I passed the exam on November 24th, 2018. Before taking this exam, I held all three Associate certifications and the Security Specialty certification. I passed with an 80% score, and it took 69 minutes.
This exam is very difficult - on par with the Security Specialty exam! You will not accidentally pass this exam. :)
You need to know your STS use cases inside and out. Remember that you generally need to develop an identity broker, your application will authenticate against LDAP or your broker, and then against STS. Your application will not directly authenticate against STS first!
Understand how cross-account access, and granting that access, works.
Remember to turn on the Cloudtrail “global services” in order to track IAM usage.
Prefer Cloudformation for version controlled infrastructure configuration.
Use SQS queues placed in front of RDS/DynamoDB to reduce the load on your databases!
Use Kinesis for large amounts of incoming data, especially when it’s coming from multiple sources.
Any time you see the words “mobile app”, “social networking login”, “Login with Amazon”, or “Facebook” on the exam, you should immediately be able to narrow down the answers - hint: the correct answer will probably involve Web Identity Federation.
Play around with this CIDR calculator if you have trouble understanding VPC/subnet CIDR ranges and possibilities. Always remember that AWS reserves five IP addresses for their use (first four IP’s and the last IP).
There are usually two blatantly incorrect answers, and two answers that could be right. Narrow down your choices.
Understand the various best practices for encrypting data at rest and in transit.
You need to understand ELBs, Auto Scaling, and how to architect a scalable architecture. By this point in your AWS studies (assuming you already have an Associate certificate), you should have this pretty down pat. I recommend watching this video for a cool overview of setting up low latency multiplayer servers globally.
Even though Data Pipeline has been pretty much usurped by Lambda, it features fairly heavily on the exam. Definitely watch the ACloudGuru videos on Data Pipeline (and follow the labs) before taking the exam.
AWS Connector for vCenter shows up in one or two questions, and is worth knowing about.
You need to know the different instance types and what usage scenarios are appropriate for them. Remember that if you receive a capacity error when resizing a placement group, you just need to stop and restart the placement group - this will allocate the group to a new physical cluster with a proper amount of instances.