Compendium Centrum Edukacyjne

The AWS Certified Security - Specialty (SCS-C02) exam is intended for individuals who perform a security role. The exam validates a candidate’s ability to effectively demonstrate knowledge about securing AWS products and services.

The exam also validates whether a candidate has the following:

• An understanding of specialized data classifications and AWS data protection mechanisms
• An understanding of data-encryption methods and AWS mechanisms to implement them
• An understanding of secure internet protocols and AWS mechanisms to implement them
• A working knowledge of AWS security services and features of services to provide a secure production environment
• Competency from 2 or more years of production deployment experience in using AWS security services and features
• The ability to make tradeoff decisions regarding cost, security, and deployment complexity to meet a set of application requirements
• An understanding of security operations and risks

AWS Certified Security – Specialty is intended for individuals who perform a security role and have at least two years of hands-on experience securing AWS workloads. Before you take this exam, we recommend you have:

• Five years of IT security experience in designing and implementing security solutions and at least two years of hands-on experience in securing AWS workloads
• Working knowledge of AWS security services and features of services to provide a secure production environment and an understanding of security operations and risks
• Knowledge of the AWS shared responsibility model and its application; security controls for workloads on AWS; logging and monitoring strategies; cloud security threat models; patch management and security automation; ways to enhance AWS security services with third-party tools and services; and disaster recovery controls, including BCP and backups, encryption, access control, and data retention
• Understanding of specialized data classifications and AWS data protection mechanisms, data-encryption methods and AWS mechanisms to implement them, and secure internet protocols and AWS mechanisms to implement them
• Ability to make tradeoff decisions with regard to cost, security, and deployment complexity to meet a set of application requirements

Target candidate

The target candidate should have the equivalent of 3–5 years of experience in designing and implementing security solutions. Additionally, the target candidate should have a minimum of 2 years of hands-on experience in securing AWS workloads.

Recommended AWS knowledge

The target candidate should have the following knowledge:

• The AWS shared responsibility model and its application
• General knowledge of AWS services and deploying cloud solutions
• Security controls for AWS environments and workloads
• Logging and monitoring strategies
• Vulnerability management and security automation
• Ways to integrate AWS security services with third-party tools
• Disaster recovery controls, including backup strategies
• Cryptography and key management
• Identity access management
• Data retention and lifecycle management
• How to troubleshoot security issues
• Multi-account governance and organizational compliance
• Threat detection and incident response strategies

Domains & Competencies

Domain 1: Threat Detection and Incident Response

Domain 2: Security Logging and Monitoring

Domain 3: Infrastructure Security

Domain 4: Identity and Access Management

Domain 5: Data Protection

Domain 6: Management and Security Governance

Detailed described domains, list of specific tools and technologies that might be covered on the exam, as well as lists of in-scope AWS services https://d1.awsstatic.com/training-and-certification/docs-security-spec/AWS-Certified-Security-Specialty_Exam-Guide.pdf

Exam overview

Level: Specialty

Length: 170 minutes to complete the exam

Cost: 300 USD (*when purchasing directly from AWS)

Visit Exam pricing for additional cost information.

Format: 65 questions; either multiple choice or multiple response.

Delivery method: Pearson VUE testing center or online proctored exam.