Fatskills
Practice. Master. Repeat.
Study Guide: AWS Security – Specialty (SCS-C02) Exam Survival Guide
Source: https://www.fatskills.com/aws-101/chapter/aws-security-specialty-scs-c02-exam-survival-guide

AWS Security – Specialty (SCS-C02) Exam Survival Guide

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~1 min read

Pattern (official guide): 65 Q total (50 scored + 15 unscored), scaled 100–1000, pass 750; MCQ/MR; domains include Threat Detection/IR, Sec Infra, AppSec, IAM, Data Protection, Governance

Must-do (80/20)

  • Multi-account guardrails: AWS Orgs, Control Tower, SCPs, RAM, firewall policies.
  • Detect/IR: GuardDuty/CloudTrail/Config/Security Hub/Macie; ASFF; playbooks.
  • IAM: SSO, federation (SAML/OIDC), SCP vs permission boundaries vs session policies; cross-account.
  • Data protection: KMS key policies/grants; S3 BPA/Object Lock; TLS patterns; Private CA.
  • Network security: WAF/Shield, NACL vs SG, VPC endpoints, PrivateLink.
  • AppSec & supply chain: Code signing, ECR scan, IAM for CI/CD; secrets & rotation.

Top traps

  • Confusing SCP with IAM policies; over-permissive KMS key policies; public S3 snapshots/AMIs.

Last-48h

  • Write 6 IR runbooks (key compromise, S3 exfil, GuardDuty finding, public resource, root use, KMS failure).
  • Map data-class → control grid (PII/PHI/PCI → Macie/KMS/BYOK/HSM/Object Lock).
  • Re-scan domain weights & pass rules. 


ADVERTISEMENT