930/1000 which is better than I thought I had done on the day!
ACG course and practice exams gave a really solid preparation for it – in addition I used the new Tutorials Dojo Security Specialty practice exams (thoroughly recommended). Do the practice exam and study the practice questions as a few of the real exam questions were very similar. I came into this having done all three Associate exams this year so I had a pretty strong base knowledge already.
Some exam feedback:
Lots of KMS and encryption related questions – I would say 15-20 – make you sure know this backwards, especially key rotations and when to use which key based on the requirements. Also make sure you understand the KMS actions/permissions.
About 10-15 very easy ones on Macie, GuardDuty, CloudHSM, Organisations and SCPs, CloudTrail, AWS Shield and AWS WAF and CloudWatch EC2 metrics. I would say another 25 or so questions there were two pretty obviously wrong answers which really helped to narrow it down.
– Make sure you can read and interpret key, bucket and IAM policies and the method for determining effective permissions when they combine (as well as with Service Control Policies).
– understand security groups and NACLs and how they work and combine
– DDoS mitigations came up a few times
– 3-4 questions on certificates and ACM and enabling SSL
– 5 or so questions on AD Federation and Cognito
The few services/topics I remember that surprised me as I didn’t really know enough about to be confident whether they were right answers or not were AWS Certificate Manager Private Certificate Authority, Resource Access Manager & PrivateLink