Tuần 12 - Ngày 1: Ôn Tập Cuối Cùng

Quick Reference - Phải Nhớ

1. Multi-Account

SCPs:
- Deny List recommended
- Không ảnh hưởng Management Account
- Kết hợp với Permission Boundaries

Landing Zone Accounts:
- Management (billing, org)
- Log Archive (centralized logs)
- Security (GuardDuty, Security Hub)
- Network (Transit Gateway)

2. Networking

Transit Gateway:
- Hub for VPC, VPN, DX
- Route tables for segmentation
- Cross-region peering (static routes)

Direct Connect:
- Private VIF → VPC (via VGW)
- Transit VIF → Transit Gateway
- Public VIF → AWS public services
- HA: 2 connections at 2 locations

3. Database Selection

Relational + ACID → Aurora/RDS
Key-Value + Scale → DynamoDB
Document → DocumentDB
Graph → Neptune
Cache → ElastiCache (Redis/Memcached)
Analytics → Redshift

4. DR Strategies (by RTO)

Multi-Site   ~0       $$$$$  (active/active, near-zero RTO)
Warm Standby Minutes  $$$    (scaled-down stack, scale up khi failover)
Pilot Light  10-30min $$     (core services chạy, app off, start khi cần)
Backup       Hours    $      (restore từ snapshot/AMI)

5. Storage

S3 Classes: Standard → IA → Glacier → Deep Archive
EBS: gp3 (general), io2 (high IOPS), st1/sc1 (throughput)
EFS: Multi-AZ, NFS, elastic
FSx: Windows (SMB), Lustre (HPC)

6. Migration Tools

Servers: MGN (continuous replication)
Database: DMS + SCT
Storage: DataSync, Snow Family
VMware: VMware Cloud on AWS

7. Security

Detection: GuardDuty, Inspector, Macie
Aggregation: Security Hub
Protection: WAF, Shield, Firewall Manager
Encryption: KMS, CloudHSM, Secrets Manager

Exam Day Tips

1. Đọc câu hỏi cuối cùng trước
2. Tìm keywords: "cost-effective", "least operational", "most secure"
3. Loại bỏ đáp án rõ ràng sai
4. Khi không chắc, chọn managed service
5. Đừng over-engineer - chọn simple solution
6. Mark và review câu khó

Keywords và Nghĩa

---

Tài liệu tham khảo chính thức

• AWS Documentation Home
• AWS Architecture Center
• AWS Whitepapers

---

Ngày tiếp theo: Đề thi thử cuối cùng