Please use the menu below to navigate the article sections:
- Background on the Exam
- AWS Exam Overview
- Domains, objectives and examples
- Test Domain 1: Design Resilient Architectures
- Test Domain 2: Design High-Performing Architectures
- Test Domain 3: Design Secure Applications and Architectures
- Test Domain 4: Design Cost-Optimized Architectures
- Step 1: It all starts with practice
- Step 2: Online Video-Based Training
- Step 3: Theory
- Step 4: Practice Questions
- Step 5: Exam Time – Final Tips
- AWS Certified Solutions Architect – Associate Training
- AWS Hands-On Labs
- AWS Practice Tests
I’m a certification junkie! I’ve been earning IT certifications for over 20 years now, have taken over 50 exams in that time! In this article, I discuss how to pass AWS certification exams the first time in 5 steps. The key to successfully passing AWS certification exams is simply ensuring you prepare adequately.
Preparation consists of the following 5 steps which I’ll be walking you through in this post:
- Practice (hands-on)
- Training (on-demand online videos)
- Theory (reading)
- Practice questions
- Taking the exam
The tools have changed a bit over the years and video-based training is now very useful but shouldn’t be used in isolation. There’s also a lot of companies selling various resources to help you prepare for your exams but the quality of the materials can vary significantly so it’s worth being cautious about what you use.
A couple of years ago, I passed all three of the AWS associate-level certifications and I’m now studying again to re-certify. I have created this blog to share some of the tools and methods I use to optimize the time I spend and ensure I pass the exam the first time, every time.
I’m going to focus on the AWS Certified Solutions Architect – Associate exam in this blog post, but this advice can apply to almost any of the AWS certification exams. But before we get stuck into the 5 step process, a little background on the exam.
Background on the Exam
Generally speaking, the associate level exams are not too difficult and there are plenty of high-quality resources to prepare for your exam. Most people who take these exams will have some basic level of understanding of IT. You might find it a lot more challenging if you’re a complete newby and can’t tell a block from an object store, or a VM from a container.
That being said, you don’t need to have deep expertise in the underlying technologies that support AWS, as cloud computing abstracts a lot of that complexity away from you.
Many developers who are not at all infrastructure savvy get on very well with AWS as it provides them the tools they need to do their jobs without having to care about the workings of the layers underneath.
AWS Exam Overview
- Level: Associate
- Length: 130 minutes to complete the exam
- Cost: 150 USD | Read more on how to get AWS certified on a budget
- Format: 65 questions, either multiple choice or multiple response
- Delivery method: Pearson VUE and PSI; testing center or online proctored exam. Read more on how to take the exam from home
This exam is within the Associate level in the AWS training program and is recommended for individuals with a least one year of hands-on experience. The exam is intended for Solutions Architects and requires you to demonstrate knowledge of how to define a solution using architectural design principles based on customer requirements and provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.
In the “AWS Certified Solutions Architect – Associate SAA-C02 Exam Guide“, the following AWS knowledge is recommended:
- One year of hands-on experience designing available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- An understanding of the basic architectural principles of building on the AWS cloud
- An understanding of the AWS global infrastructure
- An understanding of network technologies as they relate to AWS
- An understanding of security features and tools that AWS provides and how they relate to traditional services
The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam.
The question format of the exam is multiple-choice (one correct response from four options) and multiple-response (two correct responses from five options).
Ever since the new exam format was released in 2020, the questions are almost 100% scenario-based. Most scenarios are just a couple to a few lines long.
With many questions in the AWS Solutions Architect Associate exam, you will find there are multiple correct answers and you must select the answer that best fits the scenario. For instance, you may be asked to select the MOST secure, MOST cost-effective, BEST architecture, or LEAST complex option.
Important: be very careful reading the wording of the question to ensure you select correctly! Sometimes small details can be easily missed that change the answer so take your time when sitting the exam.
Domains, objectives and examples
The knowledge required is organized into four test “domains”. Within each test domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.
Test Domain 1: Design Resilient Architectures
This domain makes up 30% of the exam and includes the following four objectives:
1.1 Design a multi-tier architecture solution.
1.2 Design highly available and/or fault-tolerant architectures.
1.3 Design decoupling mechanisms using AWS services.
1.4 Choose appropriate resilient storage.
What you need to know
You need to understand the various block, file and object storage technologies such as Amazon EBS, Instance Store, Amazon EFS, Amazon S3, and Amazon FSx and know their use cases.
You must be able to design multi-tier application architectures and know-how to decouple application components using technologies such as Amazon SQS and Amazon SWF.
The architectures also need to be highly available in the case of component failure, and able to recover in the case of major outages, so you need to know the various ways of implementing high availability and fault tolerance.
