JDBC-compliant relational data sources such MySQL and PostgreSQL under the Apache 2.0 license. You can also use the Athena Query Federation SDK to write custom connectors. To choose, configure, and deploy a data source connector to your account, you can use the Athena and Lambda consoles or the AWS Serverless Application Repository. After you deploy data source connectors, the connector is associated with a catalog that you can specify in SQL queries. You can combine SQL statements from multiple catalogs and span multiple data sources with a single query.
 

Question 32: Which benefit do you achieve by using AWS Lake Formation to build data lakes?

A) Build data lakes quickly

B) Simplify security management

C) Provide self-service access to data

D) All of the above

ANSWER32:
D
 
 
Notes/Hint32:
Build data lakes quickly
With Lake Formation, you can move, store, catalog, and clean your data faster. You simply point Lake Formation at your data sources, and Lake Formation crawls those sources and moves the data into your new Amazon S3 data lake. Lake Formation organizes data in S3 around frequently used query terms and into right-sized chunks to increase efficiency. Lake Formation also changes data into formats like Apache Parquet and ORC for faster analytics. In addition, Lake Formation has built-in machine learning to deduplicate and find matching records (two entries that refer to the same thing) to increase data quality.
 
Simplify security management
You can use Lake Formation to centrally define security, governance, and auditing policies in one place, versus doing these tasks per service. You can then enforce those policies for your users across their analytics applications. Your policies are consistently implemented, eliminating the need to manually configure them across security services like AWS Identity and Access Management (AWS IAM) and AWS Key Management Service (AWS KMS), storage services like Amazon S3, and analytics and machine learning services like Amazon Redshift, Amazon Athena, and (in beta) Amazon EMR for Apache Spark. This reduces the effort in configuring policies across services and provides consistent enforcement and compliance.
 
Provide self-service access to data
With Lake Formation, you build a data catalog that describes the different available datasets along with which groups of users have access to each. This makes your users more productive by helping them find the right dataset to analyze. By providing a catalog of your data with consistent security enforcement, Lake Formation makes it easier for your analysts and data scientists to use their preferred analytics service. They can use Amazon EMR for Apache Spark (in beta), Amazon Redshift, or Amazon Athena on diverse datasets that are now housed in a single data lake. Users can also combine these services without having to move data between silos.
 
 

Question 33: What are the three stages to set up a data lake using AWS Lake Formation? (SELECT THREE)

A) Register the storage location
B) Create a database
C) Populate the database
D) Grant permissions
 
ANSWER33:
A B and D
 
 
Notes/Hint33:
Register the storage location
Lake Formation manages access to designated storage locations within Amazon S3. Register the storage locations that you want to be part of the data lake.
 
Create a database
Lake Formation organizes data into a catalog of logical databases and tables. Create one or more databases and then automatically generate tables during data ingestion for common workflows.
 
Grant permissions
Lake Formation manages access for IAM users, roles, and Active Directory users and groups via flexible database, table, and column permissions. Grant permissions to one or more resources for your selected users.
 
 
 
Question 34: Which of the following AWS Lake Formation tasks are performed by the AWS Glue service? (SELECT THREE)
 
A) ETL code creation and job monitoring
B) Blueprints to create workflows
C) Data catalog and serverless architecture
D) Simplify securty management
 
ANSWER34:
A B and C
 
 
Notes/Hint34:
Lake Formation leverages a shared infrastructure with AWS Glue, including console controls, ETL code creation and job monitoring, blueprints to create workflows for data ingest, the same data catalog, and a serverless architecture. While AWS Glue focuses on these types of functions, Lake Formation encompasses all AWS Glue features AND provides additional capabilities designed to help build, secure, and manage a data lake. See the AWS Glue features page for more de
 
 

Question 35:  A digital media customer needs to quickly build a data lake solution for the data housed in a PostgreSQL database. As a solutions architect, what service and feature would meet this requirement?

 
A) Copy PostgreSQL data to an Amazon S3 bucket and build a data lake using AWS Lake Formation
B) Use AWS Lake Formation blueprints
C) Build a data lake manually
D) Build an analytics solution by directly accessing the database.
 
ANSWER35:
B
 
 
Notes/Hint35:
A blueprint is a data management template that enables you to easily ingest data into a data lake. Lake Formation provides several blueprints, each for a predefined source type, such as a relational database or AWS CloudTrail logs. From a blueprint, you can create a workflow. Workflows consist of AWS Glue crawlers, jobs, and triggers that are generated to orchestrate the loading and update of data. Blueprints take the data source, data target, and schedule as input to configure the workflow.
 

Question 36: AWS Lake Formation has a set of suggested personas and IAM permissions. Which is a required persona?

 
A) Data lake administrator
B) Data engineer
C) Data analyst
D) Business analyst
 
ANSWER36:
A
 
 
Notes/Hint36:
Data lake administrator (Required)
A user who can register Amazon S3 locations, access the Data Catalog, create databases, create and run workflows, grant Lake Formation permissions to other users, and view AWS CloudTrail logs. The user has fewer IAM permissions than the IAM administrator but enough to administer the data lake. Cannot add other data lake administrators.
 
Data engineer (Optional) A user who can create and run crawlers and workflows and grant Lake Formation permissions on the Data Catalog tables that the crawlers and workflows create.
 
Data analyst (Optional) A user who can run queries against the data lake using, for example, Amazon Athena. The user has only enough permissions to run queries.
 
Business analyst (Optional) Generally, an end-user application specific persona that would query data and resource using a workflow role.
 
 

Question 37: Which three types of blueprints does AWS Lake Formation support? (SELECT THREE)

 
A) ETL code creation and job monitoring
B) Database snapshot
C) Incremental database
D) Log file sources (AWS CloudTrail, ELB/ALB logs)
 
ANSWER37:
B C and D
 
 
Notes/Hint37:
AWS Lake Formation blueprints simplify and automate creating workflows. Lake Formation provides the following types of blueprints:
• Database snapshot – Loads or reloads data from all tables into the data lake from a JDBC source. You can exclude some data from the source based on an exclude pattern.
 
• Incremental database – Loads only new data into the data lake from a JDBC source, based on previously set bookmarks. You specify the individual tables in the JDBC source database to include. For each table, you choose the bookmark columns and bookmark sort order to keep track of data that has previously been loaded. The first time that you run an incremental database blueprint against a set of tables, the workflow loads all data from the tables and sets bookmarks for the next incremental database blueprint run. You can therefore use an incremental database blueprint instead of the database snapshot blueprint to load all data, provided that you specify each table in the data source as a paramete
 
• Log file – Bulk loads data from log file sources, including AWS CloudTrail, Elastic Load Balancing logs, and Application Load Balancer logs.
 

Question 38: Which one of the following is the best description of the capabilities of Amazon QuickSight?

 
A) Automated configuration service build on AWS Glue
B) Fast, serverless, business intelligence service
C) Fast, simple, cost-effective data warehousing
D) Simple, scalable, and serverless data integration
 
ANSWER38:
B C and D
 
 
Notes/Hint38:
B. Scalable, serverless business intelligence service is the correct choice.
See the brief descriptions of several AWS Analytics services below:
AWS Lake Formation Build a secure data lake in days using Glue blueprints and workflows
 
Amazon QuickSight Scalable, serverless, embeddable, ML-powered BI Service built for the cloud
 
Amazon Redshift Analyze all of your data with the fastest and most widely used cloud data warehouse
 
AWS Glue Simple, scalable, and serverless data integration
 

Question 39: Which benefits are provided by Amazon Redshift? (Select TWO)

A) Analyze Data stored in your data lake

B) Maintain performance at scale

C) Focus effort on Data warehouse administration

D) Store all the data to meet analytics need

E) Amazon Redshift includes enterprise-level security and compliance features.

 
ANSWER38:
A and B
 
 
Notes/Hint38:
A is correct – With Amazon Redshift, you can analyze all your data, including exabytes of data stored in your Amazon S3 data lake.
B is correct – Amazon Redshift provides consistent performance at scale.
 
• C is incorrect – Amazon Redshift is a fully managed data warehouse solution. It includes automations to reduce the administrative overhead traditionally associated with data warehouses. When using Amazon Redshift, you can focus your development effort on strategic data analytics solutions.
 
• D is incorrect – With Amazon Redshift features—such as Amazon Redshift Spectrum, materialized views, and federated query—you can analyze data where it is stored in your data lake or AWS databases. This capability provides flexibility to meet new analytics requirements without the cost, time, or complexity of moving large volumes of data between solutions.
 
• Answer E is incorrect – Amazon Redshift includes enterprise-level security and compliance features.
 
 

Djamga Data Sciences Big Data – Data Analytics Youtube Playlist

2- Prepare for Your AWS Certification Exam

3- LinuxAcademy

Big Data – Data Analytics Jobs:

 

Big Data – Data Analytics – Data Sciences Latest News:

DATA ANALYTICS Q&A:

 
 

[/bg_collapse]

Clever Questions, Answers, Resources about:

  • Data Sciences
  • Big Data
  • Data Analytics
  • Data Sciences
  • Databases
  • Data Streams
  • Large DataSets

What Is a Data Scientist?

Data Scientist (n.): Person who is better at statistics than any software engineer and better at software engineering than any statistician. – Josh Wills

Data scientists apply sophisticated quantitative and computer science skills to both structure and analyze massive stores or continuous streams of unstructured data, with the intent to derive insights and prescribe action. – Burtch Works Data Science Salary Survey, May 2018

More than anything, what data scientists do is make discoveries while swimming in data… In a competitive landscape where challenges keep changing and data never stop flowing, data scientists help decision makers shift from ad hoc analysis to an ongoing conversation with data. – Data Scientist: The Sexiest Job of the 21st Century, Harvard Business Review

Do All Data Scientists Hold Graduate Degrees?

Data scientists are highly educated. With exceedingly rare exception, every data scientist holds at least an undergraduate degree. 91% of data scientists in 2018 held advanced degrees. The remaining 9% all held undergraduate degrees. Furthermore,

  • 25% of data scientists hold a degree in statistics or mathematics,
  • 20% have a computer science degree,
  • an additional 20% hold a degree in the natural sciences, and
  • 18% hold an engineering degree.

The remaining 17% of surveyed data scientists held degrees in business, social science, or economics.

How Are Data Scientists Different From Data Analysts?

Broadly speaking, the roles differ in scope: data analysts build reports with narrow, well-defined KPIs. Data scientists often to work on broader business problems without clear solutions. Data scientists live on the edge of the known and unknown.

We’ll leave you with a concrete example: A data analyst cares about profit margins. A data scientist at the same company cares about market share.

How Is Data Science Used in Medicine?

Data science in healthcare best translates to biostatistics. It can be quite different from data science in other industries as it usually focuses on small samples with several confounding variables.

How Is Data Science Used in Manufacturing?

Data science in manufacturing is vast; it includes everything from supply chain optimization to the assembly line.

What are data scientists paid?

Most people are attracted to data science for the salary. It’s true that data scientists garner high salaries compares to their peers. There is data to support this: The May 2018 edition of the BurtchWorks Data Science Salary Survey, annual salary statistics were

Note the above numbers do not reflect total compensation which often includes standard benefits and may include company ownership at high levels.

How will data science evolve in the next 5 years?

Will AI replace data scientists?

What is the workday like for a data scientist?

It’s common for data scientists across the US to work 40 hours weekly. While company culture does dictate different levels of work life balance, it’s rare to see data scientists who work more than they want. That’s the virtue of being an expensive resource in a competitive job market.

How do I become a Data Scientist?

The roadmap given to aspiring data scientists can be boiled down to three steps:

  1. Earning an undergraduate and/or advanced degree in computer science, statistics, or mathematics,
  2. Building their portfolio of SQL, Python, and R skills, and
  3. Getting related work experience through technical internships.

All three require a significant time and financial commitment.

There used to be a saying around datascience: The road into a data science starts with two years of university-level math.

What Should I Learn? What Order Do I Learn Them?

This answer assumes your academic background ends with a HS diploma in the US.

  1. Python
  2. Differential Calculus
  3. Integral Calculus
  4. Multivariable Calculus
  5. Linear Algebra
  6. Probability
  7. Statistics

Some follow up questions and answers:

Why Python first?

  • Python is a general purpose language. R is used primarily by statisticians. In the likely scenario that you decide data science requires too much time, effort, and money, Python will be more valuable than your R skills. It’s preparing you to fail, sure, but in the same way a savings account is preparing you to fail.

When do I start working with data?

  • You’ll start working with data when you’ve learned enough Python to do so. Whether you’ll have the tools to have any fun is a much more open-ended question.

