I already got 6 AWS certifications, but failed on the 7th, and I am really disappointed about the failure, especially that I change 3 questions’ answer at the last point…
Some exam experiences that may need to care besides the knowledge covered by videos:
1. Athena can occur in questions or answer’s options many many times, you need to know which service will store something e.g. logs into S3 and what’s the advantage using Athena compared to some other places e.g. console.
2. X-Ray, Macie, Guard Duty, Quicksights can occur in options, so you may need to know what’s the scenario for them.
3. There are many questions related to CloudWatch, CloudTrail, Config. I think the videos are almost enough to answer these questions, but you’d better have hands on experiences on CloudTrail configuration because some questions are in detail e.g. some "exception" situation on S3 Bucket/Prefix config.
4. You must know SES Endpoint url and port to one question
5. You must know which region to generate ACM certificate to be used by CloudFront, else you will be very confused on one question.
6. Deep understanding on CloudFront signed URL vs Cookies. You will have one question to choose between them.
7. DNS related stuffs in VPC for one question. Which actions need to be done to use customer DNS server instead of using AWS provided DNS server.
8. There are at least 3 questions related to KMS Grants. So be really prepared on that after you get knowledge for KMS policy.
9. At least 3 questions on Cognito. Understanding how it works with IAM, and other IDP etc. You will see User Pool, Group, Sync Trigger etc.
10. How to get IP packet related logs in VPC, and maybe ELB as well (you need to know multiple ways)
11. How to reduce container attack surface area on Container (you need to know multiple ways)
12. Know really good on IAM/S3/KMS policy, especially NotPrinciple and a few possible Conditions for MFA, Glacier, KMS etc.
13. Glacier Vault Lock Policy.
14. There are a few places related to "host-based" that make me a bit confused, e.g. monitoring some network traffic on EC2, or to apply some security stuffs on EC2 (May be similar scenario as I can’t remember clearly on this point).
15. Kinesis & Elasticsearch. You will see them in one question, and you just need to know what’s the key benefits of these services.
Of course you need firstly to understand every point in videos then take a look at my above tips to answer some questions that video doesn’t cover.
I am going to re-take two weeks later and try to pass it, and I will share again if any new finding.