8 Answers
Thank you Madoc! Excellent article and appreciate all the advice!
Great write up! I just passed the exam yesterday as well. I also found that AWS reinvent videos are extremely helpful. Here are a few that I found useful.
I recommend watching the VPC section and Logging section from Ryan’s course multiple times along with go through your console and click around. See what can/cannot be changed
Thank you for the youtube links and tips and congratulations on passing this important milestone! What do you plan to do next?
Thx for the insider scoops Madoc. I enjoyed your article – informative with a dash of humor. Awesome!
Thank you so much! This is such a great resource!
Thank you very much Madoc!!!. Your post definitely helped me pass the Security Specialty Exam today.
Here are a few more comments and pointers for those preparing to take the exam.
1. Its a challenging test.
The questions are all long format and more than 90% required multi part answers (2 or 3 choices)
Read the questions carefully. In some cases there are more than 2 valid answers so look for key words in the question.
Flag questions and come back to them. I ended up with 26 questions I had to really work through before i could answer.
Do all the things Madoc suggests then some. The questions were all about securing architectures in different scenario’s
2. You really need to know how the services work. No Really!!
This isn’t the kind of exam you can just wing your way through. To help ill try to list what i recall as the ratio of questions
Based on my test I suggest focusing the following;
KMS – (10 questions)
Key Rotation – How to and the affect on dependent services
Deleting CMK – Under what conditions and what are the implications to encrypted data / Application
Importing Key Material – How to and the advantages/disadvantages
Management and Usage Policies – How to securely provide access to keys
Integration – How to use KMS with S3, DynamoDB, APIs [encrypt , decrypt]
IAM – (5 questions)
Creating policies – knowing the resultant policy outcome and restricting service access to a subset of users
Condition Statements – How to applying conditions like MFA or Encryption to a plocy
Cross account access – Know how to set this up and troubleshoot access issues
VPC – (5 questions)
Security Groups – Know how and when to apply them
Network Access Lists – Know how and when to apply them
VPC Peering – Know how to troubleshoot multi VPC configurations
DNS – Know how to overwrite or update DNS setting for EC2 Instances
CLOUDWATCH – (10 questions)
Logs – Know what is possible and how to troubleshooting Logs agent issues
Events – Know what is possible and how to troubleshooting Event triggers and issues
Metrics – Know what is possible and how to troubleshooting filters
Integration – Know how to integrate it with other services (Lambda, SNS)
CLOUDTRAIL (10 questions)
API – Know when to use Cloudtrail and what permissions it needs
Integration – Know how to integrate it with other services (Cloudwatch, Lambda, SNS)
AWSCONFIG – (10 questions)
Change Management – Know how to apply it to enforce and monitor changes to environments
Integration – Know how to integrate it with other services (Cloudwatch, S3, IAM)
OTHER – (15 questions)
Athena – At least 2 questions where Athena was either part of the question or part of the possible solutions
ALB/ELB – At least 3 questions on architecture using load balancing, using certificates or working with proprietary ports
CloudHSM – I think 1 question on when to use CloudHSM over KMS
Data Protection – 3 or so questions of questions on best practise architecture for long term retention or restricted access
S3 – 5 or more questions on how to secure
Although everyone’s experience will vary from test to test, this was a tough test for me. A huge thanks to all the ACLOUD guys for the videos as they do a fantastic job as a primer, but id caution anyone who wants to take the test to spend time building multi tier complex architectures where your using all of the above points.
Good luck all
Hi All – i’ll Say sorry to myself, I didn’t see this post earlier. It would have definitely helped me to pass the exam. Unfortunately today I have failed the test. Most of the questions are as mentioned above. Couple of questions related to EMS security port, Container security while migrating from ec2. Most of the questions related to troubleshooting, AWS Config had approx 2-3 questions. None of the questions were straight forward, 95% were scenario based.
Thanks Madoc for the Excellent article. This will definitely help those who are preparing for this exam. Thanks to Rick-os & turbo2547 as well, for the additional links.
Thanks Madoc,Is there any book you advice for reading to pass the exam
Hi All,
I have just completed the aws security specialty exam and i would like to add some notes while it is fresh in my head
1. 10-15 questions on Cloud-HSM which i was not expecting after reading various threads
2. 5-8 Questions on Athena/Kinesis and how they integrate with Logs
3. Only 1 question on the Allow/Deny Policy
4. 3-5 questions on ALB/ELB/Cloudfront SSL Certificates
5. 4-6 questions on choosing between cloudwatch/cloudtrail/config/maice/inspector
Find out in 5 days if i have passed or not
Hope someone finds this usefull
Why did you say five days ? The exam is shown onscreen with pass or fail
Very nice. You list macie. I was curious if that comes up in the exam, i didn’t see it mentioned in the guru course.
Macie did come up in the practice exam.
Yes, Its one of the possible answers in the practice exam but not the correct answer.