How long will this take me?

  • Assuming self-study and average intelligence, 3-5 years from start to finish.

How Do I Learn Python?

If you don’t know the first thing about programming, start with MIT’s course in the curated list.

These modules are the standard tools for data analysis in Python:

Curated Threads & Resources

  1. MIT’s Introduction to Computer Science and Programming in Python A free, archived course taught at MIT in the fall 2016 semester.
  2. Data Scientist with Python Career Track | DataCamp The first courses are free, but unlimited access costs $29/month. Users usually report a positive experience, and it’s one of the better hands-on ways to learn Python.
  3. Sentdex’s (Harrison Kinsley) Youtube Channel Related to Python Programming Tutorials
  4. /r/learnpython is an active sub and very useful for learning the basics.

How Do I Learn R?

If you don’t know the first thing about programming, start with R for Data Science in the curated list.

These modules are the standard tools for data analysis in Python:

Curated Threads & Resources

  1. R for Data Science by Hadley WickhamA free ebook full of succinct code examples. Terrific for learning tidyverse syntax.Folks with some math background may prefer the free alternative, Introduction to Statistical Learning.
  2. Data Scientist with R Career Track | DataCamp The first courses are free, but unlimited access costs $29/month. Users usually report a positive experience, and it’s one of the few hands-on ways to learn R.
  3. R Inferno Learners with a CS background will appreciate this free handbook explaining how and why R behaves the way that it does.

How Do I Learn SQL?

Prioritize the basics of SQL. i.e. when to use functions like POW, SUM, RANK; the computational complexity of the different kinds of joins.

Concepts like relational algebra, when to use clustered/non-clustered indexes, etc. are useful, but (almost) never come up in interviews.

You absolutely do not need to understand administrative concepts like managing permissions.

Finally, there are numerous query engines and therefore numerous dialects of SQL. Use whichever dialect is supported in your chosen resource. There’s not much difference between them, so it’s easy to learn another dialect after you’ve learned one.

Curated Threads & Resources

  1. The SQL Tutorial for Data Analysis | Mode.com
  2. Introduction to Databases A Free MOOC supported by Stanford University.
  3. SQL Queries for Mere MortalsA $30 book highly recommended by /u/karmanujan

How Do I Learn Calculus?

Fortunately (or unfortunately), calculus is the lament of many students, and so resources for it are plentiful. Khan Academy mimics lectures very well, and Paul’s Online Math Notes are a terrific reference full of practice problems and solutions.

Calculus, however, is not just calculus. For those unfamiliar with US terminology,

  • Calculus I is differential calculus.
  • Calculus II is integral calculus.
  • Calculus III is multivariable calculus.
  • Calculus IV is differential equations.

Differential and integral calculus are both necessary for probability and statistics, and should be completed first.

Multivariable calculus can be paired with linear algebra, but is also required.

Differential equations is where consensus falls apart. The short it is, they’re all but necessary for mathematical modeling, but not everyone does mathematical modeling. It’s another tool in the toolbox.

Curated Threads & Resources about Data Science and Data Analytics

How Do I Learn Probability?

Probability is not friendly to beginners. Definitions are rooted in higher mathematics, notation varies from source to source, and solutions are frequently unintuitive. Probability may present the biggest barrier to entry in data science.

It’s best to pick a single primary source and a community for help. If you can spend the money, register for a university or community college course and attend in person.

The best free resource is MIT’s 18.05 Introduction to Probability and Statistics (Spring 2014). Leverage /r/learnmath, /r/learnmachinelearning, and /r/AskStatistics when you get inevitably stuck.

How Do I Learn Linear Algebra?

Curated Threads & Resources https://www.youtube.com/watch?v=fNk_zzaMoSs&index=1&list=PLZHQObOWTQDPD3MizzM2xVFitgF8hE_ab

What does the typical data science interview process look like?

For general advice, Mastering the DS Interview Loop is a terrific article. The community discussed the article here.

Briefly summarized, most companies follow a five stage process:

  1. Coding Challenge: Most common at software companies and roles contributing to a digital product.
  2. HR Screen
  3. Technical Screen: Often in the form of a project. Less frequently, it takes the form of a whiteboarding session at the onsite.
  4. Onsite: Usually the project from the technical screen is presented here, followed by a meeting with the director overseeing the team you’ll join.
  5. Negotiation & Offer

Preparation:

  1. Practice questions on Leetcode which has both SQL and traditional data structures/algorithm questions
  2. Review Brilliant for math and statistics questions.
  3. SQL Zoo and Mode Analytics both offer various SQL exercises you can solve in your browser.

Tips:

  1. Before you start coding, read through all the questions. This allows your unconscious mind to start working on problems in the background.
  2. Start with the hardest problem first, when you hit a snag, move to the simpler problem before returning to the harder one.
  3. Focus on passing all the test cases first, then worry about improving complexity and readability.
  4. If you’re done and have a few minutes left, go get a drink and try to clear your head. Read through your solutions one last time, then submit.
  5. It’s okay to not finish a coding challenge. Sometimes companies will create unreasonably tedious coding challenges with one-week time limits that require 5–10 hours to complete. Unless you’re desperate, you can always walk away and spend your time preparing for the next interview.

Remember, interviewing is a skill that can be learned, just like anything else. Hopefully, this article has given you some insight on what to expect in a data science interview loop.

The process also isn’t perfect and there will be times that you fail to impress an interviewer because you don’t possess some obscure piece of knowledge. However, with repeated persistence and adequate preparation, you’ll be able to land a data science job in no time!

What does the Airbnb data science interview process look like? [Coming soon]

What does the Facebook data science interview process look like? [Coming soon]

What does the Uber data science interview process look like? [Coming soon]

What does the Microsoft data science interview process look like? [Coming soon]

What does the Google data science interview process look like? [Coming soon]

What does the Netflix data science interview process look like? [Coming soon]

What does the Apple data science interview process look like? [Coming soon]

Question: How is SQL used in real data science jobs?

Real life enterprise databases are orders of magnitude more complex than the “customers, products, orders” examples used as teaching tools. SQL as a language is actually, IMO, a relatively simple language (the db administration component can get complex, but mostly data scientists aren’t doing that anyways). SQL is an incredibly important skill though for any DS role. I think when people emphasize SQL, what they really are talking about is the ability to write queries that interrogate the data and discover the nuances behind how it is collected and/or manipulated by an application before it is written to the dB. For example, is the employee’s phone number their current phone number or does the database store a history of all previous phone numbers? Critically important questions for understanding the nature of your data, and it doesn’t necessarily deal with statistics! The level of syntax required to do this is not that sophisticated, you can get pretty damn far with knowledge of all the joins, group by/analytical functions, filtering and nesting queries. In many cases, the data is too large to just select * and dump into a csv to load into pandas, so you start with SQL against the source. In my mind it’s more important for “SQL skills” to know how to generate hypotheses (that will build up to answering your business question) that can be investigated via a query than it is to be a master of SQL’s syntax. Just my two cents though!

AWS DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Data Visualization example: 12000 Years of Human Population Dynamic

[OC] 12,000 years of human population dynamics from dataisbeautiful

Human population density estimates based on the Hyde 3.2 model.

Capitol insurrection arrests per million people by state

[OC] Capitol insurrection arrests per million people by state from dataisbeautiful

Data Source: Made in Google Sheets using data from this USA Today article (for the number of arrests by arrestee’s home state) and this spreadsheet of the results of the 2020 Census (for the population of each state and DC in 2020, which was used as the denominator in calculating arrests/million people).

AWS Data analytics DAS-C01 Exam Prep

For more information about analytics architecture, visit the AWS Big Data Blog: AWS serverless data analytics pipeline reference architecture here

Basic Data Lake Architecture

Data Analytics Architecture on AWS

Data Analytics Architecture on AWS
Data Analytics Architecture on AWS

Data Analytics Process

Data Analytics Process
Data Analytics Process

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Data Lake Storage:

Data Lake STorage on AWS
Data Lake STorage on AWS – S3

 

AWS DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Event Driven Data Analytics Workflow on AWS

Event Driven Data Analytics Workflow on AWS
Event Driven Data Analytics Workflow on AWS

What is a Data Lake?

AWS Data lake

What is a Data Warehouse?

Data Warehouse
Data Warehouse

What are benefits of a data warehouse?

• Informed decision making

• Consolidated data from many sources

• Historical data analysis

• Data quality, consistency, and accuracy

• Separation of analytics processing from transactional databases

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Data Lake vs Data Warehouse – Comparison

Data Lake vs Data Warehouse comparison

A data warehouse is specially designed for data analytics, which identifies relationships and trends across large amounts of data. A database is used to capture and store data, such as the details of a transaction. Unlike a data warehouse, a data lake is a centralized repository for structured, semi-structured, and unstructured data. A data warehouse organizes data in a tabular format (or schema) that enables SQL queries on the data. But not all applications require data to be in tabular format. Some applications can access data in the data lake even if it is “semi-structured” or unstructured. These include big data analytics, full-text search, and machine learning.

An AWS data lake only has a storage charge for the data. No servers are necessary for the data to be stored and accessed. In the case of Amazon Athena, also, there are no additional charges for processing. Data warehouse enable fast queries of structured data from transactional systems for batch reports, business intelligence, and visualization use cases. A data lake stores data without regard to its structure. Data scientists, data analysts, and business analysts use the data lake. They support use cases such as machine learning, predictive analytics, and data discovery and profiling.

Transactional Data Ingestion

Transactional Data Ingestion on AWS
Transactional Data Ingestion on AWS

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Streaming Data Ingestion on AWS
Streaming Data Ingestion on AWS

Structured Query Language (SQL)

SQL Structured Query Language
SQL Structured Query Language

Data definition language (DDL) refers to the subset of SQL commands that define data structures and objects such as databases, tables, and views. DDL commands include the following:

• CREATE: used to create a new object.

• DROP: used to delete an object.

• ALTER: used to modify an object.

• RENAME: used to rename an object.

• TRUNCATE: used to remove all rows from a table without deleting the table itself.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Data manipulation language (DML) refers to the subset of SQL commands that are used to work with data. DML commands include the following:

• SELECT: used to request records from one or more tables.

• INSERT: used to insert one or more records into a table.

• UPDATE: used to modify the data of one or more records in a table.

• DELETE: used to delete one or more records from a table.

• EXPLAIN: used to analyze and display the expected execution plan of a SQL statement.

• LOCK: used to lock a table from write operations (INSERT, UPDATE, DELETE) and prevent concurrent operations from conflicting with one another.

Data control language (DCL) refers to the subset of SQL commands that are used to configure permissions to objects. DCL commands include:

• GRANT: used to grant access and permissions to a database or object in a database, such as a schema or table.

• REVOKE: used to remove access and permissions from a database or objects in a database.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Comparison of OLTP and OLAP

OLTP vs OLAP
OLTP vs OLAP

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is Amazon Macie?

Amazon Macie
Amazon Macie

Businesses are responsible to identify and limit disclosure of sensitive data such as personally identifiable information (PII) or proprietary information. Identifying and masking sensitive information is time consuming, and becomes more complex in data lakes with various data sources and formats and broad user access to published data sets.

Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to discover sensitive data in AWS. Macie includes a set of managed data identifiers which automatically detect common types of sensitive data. Examples of managed data identifiers include keywords, credentials, financial information, health information, and PII. You can also configure custom data identifiers using keywords or regular expressions to highlight organizational proprietary data, intellectual property, and other specific scenarios. You can develop security controls that operate at scale to monitor and remediate risk automatically when Macie detects sensitive data. You can use AWS Lambda functions to automatically turn on encryption for an Amazon S3 bucket where Macie detects sensitive data. Or automatically tag datasets containing sensitive data, for inclusion in orchestrated data transformations or audit reports.

Amazon Macie can be integrated into the data ingestion and processing steps of your data pipeline. This approach avoids inadvertent disclosures in published data sets by detecting and addressing the sensitive data as it is ingested and processed. Building the automated detection and processing of sensitive data into your ETL pipelines simplifies and standardizes handling of sensitive data at scale.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is AWS Glue DataBrew?

AWS Glue DataBrew
AWS Glue DataBrew

AWS Glue DataBrew is a visual data preparation tool that simplifies cleaning and normalizing datasets in preparation for use in analytics and machine learning.

• Profile data quality, identifying patterns and automatically detecting anomalies.

• Clean and normalize data using over 250 pre-built transformations, without writing code.

• Visually map the lineage of your data to understand data sources and transformation history.

• Save data cleaning and normalization workflows for automatic application to new data.

