Home › Forums › AWS › AWS Certified Solutions Architect Associate › Some inaccuracies in test explanations
-
Recently I purchased “AWS Certified Solutions Architect Associate Practice Exams SAA-C03 2024”. While making a test in a review mode, I noticed a few inaccuracies that I wish to report:
All the following issues are for “Review Mode Set 1 – AWS Certified Solutions Architect Associate” of the aforementioned “course” (as it’s indicated on the website).
I will provide the question’s prefix and the issue description.
Prefix: “A company requires all the data stored in the cloud to be encrypted at rest. To easily integrate this with other AWS services, they must have full control”
Issue: the phrase “You might have keys that are required to be stored in an HSM that has been validated to FIPS 140-2 level 3 overall (the HSMs used in the standard AWS KMS key store are either validated or in the process of being validated to level 2 with level 3 in multiple categories).”
is outdated, currently all the HSMs are level 3 compliant
“This new certification gives customers assurance that all cryptographic operations involving their keys in AWS KMS happen within an HSM certified at FIPS 140-2 Security Level 3.”
Source: https://aws.amazon.com/about-aws/whats-new/2023/05/aws-kms-hsm-fips-security-level-3/
Prefix: “A suite of web applications is hosted in an Auto Scaling group of EC2 instances across three Availability Zones and is configured with default settings.”
Issue: the diagram and explanation are slightly lacking depth and accuracy. If the instance is launched from the launch config, it has a preference in being terminated (I guess it has something to do with deprecating launch configuration). Also there is no need for “multiple instances” to have outdated configuration, even one will suffice. Overall, there are so many things that could be improved that I would suggest to redo the diagram and explanation. Furthermore, explanation does not mention existence of other termination policies.
Source: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html
——-
When I searched “tutorials dojo bug report” in Google, I got no useful results; nor could I find anything useful after skimming the website. I suggest to add information (and, potentially, reward) for bug report filing. It might encourage people to report issues.
- This discussion was modified 4 months ago by Privat33r. Reason: Removing html tags that were added in a fancy editor earlier and later broken by xss protection
-
Hello Learn3r.31337,
Good day!
Thank you for your detailed review and feedback.
Regarding the Encryption and HSM Compliance, the issue with the HSM compliance level is noted. The current standard for AWS KMS HSMs is indeed FIPS 140-2 Security Level 3 for all cryptographic operations, as detailed in the latest AWS update (https://aws.amazon.com/about-aws/whats-new/2023/05/aws-kms-hsm-fips-security-level-3/ ) . We will update the practice exams to reflect this.
We appreciate your insights regarding on the Auto Scaling group diagram and explanation are valid. The current content was intentionally simplified for ease of comprehension. However, we understand that additional details on instance termination preferences and policies, as outlined in the AWS documentation, are crucial for a thorough understanding. We will review the diagram and explanation to ensure they accurately reflect the latest practices.
Regarding the bug reporting process, we understand the need for improvement. We value your suggestion and will consider it to encourage more effective feedback.
Thank for your effort in helping us improve our materials.
Best regards,
Neil @ tutorials dojo
Log in to reply.