3 Answers
Congratulations Jutin ! Any whitepapers or reinvent videos you found helpful and would recommend I am planning to take the exam in next 2 weeks
Thanks! I read the KMS Best Practices whitepaper and would recommend it (even though they can be such a drag). I didn’t watch any re:invent videos for any of the certs I hold.
Congratulations, nicely done! That’s a lot of brilliant feedback too (Active Directory is an interesting one there), and hopefully, it helps others with their studies as well. Well done, and enjoy your success!
Best of luck with the next steps on your cloud journey!
Thanks! I couldn’t have done it without acloud.guru.
I’ve just completed Security speciality exam & found few more topics appeared:
ACM, IOT, ADFS & Cloud directory, IPS & review VPC logs to find correct answer.
Thanks for the tips. I too saw VPC Flow Logs, but only a couple questions and the picture was easy to tell what happened. I don’t remember seeing IOT on my exam though. Could you elaborate a bit on the IOT questions you saw? I’m curious.
If you can’t use SCPs, what can you use? AWS Organisations?
I didn’t see any answer with a mention of AWS Organizations, OUs, or SCPs which is where my mind immediately went when I read 1000+ AWS accounts need access restrictions applied. There were numerous options such as: 1) Listing ALL the AWS account ids in an IAM/Bucket policy; 2) Using Lambda to Change IAM/Bucket Policies Programmatically; 3) Settings up a Trust between the central account and the other 1000+ and using something like STS to delegate access. There were some other options I can’t recall anymore… I can’t speak to what I think the right answer is because I’m not confident I got that question right.
That’s a tough one. Thanks for the reply. I have the exam on Thursday so this update has been really useful.
I passed too – questions said above did not overlap – there was one question specifically about Cognito internals, ACM Private Certs, a few IAM Policy statements showing Effect, Action, Policy etc. and which one best describes the above requirment and other way around – for this IAM statement, what does this mean? It was hard for me but I passed with mid-range score.
Wonder if a policy like the following would work for that deny: "Effect": "Deny", "Action": "s3:", "Resource": "", "Condition": { "StringLike": { "aws:SourceAccount": "12345678910" } }
Which would deny everyone but the stated source account from any s3 actions.
I’m taking the exam this coming Saturday. If I see a question like that I’m looking for the option to set up cross account access for each of the other accounts. Have each of the account provide a unique self assigned "ExternalID" to be required as a condition in the Trust policy created in the central account. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html