Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

7.3. Reflection and Final Exam Checklist

Use this checklist in the week before your exam. Think of it like a pre-exam dry run: for any item you can't answer confidently, return to that subsection. Without this final consolidation, it's easy to walk into the exam with knowledge spread across 60 subsections but no clear thread connecting them under pressure. Consider this scenario — you're 40 questions in, you see a complex IAM policy evaluation question, and you can't recall the evaluation order from memory. That's the gap this checklist is designed to close. Unlike re-reading the entire guide, this targeted review surfaces only the highest-stakes gaps in the final stretch.

Monitoring and Logging:
  • Name the two EC2 metrics NOT published by default and the service that enables them
  • Configure a CloudWatch alarm with the correct period/evaluation/datapoints-to-alarm for a 5-minute sustained breach
  • Explain the difference between a composite alarm and a standard alarm
  • Describe three Logs Insights query commands and their SQL equivalents
  • Explain why you'd configure CloudTrail to deliver to CloudWatch Logs vs. S3 only
Reliability:
  • Name all five EC2 Auto Scaling policy types and explain when to use predictive scaling
  • Explain lifecycle hooks and give two launch-time and two termination-time use cases
  • Describe the cache-aside pattern and when it fails (cache stampede)
  • Map each DR strategy (Backup/Restore, Pilot Light, Warm Standby, Multi-Site) to a specific RTO range
  • Explain DynamoDB PITR — is it on by default? What's the restore window? Does it restore in-place?
Deployment:
  • Explain the four CloudFormation helper scripts and which one sends a signal to the stack
  • Describe the blue/green deployment mechanism for ECS with CodeDeploy
  • List the five Systems Manager capabilities most likely to appear on the exam and their use cases
  • Explain the difference between AWS Config (detective) and SCPs (preventive)
  • Describe the CDK construct hierarchy (L1, L2, L3) and give an example of each
Security:
  • Recite the IAM policy evaluation order from memory
  • Explain what a permission boundary does and what it does NOT do
  • Describe RDS encryption: when must it be set? What's the process to encrypt an existing instance?
  • Explain Secrets Manager rotation: what are the three version stages?
  • Map GuardDuty, Inspector, and Macie to their threat type and data source
Networking:
  • Explain why a NACL blocking ephemeral ports causes connectivity failures
  • Describe the architectural difference between security groups and NACLs in one sentence each
  • Explain the cost difference between S3 gateway endpoint and NAT gateway for S3 traffic
  • Describe the Route 53 failover routing requirement that candidates most often miss
  • Explain when to use Global Accelerator instead of CloudFront

This study guide covers the complete SOA-C03 syllabus across all five domains. For maximum retention, use the companion flashcards for spaced repetition review and the practice question bank to simulate exam conditions.

Good luck — you've built the mental models. Trust them.

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications