My tips to Security Specialty Exam

Last month I was able to take the Security Specialty test and, luckily enough, I passed it. When I say I was lucky, I don’t mean I had luck in the test itself, my luck is related to have A Cloud Guru and all members of this forum. All I want to say is thank you for everybody who helped me either by explaining subjects in a very understandable way and/or by taking time to post on this forum, giving tips and hints on how to succeed.

So, I want to give it back: below is my contribution to this lovely, friendly, and helpful forum.

It is my third certification and it was the hardest one by far. On the other hand, it was the one that I was way more prepared. I started to study in September of 2018. I took the A Cloud Guru course and read a couple of whitepapers. I had been thinking I was well prepared to the test when I started to notice many posts in the forum saying the course was not enough and how hard the exam was. So, I decided to go over all the topics and suggestions people made in this forum.

If you are starting now to prepare to the test, I strongly suggest you go deeper in all these topics:

• IAM: you must know everything about policies, users, groups and roles. Roles are always good options for answers since they are safer, however, I got at least one question where you could not use a role. Be aware of that. Also, remember that there are IAM policies, Organization policies (service control policies) and resources policies. Also, remember to study cross-account scenarios, such as “I have a user in one account and want to access another using a role with a specific permission”.

• KMS: as Ryan said in the course, you really need to know everything inside out. Give a special attention to key policies (really, really important: remember when you give root account permission to the key it means you will be allowed to use IAM policies to grant permissions in that key). Also, it’s important to know the way each service uses the keys (EBS vs S3, for instance).

• Logging and Monitoring: my mark was 813 in the exam, in this area I did not perform well. From what I studied, go over CloudTrail, CloudWatch, AWS Config, Inspector, Trusted Advisor (focus on troubleshooting as well).

There are also some topics that are really simple to grasp even if you don’t have experience on using it, here they are:

• Organizations: know how to setup and the service control policies

• Glacier: specially the vault lock policies

• Policies conditions: know the syntax, and the common ones such as MultiFactorAuth and NotPrincipal

• Athena: know the basics of the service, read the FAQ, and understand common use case scenarios

• Macie: know the basics of the service, read the FAQ, and understand common use case scenarios

I read all forum posts about tips and all were really helpful but this one from matthieu.lienart was really impressive (https://acloud.guru/forums/aws-certified-security-specialty/discussion/-LRWgDUR4g_QZYhfvCOq/what_i_studied_on_top_of_acg_t) I highly recommend following his tips, specially the Re:invent videos.

Finally, I read many complains about the A Cloud Guru course saying it is outdated and it does not have the right content. I would say I do not agree 100% with the complains. I think the course if not enough for taking the tests. Period. However, I think there are many topics that are well covered, such as VPC, for instance. Besides that, I always see A Cloud Guru as a starting point, as the introduction of a specific topic, which I would follow by reading blogs, watching re:invent videos and so on. Therefore, what I miss is at least some introductory lesson of a service or a solution that can be on the test and which I have never be aware of. If you provide the starting path, the rest of the journey is with me… 😊

I hope this text helps. If you need any other advice, feel free to contact me.