HI All,
Just to let you know that I have passed the AWS Security Speciality Exam on the 14th of Jan with an overall score of 819/1000. I would like to say a big THANK YOU to all of the members who have shared their valuable experience in preparing for this exam which was of great help to me , in clearing the exam. Thanks to all of you. Now its my time to contribute to this forum of Cloud Gurus. The actual test is tough but fair , it truly felt like an advanced speciality exam. Hence I suggest take your time and study well.
I have a background of being a Solaris Admin and have completed all 3 AWS Associate exams , hence started to work on the speciality certifications. I studied for around 2 months for this exam , 2 hours a day (a bit more on the weekends) and didn’t take any leave etc specifically for the exam. So I think it took me this long.
Source of Study :
1 . The Linux Academy course on AWS Security Speciality is probably the best one I would say. I went through the course almost 3 times with all associated practical’s/workshops etc and understood every bit of what this course contains. I can confidently say 70% or more of the exam questions can be answered if you understand the course end to end and remember the concepts. Go through every bit of it including the attachment at the end of the videos, practice exam etc.
There is a person named Jacob who had actually created very good notes of the above course and it can be found in his Github repository , I found it quite useful. The link is as below :
https://github.com/JuiceTheJiraffe/Jacob-Johnson/tree/master/Notes/AWS-Security-Cert-Study-Material
2 . The AWS Security Speciality Course by Zeal Vora , usually available in Udemy is also a very good source . I went through this course once and referred to a few topics twice especially the concepts of SSL offloading on ELBs , cross account role access etc. A very good practical insight with loads of lab sessions which really helps you getting your basic understanding stronger.
3 . The A Cloud Guru Course on AWS Security Speciality , I went through this once and a few bits on them twice. Some concepts such as KMS , IAM are well explained here. But overall few topics are missing here and the course needs to be updated.
4 . The Whizlabs practise tests , a very good measure of how prepared you are and then identify the gaps in your knowledge. Note than none of the questions repeat in the actual test from the Whizlabs tests , but these tests actually help you identify knowledge gaps. Try to score above 80% – 85% in your first attempt in these tests. Then you can find yourself in a good position to attempt the actual exam. The actual exam is tougher than the whizlabs practise tests.
Things which are NOT mentioned in the above and could come up in the exam :
** Active Directory **
This is not covered very well in any of the above and I had almost 4 or more in-depth questions on AWS Active Directory and how it integrates with your on premise AD. Please go through the reinvent video on this before you sit for the exam. Link as below :
https://www.youtube.com/watch?v=AoHo47Hl2t0
AWS Guard Duty , AWS Athena , AWS Macie , AWS Secrets Manager
The exam has evolved itself and questions are more in-depth now on these new services , so I suggest you go through the tutorials etc for them , especially Guard Duty . I had 2 questions where I was asked specific config settings about Guard Duty. Luckily I read that as one of the test takers mentioned it in his blog , hence I went through the reinvent video before I attempted the actual exam. Its no harm watching the reinvent videos or tutorials for them before you sit in the actual exam. I used to watch them in office during lunch hours or during commute or whenever I am free. I don’t think your organization will object to this.
https://www.youtube.com/watch?v=Imjbh0WPSR4
https://www.youtube.com/watch?v=LCjX2rsQ2wA
https://www.youtube.com/watch?v=gGJ4zxeG9PI
https://www.youtube.com/watch?v=Y3Gn_iP3FlE
KMS White paper
Its almost 15 pages , will hardly take 15 mins , but definitely worth it.
https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf
Concept of Vault Lock
Bound to get one question on this , please go through the white paper :
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
Application Load Balancer Security
A few questions on ALB security , SSL Offloading etc. I read this from the Zeal Vora Course , but you can get numerous videos in youtube. Worth reading . Atleast understand the concept , which would be helpful.
Posts by other exam takers in the A cloud guru discussion forums
If you read the posts which are shared in the A Cloud Guru Discussion Forums by other test takers , who have passed or failed the exam , you will get at least 5 questions which come up in the exam and are not mentioned in any courses , examples are : the SNS port Number , the ACM certificate which can be used globally , how to stop DNS in a VPC etc etc. A casual read will be helpful.
Reinvent Videos
This is my personal opinion , the reinvent videos are a very good source of knowledge and really helpful but what I found is that for topics which are already discussed in the Linux Academy course , the video there is more detailed and explanatory than the reinvent videos. I had gone through many of the reinvent videos but somehow I feel for traditional topics like IAM , KMS , VPC , Logging & Monitoring , the Linux Academy instructor Adrian Cantrill provided me a better insight that the reinvent videos. Maybe AWS can take Adrian Cantrill to the next reinvent session as he explains the topics much better and his ppts are also quite informative. But then its my personal opinion , and please go ahead and watch as many reinvent videos as you want. I too watched a few of them especially :
https://www.youtube.com/watch?v=CJexxdv054c
https://www.youtube.com/watch?v=aISWoPf_XNE
https://www.youtube.com/watch?v=aISWoPf_XNE
https://www.youtube.com/watch?v=gTZgxsCTfbk
Its very difficult to say which topics dominated the exam because most of the questions and answers were a mix of services e.g IAM+KMS questions were there , IAM+Cloudwatch questions were there. So the exam is more about how these services interact with each other than how they work in silos. Almost 80% of the exam was around the traditional AWS services like IAM , KMS , Logging and Monitoring , VPCs etc .That’s why I say understanding the concept is important and do as many practical sessions with the AWS free account as possible. The Linux Academy course is spot on in explaining these concepts. It almost covers everything. So try to digest every bit of it , including the white papers , documents it posts at the end of each lesson. Thank You Adrian Cantrill of Linux Academy if you are watching this post , for creating such an informative course.
Ok that’s it I can remember at the top of my head now. The exam is tough but fair , so take your time to prepare before you sit for the exam.
I wish you all the best and hope you clear the exam with high scores.
1 Answers
Thanks very much for your feedback and really well done for passing. It is a tough exam and definitely much more difficult than any of the Associates.
I am working on updating the course right now based on student feedback and have added new lectures covering a lot of what you have already mentioned – including Athena, Macie, Secrets Manager, Guard Duty…
Thanks so much for taking time to comeback to the forum and let us know your thoughts!
Faye
Hi Faye – I passed the exam today too, after going through your updates to the course, which I found very helpful indeed, particularly the troubleshooting section, which came in very useful. The exam certainly takes you through your paces!
Brilliant guidance! Thank you, Shirshendu!
This is awesome! Thank you so much for your feedback!