AWS Security Specialty Exam

Intro

I recently sat the AWS Security Specialty Exam. This was my 7th AWS certification having already done all the associate and professional exams over the past couple of years. However, this was by far the most challenging out of all the exams I’ve sat. AWS updated the exam in the last year and definately have made it much harder. I passed first time with a score over 900 but I used up nearly the full allotted time. I had prepared well for the exam but was still surprised with how challenging it was.

The exam has a massive focus on VPC, KMS, IAM, S3, EC2, Cloudtrail and Cloudwatch. While lightly touching Guardduty, Macie, Config, Inspector, Lambda, Cloudfront, WAF, System Manager and AWS Shield.

Below I discuss a bit how I prepared and some of my thoughts of the exam.

Preparation

To specifically prepare for this exam I primarily used 3 resources.

• A Cloud Guru Security Track course
• Whizlabs Practice exams
• AWS Whitepapers & Blogs

CloudGuru

The course is useful enough from the point of view of getting your feet wet a bit with all the different services and areas of the exam curriculum. Depending on your specific role you may not use all the services such as config and guard duty day in, day out. The cloudHSM walkthrough was one in particular I hadn’t actively used before. However, on it’s own it is nowhere near enough to pass the exam.

It’s about 14 hours in total so worth skimming through to get an outline of all the different areas and services but that’s about it. I wouldn’t rely on it as a single study guide.

Also the gloud guru practice exams are next to useless to gauge how prepared you are for the actual exam.

Whizlabs Practice Exams

Again these were useful enough but were not up to the standard of the exam. However, they are well worth going through. I do like the format of the whizlab practice exams and in general their explanations are quite good. In particular they have links to some really useful whitepapers and blogs which do go a level deeper than the cloud guru stuff.

However, again I would caution that they’re not necessarily a good gauge for how prepared you are for the actual exam. They are a little bit dated - e.g. currently you no longer need the approval from AWS support team to perform assessments of your EC2 instances, but the WhizLabs still has the dated answer.

So on their own wouldn’t be enough to pass the exam but a useful resource all the same.

AWS Practice Exam

I had a coupon for a free AWS practice exam so figured I’d use it. There were just 20 questions in the practice exam and I got 90% in it. I felt good after taking it and did it the day before the actual exam.

I did end up getting a similar score in the actual exam but the actual exam questions were much much harder. Again I’d caution that there was no comparison between the practice and actual exam.

AWS Whitepapers & Blogs

These were definately the most important resource I went through. I’ve specified some of the better ones below. I’d say about 70% of the ones I found I got from links in answers on the whizlabs practice exams but really worth going through in detail.

I’d also recommend going through the AWS Security Blog and running through some of the hands-on walkthroughs in your own account.

Recommendations & Tips

So onto the useful stuff. If I was to start studying for the exam fresh today what would be my recommendations.

Research Materials

On top of the cloud guru course material, there are other mandatory materials that’ll help you in the exam. Some of these appear in every blog post on the subject, but some are strangely missing.

For example, the AWS Certified Exam Readiness was a phenomenally useful resource — and it was free! At the end of the course, you get a practice exam with 24 questions that come with thoughtful answers. I guess it’s missing from most online post because it’s new.

So here are some additional resources you might not find as recommended reading material elsewhere:

KMS

As you might expect in a security exam encrytion features very highly. This walkthrough is well worth reading and running through in detail. Details loads of gotchas and fringe features which you may not know if you’re not a big user of KMS.

BLOGS

• AWS Security Blog

WHITEPAPERS

• DDoS best practices
• Well Architected Framework (Security Pillar)

MUST-WATCH YOUTUBE VIDEOS:

• Becoming an IAM policy Master: Absolute must-watch!!
• Soup to Nuts: Identity Federation for AWS
• Deep Dive on Amazon Guardduty
• Best Practice for Implementing AWS Key management
• Provable Access Control: Not relevant for the exam, but amazing talk!

