Study Guide
AWS Certified Security - Specialty Study Guide
Use the official AWS domain outline to connect Threat detection, security logging, infrastructure security, IAM, data protection, and security governance to scenario-based questions and explanations.
How the Exam Is Structured
AWS Certified Security - Specialty (SCS-C02) validates Threat detection, security logging, infrastructure security, IAM, data protection, and security governance. The ExamPal practice bank includes 583 premium questions and 40 free questions mapped across the official blueprint.
| Domain | Weight | Focus |
|---|---|---|
| Domain 1: Threat Detection and Incident Response | 14% | Task 1.1: Design and implement an incident response plan; AWS best practices for incident response |
| Domain 2: Security Logging and Monitoring | 18% | Task 2.1: Design and implement monitoring and alerting to address security events; AWS services that monitor events and provide alarms |
| Domain 3: Infrastructure Security | 20% | Task 3.1: Design and implement security controls for edge services; Security features on edge services |
| Domain 4: Identity and Access Management | 16% | Task 4.1: Design, implement, and troubleshoot authentication for AWS resources; Methods and services for creating and managing identities |
| Domain 5: Data Protection | 18% | Task 5.1: Design and implement controls that provide confidentiality and integrity for data in transit; TLS concepts |
| Domain 6: Management and Security Governance | 14% | Task 6.1: Develop a strategy to centrally deploy and manage AWS accounts; Multi-account strategies |
14% of exam
Domain 1: Threat Detection and Incident Response
This domain covers designing and implementing incident response capabilities, detecting threats and anomalies, and responding to compromised resources and workloads in AWS environments. It emphasizes AWS security services, incident handling workflows, and forensic and remediation practices.
18% of exam
Domain 2: Security Logging and Monitoring
Covers designing, implementing, troubleshooting, and analyzing logging, monitoring, and alerting solutions for security events in AWS environments. The domain emphasizes selecting appropriate AWS services, configuring alerts and log collection, and ensuring solutions align with business and security requirements.
20% of exam
Domain 3: Infrastructure Security
This domain covers securing AWS edge services, network paths, compute workloads, and troubleshooting security-related connectivity issues. It emphasizes selecting and combining AWS security controls, monitoring for threats, and using telemetry and logs to detect and resolve attacks or misconfigurations.
16% of exam
Domain 4: Identity and Access Management
Covers AWS authentication and authorization concepts, including how identities are created and managed, how credentials are issued and used, and how access is controlled across AWS resources. It also includes troubleshooting access problems using AWS tools and services such as CloudTrail, IAM Access Advisor, and the IAM policy simulator.
18% of exam
Domain 5: Data Protection
This domain covers protecting data in transit, at rest, and through its lifecycle, as well as protecting credentials, secrets, and cryptographic key materials. It emphasizes selecting and implementing AWS security controls that preserve confidentiality and integrity across network, storage, and key-management scenarios.
14% of exam
Domain 6: Management and Security Governance
This domain covers centrally managing AWS accounts, deploying cloud resources securely and consistently, evaluating compliance, and identifying security gaps through reviews and cost analysis. It emphasizes governance controls, multi-account administration, and continuous assessment using AWS security and management services.
Key Terms to Know
These terms are loaded from the shared terminology pack and appear across the question explanations.
- ABAC
- Attribute-based access control, an authorization strategy based on attributes.
- ACM
- Abbreviation for AWS Certificate Manager.
- AMI
- Amazon Machine Image, a machine image used to create EC2 instances.
- AMIs
- Amazon Machine Images, which are among the AWS resources that can be managed through automatic lifecycle processes.
- API keys
- Secrets used to authenticate or authorize access to APIs.
- ASFF
- Abbreviation for AWS Security Finding Format.
- AWS Audit Manager
- An AWS service for continuously auditing AWS usage and assessing compliance with controls.
- AWS Backup
- An AWS service used to establish schedules and retention for backups across AWS services.
- AWS Backup Vault Lock
- An AWS Backup control used to protect backup data integrity by preventing modifications.
- AWS CLI
- The AWS Command Line Interface, used to interact with AWS services from the command line.
- AWS Certificate Manager (ACM)
- An AWS service for provisioning, managing, and deploying SSL/TLS certificates.
- AWS CloudFormation
- An AWS infrastructure-as-code service used to deploy cloud resources consistently and securely.
- AWS CloudHSM
- An AWS service that provides hardware security modules for cryptographic key storage and operations.
- AWS CloudTrail
- An AWS service for recording and monitoring account activity and API usage.
- AWS Config
- An AWS service for tracking configuration changes and evaluating resource configurations against desired settings.
- AWS Config aggregators
- AWS Config components used to centrally aggregate configuration data and findings across accounts.
- AWS Config rules
- Rules created in AWS Config to detect noncompliant AWS resources.
- AWS Control Tower
- An AWS service used to set up and govern multi-account AWS environments with guardrails.
Official Materials and Guidance
This page is built from AWS SCS-C02 official exam guide, the shared syllabus, topic tree, terminology pack, free pack, and premium pack.
- -AWS Certified Security Specialty Exam Guide
- -AWS Scs c02 Exam Guide