AWS Certified Security - Specialty

The AWS Certified Security – Specialty (SCS-C02) validates advanced expertise in securing AWS workloads across identity, network, data, and infrastructure layers. It is designed for security engineers and architects who implement AWS security controls, respond to security incidents, and enforce compliance frameworks on the AWS platform. The certification covers the full security lifecycle — from threat detection and prevention to investigation, response, and logging.

Request Training Email Inquiry

What is the AWS Certified Security - Specialty (SCS-C02)?

Who Should Take This Course?

Cloud security engineers responsible for AWS security posture
Security architects designing defense-in-depth strategies on AWS
DevSecOps engineers embedding security into CI/CD pipelines
Compliance and risk professionals managing AWS regulatory requirements
SOC analysts investigating security events in AWS environments
Solutions architects who want to deepen their security expertise

What You Will Learn in the SCS-C02 Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Threat Detection and Incident Response

Detect, analyze, and respond to security threats across AWS services.

Amazon GuardDuty for continuous threat detection and anomaly detection
AWS Security Hub for centralized security findings aggregation
Amazon Detective for root cause analysis and investigation
AWS Config rules and conformance packs for continuous compliance
Automated incident response with EventBridge and Lambda

Security Logging and Monitoring

Implement comprehensive logging and monitoring to maintain visibility across AWS environments.

AWS CloudTrail for API activity logging and audit trails
Amazon CloudWatch Logs for application and infrastructure log management
VPC Flow Logs and DNS query logging for network visibility
Amazon Macie for sensitive data discovery and protection in S3
AWS Athena for querying and analyzing security log data

Infrastructure Security

Design and implement network and compute security controls on AWS.

VPC security design: security groups, NACLs, and private subnets
AWS WAF and AWS Shield for application DDoS and web attack protection
AWS Network Firewall and Gateway Load Balancer for deep packet inspection
Amazon Inspector for EC2 and container vulnerability scanning
Secure EC2 bastion and AWS Systems Manager Session Manager

Identity and Access Management

Implement least-privilege access controls and federated identity across AWS.

IAM policies, permission boundaries, and service control policies (SCPs)
AWS IAM Identity Center (SSO) for centralized access management
Cross-account access with IAM roles and resource-based policies
AWS Organizations and delegated administrator patterns
IAM Access Analyzer for policy validation and public access findings

Data Protection and Encryption

Protect data at rest and in transit using AWS encryption and key management services.

AWS KMS key policies, grants, and envelope encryption patterns
AWS CloudHSM for FIPS 140-2 Level 3 hardware security modules
S3 server-side encryption (SSE-S3, SSE-KMS, SSE-C) and bucket policies
Secrets Manager and Parameter Store for secure credential management
ACM for SSL/TLS certificate provisioning and management

Governance and Compliance

Implement automated governance controls and maintain compliance frameworks on AWS.

AWS Control Tower for multi-account governance and guardrails
AWS Audit Manager for automated evidence collection
AWS Security Hub standards: CIS AWS, PCI DSS, and AWS Foundational
Service control policies (SCPs) for preventive guardrails
AWS Config managed and custom rules for continuous compliance monitoring

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

5+ years of IT security experience with 2+ years on AWS
AWS Solutions Architect Associate (SAA-C03) or equivalent AWS knowledge
Understanding of security concepts: encryption, PKI, access control, and network security
Familiarity with compliance frameworks (PCI DSS, HIPAA, SOC 2)
Hands-on experience with IAM, KMS, CloudTrail, and GuardDuty

Exam Information

Everything you need to know about the SCS-C02 certification exam.

Exam Component	Details
Exam Name	AWS Certified Security - Specialty
Exam Code	SCS-C02
Exam Type	Multiple Choice and Multiple Response
Total Questions	65
Passing Score	750 (out of 1000)
Exam Duration	170 minutes
Language	English, Japanese, Korean, Simplified Chinese
Exam Provider	AWS / Pearson VUE
Exam Focus	Threat detection, incident response, IAM, data protection, infrastructure security, and compliance on AWS
Exam Registration	Register via aws.amazon.com/certification or Pearson VUE testing centers globally
Retake Policy	14 days wait after first failure; 90 days after second and subsequent failures
Certification Validity	3 years (renewable via recertification exam)