I noticed this morning that the course had been updated, but I didn’t get a chance to go through it before my scheduled exam today. Here are some details from my exam:
I have seen some comments saying that Cloud HSM wasn’t on the exam. It was mentioned in one question on my exam.
There were a lot of questions that included cross account considerations (log delivery, bucket copying, roles, etc). I thought I had lots of hands-on experience with cross account access, but there are a lot of subtle and tricky little details to remember.
There were multiple questions involving the CloudWatch Agent.
There were several questions about Active Directory and federation.
There were at least a couple questions that require that you know the port numbers for some common protocols.
There were a couple questions involving Direct Connect and/or VPN.
I don’t remember a single question about specific compliance regimes (PCI, HIPAA, etc).
There were multiple questions that involved knowing which AWS feature (WAF, security group, cloudtrail, etc) was the correct feature to use to investigate or respond to a security event, depending on the architecture of your software and the nature of the event.
There was one possible answer that, if I were an AWS lawyer, I would want removed immediately in case someone complained that it was racist! If you got that question, I’m sure you know what I’m talking about!
As expected, there were a lot of possible answers that included made up features and nonsense. However, there were also a lot of questions that used terminology that was similar, but notably different, from the terminology that I’m used to from the documentation, console, videos, etc. For example, I’m used to seeing the term "SSE-KMS". That feature showed up in a few questions, but never by that name precisely.