Certified Security - Specialty

Sign Up Free or Log In to participate!

Feedback on Security exam

Passed the exam. Thank you CG for the assist preparing the exam, it was very helpful. I have to agree with most recent feedback. The course needs updating. At the same time, the various feedback listed accurately all the topics that are not covered by the course but should. Here is a list of the topics I had during the exam:

  • CloudTrail and Config (easily 50% of the exam and most of the time, in the answer) + Lambda/Kinesis

  • CMK KMS (know it all, it is vital, key policy, policy actions)

Note: I had one or two questions where they tried to confuse KMS and SSL.

Note: Off exam. The new Custom Key Store is awesome to use (finally) CloudHSM within KMS. Check it out!

  • Active Directory connecting to on-premise (many questions)

  • Organizations, OU, and Service Control Policies (many questions)

  • Managing secrets (SSM & AWS Secret Manager) (3/4 questions)

  • Comparing Guard Duty / Trusted Advisor / Inspector / Config / CloudTrail (Know what each one does and how it compares)

  • Athena + CloudTrail (3/4 questions)

  • Strategy for addressing EC2 instance corruption / Forensic (3/4 questions)

  • AWS Certificate Manager (3/4 questions) and the use of SSL to secure communications (CloudFront, ALB)

  • SSM for instance maintenance with mostly, RUN and PATCH (2/3 questions)

  • GuardDuty (Present in many questions as answer material but not the answer; and only one, specifically on GuardDuty capabilities)

  • Glavier Vault Lock mechanism (2 questions)

  • Maice (1 question, Know what it is for = identify, report and act on PII/sensitive data in S3)

  • Artifact (1 question, Know what it is for = compliance documentation)

  • Somehow, SES ports (present in all feedback and I had a question as well)

  • No question on CloudHSM 🙁

And of course, all the usual suspects: VPC, NACL, SG, Bucket policy, … (If you did an Associate course, you know about it)

There is a clear emphasis on policy conditions especially kms (know kms:ViaService and the required set to decrypt) and S3 (learned in the process about aws:Referrer).

I was very surprised by a few questions where I choose AWS marketplace for solutions (Firewall, Packet sniffer, etc) as opposed to AWS services because of how the questions were phrased.

Best of luck,

PS: In my opinion, the questions are not as difficult as the professional certificates. Most are short with a few twists (Read carefully).

Joshua Bregler

Thank you for the feedback! Are there any whitepapers you can recommend that might cover any missing materials?

Daniel Mercier

I read the suggested ones but my best source of knowledge was without doubt the RE:Invent videos on security and AWS services not covered in the course.

2 Answers

I recently passed AWS associate architect. I am planning to take this course. I see that the aCloudGuru is not updated yet to the latest exam content. any recommendations on any other course which is close to the security specialty content?

Daniel Mercier

My training regimen was to follow this course, look into more details the topics mentioned above, and watch the RE:Invent videos on the topics.

Aaquil Aseel


Hi All, 

just to let you know that we have begun updating the course for 2019, based on student feedback. I have added a section today which I will continue to build out over the next few weeks to include any gaps in the course. 

I have also added a lecture covering additional resources and grouping together all the best White Papers and re:Invent videos to watch. 

If you have anything to contribute, please do let me know!



Daniel Mercier

Thumbs up

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?