[心得] AWS 雲端專業級解決方案架構師(SAP) 準備心得
一年多前誤打誤撞地踏入了雲端技術的領域, 一開始接觸MS微軟的 Azure, 後來接觸
AWS 雲端平台後, 就專注在這個AWS領域了~~ AWS的市占率是位居第一,
使用的客戶也是最多, 另外幾個知名公司如, Apple , Nextflix等等, 都是AWS的忠實的愛用者,
這次來說說考試的心得了.
AWS solution architect certification (以下簡稱 SAP )考試, 是一個長期經驗累積的
證照 , AWS高達數千種的產品, 幾乎大部分都要能知道它是做甚麼用的,
以下是簡單的學習路徑, 一般來說是要先到 Associate才能到 Professional.
目前原廠也都開放讓一些高手們直接考了SAP, 我自己是兩張有通去考,
先SAA 過五個月在到 SAP.
考試準備的方向,
常用的產品, 如EC2 , S3, RDS, Beanstalk 請完全了解清楚,
網站上都有很清楚的FAQ的章節, 我覺得都值得去看跟了解. 觀念要清楚才
能看得懂考題再寫甚麼情境XD. 因為工作關係, 我幾乎每天都在翻閱這些FAQ,
可以看越多通過機率越高.
舉個例子來說,
問:是否可在不使用公有 IP 的情況下,從 Amazon Virtual Private Cloud (VPC) 以私有方式存取 Elastic Load Balancing API?
答:是,您可以透過建立 VPC 端點,從 Amazon Virtual Private Cloud (VPC) 以私有方式存取 Elastic Load Balancing API。使用 VPC 端點,AWS 網路會處理 VPC 和 Elastic Load Balancing API 之間的路由,無須使用網際網路閘道、NAT 閘道或 VPN 連接。Elastic Load Balancing 使用的最新一代 VPC 端點採用 AWS PrivateLink 技術,這項 AWS 技術可使用彈性網路界面 (ENI) 搭配 VPC 的私有 IP 啟用 AWS 服務間的私有連線
這一題就出現了幾個服務, VPC / ALB / VPN / ENI/ VPN / NAT , 是得你全部都要懂,
這是甚麼東西, 考題不會只考一項產品, 都是多個組合產品讓你選擇.
這一題就出現了幾個服務, VPC / ALB / VPN / ENI/ VPN / NAT , 是得你全部都要懂,
這是甚麼東西, 考題不會只考一項產品, 都是多個組合產品讓你選擇.
再來有空去看一下原廠的白皮書, 周邊也有朋友很喜歡看影片, 這也是不錯的方式.
不喜歡看一堆密密麻麻的英文, 就看英文影片吧~
考SAP幾個關鍵, 已經說到了 FAQ & 白皮書, 再來有朋友問我實作要嗎?
我的答案是肯定的, YES, 有幾項基礎的產品: EC2 / S3 / RDS 要會用,
中階一點Serverless的產品: ecs / ecr / lambda 這也要略知一二才行,
會不會有操作題型呢? 這倒是放心不多但有, 只要把情境題攻下 , 通過機率很高.
參考一下, 官方建議準備方向,
Domain % of Examination
Domain 1: Design for Organizational Complexity 12.5%
Domain 2: Design for New Solutions 31%
Domain 3: Migration Planning 15%
Domain 4: Cost Control 12.5%
Domain 5: Continuous Improvement for Existing Solutions 29%
考題分析
先來最簡單的, 算是中等長度的題目
QUESTION 1You would like to create a mirror image of your production environment in another region for
disaster recovery purposes.
