I passed the security exam today. Would like to share a little information here.
1. Watch the AWS Certification Preparation Guide and use the information to create (tailor) your study plan. In my opinion, you will achieve 100%, not just pass the exam, if you can follow the guidelines. I, myself, might only follow 50% of them.
2. Watch the AWS Certified Security – Specialty at least twice until a) you don’t pick up any new information when re-watching, and b) you can tell what’s the key information to take away by looking at each lesson title.
3. I read FAQs of a few key services, e.g. KMS, IAM. They help me to complete my mental models.
4. Dive deeper if you are not confident about a topic (again, it’s for building mental models)
5. The exam question will more difficult than the practice one at A Cloud Guru. Please be advised. Questions like "… you need FIPS 140-2 Level3…? A. CloudHSM, B.balabala" does not exist at the specialty level. Most questions will touch 2 to 3 knowledge at the same time.
6. To deal with the situation in #5, use knowledge to remove those incorrect answers would be much easier than finding the right one. Especially when there is more than one way to achieve the goal in the question. That means your expected approach might not be there. And another scenario, an answer like configure WAF to protect resources from DDoS attack, it is incorrect at the first glance. However, other options could be worse. At least, the WAF does help with mitigating DDoS.
7. Read through this article might help you to secure 1 or 2 points (questions) https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html, e.g. completely understand the section aws:MultiFactorAuthPresent
8. Understand AWS Config in a bit of detail is important. Spend a few minutes to look into those managed rules, explore each configuration steps/settings.
9. I feel like there is a gray area when trying to (individual or combine) use AWS Config, CloudTrail, CloudWatch, CloudWatch Events, CloudWatch Matics Filter, Lambda, and SNS to achieve a goal. In AWS, there are multiple approaches to achieve a goal. Understanding all possible approaches would help.
That’s it. Good luck!
By the way, please also take a look at the following topics which I found useful at my exam
1. IAM JSON policy elements: NotAction;
2. How to use Control Tower at a high level;
3. Configurating EC2 instance metadata options;
4. Service Catalog (launch/notification) constraints;
5. S3 bucket policy for CloudTrail log with a prefix.
I scored 914, which is more than I expected as a few questions come back to my mind today and I find out that I chose the wrong answers. I flagged almost 20 questions.
Talking about flagging questions and review, I would say don’t put too much hope on it. During the review, I changed my answer to a flagged question at the last 60 seconds, then changed back at the last 5 seconds. Turns out that both answers are wrong. What I don’t know is what I don’t know. It’d better review it from a different angle, e.g. why the other answers are wrong, before moving to the next one as long as you have enough time to finish the exam.
Congrats on the pass!
I managed to pass today too but in my opinion it’d be hard to pass on just this course here, whitepapers and FAQs alone – unless you get lucky with question rotation.
Some of the gaps are definitely something that can be determined with a bit of common sense and technical experience. Some questions are pretty obvious too, if something says automate remediation, you can eliminate probably half the answers in front of you.
Some things you either do or don’t know though, particularly on paid services which are out of reach of the average learner.
It’s hard to give particular changes for ACG to add to as it does have coverage of the key parts, just depth isn’t quite there. I hope the course does get an update/few more updates as I liked the format and delivery. I think it only needs a bit of work to get where it needs to be.