With all due respect to acloud.guru, I’m afraid to say their course is extremely outdated and irrelevant. I request to remove this course entirely and redo it. This course was composed in hurry and test takers will face huge disappointment if they just focus on this course. It’s quite a difficult exam but still doable. I finished first round of 65 questions in 90 mins with 62 of them flagged for review. I was confident on only 3 questions. In the rest of the 90 mins, I reviewed the flagged ones and changed answers for 11 questions. For at least 10 questions which I had no idea about (WAF sandwich, etc), I used my work experience and applied elimination strategy. I think that trick worked.
Enough complaints but here is my observation:
1. KMS, KMS, KMS all the way (at least 15 questions)…when to use, key policies (many questions), S3 with KMS, CloudTrial with KMS, KMS key rotation, deletion detection using automation and other aws services and when to use cloudHSM instead of KMS
2. When to use AWS Conifg vs Inspector vs GaurdDuty vs Trust Advisor? Don’t underestimate these questions as they were very long with at least 3 to 4 lines of each answer. Some answers involve combination of more than one service to solve a scenario
3. CloudTrial and Cloudwatch logs on S3 with encryption. Focus on the troubleshooting, permission issues, questions like monitoring configured but not receive alerts,
4. Few questions on VPC peering with VPN + On Premise
5. Usage of Athena, Quicksight and ElasticSearch for querying the logs, real time analytics, and operational dashboards
6. Heavy focus on S3 – SSE-C, SSE-KMS, default encryption, bucket policies, object ACL
7. AWS Organization, Service Control Policies (SCP), Permission boundaries, outcome of merge of SCP + Permission Boundaries + IAM Policy + Inline Policy + Bucket Policy
Recommendation:
1. Linux Academy course for sure (sorry acloud.guru on this one. I love your other courses but not this)
2. Whizlabs practice exam (not of great help but at least you will be tuned to exam mode)
3. Do check out the posts from the following. Even though my exam experience is different, I strongly believe their recommendations and notes are very helpful. Please note jmjohnson’s notes are from Linux Academy and they are very helpful.
https://acloud.guru/forums/aws-certified-security-specialty/discussion/-LTi0wTOGz0h5WfTw4uq/Passed%20the%20exam%20yesterady
https://acloud.guru/forums/aws-certified-security-specialty/discussion/-LSWYfyrZ_K86W7sTq-5/Passed%20the%20Security%20Specialist%20Exam%20(re:invent%202018)
I just finished taking the exam and I agree with you 100%. The Security Course is outdated. Halfway through the test I knew course material did not help me prepare. I was disppointed because up until this point ACG has bee on point in being a training and preparation source.