Certified Security - Specialty

Sign Up Free or Log In to participate!

Passed the AWS Security Specialty Exam

Hello Cloud Gurus!

I recently passed the Security Specialty Exam with a 920/1000. Here’s what I remember from the exam, and what I would recommend studying. I will be making some comparisons to the Solutions Architect exam, as that is the only other exam I’ve taken.

  • Most, if not all of the questions are scenario based, and the exam itself is very holistic. To pass this exam, you need to know how services interact with one another. Because of this, you REALLY need to pay attention to the video lectures. Furthermore, I would recommend doing the labs enough times that you can do them without the lectures.

  • DO NOT SKIP SECURITY 101. Or any of the lectures, to be honest. There are quite a few questions where there seem to be multiple right answers, but whereas in the Solutions architect you have to remember cost, in this exam you have to remember the basics of security.

  • Generally speaking, you are going to have at least one answer that is completely wrong, and another answer that makes no sense. Once you knock out the answers which are clearly wrong, apply security basics and really grok what you’re trying to accomplish.

  • READ THE FAQs. For most services, grokking their FAQs will get you to a place where you should be able to piece together the answers.

  • Learn to love IAM policies. Then realize that an "IAM Policy" is a generalization that a lot of folks (myself included) throw around, and that there are actually four types of json-based policy documents. You will need to know the distinction between all four (Resource Policies, STS Policies, IAM Policies, and Service Control Policies), and how they interact with each other. Watch this video like you would any of Ryan’s lectures: IAM Policy Ninja (SID314). Actually, watch it twice. Possibly three times.

  • I’ve seen a lot of people talking about AD integration on the forums. While AD was mentioned in my exam, my impression was that the point was more about federation in general. Watch this video, which I felt covered both reasonably well: Soup to Nuts: Identity Federation for AWS (SID344)

  • KMS. Like Ryan says, it’s the key (hahaha) to passing this exam. Because of this, you need to go deeper. Read the FAQ. Read the Whitepaper. Read the Crypto Details. Getting through all three of these should guarantee that you understand KMS on a level sufficient to tackle any of the questions that get thrown at you. I know the Crypto Details WP is dry, and has some scary math-looking stuff in there, but if you take it slow, and read it a few times, you’ll get it. It really helps in the exam.

  • I got a few Athena-based questions, as opposed to questions where Athena was merely an answer. Because of this, you should know what Athena is. Fortunately, it’s a pretty straightforward service. I would read the FAQ, but don’t take extra time to deep dive on it once you feel like you grok it.

  • I got a single question on Glacier Vault Lock, and a single question on container security. They’re both freebie questions if you do some research. Architecting Container Infrastructure for Security and Compliance (CON406) is a pretty good watch, regardless of if you get the question on your exam

  • Watch AWS Security State of the Union (SID326), The AWS Philosophy of Security (SID322) and Security Anti-Patterns: Mistakes to Avoid (FSV301). These will help you level up in a general "How To Do Security" kind of way.

  • Personally, practice exams really help me. I found both the AWS Practice Exam, and the Whizlabs exams to be useful in pointing out holes in my knowledge. YMMV with the Whizlabs one, as their quality is sometimes not the best, but it still helped me.

That should wrap it up from me! Thanks again to Ryan and the ACG team for creating a really super course!

Satish Mulay

Justin, this is some pretty good advice. Thanks!


@Justin Thanks for the advice! I need to do practice tests, so apart from the Whizlabs, did you find any good practice test material. Also, how similar are the Whizlab questions compared to the actual test in terms of difficulty and type of questions? If you dont mind, can you share how much you were getting in the Whizlabs tests and how much you actually got in the actual test? Once again, Thanks for the feedback, Im planning to write it in the upcoming weeks 😀

Justin Christian

Hevayo, sorry was off the grid for a few weeks. I was getting 85-95% on Whizlabs. They’re not a great analog to what you’re gonna see on the exam, but they do help you with making sure you understand the services. I didn’t find much good stuff outside of thise and the AWS practice exam. Good luck, if you haven’t already taken the exam!

Kevin B

@Justin, Thankyou for your previous notes an observations. You make very important points. I passed my exam to day, but it was probably a close call, despite getting 90% in AWS practice exam and the whizlabs. they only cover 50-60% of the types of questions and topics I got in the main exam…

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?