Certified Security - Specialty

Sign Up Free or Log In to participate!

What I Studied on top of ACG to pass the AWS Security specialty

Hello everyone,

3 weeks ago, I mentioned I failed my first attempt to pass the Security Specialty exam, mentioning that the ACG course was covering about only 60% of the exam content.

I just retook and passed the exam (going from 620 points to 850) and want to share all the materials I used to learn all what’s not covered in the ACG course.

This time again KMS was most of the exam, with IAM policies and Organizations SCP, and also EC2 forensic. Troubleshooting policies was again just 1 question. And again some questions about Artifact, Athena, and this time I also had two questions on Vault lock (which I was unprepared for. I really think ACG need to update their training material on this one as the exam as moved too far for the course content to be relevant anymore.

Must study topics are:

  • AWS Organizations

  • KMS Key policies (viaService & grants)

  • Artifact

  • Athena

  • Vault lock (not in my list below)

  • GuardDuty. Although I didn’t saw it in the exam, I doubt it’s going to be long before GuardDuty will show up in the exam

Most of the material I used are whitepapers, FAQs, AWS documentation and re:invent or other AWS event sessions. With re:invent 2018 I guess there will be several new interesting videos which should be added to this list soon.

Here they are by topic

KMS policies, Grants and ViaServices:

***** AWS KMS whitepaper: https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf

Using Key Policies in AWS KMS: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html

Deep dive into AWS encryption: https://www.youtube.com/watch?v=gTZgxsCTfbk

Best practices for implementing AWS KMS : https://www.youtube.com/watch?v=X1eZjXQ55ec

How do I share my KMS CMK across accounts? https://www.youtube.com/watch?v=qS7P2DpJFZQ


Deep drive into CloudTrail: https://www.youtube.com/watch?v=t0e-mz_I2OU

AWS re:Invent 2017: Using AWS CloudTrail to Enhance Governance and Compliance of Ama (DEV311) https://www.youtube.com/watch?v=mbdC6IhOROk

AWS Organizations

FAQ : https://aws.amazon.com/organizations/faqs/

Applying AWS organizations to comple structures : https://www.youtube.com/watch?v=pfetMIlo_2s

About Service Control Policies: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html


***** AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC303): https://www.youtube.com/watch?v=y7-fAT3z8Lo

Delegating Access to Your AWS Environment : https://www.youtube.com/watch?v=0zJuULHFS6A

The Evolution of Identity and Access Management on AWS – AWS Online Tech Talks : https://www.youtube.com/watch?v=2apSeOjDwZo

Advanced Techniques for Federation of the AWS Management Console and Command Line Interface (CLI) : https://www.youtube.com/watch?v=t6WWda_AY04

AWS re:Invent 2017: Soup to Nuts: Identity Federation for AWS (SID344) : https://www.youtube.com/watch?v=CJexxdv054c

A Self-Directed Journey to AWS Identity Federation Mastery : http://federationworkshopreinvent2016.s3-website-us-east-1.amazonaws.com/

***** Architecting Security and Governance Across a Multi-Account Stra (SID331): https://www.youtube.com/watch?v=71fD8Oenwxc


AWS re:Invent 2017: Incident Response in the Cloud (SID319) : https://www.youtube.com/watch?v=ufmgB9M2WII

Automating Incident Response and Forensics https://www.youtube.com/watch?v=f_EcwmmXkXk

AWS re:Invent 2017: Using AWS Lambda as a Security Team (SID301) https://www.youtube.com/watch?v=oMlGHP8-yHU

Modernize Your Threat Detection and Remediation Process Using Cloud Services https://www.youtube.com/watch?v=ZYT8MHdQ410


FAQ: https://aws.amazon.com/athena/faqs/

User guide : querying AWS CloudTrail logs: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

Querying AWS CloudTrail logs with Amazon Athena: https://www.youtube.com/watch?v=cfojAdWoMWo

Blog post: https://aws.amazon.com/blogs/big-data/aws-cloudtrail-and-amazon-athena-dive-deep-to-analyze-security-compliance-and-operational-activity/

AWS System Manager (SSM)

