So I retook the exam today and passed. The first time I made a 70 and this time I made an 83. Before I share some more tips and whatever I would like to let you guys know a little bit more about me. I graduated from College with an associate in Cloud and Data Center Management this past August. I have no real world experience besides my own self paced labs and I have been struggling to get a job. While I continue to apply I decided to not sit on my butt and instead expand my knowledge. That is why I have 5 AWS certifications now. The reason why I am telling you this is because without live AWS and real tech knowledge this exam is super hard. If you perform a security role honestly you should do fine as long as you study enough.
Also if you find this helpful you should up vote this post. The more up votes the more people will see and hopefully benefit from me making this.
In my opinion the exam I took yesterday was harder than the first exam. I would like to point out that the exam only had 5 or so questions of overlap. So everything I mention here may not come up on the exam, but I feel like it is better to branch out and study the things I am telling you rather than memorizing the ACloudGuru course as I did my first attempt. The exam yesterday had a lot more emphasis on 2 things.
1. Troubleshooting (this is why real world experience is real nice)
The troubleshooting portion wasn’t like the first test. In my first go around I had questions about how to troubleshoot CloudTrail logs which is a very simple concept if you think about it. This exam I had troubleshooting questions ranging from metric filters, KMS, and IAM roles. I had a metric filter question about why you are not getting emailed based on metric filters. I’ll talk about KMS more lower in this summery. I had questions on why an auditor could not use cross-account IAM roles.
KMS felt like it took about 50% of my test. Most of the policy questions this time around were actually about Key policies which are not covered at all in this course. They are briefly covered in the Linux Academy course, but not to the depth you needed to know.
Here are some things to study before you take the exam based on both attempts.
1. Condition keys. The only one covered in this course is the aws:SecureTransport on a bucket policy. Actually before I took the exam the first time I frequently studies off AWS documentation condition keys. Since JSON is human readable most condition keys are self explanatory. It will help to rundown the syntax of condition keys anyways. A few that stood out. kms:ViaService, the secure transport previously spoken about, and IPAddress. You should be able to figure out most keys based on what the words mean, but it never hurts to learn about condition keys better. Here are some of the documentation I used for studying condition keys.
2. This test had a big emphasis on KMS Grants. Grants in KMS are like pre-signed URLs for S3. There most have been 5 questions revolving around Grants for this test, but none on my first test. I would also like to point out that both tests were VERY DIFFERENT. I must have had like 3 overlapping questions.
3. How KMS works with different services. If you don’t know KMS works differently depending on the service using it. This came up a lot based on how KMS works with S3. I suggest you study that integration in depth and briefly familiarize yourself with how KMS works with other services.
4. ELB logs. These are not important, they might pick up 1 or 2 questions. Better safe than sorry.
5. KMS data key caching. Understand when to use this and the fact that it can only be used with the KMS SDKs.
6. I had a lot of questions about what to do if an instance had been hacked. These questions came in many different ways and each one had different answer choices. I can’t really give you any tips except know what a memory dump is.
7. Amazon Athena. Know the functionality and when and why you would use it. This was the biggest overlap from both exams and will guarantee you help on at least 5 questions.
8. SSM. In this course they only talk about 3 functionalities of SSM when their are countless and while things like the Run command and the parameter store will come up on the test, you are equally likely to get questions based on the patch manager or other functionalities of SSM.
This section will be more for niche questions I got.
1. What port do you need to open for SES (SMTP 587)
2. How can you setup a write once read many policy in glacier?
3. Route 53 Policies
4. There were a lot of troubleshooting VPC endpoint questions that I can’t really recall.
5. At Re:Invent they release a Vault Lock function in S3. The question asked how you can changed a policy on a vault that you already vaulted.
6. How to secure ECS. Security Groups, NACLs, IAM roles on EC2 instances to access your ECS containers, and IAM roles on your ECS tasks.
7. Service Control Policies.
8. IAM Role Trust Policies.
If you find this helpful please up vote the post. I am making this so people can be better prepared for the exam. Also here is the link to my GitHub account with notes, documentation, and extra mini whitepapers with some sample questions that might help you get better clarity on how the questions may look in the exam. Also I would like to point out that in the exam overview it shows that the only point I needed to work on was the domain 2 logging and monitoring. I have an essay on that in my notes, but the questions you get on logging and monitoring are more about troubleshooting which made them hard for me. Also expect 2 more files for this exam to be uploaded within the next day. The first of those 2 files will go more in depth on explaining the topics above. The second will be documentation of a self assigned project on how to setup centralized logging using an isolated account for KMS encryption keys.
For more exam tips you can check out my other 2 threads on this section 8 video as the first one will tell you about questions I got on the first exam. After a week of reflecting (this is me updating the thread) the best thing you can do is instead of memorizing everything this course or any other course tells you to do is just study AWS documentation on key services for the exam. For example with KMS you will see everything ranging from when you should use KMS to what does a certain API call do. It is best to expand your knowledge on monitoring, edge security, KMS, and IAM as much as possible as appose to memorizing everything Ryan tells you. With that being said this course is a great start and you all hopefully will do great.
just to let you know that we have begun updating the course for 2019, based on feedback from everyone. I have added a section today (Chapter 9 – Updates For 2019) which I will continue to build out over the next few weeks to include any gaps in the course.
I have also added a lecture covering additional resources and grouping together all the best White Papers and re:Invent videos to watch.
If you have anything to contribute, please do let me know!