AWS Security Speciality exam preparation

AWS Security Speciality exam preparation

A few words about, what's inside and how to prepare.

Published Mar 19, 2024

Preparing for the AWS Certified Security Specialty Exam

The AWS Certified Security Specialty exam validates deep technical skills for securing data and applications on the AWS platform. While challenging, with the right preparation, passing this exam is achievable.
Exam Guide - what to read and understand
Useful Training Courses
  • A good start with - AWS Security Fundamentals
  • If you have time and want to play a bit - a Cloud Quest
  • Whizlabs - Practice tests provide a lots of hands-on practice questions that are very close to the actual exam format. Great for testing your knowledge.
  • Adrian Cantril - A great deep dive - I haven't personaly use this course, but I know how Adrian cares about details and the way he explain things - might be worth to go with.
Key AWS Services to Master - don't go, before you know :)
Focus your studies on truly understanding these services inside and out:
  • Amazon IAM - Master IAM policies, identity policies vs resource policies, and cross-account access patterns (policy evaluation logic). Know when and how to use IAM groups, roles, identity pools, SAML. There is no excuse here; if you do not feel comfortable with IAM, do not go further. Know well how the 'Condition' statement works in the policy, what types of statements can be used. Understand the difference between identity policy and resource policies, when to use which.
  • AWS Key Management Service - Understand encryption key management including automatic vs manual rotation. Know when to use KMS vs CloudHSM.
  • Amazon S3 - Know S3 security features like object encryption, bucket policies, ACLs, cross-region replication.
  • Amazon VPC - Study VPC security concepts like security groups, NACLs, VPC endpoints, VPC peering. Know how to diagnose connectivity issues.
  • Amazon CloudWatch - Learn how to centralize logging and set event-driven alerts and automation.
  • Amazon Eventbridge - Learn how to work with data comming from various of AWS services and how to deal with them - messaging, auto-remediation.
  • AWS Organizations - A must have, especially the Service Control Policies
  • Amazon GuardDuty - Know what it can do, and how automate the remediation.
  • Amazon Inspector - Again, have a hands-on knowledge of implementation and remediation, on multiple platforms (EC2, ECR)

Other Important Services
Hands-on practice with these services is the key!
Exam Tips
  • Use extra time accommodations if English is not your primary language.
  • Take advantage of discount vouchers from passed exams.
With focused, hands-on preparation, the AWS Certified Security Specialty exam is within your reach!

1 Comment