It is a very challenging certification. At first I prepared it in 3 weeks and went to take it... I was very close since I failed because of one question (721). We learn from mistakes and successes emerge from failures. I reviewed the notes again, took new notes, review the mistakes from the mock exams results (TD), watched some lessons again, looked for answers to questions that left me thinking more than expected in the first attempt.
As I could see the question bank is very large because in my second round no questions appeared like in the first exam. In both exams, the questions are a little more complicated or more difficult than those from Tutorial Dojo.
The secret to pass;
It is essential to have good reading comprehension in English and have knowledge of each of the services to be able to pass this exam.
1- Read thoroughly and understand the fundamental requirements of the questions. Be attentive to connectors and the service they are asking you about (some times they include many services but then only ask about one).
2- When the scenario is complex, use the WHITEBOARD (I know it is very uncomfortable sometimes, but it works)
3- When you are between two possible answers, or the scenarios are too large, mark one answer and leave that question with a flag to carefully check later that the one you chose is the correct one.
Courses to prepare the exam:
- Udemy: Stephane Mareek for sure! (I also printed the slides and studied from there too)
- Exam test practice: Tutorial Dojo
- Exam Topics: There are like 173 questions, answers and discussion about what are the responses per question.
- AWS Skill Builder (If you get above 80% you are probably good to go)
Topics to handle for the exam:
Aws signer & Lambda
Forensic analysis for ec2
Access analyzer Vs credential report
EBS snapshot security & lifecycle, s3 lifecycle rules
Compromised EC2 instance, EBS snapshots. NACLs, SG
Alb vs NLB, performance & certificate configurations, encryption end-to-end
EC2 auto-scaling, EBS encryption with kms, permissions
Organizations, SCP, IAM, Control Tower and Service Catalog
CloudFormation stack sets
Cognito, Identity Center
IAM policies, resource policies, key policies. NotAction, NotResource
Organizational trails
ECS and task role permissions
S3 object lock
Cross-account access
CloudFront security
Scenarios with NGW, Internet Gateway, SG, NACL
Direct Connect, VPN
VPC endpoints
WAF & Shield
Inspector, GuardDuty, Systems Manager
KMS, Customer Managed Keys
KMS rotation
VPC Flow Logs
Hope this information is useful for you. Good Luck on your exam!
Top comments (0)