AWS Certified Security Specialty Exam Study Guide [SCS-C01]

AWS Certified Security Specialty Certification Study Guide

Preparing for the AWS Certified Security Specialty (SCS-C01) exam? Don’t know where to start? This post is the AWS Certified Security Specialty Certificate Study Guide (with links to each objective in the exam domain).

I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified Security Specialty (SCS-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.

AWS Certified Security Specialty Course

AWS Certified Security Specialty Practice Test

AWS Certified Security Specialty Preparation

To view other AWS certificate study guides, click here

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Incident Response - 12%

Given an AWS Abuse Notice, Evaluate the Suspected Compromised Instance or Exposed Access Keys

Verify That the Incident Response Plan Includes Relevant AWS Services

Evaluate the Configuration of Automated Alerting, and Execute Possible Remediation of Security-related Incidents and Emerging Issues

aws certified security specialty

Amazon link (affiliate)

Logging and Monitoring - 20%

Design and Implement Security Monitoring and Alerting

Troubleshoot Security Monitoring and Alerting

Design and Implement a Logging Solution

Troubleshoot Logging Solutions

Infrastructure Security - 26%

Design Edge Security on AWS

Services resident at the AWS edge locations (provide a security perimeter for your apps):

1. Amazon CloudFront (Content Delivery Network)

Think of CloudFront as the front door to your app. So, effectively, you are moving the attack surface from your infrastructure (with sensitive data) to the edge.

2. AWS Shield (Protects against DDoS attacks)

3. AWS Web Application Firewall (protect web applications from threats)

4. Amazon Route 53 (DNS Web service)

Security features on AWS CloudFront edge locations:

1. Using SSL/TLS to deliver your content

2. AWS Certificate Manager to create a custom SSL certificate for CloudFront

3. Serving Private Content with Signed URLs

4. Serving Private Content with Signed Cookies

5. Advanced CloudFront Security (Full/half bridge HTTPS connections, OCSP stapling)

6. CloudFront Field-level Encryption

For encrypting sensitive data (like the Credit card details) using field-specific encryption keys

Design and Implement a Secure Network Infrastructure

Troubleshoot a Secure Network Infrastructure

Design and Implement Host-based Security

Identity and Access Management - 20%

Design and Implement a Scalable Authorization and Authentication System to Access AWS Resources

Troubleshoot an Authorization and Authentication System to Access AWS Resources

Data Protection - 22%

Design and Implement Key Management and Use

Troubleshoot Key Management

Design and Implement a Data Encryption Solution for Data at Rest and Data in Transit

This brings us to the end of the AWS Certified Security Specialty [SCS-C01] Exam Preparation Study Guide.

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are looking for other AWS certificate exams study guides, check out this page

Follow/Like to Receive Updates

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the Article in Your Social Media Networks

  • 1

You may also like


Leave a Reply

Your email address will not be published. Required fields are marked *