AWS Security Specialty - Preparation
Brian Yacono
Cloud Architecture Leader | GIAC GSLC & GPCS | Security Advisor | Well Architected Cloud??
This post covers the?AWS Security Specialty Certification which is one of the most critical certifications in Cloud to help effectively secure your organization, give your Customer's reassurance, and lastly and most importantly develop yourself professionally.
<Disclaimer>
Please read below...
Not for those just starting out in AWS
This might come across as harsh, but know your level of AWS before proceeding. I would hate for you to cough up $300 for the exam with a small percentage of success to pass the exam to begin with. While there is nothing technically stopping you from making this your first AWS cert if you are just starting out; I would definitely recommend doing a beginner-level AWS certifications like the?1.) AWS Certified Cloud Practitioner > 2.) AWS Certified Solutions Architect — Associate?first and in that order. This will establish the fundamentals of those AWS Services such as IAM, CloudTrail, KMS, etc. needed in the future. The AWS Security Specialty assumes that you are already familiar with AWS terminology and fundamentals this can become a big challenge if you are attempting this as your first AWS cert.
So, as the name suggests?this is definitely not a beginner cert but is for those who already have a couple of years' experience in AWS Security.
Although it is not mandatory, once you have passed either or both of the exams above, you should then proceed onto Specialty and/or Professional exams...
</Disclaimer>
All good?!?! You can now proceed.
What to expect - Exam Domain breakdown
As per the official exam guide on the?AWS Certified Security Specialty?page, the exam is a pass or fail one with a minimum passing score of 750 out of 1000. The 5 domains are as follows:
Domain 1: Incident Response
Domain 2: Logging and Monitoring
Domain 3: Infrastructure Security
Domain 4: Identity and Access Management
Domain 5: Data Protection
Services & technologies
Management and Governance
领英推荐
Networking and Content Delivery
Security, Identity and Compliance
How to prepare for the AWS Security Specialty Certification
Get hands on with AWS Services: Another key step would be to setup a home lab environment and start playing around with the AWS services so you can start understanding them. There are a huge number of AWS services which are covered in the exam and you should broadly know all of them. Without having hands on experience you will not able to understand questions which involve SCP, IAM Policies, KMS, EC2 instances etc. Create an?AWS free tier account?and start playing around in the AWS cloud environment
Learn AWS IAM inside and out: IAM is one of the toughest areas in the exam requiring you to understand how policies are evaluated and in what order. Know the policy flow and evaluation logic and how IAM elements work. Start experimenting in your AWS IAM account with the IAM policies. The below video gives a great overview and is amazing if you want to deep dive into AWS IAM:
Be ready for "best answer" types of questions:?A lot of questions will attempt to trick you by providing correct responses so you will have to pick the most suitable one. Understand the pros and cons of each AWS service so you can respond to these questions accurately as there is no single wrong answer in many cases.
Deep dive into Encryption and Logging: A lot of questions will cover scenarios pertaining to KMS keys and which type of encryption to use in a particular scenario. Additionally, you are expected to know the logging and alerting use cases of AWS CloudTrail and CloudWatch and how they differ from each other along with best practices. The FAQ sections for each of these services are really invaluable for doing a deep dive which I have listed below:
Some tips for passing the exam
In addition to the above, below are the steps I took to pass my AWS security specialty exam:
Training: Invest in training so you follow a structured way of understanding AWS security concepts. Historically, I have used Pluralsight training for the AWS Security Speciality which is one of the best ones around but there are several good ones on Udemy and even YouTube. There is also a free?readiness course provided by AWS which goes over the essentials of the exam and is definitely recommended as a refresher.
Practice: No amount of studying will get you ready for the exam without preparing so practice tests are important to consider multiple correct answers and determining the best course of action. Pluralsight Labs and Udemy courses have some good practice exams in addition to hands on time labs in the AWS Console.
AWS provides some?great labs?based on their well-architected framework which I would suggest everyone go through once as they slowly build up your hands-on experience. This can be a great supplement to any training courses you take on ranging from Foundational, Intermediate to Advanced.
AWS?White-papers: AWS has some amazing?whitepapers?which go into great detail about security best practices and their security services. These are not mandatory but definitely recommended to go through once before the actual exam.
Mental & Physical preparation (night before and day of the exam)
Recap
This should provide a good overview of how to prepare for the AWS Security Specialty exam. A fair estimate would be to plan for about 3 months of coursework, study, labs, and exam prep. The exam is not easy by any means and there is no magic bullet or solution for passing the exam. Build up a solid base of technical knowledge and supplement it with practice exams and practical experience. This should lead you to a successful exam attempt.
Account Executive / Account Manager | SaaS/Cloud/AI | Sales
1 年Congrats Brian!!!
Generative AI @ Google | Ex-AWS | Georgia Tech Alumni
1 年Amazing! Congratulations
Enterprise Solutions Architect | InsurTech | Tech Lead SRE| 8X AWS Certified | 3X Azure | GCP | DevOps Subject Matter Expert | Technical Recruiter | Digital Transformation | Researcher | Career Mentor | Public Speaker
1 年Congratulations!!