AWS Academy — Study Guide

Modules: 3 (AWS Global Infrastructure Overview) & 4 (AWS Cloud Security)

Prepared from provided study material (PDFs)

Module 3 — AWS Global Infrastructure Overview

Module objectives
• After completing this module, you should be able to:
• Identify the difference between AWS Regions, Availability Zones, and edge
• locations
• Identify AWS service and service categories
• © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Module overview / Topics

• AWS Global Infrastructure
• AWS service and service category
• overview
• Demo
• AWS Global InfrastructureActivities
• AWS Management Console clickthrough
• Knowledge check
• © 2022
• Amazon Web Services
• Inc. or its affiliates. All rights reserved. 3

Key takeaways
• The AWS Global Infrastructure consists of Regions and
• Availability Zones .
• Your choice of a Region is typically based on
• compliance requirements or to reduce latency .
• Each Availability Zone is physically separate from other
• Availability Zones and has redundant power,
• networking, and connectivity.
• Edge locations , and Regional edge caches improve
• performance by caching content closer to users.
• © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Sample exam question(s)
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low -
latency delivery?
Choice Response
A AWS Regions
B AWS edge locations
C AWS Availability Zones
D Amazon Virtual Private Cloud (Amazon VPC)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31

AWS Regions
AWS Regions, Availability Zones, and edge
locations
•Identify AWS service and service categories
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.Section 1: AWS Global
Infrastructure
Module 3: AWS Global Infrastructure Overview
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5AWS Global
Infrastructure
•The AWS Global Infrastructure is designed and built to deliver a flexible , reliable , scalable ,
and secure cloud computing
environment with high -quality global network performance .
•AWS continually updates its global infrastructure footprint. Visit one of the following web
pages for current
infrastructure information:
•AWS Global Infrastructure Map:
https:// aws.amazon.com /about -aws/global -
infrastructure/# AWS_Global_Infrastruct

Availability Zones
Availability Zones, and edge
locations
•Identify AWS service and service categories
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.Section 1: AWS Global
Infrastructure
Module 3: AWS Global Infrastructure Overview
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5AWS Global
Infrastructure
•The AWS Global Infrastructure is designed and built to deliver a flexible , reliable , scalable ,
and secure cloud computing
environment with high -quality global network performance .
•AWS continually updates its global infrastructure footprint. Visit one of the following web
pages for current
infrastructure information:
•AWS Global Infrastructure Map:
https:// aws.amazon.com /about -aws/global -
infrastructure/# AWS_Global_Infrastructure_Map
Choo

Points of Presence
Points of Presence
•AWS provides a global network of
Points of Presence locations
•Consists of edge locations and a
much smaller number of
Regional edge caches
•Used with Amazon CloudFront
•A global Content Delivery Network
(CDN), that delivers content to end
users with reduced latency
•Regional edge caches used for
content with infrequent access.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12AWS infrastructure
features
•Elasticity and scalability
•Elastic infrastructure; dynamic adaption of capacity
•Scalable infrastructure; adapts to accommodate
growth
•Fault -tolerance
•Continues operating properly in the presence of a
failure
•Built -in redundancy of components
•High availability
•High level of operational performance
•Minimized downtime
•No h

AWS infrastructure features

AWS infrastructure features
•Elasticity and scalability
•Elastic infrastructure; dynamic adaption of capacity
•Scalable infrastructure; adapts to accommodate
growth
•Fault -tolerance
•Continues operating properly in the presence of a
failure
•Built -in redundancy of components
•High availability
•High level of operational performance
•Minimized downtime
•No human interventionAWS RegionAvailability Zone
Data center Data center
Data center Data center
Data center Data center
Data center Data center
Data center Data center
Data center Data centerAvailability Zone
Availability ZonePhysically distinct
Uninterruptible
power supplyBackup
generators
Cooling
equipment
Network
connectivity
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13Key takeaways•The
AWS Globa

AWS data centers

AWS data centers
•AWS data centers are designed for
security .
•Data centers are where the data resides
and data processing occurs.
•Each data center has redundant power,
networking, and connectivity, and is
housed in a separate facility.
•A data center typically has 50,000 to
80,000 physical servers.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11Points of Presence
•AWS provides a global network of
Points of Presence locations
•Consists of edge locations and a
much smaller number of
Regional edge caches
•Used with Amazon CloudFront
•A global Content Delivery Network
(CDN), that delivers content to end
users with reduced latency
•Regional edge caches used for
content with infrequent access.

