How I passed the AWS Certified Solutions Architect Professional exam

This a continuation of What is the AWS Certified Solutions Architect – Professional exam

If you don’t know what a AWS Certified Solutions Architect or why you should become one, read part 1 or check out AWS website.

How did I prepare for it?

The AWS Certified Solutions Architect exam asks 75 multiple-choice questions in 180 minutes. Each question presents the candidate with a scenario that a Solution Architect might encounter.

Here’s a question taken from a sample exam

Beware, the questions can get verbose

The question is testing for knowledge of AWS IAM, AWS Organizations, AWS Active Directory Service.

Here are the possible answers

The candidate must decide which solution fits the requirements while not being excessively complex. Some questions ask for a solution that minimizes operational burden or minimizes cost.

The candidates has approximately 2.4 minutes to answer each question. This is not a lot in light of the verbosity of both the exam questions and answers.

Being an expert in AWS services and architecture is not enough, it is only the bare minimum. In my opinion, the candidate must

  • Possess AWS domain knowledge
  • Be a speed-reader
  • Manage his time well
  • Have the mental stamina to endure the exam duration of 3 hours

I will tell you how I became competent in these 4 areas.

AWS domain knowledge

A prospective candidate should first start by reading the AWS exam guide. The guide states that the exam validates a candidates ability to

  • Design and deploy dynamically scalable, highly available, fault-tolerant, and reliable applications on AWS. (Design for New Solutions, Continuous Improvement for Existing Solutions)
  • Select appropriate AWS services to design and deploy an application based on given requirements. (Design for New Solutions, Continuous Improvement for Existing Solutions)
  • Migrate complex, multi-tier applications on AWS. (Migration planning)
  • Design and deploy enterprise-wide scalable operations on AWS. (Design for organizational complexity)
  • Implement cost-control strategies. (Cost control)

In the list above, I have added the content domain in bold. The exam guide also gives the weightage of each content domain in the exam

Designing for New Solutions and Continuous Improvement for Existing Solutions make up 50% of the exam!

The weightage indicates where you should spend the most time studying: Design for New Solutions and Continous Improvement for Existing Solutions.

At this point, you have two choices. You could attempt to self-study the syllabus by reading the AWS services pages, FAQs, the AWS Whitepapers, and then watching the free video courses on YouTube. This is a viable and potentially cheaper way to prepare for the exam.

But, I don’t recommend self-study for 2 reasons.

The first is the lack of sample exams. The Solution Architect – Professional involves around reading paragraphs of scenario descriptions, isolating the customer requirements, then eliminating equally verbose answers. This skill cannot be trained without sample questions and answers on hand.

The second is the exorbitant cost of the exam. At the time of writing, the exam costs 300 USD or almost 400 SGD. In other words – the cost of failure is waiting for 14 days and forking out another 300 USD to retake the test.

The cost of retaking (300 USD) should be considered considered when you weigh the price of a professionally prepared prep course versus self-studying.

For this reason, I recommend taking the A Cloud Guru AWS Certified Solutions Architect – Professional 2020 course. You get

  • 12 hours of video lectures
  • 8 course quizzes
  • 1 practical mock exam
  • AWS Whitepaper recommendations

In my opinion, watching all the video lectures, passing all the quizzes, reading the recommended AWS Whitepapers, and passing the practical exam constitutes comprehensive preparation for the exam. In other words, if you take the course and do what they ask, you will pass the exam.

How much does it cost? According to the A Cloud Guru website, they charge 31.59 USD a month or about 42 SGD. This grants you access to the Professional course but also the Associate course. In addition, they also offer courses on Linux, Azure, and GCP but that’s outside the scope of this article.

If you’re slow like me, you could spend 3 months and 93 USD watching both the Professional and Associate courses, reading the recommended AWS Whitepapers, and attempting the practical mock exam multiple times. A nice bonus is that mock exam draws from a question bank so you don’t get the same exam twice.

But maybe you’re a fast learner and deeply familiar with AWS architecture. You could only spend 1 month and 32 USD before taking the exam.

Here’s a summary of the potential scenarios and cost

Failing the first time means you fork out another 300 USD for the retry

Spending an 100 USD on training to ensure you pass the test the first time beats spending another 300 USD retaking the test.

Speed reading

I mentioned briefly that the Cloud Solution – Professional exam involves a lot of reading. You should sit for the exam in your first language if possible.

If you sit for the English exam and English is not your first language, you will be disadvantaged. AWS offers an extra 30 minutes to candidates in such cases.

The first step to deal with verbose AWS exam questions is to translate the sentences into individual requirements as you read the question. This will be used in a second step to filter out the right answers.

Let me demonstrate the first step on a fairly wordy question from a sample exam. I will translate each sentence into a requirement

A verbose exam question

(i) You are building a website that will retrieve and display highly sensitive information to users => You will need encryption in-transit and at rest

(ii) The amount of traffic the site will receive is known and not expected to fluctuate => Autoscaling of EC2 and DBs is not neccessary

(iii) The site will leverage SSL to protect the communication between the clients and the web servers. => SSL is being used for encryption in-transit. There may be choices about SSL termination.

