Thank you Madoc! Excellent article and appreciate all the advice!
Great write up! I just passed the exam yesterday as well. I also found that AWS reinvent videos are extremely helpful. Here are a few that I found useful.
I recommend watching the VPC section and Logging section from Ryan’s course multiple times along with go through your console and click around. See what can/cannot be changed
Thx for the insider scoops Madoc. I enjoyed your article – informative with a dash of humor. Awesome!
Thank you so much! This is such a great resource!
Thank you very much Madoc!!!. Your post definitely helped me pass the Security Specialty Exam today.
Here are a few more comments and pointers for those preparing to take the exam.
1. Its a challenging test.
The questions are all long format and more than 90% required multi part answers (2 or 3 choices)
Read the questions carefully. In some cases there are more than 2 valid answers so look for key words in the question.
Flag questions and come back to them. I ended up with 26 questions I had to really work through before i could answer.
Do all the things Madoc suggests then some. The questions were all about securing architectures in different scenario’s
2. You really need to know how the services work. No Really!!
This isn’t the kind of exam you can just wing your way through. To help ill try to list what i recall as the ratio of questions
Based on my test I suggest focusing the following;
KMS – (10 questions)
Key Rotation – How to and the affect on dependent services
Deleting CMK – Under what conditions and what are the implications to encrypted data / Application
Importing Key Material – How to and the advantages/disadvantages
Management and Usage Policies – How to securely provide access to keys
Integration – How to use KMS with S3, DynamoDB, APIs [encrypt , decrypt]
IAM – (5 questions)
Creating policies – knowing the resultant policy outcome and restricting service access to a subset of users
Condition Statements – How to applying conditions like MFA or Encryption to a plocy
Cross account access – Know how to set this up and troubleshoot access issues
VPC – (5 questions)
Security Groups – Know how and when to apply them
Network Access Lists – Know how and when to apply them
VPC Peering – Know how to troubleshoot multi VPC configurations
DNS – Know how to overwrite or update DNS setting for EC2 Instances
CLOUDWATCH – (10 questions)
Logs – Know what is possible and how to troubleshooting Logs agent issues
Events – Know what is possible and how to troubleshooting Event triggers and issues
Metrics – Know what is possible and how to troubleshooting filters
Integration – Know how to integrate it with other services (Lambda, SNS)
CLOUDTRAIL (10 questions)
API – Know when to use Cloudtrail and what permissions it needs
Integration – Know how to integrate it with other services (Cloudwatch, Lambda, SNS)
AWSCONFIG – (10 questions)
Change Management – Know how to apply it to enforce and monitor changes to environments
Integration – Know how to integrate it with other services (Cloudwatch, S3, IAM)
OTHER – (15 questions)
Athena – At least 2 questions where Athena was either part of the question or part of the possible solutions
ALB/ELB – At least 3 questions on architecture using load balancing, using certificates or working with proprietary ports
CloudHSM – I think 1 question on when to use CloudHSM over KMS
Data Protection – 3 or so questions of questions on best practise architecture for long term retention or restricted access
S3 – 5 or more questions on how to secure
Although everyone’s experience will vary from test to test, this was a tough test for me. A huge thanks to all the ACLOUD guys for the videos as they do a fantastic job as a primer, but id caution anyone who wants to take the test to spend time building multi tier complex architectures where your using all of the above points.
Good luck all
Thanks Madoc for the Excellent article. This will definitely help those who are preparing for this exam. Thanks to Rick-os & turbo2547 as well, for the additional links.
Thanks Madoc,Is there any book you advice for reading to pass the exam
I have just completed the aws security specialty exam and i would like to add some notes while it is fresh in my head
1. 10-15 questions on Cloud-HSM which i was not expecting after reading various threads
2. 5-8 Questions on Athena/Kinesis and how they integrate with Logs
3. Only 1 question on the Allow/Deny Policy
4. 3-5 questions on ALB/ELB/Cloudfront SSL Certificates
5. 4-6 questions on choosing between cloudwatch/cloudtrail/config/maice/inspector
Find out in 5 days if i have passed or not
Hope someone finds this usefull