Domain Overview
Domain 1: Cloud Concepts
24% of exam questionsFoundational cloud computing principles and AWS value proposition
Domain 2: Security & Compliance
30% of exam questionsShared responsibility model and AWS security services
Domain 3: Technology & Services
34% of exam questionsCore AWS services, architecture, and deployment models
Domain 4: Billing & Pricing
12% of exam questionsCost management, pricing models, and support plans
Domain 1: Cloud Concepts (24%)
This domain tests your understanding of the fundamental benefits and principles of cloud computing.Key Topics
- Cloud Computing Benefits: Trading CapEx for OpEx, economies of scale, eliminating capacity guessing
- AWS Design Principles: Elasticity, scalability, high availability, fault tolerance
- AWS Global Infrastructure: Regions, Availability Zones, Edge Locations
- Well-Architected Framework: Six pillars including operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability
- Cloud Deployment Models: Public, private, hybrid cloud architectures
Sample Question Types
- What are the main advantages of deploying across multiple Availability Zones?
- Which cloud characteristic allows resources to scale automatically based on demand?
- How does the cloud model help reduce time to market?
Domain 2: Security and Compliance (30%)
The largest domain by question count, emphasizing AWS’s shared responsibility model and security services.Key Topics
- Shared Responsibility Model: Understanding what AWS manages vs. what customers manage
- IAM (Identity and Access Management): Users, groups, roles, policies, and best practices
- Security Services: AWS WAF, Shield, GuardDuty, Inspector, Macie, Security Hub
- Compliance Programs: PCI DSS, HIPAA, SOC 2, ISO 27001
- Data Protection: Encryption at rest and in transit, AWS KMS, Secrets Manager
- Network Security: Security groups, Network ACLs, VPC security
The Shared Responsibility Model appears frequently on the exam. Remember: AWS secures the infrastructure (security OF the cloud), while customers secure their data and applications (security IN the cloud).
Security Best Practices
- Enable MFA on root accounts and sensitive IAM users
- Apply least privilege when granting permissions
- Rotate credentials regularly
- Enable CloudTrail for API logging and auditing
- Use IAM roles instead of hardcoded credentials
Customer Responsibilities include:
- Guest OS patching
- Application security
- S3 bucket permissions
- Security group configuration
- IAM user management
Domain 3: Cloud Technology and Services (34%)
The most heavily weighted domain, covering AWS’s core services and technical concepts.Key Service Categories
Compute Services
- Amazon EC2: Virtual servers with various instance types and pricing models
- AWS Lambda: Serverless computing for event-driven workloads
- AWS Elastic Beanstalk: Platform-as-a-Service for application deployment
- Amazon ECS/EKS: Container orchestration services
- AWS Fargate: Serverless container compute
Storage Services
- Amazon S3: Object storage with multiple storage classes (Standard, IA, Glacier, Glacier Deep Archive)
- Amazon EBS: Block storage for EC2 instances
- Amazon EFS: Managed file storage
- AWS Storage Gateway: Hybrid cloud storage integration
Database Services
- Amazon RDS: Managed relational databases (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB)
- Amazon Aurora: High-performance MySQL/PostgreSQL-compatible database
- Amazon DynamoDB: NoSQL database with single-digit millisecond performance
- Amazon Redshift: Data warehousing and analytics
- Amazon ElastiCache: In-memory caching (Redis, Memcached)
Networking & Content Delivery
- Amazon VPC: Virtual private cloud for isolated networks
- Elastic Load Balancing: Traffic distribution across targets
- Amazon CloudFront: Content delivery network (CDN)
- Amazon Route 53: DNS service
- AWS Direct Connect: Dedicated network connection to AWS
Management & Monitoring
- Amazon CloudWatch: Monitoring and observability
- AWS CloudTrail: API call logging and auditing
- AWS Config: Resource configuration tracking
- AWS Systems Manager: Operational management
- AWS Trusted Advisor: Best practice recommendations
Service Selection Scenarios
The exam often presents scenarios where you must choose the appropriate service:- Need serverless compute? → Lambda
- Need long-term archival storage? → S3 Glacier Deep Archive
- Need to distribute web traffic? → Elastic Load Balancing
- Need to cache content globally? → CloudFront
- Need message queuing? → SQS
- Need pub/sub messaging? → SNS
Domain 4: Billing, Pricing, and Support (12%)
This domain covers AWS cost management, pricing models, and support options.Key Topics
Pricing Models
- On-Demand: Pay by the hour/second with no commitment
- Reserved Instances: 1 or 3-year commitments for up to 75% discount
- Spot Instances: Bid for unused capacity with up to 90% discount
- Savings Plans: Flexible pricing for committed usage across EC2, Lambda, and Fargate
Cost Management Tools
- AWS Cost Explorer: Visualize and analyze costs over time
- AWS Budgets: Set custom budgets with alerts
- AWS Pricing Calculator: Estimate costs before deployment
- Cost and Usage Reports: Detailed billing data
- AWS Cost Anomaly Detection: Identify unusual spending patterns
Support Plans
- Basic: Free, includes AWS documentation and forums
- Developer: $29+/month, business hours email support
- Business: $100+/month, 24/7 support, faster response times
- Enterprise: $15,000+/month, includes Technical Account Manager (TAM)
AWS Organizations
- Centralized management of multiple AWS accounts
- Consolidated billing: Combined usage for volume discounts
- Service Control Policies (SCPs): Centralized access control
The AWS Free Tier offers limited free usage of many services for 12 months after account creation. Some services like IAM, VPC, and CloudFormation are always free.
Cost Optimization Strategies
- Right-size EC2 instances based on actual usage
- Use Reserved Instances for predictable workloads
- Leverage Spot Instances for fault-tolerant applications
- Enable S3 lifecycle policies to transition data to cheaper storage classes
- Set up billing alerts to monitor spending
- Use Trusted Advisor cost optimization checks
Exam Preparation Strategy by Domain
Focus Your Study Time
Allocate your preparation time based on domain weights:
- 34% of time → Domain 3 (Technology & Services)
- 30% of time → Domain 2 (Security & Compliance)
- 24% of time → Domain 1 (Cloud Concepts)
- 12% of time → Domain 4 (Billing & Pricing)
Master the Fundamentals
Domains 1 and 2 are foundational. A strong understanding of cloud concepts and the shared responsibility model will help you across all domains.
Practice Service Selection
Domain 3 questions often ask you to choose the right service for a scenario. Create flashcards mapping use cases to services.
Understand Pricing Nuances
For Domain 4, focus on when to use each pricing model and which services are always free (IAM, CloudFormation, VPC).
Practice Distribution in This App
Based on the question bank analysis:- Domain 1: 30 practice questions covering cloud fundamentals
- Domain 2: 35 practice questions on security and compliance
- Domain 3: 50 practice questions across all major AWS services
- Domain 4: 25 practice questions on billing and support