AWS Certified Solutions Architect – Professional Exam Study Path

Few years ago, before you can take the AWS Certified Solutions Architect Professional (or SA Pro for short) exam, you would first have to pass the associate level exam of this track. This is to ensure that you have sufficient knowledge and understanding on architecting in AWS, before tackling the more difficult certification. In October 2018, AWS removed this ruling so that there are no more prerequisites for taking the Professional level exams. You now have the freedom to directly pursue this certification if you wish to.

This certification is truly a levelled-up version of the AWS Solutions Architect Associate certification. It examines your capability to create well-architected solutions in AWS, but on a grander scale and with more difficult requirements. Because of this, we recommend that you go through our exam preparation guide for the AWS Certified Solutions Architect Associate and even the AWS Certified Cloud Practitioner if you have not done so yet. They contain very important materials such as review materials that will be crucial for passing the exam.

Study Materials

The FREE AWS Exam Readiness course, official AWS sample questions, Whitepapers, FAQs, AWS Documentation, Re:Invent videos, forums, labs, AWS cheat sheets, AWS practice exams, and personal experiences are what you will need to pass the exam. Since the SA Pro is one of the most difficult AWS certification exams out there, you have to prepare yourself with every study material you can get your hands on. To learn more details regarding your exam, go through this AWS exam blueprint as it discusses the various domains they will test you on.

IT Certification Category (English)728x90

AWS has a digital course called Exam Readiness: AWS Certified Solutions Architect – Professional, which is a short video lecture that discusses what to expect on the AWS Certified Solutions Architect – Professional exam. It should sufficiently provide an overview of the different concepts and practices that you’ll need to know about. Each topic in the course will also contain a short quiz right after you finish its lecture to help you lock in the important information.

Exam Readiness AWS Certified Solutions Architect Professional

For whitepapers, aside from the ones listed down in our Solutions Architect Associate and Cloud Practitioner exam guide, you should also study the following:

  1. Securing Data at Rest with Encryption
  2. Web Application Hosting in the AWS Cloud
  3. Migrating AWS Resources to a New Region
  4. Practicing Continuous Integration and Continuous Delivery on AWS Accelerating Software Delivery with DevOps
  5. Microservices on AWS
  6. AWS Security Best Practices
  7. AWS Well-Architected Framework
  8. Architecting for the Cloud AWS Best Practices
  9. Amazon Web Services: Overview of Security Processes
  10. Using Amazon Web Services for Disaster Recovery
  11. AWS Architecture Center architecture whitepapers

The instructor-led classroom called “Advanced Architecting on AWS” should also provide additional information on how to implement the concepts and best practices that you have learned from whitepapers and other forms of documentation. Be sure to check it out.

Also check out this article: Top 5 FREE AWS Review Materials.

AWS Services to Focus On

Generally, as a soon-to-be AWS Certified SA Pro, you should have a thorough understanding of every service and feature in AWS. But for the purpose of this review, give more attention on the following services since they are common topics in the SA Pro exams:

  1. AWS Organizations – Know how to create organizational units (OUs), service control policies (SCPs), and any additional parameters in AWS Organizations. Different SCP from IAM policies. Read how you can save on costs by enabling consolidated billing in your organizations.
  2. AWS Server Migration Services – Study the different ways to migrate on-premises servers to the AWS Cloud. Also study how you can perform the migration in a secure and reliable manner.
  3. AWS Serverless Application Model – The AWS SAM has a syntax of its own. Study the syntax and how AWS SAM is used to deploy serverless applications through code. Know the relationship of SAM and CloudFormation.
  4. AWS EC2 Systems Manager – The responsibilities of an SA Pro involves a lot of automation. Study the different features under Systems Manager and how each feature can automate EC2-related processes. It is also important to know how you can troubleshoot EC2 issues using Systems Manager.
  5. AWS CI/CD – Study the different CI/CD tools in AWS, from function to features to implementation. It would be very helpful if you can create your own CI/CD pipeline as well using the services below.
    1. CodeCommit
    2. CodeBuild
    3. CodeDeploy
    4. CodePipeline
  6. AWS Service Catalog – This service is also part of the automation toolkit in AWS. Study how you can create and manage portfolios of approved services in service catalog, and how you can integrate these with other technologies such as AWS Organizations.
  7. AWS Direct Connect – Direct Connect is known to commonly pop up in the exam. You should have a deep understanding of this service. VPCs and networks are highly important topics that you need to study for.

We also recommend checking out Tutorials Dojo’s AWS Cheat Sheets which provides a summarized but highly informative set of notes and tips for your review on these services. These cheat sheets are presented mostly in bullet points which will help you retain the knowledge much better vs reading the lengthy FAQs. 

We expect that you already have vast knowledge on the AWS services that a Solutions Architect commonly use, such as those listed in our SA Associate review guide. It is also not enough to just know the service and its features. You should also have a good understanding on how to integrate these services with one another to build large-scale infrastructures and applications. It’s why it is generally recommended to have hands-on experience managing and operating systems on AWS.