Data processed in AWS Glue DataBrew is immediately available for use in analytics and machine learning projects.

Learn more about the built-in transformations available in AWS Glue DataBrew in the Recipe actions reference: https://docs.aws.amazon.com/databrew/latest/dg/recipe-actions-reference.html

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is AWS Glue?

AWS Glue
AWS Glue

AWS Glue is a fully managed ETL (extract, transform, and load) service that makes it simple and cost-effective to categorize your data, clean it, enrich it, and move it reliably between various data stores and data streams. AWS Glue consists of a central metadata repository known as the AWS Glue Data Catalog, an ETL engine that automatically generates Python or Scala code, and a flexible scheduler that handles dependency resolution, job monitoring, and retries. AWS Glue can run your ETL jobs as new data arrives. For example, you can use an AWS Lambda function to trigger your ETL jobs to run as soon as new data becomes available in Amazon S3. You can also register this new dataset in the

AWS Glue Data Catalog as part of your ETL jobs.

AWS Glue is serverless, so there’s no infrastructure to set up or manage.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

AWS Glue Data Catalog The AWS Glue Data Catalog provides a uniform repository where disparate systems can store and find metadata to keep track of data in data silos, and use that metadata to query and transform the data. Once the data is cataloged, it is immediately available for search and query using Amazon Athena, Amazon EMR, and Amazon Redshift Spectrum.

You can use AWS Identity and Access Management (IAM) policies to control access to the data sources managed by the AWS Glue Data Catalog. The Data Catalog also provides comprehensive audit and governance capabilities, with schema-change tracking and data access controls.

AWS Glue crawler

AWS Glue crawlers can scan data in all kinds of repositories, classify it, extract schema information from it, and store the metadata automatically in the AWS Glue Data Catalog.

AWS Glue ETL

AWS Glue can run your ETL jobs as new data arrives. For example, you can use an AWS Lambda function to trigger your ETL jobs to run as soon as new data becomes available in Amazon S3. You can also register this new dataset in the AWS Glue Data Catalog as part of your ETL jobs.

AWS Glue Studio

AWS Glue Studio provides a graphical interface to create, run, and monitor extract, transform, and load (ETL) jobs in AWS Glue. You can visually compose data transformation workflows and seamlessly run them on AWS Glue’s Apache Spark-based serverless ETL engine. AWS Glue Studio also offers tools to monitor ETL workflows and validate that they are operating as intended.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is Amazon Athena?

Amazon Athena
Amazon Athena: Serverless Query Engine

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to set up or manage, and you can start analyzing data immediately. You don’t even need to load your data into Athena, it works directly with data stored in S3. To get started, just log into the Amazon Athena console, define your schema, and start querying. Athena uses Presto with full standard SQL support. It works with a variety of standard data formats, including CSV, JSON, ORC, Apache Parquet and Avro. While Athena is ideal for quick, ad-hoc querying, it can also handle complex analysis, including large joins, window functions, and arrays.

Amazon Athena helps you analyze data stored in Amazon S3. You can use Athena to run ad-hoc queries using ANSI SQL, without the need to aggregate or load the data into Athena. It can process unstructured, semi-structured, and structured datasets. Examples include CSV, JSON, Avro or columnar data formats such as Apache Parquet and Apache ORC. Athena integrates with Amazon QuickSight for easy visualization. You can also use Athena to generate reports or to explore data with business intelligence tools or SQL clients, connected via an ODBC or JDBC driver.

The tables and databases that you work with in Athena to run queries are based on metadata. Metadata is data about the underlying data in your dataset. How that metadata describes your dataset is called the schema. For example, a table name, the column names in the table, and the data type of each column are schema, saved as metadata, that describe an underlying dataset. In Athena, we call a system for organizing metadata a data catalog or a metastore. The combination of a dataset and the data catalog that describes it is called a data source.

The relationship of metadata to an underlying dataset depends on the type of data source that you work with. Relational data sources like MySQL, PostgreSQL, and SQL Server tightly integrate the metadata with the dataset. In these systems, the metadata is most often written when the data is written. Other data sources, like those built using Hive, allow you to define metadata on-the-fly when you read the dataset. The dataset can be in a variety of formats; for example, CSV, JSON, Parquet, or Avro.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is AWS Lake Formation?

What is AWS Lake Formation?
What is AWS Lake Formation?

Lake Formation is a fully managed service that enables data engineers, security officers, and data analysts to build, secure, manage, and use your data lake

To build your data lake in AWS Lake Formation, you must register an Amazon S3 location as a data lake. The Lake Formation service must have permission to write to the AWS Glue Data Catalog and to Amazon S3 locations in the data lake.

Next, identify the data sources to be ingested. AWS Lake formation can move data into your data lake from existing Amazon S3 data stores. Lake Formation can collect and organize datasets, such as logs from AWS CloudTrail, AWS CloudFront, detailed billing reports, or Elastic Load Balancing. You can ingest bulk or incremental datasets from relational, NoSQL, or non-relational databases. Lake Formation can ingest data from databases running in Amazon RDS or hosted in Amazon EC2. You can also ingest data from on-premises databases using Java Database Connectivity JDBC connectors. You can use custom AWS Glue jobs to load data from other databases or to ingest streaming data using Amazon Kinesis or Amazon DynamoDB.

AWS Lake Formation manages AWS Glue crawlers, AWS Glue ETL jobs, the AWS Glue Data Catalog, security settings, and access control:

• Lake Formation is an automated build environment based on AWS Glue.

• Lake Formation coordinates AWS Glue crawlers to identify datasets within the specified data stores and collect metadata for each dataset

• Lake Formation can perform transformations on your data, such as rewriting and organizing data into a consistent, analytics-friendly format. Lake Formation creates transformation templates and schedules AWS Glue jobs to prepare and optimize your data for analytics. Lake Formation also helps clean your data using FindMatches, an ML-based deduplication transform. AWS Glue jobs encapsulate scripts, such as ETL scripts, which connect to source data, process it, and write it out to a data target. AWS Glue triggers can start jobs based on a schedule or event, or on demand. AWS Glue workflows orchestrate AWS ETL jobs, crawlers, and triggers. You can define a workflow manually or use a blueprint based on commonly ingested data source types.

• The AWS Glue Data Catalog within the data lake persistently stores the metadata from raw and processed datasets. Metadata about data sources and targets is in the form of databases and tables. Tables store information about the underlying data, including schema information, partition information, and data location. Databases are collections of tables. Each AWS account has one data catalog per AWS Region.

• Lake Formation provides centralized access controls for your data lake, including security policy-based rules for users and applications by role. You can authenticate the users and roles using AWS IAM. Once the rules are defined, Lake Formation enforces them with table-and column-level granularity for users of Amazon Redshift Spectrum and Amazon Athena. Rules are enforced at the table-level in AWS Glue, which is normally accessed for administrators.

• Lake Formation leverages the encryption capabilities of Amazon S3 for data in the data lake. This approach provides automatic server-side encryption with keys managed by the AWS Key Management Service (KMS). S3 encrypts data in transit when replicating across Regions. You can separate accounts for source and destination Regions to further protect your data

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is Amazon Quicksight?

Amazon QuickSight is a cloud-scale business intelligence (BI) service. In a single data dashboard, QuickSight gives decision-makers the opportunity to explore and interpret information in an interactive visual environment. QuickSight can include AWS data, third-party data, big data, spreadsheet data, SaaS data, B2B data, and more. QuickSight delivers fast and responsive query performance by using a robust in-memory engine (SPICE).

Scale from tens to tens of thousands of users

Amazon QuickSight has a serverless architecture that automatically scales to tens of thousands of users without the need to setup, configure, or manage your own servers.

Embed BI dashboards in your applications

With QuickSight, you can quickly embed interactive dashboards into your applications, websites, and portals.

Access deeper insights with Machine Learning

QuickSight leverages the proven machine learning (ML) capabilities of AWS. BI teams can perform advanced analytics without prior data science experience.

Ask questions of your data, receive answers

With QuickSight, you can quickly get answers to business questions asked in natural language with QuickSight’s new ML-powered natural language query capability, Q.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

What is SPICE?

SPICE
SPICE is the Super-fast, Parallel, In-memory Calculation Engine in QuickSight.

SPICE is the Super-fast, Parallel, In-memory Calculation Engine in QuickSight. SPICE is engineered to rapidly perform advanced calculations and serve data. The storage and processing capacity available in SPICE speeds up the analytical queries that you run against your imported data. By using SPICE, you save time because you don’t need to retrieve the data every time that you change an analysis or update a visual.

When you import data into a dataset rather than using a direct SQL query, it becomes SPICE data because of how it’s stored. SPICE is the Amazon QuickSight Super-fast, Parallel, In-memory Calculation Engine. It’s engineered to rapidly perform advanced calculations and serve data. In Enterprise edition, data stored in SPICE is encrypted at rest.

When you create or edit a dataset, you choose to use either SPICE or a direct query, unless the dataset contains uploaded files. Importing (also called ingesting) your data into SPICE can save time and money:

• Your analytical queries process faster.

• You don’t need to wait for a direct query to process.

• Data stored in SPICE can be reused multiple times without incurring additional costs. If you use a data source that charges per query, you’re charged for querying the data when you first create the dataset and later when you refresh the dataset.

AWS Data Analytics Specialty Certification DAS-C01 Exam Prep on iOS

AWS DAS-C01 Exam Prep on android

AWS DAS-C01 Exam Prep on Windows

Serverless data lake reference architecture:

Serverless Data lake Reference Architecture
Serverless Data lake Reference Architecture

You can use AWS services as building blocks to build serverless data lakes and analytics pipelines. You can apply best practices on how to ingest, store, transform, and analyze structured and unstructured data at scale. Achieve the scale without needing to manage any storage or compute infrastructure. A decoupled, component-driven architecture allows you to start small and scale out slowly. You can quickly add new purpose-built components to one of six architecture layers to address new requirements and data sources.

This data lake-centric architecture can support business intelligence (BI) dashboarding, interactive SQL queries, big data processing, predictive analytics, and machine learning use cases.

• The ingestion layer includes protocols to support ingestion of structured, unstructured, or streaming data from a variety of sources.

• The storage layer provides durable, scalable, secure, and cost-effective storage of datasets across ingestion and processing.

• The landing zone stores data as ingested.

• Data engineers run initial quality checks to validate and cleanse data in the landing zone, producing the raw dataset.

• The processing layer creates curated datasets by further cleansing, normalizing, standardizing, and enriching data from the raw zone. The curated dataset is typically stored in formats that support performant and cost-effective access by the consumption layer.

• The catalog layer stores business and technical metadata about the datasets hosted in the storage layer.

• The consumption layer contains functionality for Search, Analytics, and Visualization. It integrates with the data lake storage, cataloging, and security layers. This integration supports analysis methods such as SQL, batch analytics, BI dashboards, reporting, and ML.

• The security and monitoring layer protects data within the storage layer and other resources in the data lake. This layer includes access control, encryption, network protection, usage monitoring, and auditing.

You can learn more about this reference architecture at AWS Big Data Blog: AWS serverless data analytics pipeline reference architecture: https://aws.amazon.com/blogs/big-data/aws-serverless-data-analytics-pipeline-reference-architecture/

What are Data Lakes Best Practices?

What are Data Lakes Best Practices?
What are Data Lakes Best Practices?

The main challenge with a data lake architecture is that raw data is stored with no oversight of the contents. To make the data usable, you must have defined mechanisms to catalog and secure the data. Without these mechanisms, data cannot be found or trusted, resulting in a “data swamp.” Meeting the needs of diverse stakeholders requires data lakes to have governance, semantic consistency, and access controls.

The Analytics Lens for the AWS Well-Architected Framework covers common analytics applications scenarios, including data lakes. It identifies key elements to help you architect your data lake according to best practices, including the following configuration notes:

• Decide on a location for data lake ingestion (that is, an S3 bucket). Select a frequency and isolation mechanism that meets your business needs.

• For Tier 2 Data, partition the data with keys that align to common query filter

. This enables pruning by common analytics tools that work on raw data files and increases performance

• Choose optimal file sizes to reduce Amazon S3 round trips during compute environment ingestion. Recommended: 512 MB – 1 GB in a columnar format (ORC/Parquet) per partition.

• Perform frequent scheduled compactions that align to the optimal file sizes noted previously. For example, compact into daily partitions if hourly files are too small.

• For data with frequent updates or deletes (that is, mutable data), either: o Temporarily store replicated data to a database like Amazon Redshift, Apache Hive, or Amazon RDS. Once the data becomes static, and then offload it to Amazon S3. Or, o Append the data to delta files per partition and compact it on a scheduled basis. You can use AWS Glue or Apache Spark on Amazon EMR for this processing.

