I ask because after reading the experiences from those who have taken the exam, there seems to be a lack of detail on people’s prior experience with AWS and security on their post (for the most part).
And I know the chances of grabbing someone who’s taken the exam recently, to reply on here, is slim, but perhaps for those that will pass in the near future can post on here.
So far, I’ve gathered that the exam is harder than the associate-level exams, and have many questions that reflect the difficulty (and mind-numbing) of the professional-level exams. There is an introduction on many new security services (mainly high-level view/have an understanding of the capability of the service) and analytic services (this makes total sense when referencing log data–Guard Duty). Aside from that, having a key, fundamental understand of security-related services and deep-dive into KMS and IAM, key pair (asymmetric) and KMS (symmetric) use cases, etc. Also, having a fundamental understanding of Confidentiality, Integrity, and Availability, Disaster recovery/Incident response and which services support those (which is also the secret, not so-secret, for passing the CISSP, it’s introduced in the first chapter there as it is here in this course. That’s for a reason, I’m assuming).
Any thoughts? Anything I missed?
1 Answers
Hey, I took the security specialty last month and the DevOps Engineer Professional this month.
I am currently studying informatics (B.Sc.) at the KIT in Germany and do not have many years in the industry in contrast to many other gurus here. However, I love to read AWS documentation pages and that is probably what made me pass each exam confidently (besides watching the courses at acloud.guru of course ;).
I already summarized my experience in two posts in the respective discussion forums [1, 2].
My thoughts on your questions are:
- AWS Security Specialty exam does not test you on any detailed security knowledge. [3]
It is rather a test if you know the inner workings of some special AWS service such as KMS. Do not get me wrong… I think the security exam makes perfectly sense as it makes you study the concepts AWS implemented to secure their stuff.
Let me give you an example: I worked with IAM policies for the last 1,5 year. However, I did not know how exactly they work. I only knew a specific subset of the IAM JSON policy language and evaluation logic. The security specialty exam made me study stuff like the policy evaluation logic [4] which are actually crucial when designing secure infrastructure on top of AWS services. I do not know why I did not stumble over this article earlier… However, now that I took and passed the exam I am much more confident that I actually know what I am doing when I use concepts such as IAM policies. That fact alone made the certification pay off for me personally.
If you already took a professional exam, it is very likely that the security exam will be easier for you. Some of the questions in the security specialty exam might be as tricky as professional exam questions, but all in all the professional exam puts much more time pressure on you IMO.
I would totally agree that the security specialty exam is harder than any associate level exam. There are typically much more scenario based questions in the specialty exam and you have to know the inner workings of some special services such as KMS or IAM which not everyone stumbles over in every day use.
[2] Security Experience
[3] I saw people in another thread sharing the same experience in terms of "overall security knowledge".
Thanks for your response and sharing your experiences, Martin. Your "security experience" is one I bookmarked a while back to ensure I’m in line with what I should be studying. 🙂 thanks again!
Also, I found this blog very helpful and well laid out regarding the exam. This guy was a former LinuxAcademy Instructor and has used ACG, as well. https://www.netenrich.com/2019/01/aws-certified-security-specialty-exam-tips/