Certified Security - Specialty

Sign Up Free or Log In to participate!

Took the exam today, check inside

The videos covered all the topics but not deep enough if you don’t read the papers and docs other than the ones listed in this course. E.g

CMK Grants – how to encrypt each file with different keys?

Data keys

Pen test on peering vpcs, how is vpn used here? When to send Pen test report?

Dynamo db feature to encryption of data

How to secure PII in s3, what is s3 user meta data?

How to export application logs out of ec2? Cloudwatch agents, seldomly hear of it…

how to inspect ip packages between ec2 instance.. vpc flow log

Key Rotation – at least 5 questions for this single point

Amazon Cloud Directory, SAML

How to patch the ec2 instances – the options include Inspector, SSM agent etc

secure data on the fly and at rest, involve Application LB, https listener etc

use case for signed cookies and signed urls

I will add more here when i remember, there’s a lot of things not spotted in the videos ( as I only hold the associate SA cert). it’s better to read more docs and take different courses for supplement.

Felipe Cavalcanti

Thank you for the feedback.

Raj Man

This is a useful white paper on KMS https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf


hankok2018 Thanks for your feedback and breakdown.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?