FAQ: https://aws.amazon.com/systems-manager/faq/

Amazon EC2 Systems Manager Introduction: https://www.youtube.com/watch?v=zwS8lssaY_k

Deep Dive with Amazon EC2 Systems Manager [ENT401]: https://www.youtube.com/watch?v=BmpxZsk9N48


FAQ : https://aws.amazon.com/artifact/faq/

And use the service download and read (partially) artifacts and agreements to see what they are


Introducing Lambda@Edge : https://www.youtube.com/watch?v=c_ZL3nOxEi8

AWS re:Invent 2017: Introduction to Amazon CloudFront and AWS Lambda@Edge (CTD201) : https://www.youtube.com/watch?v=wRaPw1tx6LA

Guard Duty

FAQ: https://aws.amazon.com/guardduty/faqs/

Deep Dive on Amazon GuardDuty – AWS Online Tech Talks: https://www.youtube.com/watch?v=o2YaIsps5LY


AWS re:Invent 2017: Creating Your Virtual Data Center: VPC Fundamentals and Connecti (NET201) https://www.youtube.com/watch?v=Tff1mekxOJ4

AWS Summit Tel Aviv 2017: Fundamentals of Networking and Security on AWS https://www.youtube.com/watch?v=KtPambVS2-4

AWS Summit Series 2016 | Chicago – Network Security and Access Control within AWS https://www.youtube.com/watch?v=AcBcmILiQTo

And unrelated to the exam but the best presentation of all:

AWS re:Invent 2017: The AWS Philosophy of Security (SID322) https://www.youtube.com/watch?v=KJiCfPXOW-U


This is amazing. Thank you so much for taking the time. I failed with a 660 recently, and it’s not like I have zero AWS experience either. I can attest that the course is sorely incomplete and high-level. I admire wanting to prep people for the real world, but it’s odd to me to spend a huge chunk of the course on CloudHSM then telling people it’s optional for the exam. I can hope that they will fill in the blanks because when acg hits the mark, they really hit the mark with the best teaching. There is not even an Athena video in the course. There is nothing on Vault lock. I hope anyone who has failed once and is trying again like me sees your post.

A Gerald Young

LRS1023 I took it today and had the same experience. I was like where is Athena and Vault lock coming from.

7 Answers

Likewise. I received a 730 and already have 5 certs. "I really think ACG need to update their training material on this one as the exam as moved too far for the course content to be relevant anymore." Course material needs updating ASAP. I got many questions on Macie, vault lock, Athena , Artifact, the term blast radius was used at least 3 times. Luckily I saw this post. You need so much more for this exam.


I passed last week. Def follow the advice above as ACG is missing so much that you need to know. DO NOT go by just the AWS practice exam or the sample questions…

I felt that the focus of acloudguru have shifted and there is no longer focus on ensuring that the course get updated. Acloudguru whilst an important learning resource is no longer the go-to resource.

Thank you so much for the details and guidance.

I passed the exam and I have to say your post is a must on preparing to the test! Thank you so much.

Matthieu Lienart

Glad I could help

Thanks for your post! I passed the exam yesterday morning. I’m subscribed to both ACG and Linux Academy and there is a ton of information in both courses that are SEVERELY missing. Haven’t encountered such a jarring gap before. Fortunately I got a chance to review your post and go through the material and it was definitely helpful. I also hold two other AWS certs and work with AWS on a daily basis which I believe helped. On to the next one!

Thanks a lot for your post! I have just started preparing for the exam having just completed sysops and architect associate exams. I’ve looked at a few courses covering this exam and the length of them seems to vary from 7.5 hours up to nearly 39. This one is only 11-12 hours so is definitely one of the briefer courses.

Hi All,

just to let you know that we have begun updating the course for 2019, based on feedback from everyone. I have added a section today (Chapter 9 – Updates For 2019) which I will continue to build out over the next few weeks to include any gaps in the course.

I have also added a lecture covering additional resources and grouping together all the best White Papers and re:Invent videos to watch.

If you have anything to contribute, please do let me know!



Matthieu Lienart

Hello Faye, Thank you for the update. Although I passed the test, I might look back at your updates when I have free time. It will be a good refresher.

Faye Ellis

Thanks Matthieu!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?