Technologies you need to understand include Amazon Elastic Load Balancing, Amazon Route 53 and Amazon RDS Read Replicas and Multi-AZ.
You also need to understand the AWS Global Infrastructure in order to determine how to design application stacks to best use the underlying infrastructure architecture.
Question: You are a Solutions Architect at a media company, and you need to build an application stack that can receive customer comments from sporting events. The application is expected to receive a significant load that could scale to millions of messages within a short space of time following high-profile matches.
As you are unsure of the load required for the database layer what is the most cost-effective way to ensure that the messages are not dropped?
- Use RDS Auto Scaling for the database layer which will automatically scale as required
- Create an SQS queue and modify the application to write to the SQS queue. Launch another application instance that polls the queue and writes messages to the database
- Write the data to an S3 bucket, configure RDS to poll the bucket for new messages
- Use DynamoDB and provision enough write capacity to handle the highest expected load
Answer: 2, Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly scalable, hosted queue for storing messages in transit between computers and is used for distributed/decoupled applications. This is a great use case for SQS as you don’t have to over-provision the database layer or worry about messages being dropped.
Question: A new Big Data application you are developing will use hundreds of EC2 instances to write data to a shared file system. The file system must be stored redundantly across multiple AZs within a region and allow the EC2 instances to concurrently access the file system. The required throughput is multiple GB per second.
From the options presented which storage solution can deliver these requirements?
- Amazon EBS using multiple volumes in a RAID 0 configuration
- Amazon S3
- Amazon EFS
- Amazon Storage Gateway
Answer: 3, Amazon EFS is the best solution as it is the only solution that is a file-level storage solution (not block/object-based), stores data redundantly across multiple AZs within a region and you can concurrently connect up to thousands of EC2 instances to a single filesystem.
Test Domain 2: Design High-Performing Architectures
This domain makes up 28% of the exam and includes the following objectives:
2.1 Identify elastic and scalable compute solutions for a workload.
2.2 Select high-performing and scalable storage solutions for a workload.
2.3 Select high-performing networking solutions for a workload.
2.4 Choose high-performing database solutions for a workload.
What you need to know
You need to be able to select the best storage and database services to use for a given scenario, taking into account requirements for performance.
Technologies to increase performance may include a caching layer such as Amazon ElastiCache, Amazon DynamoDB DAX, or Amazon CloudFront and you must be able to select the best service to use in the situation presented.
You must know how to effectively implement elasticity and scalability to your application architectures. This means understanding at an architectural and implementation level what to use and how to build it.
Elasticity and scalability services you need to understand, include AWS Auto Scaling, EC2 Auto Scaling, and how to implement these features at the application, storage, and database layers of your application using AWS technology.
Question: A developer is creating a solution for a real-time bidding application for a large retail company that allows users to bid on items of end-of-season clothing. The application is expected to be extremely popular and the back-end DynamoDB database may not perform as required.
How can the Solutions Architect enable in-memory read performance with microsecond response times for the DynamoDB database?
- Configure DynamoDB Auto Scaling
- Enable read replicas
- Increase the provisioned throughput
- Configure Amazon DAX
Answer: 4, Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. You can enable DAX for a DynamoDB database with a few clicks.
Question: A Solutions Architect is designing a workload that requires a high-performance object-based storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service delivers these requirements?
- Amazon S3
- Amazon EFS
- Amazon EBS
- Amazon ElastiCache
Answer: 1, Amazon S3 is an object-based storage system. Though object storage systems aren’t mounted and shared like filesystems or block-based storage systems, they can be shared by multiple instances as they allow concurrent access.
Test Domain 3: Design Secure Applications and Architectures
This domain makes up 24% of the exam and includes the following three objectives:
3.1 Design secure access to AWS resources.
3.2 Design secure application tiers.
3.3 Select appropriate data security options.
What you need to know
You need to understand how to use native AWS technologies and solution architecture to create secure applications. This includes configuring security controls for authentication, authorization, and access and applying encryption to data.
You need to know how to design isolation and separation through AWS service architecture, Amazon EC2 instance deployment options and Amazon VPC configuration.
It is also recommended to understand the best practices for implementing services in the most secure manner and best practices for creating users, groups, and roles using AWS IAM. Which services can use multi-factor authentication is also required knowledge and you should understand the available AWS Directory Services at a high-level and when to use them.
Questions often come up asking you to identify which technologies include DDoS mitigation and these include AWS Auto Scaling, Amazon CloudFront, and Amazon Route 53.
You should also know how to implement monitoring and logging using Amazon CloudWatch and AWS CloudTrail, when and what penetration testing you are allowed to perform within the AWS cloud and what compliance programs AWS comply with.
