Passing the AWS Certified Solutions Architect (SAP‑C02) in 2023
This is a very difficult exam covering the widest and deepest swath of AWS material. In this article I will share the approach that I took to pass this exam and hopefully this will help some.
Study approach
You can learn more about this certification on the AWS Website . Specifically you can review the Exam Guide for details to be covered. The approach that I generally use is to get a video course of your choosing that will give you an overview of the material. I used Stephane Maarek’s Ultimate AWS Certified Solutions Architect Professional 2023 to prime myself for the material. You can get coupons on his https://www.datacumulus.com/ website or wait for Udemy sales. Generally, the price should always be less than $30. Go through the course to get an overview material to be covered. Once you have completed this, you should move on to training on practice questions.
Practice Questions
Preparing for the exam experience will involve on practicing on question sets to ensure that you can get the right level of comfort with the material before you write the actual exam. I used the following question sets:
- Tutorials Dojo SA Pro Practice Exams ( 323 questions total, 4 75 question sets with 23 Bonus questions)
- Whizlabs SA Pro Practice Tests (245 questions total, 3 75 question sets and 5 section tests of 5 questions each)
- AWS Sample Questions (10 questions, just printed these out and go through them with paper and pen while watching evening tv)
Other question sets include that I did not use but you could investigate:
Maarek/Singh’s Udemy Practice Tests (150 questions, 2x75)
Neal Davis Practice Tests (180 questions, 6x30)
Study approach
When you take these tests, you will likely with poor marks to start and processing the questions take longer. But with some consistent approaches you can get better and faster. This is something that I find is key
Try and do a test each day. When you start you will take a longer time to do them. but the times and grades will get better as you do more of them until they become relatively second nature. Always reviewing the incorrect responses to improve your scores.
I graph the results on a piece of paper to help gamify the approach and see how my scores improve.
Recording results to gamify progress
With Tutorials Dojo, I started out taking about 2.5 to the full 3 hours to complete the 75 question tests. But later, I spent some extra time basically doing the Final randomized test until I was getting pretty close to 100% and actually getting a randomized test set done in 25 minutes on average. You do get to a point where you have questions and answers memorized and knowing which key words to look at. Tutorials Dojo could include some more specific questions on IOT.
The last 5 full length Final Tests I took in Tutorials Dojo
Whizlabs was fairly similar approach, the thing about Whizlabs is that the tests always present the questions in the same order and options are always in the same order. This means you might actually get programmed to select the answer just on feel alone because of that. But it is a large amount of questions for you to practice on. You can definitely tell that the author(s) of the questions do not have English as a first language but it does offer a set of questions that does not overlap much with Tutorials Dojo.
Some of the final test runs with associated times Whizlabs
In the end, I think for the harder AWS Professional and Specialty Certifications(especially those that have been updated recently), practicing a little bit longer to get very comfortable with the content can help you our more. With the Associate level exams, you might be able to get away with less study.
Personal Tips on questions
- Real-time is almost always Kinesis Data Streams, near real-time is Kinesis Data Firehose
- Marketplace, Open-source solution, Scripts are almost always indicators of a wrong answer.
- Never delete OUs, only move and restructure
- IP V6 uses an egress only internet gateway and not a NAT Gateway and requires separate route tables from the IPV4 route tables
- Multi-AZ is a key word to support questions requiring highly-available solutions
- ENIs help support solutions requiring a fixed IP address
- SNS is almost always your notification method (helping eliminate incorrect options)
Additional information to consider/review when studying
These are some items you might want to consider as they were not really covered in the testing materials I looked at. I think the training providers could enhance their materials by including some of the following:
If you are required to set up specialized spend reports for individual organizations you could always use Quicksight.
If you have a requirement to support NFS Version 4 then AWS EFS will support that requirement
Elasticache can be used to store session data
S3 endpoints allow you to make requests to Amazon S3 endpoints by using the REST API.
Service autoscaling is the ability to increase or decrease the desired count of tasks in your Amazon ECS service automatically.
The AWS Cluster autoscaler automatically scales your resources up or down to meet changing demands. This is a major Kubernetes function that would otherwise require extensive human resources to perform manually.
Kinesis Dynamic Partitioning makes it easier to run high performance, cost-efficient analytics on streaming data in Amazon S3.
Kinesis enhanced fan-out allows developers to scale up the number of stream consumers (applications reading data from a stream in real-time) by offering each stream consumer its own read throughput
When trying to manage containers and you want to reduce management overhead. “using Amazon ECS decreases the number of decisions customers must make around compute, network, and security configurations, without sacrificing scale or features”
Cost savings plans can help you reduce your bill significantly, remember to apply it to one account (management) to generate savings for the overall organization. This was something that I did not see much of in any sample questions I looked at but fairly intuitive regardless.
Know the basic IOT Services
- IOT Core is used to filter, transform, and act upon device data on the fly
- IOT Greengrass is used to process data at the edge
- IOT Analytics simplifies the difficult steps required to analyze massive volumes of IoT data
- IOT 1-Click allows you to manage your devices via the console or mobile app
- IOT Device Management allows you to register, organize, monitor, and remotely manage connected devices at scale
AWS Managed Grafana can be used to store dashboards
EFS is a storage system that supports NFS Version 4
Potential Scenarios one could consider
- A set of EC2s configured with Cloudwatch and are in an autoscaling groups configured to process some messages from SQS. There are some messages in the Dead letter queue. Some messages are failing but there are no logs are available. If you want to enable the logs to be captured you should use instance scale-in protection to prevent them from being shut down to read the logs. Not termination protection as the DisableApiTermination attribute does not prevent Amazon EC2 Auto Scaling from terminating an instance.
- 3 EC2s are running in some public VPCs and they need access to on-premise data. The on-premise environment only allows access to one IP address from the AWS environment. How can you accomplish access to the on-premise environment? You can route access through a NAT Gateway, attach an EIP network device to it with that IP Address. All the 3 EC2s will route their requests via the NAT Gateway with that EIP interface.
- How can you generate diagrams of on-premise servers for AWS to learn more about the on premise environment. You can connect the AWS Discovery Service with AWS Migration Hub to generate networking diagrams.
You have an issue where there is Lambda integration endpoint on API Gateway is getting attached by 1000 IP addresses. This is meant for 6 outside companies to use. How do you protect it? You should protect the endpoints with API Keys and usage plans .