If you’re like me and planning to add to your ever-growing AWS Certifications, even after you completed the 5 major ones then these tips will help. Between the three specialty certifications (Network, Security and Big Data) I decided to pursue the Security Specialty Exam only because working with AWS daily Security has become the number one thing a client talks about. Not to scare anyone from taking the exam but out of all the ones that I’ve taken, this exam was harder than either of the Professional exams.


  • KMS – Focus on all the different KMS options
    1. API commands (Encrypt, Decrypt, Recrypt)
    2. CMK – AWS created vs Imported
    3. How to enforce annual rotation of keys
  • AWS Config
    1. The type of rules that can be setup and how to automatically remediate non-compliant rules utilizing lambda
  • Know the difference between Cloudtrail vs Cloudwatch
  • SSL communication from on-premise to ec2 including how legacy applications communicate when changing from an ELB to ALB
  • S3 access
    1. I didn’t have any questions on Bucket ACL’s but know the difference between an ACL and Policy
  • Cross-Account Access (S3)
  • How to regain access to an EC2 or change the key pair if they’ve been compromised
  • How does AWS WAF and Shield work
  • When and why should you implement a proxy server
  • Network Access Control List (Stateless) vs Security Groups (SG’s are stateful)
  • How AWS Organizations work including
    1. Service Control Policies and enforcements
  • Cloudfront OAI communicate to S3
    1. Think static website or content
  • AWS Athena and viewing VPC flow logs
    1. Query the VPC flow logs
  • VPC flow logs – How can you automate or make sure VPC flow logs are enabled (Hint: AWS Config & Lambda)
  • Troubleshooting
    1. Why some instances are writing logs to Cloudwatch and others aren’t or they stopped after a period of time

Items that I didn’t find on my exam but that doesn’t mean you shouldn’t know about them.

  • CloudHSM
  • AWS Trusted Advisor

Training Materials I used:

  • ACloudGuru
  • LinuxAcademy – I actually worked for them for a brief period of time and enjoy putting together some training courses. The instructor for the Security Specialty Course is really good.



Domain 1: Incident Response

1.1 Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
1.2 Verify that the Incident Response plan includes relevant AWS services.
1.3 Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.

Domain 2: Logging and Monitoring

2.1 Design and implement security monitoring and alerting.
2.2 Troubleshoot security monitoring and alerting.
2.3 Design and implement a logging solution.
2.4 Troubleshoot logging solutions.

Domain 3: Infrastructure Security

3.1 Design edge security on AWS.
3.2 Design and implement a secure network infrastructure.
3.3 Troubleshoot a secure network infrastructure.
3.4 Design and implement host-based security.

Domain 4: Identity and Access Management

4.1 Design and implement a scalable authorization and authentication system to access AWS resources.
4.2 troubleshoot an authorization and authentication system to access AWS resources.

Domain 5: Data Protection

5.1 Design and implement key management and use.
5.2 Troubleshoot key management.
5.3 Design and implement a data encryption solution for data at rest and data in transit.

My final piece of advice for those taking the exam is to stay positive. It can do wonders.