You are currently viewing AWS Certified Security Speciality Practice Exams (SCS-C01)

AWS Certified Security Speciality Practice Exams (SCS-C01)

[New] Practice Exams to test your knowledge and pass your AWS Certified Security Speciality [SCS-C01]

What you’ll learn

  • Helps you learn the style of the exam
  • Helps you manage your time in real exam
  • Helps you identify your weak points in your preparation
  • Boost your confidence

Course content

580 questions


  • No requirements or prerequisites


The AWS Certified Security Specialty (SCS-C01) examination is intended for individuals who perform a security role.

This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform. It validates an examinee’s ability to demonstrate:

  • An understanding of specialized data classifications and AWS data protection mechanisms.

  • An understanding of data-encryption methods and AWS mechanisms to implement them.

  • An understanding of secure Internet protocols and AWS mechanisms to implement them.

  • A working knowledge of AWS security services and features of services to provide a secure production environment.

  • Competency gained from two or more years of production deployment experience using AWS security services and features.

  • The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.

  • An understanding of security operations and risks.

Exam Content

Domain 1: Incident Response

  • Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.

  • Preparation stages for incident response

  • Mitigation steps to perform Incident response steps

  • Verify that the Incident Response plan includes relevant AWS services.

  • Dealing with exposed access keys

  • Evaluated suspected compromised EC2 Instances

  • Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.

  • AWS Guard duty

  • Penetration testing

Domain 2: Logging and Monitoring

  • Design and implement security monitoring and alerting.

  • Design and implement a logging solution.

  • Continuous Security Monitoring

  • Introduction to Vulnerability Assessment

  • AWS Inspector

  • AWS Inspector Assessment targets

  • AWS EC2 systems manager

  • AWS Config

  • Understanding CloudWatch

  • VPC Flow Logs

  • CloudWatch Events

  • AWS Cloud Trail

  • AWS Macie

  • AWS Detective

  • AWS Security Hub

  • S3 Event notifications

  • Trusted advisor recommendations

  • Troubleshoot security monitoring and alerting.

  • Troubleshoot logging solutions.

Domain 3: Infrastructure Security

  • Design edge security on AWS.

  • Design and implement a secure network infrastructure.

  • AWS Organizations

  • Managing OUs

  • CloudFront

  • AWS CloudFront Custom SSL

  • Firewalls

  • Security groups

  • Network ACLs

  • IPS/IDS concepts in cloud

  • AWS Web Application Firewall (WAF)

  • AWS Shield concepts

  • DDoS Mitigation

  • Network Segmentation

  • Bastion Hosts

  • Virtual Private Cloud (VPC)

  • VPC Endpoints

  • EC2 Tenancy

  • Compliance Frameworks

  • AWS lambda fundamentals

  • AWS Simple Email Service

  • AWS Route53 DNS

  • Troubleshoot a secure network infrastructure

  • Design and implement host-based security

Domain 4: Identity and Access Management

  • Design and implement a scalable authorization and authentication system to access AWS resources.

  • Understand the Principle of Least Privilege

  • IAM Policies

  • IAM JSON Policy Elements

  • IAM Roles

  • IAM Permission boundaries

  • Evaluating effective permissions

  • Understanding Delegation

  • Cross account policies & roles

  • Understanding Federation

  • AWS Directory services

  • AWS Organizations

  • Single Sign-On

  • SAML Overview Concepts

  • S3 Security

  • Cross Account S3 access

  • S3 Versioning

  • S3 MFA delete

  • AWS License manager

  • Troubleshoot an authorization and authentication system to access AWS resources.

Domain 5: Data Protection

  • Design and implement key management and use

  • Cryptography fundamentals

  • Cloud Hardware Security Module (HSM)

  • AWS Key Management Service (KMS)

  • Envelope Encryption

  • KMS Authentication and Access Control

  • CloudTrail and Encryption

  • EBS Architecture and Secure Data Wiping

  • S3 Encryption

  • AWS Certificate Manager

  • ELB- ALB and NLB

  • Docker and container security fundamentals

  • AWS Glacier

  • Troubleshoot key management.

  • Design and implement a data encryption solution for data at rest and data in transit.

Who this course is for:

  • Those interested in gaining the AWS Security Specialty Certification

Go to CourseIf coupon does not work, it means you are late. Remember all coupons for a short time and limit number, so it is better to join the Telegram channel to get a notification on your mobile phone about new couponsTelegram Channel