How I Passed the AWS Security Specialty Exam
I recently passed the exam for the AWS Security Specialty Certification and I thought I’d share some tips and resources I used to prepare for the exam.
Before embarking on the journey to obtain an AWS certification, it’s worth while asking why bothering getting AWS certified.
Here are some good reasons:
- Better job opportunities and salary: AWS certified engineers are in high demand and can earn top-paying salaries. AWS consultancy partners (like The Scale Factory) need to have a certain amount of AWS certifications in order to retain their AWS consultancy status and move to the next consulting tier so they are big recruiters of AWS certified engineers.
- Professional growth: you want to deepen your AWS knowledge, enhance your skills, and progress your career.
- Professionalise your team: become the AWS go-to expert in your organisation, upskill your team, and motivate other colleagues to get certified.
In my case, professional growth was the main driver as I wanted to deepen my AWS knowledge in the security space. And it is certainly paying dividends as the AWS Security Specialty Certification is one of the most practical AWS certifications and one of the most useful for my daily job.
Getting started and organized
The best place to start is to read the AWS Certified Security Specialty page and download the official exam guide. You may also test your current AWS security knowledge by trying to answer the sample exam questions: this gives you a flavour of what to expect during the exam (in case this is your first AWS exam) and shows you some of the areas where you may have knowledge gaps. Don’t worry if you don’t score particularly well on your first attempt, keep track of how many answers you got right, and try the test again before your exam date, you will certainly score better and realize how much you’ve learnt.
Getting organized on what to study and when to take the exam is also another important initial step. When embarking in a new project, my project management technique is to create a Trello board and start recording all the things I need to do to reach my project goals. For the AWS exam I created Trello cards for the resources I wanted to study (i.e. videos, white papers, hands-on labs, etc.) as well as for the practicalities (e.g. booking the exam). A Trello board (or indeed any project management tool) can help you navigate the study material to study for the exam, visualise your study progress, and make sure you don’t forget important bits when the exam date is approaching.
This is how my Trello board looked like few days before taking the exam:
Treat the board as a compass and as a tool to track your progress. Don’t get bogged down to record every single white paper, video course or book you may want to check out. The important thing is to get organized and start studying — you will create new cards and move old ones as you study along.
I prepared for the exam using a mix of study materials which included videos, books, AWS documentation and white papers, and hands-on labs. I personally find useful to mix the course material as it reinforces my learning. Furthermore, a single resource may cover a topic insufficiently or present it on a limited angle so it’s always good to mix and match.
I took the video course on the AWS Certified Security Specialty by A Cloud Guru and if you only have time to focus on a single study resource then go for this video course. It is a very engaging and hands-on course and gets updated regularly which is a major plus over other video courses. Plus, they provide some tests at the end of each section and a simulation of the exam at the end of the course which is the closest thing you get to the real AWS exam. On the minus side, A Cloud Guru courses are not cheap and require a monthly subscription (you can’t just buy a single video course). However, you can stop the subscription when you pass your exam: this should save some money and motivate you to complete the course within your target date.
Another video resource I recommend is Architecture for Security on AWS. This is a 90 minute webinar presented by our very own Scale Factory CEO/CTO Jon Topper that gives you a bird’s eye view of all the security tools you can leverage in AWS. It’s a great introduction to security in AWS and covers lots of the security topics at a high level.
As everyone who has done the exam will tell you, IAM is the most important topic on the security exam and you need to know it inside out. AWS re:Invent videos are great to deep dive into a specific topic and for IAM I definitely recommend Become an IAM Policy Master in 60 Minutes or Less by Brigid Johnson. This was my favourite tutorial video on IAM policies and covers some of the most advanced IAM scenarios you might find in the exam.
I personally love studying on physical books as they keep me away from screens and internet distractions. Unfortunately, unlike other AWS certifications, there aren’t many books specifically dedicated to the AWS Security Specialty Certification. The only one available at the time I studied was Zeal Vora’s AWS Certified Security Specialty Study Guide published in 2018. Although I found the book useful as its content is very hands-on, there are lots of spelling mistakes, typography issues, and awkward phrasing. This included few wrong commands, mainly due to misprints and poor typesetting. It’s a shame as the book could have massively been improved with some editing.
Two promising books on the security certification exam which are scheduled to be released in the course of 2021 are the AWS Certified Security Study Guide to be published by Sybex and the AWS Certified Security Specialty All-in-One Exam Guide to be published by McGraw-Hill. I read exam preparation books by these two publishers in the past and they are usually very good and rigorous. In fact, few years ago I studied my AWS SysOps Administrator Associate certification on a Sybex book: I found it excellent and it also contained extra online content like flashcards and practice exams.
While studying on a video course or a book, you’ll get plenty of references to the official AWS documentation, white papers, and FAQs. In fact, the AWS exam preparation page lists all the white papers and FAQs you should read for the exam. To be honest, I didn’t read every single link to the AWS documentation which was thrown at me but I skim read lots of these web pages and white papers, in particular for the AWS services I was less familiar with. I personally found very interesting the white paper on Best Practices for DDoS Resiliency: it’s a fascinating read and shows how various denial of service attacks work and how to mitigate them.
Another piece of AWS documentation that is extremely useful is the policy evaluation logic: the scenarios presented here are the type of questions on advanced IAM policies you can expect in the exam.
