Certified Security - Specialty

Sign Up Free or Log In to participate!

I passed the Certified Security – Specialty with 805/1000 (full review).

I passed the AWS Certified Security – Specialty on Feb 7th with a 805/1000, it was a hard exam, no so wordy, but tricky enough to be considered one of the hardest that I have presented.

If I can define it in one sentence, I would say: "Troubleshooting, troubleshooting and more troubleshooting… plus some unusual combination of services to implement secure architectures".

To help others to concentrate their efforts, here is a list of services and concepts that I found in the exam. They organized by number of appearance (both in questions and answers).

If you are serious about the exam, the list can be found here are with my "memories" about the whole experience https://www.ioconnectservices.com/articles/aws-certified-security-specialty-tips/.

Services and concepts

You need to be proficient with:

  • KMS plus Identity policies

  • Troubleshooting concepts on all the services

  • CloudWatch Architecture

  • CloudTrail Architectures

High number of appearances

  • S3 Bucket policy


  • WAF

  • Automated Response

  • CloudWatch Events

  • CloudWatch Alarms and Metrics

  • Use of Roles (assume roles, trust policy, EC2 roles)

  • Cross Account Access

  • System Manager Param Store

  • S3 Encryption at rest

Surprising appearances (not so much if you know them)

  • VPN

  • Direct Connect (DC)

  • VPC Endpoints at high level

  • Kinesis

  • CloudFormation

Regular appearance in the exam

  • Config

  • Inspector agent

  • Centralized Logging

  • Service Control Policy

  • Permission Boundaries

  • CloudWatch Filters

  • Bastions

  • System Manager (SSM) agent

  • Packet Capture

Low appearance

  • ACM

  • GuardDuty

  • Trusted Advisor

  • EC2 Key Pairs

  • Network artifacts in general other than those already mentioned (NATs, Gateways)

  • Identity Federation with Cognito

  • Encryption SDK

Appeared once and as incorrect answers

  • DNS queries

  • S3 Access Logs

  • VPC Flow Logs

  • Abuse Notification

The missing ones

  • Bucket ACLs

  • CloudFront

  • Signed URLs

  • Event Buses

  • Route53

  • Wipe process for EBS and EC2 Memory

  • AWS Shield

Be prepared to combine services and solutions in unusual ways and use the AWS Developer Guides as your main source of samples.


Amazing! thanks a lot for the info


and congratulations on passing the exam ;))

1 Answers

congrats on passing Sergio!

Sergio Deras

Thank you Faye 🙂

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?