I passed the AWS Security Specialty Exam today, but was not certain I would once it was complete. Had to kind of hold my breath.
I used ACG, LA, Zeal Vora from KPLabs, and of course read highly detailed AWS documentation to prepare. All fine sources when taken altogether I wouldn’t have passed without.
AWS documents to read without fail:
*FAQs for all security products
*Best practices and whitepapers for DDoS, KMS
*Security Whitepaper and checklist
*S3, S3, bucket policies (when to use and when not to) and more S3. Same with KMS
*Nail all practicals from your training provider(s) and find AWS walkthroughs where you can
*Be very clear on resource vs. IAM policies.
**How to defer key policies over to IAM
- Questions about API calls
Lots of low hanging fruit to be gathering with process of elimination
The obligatory questions regarding:
*Remediating attacks – this time within an AutoScaling group behind a load-balancer
*Third party options for intrusion detection/packet analysis
*Architecting security remediations via AWS Config vs. CloudWatch
*Which events are logged near real-time vs. best effort – context of best possible solution
*Amazon Kinesis in the context of real-time log analytics and encryption – all in one solution
*API calls and encryption/decryption in an app dev context. Quite a bit of app dev context, actually
*Changing incoming request headers (hint: not Lambda@Edge)
That’s about all I’ve got off the top of my head. Thanks Faye and Ryan!
Congrats on passing and thanks for the feedback!