1
00:00:00,180 --> 00:00:02,570
‫Okay so I hope your tried with me to answer the questions,

2
00:00:02,570 --> 00:00:05,010
‫let's see what are the correct answers.

3
00:00:05,010 --> 00:00:07,920
‫So why is AWS more economical than traditional data centers

4
00:00:07,920 --> 00:00:10,800
‫for applications with varying compute workloads?

5
00:00:10,800 --> 00:00:14,610
‫So option one EC2 costs are billed on a monthly basis.

6
00:00:14,610 --> 00:00:15,760
‫Yes that is true,

7
00:00:15,760 --> 00:00:17,810
‫but it's not going to be more economical.

8
00:00:17,810 --> 00:00:19,610
‫Users retain full administrative access

9
00:00:19,610 --> 00:00:20,860
‫to their EC2 instance,

10
00:00:20,860 --> 00:00:21,693
‫that's also true,

11
00:00:21,693 --> 00:00:24,060
‫but it's also true on traditional data centers,

12
00:00:24,060 --> 00:00:26,130
‫so it's not gonna be more economical.

13
00:00:26,130 --> 00:00:29,420
‫Amazon EC2 instances can be launched on demand when needed,

14
00:00:29,420 --> 00:00:32,500
‫that is true, and it's going to be more economical

15
00:00:32,500 --> 00:00:34,540
‫because that means that we can launch them

16
00:00:34,540 --> 00:00:37,040
‫and terminate them when we need as well,

17
00:00:37,040 --> 00:00:39,120
‫and that's going to bring us cost saving,

18
00:00:39,120 --> 00:00:41,320
‫and this is something that we cannot do easily

19
00:00:41,320 --> 00:00:42,270
‫on data centers,

20
00:00:42,270 --> 00:00:44,040
‫or if we do that on data centers,

21
00:00:44,040 --> 00:00:45,200
‫the hardware we still have

22
00:00:45,200 --> 00:00:46,730
‫and we still pay for.

23
00:00:46,730 --> 00:00:48,890
‫And finally users can permanently run

24
00:00:48,890 --> 00:00:51,440
‫through enough instances to handle peak workload,

25
00:00:51,440 --> 00:00:52,650
‫yep, that's true,

26
00:00:52,650 --> 00:00:55,260
‫but again it's not going to be more economical.

27
00:00:55,260 --> 00:00:59,180
‫So option C in this example is the right answer.

28
00:00:59,180 --> 00:01:02,350
‫Now question two is a simple find the right service for us,

29
00:01:02,350 --> 00:01:05,410
‫so which AWS service would simplify the migration

30
00:01:05,410 --> 00:01:07,440
‫of a database in AWS,

31
00:01:07,440 --> 00:01:09,130
‫and to be honest, it's very easy,

32
00:01:09,130 --> 00:01:10,010
‫it's answer B

33
00:01:10,010 --> 00:01:12,900
‫because the name is Database Migration Service, or DMS,

34
00:01:12,900 --> 00:01:15,210
‫but we have also seen this DMS service in the course,

35
00:01:15,210 --> 00:01:16,950
‫so quite an easy question

36
00:01:16,950 --> 00:01:19,210
‫and honestly you will get questions like this

37
00:01:19,210 --> 00:01:20,880
‫in the actual exam.

38
00:01:20,880 --> 00:01:22,210
‫Okay yet another question

39
00:01:22,210 --> 00:01:23,830
‫where we choose the right service.

40
00:01:23,830 --> 00:01:27,270
‫So which offering enables users to find, buy,

41
00:01:27,270 --> 00:01:29,790
‫and immediately start using software solutions

42
00:01:29,790 --> 00:01:31,890
‫in their AWS environment?

43
00:01:31,890 --> 00:01:33,680
‫So Config no because it allows us

44
00:01:33,680 --> 00:01:36,140
‫to get the configuration in the bucket

45
00:01:36,140 --> 00:01:37,870
‫and to look at compliance rules.

46
00:01:37,870 --> 00:01:40,780
‫OpsWorks is for manage chefs and puppets.

