Top 5 things you must know to pass the AWS Security Specialist exam
After passing the CCSP certification, I sought certification to enhance my skills in my company’s cloud provider, AWS. I reviewed the certifications, saw the AWS Security Specialist, and assumed this was the one for me since I am a security professional. I wasn’t entirely wrong, but I should have started with the AWS Solutions Architect Associate (SAA) certification.
Get certified with an Exam Pass Guarantee
Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.
The AWS Security Specialist certification assumes you have the AWS SAA certification, making it very difficult to take it without the SAA. Despite this caveat that I didn’t know then, I still passed the certification on my first attempt. This blog will help you with your AWS security training and tell you the top five things you must know to pass this certification on your first attempt.
1. Learn to think backward with IAM
IAM is likely the most complex part of this exam. You can have user accounts with permissions and roles that change what the account can do. You can have automated accounts with the same thing as well as service to service accounts with this same ability.
You must understand the basics of IAM, least privileged and allow the service to set up an account to connect to another service whenever possible. On the exam, you will face several questions describing a problem to you and stating permission is broken.
You are supposed to determine where to fix it in the least amount of time/effort. The best way to accomplish this was to think about the problem backward. What is the end of service? What is the user or service trying to access? A service account is a way to go if it is a service.
Next, you must ask yourself what is trying to be done. Is it a read, write or edit? This will determine what kind of permission needs to be in place.
Finally, ask yourself where does this connection start? If you can answer those three questions, you will be in a much better situation to answer the question on the exam.
2. Understand data storage nuances
Data storage is a huge topic in AWS cloud security since you are storing what could be your most precious data in someone else’s computer. Securing that data and storing it will be the most important topic you encounter, and on the exam, there is an emphasis on knowing how, where and for how long to store your data.
Understanding when to use AWS S3 Glacier and when not will be crucial to passing this exam. You must know when to use S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval and S3 Glacier Deep Archive.
You will need to understand the nuances around each choice. For instance, if you send something to Deep Archive, when can I retrieve it? Is there a grace period for retrieving this data? What happens if I go beyond that grace period? You'll encounter all these questions on the exam, so you must understand the different storage options and when they apply to different situations in AWS.
3. AWS Config and SCP are your friend
If you have ever taken one of my courses, then you have probably heard me say that the security professional's job is not to tell people they can’t use something in the cloud but to secure whatever they do in the cloud.
This is accomplished via AWS Config and SCP policies. The combination of these two services in AWS will allow you to ensure that your developers are only using the services you have verified and secured. This combination will also correct common security issues in the environment. For example, suppose you have a policy that all S3 buckets must be encrypted, and someone creates one that isn’t encrypted. In that case, AWS Config can encrypt that S3 bucket automatically to ensure the security posture in the environment is maintained.
On the exam, you will be faced with many questions about which service to use, when and what service best fits a use case. It will be critical for you to understand AWS Config and SCP.
4. Using a least privileged methodology
As I stated earlier, IAM is close to everything from a security perspective in the cloud. You must pay attention to IAM and the permissions you are always assigning. Keeping this in mind, the least privileged methodology will enforce this not only on accounts but also on the network and the different assets in the environment.
On the exam, you will be asked about the nuances of network security and how to better secure a vulnerable network. Using the least privileged methodology, you can narrow the scope to the originating and destination points and secure it in the middle. This is what a least privileged approach looks like for networking.
On the exam, you will encounter many questions like this, where you must dissect a problem and devise the simplest solution. Thinking about the least privilege will lead you to the right answer since the exam is looking for that.
5. Read and reread the AWS security certification questions before answering
This may seem overkill, but it is critical that you read, reread and sometimes reread the question a third time before choosing an answer. These questions are tough and will include many details that do not impact the situation. These details are in place to distract you from what you need to focus on.
Reading each question several times will give you the best chance to avoid falling for these trick questions. When I take an exam like this, I typically read the question to try and identify what they are asking. I will then reread it and point out the information that has no value in the question. Once that is complete, I will reread the question emphasizing the information I need to know to answer the question. Only then do I start reading the answers. This way, you can form your answer on your own without being influenced by the answers below.
Get certified with our Exam Pass Guarantee
Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.
This exam is difficult and is one of the hardest exams out there, but earning this AWS security certification will pay dividends in your career. Take the time to learn the material inside and out, and take your exam and pass it on your first attempt. I have also created an AWS Security Specialist course for this exam that cuts through all the fluff of the exam and gives you what you need to know to pass it on your first attempt.
For more on AWS security and cloud engineering careers, visit Infosec's Cloud Engineer Hub!
Enroll in our new Cybersecurity Foundations Bootcamp! Acquire the skills and knowledge your team needs to effectively identify, respond to, and mitigate many cyber security risks or attacks. Learn:
- Core cybersecurity concepts and principles
- Networking and OS foundations
- Governance, Risk, and Compliance basics
- NIST CSF and other common security frameworks
In this Series
- Top 5 things you must know to pass the AWS Security Specialist exam
- Top Linux+ interview questions for 2024
- The 2024 guide to CCNP salary: What to expect as a certified professional
- CCPT vs. GCPN: A cloud certification comparison
- Average SCADA Security (CSSA) salary
- SSCP Certification: Overview and Career Path
- Average CompTIA Linux+ salary [2022 update]
- Linux+ certification: Related training and courses [2022 update]
- Why information security professionals should learn about law
- Want to lead a global privacy program? 6 things to know about CIPM
- CIPP/US: 5 things to know about privacy and cybersecurity law
- CompTIA Cloud+ Certification: An Overview [updated 2021]
- CertNexus CyberSec First Responder: Certification, exam and training details
- CertNexus Certified IoT Security Practitioner: Certification, exam and training details
- CertNexus certification and career path overview
- CertNexus Cyber Secure Coder: Certification, exam and training details
- The OSCP certification and exam [updated 2021]
- Average SSCP Salary [Updated 2021]
- Average HCISSP salary [Updated 2021]
- Average Certified Penetration Tester (CPT) salary [Updated 2021]
- Average CCIE salary [updated 2021]
- Average RHCE salary [updated 2021]
- CCNA security retired: Time to earn your Cisco CyberOps certification?
- CompTIA Linux+ XK0-005 – what changed with this cert and test? [2022 update]
- Free online cyber security training: Courses, hands-on training, practice exams
- The CPT certification and exam
- The CEPT certification and exam
- Do you need CIPT certification?
- VCP 6.5 Certification & Exam
- Everything you need to know about CIPT certification
- Average IT security auditor salary
- Average RHCSA Salary
- CompTIA IT Fundamentals+ Certification: An Overview
- Average help desk support salary in 2018
- 7 most difficult information security certifications
- The GSEC certification and exam
- The International Association of Privacy Professionals CIPT Certification
- Becoming a Cybersecurity Practitioner (CSXP)
- International Association of Privacy Professionals (IAPP): Certification overview
- InfoSec Institute Launches Security Awareness Practitioner Certification
- GCIH certification overview
- The International Association of Privacy Professionals CIPP/E Certification
- The International Association of Privacy Professionals CIPM Certification
- GIAC penetration tester (GPEN) certification
- What is the GCFE?
- GIAC Certifications Overview
- CGEIT Domain 5: Resource Optimization [DECOMMISSIONED ARTICLE]
- The IAPP CIPP/US certification: The leading U.S. privacy credential
- CGEIT Domain 4: Risk Optimization
- CGEIT Domain 2: Strategic Management [DECOMMISSIONED ARTICLE]
- Certified Wireless Security Specialist (CWSS) Salary
