Recently, I passed my 3rd AWS Certification i.e. AWS Certified Security Speciality Certification. It was one of the hardest AWS exams I completed till date.
Exam Preparation :
Listed below are the resources I used to prepare for SCS-C01 exam :
- Exam Guide : Quite useful to familiarize yourself with the exam structure, sections and topics. AWS Certified Security–Specialty(SCS-C01) Exam Guide
- Training : I used Linux Academy and Udemy courses. LA course is bit old but covers basic concept. Udemy courses are quite useful .
- Study Guide : I used Packt Security Specialty Exam guide which covers lot of useful scenarios, practical examples and use-cases. Reference: https://www.packtpub.com/cloud-networking/aws-certified-security-specialty-exam-guide
- Practice Questions : Practising for all exam topics and areas is critical. AWS offers practice exam also . In addition, I used whizlabs.com which is very thorough and provides explanation and details.
- AWS Documentation : Very throrough documentation provided by any service provider. Don’t miss the FAQ regarding each service (especially for KMS, IAM, VPC). Reference : https://aws.amazon.com/faqs/
- AWS Re-Invent Videos : I highly recommend going through these videos, as they will give you enough in-depth knowledge about each service. Reference: http://aws-reinvent-audio.s3-website.us-east-2.amazonaws.com/2019/2019.html
- AWS Exam Sample Questions : I recommend going through AWS Exam Sample Questions to get yourself acquanited with exam structure and level of difficulty. Reference: AWS Sample Questions
Key Technology Areas :
Understanding some of the topics is extermely critical , so focus in depth on those:
- KMS , CMK etc.
- IAM roles
- All kind policies (key policies, IAM policies, bucket policies etc.)
- VPC Security esp VPC flow logs,
- Container / EKS Security
- CloudTrail , CloudWatch logs
- AWS Config, AWS Inspector and related services
- Cloud Front, AWS WAF, Systems Manager etc.
Know the Domains/Services :
AWS Identity and Access Management (IAM):
Needless to say, Identity and Access Management is at the heart of Security. Its AAA in Cisco/Traditional sense and is most vital for securing access to your cloud resources. You should know IAM inside/out.
- Know the IAM policies, rules, users and groups.
- Learn how IAM roles differ from resource-based policies
- Understand the difference between AWS Managed Policies, Customer Managed Polices & Inline Policies.
- Take note of how user-based policies differentiate from resource-based policies
- Know the purpose of S3 pre-signed URLs and how they differ from CloudFront pre-signed URLs
- Learn when you can use CloudFront Signed URLs vs Signed Cookies
- Know how to leverage OAI to restrict access to S3 content
- If you are familiar with Auth0 service, Amazon Cognito is a similar service which helps you authenticate web/mobile apps users.
- Learn how to differentiate between Cognito User Pools from Identity Pools and scenarios in which to leverage each
Security Speciality exam is quite hard exam as it requires you to know in-depth about different AWS services and their use-cases.
Good Luck !
Certification Verification Link :
Tariq Sheikh has been working in IT industry for 15 plus years He is a dual CCIEx26141 with Security,Collaboration and Data Center as his specialities as well as 4xAWS Certified . He is based in Dubai,UAE and his areas of expertise include Data Center technologies, Networking, Security and AWS solution architect