I passed the security certification this morning and I’m trying to remember as much as I can…
I felt there were a few areas not covered by the course yet that it would be worth doing some more reading/revision before you attempt the exam:
Active Directory in own data centre configuration with saml to AWS; just yuk.
Athena came up a lot as a possible answer, although I did not pick it in most cases
Understand the different S3 encryption options; https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
Glacier Vault Lock already came up in another post the other day, that was a good tip; https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
High level container security, not sure what the best resource for this is
Knowing where services log data, I made a good guess that CloudFront goes to S3, not CloudWatch Logs for example
End points came up a lot, including what is the SES endpoint (email-smpt.)
How to stop instances using AWS DNS; https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html#vpc-dns-support
CloudWatch log agent: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
But the big one for me was understanding master vs data keys, I didn’t feel as well prepared for these questions and there were a few.
I had a number of questions around
Resolving issues that affect logging, including IAM policies, VPC peering, VPC networking
How to process, search and store logs, typically looking for Kinesis and ElasticSearch
Certificates, cloudfront and load balancers
What resource types can you attach policies vs relying on an iam policy
Cross account roles
Thanks Ryan for a great course.
Congratulations on the new certification 🙂
Thank you for the feedback I have made sure that it get s to Ryan.
I passed my exam today. I had similar topics same as Chatz. Though, I had only one question os SES endpoint. There were 2 or 3 questions on Forensics. There were couple of questions related to kinesis and elasticsearch,
Best preparation would be going through the course and everything mentioned by Chatz. Also, I suggest to do a deeper dive in KMS and how different services uses KMS.
For container security (yes, I had a question on it and really grateful for Chatz input), see the first 30 min of the following video:
https://www.youtube.com/watch?v=Ofu22X7qHnc&t=1736s (AWS re:Invent 2017: Architecting Container Infrastructure for Security and Complianc (CON406))
Well done Ahmed
Also passed my exam 2 weeks ago.
Want also share what I got. I have to say this Certified Security – Specialty exam is quite broad.
Thanks to my general knowledge I passed, the Whizlabs practice exam didn’t help so much.
1.) KMS is key, you really have to know it. (Grant stuff a lot)
2.) I had 3 Active Directory questions (e.g. AD in VPC)
3.) Glacier Vault Lock I had too. I didn’t read this post before, so I was surprised and know I got that answer wrong (initiate-vault-lock)
4.) I had 3 WAF/Cloudwatch questions. e.g. What log files and data drive WAF rules.
5.) Some special IAM questions which covered the credential report
6.) All the normal stuff as above and expected
So watch the videos, but so far I would say it only covers 75%, or did you see Glacier Vault Lock mentioned 😉
Regarding Active Directory, this would have helped: https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/vpc-rec.html This would have helped me too: https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/architecture.html And as always: https://aws.amazon.com/en/directoryservice/faqs/
Has anyone written the AWS Certified Security Specialty using this book or video from Udemy in addition to ACG?
AWS Certified Security – Specialty: Study Guide: Covers exam objectives, review questions and exam preparation quizzes – Zeal Vora
And a few easy questions on systems manager and the run command. too
Thanks, Half way in the course. would definitely read all these post and refer to the reference before my exam
You are awesome – thank you
Congratulations, and thank you Chatz
I was also surprised by Glacier Vault Lock and SSM Patch Manager. Lesson learned: read through the discussions to see what others are experiencing before you take the exam.