Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Cloud Certified: AWS Certified Security - Specialty

Oct 22, 2020 • 11 Minute Read

Introduction

Cloud-based solutions have been high in demand in the last several years, and this is not likely to change in the future. With an increased frequency of large and well-established corporations, academic institutions, and even cities being affected by insufficient security practices and attacks, knowing how to properly and efficiently secure Amazon Web Services (AWS) cloud infrastructure is essential to organizations. In this guide you will learn about the AWS Certified Security - Specialty certification and what exam you can take to achieve it.

Target Audience

As the name suggests, this certification has "security" written all over it, specifically AWS security offerings and features. Since it is a Specialty-level certification, the required exam covers a wide range of security topics and technologies.

The AWS Certified Security - Specialty (SCS-C01) exam is intended for individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform. Candidates should have at least two years of hands-on experience securing AWS workloads.

Having a strong IT security background is an absolute must-have to fully comprehend and understand these topics.

Applicable Exam

A single exam is required to gain the AWS Certified Security - Specialty certification.

The price for the exam is US$300. Amazon also offers a practice exam for US$40.

Certification Process

There are two types of questions on the examination:

  • Multiple choice: Has one correct response and three incorrect responses (distractors).
  • Multiple response: Has two or more correct responses out of five or more options.

Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that an examinee with incomplete knowledge or skill would likely choose. However, they are generally plausible responses that fit in the content area defined by the test objective. Unanswered questions are scored as incorrect; there is no penalty for guessing.

Unscored Content

Your examination may include unscored items that are placed on the test to gather statistical information. These items are not identified on the form and do not affect your score.

Exam Results

The AWS Certified Security - Specialty (SCS-C01) exam is a pass or fail exam. It is scored against a minimum standard established by AWS professionals who are guided by certification industry best practices and guidelines.

Your results for the examination are reported as a score from 100–1,000, with a minimum passing score of 750. Your score shows how you performed on the examination as a whole and whether or not you passed. Scaled scoring models are used to equate scores across multiple exam forms that may have slightly different difficulty levels. Your score report contains a table of classifications of your performance at each section level. This information is designed to provide general feedback concerning your examination performance. The examination uses a compensatory scoring model, which means that you do not need to “pass” the individual sections, only the overall examination. Each section of the examination has a specific weighting, so some sections have more questions than others. The table contains general information, highlighting your strengths and weaknesses. Exercise caution when interpreting section-level feedback.

Time

You will have 170 minutes to complete the exam. Ensure that you are ready and have completed the check-in process to ensure that you maximize the use of your allowed time.

Prerequisites

While there are no specific prerequisites to achieving this certification beyond passing the AWS Certified Security - Specialty exam, it is worth noting that experience with the required skills is key to a successful experience. Having passed the CLF-C01 exam and achieved the corresponding AWS Certified Cloud Practitioner certification, while not mandatory, will help you prepare for this level since they introduce a number of technologies covered in the AWS Certified Security - Specialty exam.

Ensure that you possess sufficient experience and invest the time to go through the relevant Pluralsight courses and other resources.

Skills Measured

Your skills will be measured in the following five categories:

  • Domain 1: Incident Response (12%)
  • Domain 2: Logging and Monitoring (20%)
  • Domain 3: Infrastructure Security (26%)
  • Domain 4: Identity and Access Management (20%)
  • Domain 5: Data Protection (22%)

These domains are broken down into details as follows:

Domain 1: Incident Response

1.1 Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
1.2 Verify that the Incident Response plan includes relevant AWS services.
1.3 Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.

Domain 2: Logging and Monitoring

2.1 Design and implement security monitoring and alerting.
2.2 Troubleshoot security monitoring and alerting.
2.3 Design and implement a logging solution.
2.4 Troubleshoot logging solutions.

Domain 3: Infrastructure Security

3.1 Design edge security on AWS.
3.2 Design and implement a secure network infrastructure.
3.3 Troubleshoot a secure network infrastructure.
3.4 Design and implement host-based security.

Domain 4: Identity and Access Management

4.1 Design and implement a scalable authorization and authentication system to access AWS resources.
4.2 Troubleshoot an authorization and authentication system to access AWS resources.

Domain 5: Data Protection

5.1 Design and implement key management and use.
5.2 Troubleshoot key management.
5.3 Design and implement a data encryption solution for data at rest and data in transit.

Pluralsight Courses

Make sure you check out Pluralsight's AWS Certified Security - Specialty learning path, which currently contains five different courses (three at intermediate and two at advanced level).

As always, the newer the course the more relevant the material will be to your learning journey.

Pluralsight Labs

Other Resources

AWS provides several training resources free of charge. Take a look at the following learning paths:

Utilizing AWS Documentation and navigating to the relevant topics will also help you to prepare for this exam.

Compensation and Employment Outlook

The cloud business has been booming in the last several years. AWS is the market leader and keeps growing. While COVID-19 has affected everyone in some way, it certainly doesn't seem to have had a negative impact on AWS's cloud business.

Gaining an up-to-date certification like the AWS Certified Security - Specialty certification from a household name like AWS should make you much more attractive to both your current and future employers, especially since the cloud security field is booming. Your current employer might not raise your salary, but the next time you go looking for a job make sure you check trusted Internet sources for up-to-date information on salaries in your region.

It's difficult to provide absolute figures because they will depend on numerous factors like your experience, company type and size, industry, and region. Expect salaries for experienced AWS Security Engineers to range from US$120,000 to US$225,000 in the United States.

Conclusion

As a Specialty-level certification, gaining the AWS Certified Security - Specialty credentials, while challenging, will earn you the recognition to prove that you are a subject matter expert in this field. All it takes is a single exam, and you have a number of excellent courses available to gain the required knowledge and earn that badge. Sign up to AWS, utilize the free cloud credits and services, and book the exam, which you can take right in your home or in one of many testing centers.

I hope that this guide is useful and wish you good luck with gaining your certification.

Michael Taschler

Michael T.

Michael is an IT veteran with almost three decades' worth of experience designing, building, operating and troubleshooting cloud and enterprise systems. He holds many certifications including Azure Solutions Architect, Microsoft 365 Security Administrator, Azure Security Engineer and Microsoft 365 Teams Administrator. He is passionate about innovation, digital transformation and how we can create value by helping people and organisations build a better working world, from the mundane processes that can be automated to the complex problems that can be solved by using established as well as emerging technologies. Michael currently works as a cloud and infrastructure consultant for a global professional services company

More about this author