My observations are:
1) I found the Legacy connectivity is the toughest part in the exam. You may have to refer to lot of scenarios from various sources like the yahoo groups, whizlabs simulator etc...
2) Though I have got enough experience in internalization, I got only 50% (1/2) because the questions are tricky
3) For design patterns, its worth going thro Whizlabs simulator. Its worth going thro' all the design and EJB questions in it Also you must have thorough knowledge on the intent, applicability sections of all the GOF design patterns
4) For security, I concentrated on applets and other concepts like authentication, authorization etc...But got one question on untrusted classes. So you must concentrate on the classloader level securitiy features also
5) For RMI-IIOP, the following link gives you a good understanding: http://www.javaworld.com/javaworld/jw-12-1999/jw-12-iiop_p.html
6) You will get atleast one question in transaction attributes in EJB and a question on ejb activation/passivation mechanism
7) Know about how transactions can be propogated across multiple beans and multiple bean methods
8) For UML and its diagrams, UML Distilled by Martin Fowler will do good for diagram
(If you would like to know indepth details on how to design, then you may start with Martin Fowler's book. Its an excellent one. Also you may refer to http://www.objectsbydesign.com.
I have 3 years of design experience)
9) Regarding load balancing, the following link may be useful: http://www.onjava.com/lpt/a/1228
I have already done clustering and load balancing using apache's mod_jk and hence it was easy for me
10) Regarding the Service Level Archicetcure, the SCEA Study guide chapter one will be suffice
11) Regarding EJBs, you may have to be very thorough with the book: Enterprise Java Beans from Orielly publications
12) Its worth going thro' sun's J2EE tutorial as you get few hints/tips
13) Some questions are tricky.
For example, you may have to select a protocol for a given scenario. The keywords that you get from the question is "syncronous calls in a legacy system". The options to select will be "HTTP", "JMS", "IIOP", "HTTPS". You may have to select IIOP since IIOP and JRMP are synchronous in nature. JMS is asynchronous model.
Thanks to the group members for their contribution in sharing their knowledge.