Passed Security Specialty Today

I passed the AWS Security Specialty Exam today, but was not certain I would once it was complete. Had to kind of hold my breath.

I used ACG, LA, Zeal Vora from KPLabs, and of course read highly detailed AWS documentation to prepare. All fine sources when taken altogether I wouldn’t have passed without.

AWS documents to read without fail:

*FAQs for all security products

*Best practices and whitepapers for DDoS, KMS

*Security Whitepaper and checklist

*S3, S3, bucket policies (when to use and when not to) and more S3. Same with KMS

*Nail all practicals from your training provider(s) and find AWS walkthroughs where you can

*Be very clear on resource vs. IAM policies.

**How to defer key policies over to IAM

• Questions about API calls

Lots of low hanging fruit to be gathering with process of elimination

The obligatory questions regarding:

*Cloud HSM

*Deleted CMK

*Remediating attacks – this time within an AutoScaling group behind a load-balancer

*Third party options for intrusion detection/packet analysis

*Architecting security remediations via AWS Config vs. CloudWatch

*Which events are logged near real-time vs. best effort – context of best possible solution

Curve balls:

*Amazon Kinesis in the context of real-time log analytics and encryption – all in one solution

*API calls and encryption/decryption in an app dev context. Quite a bit of app dev context, actually

*Changing incoming request headers (hint: not Lambda@Edge)

That’s about all I’ve got off the top of my head. Thanks Faye and Ryan!