Technologies you need to know for domain 3 include Amazon VPC, AWS KMS, AWS CloudHSM, AWS IAM, Amazon Cognito, and AWS Directory Services.
Question: The development team at your company have created a new mobile application that will be used by users to access confidential data. The developers have used Amazon Cognito for authentication, authorization, and user management. Due to the sensitivity of the data, there is a requirement to add another method of authentication in addition to a username and password.
You have been asked to recommend the best solution. What is your recommendation?
- Integrate IAM with a user pool in Cognito
- Enable multi-factor authentication (MFA) in IAM
- Integrate a third-party identity provider (IdP)
- Use multi-factor authentication (MFA) with a Cognito user pool
Answer: 4, You can use MFA with a Cognito user pool (not in IAM) and this satisfies the requirement. A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign-in to your web or mobile app through Amazon Cognito. Your users can also sign-in through social identity providers like Facebook or Amazon, and through SAML identity providers.
Question: You have been asked to come up with a solution for providing single sign-on to existing staff in your company who manage on-premise web applications and now need access to the AWS management console to manage resources in the AWS cloud.
Which product combinations provide the best solution to achieve this requirement?
- Use your on-premise LDAP directory with IAM
- Use IAM and MFA
- Use the AWS Secure Token Service (STS) and SAML
- Use IAM and Amazon Cognito
Answer: 3, Single sign-on using federation allows users to log-in to the AWS console without assigning IAM credentials. The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (such as federated users from an on-premise directory). Federation (typically Active Directory) uses SAML 2.0 for authentication and grants temporary access based on the users’ AD credentials. The user does not need to be a user in IAM.
Test Domain 4: Design Cost-Optimized Architectures
This domain makes up 18% of the exam and includes the following objectives:
4.1 Identify cost-effective storage solutions.
4.2 Identify cost-effective compute and database service.
4.3 Design cost-optimized network architectures.
What you need to know
A relatively small but still important area of the exam requires architects to consider cost-effectiveness when deploying application on AWS. You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario.
Question: You need to run a production batch process quickly that will use several EC2 instances. The process cannot be interrupted and must be completed within a short time period.
What is likely to be the MOST cost-effective choice of EC2 instance type to use for this requirement?
- Reserved instances
- Spot instances
- On-demand instances
- Flexible instances
Answer: 3, the key requirements here are that you need to deploy several EC2 instances quickly to run the batch process and you must ensure that the job completes. The on-demand pricing model is the best for this ad-hoc requirement. Though spot pricing may be cheaper, you cannot afford to risk that the instances are terminated by AWS when the market price increases.
Question: An Architect is designing a serverless application that will accept images uploaded by users from around the world. The application will make API calls to back-end services and save the session state data of the user to a database.
Which combination of services would provide a solution that is cost-effective while delivering the least latency?
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, DynamoDB
- API Gateway, Amazon S3, AWS Lambda, DynamoDB
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, Amazon RDS
- Amazon S3, API Gateway, AWS Lambda, Amazon RDS
Answer: 1, Amazon CloudFront caches content closer to users at Edge locations around the world. This is the lowest latency option for uploading content. API Gateway and AWS Lambda are present in all options. DynamoDB can be used for storing session state data
The good news is all of this knowledge can be attained through hands-on training and reading freely available articles on the AWS website.
Step 1: It all starts with practice
One of the keys to learning any technology is to play with it. If you don’t work in AWS – don’t worry. Not everyone has the chance to work with technologies they’re studying in a professional context and I’ve certainly passed many exams without having actual on-the-job experience.
With AWS you can set up an account for free and the free tier allows you to use specific AWS services at no cost. Just go to: https://aws.amazon.com/free
The free tier offers plenty for free including (but not limited to):
This is a great way to get experience and you can bring stuff up and tear it down again without it costing you a cent. It’s amazing how much you can do in the free tier for a whole year!
Step 2: Online Video-Based Training
Online video-based training is an awesome tool. There are many great online courses for AWS certification that allow you to just sit back and soak it all up. The great thing about video is you have an expert and experienced instructor who can help guide you through the technology and point out useful tips for passing the exam.
Courses can vary from death-by-powerpoint to heavily lab-centric and this is where the problem with using them in isolation lies. The courses that are heavy in content can be very dry and tedious, and the more practical courses will be light on content and won’t get you anywhere near ready to pass the exam.
To ensure that you pass your exam first time AND gain practical experience on AWS, enroll in the hands-on video course for the AWS Certified Solutions Architect Associate from Digital Cloud Training. This popular course comes with over 20 hours of practical hands-on exercises, quiz questions, exam crams, and much more.
