I passed this exam this morning and got a surprise with some of the questions.
First a few questions were worded terribly – they did not 100% make sense in terms of the English they were written – vague would be the a complementary description – not proof read would be my real description.
Areas that surprised me:
– 2 questions around docker /containers
- Classic load balancing and perfect forward secrecy especially based on it being essentially phased out and considered "legacy"
This blog post is worth a read before sitting it:
Question about using ALB and Cloudfront – how many certs you need and where they are taken from (thing regions)
2 questions around compromised EC2 and answers mentioned memory dumps.
Scenario based questions around buckets and keys, what key for each bucket and why.
Key rotation questions which the questions made little sense after all whitepapers and this course
Security group outbound / inbound traffic – example where to add a rule and why over VPC peering.
I was shocked at how little cloudtrail / and cloudwatch logs came up in my exam as i had sat the beta and it was had numerous.
he best bit of advise i can give is to take time reading over the questions – answer and mark for review if you think you are spending too long on them and review them at the end. I did this with about 10 questions and after a few questions i knew the answers to came in a row it gave confidence when reviewing – essentially a nice run of questions is a confidence giver.
Congrats !!.. thx for the details.. !
Congrats! Thanks for shedding the light on some of the exam topics!
How many months are typically required to clear this exam for a person who has fair idea about AWS and completed associate level certifications.
Appreciate your feedback and congratulations on passing the exam. My exam was 85% detailed scenario/problem solving and solution design/architecture. Even after taking the AWS Practice Exam ($40) plenty of things had caught me off guard. I agree with most of your assertions about the peculiarities of the course (some of the scenarios are extremely poorly written with debatable answers). Detailed assimilation of the whitepapers are just the first steps. These scenarios must be somehow practiced and the components and configuration studied in depth in order to be able to obtain the comfort level evaluating the problems presented in the exam. There is sufficient time (180 minutes) allowed for 55 questions but that won’t help you if you are missing limitations or parameters applicable to your scenario. This is where I had lost the most points.
I had failed the exam, and can attest to the numerous shortcomings to the current version of the Acloudguru Security Specialty course. Unlike the Associate level exams which I took and passed the first time, this speciality exam–written by expert AWS Solution Architects judging from the scenarios–represents a significantly deeper depth and above all, real-life experience the course obviously is not design to handle. I haven’t used only the course material; read all the listed white papers as well as the study guides posted by some of the members, which were all helpful. Although none of the courses guarantee passing, of course, it is still somewhat disconcerting to discover that a significant portion of the problems, scenarios and VPC networking troubleshooting issues involving 3rd party components involving KMS and other topics are not only not covered, but there are no labs, quizzes or even CloudFormation templates posted to recreate these scenarios so that we can study the route tables, NACLs and other artifacts that would be essential to understand the qualifiers and exceptions that are applicable and can make a difference e between deriving the solution or the correct answer. I also need to add that I’ve taken all the AWS Digital courses listed on the exam blueprint as well as studied the sample questions and paid for the AWS Practice Exam. All this was apparently insufficient to fully prepare for the exam as I had failed 4 out of 5 (IAM) domains (there was no scoring report only a bar graph). Maybe I got the worst questions from the pool, but still, I believe the course is lacking in many aspects and needs to be significantly revamped, especially the use of all different certificate use scenarios, problems and reference architectures. It’s not sufficient just to list them and do a 2 min demo. Most of the questions are scenario-based that requires quite a bit of interpretation and architecture drawings just to understand the scenario before the student even begin to evaluate the options. The exam also covers Macie and Guard Duty; none of these are discussed in the current version. Cloudwatch/Cloudtrail/KMS/VPC/Cognito/ADFS/AWS Directory Services/IdAM/Hybrid Clouds/Custom DNS/ELB+ALB/Endpoint Services/Endpoint vs. NAT Instance vs. NAT Gateway (interface) questions and scenarios represent the majority of the questions. I have now purchased additional courses on Udemy and will spend even more money on additional test prep tools on top of trying to practice using the CLI, PS and the Console as I can, but it’s slow work without any CF templates.
Hopefully, you guys take this feedback and rework the course soon. In the meantime I would advise everyone who’s thinking of taking this course to either hold off or explore other preparation options and techniques, unless they are already practicing Architects or Sr. AWS Admins with significant troubleshooting and design experience in and enterprise cloud migration or transformation scenario focused on networking and least-privilege security tasks.