Which of the following AWS resources do not need to be recreated in the second region? Choose
2 answers
A. Route S3 Record Sets
B. Launch Configurations
C. EC2 Key Pairs
D. Security Groups
E. IAM Roles
F. Elastic IP Addresses (EIP)
Answer: AE
這是考概念題, 每個產品的是否為單AZ, 單region 或是global
QUESTION
You are designing a personal document-archiving solution for your global enterprise with
thousands of employee. Each employee has potentially gigabytes of data to be backed up in this
archiving solution. The solution will be exposed to the employees as an application, where they
can just drag and drop their files to the archiving system. Employees can retrieve their archives
through a web interface. The corporate network has high bandwidth AWS Direct Connect
connectivity to AWS. You have a regulatory requirement that all data needs to be encrypted
before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?
A. Manage encryption keys on-premises in an encrypted relational database. Set up an on-premises
server with sufficient storage to temporarily store files, and then upload them to Amazon S3,
providing a client-side master key.
B. Mange encryption keys in a Hardware Security Module (HSM) appliance on-premises serve r with
sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.
C. Manage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple
Storage Service (S3) with client-side encryption using a KMS customer master key ID, and
configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage
tier.
D. Manage encryption keys in an AWS CloudHSM appliance. Encrypt files prior to uploading on the
employee desktop, and then upload directly into Amazon Glacier.
Answer: C
考前一小時, 就盡量不要喝水了, 3hr的考試很漫長, 自己放輕鬆作答,
我自己就寫了160分, 才出來的.
考場可以選擇PSI 和 Pearson VUE
兩個的環境都很好, 測驗中心網路提供一致的體驗,測驗中心的體驗應該不會有太大差異。
記得提前報到, 會要求證件檢查,並在報到時拍照。
QUESTION
You are designing a personal document-archiving solution for your global enterprise with
thousands of employee. Each employee has potentially gigabytes of data to be backed up in this
archiving solution. The solution will be exposed to the employees as an application, where they
can just drag and drop their files to the archiving system. Employees can retrieve their archives
through a web interface. The corporate network has high bandwidth AWS Direct Connect
connectivity to AWS. You have a regulatory requirement that all data needs to be encrypted
before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?
A. Manage encryption keys on-premises in an encrypted relational database. Set up an on-premises
server with sufficient storage to temporarily store files, and then upload them to Amazon S3,
providing a client-side master key.
B. Mange encryption keys in a Hardware Security Module (HSM) appliance on-premises serve r with
sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.
C. Manage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple
Storage Service (S3) with client-side encryption using a KMS customer master key ID, and
configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage
tier.
D. Manage encryption keys in an AWS CloudHSM appliance. Encrypt files prior to uploading on the
employee desktop, and then upload directly into Amazon Glacier.
Answer: C
S3本來就是99.99999%的高可用性產品, 只要再透過KMS加上一個customer master key
就可以讓S3達到加密的目標.
這一題就相對題型很長, 考試的題目請都以這題的長度為基礎往上加,
情境也是五花八門, 看自己熟練度了.
考試注意事項:
原則上每1~2年, AWS就會更換考試方向, 增加新產品, 所以這證照每三天就要renew,
其實就是重考一次, 督促你每天都在讀書, Oh my God.
考試的時間為190分鐘, 75題, 可以選擇中文, 但我跟你說會看不懂翻譯, 感覺更糟糕,
還是建議以英文為主的方式進行. 要考到750分以上,每題計算標準, 只有aws知道,
一考完馬上就可以知道有沒有PASS (按下結束時, 真的很緊張)
考前一小時, 就盡量不要喝水了, 3hr的考試很漫長, 自己放輕鬆作答,
我自己就寫了160分, 才出來的.
考場可以選擇PSI 和 Pearson VUE
兩個的環境都很好, 測驗中心網路提供一致的體驗,測驗中心的體驗應該不會有太大差異。
記得提前報到, 會要求證件檢查,並在報到時拍照。
另外, PSI 和 Pearson VUE 提供的考試是否相同?兩個供應商的考試方法都相同,
包括考試時間長度和及格標準。
包括考試時間長度和及格標準。
最後, 就祝大家考試順利了.