A big shout out to Ryan for updating the course content! I woke up this morning and found them. I fortunately went thru the updates right before the test and they were helpful. My exam base questions was like as other posted. No CloudHSM, Guard Duty or Macie. I was able to complete the test with over an hour left but the test bombed on me during the last 45 minutes while I was reviewing. Apparently the exam server went down and had to wait almost an hour before I could complete.
Of course just waking up, taking the updated course material and walking into the exam doesn’t work for most people. Fortunately I studied Stephen’s S3 master class while waiting for the course updates and it goes over IAM policies, bucket policies & ACLs and Cross Account Access real well. It also goes into good depth of CloudWatch, CloudWatchLogs, CloudWatch Events and Cloudfront to the level of what is on the exam. I highly recommend the S3 master course for this exam and professional studies. I have to give Stephen’s S3 course big credit on my preparation and feeling good on the exam!
https://acloud.guru/course/s3-masterclass/dashboard
Ryan’s updates got the policies to sink in and they were definitely on the test. I would recommend adding KMS policies as part of the policies section. All the updated sections were represented on the test. Great job Ryan! Ryan’s current course does a good job covering a most of what I saw on the test.
The exam was very challenging but fair with very few gimmes. You will have to have in depth knowledge of the security services and features. For users that only have Associate certification experience (like me!), I highly recommend taking practice exams of the Professional certifications to get a feel of the questions & format. Stephen’s S3 master course gave me extra hands on experience. Even though you can still count out at least two of the answers, most have subtle wording differences so read carefully! I found the extra fluff in the questions were actually relevant to the correct answers. The main statements like "easiest, cost effective, least privileges, etc" are the real keys. My test questions like to use both IAM roles and IAM instances profiles as answers which had me scratching my head a bit. In hindsight, I recommend reading this to get a understanding of them:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
My exam also like to reference resource polices a lot of the times as red herrings (like autoscaling, ec2, etc). I recommend these reads as well:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
A ton of KMS! Know rotation policies, use cases for client generate keys and KMS policy pecking order regards to IAM policies.
Thanks again Steve and Ryan!
1 Answers
Thanks Sid! FYI – some links didn’t work.
Ah I see the discussion board tweaked the URLs on me. "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html"
"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html"
Added this comment about CloudTrail Log Agent to another post:
I remember two troubleshooting questions on the exam. One had mostly IAM instance profiles and roles as viable answers and the other pointed to network issues. I guessed on the network one and in hindsight I found this link: https://forums.aws.amazon.com/thread.jspa?messageID=789442
Sid, thanks for the detailed feedback on the exam and the links.