Loading Questions...
Resources
Top AWS Solutions Architect Associate Exam Tips
*
This domain makes up 20% of the exam and includes the following 3 objectives:
1. Identify cost-effective storage solutions
2. Identify cost-effective compute and database services
3. Design cost-optimized network architectures
You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario.
You also need to know which services are free and be able to compare the cost of different services that may suit a specific scenario. You’ll definitely need to understand serverless technologies such as AWS Lambda, Amazon Aurora Serverless, and Amazon ECS Fargate.
AWS CERTIFIED SOLUTIONS ARCHITECT SAA-C02 : HOW TO BEST PREPARE IN 5 STEPS
2
Understand bastion hosts, and which subnet one might live on. Bastion hosts are instances that sit within your public subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with the bastion host, it then acts as a ‘jump’ server, allowing you to use SSH or RDP to login to other instances (within private subnets) deeper within your network. When properly configured through the use of security groups and Network ACLs, the bastion essentially acts as a bridge to your private instances via the Internet."
Bastion Hosts
3
Know the difference between Directory Service's AD Connector and Simple AD. Use Simple AD if you need an inexpensive Active Directory–compatible service with the common directory features. AD Connector lets you simply connect your existing on-premises Active Directory to AWS.
AD Connector and Simple AD
4
Know how to enable cross-account access with IAM: To delegate permission to access a resource, you create an IAM role that has two policies attached. The permissions policy grants the user of the role the needed permissions to carry out the desired tasks on the resource. The trust policy specifies which trusted accounts are allowed to grant its users permissions to assume the role. The trust policy on the role in the trusting account is one-half of the permissions. The other half is a permissions policy attached to the user in the trusted account that allows that user to switch to, or assume the role.
Enable cross-account access with IAM
7
Know which services allow you to retain full admin privileges of the underlying EC2 instances
EC2 Full admin privilege
8
Know When Elastic IPs are free or not: If you associate additional EIPs with that instance, you will be charged for each additional EIP associated with that instance per hour on a pro rata basis. Additional EIPs are only available in Amazon VPC. To ensure efficient use of Elastic IP addresses, we impose a small hourly charge when these IP addresses are not associated with a running instance or when they are associated with a stopped instance or unattached network interface.
When are AWS Elastic IPs Free or not?
9
Know what are the four high level categories of information Trusted Advisor supplies.
#AWS Trusted advisor
10
Know how to troubleshoot a connection time out error when trying to connect to an instance in your VPC. You need a security group rule that allows inbound traffic from your public IP address on the proper port, you need a route that sends all traffic destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC, the network ACLs must allow inbound and outbound traffic from your public IP address on the proper port, etc.
#AWS Connection time out error
11
Read the whitepapers about the AWS Well-Architected Framework and its pillars, then make sure you can design technology solutions that balance and satisfy their cost, performance, reliability, operations, and security constraints.
#AWS Well Architected Network
