「備考歸納2023新版｜Aws certified cloud practitioner(CLF-C02)

Posted on November 14, 2023 • 6 min read • 1,261 words

備考事前準備（實體）請準備雙證件（含有英文名之證件，如：護照）平靜的心，進考場前，會被要求檢查口袋，此外，貴重物品也不能帶入試場，試場外有櫃子可以上鎖。

報考須知

請直接到AWS官網報考（巨匠不提供協助報名之服務），建議選擇「實體」考試，如果您想要「線上」考試的話，需要先下載測試軟體，測試看看您的電腦環境是否可行。

網址如下：

AWS training and certification

如果您英文閱讀會影響到作答時間的話，建議直接報考「繁體中文」，翻譯的品質還可以接受，此外，在測試平台上可以是可以單題切換「英文」，所以有的專有名詞或者服務，您可以切換直接閱讀英文。

備考事前準備（實體）

1. 請準備雙證件（含有英文名之證件，如：護照）
2. 平靜的心

進考場前，會被要求檢查口袋，此外，貴重物品也不能帶入試場，試場外有櫃子可以上鎖。

過去版本 (CLF-C01) 和現有版本 (CLF-C02) 的比較

---

考試範圍

領域 1： 雲端概念 (佔計分內容的 24%) 領域 2： 安全性和合規性 (佔計分內容的 30%) 領域 3： 雲端技術與服務 (佔計分內容的 34%) 領域 4： 帳單、定價和支援 (佔計分內容的 12%)

重點歸納

雲端概念

---

AWS（Amazon Web Services）：

• 成立於 2002 年。
• 超過 100 萬活躍用戶。
• 亞馬遜超過 10% 營收來自 AWS。
• 透過互聯網以按需計價模式提供 IT 基礎設施服務，節省時間、金錢和人力。

AWS 服務分為 23 個 Service Groups： 其中最常用的是 Compute、Storage 和 Database。

上雲的優勢：

• 無需實體伺服器和接線，免除建置伺服機房和維護的麻煩。
• 免去硬體更換和採購的困擾。

雲端計算概念： 雲端計算提供客戶可隨需使用的計算、儲存、資料庫、應用程式等 IT 資源。

雲端收費模式： 按使用量支付，靈活彈性。

虛擬機器監視器 Hypervisor： 用於建立和執行虛擬機器的軟硬體與韌體。

雲端的優勢：

• 資本支出轉為變動費用。
• 從大規模經濟中受益。
• 不需猜測備載容量。
• 提升速度與靈活性。
• 快速進入全球市場。

雲端特點： 彈性、擴展性、經濟實惠。

雲端計算的三種模型：

• IaaS：基礎設施即服務（最大控制權）
• PaaS：平台即服務（次大控制權）
• SaaS：軟體即服務（最小控制權）

雲端安全

---

推薦的安全實踐： 資安責任區分模型、Well-Architected Framework 的五個支柱、最低權限原則。

**AWS 法遵守則：**https://aws.amazon.com/compliance

**AWS 法遵計畫：**https://aws.amazon.com/compliance/programs

AWS 資安責任區分模型：

• 客戶負責雲端內的安全。
• AWS 負責雲端本身的安全。

AWS 安全服務： IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty。

Well-Architected Framework：

五個支柱:

• operational excellence
• security
• reliability
• performance efficiency
• cost optimization

安全：

• IAM
• Detective control
• Infrastructure protection
• Incident response
• Data protection

IAM（身份與存取管理）：

• 免費服務。
• 最低權限原則。
• 用於管理用戶、聯合用戶和 IAM 角色。

Security 考試重點：

• 資安責任區分模型
• Well-Architected Framework 的五個支柱
• 最低權限原則
• 安全服務（IAM、WAF、AWS Shield、Amazon Inspector、AWS Trusted Advisor、Amazon GuardDuty）

計費與帳務

---

AWS Billing and Cost Management Dashboard：

• 估計和規劃 AWS 費用。
• 多重帳號可合併帳單。
• 發送費用接近臨界值的告警。
• 使用 Cost Explorer 圖形化呈現費用。
• 按標籤搜尋帳單。

AWS 主要的帳單費用來源：

• Compute（每小時計費的 EC2）
• Storage（每 GB 計費的 S3）
• 出站資料傳輸

費用的計算器：

• TCO 計算器：由於無需購置先期基礎設施，TCO 會降低。
• Pricing Calculator：估算雲端解決方案的費用。

AWS 免費方案：

• Always Free：例如 Lambda（每月 100 萬請求）。
• 12-month Free：例如 EC2（每月 750 小時）。
• Trials試用：例如 SageMaker（每月 250 小時）。

