Voiced by Amazon Polly |
Overview
AWS certifications validate the learner’s knowledge with industry-recognized standards and help organizations identify skilled professionals on the AWS cloud. As many enterprises adopting the AWS cloud, they are looking for security professionals to secure their environment on the AWS cloud. AWS Certified Security-Specialty can open the door to professionals interested in the security domain.
Customized Cloud Solutions to Drive your Business Success
- Cloud Migration
- Devops
- AIML & IoT
Aim of the AWS Certified Security Specialty (SCS-C02) Certification
AWS Certified Security-Specialty certification validates your expertise in creating and implementing security solutions in the AWS cloud. This certification covers security domains like threat detection and incident response, data and infrastructure security, logging and monitoring, and identity and account management.
This certification aims to validate the knowledge of a learner in different areas of security:
- Understand and implement identity management in AWS accounts.
- Understand and implement a multi-account environment for security and governance.
- Understand data encryption techniques and mechanisms to protect sensitive data.
- Understand data classification techniques and data protection mechanisms.
- Understand and implement infrastructure security.
- Understand the importance of monitoring and logging to improvise security posture in the AWS cloud.
- To make a trade-off decision concerning security, cost, and deployment complexity to satisfy application requirements.
- Understand security operations and risks.
- Understand the importance of AWS security services and their features to secure AWS environments.
Domain-wise contents
This certification exam mainly focuses on the six major domains in security, Threat Detection and Incident Response, Security Logging and Monitoring, Data Protection, Infrastructure Security, Identity and Access Management, and Management and Security Governance. The domain-wise weightage is given in below table:
Domain | % of weightage |
Threat Detection and Incident Response | 14% |
Security Logging and Monitoring | 18% |
Infrastructure Security | 20% |
Identity and Access Management | 16% |
Data Protection | 18% |
Management and Security Governance | 14% |
Total | 100% |
Reference: https://aws.amazon.com/certification/certified-security-specialty/
Domain 1: Threat Detection and Incident Response
This domain mainly focuses on designing and implementing an incident response plan, detecting security threats and anomalies using AWS services, and responding to compromised resources and workloads. This domain tests knowledge about deploying security services like AWS GuardDuty, Security Hub, and Macie, analyzing their findings, identifying the incidents, and automatic remediation using different AWS services like AWS CloudWatch.
Domain 2: Security Logging and Monitoring
This domain focuses on designing, implementing, troubleshooting, logging, monitoring, and alerting security events using different AWS services. This domain validates expertise to identify logging services like VPC Flow Logs, S3 Access Logs, and AWS CloudWatch Logs and find insights to improvise the security posture. It also checks for monitoring and alerting services like AWS CloudWatch, AWS Event Bridge, and Security Hub.
Domain 3: Infrastructure Security
This domain aims to design and implement security controls for networking, edge services and compute workloads using various AWS services. It includes AWS VPC, network firewall, security groups, NCL, Route 53, Amazon CloudFront, AWS WAF, and AWS Shield. It also covers vulnerability assessment services like Amazon Inspector.
Domain 4: Identity and Access Management
This domain aims to design, implement and troubleshoot authentication and authorization for AWS resources using AWS IAM, AWS IAM Identity Center, Directory service, and AWS Cognito. The objective of this domain is to understand the different identities and permissions to access AWS resources
Domain 5: Data Protection
This domain mainly focuses on data encryption at rest and in transit to maintain the confidentiality and integrity of the data. It also covers the mechanism to protect secrets, credentials, and cryptographic keys using different AWS services like AWS KMS, Secrets Manager, Certificate Manager, and S3 Lifecycle configuration.
Domain 6: Management and Security Governance
This domain aims to develop a strategy to centrally deploy, manage AWS accounts, and ensure the security and governance of AWS resources using AWS Organization, AWS Control Tower, and AWS Config. It also focuses on cost analysis and architectural review using AWS Trusted Advisor.
Intended Learner
Anyone can give the AWS Certified Security-Specialty certification exam. This exam is aimed at working professionals with experience in designing and implementing IT security solutions and knowledge of the AWS cloud. This certification complements the skills and knowledge required for multiple job roles like cloud security engineer, architect, cloud security specialist, and consultant.
Exam Details
The AWS Certified Security-Specialty (SCS-C02) exam is available on July 11, 2023. This exam includes multiple choice and multiple response type questions. In 170 minutes, we need to attempt 65 questions. The exam fee is 300$ plus taxes. The passing score is 750 out of 1000. The exam is not offered in the German language.
Reference links for exam preparation
Sign up for free to AWS Skill Builder and enroll for the following courses:
Getting Started with AWS Security, Identity, and Compliance
AWS Security Fundamentals (Second Edition)
You will also find a practice question set on AWS Skill Builder:
AWS Certified Security – Specialty Official Practice Question Set
Review white papers:
Security Pillar – AWS Well-Architected Framework
Amazon Web Services: Overview of Security Processes
AWS Key Management Best Practices
AWS Security Incident Response Guide
AWS Best Practices for DDoS Resiliency
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Security & Compliance Quick Reference Guide
You can enroll for Classroom Training at CloudThat on “Security Engineering on AWS“
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.

WRITTEN BY Rashmi D
Rashmi Dhumal is working as a Subject Matter Expert in AWS Team at CloudThat, India. Being a passionate trainer, “technofreak and a quick learner”, is what aptly describes her. She has an immense experience of 20+ years as a technical trainer, an academician, mentor, and active involvement in curriculum development. She trained many professionals and student graduates pan India.
Comments