Hello Cloud Gurus!
I recently passed the Security Specialty Exam with a 920/1000. Here’s what I remember from the exam, and what I would recommend studying. I will be making some comparisons to the Solutions Architect exam, as that is the only other exam I’ve taken.
Most, if not all of the questions are scenario based, and the exam itself is very holistic. To pass this exam, you need to know how services interact with one another. Because of this, you REALLY need to pay attention to the video lectures. Furthermore, I would recommend doing the labs enough times that you can do them without the lectures.
DO NOT SKIP SECURITY 101. Or any of the lectures, to be honest. There are quite a few questions where there seem to be multiple right answers, but whereas in the Solutions architect you have to remember cost, in this exam you have to remember the basics of security.
Generally speaking, you are going to have at least one answer that is completely wrong, and another answer that makes no sense. Once you knock out the answers which are clearly wrong, apply security basics and really grok what you’re trying to accomplish.
READ THE FAQs. For most services, grokking their FAQs will get you to a place where you should be able to piece together the answers.
Learn to love IAM policies. Then realize that an "IAM Policy" is a generalization that a lot of folks (myself included) throw around, and that there are actually four types of json-based policy documents. You will need to know the distinction between all four (Resource Policies, STS Policies, IAM Policies, and Service Control Policies), and how they interact with each other. Watch this video like you would any of Ryan’s lectures: IAM Policy Ninja (SID314). Actually, watch it twice. Possibly three times.
I’ve seen a lot of people talking about AD integration on the forums. While AD was mentioned in my exam, my impression was that the point was more about federation in general. Watch this video, which I felt covered both reasonably well: Soup to Nuts: Identity Federation for AWS (SID344)
KMS. Like Ryan says, it’s the key (hahaha) to passing this exam. Because of this, you need to go deeper. Read the FAQ. Read the Whitepaper. Read the Crypto Details. Getting through all three of these should guarantee that you understand KMS on a level sufficient to tackle any of the questions that get thrown at you. I know the Crypto Details WP is dry, and has some scary math-looking stuff in there, but if you take it slow, and read it a few times, you’ll get it. It really helps in the exam.
I got a few Athena-based questions, as opposed to questions where Athena was merely an answer. Because of this, you should know what Athena is. Fortunately, it’s a pretty straightforward service. I would read the FAQ, but don’t take extra time to deep dive on it once you feel like you grok it.
I got a single question on Glacier Vault Lock, and a single question on container security. They’re both freebie questions if you do some research. Architecting Container Infrastructure for Security and Compliance (CON406) is a pretty good watch, regardless of if you get the question on your exam
Watch AWS Security State of the Union (SID326), The AWS Philosophy of Security (SID322) and Security Anti-Patterns: Mistakes to Avoid (FSV301). These will help you level up in a general "How To Do Security" kind of way.
Personally, practice exams really help me. I found both the AWS Practice Exam, and the Whizlabs exams to be useful in pointing out holes in my knowledge. YMMV with the Whizlabs one, as their quality is sometimes not the best, but it still helped me.
That should wrap it up from me! Thanks again to Ryan and the ACG team for creating a really super course!