Exam Day

ONLINE PROCTORED SETUP

With COVID I did an online proctured exam with PearsonVUE. This was my first time not going to an exam center for the exam. I followed the recomendations and it was pretty straight forward. I tested my computer a week before the exam and the day before I cleared all the clutter in the room and everything off my desk - I also erased everything from my whiteboard.

I checked in to my exam about 30 minutes before it started. Once checked in on my laptop I used a link on my iphone to take pictures of my office room, myself and my id. This took about 10 minutes. Then the online procture came on. It was a little bit confusing - a message box popped up first on the screen and then someone started talking to me. He wanted me to use my laptop camera to again do a slow sweep of the room to confirm it matched the photos. I had 2 external monitors on my desk which weren’t plugged into the laptop. He also wanted me to show him me plugging them out of the power outlet which was a bit unexpected. The pearson app locks out any monitors and screens. The cables were a bit tangled on my desk so this was a bit of a pain and something I would prepare better in the future. In total, the checks with the procture took about another 5 or 10 minutes and then I began the exam. I didn’t hear anything else from the procture for the rest of the exam and overall found the experience fairly handy.

EXAM TAKING TIPS

I’ve followed the same process in all my AWS exams which uses the recommended ISC2 exam taking tips where I read each question 3 times and then read each answer with it. However I do put my own spin on this technique.

I run through all the questions once relatively quickly. There were about 30/40% I was confident first time I had the correct answer. Any I wasn’t sure of I flagged for review. For these, in my head I crossed out answers that made no sense but was always left with 2-3 possible answers. These questions I flagged and moved on from. I’ve found from experience that working through other questions can help me think through flagged questions so I never really spend more than a minute or so on a single question in my first pass through.

For my second pass through I try and cut the available answers down to 2 possibles. I’ve found that having gone through the entire exam once already my mind is more focused and some of the other scenarios help with isolating answers. With this pass I was pretty confident in about 70% of the questions and unflagged them.

I then do a third pass. At that point you are stuck with picking between answers that could very likely be the right answer in the real world but it is about learning how they want you to answer it with the most efficiency and most cost savings. Keeping that in mind when answering those questions are key to getting those toss up questions correct.

After 3 passes if I’m still not sure of an answer it’s time to hit and hope!

Remember, you don’t need to know the right answer if you can eliminate all the wrong ones! And unlike other exams, the security specialty sometimes has questions with 2-3 workable answers — your job is to pick the one that matches the questions requirements (e.g. Fastest, Cheapest, Simplest…etc). So pay attention to that!

MY EXAM IMPRESSIONS

A few key areas that I thought were included in almost every question was IAM, KMS and encryption. Incident Response related questions would be next up in my opinion. I know it sounds incorrect to say I felt almost every question had some sort of IAM, KMS or encryption component to it but in my mind it absolutely did. Sometimes they would list out a roles and policy question and then ask about a compliance problem. Other times they would state a specific compliance requirement then ask you an encryption question with that compliance requirement. If you were not paying attention you would answer the wrong question within the question. On my exam logging & monitoring was not as prevalent but was absolutely present. It seemed to be about 20% of the time the question was related to a logging/monitoring issue that could be related to policy and roles that needed to be adjusted. Understanding these services and how they communicate with each other is critical for this exam. Automating as much as possible within AWS between services is key to passing this exam, it will be expected that you understand how that sort of action will take place and how to troubleshoot it when/if it breaks.

Conclusion

Hopefully the above helps someone else looking to take the exam. I have read a few different blog posts that says the security specialty is one of the easiest exams. This was not my experience but those blogs may have being written before the most recent exam updates. The questions were quite tough and had multiple correct answers - figuring out which one the one AWS were looking for was quite challenging. I would definately not underestimate it and plan sufficient time to prep for it. I found I learnt a lot from my preparation so would recommend doing it. It’s a particular good view into the serverless future as we offload more layers to managed CSPs.