47
00:01:40,780 --> 00:01:43,470
‫The SDK is a software development kit

48
00:01:43,470 --> 00:01:44,303
‫and this is not a service,

49
00:01:44,303 --> 00:01:47,360
‫this used to integrate the AWS operations

50
00:01:47,360 --> 00:01:48,840
‫into a programming language,

51
00:01:48,840 --> 00:01:50,880
‫so by elimination we can go into the Marketplace,

52
00:01:50,880 --> 00:01:52,430
‫but yes we've seen the Marketplace,

53
00:01:52,430 --> 00:01:54,390
‫and we've seen that on the Marketplace,

54
00:01:54,390 --> 00:01:57,370
‫you can buy AMIs, you can buy containers,

55
00:01:57,370 --> 00:01:59,520
‫you can buy solutions directly from it,

56
00:01:59,520 --> 00:02:02,760
‫and use them in your environment right away.

57
00:02:02,760 --> 00:02:04,610
‫Okay, question four,

58
00:02:04,610 --> 00:02:07,100
‫which networking service enables a company

59
00:02:07,100 --> 00:02:10,080
‫to create a virtual network within AWS,

60
00:02:10,080 --> 00:02:12,730
‫so again it is for you to find the right service

61
00:02:12,730 --> 00:02:14,200
‫to understand what it is,

62
00:02:14,200 --> 00:02:17,180
‫so it is the VPC, Virtual Private Cloud,

63
00:02:17,180 --> 00:02:19,610
‫because from the VPC we can differentiate virtual network,

64
00:02:19,610 --> 00:02:21,000
‫and then we characterize our subnets,

65
00:02:21,000 --> 00:02:24,320
‫and within the subnets we can create EC2 instances.

66
00:02:24,320 --> 00:02:25,490
‫Config we've seen what it was,

67
00:02:25,490 --> 00:02:28,410
‫Route 53 is going to be a DNS service,

68
00:02:28,410 --> 00:02:29,700
‫and Direct Connect is used

69
00:02:29,700 --> 00:02:33,510
‫to privately connect your on-premise data center to AWS.

70
00:02:33,510 --> 00:02:34,760
‫That takes about a month,

71
00:02:34,760 --> 00:02:37,530
‫but it is going to be a private physical connection.

72
00:02:37,530 --> 00:02:38,410
‫Okay good so it seems

73
00:02:38,410 --> 00:02:41,140
‫like we are covering everything pretty easily.

74
00:02:41,140 --> 00:02:44,640
‫Now which of the following is an responsibility of AWS

75
00:02:44,640 --> 00:02:46,440
‫under the shared responsibility model?

76
00:02:46,440 --> 00:02:48,800
‫So this is something you're going to get a lot on the exam.

77
00:02:48,800 --> 00:02:50,730
‫On my exam I think I got four or five questions

78
00:02:50,730 --> 00:02:52,440
‫around the shared responsibility model,

79
00:02:52,440 --> 00:02:55,010
‫so this is good to remember that AWS is responsible

80
00:02:55,010 --> 00:02:56,620
‫for the security of the cloud,

81
00:02:56,620 --> 00:03:00,500
‫and you are responsible for the security in the cloud.

82
00:03:00,500 --> 00:03:03,560
‫So we are asked about what is the responsibility of AWS

83
00:03:03,560 --> 00:03:05,030
‫in this situation.

84
00:03:05,030 --> 00:03:07,560
‫So configuring third-party applications,

85
00:03:07,560 --> 00:03:09,560
‫well it says third-party, so it's not gonna be

86
00:03:09,560 --> 00:03:11,770
‫for AWS too so I'll eliminate that.

87
00:03:11,770 --> 00:03:13,310
‫Maintaining physical hardware,

88
00:03:13,310 --> 00:03:15,360
‫yes that is a responsibility of AWS

89
00:03:15,360 --> 00:03:17,880
‫because it is something we do not have access to.

90
00:03:17,880 --> 00:03:20,510
‫It is their responsibility to create the hardware

91
00:03:20,510 --> 00:03:22,830
‫to maintain the servers

92
00:03:22,830 --> 00:03:24,590
‫and the storage et cetera, et cetera.

93
00:03:24,590 --> 00:03:26,730
‫Securing application access and data.

94
00:03:26,730 --> 00:03:28,200
‫This is our responsibility,

95
00:03:28,200 --> 00:03:29,680
‫okay we are given the tools,

96
00:03:29,680 --> 00:03:31,660
‫but configuring the security groups,

97
00:03:31,660 --> 00:03:34,180
‫encrypting data is our responsibility,

98
00:03:34,180 --> 00:03:36,320
‫and finally managing the guest operating systems

99
00:03:36,320 --> 00:03:38,290
‫is also our responsibility,

100
00:03:38,290 --> 00:03:40,200
‫so whenever we create an EC2 instance,

101
00:03:40,200 --> 00:03:43,620
‫it's up to us to update it in a timely manner

102
00:03:43,620 --> 00:03:47,290
‫to make sure that it is protected against vulnerabilities.