Validate Your Knowledge

After your review, you should take some practice tests to measure your preparedness for the real exam. AWS offers a sample practice test for free which you can find here. You can also opt to buy the longer AWS sample practice test at aws.training, and use the discount coupon you received from any previously taken certification exams. Be aware though that the sample practice tests do not mimic the difficulty of the real SA Pro exam. You should not rely solely on them to gauge your preparedness. It is better to take more practice tests to fully understand if you are prepared to pass the certification exam.

Fortunately, Tutorials Dojo also offers a great set of practice questions for you to take here. It is kept updated by the creators to ensure that the questions match what you’ll be expecting in the real exam. The practice tests will help fill in any important details that you might have missed or skipped in your review. 

AWS Certified Solutions Architect Professional Tutorials Dojo

Sample Practice Test Questions:

Question 1

The AWS resources in your production account is shared among various business units of the company. A single business unit may have one or more AWS accounts which have resources in the production account. There were a lot of incidents in which the developers from a specific business unit accidentally terminated the EC2 instances owned by another business unit. You are tasked to come up with a solution to only allow a specific business unit who own the EC2 instances, and other AWS resources, to terminate their own resources.

Which of the following is the most suitable multi-account strategy that you should implement?

  1. Use AWS Organizations to centrally manage all of your accounts. Group your accounts, which belongs to a specific business unit, to individual Organization Unit (OU). Create an IAM Role in the production account for each business unit which has a policy that allows access to the EC2 instances including a resource-level permission to terminate the instances that it owns. Create an AWSServiceRoleForOrganizations service-linked role to the individual member accounts of the OU to enable trusted access.
  2. Use AWS Organizations to centrally manage all of your accounts. Group your accounts, which belongs to a specific business unit, to individual Organization Unit (OU). Create a Service Control Policy in the production account for each business unit which has a policy that allows access to the EC2 instances including a resource-level permission to terminate the instances that it owns. Provide the cross-account access and the SCP to the individual member accounts to tightly control who can terminate the EC2 instances.
  3. Use AWS Organizations to centrally manage all of your accounts. Group your accounts, which belong to a specific business unit, to individual Organization Units (OU). Create an IAM Role in the production account which has a policy that allows access to the EC2 instances including a resource-level permission to terminate the instances owned by a particular business unit. Provide the cross-account access and the IAM policy to every member accounts of the OU.
  4. Use AWS Organizations to centrally manage all of your accounts. Group your accounts, which belongs to a specific business unit, to individual Organization Unit (OU). Create a Service Control Policy in the production account which has a policy that allows access to the EC2 instances including a resource-level permission to terminate the instances owned by a particular business unit. Provide the cross-account access and the SCP to the OUs, which will then be automatically inherited by its member accounts.

Correct Answer: 3

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization.

 

 

You can use organizational units (OUs) to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts. For example, you can attach a policy-based control to an OU, and all accounts within the OU automatically inherit the policy. You can create multiple OUs within a single organization, and you can create OUs within other OUs. Each OU can contain multiple accounts, and you can move accounts from one OU to another. However, OU names must be unique within a parent OU or root.

Resource-level permissions refers to the ability to specify which resources users are allowed to perform actions on. Amazon EC2 has partial support for resource-level permissions. This means that for certain Amazon EC2 actions, you can control when users are allowed to use those actions based on conditions that have to be fulfilled, or specific resources that users are allowed to use. For example, you can grant users permissions to launch instances, but only of a specific type, and only using a specific AMI.

Option 1 is incorrect because AWSServiceRoleForOrganizations service-linked role is primarily used to only allow AWS Organizations to create service-linked roles for other AWS services. This service-linked role is present in all organizations and not just in a specific OU.

Options 2 and 4 are incorrect because an SCP policy simply specifies the services and actions that users and roles can use in the accounts. SCPs are similar to IAM permission policies except that they don’t grant any permissions.

References:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Check out this AWS Organizations Cheat Sheet:
https://tutorialsdojo.com/aws-cheat-sheet-aws-organizations/

Service Control Policies (SCP) vs IAM Policies:
https://tutorialsdojo.com/aws-cheat-sheet-service-control-policies-scp-vs-iam-policies/

Comparison of AWS Services Cheat Sheets:
https://tutorialsdojo.com/comparison-of-aws-services-for-udemy-students/

Question 2

A known security vulnerability was discovered in the outdated Operating System of your company’s EC2 fleet. As the Systems Administrator, you are responsible in mitigating the vulnerability as soon as possible to safeguard your systems from various cyber security attacks. In addition, you are also required to record all of the changes to patch and association compliance statuses.

What is the most efficient way to solve this issue?

