I passed the AWS Security Specialty exam on Sunday with a score of 861/1000. Thanks to ACloduGuru course. The course here helped a lot and I had already completed the Linux Academy one which was helpful as well. In addition to the ACloudGuru Security Speciality course, I has also gone through the videos and quiz for the AWS Practical Event Driven Security on ACloudGuru for few of the AWS Services – CloudTrail, GuardDuty and AWS Config. The exam simulator helped me in gaining confidence before appearing for the actual exam. I attempted the simulator test exam 3 times with 72, 83 and 95% score , identifying the weak areas and focusing on the same.
In addition to this ACG and LA course, i went through the udemy course on AWS Security by Zeal Vora for few of the core security services, esp KMS. Know the limits for No. of rules for NACLs and SGs and no. of SGs associates with instance, as there were few questions asking to block traffic from thousands of suspicious IPs which cannot be done through SG or NACL as limit allows only 100 rules per NACL i guess, and 250 rules per instance (50 rules per SG and 5 SGs per instance limit)
The KMS Best practices whitepaper is a must, as it did cover 3 to 4 questions (e.g. use of encryption context in key-policy and sample CMK key-policy to delegate permissions to IAM for an account) . Also go through the DDOS Whitepaper
Know the IAM policies and conditions, as couple of questions on what does the IAM policy do.
In addition to questions from core services like KMS, SCP -Orgnizations, IAM, VPC, Config, GuardDuty, CloudTrail , there were few topics which i thought might help.
regarding use of virtual security appliance device along with SGs and NALCs ( promiscuous mode ,etc)
scenario involving application deployed on ECS running inside a docker container
scenario asking to prevent users from connecting to the Ec2 instance metadata service endpoint
IP packet inspection (using third-party or from AWS Marketplace)
When re-importing key material for a deleted key material to an existing CMK, whether to use a new wrapping key and import token, or using existing or old one
Scenario involving configuring AD authentication in cloud and how to prevent connection from Cloud to On-prem but allow AD services in on-prem to connect to cloud
Congratulations on passing your exam; well done! That’s a very respectable score too. Looks like you’ve made good use of one of our other courses too, so it’s awesome that you’ve found that. Those bits of feedback are fantastic, and hopefully help other students who are looking to take the exam!
Best of luck with the next steps on your cloud journey!
I also passed by watching the acloud guru videos and reading the recommended whitepapers and FAQs he mentioned. About 3 weeks prep time.
can someone tell me how to avoid accessing on-prem from cloud "Scenario involving configuring AD authentication in cloud and how to prevent connection from Cloud to On-prem but allow AD services in on-prem to connect to cloud" ?
Configure a one way trust. Cloud hosted AD trusts on-prem domain. On-Prem AD does not trust cloud hosted domain.
yup, got the same question on my exam and got the same answer.
Did you see any questions related to cloud HSM particularly?. can you post any questions related to HSM ?
did not see anything specific to cloud HSM that i remember.
Just passed on 31st. Same areas. Although I only used the course + exam simulator, if you have experience managing secure AWS environments, this should be pretty straight forward. Most challenging questions were around KMS that we had enough detail on the course itself.
Passed the exam yesterday, seen your highlighted questions come up, thanks for sharing them!