With Tier 2 and Tier 3 Data being stored in Amazon S3, partition data using a high cardinality key. This is honored by Presto, Apache Hive, and Apache Spark and improves the query filter performance on that key

• Sort data in each partition with a secondary key that aligns to common filter queries. This allows query engines to skip files and get to requested data faster. For more information on the Analytics Lens for the AWS Well-Architected Framework, visit https://docs.aws.amazon.com/wellarchitected/latest/analytics-lens/data-lake.html

References:

For additional information on AWS data lakes and data analytics architectures, visit:

• AWS Well-Architected: Learn, measure, and build using architectural best practices: https://aws.amazon.com/architecture/well-architected

• AWS Lake Formation: Build a secure data lake in days: https://aws.amazon.com/lake-formation

• Getting Started with Amazon S3: https://aws.amazon.com/s3/getting-started

• Security in AWS Lake Formation: https://docs.aws.amazon.com/lake-formation/latest/dg/security.html 

AWS Lake Formation: How It Works: https://docs.aws.amazon.com/lake-formation/latest/dg/how-it-works.html

• AWS Lake Formation Dashboard: https://us-west-2.console.aws.amazon.com/lakeformation

• Data Lake Storage on AWS: https://aws.amazon.com/products/storage/data-lake-storage/

• Building Big Data Storage Solutions (Data Lakes) for Maximum Flexibility: https://docs.aws.amazon.com/whitepapers/latest/building-data-lakes/building-data-lake-aws.html

• Data Ingestion Methods: https://docs.aws.amazon.com/whitepapers/latest/building-data-lakes/data-ingestion-methods.html

Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps

Advanced Networking - Specialty

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps

The AWS Certified Advanced Networking – Specialty (ANS-C01) examination is intended for individuals who perform complex networking tasks. This examination validates advanced technical skills and experience in designing and implementing AWS and hybrid IT network architectures at scale.

Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps
Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps

AWS ANS-C01 Exam Prep GPT

AWS Advanced Networking Specialty Exam Prep GPTInteractive AWS ANS-C01 exam prep with multiple-choice quizzes and detailed explanations.
AWS Advanced Networking Specialty Exam Prep GPT

AWS Advanced Networking Specialty Exam Prep GPT
AWS Advanced Networking Specialty Exam Prep GPT

The exam covers the following domains:

Domain 1: Design and Implement Hybrid IT Network Architectures at Scale – 23%

Domain 2: Design and Implement AWS Networks – 29%


Domain 3: Automate AWS Tasks – 8%

Domain 4: Configure Network Integration with Application Services – 15%

Domain 5: Design and Implement for Security and Compliance  – 12%


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

Domain 6: Manage, Optimize, and Troubleshoot the Network – 13%

Below are the top 20 Top 20 AWS Certified Advanced Networking – Specialty  Practice Quiz including Questions and Answers and References

Question 1: What is the relationship between private IPv4 addresses and Elastic IP addresses?

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

ANSWER1:

C

Notes/Hint1: 

Reference1: IPv4 and Elastic IP

Get mobile friendly version of the quiz @ the App Store

Question 2: A company’s on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud. A network engineer needs to design a VPC on AWS. The servers within the VPC should be able to communicate with hosts both on the internet and on-premises through a VPN connection. Which combination of configuration steps meet these requirements? (Select TWO.)

A) Set up the VPC with an IP address range of 11.11.253.0/24.

B) Set up the VPC with an RFC 1918 private IP address range (for example, 10.10.10.0/24). Set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

C) Set up a VPN connection between a virtual private gateway and an on-premises router. Set the virtual private gateway as the default gateway for all traffic. Configure the on-premises router to forward traffic to the internet.

D) Set up a VPN connection between a virtual private gateway and an on-premises router. Set the virtual private gateway as the default gateway for traffic destined to 11.11.0.0/24. Add a VPC subnet route to point the default gateway to an internet gateway for internet traffic.

E) Set up the VPC with an RFC 1918 private IP address range (for example, 10.10.10.0/24). Set the virtual private gateway to do a source IP translation of all outbound packets to 11.11.0.0/16.

ANSWER2:

A and C

Notes/Hint2:

The VPC needs to use a CIDR block in the assigned range (and be non-overlapping with the data center). All traffic not destined for the VPC is routed to the virtual private gateway (that route is assumed) and must then be forwarded to the internet when it arrives on-premises. B and E are incorrect because they are not in the assigned range (non-RFC 1918 addresses can be used in a VPC). D is incorrect because it directs traffic to the internet through the internet gateway.

Reference1: CIDR block 

Get mobile friendly version of the quiz @ the App Store

Question 3: Tasks running on Amazon EC2 Container Service (Amazon ECS) can use which mode for container networking (allocating an elastic networking interface to each running task, providing a dynamic private IP address and internal DNS name)?

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

ANSWER3:

A

Notes/Hint3:

Reference3: Task Networking with the awsvpc Network Mode

Get mobile friendly version of the quiz @ the App Store

Question 4: A network engineer needs to design a solution for an application running on an Amazon EC2 instance to connect to a publicly accessible Amazon RDS Multi-AZ DB instance in a different VPC and Region. Security requirements mandate that the traffic not traverse the internet. Which configuration will ensure that the instances communicate privately without routing traffic over the internet?

A) Create a peering connection between the VPCs and update the routing tables to route traffic between the VPCs. Enable DNS resolution support for the VPC peering connection. Configure the application to connect to the DNS endpoint of the DB instance.

B) Create a gateway endpoint to the DB instance. Update the routing tables in the application VPC to route traffic to the gateway endpoint.

C) Configure a transit VPC to route traffic between the VPCs privately. Configure the application to connect to the DNS endpoint of the DB instance.

D) Create a NAT gateway in the same subnet as the EC2 instances. Update the routing tables in the application VPC to route traffic through the NAT gateway to the DNS endpoint of the DB instance.

ANSWER4:

A

Notes/Hint4:

Configuring DNS resolution on the VPC peering connection will allow queries from the application VPC to resolve to the private IP of the DB instance and prevent routing over the internet. B is incorrect because Amazon RDS is not supported by gateway endpoints. C and D are incorrect because the database endpoint will resolve to a public IP and the traffic will go over the internet.

Reference4: DNS Resolution on the VPC Peering connection

Get mobile friendly version of the quiz @ the App Store

Question 5: Management has decided that your firm will implement an AWS hybrid architecture. Given that decision, which of the following is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud?

ANSWER5:

B

Notes/Hint5:

AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud.

Reference5: AWS Snowball 

Get mobile friendly version of the quiz @ the App Store

Question 6: A company has implemented a critical environment on AWS. For compliance purposes, a network engineer needs to verify that the Amazon EC2 instances are using a specific approved security group and belong to a specific VPC. The configuration history of the instances should be recorded and, in the event of any compliance issues, the instances should be automatically stopped. What should be done to meet these requirements?

A) Enable AWS CloudTrail and create a custom Amazon CloudWatch alarm to perform the required checks. When the CloudWatch alarm is in a failed state, trigger the stop this instance action to stop the noncompliant EC2 instance.

B) Configure a scheduled event with AWS CloudWatch Events to invoke an AWS Lambda function to perform the required checks. In the event of a noncompliant resource, invoke another Lambda function to stop the EC2 instance.

C) Configure an event with AWS CloudWatch Events for an EC2 instance state-change notification that triggers an AWS Lambda function to perform the required checks. In the event of a noncompliant resource, invoke another Lambda function to stop the EC2 instance.

D) Enable AWS Config and create custom AWS Config rules to perform the required checks. In the event of a noncompliant resource, use a remediation action to execute an AWS Systems Manager document to stop the EC2 instance.

ANSWER6:

D

Notes/Hint6:

AWS Config provides a detailed view of the configuration of AWS resources in a user’s AWS account. Using AWS Config rules with AWS Systems Manager Automation documents can automatically remediate noncompliant resources

Reference6: AwS Config

Get mobile friendly version of the quiz @ the App Store

Question 7: A previous administrator configured an inbound security group rule for port 80 (TCP) of 0.0.0.0/0 on the web server. What does this allow?

ANSWER7:

C

Notes/Hint7:

This rule allows all inbound traffic to port 80.

Reference7: Inbound Traffic

Get mobile friendly version of the quiz @ the App Store

Question 8: A company is extending its on-premises data center to AWS. Peak traffic is expected to range between 1 Gbps and 2 Gbps. A network engineer must ensure that there is sufficient bandwidth between AWS and the data center to handle peak traffic. The solution should be highly available and cost effective. What should be implemented to address these needs?

A) Deploy a 10 Gbps AWS Direct Connect connection with an IPsec VPN backup.

B) Deploy two 1 Gbps AWS Direct Connect connections in a link aggregation group.

C) Deploy two 1 Gbps AWS Direct Connect connections in a link aggregation group to two different Direct Connect locations.

D) Deploy a 10 Gbps AWS Direct Connect connection to two different Direct Connect locations.

ANSWER8:

C

Notes/Hint8:

Two AWS Direct Connect connections with link aggregation groups in two different Direct Connect locations are required to provide sufficient bandwidth with high availability. If one Direct Connect location experiences a failure, the two Direct Connect connections in the second Direct Connect location will provide backup. All of the other options would be unable to handle the peak traffic if a connection was lost.

Reference8: Direct Connect connections with link aggregation

Get mobile friendly version of the quiz @ the App Store

Question 9: Which of the following DNS record types is not supported by Amazon Route 53?

E) AAAA

F) SRV

ANSWER9:

A

Notes/Hint9:

DNAME is not supported by Amazon Route 53.

Reference9: Route53 record types

Get mobile friendly version of the quiz @ the App Store

Question 10: A network engineer needs to limit access to the company’s Amazon S3 bucket to specific source networks. What should the network engineer do to accomplish this?

A) Create an ACL on the S3 bucket, limiting access to the CIDR blocks of the specified networks.

B) Create a bucket policy on the S3 bucket, limiting access to the CIDR blocks of the specified networks using a condition statement.

C) Create a security group allowing inbound access to the CIDR blocks of the specified networks and apply the security group to the S3 bucket.

D) Create a security group allowing inbound access to the CIDR blocks of the specified networks, create a S3 VPC endpoint, and apply the security group to the VPC endpoint.

ANSWER10:

B

Notes/Hint10:

An Amazon S3 bucket policy that uses a condition statement will support restricting access if the request originates from a specific range of IP addresses. A is incorrect because an S3 ACL does not support IP restrictions. C is incorrect because security groups cannot be applied to S3 buckets. D is incorrect because security groups cannot be applied to an S3 VPC endpoint.

Reference10: S3 Bucket Policy

Get mobile friendly version of the quiz @ the App Store

Question 11: AWS Direct Connect has two separate billable charges: port-hours and data transfer. Pricing is per port-hour consumed for each port type. How are partial port-hours handled?

ANSWER11:

A

Notes/Hint11:

Partial port-hours are billed as full hours.

Reference11: AWS Direct Connect billing

Get mobile friendly version of the quiz @ the App Store

Question 12: A company’s compliance requirements specify that web application logs must be collected and analyzed to identify any malicious activity. A network engineer also needs to monitor for remote attempts to change the network interface of web instances. Which services and configurations will meet these requirements?

A) Install the Amazon CloudWatch Logs agent on the web instances to collect application logs. Use VPC Flow Logs to send data to CloudWatch Logs. Use CloudWatch Logs metric filters to define the patterns to look for in the log data.

B) Configure AWS CloudTrail to log all management and data events to a custom Amazon S3 bucket and Amazon CloudWatch Logs. Use VPC Flow Logs to send data to CloudWatch Logs. Use CloudWatch Logs metric filters to define the patterns to look for in the log data.

C) Configure AWS CloudTrail to log all management events to a custom Amazon S3 bucket and Amazon CloudWatch Logs. Install the Amazon CloudWatch Logs agent on the web instances to collect application logs. Use CloudWatch Logs Insights to define the patterns to look for in the log data.

D) Enable AWS Config to record all configuration changes to the web instances. Configure AWS CloudTrail to log all management and data events to a custom Amazon S3 bucket. Use Amazon Athena to define the patterns to look for in the log data stored in Amazon S3.

ANSWER12:

C

Notes/Hint12:

Web application logs are internal to the operating system, and Amazon CloudWatch Logs Insights can be used to collect and analyze the logs using the CloudWatch agent. AWS CloudTrail monitors all AWS API activity and can be used to monitor particular API calls to identify remote attempts to change the network interface of web instances.