(iv) Due to the nature of the site you are very concerned about the security of your SSL private key and want to ensure that the key cannot be accidentally or intentionally moved outside your environment => The root of trust for the SSL private key must be controlled by the customer. This rules our AWS managed keys or KMS-CMK. We could use CloudHSM

(v) Additionally, while the data the site will display is stored on an encrypted EBS volume => Encryption of data at-rest is partly taken care of

(vi) you are also concerned that the web servers’ logs might contain some sensitive information; therefore, the logs must be stored so that they can only be decrypted by employees of your company => The logs must be encrypted using keys not controlled by AWS. Key access must be kept secure.

The second step is to rapidly eliminate answers based on requirements gathered in step 1. Let’s look at the answers

A set of equally verbose answers

The first thing is to disregard information common to all answers. Answers A, B, C, D all contain “Use Elastic Load Balacing to distribute traffic to a set of web server”. This information does not allow us eliminate any answer and we can ignore it.

Requirement (iv) means we can eliminate answer that do not use Cloud HSM to perform SSL transactions. We can eliminate (A) and (B). We should only consider (C) and (D) from this point on.

(C) writes the web server logs to a private S3 bucket and encrypts the logs using S3-SSE

(D) writes the web server logs to an ephemeral volume encrypted using a randomly generated AES key.

We can eliminate (C) since it uses S3-SSE. S3-SSE places the root of trust with AWS which violates (v). Using a randomly generated AES key to encrypt the logs means AWS does not have the ability to decrypt our logs so our answer is (D)

An additional note: Storing logs on an ephemeral volume means that the logs are lost if the EC2 instance is terminated but the question does not give durability requirements for the logs. It only asks that logs can only be decrypted by company employees. Remember to only use requirements stated in the questions and don’t make assumptions based on your real-world experience.

Time management

Do not underestimate the exam’s time limit. 180 minutes sounds like a lot of time to answer 75 questions but it’s not. I finished the actual Solutions Architect exam with seconds to spare.

You must keep track of the time spent on each question and spend no more than 2.4 minutes per question. You should make liberal use of the “Flag for Review” button for questions that take too long to answer. You can return to them at the exam’s end.

There will be some questions for which you have no clue. Perhaps it covers an AWS service you did not study for. Just pick a plausible answer and move on. AWS does not use negative marking.

I did the A Cloud Guru practice exams multiple times and you should do the same. A Cloud Guru’s questions were very similar to the actual exam in terms of difficulty and length. It’s also an opportunity to practice your speed reading and time management skills.

The time you take on the A Cloud Guru will indicate if you’re going too or too slow.

If you fail with very little time left, you probably need to revise more. If you fail with lots of time left, you should spend more time reading each question and the answers.

Mental stamina

Prior to taking the AWS Solutions Architect exam, the last exam I sat for was the GRE 4 years ago. If you’re like me and out of school for several years, you’ll find the 3 hour long exam a serious test of your mental stamina.

Your attention might begin to wander at the 90 minute mark and you’ll find reading the lengthy questions a chore or you find the answers difficult to distinguish.

Luckily for you, the mind is a muscle. You can improve your mental endurance by taking the A Cloud Guru practice exams multiple times. After multiple attempts, you’ll find yourself reading faster as you rapidly pick up key terms and filtering out wrong answers after a quick glance.

Final words

On the exam day, I like to take things easy and have a light meal before walking into the exam hall

There’s no point swotting up hours before the exam. All you’ll accomplish is to make yourself nervous when you should be in a state of Zen. If you’ve followed my plan assiduously – then you’ve got it in the bag.

Pearson Vue advises you to arrive 15 minutes early. I recommend arriving 30 minutes in advance. At the time of writing – the Covid-19 pandemic is still on-going and I had to jump through multiple hoops to get inside the exam centre.

You have to bring 2 sets of government issued photo ID. I used my national ID and my driving license. I got a locker to store my bag and electronics devices. They also issued me a 2 markers and a dry-erase board, I recommend using these to draw architectural diagrams.

Once you press submit exam, You’ll know right away when you’ve passed. AWS will send you a detailed score report in the email days after.

If you’ve passed then congratulations! You’re now an AWS Certified Solution Architect – Professional/ You can hold your head high because you have one of the most sought-after and lucrative qualification in IT today.

The fruits of your labour

If you failed then you must wait 14 days before registering for your next exam. You should take this time to reflect on what went wrong. Did you linger too long on a tough question? Could you have eliminated wrong answers more quickly? Were there specific AWS services you were unfamiliar with?

Focus on fixing these issues before you walk into your next exam.

One thought on “How I passed the AWS Certified Solutions Architect Professional exam

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s