Took the AWS Security Specialty Beta exam today and felt like I did well. My preparation started with the Cloud Guru: Security Specialty course, relevant lectures from the CSAA and Sysops courses and the S3 masterclass. Additionally, I watched several of the ReInvent 2017 security presentations. These were really valuable. I also stayed up-to-date on the postings here on the discussion board and used some of the advice from other members to research specific topics on AWS whitepapers and documentation. Consequentially, I did not study CloudHSM (besides watching Ryan’s videos) for this exam and decided to spend the extra time on KMS. Definitely paid off since there were no questions on CloudHSM and a few on KMS.
The topics I had on my exam that I felt were missing:
"NotAction" for IAM Policies
Policies related to VPC peering
Furthermore, the lecture on "EC2 has been hacked" mentions that when your EC2 has been compromised you should stop the instance. This recommendation seems to contradict standard DFIR procedure and what is suggested in the "AWS re:Invent 2017: Incident Response in the Cloud (SID319)." I believe the correct approach would be to isolate the instance (SG, VPC, NACLs), take a snapshot, access it with a forensics workstation through the isolated VPC and perform a memory dump.
My tip is to read other member’s exam posts and be sure to study the topics they have mentioned.
Thank you to the entire Cloud Guru community and best of luck to anyone else still taking this exam today or when it is released in the future.
I too took the security speciality beta exam on the last day of its availability. It seemed pretty solid in terms of testing how to apply AWS’ security services to real problems encountered by a security engineer. From what I can remember, there were scenarios questions around
several using cloud watch logs agent, AWS SSM, the Run Command
procedure for fixing an access policy error for Vault
3 on Classic Load Balancer and securing legacy systems and applications
about 5 questions involving evaluating one or more policy documents
3 questions on securing Dynamodb data
1 on cognito/mobile identity
one on pen testing and getting approval from aws. Based on the answer choices, it appears approval request is not needed if using a pre-approved tool from aws marketplace.
My preparation included watching Ryan’s videos, reading developer guides, faqs, and white papers.
Cannot wait to know the result – wondering if the 90 days for aws to announce results is counted from the starting day of beta.
Keeping being awesome Cloud Gurus!
Same here. I took the exam on the last day of Beta availability. I echo the observations made in this thread above, since i seem to have got almost similar topics and types of questions (calling out the odd ones – cognito, Dynamodb, pen testing, container security, ADFS/SAML, Athena – which i didn’t specifically cover in preparation).
One additional observation which nobody seems to have made in this forum is that, lot of questions required to pick more than one answer. So, i had to make sure to pay attention to pick multiple answers as required. This was not the case with the associate or Professional AWS exam where standard was choosing only one option as answer.
Overall, exam quality and coverage of security topics was excellent. It doesn’t demand memorization, but overall understanding of security services and how they interplay together. It was educative and i enjoyed taking it. Thanks all in the forum for sharing their thoughts and feedback.
For those taking the exam, definitely read all the security related white papers and do a lot of hands on with KMS keys, S3 keys, account security related practice to get a firm understanding of the subject.