Certified Security - Specialty

Sign Up Free or Log In to participate!

Passed Security Specialty Exam – 5/17

I passed the AWS Security Specialty exam on 17-May with an 848/1000.  I was pleased with the score since I didn’t study a ton – most of my AWS work these days is in the security/governance area.

Of the 3 exams I’ve taken (SA – Associate, Dev-Associate), this was by far the toughest.  I’ll give you my 2 cents on why that is – in addition to being a professional level exam, there is just more content in the Solutions Architect and Developer Associate exams.  Those exams covered somewhere between 15-20 services, so there was a huge pool of questions to choose from.  I found that Security has far fewer services and features, so the questions for Security were more in-depth. 

I had 2-3 questions which I felt were outright tricky and poorly worded – I felt like they didn’t test the material as much as they tested your reading comprehension.  

That being said, here’s my tips:

1) KMS – know it inside and out or you can’t pass.

2) IAM – I had far fewer questions on the IAM module itself, but more how it relates to other services.  A lot on bucket policies, KMS policies and one or 2 on best practices.  But I expected more questions about managed policies and I barely got any (if any).

3) Know what each service provides – I realize this sounds stupid because the exam tests this but hear me out.  You have to know exactly what Config Rules, CloudWatch, Trusted Advisor..etc can do.  You’ll get a bunch of questions and it will ask you which product to use.  For example know that Trusted Advisor can tell you that your Security Groups are open to the world ( and not Config Rules.  Personally speaking, this speaks more to AWS having too many services with overlap than the test taker remembering all that.  I think there should be a single service for checking rules and compliance, not 3 or 4.

4) NACLs/Security Groups and VPC.  Best tip to remember is that Security Groups are stateful, so traffic in is automatically let out and vice versa.  NACLs are stateless, so anything in must be let out.  Look up ephemeral ports as well.

Understand encryption in depth.   Good luck!

2 Answers

Congrats on passing and thanks for your feedback! 

I agree sometimes the questions can be poorly worded and you wonder what are they asking here?!!! But your best bet is always to try and find the best answer form the options provided, or the answer which seems to fit most with the question, even if you are not totally comfortable with how the question is worded. 

Sounds like you did great anyway so well done!


Congratulations! How many questions were there in total? And would you say most questions are long like the professional level exams?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?