103
00:03:47,290 --> 00:03:48,450
‫Okay good.

104
00:03:48,450 --> 00:03:49,790
‫Now question six.

105
00:03:49,790 --> 00:03:52,670
‫Which component of the global infrastructure

106
00:03:52,670 --> 00:03:56,180
‫does CloudFront use to ensure low-latency delivery?

107
00:03:56,180 --> 00:03:58,180
‫So CloudFront is a global service,

108
00:03:58,180 --> 00:03:59,013
‫so we're looking at something

109
00:03:59,013 --> 00:04:00,660
‫that's going to be all around the world,

110
00:04:00,660 --> 00:04:02,260
‫and it's not going to be Regions,

111
00:04:02,260 --> 00:04:04,650
‫because CloudFront is more than that,

112
00:04:04,650 --> 00:04:07,420
‫it is using Edge locations or points of presence.

113
00:04:07,420 --> 00:04:09,890
‫We have over 200 of them around the world,

114
00:04:09,890 --> 00:04:11,020
‫so it's not gonna be regions,

115
00:04:11,020 --> 00:04:12,920
‫it is definitely Edge locations.

116
00:04:12,920 --> 00:04:16,060
‫It is not AZ, and it is not a VPC,

117
00:04:16,060 --> 00:04:18,920
‫and that is really a structure of this one.

118
00:04:18,920 --> 00:04:20,130
‫Okay good.

119
00:04:20,130 --> 00:04:20,990
‫Question seven, so

120
00:04:20,990 --> 00:04:24,170
‫how would a system administrator add an additional layer

121
00:04:24,170 --> 00:04:27,580
‫of login security to a user's Management Console?

122
00:04:27,580 --> 00:04:29,870
‫So here there is a service we've never seen before,

123
00:04:29,870 --> 00:04:31,550
‫which is Amazon Cloud Directory,

124
00:04:31,550 --> 00:04:33,820
‫but again I say that if we haven't seen a service,

125
00:04:33,820 --> 00:04:35,910
‫it's probably intended on me not

126
00:04:35,910 --> 00:04:36,743
‫to show you that service

127
00:04:36,743 --> 00:04:38,940
‫because it's not going to be a correct answer,

128
00:04:38,940 --> 00:04:41,010
‫so we can safely rule that out.

129
00:04:41,010 --> 00:04:44,690
‫Then Audit IAM roles is not going to help.

130
00:04:44,690 --> 00:04:47,040
‫IAM roles are going to be affected,

131
00:04:47,040 --> 00:04:49,340
‫for example for EC2 instances.

132
00:04:49,340 --> 00:04:52,290
‫They're meant to be used by either services themselves.

133
00:04:52,290 --> 00:04:53,910
‫But here we are concerned

134
00:04:53,910 --> 00:04:56,220
‫with a login of a user,

135
00:04:56,220 --> 00:04:58,190
‫so user's end roles are different,

136
00:04:58,190 --> 00:05:01,080
‫and so I have to rule out this answer.

137
00:05:01,080 --> 00:05:01,913
‫Now we know

138
00:05:01,913 --> 00:05:04,580
‫that multi-factor authentication is a security guideline

139
00:05:04,580 --> 00:05:08,090
‫and we know that whenever we log in using a user account

140
00:05:08,090 --> 00:05:09,330
‫that has MFA,

141
00:05:09,330 --> 00:05:13,650
‫then we have to have another code to accept our login,

142
00:05:13,650 --> 00:05:16,580
‫and so this is the additional layer we're looking for.

143
00:05:16,580 --> 00:05:19,370
‫And CloudTrail is not going to be right for this time.

144
00:05:19,370 --> 00:05:21,970
‫CloudTrail is just to log API calls in your account.

145
00:05:23,070 --> 00:05:26,660
‫Okay next, so which service can identify the user

146
00:05:26,660 --> 00:05:28,120
‫that made the API call

147
00:05:28,120 --> 00:05:30,720
‫when an Amazon EC2 instance is terminated?