Some video courses offer hands-on labs to practise what you learn during the course. For example, A Cloud Guru offers hands-on labs as part of their subscription offering and the security course has several labs as video content that you can practise on your own AWS account.
AWS Well-Architected Labs are hands-on labs content developed by AWS to build AWS infrastructure using architectural best practices. They cover the five pillars of the Well-Architected Framework, one of which is security. I did some of the intermediate and advanced labs using my AWS account and they were very easy to follow through. These labs complement well the theory that you learn elsewhere and give you that practical knowledge that is invaluable when working as an AWS engineer — and useful to pass the exam too!
Once I covered all the course material, I did some rehearsal to simulate the exam and see how good I would score. These are the resources I used to rehearse the exam:
- Exam readiness: AWS provides a free 2 hour exam readiness course which covers the mechanics of an AWS certification exam. I recommend you watch it, especially if it’s the first time you sit an AWS exam. The course shows the structure of the exam questions and techniques for selecting the correct answers. Even if you’ve done an AWS exam in the past, the course is useful because it contains 3–4 sample questions on each section of the exam. You can pause the video to attempt the question and then resume it to reveal the answer with an explanation of why the other answers are wrong.
- Sample exam questions: reattempt the sample exam questions I mentioned earlier and see how many correct answers you get now.
- Mock exams: A Cloud Guru offers a 3 hour mock exam at the end of their security video course. Try to do it in a single session: this should give you an idea of how long it takes you to complete the exam and if you are mulling over questions for too long. It’s also a good physical prep for keeping your concentration during 3 hours! If you need more mock exam preparation, you can also buy practice exams from AWS or Whizlab (I have not tried them though).
- AWS Quiz Show: these are a series of videos where an AWS security expert goes through mock exam questions. They are very similar to the mock questions of the exam readiness course, just a little bit more entertaining. I watched these four quiz shows for the security certification: 1 2 3 4.
- System test: if you’re going to sit the exam at home, make time to run a system test and check the requirements for remote invigilation (I talk about that in more detail later in the article).
The security exam has a passing score of 750 so each time I practised a mock exam or a set of sample questions I checked if I got at least 75% of the answers right. This confirmed I was ready for the exam and highlighted some of the areas which I needed to review (usually related to IAM and KMS).
You may want to book the exam in advance to set a strict deadline for finishing your study (there is nothing more motivating than a deadline!) or cover the study material, do some practice tests, and make sure you score above the pass threshold before booking the exam. I personally prefer to cover most of the study material first and then book the exam few weeks in advance.
To book an exam go to the AWS training and certification page and sign in with your Amazon (not AWS) account or APN account if you work for an AWS partner. You are prompted to create an AWS certification account (if you don’t have one already) or redirected to your AWS certification account.
If you take the exam in English and English is not your first language, you can request non-native speaker addition time: this adds 30 extra minutes to your exam so that you’ll have 200 minutes instead of 170 to complete it. To benefit from extra time you must request it via the Request Exam Accommodations button in your AWS certification account. Make sure to request it before you book the exam as it is not possible to add it afterwards. The approval of the exam accommodation is usually immediate.
Before booking you can also check if you are entitled to a discount for the exam (which at the time of writing costs 300 US dollars). For example, if you passed an AWS certification within the last 12 months, you are entitled to a 50% discount on the exam price and you can claim this benefit via the Benefits tab:
You can schedule your exam with two testing providers (PSI and Pearson VUE) and you can choose to sit the exam:
- At a testing centre: you can find your nearest PSI test centre here and your nearest Pearson VUE test centre here. Make sure you check the current regulations as they can change quickly in this pandemic period. I personally prefer to sit the exam at a test centre because I don’t have to worry about my internet connection going down or installing software that takes control of my computer. In addition, going to a test centre puts me in ‘exam mode’ and focuses my attention on the exam without having external distractions.
- At home: since March 2020, AWS allows you to take all certification exams at home, with online proctoring. If you are interested in this option, read AWS’s own blog post 5 tips for a successful online-proctored AWS Certification exam which covers what you need in order to take the exam from the comfort of your home. In particular, pay attention to the system requirements for Pearson VUE and PSI and perform a system test with Pearson VUE or PSI. Note that you cannot take the exam on Linux, and cannot use a secondary monitor. Before the exam you need to install some software on your computer (using administrator privileges), which asks you to quit all your other programs and grant access to your webcam, microphone, and screen.
Before starting the exam at home you are asked to photograph your identity document, your face, and your workspace from a few different angles, and the online proctor may ask you questions about your workspace. During the exam, your webcam and microphone must remain on all the time and you cannot leave the room nor let anyone in. Colleagues who took the exams with both testing providers tended to favour Pearson VUE as the exam experience was a bit smoother.
On the day of your exam make sure you had a good night sleep, a good breakfast, and you are ready to keep your attention focused for 3 hours. Some exam questions could be quite long to read but make sure you read the question and all the answers carefully. You can also mark questions for review and revisit them later. But if you use this option, I’d recommend to choose a temporary answer as you may not have enough time (or brain) to revisit it later.
I hope these tips and study materials will help you achieving the AWS Security Specialty Certification. Passing the exam is important but I strongly believe that learning is the most important thing: you will use what you’ve learnt, I can guarantee that. Happy learning and good luck with the exam! 🤞