AWS 支援計畫：

• Basic Support Plan：免費，僅處理帳戶和計費問題。
• Developer Support Plan：無限次技術問題，每月 29 美元。
• Business Support Plan：每月 100 美元或帳單的 3-10%，提供無限次且多人支援。
• Enterprise Support Plan：全天候無限次且多人支援，15 分鐘回應。

建議的 AWS 使用計劃：

• Basic 計劃適合免費客戶。
• Developer 計劃適用於測試和原型製作。
• Business 計劃適用於上線產品。
• Enterprise 計劃提供全套 AWS Trusted Advisor 檢查。"

AWS服務彙整

Category	Service	Explanation
分析
	Amazon Athena	Interactive query service
	AWS Data Exchange	Easily find, subscribe to, and use third-party data
	Amazon EMR	Big data processing framework
	AWS Glue	ETL (Extract, Transform, Load) service
	Amazon Kinesis	Real-time data streaming
	Amazon MSK	Managed streaming for Apache Kafka
	Amazon OpenSearch Service	Managed Elasticsearch service
	Amazon QuickSight	Business Intelligence tool
	Amazon Redshift	Fully managed data warehouse
應用程式整合
	Amazon EventBridge	Serverless event bus for application integration
	Amazon SNS	Fully managed pub/sub messaging
	Amazon SQS	Fully managed message queuing service
	AWS Step Functions	Serverless orchestration service
商業應用程式
	Amazon Connect	Cloud-based contact center service
	Amazon SES	Email sending and receiving service
雲端財務管理
	AWS Billing Conductor	Automated billing and cost management
	AWS Budgets	Set custom cost and usage budgets
	AWS Cost and Usage Report	Detailed cost and usage information
	AWS Cost Explorer	Visualize, understand, and manage AWS costs
	AWS Marketplace	Online software store for buying and selling
運算
	AWS Batch	Run batch computing workloads
	Amazon EC2	Virtual servers in the cloud
	AWS Elastic Beanstalk	Easy deployment and scaling of applications
	Amazon Lightsail	Easy compute instances for small applications
	AWS Local Zones	Extend AWS to specific geographic areas
	AWS Outposts	Extend AWS infrastructure to on-premises
	AWS Wavelength	Ultra-low latency applications at the edge
容器
	Amazon ECR	Docker container registry
	Amazon ECS	Container orchestration service
	Amazon EKS	Managed Kubernetes service
客户參與
	AWS Activate for Startups	Credits, training, technical support for startups
	AWS IQ	Connects customers with AWS Certified freelancers
	AWS Managed Services (AMS)	Operate AWS infrastructure on behalf of customers
	AWS Support	Subscriptions for access to AWS support
資料庫
	Amazon Aurora	MySQL and PostgreSQL-compatible relational DB
	Amazon DynamoDB	NoSQL database service
	Amazon MemoryDB for Redis	Fully managed Redis-compatible in-memory database
	Amazon Neptune	Fully managed graph database service
	Amazon RDS	Relational Database Service
開發人員工具
	AWS AppConfig	Create, deploy, and manage application configurations
	AWS CLI	Command-line interface for AWS
	AWS Cloud9	Cloud-based integrated development environment
	AWS CloudShell	Browser-based command-line interface
	AWS CodeArtifact	Software package repository service
	AWS CodeBuild	Fully managed build service
	AWS CodeCommit	Source control service using Git
	AWS CodeDeploy	Automated deployment service
	AWS CodePipeline	Continuous integration and continuous delivery
	AWS CodeStar	Develop, build, and deploy applications on AWS
	AWS X-Ray	Distributed tracing for applications
終端使用者運算
	Amazon AppStream 2.0	Stream desktop applications to users
	Amazon WorkSpaces	Desktop-as-a-Service (DaaS)
	Amazon WorkSpaces Web	Web access to virtual desktops
前端 Web 和行動應用
	AWS Amplify	Build scalable and secure cloud-powered applications
	AWS AppSync	Managed GraphQL service
	AWS Device Farm	Test Android, iOS, and web apps on real devices
物聯網 (IoT)
	AWS IoT Core	Secure, scalable IoT communication
	AWS IoT Greengrass	Extend AWS IoT functionality to edge devices
機器學習
	Amazon Comprehend	Natural language processing service
	Amazon Kendra	Enterprise search service
	Amazon Lex	Build chatbots and conversational interfaces
	Amazon Polly	Text-to-speech service
	Amazon Rekognition	Image and video analysis service
	Amazon SageMaker	Build, train, and deploy machine learning models
	Amazon Textract	Extract text, forms, and tables from documents