Reference12: Amazon CloudWatch Logs insights

Get mobile friendly version of the quiz @ the App Store

Question 13: What is the maximum number of security groups that you can create for each VPC?

E) 500

F) 5

G) Unlimited

ANSWER13:

D

Notes/Hint13:

250 is the maximum number of security groups that you can create for each VPC.

Reference13: Quotas

Get mobile friendly version of the quiz @ the App Store

Question 14: A company has an application that processes confidential data. The data is currently stored in an on premises data center. A network engineer is moving workloads to AWS, and needs to ensure confidentiality and integrity of the data in transit to AWS. The company has an existing AWS Direct Connect connection. Which combination of steps should the network engineer perform to set up the most cost-effective connection between the on-premises data center and AWS? (Select TWO.)

A) Attach an internet gateway to the VPC.

B) Configure a public virtual interface on the AWS Direct Connect connection.

C) Configure a private virtual interface to the virtual private gateway.

D) Set up an IPsec tunnel between the customer gateway and a software VPN on Amazon EC2.

E) Set up a Site-to-Site VPN between the customer gateway and the virtual private gateway.

ANSWER14:

B and E

Notes/Hint14:

Setting up a VPN over an AWS Direct Connect connection will secure the data in transit. The steps to do so are: set up a public virtual interface and create the Site-to-Site VPN between the data center and the virtual private gateway using the public virtual interface. A is incorrect because it would send traffic over the public internet. C is not possible because a public virtual interface is needed to announce the VPN tunnel IPs. D is incorrect because it would not take advantage of the already existing Direct Connect connection.

Reference14: VPN over Direct Connect

Get mobile friendly version of the quiz @ the App Store

Question 15: A site you are helping create must use Adobe Media Server and the Adobe Real-Time Messaging Protocol (RTMP) to stream media files. When it comes to AWS, an RTMP distribution must use which of the following as the origin?

ANSWER15:

D

Notes/Hint15:

 An RTMP distribution must use S3 bucket as the origin.

Reference15: S3 Bucket as origin

Get mobile friendly version of the quiz @ the App Store

Question 16: A company is creating new features for its ecommerce website. These features will be deployed as microservices using different domain names for each service. The company requires the use of HTTPS for all its public-facing websites. The application requires the client’s source IP. Which combination of actions should be taken to accomplish this? (Select TWO.)

A) Use a Network Load Balancer to distribute traffic to each service.

B) Use an Application Load Balancer to distribute traffic to each service.

C) Configure the application to retrieve client IPs using the X-Forwarded-For header.

D) Configure the application to retrieve client IPs using the X-Forwarded-Host header.

E) Configure the application to retrieve client IPs using the PROXY protocol header.

ANSWER16:

B and C

Notes/Hint16:

An Application Load Balancer supports host-based routing, which is required to route traffic to different microservices based on the domain name. X-Forwarded-For is the correct request header to identify the client’s source IP address.

Reference16: Host based routing

Get mobile friendly version of the quiz @ the App Store

Question 17: What is the maximum number of connections you can have in a LAG (Link Aggregation Group)?

ANSWER17:

A

Notes/Hint17:

The maximum number of connections that a LAG can have is 4.

Reference17: Link Aggregation Group

Get mobile friendly version of the quiz @ the App Store

Question 18: A network engineer is architecting a high performance computing solution on AWS. The system consists of a cluster of Amazon EC2 instances that require low-latency communications between them. Which method will meet these requirements?

A) Launch instances into a single subnet with a size equal to the number of instances required for the cluster.

B) Create a cluster placement group. Launch Elastic Fabric Adapter (EFA)-enabled instances into the placement group.

C) Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach Amazon EBS Provisioned IOPS (PIOPS) volumes. Implement a shared memory system across all instances in the cluster.

D) Choose an Amazon EC2 instance type that offers enhanced networking. Attach a 10 Gbps non-blocking elastic network interface to the instances.

ANSWER18:

B

Notes/Hint18:

Cluster placement groups and Elastic Fabric Adapters (EFAs) are recommended for high performance computing applications that benefit from low network latency, high network throughput, or both. A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an Amazon EBS volume cannot be shared between Amazon EC2 instances. D is only half the solution because the enhanced networking affects the network behaviour of an EC2 instance but not the network infrastructure between instances.

Reference18: Cluster placement groups

Get mobile friendly version of the quiz @ the App Store

Question 19: What is the maximum number of security groups that can be associated with each network interface?

E) 2

ANSWER2:

C

Notes/Hint19:

The default number of security groups that can be associated with each network interface is 5. The maximum is 16. This quota is enforced separately for IPv4 rules and IPv6 rules. 

Reference19: maximum number of security groups per network interface

Get mobile friendly version of the quiz @ the App Store

Question 20: A company’s internal security team receives a request to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly allowed through the corporate firewalls. How can the security team grant this access?

A) Schedule a script to download the Amazon S3 IP prefixes from AWS developer forum announcements. Update the firewall rules accordingly.

B) Schedule a script to download and parse the Amazon S3 IP prefixes from the ip-ranges.json file. Update the firewall rules accordingly.

C) Schedule a script to perform a DNS lookup on Amazon S3 endpoints. Update the firewall rules accordingly.

D) Connect the data center to a VPC using AWS Direct Connect. Create routes that forward traffic from the data center to an Amazon S3 VPC endpoint.

ANSWER20:

B

Notes/Hint20:

The ip-ranges.json file contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in developer forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.

Reference20: ip-range.json

Get mobile friendly version of the quiz @ the App Store

SOURCES:

1- Djamga Cloud Networking Youtube Channel

2- Prepare for Your AWS Certification Exam

LATEST NETWORKING NEWS: 

LATEST NETWORKING JOBS:

CLOUD NETWORKING Q&A:

HOW WIFI WORKS:

How Wi-Fi Works: From Electricity to Information

What is Wi-Fi? Where did it come from?

Wi-Fi is a brand name for wireless networking standards. Wi-Fi lets devices communicate by sending and receiving radio waves.

In 1971, the University of Hawaii demonstrated the first wireless data network, known as ALOHAnet. In 1985, the US FCC opened the ISM radio bands for unlicensed transmissions. After 1985, other countries followed, and more people started experimenting. In 1997 and 1999, the IEEE ratified the first international wireless networking standards. They were called 802.11-1997, 802.11b, and 802.11a. The technology was amazing, but the names were not.

In 1999, the brand-consulting firm Interbrand created the logo and suggested Wi-Fi as the name. Wi-Fi was a pun on hi-fi, referring to high-fidelity audio. Wi-Fi was easier to remember than 802.11, and we’ve been stuck with the name since. The official name is Wi-Fi, but most people don’t capitalize it or include the hyphen. Wi-Fi, WiFi, Wifi, wifi, and 802.11 all refer to the same thing. In the early days, Wi-Fi was used as shorthand for Wireless Fidelity, but it isn’t officially short for anything. According to the Wi-Fi Alliance, Wi-Fi is Wi-Fi.

What does Wi-Fi do? How does Wi-Fi work?

Wi-Fi transmits data using microwaves, which are high-frequency radio waves. Wi-Fi is more complicated than FM radio, but the basic underlying technology is the same. They both encode information into radio waves, which are received and decoded. FM radio does this for sound, Wi-Fi does this for computer data. So how can we use radio waves to send sound, or information?

At a basic level, you can think of two people holding a jump rope. One person raises and lowers their arm quickly, creating a wave. With Wi-Fi, this person would represent your Wi-Fi router, or wireless access point. Keeping the same up and down motion is known as a carrier wave. The person on the other end is the client device, such as a laptop or cell phone. When a wireless client joins the network and senses the carrier wave, it starts listening and waits for small differences in the signal.

In our example, you can imagine feeling the jump rope going up and down, and then receiving a single motion to the right. That single motion to the right can be interpreted as a binary number 1. A motion to the left would be a binary 0. Chain enough 1’s and 0’s together and you can represent complicated things, like all the data on this webpage.

It sounds like magic, but it’s not only Wi-Fi that works this way. Bluetooth, 4G, 5G, and most wireless transmissions work by manipulating waves to transfer electrical signals through the air. A deeper, better question than “How does Wi-Fi work?” is “How do wireless transmissions work?”

If you want a better answer, you need to have a basic understanding of a few things:

    • Fundamental physics of electricity and magnetism

    • Electromagnetic radiation, radio waves, and antennas

  • How wired networks transmit data

I tried my best to keep this understandable, and laid out in a way that makes sense. This stuff is complicated, and hard to explain. That is why there are so many bad explanations of how Wi-Fi works out there.

This isn’t going to be a light and breezy discussion. Each of these topics could be an entire college course, so forgive me for simplifying where possible. Use Wikipedia and other resources to fill in the gaps, or to clarify something I glossed over. As always, corrections and feedback are welcomed.

Let’s dive in the deep end and cover the physics first. If you’re not familiar with fundamental physics, Wikipedia is an amazing resource. The key terms highlighted in blue are links to Wikipedia articles which explain further.

Wi-Fi Physics 101: Electricity and Magnetism
    • A positively or negatively charged particle creates an electric field.

    • An electric field exerts force on other charges around it, attracting or repelling them.

    • Electrical current is a flow of negatively charged electrons through a conductive material, like a wire.

    • Electrical current flowing through a wire creates a magnetic field. This is how electromagnets work.

    • He predicted the existence of electromagnetic waves.

    • His equations describe how electric and magnetic fields are generated by charges, currents, and other field changes.

    • This is known as the 2nd great unification of physics, behind Sir Issac Newton.

    • In 1887, Heinrich Hertz was the first to prove the existence of electromagnetic waves. People thought that was so cool, they used his last name as the unit for a wave’s frequency.

    • Since visible light is an electromagnetic wave, this is how we can see the sun, or distant stars.

    • This is also how we heard Neil Armstrong say “One small step for man…” live from the moon.

    • The warmth you feel from sunlight is due to the radiant energy sunlight contains. All electromagnetic waves have radiant energy.

    • Examples of electromagnetic waves: Visible light, radio waves, microwaves, infrared, ultraviolet, X-rays, and gamma rays.

  • Wi-Fi is an example of a radio wave, specifically a microwave. Microwaves are high-energy radio waves.

Electromagnetic Waves

Electromagnetic waves come in a wide range of forms. The type of wave is categorized by wavelength and frequency.

Wavelength is a measure of the distance over which the wave’s shape repeats. In a typical continuous sine wave like Wi-Fi, every time a wave goes from peak to valley to peak, we call that a cycle. The distance it takes to complete one cycle is its wavelength.

Frequency is a measure of how many cycles the wave makes per second. We use Hertz (Hz) as the measure of frequency, 1 Hz is one cycle per second. The more common MHz and GHz are for millions, or billions, of cycles per second.

Imagine waves on a beach. On calm days the waves are small, and come in slowly. On a windy day the waves have more energy, come in faster, and have less distance between them. Higher energy, higher frequency, shorter wavelength. Unlike ocean waves, electromagnetic waves move at the speed of light. Since their speed is constant, their wavelength and frequency are inverse. As wavelength goes up, frequency does down. If you multiply the wavelength and frequency, you will always get the same value — the speed of light, the speed limit of the universe.

You can graph all the various kinds of electromagnetic waves, with the lowest energy on the left, and the highest energy on the right. We call this the electromagnetic spectrum. I’m not going to cover the entire electromagnetic spectrum, since we are mainly interested in Wi-Fi’s microwaves, and how we can use them to send data wirelessly.

Starting from the left, we have the low-energy waves we call radio. Opinions vary, but I’m going with Wikipedia’s broad definition that radio waves cover from 30 Hz, up to 300 GHz. Compared to the rest of the spectrum, radio’s wavelengths are long, their frequency is slow, and energy is low. Within radio waves, there is a separate category we call microwaves.

Microwaves fall within the broader radio wave range. At a minimum, microwaves cover 3 GHz to 30 GHz, but some people say microwaves extend further than that. The specific range depends on who you ask, but generally you can think of Microwaves as high-frequency radio waves.

Microwaves are used in microwave ovens, Bluetooth, Wi-Fi, your cell phone’s 4G or 5G connection, and lots of other wireless data transmissions. Their higher energy, shorter wavelength, and other properties make them better for high-bandwidth transfers than traditional, lower-powered radio waves.

All waves can be modulated by varying either the amplitude (strength), frequency or phase of the wave. This is what allows Wi-Fi, and any other wireless technology, to encode data in a wireless signal.

