Certified Security - Specialty

Sign Up Free or Log In to participate!

Passed exam last week

Passed the exam last week.

So here is my recap:

Duration: 170 mins, Questions: 65. Time is nonissue – I had plenty to spare

Degree of difficulty: Medium. I have successfully given few other – this was easier, or maybe I have learnt the tricks.

This is a specialty exam so it is 2nd/3rd level down, so almost nothing is definitional. What do you have to do, and How do you exactly do that – configure, trouble shoot, and this is security so – all aspects of security – permissions. And it is a AWS exam so in addition to depth – there is always some breadth- be prepared, else if depth does not get you breadth will. On the other hand, breath can often compensate for lack of specific depth and come to the rescue.

I have read here by several – it is all about KMS. I would disagree, KMS is important part of the exam but far from the biggest.

My Prep: Couple of weeks, I do everything the hard way- No courses. I used AWS Documentation and some videos. AWS docs are super excellent, if you are not hands-on or have not used some of these services – videos can bridge the gap quite well. White Papers- No, they are mostly high level – the exam is detail level – so WP don’t help(IMHO)

No question banks– I think no good ones exist. I used the AWS practice exam – nothing great but I would still say it is worth the $40.

Here is how I would rank stuff:

I&AM: Be totally clear about all aspects of I&AM –Syntax, Policies- user based, resources based, Roles, external accts, etc etc. S3 bucket ACLs, policies and restrictions that can be setup. Total clarity in I&AM – without this it would be impossible to pass exam.

Logs: All types of logs- Cloud Watch, Cloud Trail, VPC flow logs, etc- know the differences clearly. Cloud Watch(CW) is of course the biggest- be clear on CW events, metrics, log agent setup. And of course setup- enabling, permissions, trouble shooting. Log viewing/analysis – Athena, EMR, Lambda, etc

KMS: (I am ranking this 3rd) Types of keys, how do use them, Key policies; key rotation for each type of key. How specific services use keys, and once again permissions for using keys.

Inspector/Guard Duty/Advisor/Config: Know the differences- there is good amount of overlap between all these- and it can be somewhat confusing. An of course how do you enable them, and use them with CW events etc.

CloudWatch– OAI etc.

SSO/Federation/Cognito – how do you exactly setup, and permissions (roles)

Networking: SG, NACL, VPCE – few Qs on these – easy ones.

WAF, DDoS: A couple of questions on this – sort of easy ones

Good luck


It will be very helpful if you can add more information about AWS documentation and videos you used. Any references will be a great help.

2 Answers

Congrats on passing and thanks for the write up!

Congrats!  And thanks for the write up, I’m going for this one next.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?