I passed the AWS Certified Security – Specialty on Feb 7th with a 805/1000, it was a hard exam, no so wordy, but tricky enough to be considered one of the hardest that I have presented.
If I can define it in one sentence, I would say: "Troubleshooting, troubleshooting and more troubleshooting… plus some unusual combination of services to implement secure architectures".
To help others to concentrate their efforts, here is a list of services and concepts that I found in the exam. They organized by number of appearance (both in questions and answers).
If you are serious about the exam, the list can be found here are with my "memories" about the whole experience https://www.ioconnectservices.com/articles/aws-certified-security-specialty-tips/.
Services and concepts
You need to be proficient with:
KMS plus Identity policies
Troubleshooting concepts on all the services
High number of appearances
S3 Bucket policy
CloudWatch Alarms and Metrics
Use of Roles (assume roles, trust policy, EC2 roles)
Cross Account Access
System Manager Param Store
S3 Encryption at rest
Surprising appearances (not so much if you know them)
Direct Connect (DC)
VPC Endpoints at high level
Regular appearance in the exam
Service Control Policy
System Manager (SSM) agent
EC2 Key Pairs
Network artifacts in general other than those already mentioned (NATs, Gateways)
Identity Federation with Cognito
Appeared once and as incorrect answers
S3 Access Logs
VPC Flow Logs
The missing ones
Wipe process for EBS and EC2 Memory
Be prepared to combine services and solutions in unusual ways and use the AWS Developer Guides as your main source of samples.
congrats on passing Sergio!