Wired Networking Transmissions

Before we cover how wireless data transmission works, we need to understand how wired data transmission works. In wired Ethernet networks, we use the copper inside Ethernet cables to transmit electrical signals. The conductive copper transfers the electrical current applied at one end, through the wire, to the other side.

A typical example would be a PC plugged into an Ethernet switch. If the PC wants to transfer information, it converts binary digits to electrical impulses. On, off, on, off. It sends a specific pattern of 1’s and 0’s across the wire, which is received on the other end. Ethernet is the neighborhood street of the networking world. It’s great for getting around the local area, but you’ll need to jump on the highway if you want to go further.

The highway of the networking world is fiber optic cabling. Just like how Ethernet transfers electrical current, we can do the same thing with lasers and fiber optic cables. Fiber optic cables are made of bendable glass, and they provide a path for light to be transmitted. Since fiber optics require lasers, special transceivers are required at each end. Compared to Ethernet, Fiber optic cables have the advantage of having a longer range, and generally a higher capacity.

Fiber optic cabling carries a big portion of global Internet traffic. We have a wide array of fiber optic cabling over land, and sea. Those connections are what allow you to communicate with someone on the other side of the country, or the other side of the world. This is possible because these transmissions happen at the speed of light.

Here’s where things get fun. Just like how Ethernet and fiber optic cabling take an electrical impulse or beam of light from A to B, we can do the same thing with radios, antennas, and radio waves.

Radios, Antennas, and Wireless Networking

Now that we have a rough common understanding of electromagnetic waves and wired data transmission, how can we transmit data wirelessly? The key is an antenna. Antennas convert electricity into radio waves, and radio waves into electricity. A basic antenna consists of two metal rods connected to a receiver or transmitter.

When transmitting, a radio supplies an alternating electric current to the antenna, and the antenna radiates the energy as electromagnetic waves. When receiving, an antenna reverses this process. It intercepts some of the power of a radio wave to produce an electrical current, which is applied to a receiver, and amplified. Receiving antennas capture a fraction of the original signal, which is why distance, antenna design, and amplification are important for a successful wireless transmission.

If you have a properly tuned, powerful antenna, you can send a signal 1000s of kilometers away, or even into space. It’s not just Wi-Fi, this is what makes satellites, radar, radio, and broadcast TV transmissions work too. Pretty cool, right?

How Wi-Fi Works: From Electricity to Information
    • An intricate pattern of electrons representing computer data flow into your Wi-Fi router, or wireless access point.

    • The access point sends that pattern of electrons to an antenna, generating an electromagnetic wave.

    • By alternating between a positive to negative charge, the wire inside of an antenna creates an oscillating electric and magnetic field. These oscillating fields propagate out into space as electromagnetic waves, and are able to be received by anyone in range.

    • Typical Wi-Fi access points have omnidirectional antennas, which make the wave propagate in all horizontal directions.

    • This wave travels through the air and hits a receiving antenna which reverses the process, converting the radiant energy in the radio wave back into electricity.

    • The electric field of the incoming wave pushes electrons back and forth in the antenna, creating an alternating positive and negative charge. The oscillating field induces voltage and current, which flows to the receiver.

    • The signal is amplified and received, either to the client device or to an Ethernet connection for further routing.

    • A lot of the wave’s energy is lost along the way.

    • If the transmission was successful, the electrical impulses should be a good copy of what was sent.

    • If the transmission wasn’t successful, the data is resent.

  • When the information is received on the other end, it is treated the same as any other data on the network.

More Fun Wi-Fi Facts
    • Wi-Fi has redundancy built-in. If you wanted to send “Hello” your access point wouldn’t send an H, an E, an L, an L and a O. It sends multiple characters for each one, just like you would on a static-filled radio or phone call. It will use its equivalent of the phonetic alphabet to send “Hotel”, “Echo”, “Lima”, “Lima”, “Oscar”.

    • That way, even if you didn’t hear the entire transmission, you are still likely to be able to know that “Hello” was being sent. The level of redundancy varies on signal strength and interference on the channel.

    • If the signal strength is high, the access point and receiver are able to use a complicated modulation scheme, and encode a lot of data.

    • If you think about our jump rope analogy from earlier, rather than just left and right, it can divide into 1/4s, 1/8ths, or further. It can also combine the direction of the modulation with strength, or phase of modulation.

    • The most complex modulation in Wi-Fi 6 is 1024-QAM, which has 1024 unique combinations of amplitude and phase. This results in high throughput, but requires a very strong wireless signal and minimal interference to work effectively.

  • As your wireless signal weakens, complex modulation can’t be understood. Both devices will step down to a less complex modulation scheme. This is why Wi-Fi slows down as you move away from the access point.

First In a Series: Wi-Fi 101

I plan on writing a whole series of posts about Wi-Fi fundamentals which will cover various topics about Wi-Fi, how to improve your home network, and related issues. If there is something you want me to cover, leave a comment below.

Footnotes
    1. The IEEE, an international standards body, sets the definitions of what Wi-Fi is. They’re the reason we have Wi-Fi standards with names like 802.11n, 802.11ac or 802.11ax. They’ve since renamed the major standards to Wi-Fi 1, 2, 3, 4, 5, and 6. With each generation, Wi-Fi gets better, and there are a lot of details to cover. I’ll cover that in a future post.

    1. Hertz did not realize the practical importance of his experiments. “It’s of no use whatsoever. This is just an experiment that proves Maestro Maxwell was right—we just have these mysterious electromagnetic waves that we cannot see with the naked eye. But they are there.” When asked about the applications of his discoveries, Hertz replied, “Nothing, I guess.”You can pay your respects to this legend by always capitalizing the H in MHz and GHz.

    1. It takes about one second for a radio wave to travel from the Earth to the moon. It’s pretty amazing that over 50 years ago we had the technology to capture sound and images on the moon, turn them into electromagnetic waves, beam them back to Earth, and transmit them around the globe. I guess it’s pretty cool we put a human on the moon, too.

    1. If you keep adding energy to microwaves, you can end up in a unique part of the EM spectrum, visible light. Visible light’s wavelengths are measured in nanometers, and nanometers are really small: a human hair is around 75,000 nanometers wide. Visible light has a wavelength between 380 and 740 nanometers and a frequency between 405 and 790 THz (trillions of cycles per second). It’s hard to wrap your head around, but a lot of foundational physics is, too.

  1. Your eye is reading this page because your computer screen is sending out electromagnetic radiation in the visible light portion of the electromagnetic spectrum. Differences in the wavelength cause your eye to interpret different areas of the page as different colors. A whole lot of brain magic and pattern recognition lets you interpret those color variations as letters and words. If I did my job as a writer, there should also be some meaning behind those words. All from some waves shooting out of your screen. Physics is amazing, Wi-Fi isn’t magic, and writing is telepathy.

Source: Reddit

LONGEST NETWORK CONNECTION IN THE UNIVERSE

Every once in a while I go onto the Deep Space Network site to check on Voyager 1 and 2, and just to see what’s going on in general. Currently the round-trip time to V1 is about 1.69 days with a data rate of 150 bits/second, although I’ve seen it as low as 6 bits/sec. V2 is a bit closer at a mere 11 billion miles or so. It’s amazing to me that the entire space craft runs on 4 Watts. V1 and 2 have both departed the solar system.

Testimonials: I Passed the AWS Certified Advanced Networking Specialty

Passed the AWS Certified Advanced Networking Specialty Exam ANS-C01 2022

I recently passed the AWS Certified Advanced Networking Specialty ANS-C01 exam. I have passed the SysOps and SAA certifications before taking the ANS-C01 exam in the past, but man, this test really is challenging. The scenarios are in multiple paragraph form ( 2 or 3 paragraphs for the scenario) and the options are seemingly valid with a slight difference.

For my exam prep, I recommend using the AWS Skill Builder digital course for fast study of the core networking concepts and then take the Tutorials Dojo mock exams for validation. Read all the explanation and retake the mock exams until you feel confident on the topics. Also focus on some Kubernetes Pod Networking in EKS, Transit Gateway, Direct Connect Gateways, AWS Network Firewall and GuardDuty.

Exam Prep Resources I used:

Also read the official exam guide so you know the list of services to focus on. The list of task statements is a gold mine of information. Also read the list of common exam scenarios on TD cheatsheets for final review:

https://tutorialsdojo.com/aws-certified-advanced-networking-specialty-exam-study-path-guide-ans-c01/#common-exam-scenarios-ans-c01

Advanced ANS-C01 Topics I encountered:

  • MacSec

  • “Appliance” mode for Transit Gateway

  • Amazon EKS with Horizonal Pod Scaler

  • Multicast for Transit Gateway

For those who are about to take this exam, I recommend studying seriously for this test. You must really study and know the features of each AWS networking services. Also read up on other success posts in this subreddit, like this one:

https://www.reddit.com/r/AWSCertifications/comments/w9f3cj/passed_aws_certified_networking_specialty_ansc01/

Passed AWS Certified advanced networking – Specialty ANS-C01 2 days ago

This was a tough exam.

Here’s what I used to get prepped:

Exam guide book by Kam Agahian and group of authors – this just got released and has all you need in a concise manual, it also included 3 practice exams, this is a must buy for future reference and covers ALL current exam topics including container networking, SD-WAN etc.

Stephane Maarek’s Udemy course – it is mostly up-to-date with the main exam topics including TGW, network firewall etc. To the point lectures with lots of hands-on demos which gives you just what you need, highly recommended as well!

Tutorial Dojos practice tests to drive it home – this helped me get an idea of the question wording, so I could train myself to read fast, pick out key words, compare similar answers and build confidence in my knowledge.

Crammed daily for 4 weeks (after work, I have a full time job + family) and went in and nailed it. I do have networking background (15+ years) and I am currently working as a cloud security engineer and I’m working with AWS daily, especially EKS, TGW, GWLB etc.

For those not from a networking background – it would definitely take longer to prep.

Good luck!

Top 20 AWS Certified Associate SysOps Administrator Practice Quiz – Questions and Answers Dumps

AWS Certified Security – Specialty Questions and Answers Dumps

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Top 20 AWS Certified Associate SysOps Administrator Practice Quiz – Questions and Answers Dumps

What is the AWS Certified SysOps Administrator – Associate?

The AWS Certified SysOps Administrator – Associate (SOA-C01) examination is intended for individuals who have technical expertise in deployment, management, and operations on AWS.

The AWS Certified SysOps Administrator – Associate exam covers the following domains:

Domain 1: Monitoring and Reporting 22%

Domain 2: High Availability 8%

Domain 3: Deployment and Provisioning 14%

Domain 4: Storage and Data Management 12%


Domain 5: Security and Compliance 18%

Domain 6: Networking 14%

Domain 7: Automation and Optimization 12%


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence (OpenAI, ChatGPT, Google Bard, Generative AI, Discriminative AI, xAI, LLMs, GPUs, Machine Learning, NLP, Promp Engineering)

AWS Certified SysOps Administrator
AWS Certified SysOps Administrator

Top 200 Top 20 AWS Certified Associate SysOps Administrator  Practice Quiz Questions and Answers and References – SOA-C01:

Download Full PDF here

AWS Certified SysOps Administrator – Associate Study guide and Practice Exam
AWS Certified SysOps Administrator – Associate Study guide and Practice Exam

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLF-C02 book

Question 1: Under which security model does AWS provide secure infrastructure and services, while the customer is responsible for secure operating systems, platforms, and data?

ANSWER1:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT1: The Shared Responsibility Model is the security model under which AWS provides secure infrastructure and services, while the customer is responsible for secure operating systems, platforms, and data.

Question 2: Which type of testing method is used to compare a control system to a test system, with the goal of assessing whether changes applied to the test system improve a particular metric compared to the control system?

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

ANSWER2:

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT2: The side-by-side testing method is used to compare a control system to a test system, with the goal of assessing whether changes applied to the test system improve a particular metric compared to the control system.

Reference2: AWS Side by side testing 

Question 3: When BGP is used with a hardware VPN, the IPSec and the BGP connections must both be which of the following on the same user gateway device?

ANSWER3:

B

Get mobile friendly version of the quiz @ the App Store

Ace the Microsoft Azure Fundamentals AZ-900 Certification Exam: Pass the Azure Fundamentals Exam with Ease

NOTES/HINT3: The IPSec and the BGP connections must both be terminated on the same user gateway device.

Reference3: IpSec and BGP in AWS

Question 4: Which pillar of the AWS Well-Architected Framework includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies?

ANSWER4:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT4: Security is the pillar of the AWS Well-Architected Framework that includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reference4: AWS Well-Architected Framework: Security

Question 5: Within the realm of Amazon S3 backups, snapshots are which of the following?

