AWS have been running the beta version of the AWS Security Speciality exam since the beginning of this year. You are given 50% discount if you decide to take the exam and a free re-take if you do not pass for the first time. The downside is that you may have to wait for the results untill May.

I took the exam on 10.02.2018 in west London and decided to put together a quick overview of my experience and a list of video resources that I would suggest using for preparation:

  • There were 70 questions to go through in 180 minutes. I had more than enough time to go through all the questions and have almost an hour left to review questions that I wasn’t sure about.
  • The majority of questions involved IAM, KMS, Cloud Trial, Config and Cloud Watch. You need to have quite detailed understanding of the services to be able to pass the exam.
  • The questions were not as complex as the questions from the AWS Solutions Architect Professional exam. Although they were scenario based, they were not as long and difficult to digest as the questions I remembered from my Professional exam.

Below are the topics that I encountered during the exam and video resources that can help with preparing for the exam:

AWS shared security responsibility model, security best practices and anti-patterns, governance and compliance.

AWS IAM – detailed understanding of users, groups, roles and policies; cross-account roles, access key rotation, STS, identity federation, etc.

AWS Cloud Watch, AWS Config and AWS Cloud Trial – understanding the differences between the services, how they all fit together into various scenarios and how they can be used with other services to automate security operations.

AWS KMS – detailed understanding of how KMS works and encryption best practices

AWS S3 and Glacier – understanding resilience, durability, availability, lifecycle management and security (especially bucket policies)

AWS Organisations and multi-account architecture – understanding of the key concepts.

Application security: WAF, Cloud Front, Elastic Load Balancer, Route 53, Certificate Manager; DDoS mitigation, SSL etc…

Serverless architecture security– lambda, API Gateway, Cognito

Understanding of VPCs and network security, security groups vs NACLs, VPC endpoints, VPC peering, Direct Connect and VPN

Understating Systems Manager capabilities such as patching, run command, maintenance window, parameter store, etc.

Understanding of AWS Inspector and how it can be used to assess applications for vulnerabilities or deviations from best practices. Vulnerability management and pen tests in AWS.