	Amazon Transcribe	Automatic speech recognition service
	Amazon Translate	Neural machine translation service
管理與控管
	AWS Auto Scaling	Automatically adjust capacity based on demand
	AWS CloudFormation	Infrastructure as Code (IaC) service
	AWS CloudTrail	Record and monitor AWS API requests
	Amazon CloudWatch	Monitor resources and applications
	AWS Compute Optimizer	Recommend optimal AWS resources
	AWS Config	Assess, audit, and evaluate configurations
	AWS Control Tower	Set up and govern a secure, multi-account AWS environment
	AWS Health Dashboard	Personalized view of the status of AWS resources
	AWS Launch Wizard	Simplify launching AWS applications
	AWS License Manager	Track and manage software licenses
	AWS 管理主控台	Centralized management console for AWS
	AWS Organizations	Consolidate multiple AWS accounts into an organization
	AWS Resource Groups 和 Tag Editor	Organize and manage resources using tags
	AWS Service Catalog	Create and manage catalogs of IT services
	AWS Systems Manager	Gain operational insights and take action
	AWS Trusted Advisor	Optimize AWS resources for performance and security
	AWS Well-Architected Tool	Review and improve your workload architecture
遷移和傳輸
	AWS Application Discovery Service	Discover and understand enterprise applications
	AWS Application Migration Service	Migrate applications to AWS
	AWS Database Migration Service (AWS DMS)	Migrate databases to AWS
	AWS Migration Hub	Plan and track migrations
	AWS Schema Conversion Tool (AWS SCT)	Convert database schema to AWS-compatible format
	AWS Snow Family	Physical devices to transfer data to/from AWS
	AWS Transfer Family	Securely transfer files to and from AWS
連網和內容交付
	Amazon API Gateway	Create, deploy, and manage APIs
	Amazon CloudFront	Content delivery network (CDN)
	AWS Direct Connect	Dedicated network connection to AWS
	AWS Global Accelerator	Improve global application availability and performance
	Amazon Route 53	Scalable domain name system (DNS)
	Amazon VPC	Isolated virtual networks for AWS resources
	AWS VPN	Securely connect on-premises networks to AWS
安全、身分與合規
	AWS Artifact	On-demand access to AWS compliance reports
	AWS Audit Manager	Simplify the auditing process
	AWS Certificate Manager (ACM)	Provision, manage, and deploy SSL/TLS certificates
	AWS CloudHSM	Hardware-based key storage for regulatory compliance
	Amazon Cognito	Identity and user management for web and mobile apps
	Amazon Detective	Analyze, investigate, and respond to security issues
	AWS Directory Service	Managed Active Directory in the cloud
	AWS Firewall Manager	Centralized management of AWS WAF and security groups
	Amazon GuardDuty	Threat detection service
	AWS IAM	Identity and Access Management for AWS resources
	AWS IAM Identity Center (AWS Single Sign-On)	Cloud Single Sign-On (SSO) service
	Amazon Inspector	Automated security assessment service
	AWS KMS	Key management service for creating and controlling cryptographic keys
	Amazon Macie	Discover, classify, and protect sensitive data
	AWS Network Firewall	Managed firewall service
	AWS RAM	Share AWS resources with any AWS account
	AWS Secrets Manager	Securely store and manage sensitive information
	AWS Security Hub	Comprehensive view of security alerts and compliance status
	AWS Shield	DDoS protection service
	AWS WAF	Web Application Firewall service
無伺服器
	AWS Fargate	Run containers without managing the underlying infrastructure
	AWS Lambda	Run code without provisioning or managing servers
儲存
	AWS Backup	Centralized backup service for AWS resources
	Amazon EBS	Block-level storage volumes for EC2 instances
	Amazon EFS	Fully managed file storage service
	AWS Elastic Disaster Recovery	Cost-effective, highly scalable disaster recovery solution
	Amazon FSx	Fully managed file storage for Windows and Lustre
	Amazon S3	Scalable object storage with data durability
	Amazon S3 Glacier	Low-cost archival storage with configurable retrieval times
	AWS Storage Gateway	Hybrid cloud storage service