930/1000 which is better than I thought I had done on the day!
ACG course and practice exams gave a really solid preparation for it – in addition I used the new Tutorials Dojo Security Specialty practice exams (thoroughly recommended). Do the practice exam and study the practice questions as a few of the real exam questions were very similar. I came into this having done all three Associate exams this year so I had a pretty strong base knowledge already.
Some exam feedback:
Lots of KMS and encryption related questions – I would say 15-20 – make you sure know this backwards, especially key rotations and when to use which key based on the requirements. Also make sure you understand the KMS actions/permissions.
About 10-15 very easy ones on Macie, GuardDuty, CloudHSM, Organisations and SCPs, CloudTrail, AWS Shield and AWS WAF and CloudWatch EC2 metrics. I would say another 25 or so questions there were two pretty obviously wrong answers which really helped to narrow it down.
– Make sure you can read and interpret key, bucket and IAM policies and the method for determining effective permissions when they combine (as well as with Service Control Policies).
– understand security groups and NACLs and how they work and combine
– DDoS mitigations came up a few times
– 3-4 questions on certificates and ACM and enabling SSL
– 5 or so questions on AD Federation and Cognito
The few services/topics I remember that surprised me as I didn’t really know enough about to be confident whether they were right answers or not were AWS Certificate Manager Private Certificate Authority, Resource Access Manager & PrivateLink
Do you have any security experience to pass the exam? I passed Solution Architect Professional 5 months ago and it was really touch. Hope to pass one specialty certificate.
Specialty exams can be harder than Professional as the scope of topics covered are much lesser, and hence much more in depth. Usually need lots of hands-on and cannot rely on pure memorisation