Course description - Enhanced

In this advanced-level course from Amazon Web Services (AWS), you learn how to assess your preparedness for the AWS Certified Security – Specialty (SCS-C02) exam. The AWS Certified Security – Specialty (SCS-C02) exam validates expertise in creating and implementing security solutions in the AWS Cloud.

Learn how to prepare for the exam by exploring the exam’s topic areas and how they align to developing on AWS and to specific areas of study. Gauge your understanding of topics and concepts from each task statement grouped by domain. Reinforce your knowledge and identify learning gaps with hands-on exercises and explanations of exam-style questions. Explore learning strategies to identify incorrect responses by interpreting the concepts that are being tested in the exam using the question explanations. Then, determine your readiness to take the exam with the Official Practice Exam.

Course level: Advanced

Duration: 14.25 hours | 14 hours 15 minutes

Activities

This course includes the following:

• Videos by an expert instructor who delivers presentations and reviews exam-style questions.
• Hands-on exercises (builder labs) that help validate skills readiness.
• Official Practice Questions (Question Set, Bonus Questions, and a Practice Exam) written in same style as AWS Certification exams. All questions include detailed feedback and recommended resources to help you prepare for the exam.
• Flashcards

Course objectives

In this course, you will do the following: 

1. Understand the knowledge tested by the AWS Certified Security – Specialty (SCS-C02) exam.
2. Evaluate your gaps in knowledge of the exam topics.
3. Validate your readiness to take the exam.

Intended audience

This course is intended for individuals who do the following:

1. Perform a security role.
2. Have 3 – 5 years of experience in designing and implementing security solutions.
3. Have a minimum of 2 years of hands-on experience in security AWS workloads.
4. Are preparing for the AWS Certified Security – Specialty (SCS-C02) exam.

Prerequisites

These are the prerequisites for the AWS Certified Security – Specialty (SCS-C02) exam. 

Recommended AWS knowledge

Learners should have the following knowledge:

• The AWS shared responsibility model and its application
• General knowledge of AWS services and deploying cloud solutions
• Security controls for AWS environments and workloads
• Logging and monitoring strategies
• Vulnerability management and security automation
• Ways to integrate AWS security services with third-party tools
• Disaster recovery controls, including backup strategies
• Cryptography and key management
• AWS Identity and Access Management (IAM)
• Data retention and lifecycle management
• Troubleshooting security issues
• Multi-account governance and organizational compliance
• Threat detection and incident response strategies

Recommended courses

We recommend that you have completed the following training (or similar courses); however, we don't require that you take any specific training before you take an exam.

Take these digital courses:

• AWS Security Fundamentals (Second Edition)
• AWS Security Best Practices: Overview
• AWS Well-Architected Foundations

Gain hands-on experience with these resources:

• AWS Cloud Quest Security Role 

Try these self-paced labs:

• Auditing Your Security with AWS Trusted Advisor
• Lab - Troubleshooting - IAM Access Issues
• Role Assumption Challenge

Explore other related self-paced labs. Search the AWS Skill Builder catalog for:

• Language: English
• Domain: Security, Identity & Compliance
• Course Level: Intermediate and Advanced
• Training Category: Self-Paced Labs

Course outline

Module 1: Get to know the exam

Introduction to AWS Certified Security – Specialty (SCS-C02)

Overview: AWS Certified Security – Specialty (SCS-C02)

Exam guide: AWS Certified Security – Specialty (SCS-C02)

Module 2: Get to know exam-style questions

Introduction to exam-style questions

AWS Certified Security - Specialty Official Practice Question Set (SCS-C02 – English)

Module 3: Learn about exam topics

AWS training suggestions

Whitepapers and FAQs

Module 4: Prepare for the exam

Domain 1:  Threat Detection and Incident Response

Lesson 1: Introduction to Threat Detection and Incident Response

Lesson 2: Design and implement an incident response plan

Lesson 3: Detect security threats and anomalies by using AWS Services

Lesson 4 Respond to compromised resources and workloads

Lesson 5: Walkthrough question #1

Lesson 6:  Walkthrough question #2

Additional resources

Flashcards

Domain 2: Security Logging and Monitoring

Lesson 1: Introduction to Security Logging and Monitoring

Lesson 2: Design and implement monitoring and alerting to address security events.

Lesson 3: Troubleshoot security monitoring and alerting

Lesson 4: Design and implement a logging solution

Lesson 5: Troubleshoot logging solutions

Lesson 6: Design a log analysis solution

Lesson 7:  Walkthrough question #3

Lesson 8:  Walkthrough question #4

Lab assessment: Security logging and monitoring using Amazon CloudWatch alarms

Additional resources

Flashcards

Domain 3: Infrastructure Security

Lesson 1: Introduction to Infrastructure Security

Lesson 2: Design and implement security controls for edge services

Lesson 3: Design and implement network security controls

Lesson 4: Design and implement security controls for compute workloads

Lesson 5: Troubleshoot network security

Lesson 6:  Walkthrough question #5

Lesson 7:  Walkthrough question #6

Additional resources

Flashcards

Domain 4: Identity and Access Management

Lesson 1: Introduction to Identity and Access Management

Lesson 2: Design, implement, and troubleshoot authentication for AWS resources

Lesson 3: Design, implement, and troubleshoot authorization for AWS resources

Lesson 4: Walkthrough question #7

Lesson 5:  Walkthrough question #8

Lab assessment: Evaluating permissions using IAM

Additional resources

Flashcards

Domain 5: Data Protection

Lesson 1: Introduction to Data Protection

Lesson 2:  Design and implement controls that provide confidentiality and integrity for data in

transit

Lesson 3: Design and implement controls that provide confidentiality and integrity for data at

rest

Lesson 4: Design and implement controls to manage the lifecycle of data at rest

Lesson 5: Design and implement controls to protect credentials, secrets, and cryptographic

key materials

Lesson 6:  Walkthrough question #9

Lesson 7: Walkthrough question #10

Lab assessment: Data protection using AWS Key Management Service (AWS KMS)

Additional resources

Flashcards

Domain 6: Management and Security Governance

Lesson 1: Introduction to Management and Security Governance

Lesson 2: Develop a strategy to centrally deploy and manage AWS accounts

Lesson 3: Implement a secure and consistent deployment strategy for cloud resources

Lesson 4:  Evaluate the compliance of AWS resources

Lesson 5: Identify security gaps through architectural reviews and cost analysis

Lesson 6:  Walkthrough question #11

Lesson 7:  Walkthrough question #12

Additional resources

Flashcards

Bonus Questions

• AWS Certified Security – Specialty Official Bonus Questions (SCS-C02 - English)

Module 5: Determine exam readiness

• Introduction to the Official Practice Exam
• AWS Certified Security – Specialty Official Practice Exam (SCS-C02 - English)

Module 6: Register for the exam

Module 7: Course close

Module 8: Course survey