After sitting on the fence for a number of weeks, I finally decided to take the Security Specialty exam. Even though I was happy to see the "Congratulations…" message at the end, I was mentally prepared to accept failure before I clicked on the "exit" button. I thought it was a really challenging exam and I used the entire 170 minutes on this one.
I went through both the LA and the ACG courses. I personally think that the LA course is more up to date (sorry Ryan) – however, both courses cover the key topics pretty well.
I would say around 60% of the questions were around KMS (heavy focus on S3 – SSE-C, SSE-KMS, default encryption, bucket policies, object ACL), IAM, VPC, and Logging and monitoring (CloudTrail, CloudWatch, Config, Inspector, Trusted Advisor, GuardDuty) with a very very big emphasis on troubleshooting.
It’s really important to understand the difference between CloudTrail, Cloudwatch logs, Cloudwaatch metric filter, Cloudwatch events and how they integrate with SNS and Lambda for automated remediation.
For example, say you have setup a CloudWatch Metric Filter to send a SNS notification, why aren’t you getting notified? How can you recover data if you deleted a CMK (do you have access to the backing key used to create this CMK?)
The rest of the questions were on topics such as Athena (how to analyze logs), Cognito (identity pools), AWS Secrets Manager (and how it integrates with KMS), how to handle cases where your EC2/IAM key pair get leaked, host based IDS, Glacier Vault Lock (remember that you have 24 hours to validate your vault lock), federated authentication (mainly around Active Directory), when to use DirectConnect and/or VPN, Macie for PII data, etc.
Know when to use AWS Conifg vs Inspector vs GaurdDuty vs Trusted Advisor.
I had a couple of questions around AWS Organization and Service Control Policies, know when to create OUs and apply SCP. Understand the outcome of merging SCP + Permission Boundaries + IAM Policy + Inline Policy + Bucket Policy.
Don’t expect to see too many one line questions. Almost all the questions were scenario based where you will have more than one possible answers and some answers involve combination of more than one service.
Basically, if you don’t work with KMS, VPC, IAM, Cloudtrail, and Cloudwatch on a regular basis, you will need to study and practice hard. And more importantly, I suggest you create multiple AWS accounts and invest time building out VPCs, working with IAM, resource and key policies, practicing how to setup organizations and cross account access, etc. Just viewing the lectures and reading FAQs will probably not be enough.
I have compiled a list of online resources that I used to prepare for this cert, hope it helps. Invest lots of time on whitepapers, reInvent videos on Youtube and FAQs.
As for me, I am going to try and take the SA Pro exam in the next few months. Wish me luck 🙂
Big Congrats Rajje! and thanks for your detailed feedback!
just to let you all know that I have begun updating the course last week based on feedback from everyone. So there is now a new Chapter 9 with new lectures covering Macie, Athena, Guard Duty, Secrets Manager, AWS Artifact and more.
I’ve also added a lecture bringing together all of the best White Papers and re:Invent videos to watch before your exam.
Updating the Security course is my top priority over the next 3-4 weeks so new content is being added on a daily basis.
Good luck dude! Good post.