Getting ready for AWS Certified Security Specialty Exam

Recently i have passed the AWS Certified Security Specialty Exam. It was a really challenging exam and i do really recommend to do the AWS Certified SAA and AWS Certified Sysops Administrator first before any of the Specialty/Pro Certifications.

PS : My intention is not to share any questions or reveal anything which breach the NDA with AWS.

I WANNA SEE MY WHOLE TEAM WINNING.

I always love to share knowledge. Let me tell little bit about my background i am using AWS since 2014. (to be honest 40 questions i answered very easily with the past experience) But still it took me 3 weeks to get ready for the exam and i really enjoyed it. Never underestimate or over confident about the exam. I am huge AWS Fan Boy!!

Materials used for study

First got through this and plan well: https://tutorialsdojo.com/aws-certified-security-specialty-exam-study-path/

Jon Bonso’s Cheat sheet : https://tutorialsdojo.com/aws-cheat-sheets-security-identity-services/

This is free from AWS and really useful for “e-Learning
Exam Readiness: AWS Certified Security — Specialty” : https://www.aws.training/Details/eLearning?id=34786

Main Tips and Things are not in the courses :

  • Master the KMS service and how to use with other AWS Resources
  • Learn a bit about KMS SDK with other services, end of this ill share one of my daily usage of this.

https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html

https://docs.aws.amazon.com/kms/latest/developerguide/requests-per-second.html

https://docs.aws.amazon.com/kms/latest/developerguide/service-integration.html https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html https://docs.aws.amazon.com/kms/latest/developerguide/services-rds.html https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/sample-cache-example.html

  • AWS Secret manager usage and the main differences between secret manager vs ssm parameter store.
  • AWS GuardDuty is really important, understand how to automate using AWS GuardDurty.
  • What you can monitor using VPC Flow logs and what you cant.
  • All the Policy Documents IAM,S3,KMS… , THESE ARE REALLY IMPORTANT.
  • Read well all the NACL and SG related questions, you have to choose the most suitable one sometimes.
  • Know AWS Organizations, OU and how to use Service Control Policies to control child organizations, Restricting the root access.
  • For all the practicals i have created a AWS Organization with SCP and roles.
  • VPC End points

https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3

https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#vpce-interface-limitations

https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html

  • AWS Security Hub and AWS Firewall Manager
  • Below areas are really interesting and found a good aws dev day session, still can watch on demands you can download the slides as well. I do really recommend to check all the 4 sections. ( There are ECS related questions also) https://pages.awscloud.com/DevDay_Online_SecurityEdition.html

Scaling IAM permissions with Attribute based access control (ABAC)
Threat Detection and remediation in AWS
Securing Serverless Applications
Securing container workloads on AWS

  • After you master all these areas please do the Job Bonso’s Practice exams. i got 70% from the first timed exam. Its really challenging but don't worry its not the worlds end. for every question there is a good reviews and related whitepapers, go through and understand why its wrong. which is really helped me for the exam.
  • Don’t Panic and do the easy questions faster and save time for the comprehensive questions.
  • DO NOT UNDERESTIMATE OR BE OVER CONFIDENT
  • I always find for the wrong answers first.

Tada, finally the satisfaction of hardwork!!

If you need any help to prepare for this exam please feel free to comment or contact , me i am more than happy to help.

DevOps Engineer ☁, A Cloud Enthusiast and AWS Certified Solution Architect. AWS Fanboy!!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store