© 2022, Amazon Web Services, Inc. or its affiliates. All

Module 4 — AWS Cloud Security

Module objectives
• After completing this module, you should be able to:
• Recognize the shared responsibility model
• Identify the responsibility of the customer and AWS
• Recognize IAM users, groups, and roles
• Describe different types of security credentials in IAM
• Identify the steps to securing a new AWS account
• Explore IAM users and groups
• Recognize how to secure AWS data
• Recognize AWS compliance programs
• © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.Module 4: AWS Cloud
Security

AWS shared responsibility model

AWS shared responsibility model
•AWS Identity and Access Management (IAM)
•Securing a new AWS account
•Securing accounts
•Securing data on AWS
•Working to ensure complianceActivities
•AWS shared responsibility model activity
Demo
•Recorded demonstration of IAM
Lab
•Introduction to AWS IAM
Knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3Module objectives
After completing this module, you should be able to:
•Recognize the shared responsibility model
•Identify the responsibility of the customer and AWS
•Recognize IAM users, groups, and roles
•Describe different types of security credentials in IAM
•Identify the steps to securing a new AWS account
•Explore IAM users and groups
•Recognize how to secure AWS data
•Recognize AWS compliance programs
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.Module 4: AWS Cloud
SecuritySection 1: AWS shared responsibility
model
© 2022, Amazon Web Services, Inc. or its affiliates. All ri

IAM — Key concepts

AWS Identity and Access Management (IAM)
•Securing a new AWS account
•Securing accounts
•Securing data on AWS
•Working to ensure complianceActivities
•AWS shared responsibility model activity
Demo
•Recorded demonstration of IAM
Lab
•Introduction to AWS IAM
Knowledge check

© 2022, Amazon Web Services, Inc.

or its affiliates.

All rights reserved.

3Module objectives
After completing this module, you should be able to:
•Recognize the shared responsibility model
•Identify the responsibility of the customer and AWS
•Recognize IAM users, groups, and roles
•Describe different types of security credentials in IAM
•Identify the steps to securing a new AWS account
•Explore IAM users and groups
•Recognize how to secure AWS data
•Recognize AWS compliance programs
© 2022, Amazon Web Services, Inc.

or its affiliates.

All rights reserved.Module 4: AWS Cloud SecuritySection 1: AWS shared responsibility

model
© 2022, Amazon Web Services, Inc.

or its affiliates.
All rights reserved.AWS shared responsibility model
5
© 2022, Amazon Web Services, Inc.

or its affiliates.

All rights reserved.

6AWS responsibility: Security of the cloud

AWS responsibilities:
•Physical security of data centers
•Controlled

Sample exam question(s)

Which of the following is AWS's responsibility under the
AWS shared responsibility model?
Choice Response
A Configuring third -party applications
B Maintaining physical hardware
C Securing application access and data
D Managing custom Amazon Machine Images (AMIs)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 80
Study checklist (practical study actions)
1. Memorize definitions: Region, Availability Zone, Edge Location, Data center.
2. Understand differences between AWS responsibilities and customer responsibilities in the
shared responsibility model.
3. Know IAM concepts: users, groups, roles, policies (identity-based vs resource-based), and
MFA.
4. Practice reading simple IAM JSON policy examples and identify 'Allow' vs 'Deny'.
5. Know tools: CloudTrail, AWS Config, AWS Artifact, KMS, AWS Organizations, AWS Shield.
6. Review the sample exam questions included in each module and explain why the correct
answer is correct.

Exam tips
• Read keywords carefully (e.g., 'security of the cloud' = AWS, 'security in the cloud' =
customer).
• Remember that explicit Deny always overrides Allow in IAM policies.
• For architecture questions, consider region, latency, and compliance when selecting
Regions.
• Use process-of-elimination on multiple-choice exam questions; eliminate obviously wrong
answers first.