AWS Certified Security Specialty

Who should take the AWS Certified Security Specialty exam?

You should carry 5 years of experience in IT Security, implementing and designing Security Solutions, and 2+ years of Hands-on experience in AWS Workload security.

What are the prerequisites for the AWS Certified Security Specialty certification?

The recommendations that follow for the AWS Security Specialty certification requires an understanding on:

• AWS Shared Responsibility Model and its application
• Data Retention and Access Control
• Disaster Recovery Controls, along with backups and BCP
• Encryption and Cloud Security Threat Models
• Security Automation, Patch Management, and Security Controls for AWS Workloads
• Monitoring and Logging Strategies
• Enhancing AWS Security Services by making use of third-party services and tools

What does the AWS Certified Security – Specialty (SCS-C01) exam test you for?

This exam tests your knowledge on:

• Specialized Data Classifications, AWS Data Protection Mechanisms, Data Encryption Methods, Secure internet protocols and AWS mechanisms for their implementation, Security Operations, and risks.
• Trade-off decisions regarding security, cost, and deployment complexity
• AWS security features, secure production environment providing services and its features
• Competence in the usage of AWS services and features gained from 2 or more years of experience

What are the concepts, tools, and technologies that cover the exam?

You could find the concepts and usage of the following in the exam questions:

• AWS CLI, AWS SDK, AWS Management Console
• Signature Version 4, Certificate Management, SSH/RDP
• Network Analysis tools(flow captures and packet capture)
• Infrastructure as code(IaC), and TLS

What are the domains covered in the exam and the weightage allotted?

The exam might cover all or some of these concepts:

• Incident Response: This section covers around 12% of the exam. It involves isolation of the reported EC2 instances, analysis of relevant logs, capturing of the memory dump, checking if the Incident Response Plan contains required AWS services, evaluation of the configuration of automated alerting, applying rule-based alerts for infrastructure migrations, reviewing previous security incidents and suggesting improvements, and more.
• Data Protection: This part counts for 22% of the certification questions. This includes finding a key management solution using analysis of a given scenario, catching and controlling the blast radius of a key compromise event, troubleshooting the key management, designing and implementing of data encryption solution for data in transit as well as in use, validating policies for particular AWS keys, and more.
• Identity and Access Management: This section includes 20% of the exam concepts. It entails investigating a user’s inability to switch roles, accesses the bucket contents of S3, the inability of an amazon EC2’s instance to access a particular AWS resource, designing a scalable authorization model incluMonitoring, and Logging: This part covers approximately 20% of the exam. It involves designing and implementing, and troubleshooting a logging solution, review of the audit trails and user activity, analyzing and identification of sources for log ingestion, analysis of the functionality, configuration, and remedy for an event before the expected alert has come, and more.
• Infrastructure Security: This section includes 26% of the exam questions. This involves designing, implementing, and troubleshooting secure network infrastructure, testing WAF rules, confirmation on the correct implementation of the NACLs and security groups, determination of the use cases of VPN/direct connect, enabling VPC flow logs, and more.