  1. Configure the EC2 fleet to automatically install the security OS patch every week on the provided maintenance window.
  2. Use AWS Systems Manager and AWS Config to manage, record, and deploy the security patches for the OS for the entire fleet of EC2 instances.
  3. Set up Amazon QuickSight and Kibana to apply, monitor, and visualize the patch statuses of all EC2 instances.
  4. Use AWS Systems Manager and Amazon ES to manage, record, and deploy the security patches for the OS for the entire fleet of EC2 instances.

Correct Answer: 2

AWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Amazon Linux, and Amazon Linux 2. You can scan instances to see only a report of missing patches, or you can scan and automatically install all missing patches.

 

 

Since you are also required to record all of the changes to patch and association compliance statuses, you can use AWS Config to meet this requirement. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Option 1 is incorrect because the EC2 Spot Fleet does not have a built-in function to automatically install the security OS patch every week on the provided maintenance window.

Option 3 is incorrect because QuickSight and Kibana are primarily used for data visualization and not for patch management. You can use Amazon Elasticsearch (ES) with Kibana but this service is not suitable for this scenario.

Option 4 is incorrect because the Amazon Elasticsearch Service (Amazon ES) is just an AWS-managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analysis. This service is not helpful in this scenario since the task is to manage the security patches of your EC2 instances.

References:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html
https://aws.amazon.com/config/

Check out this AWS Systems Manager Cheat Sheet:
https://tutorialsdojo.com/aws-cheat-sheet-aws-systems-manager/

Click here for more AWS Certified Solutions Architect Professional practice exam questions.

In general, what you should have learned from your review are the following:

  1. Features and use cases of the AWS services
  2. AWS networking, security, billing and account management
  3. The AWS CLI, APIs and SDKs
  4. Automation, migration planning, and troubleshooting
  5. The best practices in designing solutions in the AWS Cloud

All these factors are essentially the domains of your certification exam. It is because of this difficult hurdle that AWS Certified Solutions Architect Professionals are highly respected in the industry. They are capable of architecting ingenious solutions that solve customer problems in the AWS. They are also constantly improving themselves by learning all the new services and features that AWS produces each year to make sure that they can provide the best solutions to their customers. Let this challenge be your motivation to dream high and strive further in your career as a Solutions Architect!

Additional Training Materials: High Quality Video Courses on Udemy

There are a few top rated AWS Certified Solutions Architect Professional video courses on Udemy that you can check out as well, which can complement your exam preparations especially if you are the type of person who can learn better through visual courses instead of reading long whitepapers:

  1. AWS Certified Solutions Architect – Professional 2019 by DolfinEd
  2. AWS Certified Solutions Architect – Professional 2019 by Zeal Vora

Some notes regarding your exam

The SA Professional exam questions always ask for highly available, fault tolerant, cost-effective and secure solutions. Be sure to understand the choices provided to you, and verify that they have accurate explanations. Some choices are very misleading such that they seem to be the most natural answer to the question, but actually contain incorrect information, such as the incorrect use of a service. Always place accuracy above all else.

When unsure of which options are correct in a multi-select question, try to eliminate some of the choices that you believe are false. This will help narrow down the feasible answers to that question. The same goes for multiple choice type questions. Be extra careful as well when selecting the number of answers you submit.

Since an SA Professional has responsibilities in creating large-scale architectures, be wary of the different ways AWS services can be integrated with one another. Common combinations include:

  1. Lambda, API Gateway, SNS, and DynamoDB
  2. EC2, EBS/EFS/Elasticache, Auto Scaling, ELB, and SQS
  3. S3, Cloudfront, WAF
  4. S3, Kinesis
  5. On-premises servers with Direct Connect/VPN/VPC Endpoints
  6. Organizations, SSO, IAM roles, Config, and Service Catalog
  7. Mobile apps with Cognito, API Gateway, and DynamoDB

Lastly, be on the lookout for “key terms” that will help you realize the answer faster. Words such as millisecond latency, serverless, managed, highly available, most cost effective, fault tolerant, mobile, streaming, object storage, archival, polling, push notifications, etc are commonly seen in the exam. Time management is very important when taking AWS certification exams, so be sure to monitor the time you consume for each question.

***

AWS Certifications are consistently among the top paying IT certifications in the world, considering that Amazon Web Services is the leading cloud services platform with almost 50% market share! Earn over $150,000 per year with an AWS certification!

Subscribe to our newsletter and notifications for more helpful AWS cheat sheets and study guides like this and answer as many AWS practice exams as you can.🙂

Enroll Now – AWS Certified Cloud Practitioner Practice Exams

AWS Certified Cloud Practitioner Practice Tests

Enroll Now – AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate

Enroll Now – AWS Certified Developer Associate Practice Exams

AWS Certified Developer Associate Tutorials Dojo

Enroll Now – AWS Certified SysOps Administrator Associate Practice Exams

AWS Certified SysOps Administrator Associate Tutorials Dojo

Enroll Now – AWS Certified Solutions Architect Professional Practice Exams

AWS Certified Solutions Architect Professional Tutorials Dojo

Affordable AWS Educational Materials

Browse Other Courses

Generic Category (English)300x250

Recent Posts