Passed the exam today!! feb-23-2019

Many thanks to AcloudGuru and the people that posts to this forum, that make it possible for Acloudguru update it’s course. I finished my trainning when AcloudGuru updated it’s course with content about Athena, Macie, etc. So, I think that in my exam today, I had some uncovered topics. Another big help was the WhizLabs questions too.

My exam was very, very, very hard, it’s scope was so beyond AcloudGuru and WhizLabs.

One key point about the trainning, please, pay atention to that AcloudGuru says in the course, because this is much more important than the slides, these tips helped a lot.

No questions about CloudHSM nor Shared Responsability Model.

Please, don’t try to pass the AWS Security Specialty Exam by learning about how to answer the questions, instead, be a high skilled professional, in this way you have more chances to be approved!

I have deep experience with AWS, Microsoft, mainly with Active Directory, Linux Servers and FreeBSD. I also have advanced network and security skills.

These above lines with AcloudGuru course, it’s forum, WhizLabs and many, many labs resume my success in the exam today. 

I will update my post in the future with more details.

Here are some details about the questions that I remember:

Application servers use an S3 rule associated with EC2 instance to access S3 buckets

You suspect that a server x in account 1 is leaking confidential information through

of an account 2, in which hackers have control over the account and its buckets

The x server needs access to S3 buckets and connects to the internet through a proxy

Users use replicated resources in other regions where they need to use the same KMS key

to encrypt and decrypt these resources

Prevention of DDos attacks in layer 7 the easiest way for multiple instances EC2, IPs in each

or NACL

You have static files on a web server made available in a single AZ

How to prevent DDOS attacks on this server?

Using an Application Load Balancer behind CloudFront?

Terminate the WEB server and use CloudFront with S3?

You use OUs in your AWS account, the root user is only used for billing in the main OU

How to prevent your administrative access to daughter OUs?

You use OUs in your AWS account where there is a group that needs access to billing attached to OU

Financial, how to grant this access in the main OU?

You want to use your AD to grant permissions to AWS resources, so you created another AD in AWS, but this one

new AD can not access your AD On premises, only On-Premises can access the AWS AD

Lambda permissions to access the encrypted Parameter Store to access an RDS

Prevent attacks by decreasing surface attacks

subnet, or firewall rules that act at the Hypervisor level?

Lambda function activated via CloudWatch event, which uses Athena to filter CloudTrail logs on S3

User Permissions – User 1 and Lambda

Users of another AWS account accessing data in their AWS account on S3 with KMS certificate turnover

An application gets an error message when trying to use a KMS key, what’s the problem?

An EC2 instance does not initialize with an encrypted volume, in which the encryption key has been deleted

Rotativity of S3 /?

Lambda function to automatically activate VPC Flow Logs or CloudWatch Event?

Encryption between proprietary application On-premises and Instances EC2, ALB, ELB?

Disable Vault Lock, correct it, and re enable?

Custom SSL certificate, CloudFront, ALB in another region, how many certificates?