AWS Certified Cloud Practitioner Exam Study Guide
The AWS Certified Cloud Practitioner exam or AWS CCP is the easiest to achieve among all the AWS certification exams. This certification covers most, if not all, fundamental knowledge that one should know when venturing into the Cloud. The AWS CCP course intends to provide practitioners a fundamental understanding of the AWS Cloud without having to dive deep into the technicalities. This includes the AWS Global Infrastructure, best practices in using AWS Cloud, pricing models, technical support options, and many more. You can view the complete details and guidelines for the certification exam here.
What to review
1. The AWS Cloud Services
Currently, AWS offers more than 160+ services and products to their customers. And every year, the list grows longer. You don’t have to memorize every single service and function to pass the exam (although that would be amazing if you did!). What’s important is that you familiarize yourself on the more commonly used services such as those under compute, storage, databases, security, networking and content delivery, management and governance, and a few others. To quickly view over the different categories, you may visit this link.
To help you get started with the familiarization, this AWS whitepaper contains an overview of the different AWS services along with their definitions and use cases. It is also important to know what cloud computing introduces into the industry, and how the AWS Global Infrastructure is set up to help you maximize the capabilities of cloud computing. Aside from questions on the different services, questions about Regions and Availability Zones commonly pop up in the exam as well.
2. Best Practices when Architecting for the Cloud
This section is highly important and might comprise the bulk of your CCP exam. Focus on reading the contents of this AWS Well-Architected Framework whitepaper. The best practices are essentially the ways you can take advantage of AWS Cloud’s strengths. This paper elaborates on the different pillars that make up a well-architected system. Reading through the design principles and core services of each pillar will help you connect the dots between the best practices and AWS services. Lastly, you can visit this site to gather more information and view additional content for your review of this section.
3. Security in the Cloud
Security in the AWS Cloud is another major part of your CCP Exam. AWS has defined the security controls that they manage and the security controls that you manage through the Shared Responsibility Model below.
The primary resource that you should be studying for this section is this whitepaper. The AWS Security Best Practices whitepaper discusses the many ways you can secure your applications and services. I suggest you thoroughly review the following:
1) Data encryption at rest and in transit (EBS, S3, EC2, RDS, etc)
2) Identity and Access Management (IAM)
3) VPC and Application Network Security (security groups, ACLs, etc)
4) Monitoring and Logging of your Infrastructure (Cloudwatch, cloudtrail, etc)
5) AWS Compliance Programs
4. AWS Pricing Model
One of the advantages of using Cloud is having on-demand capacity provisioning. Therefore, it is also crucial for you to understand the provider’s pricing model. AWS charges you in multiple ways. There is no exact model that applies to all, since different AWS services have their own cost plans. However, AWS has three fundamental drivers of cost that usually apply to any kind of service. They are:
- Compute cost
- Storage cost
- Outbound data transfer cost
Aside from on-demand capacity provisioning, AWS also offers you multiple ways to lower your total cost, such as the option to reserve capacity or create a savings plan.
Detailed information about each of these costs can be seen in this whitepaper, which also serves as your main study material for this section. The purpose of studying cost and pricing models is to help you optimize your costs in AWS. AWS provides a great tool to calculate expected monthly costs, known as the AWS Pricing Calculator. Note that the CCP exam frequently asks scenarios where you’d have to optimize your costs.
5. AWS Support Plans
AWS offers four types of support plans: Basic, Developer, Business, and Enterprise. It is important to know how each support plan differs from one another. With that said, this webpage will serve as your primary study material. You might miss the subtle details if you don’t read each support plan properly, so be sure to take note of these details.
In tandem with learning the AWS Support Plans is studying AWS Trusted Advisor. AWS Trusted Advisor is a tool that offers best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits. You do not need to memorize each check in AWS Trusted Advisor, though browsing through them is an advantage.
How to review
As with any exam, the very first step is always the same – KNOWING WHAT TO STUDY. Although we have already enumerated them in the previous section, I highly suggest you go over the AWS CCP Exam Guide again and see the exam contents.
AWS already has a vast number of (free!) resources available for you to prepare for the exam. I suggest you first read Overview of Amazon Web Services whitepaper, and gain a good understanding of the different AWS concepts and services. Again, you don’t need to memorize every single AWS service and function there. Rather, focus on the services that are more commonly used by the industry. You can check out the amazing Tutorials Dojo cheat sheets to supplement your review for this section.
After reviewing the services whitepaper, I recommend reading the whitepaper How Pricing Works next. The AWS CCP exam frequently throws out tricky questions about pricing, TCO and cost optimization. Be extra careful in answering questions that ask for the most cost effective solution. Always prioritize utility over pricing, since there might be a choice in the question where it is the cheapest solution, but is not appropriate for the scenario’s needs. You can compare the pricing of the different services here on this website.
The AWS Security Best Practices whitepaper discusses what you’ll need to know for AWS Security. Also, familiarize yourself with the Shared Responsibility Model. This frequently comes up in the AWS CCP exam. With security, you should know the following:
- Protect your data in and going out of AWS. Different services have different encryption methods and protocols.