148
00:05:30,720 --> 00:05:32,690
‫So that is a classic question,

149
00:05:32,690 --> 00:05:33,910
‫and we just saw the answer,

150
00:05:33,910 --> 00:05:35,000
‫it is going to be CloudTrail,

151
00:05:35,000 --> 00:05:36,820
‫because CloudTrail keeps a history

152
00:05:36,820 --> 00:05:39,330
‫of all the API calls made within your accounts.

153
00:05:39,330 --> 00:05:40,750
‫It's not going to be Trusted Advisor

154
00:05:40,750 --> 00:05:42,270
‫because Trusted Advisor is here

155
00:05:42,270 --> 00:05:45,530
‫to give you advice on security, performance,

156
00:05:45,530 --> 00:05:48,470
‫customization, service limits and so on.

157
00:05:48,470 --> 00:05:49,620
‫It's not going to be X-Ray.

158
00:05:49,620 --> 00:05:52,200
‫X-Ray is a service to do distributed tracing.

159
00:05:52,200 --> 00:05:54,700
‫And IAM is just going to give you information

160
00:05:54,700 --> 00:05:55,940
‫about your users,

161
00:05:55,940 --> 00:05:57,550
‫but not going to give you information

162
00:05:57,550 --> 00:06:00,590
‫about the API calls made by your users.

163
00:06:00,590 --> 00:06:01,550
‫Okay.

164
00:06:01,550 --> 00:06:04,170
‫Question nine, which service would be used

165
00:06:04,170 --> 00:06:06,930
‫to send alerts based on CloudWatch alarms.

166
00:06:06,930 --> 00:06:07,763
‫Well we know

167
00:06:07,763 --> 00:06:10,010
‫that CloudWatch alarms can have three destinations.

168
00:06:10,010 --> 00:06:12,460
‫Number one, it could be a SNS topic,

169
00:06:12,460 --> 00:06:13,430
‫which is here.

170
00:06:13,430 --> 00:06:15,970
‫Number two, it could be an O2 scaling group,

171
00:06:15,970 --> 00:06:18,560
‫to scale the O2 scaling group up or down,

172
00:06:18,560 --> 00:06:20,870
‫or number three, it could be an EC2 action,

173
00:06:20,870 --> 00:06:22,930
‫for example to reboot an EC2 instance,

174
00:06:22,930 --> 00:06:25,470
‫or to rescue it in case it is impaired.

175
00:06:25,470 --> 00:06:27,710
‫So this is definitely going to be SNS,

176
00:06:27,710 --> 00:06:30,090
‫and not CloudTrail, not Trusted Advisor,

177
00:06:30,090 --> 00:06:31,960
‫and not Route 53.

178
00:06:31,960 --> 00:06:34,350
‫And then finally, where can the user find information

179
00:06:34,350 --> 00:06:35,650
‫about prohibited action

180
00:06:35,650 --> 00:06:37,780
‫on the AWS infrastructure?

181
00:06:37,780 --> 00:06:41,530
‫Well for this we have to look at the Acceptable Use Policy,

182
00:06:41,530 --> 00:06:42,810
‫and the name is pretty obvious

183
00:06:42,810 --> 00:06:45,560
‫about what the question is and what the service is.

184
00:06:45,560 --> 00:06:47,030
‫It's not going to be the Billing Console,

185
00:06:47,030 --> 00:06:48,250
‫it's going to be for money.

186
00:06:48,250 --> 00:06:49,600
‫It's not going to be IAM,

187
00:06:49,600 --> 00:06:51,600
‫because on IAM we just manage users.

188
00:06:51,600 --> 00:06:54,920
‫So that's it, you can see the exam do have actually a bunch

189
00:06:54,920 --> 00:06:56,380
‫of straightforward questions,

190
00:06:56,380 --> 00:06:58,060
‫asking you to find the right service,

191
00:06:58,060 --> 00:06:59,750
‫and so for this exam,

192
00:06:59,750 --> 00:07:01,110
‫I wanted to give you the knowledge

193
00:07:01,110 --> 00:07:02,490
‫about all these services,

194
00:07:02,490 --> 00:07:04,390
‫so that you could confidently answer the questions,

195
00:07:04,390 --> 00:07:05,260
‫one by one.

196
00:07:05,260 --> 00:07:06,540
‫So that's it, I hope you liked it,

197
00:07:06,540 --> 00:07:08,730
‫and then I will see you to practice

198
00:07:08,730 --> 00:07:11,130
‫in the entire practice exam in this course.

199
00:07:11,130 --> 00:07:12,880
‫I will see you in the next lecture.