Latest quick tips to ace — AWS DevOps Engineer Professional Certification Exam

“God is in the details”

– Ludwig Mies van der Rohe (1886–1969)

I am working in DevOps projects for some years now and still feel very passionate about its’ most parts. To validate my skills, I recently re-certified myself on AWS DevOps EngineerProfessional in April this year. I got certified first time on this exam in December 2018. Thanks to my current employer who provided a free exam voucher through an internal drive, I tried attempting it in i.e second week of April, 2022 and passed with a score of 870.

It was very different experience compared to 2018 when I first wrote this exam. I still recall, I was very nervous at that time (believe it is a pretty normal feeling when you write a professional exam ;-) . This time I was much more relaxed, both before and during the exam, and there were definitely reasons for feeling that way.

I was banking on my experience of designing and implementing DevOps solutions, architectures and working as hands-on DevOps senior engineer for various customers for over 8 years now — in different roles and capacities. To be honest, this exam came as shocker as I was not aware of few things about the exam which has changed over the years. So below are some of the high level learnings post writing this exam which I later applied, when I wrote my AWS Solution Architect Professional exam (and it helped immensely :-)

• Firstly, it made me aware that I have to be on my toes in terms of time management and like most AWS professional/speciality exams. I need to use elimination techniques heavily rather than focusing on choosing the right answer(please don’t underestimate this technique, even in other fields like advanced mathematics and scientific research, disproving a specific hypothesis is a significant major step to an invention).
• Secondly, I observed that I have to be patient and keep applying myself till the very end of the exam and I would have a high chances of sailing through comfortably. Trust me, sitting for 3 hours straight need discipline and patience.
• Finally, experience matters. If you are working in the same field as your certification exam, it will be much easier to ace it as you will be able to correlate lot of stuff you do in the job day-in and day-out.

This time, I felt challenging to manage the time during the exam (you need to attempt 75 questions in 180 minutes now compared to 65 previously). Though 10 questions in the set are not marked but since you can’t figure out those specific 10 so you have to treat each question with equal respect. So in nutshell, less time per question now. Keep reading..

To make things little easier for those who are attempting this certification for the first time, I have summarised my learnings on this exam in the form of below pointers:

1. Nothing can take your further in your IT professional career than building strong foundation of basics (and it is never late :-) and one of the sure shot ways is to read good material on technology and trends, here it is DevOps. Tons of material is available on over internet, one simple but effective Github link on DevOps resources to build skills and expertise, which one can be followed is here. It will be helpful in solidify your understanding of DevOps processes, tools and practices. Though this may not directly contribute to improve your exam score, still it will surely build your analytical skills in this field so you can pass most cloud provider’s Devops certifications with comfort and do well in your job role as well. It do have an indirect positive effect on the exam scores — though (compound learning effect). After all, one of the objectives to clear certifications is enhance your skills (yes i know it improves your LinkedIn profile as well :-)
2. A common theme prevalent around DevOps is people over process over tools. I have seen many Organizations perished due to overlooking this simple, innocuous but super effective theme. But then there are organisations like Amazon that follow this in letter and spirit. Like any architecture, DevOps CI/CD, automation and other related architectures and solutions are not without trade offs, and again there is no perfect or worst architecture. It is all sealed in the background context why someone designed something that way (what were the assumptions, organisational internal and external requirements and constraints). And with changing technology there is always a scope to improvise on that. For example: I have seen at one point, few years ago, it was still ok for some customers to go with encoded secrets in Kubernetes but not surely today, you need a vault/secrets manager/other third party tool for sure (security has taken a centre stage over last few years). Follow the same DevOps principle while answering the exam questions but don’t get carried away and end up over analysing, keep reminding yourself, this is an exam with limited time and 300 USD plus are on stakes :-)
3. From an exam perspective, one should master the art of removing superfluous details from questions so that one can focus on the essentials. This can be valuable skill to master for other exams as well. Note: there can be more than one part to a question’s objectives so scan for all of them while reading the question — the first time. To clarify with an example, does the question focuses on security aspect only or ask operational excellence or manageability aspect as well. Your answer options might change with added objectives in the question.
4. Another piece of advice I give for all certifications aspirants, book the exam in advance, prepare a schedule and stick to it — as closely as possible. There will be good days and bad days (when you will be overloaded with other commitments) while following the schedule, be mentally prepared to tackle them. Trust me, these days can be your make or break points in your preparation. This is the not the easiest but surely the fastest way to write the exam, probably, clearing as well :-)
5. Always remember the fact — in regards to certification exams — that you cannot be hundred percent prepared for any exam so trust your knowledge, skills and instincts and go for it. I have seen many in my network who keep postponing certifications for years due this very fear.
6. AWS did not show pass/fail results on submitting the certification exam now. I checked with few others who had a similar experience so I assume this might be across the board.
7. I will categorise the exam as difficult than AWS Solution Architect Professional now. If someone is good with conceptual understanding of IT infra, system admin concepts, DevOps practices and processes, CI/CD architecture patterns, their key components, best practices and especially anti-patterns and also using AWS as Cloud Platform on the job, probably, it will be relatively straightforward preparing for the exam. Still prep time varies significantly among candidates, as expected.
8. Every other question on the exam has something to do with Containers :-). In essence, I did see more than 40% of questions belonging to Containers and related AWS Services category. Please try to read as many AWS blog as possible on Containers here and how various AWS services can be used to support various DevOps implementations. This is the most important section of the exam so please do focus on this aspect.
9. Troubleshooting questions is another major theme of the exam (>40% falls in issue investigation and remediation of some form). To solve these questions, follow the troubleshooting basics and sysops best practices and AWS recommendations. For example: in a sample scenario: deployment is started failing in the CI/CD pipeline and CodeDeploy is being used as service, what can be the potential issues. In nutshell, they are checking whether you know the fact that the there can be multiple points of failure in a failing deployment (stopped CodeDeploy agent, missing permissions at various levels and so on. This is just an example to illustrate the point.)
10. There were few questions on cost optimisation techniques in relation to DevOs implementations. For example: do you know that managed services bring down your org bills in most scenarios, over a period of time so when you see bringing down cost questions, always consider managed services as one of options unless ruled out by other context (also I can’t imagine an AWS exam without questions on spot instances use cases but please check the objectives in the question first before jumping on to this awesome cost saving technique — which is valid for certain fault tolerant workload scenarios)
11. I did not find anything in the exam worth mentioning relating to latest AWS services, features and announcements, in last one year or so.
12. While preparing for the exam, please help yourself by chasing quality over quantity. For example — you can pick any one prep course on internet, if you really need to, and go through it in entirety. Repeat couple of times. Or follow the AWS certification exam guide (link in resources section below) for domains, subdomains and services to study. In either case, keep some spare time each day/week and spend on your own research and analysis — now this will be beneficial both for the exam as well as how you will use this in real life job scenarios. One of the ways you can improve your research time by using what-if scenario techniques. Best would be to come up with your own and take help from your friends. Don’t worry if you find some questions silly at later point, this is normal and helpful to flex your brain muscles. TIP: remain focussed by avoid too much material (read as: distraction).
13. Try to develop a habit of reading at least one AWS blog here each day on any of above topics. Even one a week is better than zero. It really helps :-)
14. There are tons of practice questions available on internet, if you want to practice before the exam but my personal advice is that please don’t look for shortcuts, which makes the exam pretty much useless. In my view, you are fine if you possess the required knowledge without the AWS certificates but obviously, not the other way round :-)
15. As expected most questions on the exam were from my favourite Containers space, and DevOps related code services (CodeCommit, CodeBuild, CodePipeline, CodeDeploy etc). These topics were heavily covered in this certification exam.

I have listed below some key service features and topics worth studying for the exam, you might encounter them in some scenarios:

• DevOps Services — This is most important section so learn about various branching strategies, CodeCommit security measures like in-transit and data-at-rest encryption, migrating to CodeCommit repos, how to implement web hooks type scenarios in CodeCommit, Jenkins and CodeBuild integrations, Jenkins EC2 plugin use case, custom containers images in CodeBuild, CodePipeline and manual approval process, concepts of stages, supported actions, CodeGuru profiler, different deployment types supported by CodeDeploy (difference between linear and canary deployment), traffic shifting in lambda deployments, API gateway canary deployments, CodeDeploy deployment groups, notification mechanisms in various code services (think SNS). IaaC is a big area for DevOps and you will definitely find scenarios on automating the provisioning of infra (think CloudFormation/Terraform) usually hidden in a more worded and intricate question. ECS — tasks, services and their use cases, deploying to ECS and deployment patterns supported, EKS networking, CI/CD options with EKS, GitOps architectures with EKS, read here. Elastic bean deployment patterns supported in AWS especially — how blue green deployments are supported as a feature set. I will highly recommend to read EKS best practices here before the exam. There were no questions directly on third part tool and their features. Also, there are no programming or scripting questions on the exam. But still you should be able to read basic Json/Yaml files like IAM policies and CloudFormation templates.
• Networking — from a DevOps perspective especially cross account CI/CD workflows, lambda running in a VPC, Route53 polices — public and private hosted zones, A/B testing.
• Security and Compliance — from a sysops troubleshooting and DevSecOps perspective. Incident response lifecycle and various services that can be leveraged for that, GuardDuty feature sets trusted IP sets, WAF security features, way to block multiple random IPs, Inspector — rules packages, Security hub — use case as a single pane of glass for security events aggregation and normalisation, Gateway load balancer and othetr mechanisms for IDS/IPS use cases, Organizations — SCP use cases for both whitelist and blacklist types, IAM — roles and use cases like cross account and federation, how different policies are evaluated in IAM, Service catalogue — products and launch constraints, Cloud-formation security features, Config use cases for compliance and governance— remediation though SSM and lambda — which is used when, SSM features sets, run command etc., differences between secrets manager and parameter store, KMS — envelope encryption and how this is leveraged by DynamoDB encryption.
• Storage — Not standalone but in relation to some DevOps use case around storing artefacts. Understand S3 bucket policy, access points, access analyser, EFS and EBS concepts.
• Serverless — Lambda —constraints read here, provisioned concurrency to resolve cold start problem, RDS proxy use cases.
• Observability — CloudWatch logs, CloudWatch containers insights, EventBridge and CloudWatch Event rules — this is particularly important for security remediations, X-ray for distributed applications tracing.
• Analytics and others — I didn't saw much things around this. Except mentions of EFK/ELK at some places. Worth reading SageMaker model deployment (MLOps), apart from that nothing much found around AWS domains like Compute, Databases and AI/ML and others — obviously other AWS exams caters to that.

Note: This exam credentials will be valid for 3 years whoever earns it. You can also apply a discount voucher while booking the exam, which you might have earned from passing any other AWS Certifications exam previously.

I have put some resources links below, feel free to browse them. Thanks for reading and best wishes for your certification journey.

Share, comment or give it a clap if this helps you in any way, it will definitely motivate me to write another one, on another topic :-)

You can connect with me on LinkedIn at: https://www.linkedin.com/in/clouddevopsarchitect/

Useful Resources

1. Exam Related information, Sample question paper, Exam guide, Free Official Practice Test and more:

https://aws.amazon.com/certification/certified-devops-engineer-professional/

2. Hands On official AWS Workshops:

https://workshops.aws/

3. AWS Reinvent Sessions, White papers and tech talks and more on this third party link:

https://awsstash.com/

Disclaimer: This blog is based on my personal experience with this certification exam and represent my personal opinions. If you think something is not correct or inline with exam NDA please reach out to me.