ANSWER5:

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT: Within the realm of Amazon S3 backups, snapshots are block-based.

Reference5: Snapshots are block based

Question 6: Amazon VPC provides the option of creating a hardware VPN connection between remote customer networks and their Amazon VPC over the Internet using which encryption technology?

ANSWER6:

E

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT6: Amazon VPC provides the option of creating a hardware VPN connection between remote customer networks and their Amazon VPC over the Internet using IPsec encryption technology.

Reference6: Amazon VPC IPSec Encryption

Question 7: To make a clean backup of a database, that database should be put into what mode before making a snapshot of it?

ANSWER7:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT7: To make a clean backup of a database, that database should be put into hot backup mode before making a snapshot of it.

Reference: AWS Prescriptive Backup Recovery Guide

Question 8: Which pillar of the AWS Well-Architected Framework includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve?

ANSWER8:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT8: Performance efficiency is the pillar of the AWS Well-Architected Framework that includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Reference8: Performance Efficiency Pillar – AWS Well-Architected Framework

Question 9: AWS Storage Gateway supports which three configurations?

ANSWER9:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT9: AWS Storage Gateway supports Gateway-stored volumes, Gateway-cached volumes, and Gateway-virtual tape library.

Reference9: AWS Storage Gateway configurations

Question 10: With which of the following can you establish private connectivity between AWS and a data center, office, or co-location environment?

ANSWER10:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT10: With AWS Direct Connect you can establish private connectivity between AWS and a data center, office, or co-location environment.

Reference: AWS Direct Connect

Question 11: A company is migrating a legacy web application from a single server to multiple Amazon EC2 instances behind an Application Load Balancer (ALB). After the migration, users report that they are frequently losing their sessions and are being prompted to log in again. Which action should be taken to resolve the issue reported by users?

A) Purchase Reserved Instances.
B) Submit a request for a Spot block.
C) Submit a request for all Spot Instances.
D) Use a mixture of On-Demand and Spot Instances

ANSWER11:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT11: Legacy applications designed to run on a single server frequently store session data locally. When these applications are deployed on multiple instances behind a load balancer, user requests are routed to instances using the round robin routing algorithm. Session data stored on one instance would not be present on the others. By enabling sticky sessions, cookies are used to track user requests and keep subsequent requests going to the same instance.

Reference 11: Sticky Sessions

Question 12: An ecommerce company wants to lower costs on its nightly jobs that aggregate the current day’s sales and store the results in Amazon S3. The jobs run on multiple On-Demand Instances, and the jobs take just under 2 hours to complete. The jobs can run at any time during the night. If the job fails for any reason, it needs to be started from the beginning. Which solution is the MOST cost-effective based on these requirements?

A) Purchase Reserved Instances.

B) Submit a request for a Spot block.

C) Submit a request for all Spot Instances.

D) Use a mixture of On-Demand and Spot Instances.

ANSWER12:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT12: The solution will take advantage of Spot pricing, but by using a Spot block instead of Spot Instances, the company can be assured the job will not be interrupted.

Reference12: Spot Block

Question 13: A sysops team checks their AWS Personal Health Dashboard every week for upcoming AWS hardware maintenance events. Recently, a team member was on vacation and the team missed an event, which resulted in an outage. The team wants a simple method to ensure that everyone is aware of upcoming events without depending on an individual team member checking the dashboard. What should be done to address this?

A) Build a web scraper to monitor the Personal Health Dashboard. When new health events are detected, send a notification to an Amazon SNS topic monitored by the entire team.

B) Create an Amazon CloudWatch Events event based off the AWS Health service and send a notification to an Amazon SNS topic monitored by the entire team.

C) Create an Amazon CloudWatch Events event that sends a notification to an Amazon SNS topic monitored by the entire team to remind the team to view the maintenance events on the Personal Health Dashboard.

D) Create an AWS Lambda function that continuously pings all EC2 instances to confirm their health. Alert the team if this check fails.

ANSWER13:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT13: The AWS Health service publishes Amazon CloudWatch Events. CloudWatch Events can trigger Amazon SNS notifications. This method requires neither additional coding nor infrastructure. It automatically notifies the team of upcoming events, and does not depend upon brittle solutions like web scraping.

Reference 13: Amazon CloudWatch Events

Question14: An application running in a VPC needs to access instances owned by a different account and running in a VPC in a different AWS Region. For compliance purposes, the traffic must not traverse the public internet.
How should a sysops administrator configure network routing to meet these requirements?

A) Within each account, create a custom routing table containing routes that point to the other account’s virtual private gateway.

B) Within each account, set up a NAT gateway in a public subnet in its respective VPC. Then, using the public IP address from the NAT gateway, enable routing between the two VPCs.

C) From one account, configure a Site-to-Site VPN connection between the VPCs. Within each account, add routes in the VPC route tables that point to the CIDR block of the remote VPC.

D) From one account, create a VPC peering request. After an administrator from the other account accepts the request, add routes in the route tables for each VPC that point to the CIDR block of the peered VPC.

ANSWER14:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT14: A VPC peering connection enables routing using each VPC’s private IP addresses as if they were in the same network. Traffic using inter-Region VPC peering always stays on the global AWS backbone and never traverses the public internet.

Reference14: VPC Peering

Question15: An application running on Amazon EC2 instances needs to access data stored in an Amazon DynamoDB table.

Which solution will grant the application access to the table in the MOST secure manner?

A) Create an IAM group for the application and attach a permissions policy with the necessary privileges. Add the EC2 instances to the IAM group.

B) Create an IAM resource policy for the DynamoDB table that grants the necessary permissions to Amazon EC2.

C) Create an IAM role with the necessary privileges to access the DynamoDB table. Associate the role with the EC2 instances.

D) Create an IAM user for the application and attach a permissions policy with the necessary privileges. Generate an access key and embed the key in the application code.

ANSWER15:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT15: An IAM role can be used to provide permissions for applications that are running on Amazon EC2 instances
to make AWS API requests using temporary credentials.

Reference15: IAM Role

Question16: A third-party service uploads objects to Amazon S3 every night. Occasionally, the service uploads an incorrectly formatted version of an object. In these cases, the sysops administrator needs to recover an older version of the object.
What is the MOST efficient way to recover the object without having to retrieve it from the remote service?

A) Configure an Amazon CloudWatch Events scheduled event that triggers an AWS Lambda function that backs up the S3 bucket prior to the nightly job. When bad objects are discovered, restore the backed up version.

B) Create an S3 event on object creation that copies the object to an Amazon Elasticsearch Service (Amazon ES) cluster. When bad objects are discovered, retrieve the previous version from Amazon ES.

C) Create an AWS Lambda function that copies the object to an S3 bucket owned by a different account. Trigger the function when new objects are created in Amazon S3. When bad objects are discovered, retrieve the previous version from the other account.

D) Enable versioning on the S3 bucket. When bad objects are discovered, access previous versions with the AWS CLI or AWS Management Console.

ANSWER16:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT16: Enabling versioning is a simple solution; (A) involves writing custom code, (C) has no versioning, so the replication will overwrite the old version with the bad version if the error is not discovered quickly, and (B) will involve expensive storage that is not well suited for objects.

Reference16: Versioning

Question17: According to the AWS shared responsibility model, for which of the following Amazon EC2 activities is AWS responsible? (Select TWO.)
A) Configuring network ACLs
B) Maintaining network infrastructure
C) Monitoring memory utilization
D) Patching the guest operating system
E) Patching the hypervisor

ANSWER17:

D and E

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT17: AWS provides security of the cloud, including maintenance of the hardware and hypervisor software supporting Amazon EC2. Customers are responsible for any maintenance or monitoring within an EC2 instance, and for configuring their VPC infrastructure.

Reference17: Security of the cloud

Question18: A security and compliance team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). A sysops administrator must implement a process to find EC2 instances launched from unapproved AMIs.

Which solution will meet these requirements?
A) Create a custom report using AWS Systems Manager inventory to identify unapproved AMIs.
B) Run Amazon Inspector on each EC2 instance and flag the instance if it is using unapproved AMIs.
C) Use an AWS Config rule to identify unapproved AMIs.
D) Use AWS Trusted Advisor to identify the EC2 workloads using unapproved AMIs.

ANSWER18:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT18: AWS Config has a managed rule that handles this scenario.

Reference18: Managed Rule

Question19: A sysops administrator observes a large number of rogue HTTP requests on an Application Load Balancer. The requests originate from various IP addresses. These requests cause increased server load and costs.

What should the administrator do to block this traffic?
A) Install Amazon Inspector on Amazon EC2 instances to block the traffic.
B) Use Amazon GuardDuty to protect the web servers from bots and scrapers.
C) Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP addresses in the security groups.
D) Use an AWS WAF rate-based rule to block the traffic when it exceeds a threshold.

ANSWER19:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT19: AWS WAF has rules that can protect web applications from HTTP flood attacks.

Reference19: HTTP Flood

Question20: A sysops administrator is implementing security group policies for a web application running on AWS.

An Elastic Load Balancer connects to a fleet of Amazon EC2 instances that connect to an Amazon RDS database over port 1521. The security groups are named elbSG, ec2SG, and rdsSG, respectively.
How should these security groups be implemented?
A) elbSG: allow port 80 and 443 from 0.0.0.0/0;
ec2SG: allow port 443 from elbSG;
rdsSG: allow port 1521 from ec2SG.

B) elbSG: allow port 80 and 443 from 0.0.0.0/0;
ec2SG: allow port 80 and 443 from elbSG and rdsSG;
rdsSG: allow port 1521 from ec2SG.

C) elbSG: allow port 80 and 443 from ec2SG;
ec2SG: allow port 80 and 443 from elbSG and rdsSG;
rdsSG: allow port 1521 from ec2SG.

D) elbSG: allow port 80 and 443 from ec2SG;
ec2SG: allow port 443 from elbSG;
rdsSG: allow port 1521 from elbSG.

ANSWER20: 

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT20: elbSG must allow all web traffic (HTTP and HTTPS) from the internet. ec2SG must allow traffic from the load balancer only, in this case identified as traffic from elbSG. The database must allow traffic from the EC2 instances only, in this case identified as traffic from ec2SG.

Reference20: Allow all traffic

Question21: You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied tor the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from
the specified IP address block.

A) Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
B) Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
C) Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D) Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

ANSWER21:


C

NOTES22: Add a rule to all of the VPC 5 Security Groups to deny access from the IP address bloc

Reference22: VPC

Question 22: When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit? Choose 3 answers

A) Gather evidence of your IT operational controls
B) Request and obtain applicable third-party audited AWS compliance reports and certifications
C) Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review
D) Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system’s Instances and endpoint
E) Schedule meetings with AWS’s third-party auditors to provide evidence of AWS compliance that maps to your control objectives

ANSWER22:


B, D, E

NOTES22: AWS Security

Reference22: AWS Audit Manager

Question23: You have started a new job and are reviewing your company’s infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?

A) Set the ELB to only be attached to another AZ
B) Make sure Auto Scaling is configured to launch in both AZs
C) Make sure your AMI is available in both AZs
D) Make sure the maximum size of the Auto Scaling Group is greater than 4

ANSWER23:


B

NOTES23: AZs

Reference23: AZs

Question24: You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS.
Which option will provide (he most scalable solution for communicating between the application and SOS?

A) Ensure the application instances are properly configured with an Elastic Load Balancer
B) Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C) Ensure the application instances are launched in public subnets with the associate-publicIP-address=true option enabled
D) Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SOS queue size

ANSWER24:


C

NOTES24: SQS

Reference24: SQS

Question25: You have identified network throughput as a bottleneck on your ml small EC2 instance when uploading data Into Amazon S3 In the same region. How do you remedy this situation?

A) Add an additional ENI
B) Change to a larger Instance
C) Use DirectConnect between EC2 and S3
D) Use EBS PIOPS on the local volume

ANSWER25:


B

NOTES25: EC2 instances

Reference25: EC2 Best Practices

Question 26: When attached to an Amazon VPC which two components provide connectivity with external networks? Choose 2 answers

A) Elastic IPS (EIP)
B) NAT Gateway (NAT)
C) Internet Gateway {IGW)
D) Virtual Private Gateway (VGW)

ANSWER26:

C. D.

NOTES26: IGW and VGW
Reference26: IGW – VGW

Question 27: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases’ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?

A) Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
B) Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits
C) Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
D) Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign
ANSWER: 

D.

NOTES: Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign
Reference: AWS Auto Scaling

Question 28: You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

A) Change the thresholds set on the Auto Scaling group health check
B) Add an Elastic Load Balancing health check to your Auto Scaling group
C) Increase the value for the Health check interval set on the Elastic Load Balancer
D) Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks
ANSWER: 

B.

