All You Need to Know About- AWS Certified Security Specialty (SCS-C02) Certification Examination

Overview

AWS certifications validate the learner’s knowledge with industry-recognized standards and help organizations identify skilled professionals on the AWS cloud. As many enterprises adopting the AWS cloud, they are looking for security professionals to secure their environment on the AWS cloud. AWS Certified Security-Specialty can open the door to professionals interested in the security domain.

Aim of the AWS Certified Security Specialty (SCS-C02) Certification

AWS Certified Security-Specialty certification validates your expertise in creating and implementing security solutions in the AWS cloud. This certification covers security domains like threat detection and incident response, data and infrastructure security, logging and monitoring, and identity and account management.

This certification aims to validate the knowledge of a learner in different areas of security:

• Understand and implement identity management in AWS accounts.
• Understand and implement a multi-account environment for security and governance.
• Understand data encryption techniques and mechanisms to protect sensitive data.
• Understand data classification techniques and data protection mechanisms.
• Understand and implement infrastructure security.
• Understand the importance of monitoring and logging to improvise security posture in the AWS cloud.
• To make a trade-off decision concerning security, cost, and deployment complexity to satisfy application requirements.
• Understand security operations and risks.
• Understand the importance of AWS security services and their features to secure AWS environments.

Domain-wise contents

This certification exam mainly focuses on the six major domains in security, Threat Detection and Incident Response, Security Logging and Monitoring, Data Protection, Infrastructure Security, Identity and Access Management, and Management and Security Governance. The domain-wise weightage is given in below table:

Reference: https://aws.amazon.com/certification/certified-security-specialty/

Domain 1: Threat Detection and Incident Response

This domain mainly focuses on designing and implementing an incident response plan, detecting security threats and anomalies using AWS services, and responding to compromised resources and workloads. This domain tests knowledge about deploying security services like AWS GuardDuty, Security Hub, and Macie, analyzing their findings, identifying the incidents, and automatic remediation using different AWS services like AWS CloudWatch.

Domain 2: Security Logging and Monitoring

This domain focuses on designing, implementing, troubleshooting, logging, monitoring, and alerting security events using different AWS services. This domain validates expertise to identify logging services like VPC Flow Logs, S3 Access Logs, and AWS CloudWatch Logs and find insights to improvise the security posture. It also checks for monitoring and alerting services like AWS CloudWatch, AWS Event Bridge, and Security Hub.

Domain 3: Infrastructure Security

This domain aims to design and implement security controls for networking, edge services and compute workloads using various AWS services. It includes AWS VPC, network firewall, security groups, NCL, Route 53, Amazon CloudFront, AWS WAF, and AWS Shield. It also covers vulnerability assessment services like Amazon Inspector.

Domain 4: Identity and Access Management

This domain aims to design, implement and troubleshoot authentication and authorization for AWS resources using AWS IAM, AWS IAM Identity Center, Directory service, and AWS Cognito. The objective of this domain is to understand the different identities and permissions to access AWS resources

Domain 5: Data Protection

This domain mainly focuses on data encryption at rest and in transit to maintain the confidentiality and integrity of the data. It also covers the mechanism to protect secrets, credentials, and cryptographic keys using different AWS services like AWS KMS, Secrets Manager, Certificate Manager, and S3 Lifecycle configuration.

Domain 6: Management and Security Governance

This domain aims to develop a strategy to centrally deploy, manage AWS accounts, and ensure the security and governance of AWS resources using AWS Organization, AWS Control Tower, and AWS Config. It also focuses on cost analysis and architectural review using AWS Trusted Advisor.

Intended Learner

Anyone can give the AWS Certified Security-Specialty certification exam. This exam is aimed at working professionals with experience in designing and implementing IT security solutions and knowledge of the AWS cloud. This certification complements the skills and knowledge required for multiple job roles like cloud security engineer, architect, cloud security specialist, and consultant.

Exam Details

The AWS Certified Security-Specialty (SCS-C02) exam is available on July 11, 2023. This exam includes multiple choice and multiple response type questions. In 170 minutes, we need to attempt 65 questions. The exam fee is 300$ plus taxes. The passing score is 750 out of 1000. The exam is not offered in the German language.

Reference links for exam preparation

Sign up for free to AWS Skill Builder and enroll for the following courses:

Getting Started with AWS Security, Identity, and Compliance 

AWS Security Fundamentals (Second Edition) 

You will also find a practice question set on AWS Skill Builder:

AWS Certified Security – Specialty Official Practice Question Set

Review white papers:

Security Pillar – AWS Well-Architected Framework

Amazon Web Services: Overview of Security Processes

AWS Key Management Best Practices

AWS Security Incident Response Guide

AWS Best Practices for DDoS Resiliency

Building a Scalable and Secure Multi-VPC AWS Network Infrastructure

Security & Compliance Quick Reference Guide

You can enroll for Classroom Training at CloudThat on “Security Engineering on AWS“

About CloudThat