Did you know most people don’t fail the AWS SAA-C03 exam because they didn’t work hard enough? They fail because they overlooked the little stuff.
1. You Don’t Fully Understand Route Tables in VPC Peering
People assume that once VPCs are peered, everything just magically routes. If you don’t manually update route tables in both VPCs, your traffic’s going nowhere. AWS won’t fix it for you. The exam loves this gotcha.
Tip: Always double-check route table entries and remember — peering is non-transitive.
2. You Think S3 Is Always Consistent (Because It Used to Be)
AWS updated S3 to strong consistency, but many people still study outdated material.
Tip: S3 now has strong read-after-write consistency for all operations. Don’t fall for old info on the test.
3. You Confuse IAM Policies, Resource Policies, and Permission Boundaries
This is the Bermuda Triangle of AWS security. Even experienced devs fumble here.
- IAM Policy = attached to a user/role
- Resource Policy = attached to the AWS service (e.g., S3 bucket)
- Permission Boundary = limits what a role can do, even if its IAM policy says “yes.”
Tip: AWS may show all three in a question — don’t panic. Read slowly and trace the permissions’ path.
4. You Think Multi-AZ = DR Strategy
Multi-AZ = resilience for hardware failures, not full-blown regional disasters. If an entire region goes down? You're toast unless you’ve built a multi-region architecture.
Tip: Know the difference between high availability (HA) and disaster recovery (DR).
5. You Underestimate the Exam’s Obsession With Cost Optimization
AWS won’t just ask, “What works?” They’ll ask, “What’s the cheapest option that works?”
Tip: Know the pricing traps. NAT gateways, data transfer between AZs, and EBS snapshots can sink you.
6. You’re Guessing Between Load Balancer Types
- ALB (Application Load Balancer) = HTTP/HTTPS, Layer 7
- NLB (Network Load Balancer) = TCP/UDP, ultra-low latency, Layer 4
- CLB (Classic) = legacy — avoid unless specifically asked
Tip: Know use cases cold. They’ll describe a scenario, and you’ll have to match the right LB.
7. You Ignore Practice Test Logic
Doing practice exams without reviewing why you got a question wrong is like lifting weights but never increasing the weight.
Tip: The value isn’t just in getting the answer right — it’s in understanding the wrong answers too.
8. You Don’t Understand Lifecycle Hooks in Auto Scaling
Auto Scaling isn’t just “set and forget.” What happens before the instance is added? Or after it’s terminated?
Tip: Lifecycle hooks let you pause scaling events to run scripts/configurations. These show up in tricky questions!
9. You Mix Up Secrets Manager and SSM Parameter Store
Both can store secrets. But they’re not interchangeable.
- Secrets Manager = built for rotating DB credentials, RDS, etc.
- Parameter Store = good for plain key-values, configs
Tip: If the question involves rotation or audit logging, go with Secrets Manager.
10. You Ignore Regional vs. Global Services
AWS loves to ask this in subtle ways.
Is IAM regional? (Nope.)
Is DynamoDB regional? (Yes.)
Is it S3? (Trickier than you think — it’s a global namespace, but data is region-specific.)
Tip: Make a list. Know what’s global vs. regional by heart.
AWS wants you to think like an architect, not just memorize services. They want you to weigh trade-offs, choose the most secure, scalable, and cost-effective solution, and do it fast under pressure.
No comments:
Post a Comment