This Friday [2021-08-20] I managed to pass the AWS Security Specialty Exam.

Inspired by my participation in the AWS Competence Group at tretton37 I decided this spring to go for this challenge. As usual, just after my examinations I summarize some reflections about learnings.

Since I within the recent year both have made extensive preparations for the SA Pro and DevOps Pro certifications I estimate about 80% of the preparation was already done for this one.

My overall insight is that this Security Specialty exam is a subset of what you can expect to know in the SA Pro exam.

The questions are much more like the Associate Exams. Shorter with focus on you to answer one specific questions. The opposite to the the Pro exams where some questions are a big wall of text where it’s more up to you to filter out the most important parts of the question to choose the most relevant answer. For the Pro exams I definitely had time pressure but for this exam I reached the last 65th question in 2h out of the 3,5h I had available. Having a good feeling I could relax and go through the 19 questions I flagged for review.

The silver bullet for me to the success:
Practice exams with focus on the analysis phase!!

From my previous examination learnings I used this two practice exam packages:

  1. Whizlabs – AWS Certified Security Specialty – Practice Exams
  2. Udemy – SCS-C01: AWS Certified Security – Specialty Practice Exams

I go through the practice exams quite quickly with not too much thought. If I do one practice exam one evening I use 2-3 evenings for analysing all questions. Not only the ones I’ve chosen the incorrect answer. During the analysis I often bump into the AWS documentation, and when I see a value of it for my current assignment, I also read (a few) whitepapers.

As I mention, the contents for this exam is very narrowed to deeper knowledge in a few services. One does not have to worry about strange detailed questions on Snowball, App Stream 2.0 and so on.

Here are the services I had to know about in more detail to pass the exam:

  1. KMS – key policies, grants, rotation, imported key material
  2. GuardDuty – filters
  3. VPC – design, troubleshooting, VPC Flow Logs
  4. Incident response – actions on compromised EC2 and access keys
  5. IAM – policies, root user
  6. S3 – policies, KMS variants
  7. Shield – standard/advanced, DDoS
  8. WAF – DDoS, OWASP
  9. Cloudfront – AOI
  10. ACM – public vs. private

My result was a bit lower than expected. Since my score on the practice exams were between 80-95% and my feeling after the exam was very good I was hoping for yet another result over 900.

But of course I consider the 873/1000 being a good result.