- Network level security and subnet level security. There are many ways you can secure your VPC and the services inside it, such as NACLs and security groups.
- Be comfortable with IAM. Focus on concepts of IAM users, groups, policies and roles.
- Understand AWS monitoring and logging features such as Cloudwatch, CloudWatch Logs, VPC Logs and CloudTrail.
The last whitepaper you need to review is the AWS Well-Architected Framework whitepaper. The material nicely wraps up all the AWS services, products, features, and pricing that you’ve learned. It is very important to understand what the best practices are, since scenario questions in the exam always revolve around these topics. You can open up an AWS Management Console to help you visualize what is being discussed in this paper.
After reading through all the whitepapers, the last section of your review is the AWS Support Plans. This is a quick browse of a webpage, and shouldn’t take you long in studying. Take note of what support plans are available, and how they differ from each other. There might be questions in the exam that ask which support plan offers some specific service.
AWS also provides a free, online virtual course called AWS Cloud Practitioner Essentials which you can take to better prepare yourself for the AWS CCP exam. This course contains a set of video lectures that summarize everything you’ve read so far in your review, and discuss on subjects you might have missed.
Also check out this article: Top 5 FREE AWS Review Materials.
Common Exam Scenarios
Domain 1: Cloud Concepts
A key financial benefit of migrating systems hosted on your on-premises data center to AWS.
– Replaces upfront capital expenses (CAPEX) with low variable operational expense (OPEX).
– Reduce the Total Cost of Ownership (TCO)
4 cloud architectures design principle in AWS
A cloud architecture for mission-critical workloads in AWS which must be highly-available.
Use multiple Availability Zones
A change or a failure in one component should not cascade to other components.
You need to enable your Amazon EC2 instances in the public subnet to connect to the public Internet.
You need to enable your EC2 instances in the private subnet to connect to the public Internet.
Domain 2: Security and Compliance
A security management tool to configure your AWS WAF rules across your accounts.
AWS Firewall Manager
A company needs to download the compliance-related documents in AWS such as Service Organization Controls (SOC) reports
Improve the security of IAM users.
– Enable Multi-Factor Authentication (MFA)
– Configure a strong password policy
An IAM identity that uses access keys to manage cloud resources via AWS CLI.
Grant temporary access to your AWS resources.
Apply and easily manage the common access permissions to a large number of IAM users in AWS.
Grant the required permissions to access your Amazon S3 resources.
You must provide temporary AWS credentials for users who have authenticated via their social media logins as well as for guest users who do not require any authentication.
Amazon Cognito Identity Pool
A startup need to evaluate the newly created IAM policies.
IAM Policy Simulator
A service that discovers, classifies, and protects sensitive data such as personally identifiable information (PII) or intellectual property.
A threat detection service that continuously monitors for malicious activity to protect your AWS account.
Prevent unauthorized deletion of Amazon S3 objects.
Enable Multi-Factor Authentication (MFA)
A company needs to control the traffic going in and out of their VPC subnets.
Network Access Control List (NACL)
What acts as a virtual firewall in AWS that controls the traffic at the EC2 instance level?
Set up an automated security assessment service to improve the security and compliance of your applications.
Domain 3: Technology
A company needs to use the AWS global network to improve availability of deployed applications on AWS using an anycast static IP address.
AWS Global Accelerator
You need to securely transfer hundreds of petabytes of data into and out of the AWS Cloud.
AWS Snowball Edge
A type of an EC2 instance that allows you to use your existing server-bound software licenses.
A service that allows you to continuously monitor and log account activities such as the user actions made from the AWS Management Console and AWS SDKs.
A highly available and scalable cloud DNS web service in AWS.
Amazon Route 53
Store the results of I/O-intensive SQL database queries to improve the application performance.
A combination of AWS services that allows you to serve the static files with lowest possible latency.
Automatically scale the capacity of an AWS cloud resource based on the incoming traffic to improve availability and reduce failures
AWS Auto Scaling
A company needs to migrate on-premises MySQL database to Amazon RDS.
AWS Database Migration Service (AWS DMS)
Automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class.
S3 Lifecycle Policy
You need to upload a single object as a set of parts to improve throughput and have a quicker recovery from any network issues.
Use Multipart Upload API
A company needs to establish a dedicated connection between their on-premises network and their AWS VPC.
AWS Direct Connect
A Machine Learning service that allows you to add visual analysis feature to your applications.
A source control service that allows you to host Git-based repositories.
A service that can trace user request in your application.
A company needs to retrieve the instance ID, public keys, and public IP address of their EC2 instance.
You need to speed up the content delivery of static assets to your customers around the globe
Create and deploy infrastructure-as-code templates
You have to encrypt the log data that is stored and managed by AWS CloudTrail.
AWS Key Management Service (AWS KMS)
A database service that can be used to store JSON documents.
