January 23, 2022


Thinking Security ! Always

AWS Certified Security – Speciality (SCS-C01)

The AWS Security Specialty certification sits at the intersection of two of the hottest trends in technology today the cloud and security. If you work in the security arena, then taking your security knowledge and applying it to the cloud is a logical next step in expanding your expertise. If, you work more on the cloud architecture and development side of the equation, understanding cloud security can help you design more secure systems. Building security into an application from the beginning is much easier than trying to retrofit security after the application has been built

As per the certification standard set by AWS, a minimum of 5 years of experience in IT, Cloud and security, to be obtained as a requirement by cerfication under taking candidate.


AWS Certified Security – Speciality (SCS-C01) exam is the focusing on the AWS Security and Compliance concepts. It validates underneath standards.

  • An understanding of specialized data classifications and AWS data protection mechanisms.
  • An understanding of data-encryption methods and AWS mechanisms to implement them.
  • An understanding of secure Internet protocols and AWS mechanisms to implement them.
  • A working knowledge of AWS security services and features of services to provide a secure production environment.
  • Competency gained from two or more years of production deployment experience using AWS security services and features.
  • The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements. An understanding of security operations and risks

AWS Certified Security – Speciality (SCS-C01) Exam Summary

  • AWS Certified Security – Speciality exam, as its name suggests, covers a lot of Security and compliance concepts for VPC, EBS, S3, IAM, KMS services
  • To be precise, the following are the contents covered in the certification
    • Security, Identity & Compliance
      • Make sure you know all the services and deep dive into IAM, KMS.
      • Identity and Access Management (IAM)
        1. Understand IAM in depth
        2. Understand IAM Roles 
        3. Understand Identity Providers & Federation
        4. Understand IAM Policies 
      • Deep dive into Key Management Service (KMS). There would be quite a few questions on this.
        1. Understand how KMS works
        2. Understand IAM Policies, Key Policies, Grants
        3. Know KMS are regional and how to use in other regions.
        4. Understand the difference CMK with generated and imported key material esp. in rotating keys 
        5. Know KMS usage with VPC Endpoint
        6. Know KMS ViaService condition
      • Understand AWS Cognito esp. User Pools
      • Know AWS GuardDuty as managed threat detection service
      • Know AWS Inspector as automated security assessment service that helps improve the security and compliance of applications deployed on AWS
      • Know Amazon Macie as a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS
      • Know AWS Artifact as a central resource for compliance-related information that provides on-demand access to AWS’ security and compliance reports and select online agreements
      • Know AWS Certificate Manager (ACM) for certificate management.
      • Know Cloud HSM as a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
      • Know AWS Secrets Manager to protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle
      • Know AWS Shield . the Shield Advanced option and the features it provides
      • Know WAF as Web Traffic Firewall
  • Networking & Content Delivery
    • Understand VPC
      1. Understand VPC
      2. Understand Security Groups, NACLs
      3. Understand VPC Peering
      4. Understand VPC Endpoints esp. services supported by Gateway and Interface Endpoints. Interface Endpoints are also called Private Links.
      5. Understand VPC Flow Logs to capture information about the IP traffic going to and from network interfaces in the VPC
    • Know Virtual Private Network & Direct Connect to establish connectivity a secured, low latency access between on-premises data center and AWS VPC
    • Understand CloudFront esp. with S3
    • Know Elastic Load Balancer at high level esp. End to End encryption.
  • Management & Governance Tools
    • Understand AWS CloudWatch for Logs and Metrics. Also, CloudWatch Events more real time alerts as compared to CloudTrail
    • Understand CloudTrail for audit and governance
    • Understand AWS Config and its use cases
    • Understand CloudTrail provides the WHO and Config provides the WHAT.
    • Understand Systems Manager
      1. Systems Manager provide parameter store which can used to manage secrets
      2. Systems Manager provides agent based and agentless mode.
      3. Systems Manager Patch Manager helps select and deploy operating system and software patches automatically across large groups of EC2 or on-premises instances
      4. Systems Manager Run Command provides safe, secure remote management of your instances at scale without logging into the servers, replacing the need for bastion hosts, SSH, or remote PowerShell
    • Understand AWS Organizations to control what member account can do.
    • Know AWS Trusted Advisor
  • Storage
    • Know S3 Data Protection & S3 Access Control
    • Know EBS Encryption
    • Know Glacier Vault Lock 
  • Computation
    • Know EC2 access to services using IAM Role and Lambda using Execution role.
  • Integration Tools
    • Know how CloudWatch integration with SNS and Lambda can help in notification

AWS Certified Security – Speciality (SCS-C01) Exam Resources

%d bloggers like this: