Preparing for the AWS Architect Professional Exam

An overview of my experience preparing for and passing the AWS CSA Professional exam.

After attending Reinvent this past year, I heard about Amazon’s certification program, and that less than 100 people had passed all 5 exams. I’ve been wanting to spend some serious time learning more thoroughly about all of Amazon’s services, and this seemed like an interesting challenge to undertake.

Its been years since I took a certification exam. I think my last certification was a CCNA exam I took 7 or 8 years ago. I have over 10 years of experience in IT. I’ve managed networks, servers, and a variety of applications. A lot of my experience is in data collection, performance analysis, and monitoring. In my current position, I manage a fairly large Splunk deployment. So most of my AWS work is involved with collecting and analyzing AWS data in Splunk.

I started studying for the three Associate level AWS certifications (Architect, SysOps, and Developer) back in mid-October. I started with the Linux Academy training videos (the 2x speed is a godsend). I read the white papers recommended in the exam blueprints, AWS product FAQs, and watched videos from Amazon’s Youtube channel. Then when I felt ready, I took the official practice exams. If I passed the practice exam, then I scheduled the real exam for later that week.

There is a significant amount of overlap between the three tests. There are some differences, both in the slant that the exams take and the technologies they focus on, but studying for one will help with all three. In my case, I studied for the Architect Associate exam for just over a month, then took all three exams a week apart.

I don’t have much more advice for the Associate exams that hasn’t already been written. There are several courses to choose from available on-line and plenty of study guides and write-ups.

After passing the three Associate level courses at the end of December, I started studying for the Professional level course. I started with the Linux Academy CSA Pro course. Once I was finished with that, I read the exam blog posts by Adrian Cantrill, Onur Salk, and Nick Triantafillou. They also link to a few other write-ups, so review those as well. The advice is all generally good, both in terms of what to study and what the exam is like. If it feels like there’s a lot of material to review, thats because there is! So after the LA course, and looking at the blog posts, I decided to take the practice exam. I mostly did this to get a gauge of what the questions would be like as well as to get an idea of just where I needed to focus. At $40, the practice exam works out to a $1 a question. But considering the full exam is $300, its not a bad insurance policy. I did feel that the questions were similar to what was on the actual exam. One word of advice, you’ll always get the same set of questions if you re-take the practice exam (as stated on the exam site). And while you don’t see the correct answers, you do get a breakdown of your score in each of the dimensions listed in the blueprint.

On the topic of the blueprint, take a look at how they allocate questions. Twenty percent of the exam is security related. That’s 16 out of 80 questions. Costing is only 5%, or 4 questions. Spend your study time accordingly. You could study for months, but there’s a half-life to what you can remember. This is especially true for features, technologies, or procedures you don’t have to use on a regular basis. For example, how often do you setup an Active Directory integration? Or Direct Connect with VPN redundancy?

The practice exam told me my worst scores were in Security, Scalability, and Business Continuity. That stung a bit, but thats what I now had to focus on. The security questions are usually very detailed, so you have to know, for example, specific IAM API calls. So I read the entire IAM manual (I don’t really recommend this). Instead, I’d suggest you skim the manuals, and study the best practices and tutorials sections. Scalability and Business Continuity questions usually involve combinations of services. For those kind of questions, go through as many white papers as you can, the AWS architecture site, and more Reinvent videos. I focused on how architectures are put together, where those architectures can experience bottlenecks, and what their breakpoints are. You’ll start to see the same design patterns over and over again. The questions won’t ask you about the patterns in a simple way, and they’ll compound multiple services in the same question. So you really need to know these patterns for each AWS service and why they work (and in some cases why they wouldn’t work).

The exam is tough; there’s no doubt about that. It’s 80 questions. Most questions are a paragraph long with each answer taking a couple of lines. It’s a lot to read, sometimes you have to scroll down to see the whole question. The questions flip back and forth between very detailed process or troubleshooting questions to high-level design questions. You’ll need to do some math; some of the questions hinge on calculating throughputs, or volume sizes, for example. Pay close attention to the exact question. Does it focus on cost, HA, or disaster recovery? Is there a time constraint, in terms of RPO, RTO, or when the solution needs to be in place? The specific question should help you eliminate some answers right away. For example, a disaster recovery solution with a focus on cost with an RTO of 24 hours does not require a fully deployed redundant installation. The answers themselves may only vary by one or two words; read them carefully. Work on eliminating obviously wrong answers; don’t just pick the first answer that feels right. Finally, keep an eye on the clock and don’t let a single question paralyze you. Make a guess, mark it for review, and move on. I took the full three hours to do the exam. I finished with about 20 minutes left, and used that time to review my questions.

I’ve made a quick list below of areas you might want to study. Good luck!

  • VPC and Direct Connect
  • Hybrid architectures with particular requirements or time frames
  • Combination of services to translate an on-prem system to AWS
  • Optimizations for cost, performance, availability, disaster recovery
  • EMR job optimization
  • Scaling an application from a pilot to production (what changes would you make?)
  • S3, Autoscaling/ELB, Route53, SQS, DynamoDB, RDS, SWF, SNS, Data Pipeline, Kinesis
  • Appropriate use of RI and Spot instances
  • IAM
  • DDOS
  • IPS/IDS implementations
  • Cloudfront
  • Minimal Beanstalk and Cloudformation
  • EC2 instance types (HPC)
  • EC2/EBS, VPC performance questions (identifying bottleneck/resolution)