In this section, we’ll discuss the three (3) AWS Specialty certifications that are currently offered by AWS to help you find out if these certifications are suitable for you. If you haven’t read the first of this 2-part article series yet, we encourage you to check it here: Which AWS Certification Exam Is Right For Me? – Part 1.

Similar to Part 1 of this article, we will approach each segment in two parts: Purpose and Knowledge. Purpose will answer the question: “Why should I take this exam?” while Knowledge will answer: “What should I know for this exam?”. At the end of each segment, we will also include some handy references that will help you get started in preparing for that specific certification exam. Let’s get right to it then!

AWS Certified Security Specialty

Purpose

Managing security is one of the most challenging yet fulfilling responsibilities that an individual can undertake. It is (and always should be!) every organization’s priority. For each step in the workflow, there is bound to be a vulnerability which is why nowadays, there are a variety of roles in the market that target individuals with specific skill sets in the security domain. We have titles like: InfoSec Engineer, InfraSec Engineer, IT Security Consultant, Risk and Compliance Analyst, DevSecOps Engineer, etc. If your main role focuses on security and your company engages in Cloud technologies then this specialty certification is a must-have on your portfolio. If you deal with security in some form but is not your main role, then this certification is still worth taking to reinforce your skills… and maybe land that promotion too. 

With the number of security attacks increasing each day and the industry losing millions of dollars because of it, companies are now allocating resources to hire capable security engineers to protect their products and services. Having a certificate to prove that you have that capability will give you an edge. AWS also acknowledges the importance and severity of the matter, especially on its platform. Since multiple customers rely on AWS and each of them interacts with different services each day, they will need certified knowledgeable people who know how to implement proper security in the cloud.

Knowledge

As a security engineer, you should be aware of your options and knowing when to use each of them. Each organization has its own set of requirements that needs to be fulfilled, and it is your responsibility to meet these requirements. Beyond knowing what native security tools are available in AWS, you should also be aware of common security tools OUTSIDE of AWS. What I mean by this is, for example, in S3 you can encrypt your objects using KMS or S3 Encryption. But what you can also do is encrypt your objects using a third-party tool before placing them in your S3 bucket. 

Knowing how to implement the best practices in security can only be achieved through experience, so it is recommended that you have some industry experience first before taking this specialty exam. You don’t need to learn how to secure every service in AWS, but it is important to have a concrete understanding of fundamental security practices for core AWS services (i.e. EBS volume encryption, least privilege access controls in IAM, network protection using security groups, monitoring and incident response using CloudTrail). These are just some of the general tasks that apply to almost any AWS environment.

To know more about the AWS Security Specialty exam, visit the official AWS exam guide here. Use this together with our free study guide in the Tutorials Dojo website, our widely known AWS Cheat Sheets, and the provided references below to prepare for this certification exam.

Exam Coverage:

1. Threat Detection and Incident Response
   • Design and implement an incident response plan.
   • Detect security threats and anomalies by using AWS services
   • Respond to compromised resources and workloads
2. Detect security threats and anomalies by using AWS services.
   • Design and implement monitoring and alerting to address
     security events.
   • Troubleshoot security monitoring and alerting
   • Design and implement a logging solution. 
   • Troubleshoot logging solutions. 
   • Design a log analysis solution.

3. Infrastructure Security
   • Design and implement security controls for edge services.
   • Design and implement network security controls.
   • Design and implement security controls for compute workloads.
   • Troubleshoot network security.
4. Identity and Access Management 
   • Design, implement, and troubleshoot authentication for AWS
     resources. 
   • Design, implement, and troubleshoot authorization for AWS
     resources.
5. Data Protection 
   • Design and implement controls that provide confidentiality and
     integrity for data in transit.
   • Design and implement controls that provide confidentiality and
     integrity for data at rest.
   • Design and implement controls to manage the lifecycle of data
     at rest.
   • Design and implement controls to protect credentials, secrets,
     and cryptographic key materials.
6. Management and Security Governance
   • Develop a strategy to centrally deploy and manage AWS
     accounts.
   • Implement a secure and consistent deployment strategy for
     cloud resources.
   • Evaluate the compliance of AWS resources.
   • Identify security gaps through architectural reviews and cost
     analysis.

Exam Duration: 170 minutes

Passing Score: 75% 

Price: 300 USD

Recommended Practice Exam: AWS Certified Security – Specialty Practice Exams by Jon Bonso and Tutorials Dojo

AWS Exam Readiness Course: Exam Readiness: AWS Certified Security – Specialty, Exam Readiness: AWS Certified Security – Specialty Classroom

AWS Certified Advanced Networking Specialty

Purpose

The advanced networking specialty certification is built for individuals whose jobs are to set up and maintain network solutions in their organizations. Managing a corporate network is a very tough but rewarding job. You carry the responsibility of making sure your infrastructure network is working 24/7 and all its components are running efficiently. If even one router suddenly malfunctions or gets misconfigured, it could mean disaster to your operations, which could translate to huge financial losses.

Network engineers benefit the most from this certification, especially if they handle networking in the AWS Cloud. If this is your career path and you have a passion for performing complex network tasks, you should aim to have this certification under your belt. For some companies, certifications are a must if you are applying as a network engineer. You need to have an industry-recognized level of knowledge and skills before they onboard you for this role.

Knowledge

You should have mastery over networking fundamentals and have a strong understanding of AWS network concepts and their underlying components. These include different network architectures and models, common network technologies, monitoring and security solutions, and application of best practices in AWS. It is also recommended that you first get experience in designing and implementing network solutions in both AWS and a hybrid setup. Get exposed to different use cases and approaches, either by reading about them or trying them out yourself.

Do you know the OSI model by heart? Have you configured an IP VPN solution before? Can you list down the components involved in setting up a highly available and secure connection between AWS and your corporate network? Do you understand how routing works (e.g. local route tables, BGP routing, failover routing)? How do you monitor faults in the network? How do you handle security intrusions and attacks like packet sniffing, DDoS, phishing attempts, etc? These are just some of the questions that you should be able to confidently answer before you take this certification exam. 

Since this certificate validates your expertise on Advanced Networking, expect the exam to be very challenging. To know more about the AWS Advanced Networking Specialty exam, visit the official AWS exam guide here. Use this together with our free study guide on the Tutorials Dojo website, our widely known AWS Cheat Sheets, and the provided references below to prepare for this certification exam.

Exam Coverage:

1. Design and Implement Hybrid IT Network Architectures at Scale 
   • Implement connectivity for hybrid IT 
   • Given a scenario, derive an appropriate hybrid IT architecture connectivity solution 
   • Explain the process to extend connectivity using AWS Direct Connect 
   • Evaluate design alternatives that leverage AWS Direct Connect 
   • Define routing policies for hybrid IT architectures 
2. Design and Implement AWS Networks 
   • Apply AWS networking concepts
   • Given customer requirements, define network architectures on AWS 
   • Propose optimized designs based on the evaluation of an existing implementation 
   • Determine network requirements for a specialized workload 
   • Derive an appropriate architecture based on customer and application requirements
   • Evaluate and optimize cost allocations given a network design and application data flow 
3. Automate AWS Tasks 
   • Evaluate automation alternatives within AWS for network deployments 
   • Evaluate tool-based alternatives within AWS for network operations and management 
4. Configure Network Integration with Application Services 
   • Leverage the capabilities of Route 53 
   • Evaluate DNS solutions in a hybrid IT architecture 
   • Determine the appropriate configuration of DHCP within AWS 
   • Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem
   • Determine a content distribution strategy to optimize for performance 
   • Reconcile AWS service requirements with network requirements
5. Design and Implement for Security and Compliance
   • Evaluate design requirements for alignment with security and compliance objectives
   • Evaluate monitoring strategies in support of security and compliance objectives 
   • Evaluate AWS security features for managing network traffic 
   • Utilize encryption technologies to secure network communications 
6. Manage, Optimize, and Troubleshoot the Network 
   • Given a scenario, troubleshoot and resolve a network issue

Exam Duration: 170 minutes

Passing Score: 75% 

Price: 300 USD

Recommended Practice Exam: AWS Certified Advanced Networking – Specialty Practice Exams by Jon Bonso and Tutorials Dojo

AWS Exam Readiness Course: Exam Readiness: AWS Certified Advanced Networking – Specialty, Exam Readiness: AWS Certified Advanced Networking – Specialty Classroom

AWS Certified Machine Learning Specialty

Purpose

Machine learning is a part of almost every business nowadays. Utilizing computers to perform complex tasks with agility and precision has allowed industries to increase their overall productivity and revenue. Furthermore, machine learning and cloud technology are two inseparable partners, since the cloud offers you the compute and storage capacity you need to run your solutions cost-effectively. If you are working in this field such as a role in data science or if you have a passion for machine learning, deep learning, and AI development, be sure to add this certification to your portfolio. This certificate will indicate that your capabilities meet the qualifications for building and deploying quality ML/AI solutions for businesses using AWS. 

Knowledge

The exam will validate your knowledge of utilizing different ML approaches to resolve specific problems. Therefore, you should already possess a strong grasp of basic ML algorithms and frameworks such as TensorFlow and PyTorch. You should also be familiar with the services in AWS that will allow you to implement these algorithms and frameworks. A good example would be Amazon SageMaker, which would enable you to build, train, and deploy machine learning (ML) models. Lastly, since this is a specialty exam, you should already have a fair amount of experience in machine learning and AI prior to taking this certification exam. This is because the exam will also quiz you on the best practices for different ML deployments and operations, and it would be an advantage if you have some experience with these situations.

To know more about the AWS Machine Learning Specialty exam, visit the official AWS exam guide here. Use this together with our free study guide (coming soon!) on the Tutorials Dojo website, our widely known AWS Cheat Sheets, and the provided references below for you to prepare for this certification exam.

Exam Coverage:

1. Data Engineering 
   • Create data repositories for machine learning. 
   • Identify and implement a data-ingestion solution. 
   • Identify and implement a data-transformation solution. 
2. Exploratory Data Analysis 
   • Sanitize and prepare data for modeling.
   • Perform feature engineering. 
   • Analyze and visualize data for machine learning. 
3. Modeling
   • Frame business problems as machine learning problems. 
   • Select the appropriate model(s) for a given machine learning problem. 
   • Train machine learning models. 
   • Perform hyperparameter optimization.
   • Evaluate machine learning models. 
4. Machine Learning Implementation and Operations
   • Build machine learning solutions for performance, availability, scalability, resiliency, and fault tolerance. 
   • Recommend and implement the appropriate machine learning services and features for a given problem. 
   • Apply basic AWS security practices to machine learning solutions. 
   • Deploy and operationalize machine learning solutions.

Exam Duration: 170 minutes

Passing Score: 75% 

Price: 300 USD

AWS Exam Readiness Course: Exam Readiness: AWS Certified Machine Learning – Specialty, Exam Readiness: AWS Certified Machine Learning – Specialty Classroom