NOTES: Add an Elastic Load Balancing Health Check to your Auto Scaling GroupBy default, an Auto Scaling group periodically reviews the results of EC2 instance status to determine the health state of each instance. However, if you have associated your Auto Scaling group with an Elastic Load Balancing load balancer, you can choose to use the Elastic Load Balancing health check. In this case, Auto Scaling determines the health status of your instances by checking the results of both the EC2 instance status check and the Elastic Load Balancing instance health check.
Reference:  AWS ELB

Question 29: Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? Choose 2 answers

A) Amazon S3
B) Amazon RDS
C) Amazon EBS
D) Amazon Redshift
ANSWER:

C. D.

NOTES: EBS and Redshift
Reference: EBS and Redshift
ReferenceUrl: EBS and Redshift

Question 30: An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points of failure in this design. What step should you take to achieve this organization’s objective?

A) Nothing, there are no single points of failure in this architecture.
B) Create and attach a second IGW to provide redundant internet connectivity.
C) Create and configure a second Elastic Load Balancer to provide a redundant load balancer.
D) Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

ANSWER

C.

NOTES: Create and configure a second Elastic Load Balancer to provide a redundant load balancer.

Reference: ELB

Question 31: Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers

A) Each subnet maps to a single Availability Zone
B) A CIDR block mask of /25 is the smallest range supported
C) Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
D) By default, all subnets can route between each other, whether they are private or public
E) V Each subnet spans at least 2 Availability zones to provide a high-availability environment
ANSWER

C. E.

NOTES: VPC
Reference: VPC

Question 32: You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?

A) Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
B) Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
C) Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
D) Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

ANSWER: 

B.

NOTES: Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data

Reference: IAM

Question 33: When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

A) Data is automatically saved as an E8S volume.
B) Data is automatically saved as an ESS snapshot.
C) Data is automatically deleted.
D) Data is unavailable until the instance is restarted.
ANSWER: 

D.

NOTES: Data is unavailable until the instance is restarted.
Reference: AWS EC2
ReferenceUrl: AWS EC2 S3-based AMI

Question 34: You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down. What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? Choose 3 answers

A) Leverage CloudFront for the delivery of the articles.
B) Add RDS read-replicas for the read traffic going to your relational database
C) Leverage ElastiCache for caching the most frequently used data.
D) Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
E) Use Route53 health checks to fail over to an S3 bucket for an error page.

ANSWER: 

A. C. E

NOTES: Leverage CloudFront, ElastiCache, Route53
Reference: CloudFront, ElastiCache, Route53

Question 35: The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company’s existing application user management processes. What option would you implement to successfully launch this application1?

A) Create a second, independent LOAP server in AWS for your application to use for authentication
B) Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
C) Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
D) Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

ANSWER: 

D.

NOTES: Trust Relationship
Reference: Trust Relationship

SOURCES:

Djamga DevOps  Youtube Channel:

Prepare for Your AWS Certification Exam

2- GoCertify

SYSOPS AND SYSADMIN NEWS

SYSADMIN – SYSOPS RESOURCES

I WANT TO BECOME A SYSADMIN

This is a common topic that has been asked multiple times.

Professional/Non-technical

Sysadmin Utilities

Security

Linux

Microsoft / Windows Server

Virtualization

MacOS (formerly OSX) and Apple iOS

Google ChromeOS

Backup and Storage

Networking

Monitoring

  • Because your network and infrastructure can’t be a black box

Business and Standards Compliance

Major Vulnerabilities

Podcasts

Documentation

Testimonials:

I was initially nervous about this exam compared to SAA-C02, due to the practical labs. However, they turned out to be really easy with lots of time to fumble about, delete & recreate resources.

My labs:

Create S3 buckets, set access logs, set default encryption with KMS and create a bunch of lifecycle policies

Create a VPC with public/private subnets, create SGs, create & send flow logs to an S3 bucket.

Connect Lambda to a VPC, use RDS proxy to connect to an RDS Database. Select correct execution role for the Lambda.

Exam lab experience

I did not have any negative experiences with the lab environment (I heard a lot of horror stories), however I did take the exam at a testing center.

When you register for your SOA-C02, you gain access (via Pearson VUE E-mail) to a free sample exam lab at Login – OneLearn Training Management System – Skillable – this is the exact same testing environment you will have during the actual exam. I highly recommend you do this, especially if you’re doing the exam from home – any issues you have with the testing environment like laggy interface, copy/paste issues, etc you’ll probably also have during the exam.

Study resources

My study resources were:

Adrian Cantrill’s course

Jon Bonso’s (TutorialDojo) Practice Exams

uacantril’s courses are the best, most high quality courses I’ve ever taken for any subject.

Since I’ve done the SAA-C02 course before doing the SOA-C02 course, I was able to easily skip the shared lessons & demos (there heavy overlap between these two exams) and focus on the SOA-C02 specific topics.

uTutorials_Dojo’s practice exams are 10/10 as preparation material. They were a bit more tricky (in a ‘gotcha’ kind of way) compared to the exam questions, but they were very close to the real thing.

Study methodology

My study plan was as follows:

Study Time: 7:00-9:00 (morning) Mon-Fri, which included:

Going through Adrian’s course

Detailed notes in markdown

Doing potential exam labs in AWS console

Reading AWS official documentation (in case something is not clear)

Review Notes regularly (once course material finished)

Practice Exams

Doing exams in review mode

Delving deeper into topics I was lacking in

This was the plan, but I turned out to be somewhat inconsistent, taking the exam 3 months later than planned due to being a new father and not focusing on just one thing (also did some Python learning during the same period). But, still a pass!

Source: r/AWSCertification

Top 20 AWS Certified Associate SysOps Administrator Practice Quiz - Questions and Answers Dumps

Top 30 AWS Certified Developer Associate Exam Tips

AWS Certified Developer Associate Exam Prep

AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version

Top 30 AWS Certified Developer Associate Exam Tips

AWS Certified Developer Associate Exam Prep Urls

Get the free app at: android: https://play.google.com/store/apps/details?id=com.awscertdevassociateexampreppro.enoumen

iOs: https://apps.apple.com/ca/app/aws-certified-developer-assoc/id1511211095

PRO version with mock exam android: https://play.google.com/store/apps/details?id=com.awscertdevassociateexampreppro.enoumen

PRO version with mock exam ios: https://apps.apple.com/ca/app/aws-certified-dev-ass-dva-c01/id1506519319t


Top 30 AWS Certified Developer Associate Exam Tips
Top 30 AWS Certified Developer Associate Exam Tips

12

What to study: AMAZON CLOUDFRONT  
AWS topics for DVA-C01: AMAZON CLOUDFRONT

18

Know what instance types can be launched from which types of AMIs, and which instance types require an HVM AMI
AWS HVM AMI

19

Have a good understanding of how Route53 supports all of the different DNS record types, and when you would use certain ones over others.
Route 53 supports all of the different DNS record types

20

Know which services have native encryption at rest within the region, and which do not.
AWS Services with native Encryption at rest

21

Kinesis Sharding:
#AWS Kinesis Sharding

22

Handling SSL Certificates in ELB ( Wildcard certificate vs SNI )
#AWS Handling SSL Certificates in ELB ( Wildcard certificate vs SNI )

23

Different types of Aurora Endpoints
#AWS Different types of Aurora Endpoints

24

The Default Termination Policy for Auto Scaling Group (Oldest launch configuration vs Instance Protection)
#AWS Default Termination Policy for Auto Scaling Group

25

Use AWS Cheatsheets – I also found the cheatsheets provided by Tutorials Dojo very helpful. In my opinion, it is better than Jayendrapatil Patil’s blog since it contains more updated information that complements your review notes.
#AWS Cheat Sheet

26

Watch this exam readiness 3hr video, it very recent webinar this provides what is expected in the exam.
#AWS Exam Prep Video

27

Start off watching Ryan’s videos. Try and completely focus on the hands on. Take your time to understand what you are trying to learn and achieve in those LAB Sessions.
#AWS Exam Prep Video

28

Do not rush into completing the videos. Take your time and hone the basics. Focus and spend a lot of time for the back bone of AWS infrastructure – Compute/EC2 section, Storage (S3/EBS/EFS), Networking (Route 53/Load Balancers), RDS, VPC, Route 3. These sections are vast, with lot of concepts to go over and have loads to learn. Trust me you will need to thoroughly understand each one of them to ensure you pass the certification comfortably.
#AWS Exam Prep Video

29

Make sure you go through resources section and also AWS documentation for each components. Go over FAQs. If you have a question, please post it in the community. Trust me, each answer here helps you understand more about AWS.
#AWS Faqs

30

Like any other product/service, each AWS offering has a different flavor. I will take an example of EC2 (Spot/Reserved/Dedicated/On Demand etc.). Make sure you understand what they are, what are the pros/cons of each of these flavors. Applies for all other offerings too.
#AWS Services

31

Follow Neal K Davis on Linkedin and Read his updates about DVA-C01
#AWS Services

What is the AWS Certified Developer Associate Exam?

The AWS Certified Developer – Associate examination is intended for individuals who perform a development role and have one or more years of hands-on experience developing and maintaining an AWS-based application. It validates an examinee’s ability to:

  • Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
  • Demonstrate proficiency in developing, deploying, and debugging cloud-based applications using AWS

There are two types of questions on the examination:

  • Multiple-choice: Has one correct response and three incorrect responses (distractors).
  • Provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.

Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that an examinee with incomplete knowledge or skill would likely choose. However, they are generally plausible responses that fit in the content area defined by the test objective. Unanswered questions are scored as incorrect; there is no penalty for guessing.

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Developer Associate info and details

The AWS Certified Developer Associate Exam is a multiple choice, multiple answer exam. Here is the Exam Overview:

Top

Other AWS Facts and Summaries and Questions/Answers Dump

Top

Additional Information for reference

Below are some useful reference links that would help you to learn about AWS Practitioner Exam.

Other Relevant and Recommended AWS Certifications

AWS Certification Exams Roadmap AWS Certification Exams Roadmap[/caption]

AWS Developer Associate Exam Whitepapers:

AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers.

Top

Online Training and Labs for AWS Certified Developer Associate Exam

Top

AWS Certified Developer Associate Jobs

Pass the 2023 AWS Cloud Practitioner CCP CLF-C02 Certification with flying colors Ace the 2023 AWS Solutions Architect Associate SAA-C03 Exam with Confidence Pass the 2023 AWS Certified Machine Learning Specialty MLS-C01 Exam with Flying Colors

List of Freely available programming books - What is the single most influential book every Programmers should read



#BlackOwned #BlackEntrepreneurs #BlackBuniness #AWSCertified #AWSCloudPractitioner #AWSCertification #AWSCLFC02 #CloudComputing #AWSStudyGuide #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AWSBasics #AWSCertified #AWSMachineLearning #AWSCertification #AWSSpecialty #MachineLearning #AWSStudyGuide #CloudComputing #DataScience #AWSCertified #AWSSolutionsArchitect #AWSArchitectAssociate #AWSCertification #AWSStudyGuide #CloudComputing #AWSArchitecture #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AzureFundamentals #AZ900 #MicrosoftAzure #ITCertification #CertificationPrep #StudyMaterials #TechLearning #MicrosoftCertified #AzureCertification #TechBooks

Top 1000 Canada Quiz and trivia: CANADA CITIZENSHIP TEST- HISTORY - GEOGRAPHY - GOVERNMENT- CULTURE - PEOPLE - LANGUAGES - TRAVEL - WILDLIFE - HOCKEY - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
zCanadian Quiz and Trivia, Canadian History, Citizenship Test, Geography, Wildlife, Secenries, Banff, Tourism

Top 1000 Africa Quiz and trivia: HISTORY - GEOGRAPHY - WILDLIFE - CULTURE - PEOPLE - LANGUAGES - TRAVEL - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
Africa Quiz, Africa Trivia, Quiz, African History, Geography, Wildlife, Culture

Exploring the Pros and Cons of Visiting All Provinces and Territories in Canada.
Exploring the Pros and Cons of Visiting All Provinces and Territories in Canada

Exploring the Advantages and Disadvantages of Visiting All 50 States in the USA
Exploring the Advantages and Disadvantages of Visiting All 50 States in the USA


Health Health, a science-based community to discuss health news and the coronavirus (COVID-19) pandemic

Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.

Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.

Reddit Sports Sports News and Highlights from the NFL, NBA, NHL, MLB, MLS, and leagues around the world.

error: Content is protected !!