Step 3: Theory
Some people find this the boring part but there’s no substitute for theory and lots of reading is always necessary. I like to get plenty of hands-on practice with a technology before I get stuck into the theory part which really helps things to make sense (and keep it interesting). It’s important to keep practicing as well as you gain more knowledge – use it or you lose it!
The AWS website has a great amount of information so you can pretty much just use that if you like. There are some books around as well but things move fast in the AWS world and they’re generally out of date by the time they’ve been published.
My strategy when learning theory is to take copious notes. When watching online courses, I also take notes of the key facts. Having concise, summarised training notes becomes really valuable when you’re trying to remember thousands of facts, as you can refer back at any time without having to read lengthy articles. Try using a digital note tool such as Microsoft OneNote or Evernote.
We’ve compiled a comprehensive list of training notes for the AWS Certified Solutions Architect – Associate exam. This is an up-to-date and free resource, and took a lot of time to put together so it would be great to see people making use of it. I’ll be updating the training notes as the technology and exam evolve. You can also purchase a downloadable version of our popular training notes or get a hard copy from Amazon.com.
Step 4: Practice Questions
One of the most important tools to use to both learn and evaluate your readiness for the exam is practice questions. Using high-quality practice questions helps you to understand the types of questions you’re likely to encounter in the exam and can help you to identify areas of weakness.
The challenge however is finding good quality practice questions. There have always been tonnes of exam dumps on the Internet and various companies serving up low-quality questions (that they generally copy from each other).
These can be incredibly misleading and the questions are often written in poor English, the answers are incorrect, and the explanations (if there are any) are confusing.
Remember, AWS changes fast so the questions need to be up to date. I would steer well clear of poor quality or out-of-date questions. Instead, check out the high-quality practice exams from Digital Cloud Training that include access to the online exam simulator with over 500 unique practice questions.
I’d suggest testing yourself repeatedly throughout your journey, don’t wait until you’re getting close to exam time. Practice questions should be considered both a learning tool and an evaluation tool and should therefore be used from early on.
Free Practice Questions
Check out our free sample practice questions or purchase the full set of high-quality practice exams Solutions Architect from Digital Cloud Training. I have deliberately made these questions challenging enough that they match and in some cases exceed the level of difficulty of the exam. This is to ensure you’re prepared for the tougher questions you are faced with.
Step 5: Exam Time – Final Tips
Another key to my success with taking IT certification exams is that I never book the exam until I’m sure I’m ready. You need to be getting 80-90% of the practice questions right before you should even think about booking. The actual pass mark is much lower than this but there will always be surprises on the day with technologies you didn’t cover enough in your training.
Once you’ve got some practice, watched our video course, done a lap of my training notes, and can ace the practice questions, you’ll be ready. I like to schedule my exams in the morning when my brain is at its best, but not too early that I have to stress about being on time. If you’ve prepared adequately you shouldn’t need to cram at the last minute so clear your head of any stresses and turn up fresh.
For each question try to skim read it first and look over the answers. You can develop a knack for this and often you’ll quickly work out what the answer is likely to be. Then, go back over the question in detail and make sure you haven’t missed anything before you make your selection.
Some questions will be single choice, multiple choice with a specified number of answers, or you may need to select “all that apply”. Make sure you don’t get this wrong as it’s an easy mistake to make!
If you get stuck on a question, give it your best answer and mark it for review and come back to it at the end. This is a good way to ensure you don’t get too stressed about it and will hopefully have plenty of time at the end of the exam to give it some more thought. Only mark answers for review that you really need more time on.
AWS certification exams are quite well written so there aren’t usually too many confusing questions. If you have used high-quality training materials to prepare you should be well equipped to handle whatever they throw at you on the day. Check out the popular training from Digital Cloud Training below which take you from just starting out with AWS to being a proficient builder on AWS and fully equipped to ace your exam.
Whether you’re just getting started with AWS Certification Training, have on-the-job experience, or are continuing your education after taking other AWS exams, you will need to cover both the theory and practical aspects in your journey.
AWS Hands-On Labs
This is the FUN way to learn AWS! Our AWS Certified Solutions Architect Associate Video course teaches you AWS from creating a Free Tier account right through to building complex applications – delivered through guided practice labs. No other course gives you so much hands-on experience with the AWS Cloud.
AWS Practice Tests
Our AWS Certified Solutions Architect Associate Practice Exams are designed to be representative of the question format and difficulty of the actual AWS exam. These are a great way not just of assessing your readiness, but also for learning the concepts as we provide detailed explanations and reference links for every question. But don’t leave it until the last minute, get started with AWS Certified Solutions Architect Associate Practice Exams early so you can ensure you’re on track.
Happy studying and good luck with your AWS exams!