About AWS Certified Security - Specialty Exam
The AWS Certified Security - Specialty exam or SCS-C01 belongs to a set of specialization tests that are aimed at exploring a particular subject in depth. In this case, it’s security. As such, the namesake affiliated certification is better suited for individuals with a pre-existing understanding of AWS services. So, if you are such an individual, this specialization exam will help you master the security aspect of it.
Who’s This for?
As mentioned above, this test is ideal for someone with some prior knowledge of AWS systems and services, as recommended by the vendor itself. It is also recommended to have at least 2 years of practical experience securing AWS workloads, and at least 5 years of experience in designing and deploying IT security solutions. Following these recommendations, it's clear that to successfully complete the actual exam you need both skills and experience. Thus, the entry-level AWS Certified Cloud Practitioner certificate is an ideal option to start gaining this knowledge. However, none of these are official prerequisites and anyone can attempt SCS-C01.
Exam Procedure
The AWS Certified Security - Specialty evaluation includes 65 questions in a combination of multiple-choice and multiple-response types. The exam fee is $300 and you will have 170 minutes to complete the test, which can be taken at a testing center or through a proctored online portal. To add more, there are multiple languages available too, namely English, Japanese, Korean, and Simplified Chinese. Results are reported as a score from 100-1000 and the minimum standard for passing such a test is 750. Note that AWS provides an exam guide along with a set of sample questions that will prepare you for the SCS-C01 exam better. Plus, a separate practice exam is also available for $40.
Knowledge Domains
Overall, there are 5 main categories in which your knowledge will be measured in the official exam:
- Incident Response;
- Logging and Monitoring;
- Infrastructure Security;
- Identity and Access Management;
- Data Protection.
Each topic, in its turn, is broken down and discussed at length below.
Incident Response
Here, you will be tested on how best to determine and sort out AWS incidents within a wide array of services. This is broken down into the following modules:
- Assess compromised instances with AWS abuse notice
You will need to know how to properly address such an incident to resolve the issue efficiently.
- Include the suitable AWS services in the incident response plan
Your knowledge of AWS resources and services will come into play here, as you will be required to utilize the proper services to resolve the issue promptly while also making sure it doesn't affect other AWS resources.
- Configuring automated alerting and deploying fixes for potential security incidents
With a solid understanding of the automated features, you can utilize them effectively to help you identify and emergent issues.
Logging & Monitoring
This domain concerns issues related to logging, monitoring, and alerting. Thus, you will need to deploy and manage solutions for these issues and it is divided into the succeeding chapters:
- Design and deploy security monitoring and alerting
Here, you will need to have a solid knowledge of AWS monitoring and alerting services and deploy the proper ones capable of efficiently monitoring the infrastructure for any vulnerabilities.
- Troubleshoot security monitoring and alerting
Different AWS features have varied prerequisites and their architecture is unique. So, you will need to have an understanding of these intricacies to resolve issues concerned with the solution and design of these systems.
- Design and deploy a logging solution
Recording log data can be a great way of identifying potential security breaches. That’s why you will need to have the necessary knowledge to craft a solution for data recording.
- Troubleshoot logging solutions
In case the deployed logging solution encounters any glitches, you will also need to be knowledgeable to solve them, which requires a deeper understanding of the aforementioned concepts.
Infrastructure Security
This objective carries the highest weight in the SCS-C01 exam. In particular, it tests your knowledge of best practices when architecting security not just for individual hosts, but for edge infrastructures as well. The following modules are present within this domain:
- Design edge security
AWS offers several edge services and a solid understanding of these will be imperative, with Amazon CloudFront being the central focus.
- Design and deploy secure network infrastructure
Your knowledge of Virtual Private Cloud will be primarily tested here.
- Troubleshoot a network infrastructure
You will need to have a deeper level of understanding of secure network infrastructures to accurately identify any issues from a security perspective.
- Design and deploy host-based security
This concerns security controls that can be customized at the individual host level.
Identity and Access Management
These modules focus on IAM services and access control options present within them:
- Design and deploy an authentication system
Under this subtopic, you will need to have the knowledge to design a scalable authentication system, complete with multi-factor authentication to access AWS resources.
- Troubleshoot authentication & authorization systems
Extensive knowledge of these systems will be tested here as you will need this knowledge to address any issues within said systems.
Data Protection
This portion contains areas that focus on data protection within AWS via encryption systems:
- Design and deploy key management
You will need extensive knowledge of the Key Management Service, its features, and benefits.
- Troubleshoot key management
As it is apparent from earlier modules, troubleshooting solutions is as important as deploying them. Thus, you will need a deeper understanding of data encryption and KMS in order to reliably perform troubleshooting.
- Design and deploy data encryption solutions for data at rest and in transit
An extensive understanding of data encryption is needed here as this encompasses the concept as a whole.
Career Prospects
With the AWS Certified Security - Specialty exam complete, you will be one of the most sought-after individuals of the IT industry as a whole. As cloud computing and cybersecurity are becoming exceedingly popular your prospects will definitely skyrocket. Thus, you can opt to become an AWS Security Engineer, AWS Security Specialist, AWS Security Architect, and the like with the annual salary being about $125k per year as claimed by ZipRecruiter.com.
What's Next?
The professional-level AWS certifications are a great next step depending on your future career goals. These include the AWS Certified Solutions Architect - Professional and the AWS Certified DevOps Engineer - Professional. Besides, there are also 4 more specialty designations which detail Advanced Networking, Data Analytics, Database, and Machine Learning.
