Getting ready for AWS Certified Security Specialty Exam

Recently i have passed the AWS Certified Security Specialty Exam. It was a really challenging exam and i do really recommend to do the AWS Certified SAA and AWS Certified Sysops Administrator first before any of the Specialty/Pro Certifications.

PS : My intention is not to share any questions or reveal anything which breach the NDA with AWS.


I always love to share knowledge. Let me tell little bit about my background i am using AWS since 2014. (to be honest 40 questions i answered very easily with the past experience) But still it took me 3 weeks to get ready for the exam and i really enjoyed it. Never underestimate or over confident about the exam. I am huge AWS Fan Boy!!

Materials used for study

First got through this and plan well:

Jon Bonso’s Cheat sheet :

This is free from AWS and really useful for “e-Learning
Exam Readiness: AWS Certified Security — Specialty” :

Main Tips and Things are not in the courses :

  • Master the KMS service and how to use with other AWS Resources
  • Learn a bit about KMS SDK with other services, end of this ill share one of my daily usage of this.

  • AWS Secret manager usage and the main differences between secret manager vs ssm parameter store.
  • AWS GuardDuty is really important, understand how to automate using AWS GuardDurty.
  • What you can monitor using VPC Flow logs and what you cant.
  • All the Policy Documents IAM,S3,KMS… , THESE ARE REALLY IMPORTANT.
  • Read well all the NACL and SG related questions, you have to choose the most suitable one sometimes.
  • Know AWS Organizations, OU and how to use Service Control Policies to control child organizations, Restricting the root access.
  • For all the practicals i have created a AWS Organization with SCP and roles.
  • VPC End points

  • AWS Security Hub and AWS Firewall Manager
  • Below areas are really interesting and found a good aws dev day session, still can watch on demands you can download the slides as well. I do really recommend to check all the 4 sections. ( There are ECS related questions also)

Scaling IAM permissions with Attribute based access control (ABAC)
Threat Detection and remediation in AWS
Securing Serverless Applications
Securing container workloads on AWS

  • After you master all these areas please do the Job Bonso’s Practice exams. i got 70% from the first timed exam. Its really challenging but don't worry its not the worlds end. for every question there is a good reviews and related whitepapers, go through and understand why its wrong. which is really helped me for the exam.
  • Don’t Panic and do the easy questions faster and save time for the comprehensive questions.
  • I always find for the wrong answers first.

Tada, finally the satisfaction of hardwork!!

If you need any help to prepare for this exam please feel free to comment or contact , me i am more than happy to help.

DevOps Engineer ☁, A Cloud Enthusiast and AWS Certified Solution Architect. AWS Fanboy!!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store