Certified Security - Specialty

Sign Up Free or Log In to participate!

Security Specialty Beta Exam – last day exam feedback

Took the AWS Security Specialty Beta exam today and felt like I did well. My preparation started with the Cloud Guru: Security Specialty course, relevant lectures from the CSAA and Sysops courses and the S3 masterclass. Additionally, I watched several of the ReInvent 2017 security presentations. These were really valuable. I also stayed up-to-date on the postings here on the discussion board and used some of the advice from other members to research specific topics on AWS whitepapers and documentation. Consequentially, I did not study CloudHSM (besides watching Ryan’s videos) for this exam and decided to spend the extra time on KMS. Definitely paid off since there were no questions on CloudHSM and a few on KMS.

The topics I had on my exam that I felt were missing:

  • "NotAction" for IAM Policies

  • Policies related to VPC peering

  • Container security

  • KMS Grants

Furthermore, the lecture on "EC2 has been hacked" mentions that when your EC2 has been compromised you should stop the instance. This recommendation seems to contradict standard DFIR procedure and what is suggested in the "AWS re:Invent 2017: Incident Response in the Cloud (SID319)." I believe the correct approach would be to isolate the instance (SG, VPC, NACLs), take a snapshot, access it with a forensics workstation through the isolated VPC and perform a memory dump.

My tip is to read other member’s exam posts and be sure to study the topics they have mentioned.

Thank you to the entire Cloud Guru community and best of luck to anyone else still taking this exam today or when it is released in the future.

2 Answers

I too took the security speciality beta exam on the last day of its availability. It seemed pretty solid in terms of testing how to apply AWS’ security services to real problems encountered by a security engineer. From what I can remember, there were scenarios questions around

  • several using cloud watch logs agent, AWS SSM, the Run Command

  • procedure for fixing an access policy error for Vault

  • 3 on Classic Load Balancer and securing legacy systems and applications

  • about 5 questions involving evaluating one or more policy documents

  • 3 questions on securing Dynamodb data

  • 1 on cognito/mobile identity

  • one on pen testing and getting approval from aws. Based on the answer choices, it appears approval request is not needed if using a pre-approved tool from aws marketplace.

My preparation included watching Ryan’s videos, reading developer guides, faqs, and white papers.

Cannot wait to know the result – wondering if the 90 days for aws to announce results is counted from the starting day of beta.

Keeping being awesome Cloud Gurus!

Same here. I took the exam on the last day of Beta availability.  I echo the observations made in this thread above, since i seem to have got almost similar topics and types of questions (calling out the odd ones – cognito, Dynamodb, pen testing, container security, ADFS/SAML, Athena – which i didn’t specifically cover in preparation).  

One additional observation which nobody seems to have made in this forum is that,  lot of questions required to pick more than one answer.  So, i had to make sure to pay attention to pick multiple answers as required.  This was not the case with the associate or Professional AWS exam where standard was choosing only one option as answer.    

Overall, exam quality and coverage of security topics was excellent.  It doesn’t demand memorization, but overall understanding of security services and how they interplay together. It was educative and i enjoyed taking it.   Thanks all in the forum for sharing their thoughts and feedback.

For those taking the exam, definitely read all the security related white papers and do a lot of hands on with KMS keys, S3 keys, account security related practice to get a firm understanding of the subject.


I second what Raj Man said "Overall, exam quality and coverage of security topics was excellent. It doesn’t demand memorization, but overall understanding of security services and how they interplay together. It was educative and i enjoyed taking it." This is how an exam should be not just memorizing but overall understanding of security services and how they interplay together.

Felipe Cavalcanti

Exactly. From my experience, the Azure certifications are quite the opposite asking us to memorize powershell parameters and hardware specifications for each tier. These are things anyone can figure out in 1 minute by searching the web. What we need are people with the ability to assess a scenario and determine what is the best technical solution to address it.


Totally 100% agree with you Felipe, at work I see many IT folks that passed certifications like Microsoft, AWS, etc and they passed because they memorized , I would say close to 80% of the folks (short term memory, 6 months later they don’t remember the majority of the stuff) but when there is a real life issue to resolve they cannot connect the "dots" and come up with a plan based on what they memorized. With this new approach I hope Amzn will continue doing that with their exams, where if you don’t understand how things works and fit together you will not be able to answer. Like Mattias (aCloudGuru instructor) said on his course try to "Understand how things work and not just memorize."…


I sat mine I’d say the course pretty much covers. Some things I saw not mentioned on the course searching logs using athena, cognito, system manager and service catalogue. That I personally thought were part of the right answers to a couple of questions so be hard if you did not know what these were.


Quick question, when they say we have to wait 90 days do they say that to everyone even those who sat it at the start of the beta period… I’m hopin as I sat mine one day before on the 1st of March I won’t have such a wait… thoughts?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?