AWS Certified Security - Specialty (SCS-C03) - AWS Certification
IntroductionTarget candidate descriptionExam contentContent outlineService ReferencesSurvey

AWS Certified Security - Specialty (SCS-C03)

The AWS Certified Security - Specialty exam is intended for individuals who have a responsibility to secure cloud solutions. The exam validates a candidate's ability to effectively demonstrate knowledge about securing AWS products and services.

Topics

Introduction

The AWS Certified Security - Specialty exam is intended for individuals who have a responsibility to secure cloud solutions. The exam validates a candidate's ability to effectively demonstrate knowledge about securing AWS products and services.

The exam also validates a candidate's ability to complete the following tasks:

  • Apply specialized data classifications and AWS data protection mechanisms.

  • Implement data-encryption methods and AWS encryption mechanisms.

  • Implement AWS mechanisms to follow secure internet protocols.

  • Use AWS security services and features to ensure secure production environments.

  • Make decisions that account for tradeoffs between cost, security, and deployment complexity to meet a set of application requirements.

  • Understand security operations and risks.

Target candidate description

The target candidate should have the equivalent of 3–5 years of experience securing cloud solutions.

The target candidate should have the following AWS knowledge:

  • The AWS shared responsibility model and its application

  • Managing identity at scale

  • Multi-account governance

  • Managing software supply chain risks

  • Security incident prevention and response strategies

  • Vulnerability management in the cloud

  • Developing firewall rules at scale for layers 3–7

  • Incident root cause analysis

  • Experience responding to an audit

  • Logging and monitoring strategies

  • Data encryption methodologies, both at-rest and in-transit

  • Disaster recovery controls, including backup strategies

Job tasks that are out of scope for the target candidate

The following list contains job tasks that the target candidate is not expected to be able to perform. This list is non-exhaustive. These tasks are out of scope for the exam:

  • Design cryptographic algorithms

  • Analyze traffic on the packet level

  • Architect overall cloud deployments

  • Manage end-user compute resources

  • Train machine learning models

Exam content

Response types

The exam includes one or more of the following question types:

  • Multiple choice: Has one correct response and three incorrect responses (distractors)

  • Multiple response: Has two or more correct responses out of five or more response options

  • Ordering: Has a list of 3–5 responses to complete a specified task. You must select the correct responses and place the responses in the correct order to receive credit for the question.

  • Matching: Has a list of responses to match with a list of 3–7 prompts. You must match all the pairs correctly to receive credit for the question.

Unanswered questions are scored as incorrect. There is no penalty for guessing. The exam includes 50 questions that affect your score.

Unscored content

The exam includes 15 unscored questions that do not affect your score. AWS collects information about performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results

The AWS Certified Security - Specialty (SCS-C03) exam has a pass or fail designation. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.

Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 750. Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.

Your score report could contain a table of classifications of your performance at each section level. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.

Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table of classifications contains general information that highlights your strengths and weaknesses. Use caution when you interpret section-level feedback.

Content outline

This exam guide includes weightings, content domains, and task statements for the exam. This guide does not provide a comprehensive list of the content on the exam.

The exam has the following content domains and weightings:

Service References

The following sections provide detailed information about AWS services, technologies, and concepts relevant to this certification exam:

Survey

How useful was this exam guide? Let us know by taking our survey.