The new AWS Certified Security - Specialty exam: What you should know

The AWS Certified Security - Specialty (SCS-C02) exam is AWS's latest version of their cloud security-focused certification exam. The SCS-C02 was released on July 11, 2023, and the biggest change is the expansion from five domains to six domains, with the newest domain focusing on security governance and management. 

As a result, the current version of the AWS Certified Security - Specialty course offered by A Cloud Guru is currently being refreshed to include this new exam content so that you are fully prepared to sit for and pass the SCS-C02. Apart from the additional domain, the structure of the exam has basically remained the same, but the weights have been altered. This is great news because it means if you're studying the SCS-C01 course, the content will still largely align with the updated version of the exam. That means you're still getting a great foundation for passing the SCS-C02 exam. 

The new AWS Certified Security - Specialty (SCS-C02) exam includes the following domains and changes:

Threat Detection and Incident Response  

The 'Threat Detection and Incident Response' domain has been expanded from 12% of the  exam's questions to 14%. This domain now includes concepts related to the AWS incident response plan for handling security incidents on AWS infrastructure. It also covers the AWS Security Finding Format (ASFF), a standard format for AWS Security Hub that uses JSON syntax to describe security findings. 

Security Logging and Monitoring  

The 'Security Logging and Monitoring' domain has decreased from 20% of the exam's questions to 18% and remains largely the same as in the previous exam. 

Infrastructure Security  

The 'Infrastructure Security' domain has been greatly reduced from 26% to 20%, but now includes much greater detail on the OWASP Top 10 list of web app attacks, threats, and exploits. The key to mitigating these risks is to leverage the AWS Web Application Firewall (WAF), which protects against OSI Application Layer 7 attacks like SQL injection and cross-site scripting web app attacks. The content around using AWS Shield for Distributed Denial of Service attacks (DDoS) remains the same. 

Identity and Access Management  

The 'Identity and Access Management' domain has slightly decreased from 20% of the exam's questions to 16%. Troubleshooting IAM conflicts is still a major part of the exam content, but the focus on the AWS IAM Access Analyzer is presented in the new exam. AWS IAM Access Analyzer helps identify resources, validates IAM policies, and generates IAM policies based on access activity in AWS CloudTrail logs.

Data Protection  

The 'Data Protection' domain has also been decreased from 22% to 18%, with renewed focus on the AWS Data Lifecycle for managing the creation, retention, and deletion of data on the AWS cloud platform. 

Management and Security Governance  

The 'Management and Security Governance' is the newly added domain that makes up 14% of the SCS-C02 exam. This domain focuses on developing a strategy to centrally deploy and manage AWS accounts, implementing a secure and consistent deployment strategy for cloud  resources, evaluating the compliance of AWS resources, and identifying security gaps through architectural reviews and cost analysis. This domain focuses on services like AWS Macie, AWS Cost Explorer, and AWS Trusted Advisor, to name a few. 

What hasn’t changed?  

All of the services that are covered in the current course remain in the new exam guide. We  recommend that you review our SCS-C01 course content and AWS documentation thoroughly. These include (but are not limited to): AWS Security Hub, CloudWatch, GuardDuty, Macie, Shield, WAF, Security Token Service, VPC Architecture, Firewall Manager, CloudHSM, and much more. 

Wrapping Up  

The addition of the Management and Security Governance domain is the biggest change in this exam. We appreciate everyone's patience during this process. All those involved are extremely excited about the update, and we are confident that you will thoroughly enjoy the brand-new content. We have carefully planned a refreshed course that is more future-proof and better equips you to pass the AWS Certified Security - Specialty (SCS-C02) exam. In the meantime, keep up the awesome work! 

Some recommended AWS Whitepapers to help prepare:  

• AWS Well-Architected Framework - Security Pillar
• AWS Security Incident Response Guide
• Security Best Practices in IAM
• Introduction to cryptographic details of AWS KMS
• Securing, Protecting, and Managing Data

AWS-Provided Exam Resources  

• AWS Certified Security – Specialty (SCS-C02) Exam Guide