I sat and passed the security specialty exam on Friday.
To give a bit of context, I have done all the associate level certifications scoring 94(Developer), 77(SA) and 918(SysOps). I work with AWS every day across many different stacks. Even with previous certifications and hands on usage with AWS, this exam was hard, very hard. It is nothing like the previous associate level ones.
To prepare I primarily used this course and parts of the Linux academy course. I did find the LA course could be quite dry at times and the ACG course felt like it had a lot more energy in it, my personal observation. That being said, I did find the LA course did go into far more detail, which I believe is necessary when it comes to topics like KMS and permissions surrounding KMS. KMS was a huge part of the exam, understanding rotation, access, best practices etc was asked in a lot of the questions. Do not sit this exam without knowing KMS inside out.
One thing I definitely noticed, is every single one of the topics that have recently been added in this course were all present on the exam. You will easily pick up at least 10 marks if you understand what they are and why you would use them. Section 9 in particular as well as amazon dns, glacier vault and a few more.
I also used Whizlabs to prepare for this exam as I have for the previous 3 associate certs. I scored 83, 89 and 80 for practice tests 1, 2 and 3. I also did the PSI prac exam twice scoring 75% and 90%. Let me make it clear, the real exam is nothing like either of these. They are good practice but the actual exam is a lot more complex. With the associate certifications you can go through whizlabs and memorise the questions and answers and have a very good chance of scoring well. This is definitely not the case with this exam, not one question from whizlabs or the prac exam was on the real exam.
Knowing both what a service is and WHY you would use it is key to this exam. I would guess around 80% of the questions are scenario/troubleshooting based, where you are presented a problem and you need to choose the service or services to BEST answer the question. There are no questions on the exam asking what a service is, e.g What is Cloudtrail and why would you use it. Rather something along the lines of ‘You are being audited and need to show proof of all access logs and api calls". Similarly you aren’t going to get asked what KMSViaService or Kms Grants do/are. You will be given a question with them as the possible answers and evaluate if they best solve the problem according to the question guidelines.
I did the test twice and it took me just over an hour and 40 minutes. As Ryan always says it’s not about who finishes the exam the fastest. Take your time, read the questions thoroughly and always use the process of elimination. I also think it would be a good idea to do the SysOps Associate cert before this one, as there is quite a large overlap when it comes to services like config, inspector and trusted advisor.
I also watched these reinvent videos. It was surprising how interesting they were and how much they helped.
https://www.youtube.com/watch?v=X1eZjXQ55ec&t=1s (Kms best practices)
https://www.youtube.com/watch?v=gTZgxsCTfbk (deep dive into aws encryption)
https://www.youtube.com/watch?v=YQsK4MtsELU (Iam policy master, best one of the three)
Each of the previous 3 exams, I felt confident at the end when finishing the test. This one I was a little nervous, I believed I had answered most questions to the best of my ability, the issue being most questions have several answers that are correct/the right thing to do and you can only choose one.
Study Resource Usage:
A. Acloud guru: 60% Big thank you Ryan and Faye!
B. Linux Academy: 30%
C. Reinvent Videos 5%
D. Whizlabs 5%
Thanks so much for the feedback! And big congrats on passing the exam!
The lack of sample tests that are aligned with the exam content is a little disconcerting, but it sounds like a little extra diligence with the material can get the job done.