Passed the exam. Thank you CG for the assist preparing the exam, it was very helpful. I have to agree with most recent feedback. The course needs updating. At the same time, the various feedback listed accurately all the topics that are not covered by the course but should. Here is a list of the topics I had during the exam:
CloudTrail and Config (easily 50% of the exam and most of the time, in the answer) + Lambda/Kinesis
CMK KMS (know it all, it is vital, key policy, policy actions)
Note: I had one or two questions where they tried to confuse KMS and SSL.
Note: Off exam. The new Custom Key Store is awesome to use (finally) CloudHSM within KMS. Check it out!
Active Directory connecting to on-premise (many questions)
Organizations, OU, and Service Control Policies (many questions)
Managing secrets (SSM & AWS Secret Manager) (3/4 questions)
Comparing Guard Duty / Trusted Advisor / Inspector / Config / CloudTrail (Know what each one does and how it compares)
Athena + CloudTrail (3/4 questions)
Strategy for addressing EC2 instance corruption / Forensic (3/4 questions)
AWS Certificate Manager (3/4 questions) and the use of SSL to secure communications (CloudFront, ALB)
SSM for instance maintenance with mostly, RUN and PATCH (2/3 questions)
GuardDuty (Present in many questions as answer material but not the answer; and only one, specifically on GuardDuty capabilities)
Glavier Vault Lock mechanism (2 questions)
Maice (1 question, Know what it is for = identify, report and act on PII/sensitive data in S3)
Artifact (1 question, Know what it is for = compliance documentation)
Somehow, SES ports (present in all feedback and I had a question as well)
No question on CloudHSM 🙁
And of course, all the usual suspects: VPC, NACL, SG, Bucket policy, … (If you did an Associate course, you know about it)
There is a clear emphasis on policy conditions especially kms (know kms:ViaService and the required set to decrypt) and S3 (learned in the process about aws:Referrer).
I was very surprised by a few questions where I choose AWS marketplace for solutions (Firewall, Packet sniffer, etc) as opposed to AWS services because of how the questions were phrased.
Best of luck,
PS: In my opinion, the questions are not as difficult as the professional certificates. Most are short with a few twists (Read carefully).
Thank you for the feedback! Are there any whitepapers you can recommend that might cover any missing materials?
I read the suggested ones but my best source of knowledge was without doubt the RE:Invent videos on security and AWS services not covered in the course.