Domain 4: Billing and Pricing
A designated technical point of contact that will maintain an operationally healthy AWS environment.
Technical Account Manager (TAM)
A tool that inspects your AWS environment and makes recommendations that follows AWS best practices.
AWS Trusted Advisor
A startup needs to estimate the costs of moving their application to AWS.
AWS Total Cost of Ownership (TCO) Calculator
Set coverage targets and receive alerts when your utilization drops.
A type of Reserved Instance that allows you to change its instance family, instance type, platform, scope, or tenancy.
Take advantage of unused EC2 capacity in the AWS Cloud and provides up to 90% discount.
You need to centrally manage policies and consolidate billing across multiple AWS accounts.
The most cost-efficient storage option for retaining database backups that allows occasional data retrieval in minutes.
Forecast future costs and usage of your AWS resources based on your past consumption.
AWS Cost and Usage report
Categorize and track AWS costs on a detailed level.
Cost allocation tags
A company launched a new VPC which is way beyond the default service limit.
Request a service limit increase in AWS Support Center
The most cost-effective option when you purchase a Reserved Instance for a 1-year term.
You have to combine usage volume discounts of your multiple AWS accounts.
Sell your catalog of custom AMIs in AWS
Validate Your Knowledge
When you are feeling confident with your review, it is best to validate your knowledge through sample exams. Tutorials Dojo offers a very useful and well-reviewed set of practice tests for the Cloud Practitioner exam takers here. Each test contains many unique questions which will surely help you verify if you have missed out on anything important that might appear on your exam. You can also pair our practice exams with our AWS Certified Cloud Practitioner Exam Study Guide and Cheat Sheets eBook.
If you have scored well on the Tutorials Dojo AWS Certified Cloud Practitioner practice tests and you think you are ready, then go earn your certification with your head held high. If you think you are lacking in certain areas, better go review them again, and take note of any hints in the questions that will help you select the correct answers. If you are not that confident that you’ll pass, then it would be best to reschedule your exam to another day, and take your time preparing for it. In the end, the efforts you have put in for this will surely reward you.
Sample Practice Test Questions:
Which of the following is true on how AWS lessens the time to provision your IT resources?
- It provides an AI-powered IT ticketing platform for fulfilling resource requests.
- It provides various ways to programmatically provision IT resources.
- It provides an automated system of requesting and fulfilling IT resources from third-party vendors.
- It provides express service to deliver your servers to your data centers fast.
Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO)
- AWS Management Console
- AWS Concierge
- AWS CodePipeline
- AWS CloudFormation
- AWS Systems Manager
Click here for more AWS Certified Cloud Practitioner practice exam questions.
Check out our other AWS practice test courses here:
High Quality Video Courses on Udemy
There are a few top rated AWS Certified Cloud Practitioner video courses on Udemy that you can check out as well, which can complement your exam preparations especially if you are the type of person who can learn better through visual courses instead of reading long whitepapers:
Once you have finished studying all the aforementioned sections, it is time to validate your knowledge. You can try answering the AWS Certified Cloud Practitioner Sample Exam found in the exam guide, or purchase the actual practice exam (Exam Code CLF-P01) in the AWS Training website. A few days before your exam, you can choose to reread all the whitepapers or rewatch the video lectures, or you can simply study the reviewer you made. Since the AWS CCP is not meant to be technical, the exam itself should be straightforward.
What to expect from the exam
There are two types of questions on the examination:
- Multiple-choice: Has one correct response and three incorrect responses (distractors).
- Multiple-response: Has two or more correct responses out of five or more options.
Distractors, or incorrect answers, are response options that an examinee with incomplete knowledge or skill would likely choose. However, they are generally plausible responses that fit in the content area defined by the test objective.
Unanswered questions are scored as incorrect; there is no penalty for guessing.
Majority of questions are usually scenario based. Some will ask you to identify a specific service or concept. While others will ask you to select multiple responses that fit the given requirements. No matter the style of the question, as long as you understand what is being asked, then you will do fine.
Your examination may include unscored items that are placed on the test by AWS to gather statistical information. These items are not identified on the form and do not affect your score.
The AWS Certified Cloud Practitioner (CLF-C01) examination is a pass or fail exam. Your results for the examination are reported as a scaled score from 100 through 1000, with a minimum passing score of 700. Right after the exam, you will immediately know whether you passed or you failed. And in the succeeding business days, you should receive your complete results with the score breakdown (and hopefully the certificate too).
A few more tips:
- Be sure to get proper sleep the night before, and don’t be lazy in preparing for the exam. If you feel that you aren’t ready enough, you can just reschedule your exam.
- Come early to the exam venue so that you have time to handle mishaps if there are any.
- Read the exam questions properly, but don’t spend too much time on a question you don’t know the answer to. You can always go back to it after you answer the rest.
- Keep your reviewer if you plan on taking other AWS certifications in the future. It will be handy for sure.
- And be sure to visit the Tutorials Dojo website to see our latest AWS reviewers, cheat sheets and other guides.