Passed the Security Specialist Exam (re:invent 2018)

Passed yesterday with a 895/1000.

Shout out to the folks who posted here in the last few months with tips, this was

definitely appreciated and agree with the less popular posts that ACG really has to

own updating content, even if it’s just a addendum video.

This post is to help pay it forward for folks testing in the upcoming few months.

(I’m guessing AWS will likely do a fairly significant version update mid Q1 of 2019)

STUDY TIPS:

I prepared with ACG, as well as bought the Whizlabs. I agree with other posts

that the reinvent 2017 videos on IAM and KMS, Security are excellent and definitely

yes to blog posts. Some answers to the questions can literally be answered by reading these.

One resource I don’t think is mentioned ENOUGH is simply the AWS Developer Guide.

Yes it can be a bit tedious to read through this but if there’s any realy single point

of truth for an answer it lies here. Ensure you read the ‘Security’ section, the FAQ/Troubleshooting

as well as any footnotes that say "IMPORTANT". Whitepapers weren’t really that valuable to me as they

seemed a bit heavy and unnecessarily deep for me.

Topics wise you MUST have strong knowledge of

KMS

IAM / Organizations

S3

Cloudwatch / Cloudtrail / AWS Config

VPC Infrastructure Security / Incident Response

If you don’t understand aspects of the above. Go lab up and read up.

Also needed

Cloudfront / WAF

Athena

SSM

Inspector

Glacier Vault Lock

You’d be smart to also know the functions for Lambda@Edge and basics for Macie.

CloudHSM is almost been retired. I think I talked to 4 other people who took the exam and out of all of us, only

1 person got a question on cloudHSM.

ok..

EXAM TIPS:

• Read the question, then reread the question, read the answers, read the question again.

I can’t stress how important this is. The Whizlabs give you the style of the question although the scenarios are a bit easier in the Whizlabs. AWS produces conditions in their questions that your answer MUST satisfy. If you read it, you’ll generally be able to narrow the valid answers to 2 or 1 possibilities right away. If they say ‘cost effective’ the answer is very likely NOT going to be the one involving spinning up RDS databases or an ASG with instances. fs they say ‘most secure’, then you can eliminate things that aren’t using things like encryption/authentication. You get the picture.

You have lots of time, although I only had about 40 minutes left. Take breaks, rest your eyes, drink water. Don’t gloss over anything. Flag it for follow up and come back if you’re on the fence

Overall I probably overprepared a bit, but I thought in general it was kinda fair. There were a few questions (which I gave feedback on) that I swear were bits of nasty broken English and answers that were just vague and kinda gros, but there were probably only 2 or 3 like this. Some of them were actually very clear and concise.

ACG will be updating their content in the new year, but from certification experience in many fields, don’t rely on a single source (unless you’re gonna read ALL the developer guides) for knowledge. 

Best of luck!