Chapter SCS-C02 specialty tier

Security - Specialty

Editor's note — A study companion for the Security - Specialty exam — every domain rebuilt from scratch, with worked practice questions and an exam-grade timed simulation.

65 questions 170 minutes threshold 750/1000 6 domains official guide

begin — Practice Twenty questions, untimed, with full explanations after every answer. begin — Mock Examination 65 questions in 170:00, timed, scored.

6 domains · 20 topics

I. Threat Detection And Incident Response 14% weight

Incident Response Plan and AWS Service Deployment Threat Detection — GuardDuty, Security Hub, Macie, Inspector Compromised Resource Response — Forensics, Detective, Isolation

II. Security Logging And Monitoring 18% weight

Security Monitoring and Alerting Design Centralized Logging — CloudTrail, VPC Flow Logs, DNS Logs Log Analysis — Athena, CloudWatch Logs Insights, Security Lake CloudTrail Deep Dive — Lake, Insights, Organization Trails

III. Infrastructure Security 20% weight

Edge Security — CloudFront, WAF, Shield Network Security — VPC, Network Firewall, Transit Gateway Compute Workload Security — Inspector and Systems Manager Network Security Troubleshooting — Reachability Analyzer, Flow Logs

IV. Identity And Access Management 16% weight

Authentication — IAM, IAM Identity Center, Cognito Authorization — IAM Policy Design and Troubleshooting

V. Data Protection 18% weight

Encryption in Transit — TLS, VPN, Certificate Management Encryption at Rest — KMS Keys and Key Policies Data Lifecycle, Retention, and S3 Object Lock Secrets, Credentials, and Key Management

VI. Management And Security Governance 14% weight

Multi-Account Strategy — Organizations and Control Tower Secure Deployment — IaC Hardening and Firewall Manager Compliance and Audit — AWS Config and Audit Manager