AWS SCS-C02 is a new exam code for the AWS Certified Security – Specialty Exam which was released on July 11, 2023, The AWS Certified Security – Specialty SCS-C01 Exam code expired on July 10, 2023.
According to research, the AWS Security Specialist certification can increase a professional’s earning potential by up to 25% and significantly improve their chances of landing security-focused roles in organizations using AWS cloud services.
This blog will cover everything you need to know about the AWS SCS-C02
- What is AWS Certified Security – Specialty (SCS-C02) Exam
- Exam Overview
- AWS SCS-C02 Exam Domains
- Difference between SCS-C01 and SCS-C02
- I recently received my SCS-C01 certification. Will it still be valid, or will I have to take the New Exam (SCS-C02)?
- AWS SCS-C02 Exam Results
- Frequently Asked Question
What is AWS Certified Security – Specialty (SCS-C02) Exam
A New Edition of the AWS Certified Security – Specialty (SCS-C02) exam was available on July 11, 2023.
AWS Certified Security – Specialty (SCS-C02) is aimed at individuals performing security-related tasks. In this exam, candidates demonstrate their ability to effectively demonstrate knowledge about securing AWS products and services.
AWS SCS-C02 Exam Overview
Format | Multiple-choice and multiple-response questions only |
Type | Specialty |
Delivery method | Pearson VUE testing center or online proctored exam |
Number of questions | 65 |
Time | 170 minutes |
Cost | 300 USD |
Language | English, Japanese, Korean, and Simplified Chinese, Spanish, French, Italian, and Portuguese |
Passing Marks | 750 & above |
AWS SCS-C02 Exam Domains
The AWS Certified Security – Specialty exam guide includes a complete list of exam domains, task statements, and knowledge areas; see the exam domains and task statements listed below.
Domain 1: Threat Detection and Incident Response (14%)
This exam domain focuses on understanding AWS best practices when responding to security incidents. Around 9 questions are covered by this domain, which accounts for 14% of the exam contents.
Task Statements include:
- Design and implement an incident response plan.
- Detect security threats and anomalies by using AWS services.
- Respond to compromised resources and workloads.
Domain 2: Security Logging and Monitoring (18%)
The exam domain focuses on designing, implementing, and troubleshooting logging solutions. You can expect 12 questions in this domain, which covers 18% of the exam.
Task Statements include:
- Design and implement monitoring and alerting to address security events.
- Troubleshoot security monitoring and alerting.
- Design and implement a logging solution.
- Troubleshoot logging solutions.
- Design a log analysis solution.
Domain 3: Infrastructure Security (20%)
This module includes topics such as infrastructure security and security features within AWS WAFs, Shields, and Route 53 services. This domain covers 20% of the exam content, so you can expect around 13 questions.
Task Statements include:
- Design and implement security controls for edge services.
- Design and implement network security controls.
- Design and implement security controls for compute workloads.
- Troubleshoot network security.
Domain 4: Identity and Access Management (16%)
In this domain, you will design, implement, and troubleshoot authentication and authorization for your AWS workloads. This domain covers approximately 10 questions about identity and access management.
Task Statements include:
- Design, implement, and troubleshoot authentication for AWS resources.
- Design, implement, and troubleshoot authorization for AWS resources.
Domain 5: Data Protection (18%)
This domain covers designing secure connections between on-premises networks and the AWS cloud as well as preserving data integrity. About 12 questions will be covered in this domain, which represents 18% of the exam content.
Task Statements include:
- Design and implement controls that provide confidentiality and integrity for data in transit.
- Design and implement controls that provide confidentiality and integrity for data at rest.
- Design and implement controls to manage the lifecycle of data at rest.
- Design and implement controls to protect credentials, secrets, and cryptographic key materials.
Domain 6: Management and Security Governance (14%)
Lastly, this domain covers 14% of the exam content, so you can expect about 9 questions in this domain. This domain explains how to detect, evaluate, and remediate sensitive data or noncompliant resources in AWS environments using services such as AWS Audit Manager, Amazon Macie, and AWS Config.
Task Statements include:
- Develop a strategy to centrally deploy and manage AWS accounts.
- Implement a secure and consistent deployment strategy for cloud resources.
- Evaluate the compliance of AWS resources.
- Identify security gaps through architectural reviews and cost analysis.
Difference between SCS-C01 and SCS-C02
The AWS Certified Security – Specialty exam, which was previously known as SCS-C01, has undergone significant changes in its domain structure and weightage allocation for SCS-C02.
- Previously accounting for 12% of the exam, the Incident Response domain has been renamed to “Threat Detection and Incident Response” and now weighs 14%.
- Logging and Monitoring, which used to account for 20% of the exam, is now known as “Security Logging and Monitoring” with an 18% weight age.
- The Infrastructure Security domain’s name remains the same, but its weight has decreased from 26% to 20%.
- From 20% to 16%, the weightage for Identity and Access Management has been reduced.
- Data Protection was also lowered from 22% to 18% of its weight age.
- Domain 6: Management and Security Governance is a new addition to the SCS-C02 exam, accounting for 14% of the exam.
I recently received my SCS-C01 certification. Will it still be valid, or will I have to take the New Exam (SCS-C02)?
Your AWS Certified Security – Specialty (SCS-C01) certification will still be valid for three years from the date you passed the exam. You are not required to take the new exam if you already have the SCS-C01 certification.
However, the SCS-C01 exam expired on July 10, 2023, and the new SCS-C02 exam is now the only available exam for this certification. If you want to stay up-to-date on the latest AWS security services and features, you may want to consider taking the new SCS-C02 exam.
AWS SCS-C02 Exam Results
The AWS Certified Security – Specialty (SCS-C02) exam is graded on a pass/fail basis. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 750. Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. The exam uses a compensatory scoring model, which means that you do need to achieve a passing score in each section. You need to pass only the overall exam.
Frequently Asked Questions
Who should take this exam
AWS Certified Security - Specialty is intended for experienced individuals who have five years of IT security experience in designing and implementing security solutions and two or more years of hands-on experience in securing AWS workloads. This certification complements the skills and expertise required for multiple job roles across cloud architecture, database, networking, and DevSecOps
How will the AWS Certified Security help my career?
This certification can build your credibility and position you as a trusted advisor to your stakeholders and customers. As an AWS Certified Security - Specialty certification holder, you can bring best practices and security solutions that meet organizations and customers unique needs.
What certifications should I earn before taking this exam?
You are not required to earn any specific certifications prior to preparing for this certification. However, candidates commonly earn the AWS Certified Solutions Architect - Associate and/or AWS Certified DevOps Engineer – Professional before attempting the AWS Certified Security - Specialty exam.
Related Links/References
- AWS Certified Security Specialty: Everything You Need To Know
- AWS Cloud Certifications
- AWS Certified Security – Specialty (SCS-C01) Step By Step Activity Guides (Hands-On Labs)
- AWS Certified Security – Specialty exam guide
- AWS Security Services and Compliance
- AWS VPC and Subnets – A Comprehensive Guide
- Amazon API Gateway: Concepts and Use Cases
Next Task For You
Begin your journey towards an AWS Cloud by joining our FREE Informative Class on AWS Cloud Free Class by clicking on the below image.
Leave a Reply