What is the certification?
The AWS Security specialty exam is intended for individuals with at least two years of experience in a security role protecting AWS. It’s intended to validate that those that pass this exam have the requisite baseline knowledge to succeed in that function.
What does it demonstrate?
Per the official AWS exam guide the exam judges candidates across the following domains:
Domain 1: Incident Response 12%
Domain 2: Logging and Monitoring 20%
Domain 3: Infrastructure Security 26%
Domain 4: Identity and Access Management 20%
Domain 5: Data Protection 22%
The short of it; is that the exam covers certain topics in-depth and detail, and those include IAM including knowing how to configure cross-account resource trusts and configure active directory federation services to achieve SSO, Encryption via services like CloudHSM and KMS, as well as the full gamut of VPC level networking and architecture all the way down to the policy level as well as programmatic level knowledge of S3. You should also thoroughly understand commonly used AWS security services including Macie, Guard Duty, Config, Inspector, Security Hub, as well as CloudTrail and Cloud watch, and deeply understand how to develop event-driven notifications and event-driven security remediation.
If you’ve already taken the AWS Architect Associate exam this is a much more difficult exam that expects a deeper level of knowledge. The exam also expects a candidate to have accepted best practice playbooks memorized to respond to incidents related to compromises of Instances, Access/Secret keys, and entire accounts, as well as remediation paths for dealing with the actions of destructive insiders. Outside all of this also expect to have some knowledge of less commonly used services such as AWS Glue, and Amazon Cognito, as well as kinesis data streams and firehose and how those services and the data they process should be secured and accessed as well as having deep knowledge around how to grant access to and troubleshoot lambda functions.
Building a study plan
To begin you should already have passed or been able to pass the AWS Architect Associate exam, being able to build data pipelines, VPCs from scratch (all the way down to routing table level, understanding VPC endpoint instances and gateways in a lab is key before you even start.
If you’re still with me great! My approach to studying consisted of downloading the exam guide and getting a full subscription to acloud.guru, spending time to go through every chapter and section in detail of the AWS Security Course, and then building out the discussed topic in an actual AWS sandbox (acloud plus includes one, but you can use your own if you have one available).
After this, I spent time and read each AWS white paper and best practices document as cited by the course. I then went back to the official exam guide and reviewed the details of each of the exam topics specifically researching each section for best practices where there were gaps in acloud course.
All in all a health budget of 80 hours of total study time should be sufficient to absorb what you need to know to pass.
If you’re going for the exam, good luck!
Reyor Blog 