# AWS Certified Security - Specialty (SCS-C03)
The AWS Certified Security - Specialty exam is intended for individuals who have a responsibility to secure cloud solutions. The exam validates a candidate's ability to effectively demonstrate knowledge about securing AWS products and services.
**Topics**
+ [Introduction](#security-specialty-03-intro)
+ [Target candidate description](#security-specialty-03-target)
+ [Exam content](#security-specialty-03-exam-content)
+ [Content outline](#security-specialty-03-domains)
+ [Service References](#scs-service-references)
+ [Content Domain 1: Detection](security-specialty-03-domain1.md)
+ [Content Domain 2: Incident Response](security-specialty-03-domain2.md)
+ [Content Domain 3: Infrastructure Security](security-specialty-03-domain3.md)
+ [Content Domain 4: Identity and Access Management](security-specialty-03-domain4.md)
+ [Content Domain 5: Data Protection](security-specialty-03-domain5.md)
+ [Content Domain 6: Security Foundations and Governance](security-specialty-03-domain6.md)
+ [In-Scope AWS Services](scs-02-in-scope-services.md)
+ [Out-of-Scope AWS Services](scs-02-out-of-scope-services.md)
+ [Technologies and Concepts](scs-technologies-concepts.md)
+ [Appendix: Comparison of SCS-C02 and SCS-C03](security-specialty-03-appendix-b.md)
+ [Revisions](scs03-revisions.md)
+ [Survey](#security-specialty-03-survey)
## Introduction
The [AWS Certified Security - Specialty](https://aws.amazon.com/certification/certified-security-specialty/) exam is intended for individuals who have a responsibility to secure cloud solutions. The exam validates a candidate's ability to effectively demonstrate knowledge about securing AWS products and services.
The exam also validates a candidate's ability to complete the following tasks:
+ Apply specialized data classifications and AWS data protection mechanisms.
+ Implement data-encryption methods and AWS encryption mechanisms.
+ Implement AWS mechanisms to follow secure internet protocols.
+ Use AWS security services and features to ensure secure production environments.
+ Make decisions that account for tradeoffs between cost, security, and deployment complexity to meet a set of application requirements.
+ Understand security operations and risks.
## Target candidate description
The target candidate should have the equivalent of 3–5 years of experience securing cloud solutions.
### Recommended AWS knowledge
The target candidate should have the following AWS knowledge:
+ The AWS shared responsibility model and its application
+ Managing identity at scale
+ Multi-account governance
+ Managing software supply chain risks
+ Security incident prevention and response strategies
+ Vulnerability management in the cloud
+ Developing firewall rules at scale for layers 3–7
+ Incident root cause analysis
+ Experience responding to an audit
+ Logging and monitoring strategies
+ Data encryption methodologies, both at-rest and in-transit
+ Disaster recovery controls, including backup strategies
### Job tasks that are out of scope for the target candidate
The following list contains job tasks that the target candidate is not expected to be able to perform. This list is non-exhaustive. These tasks are out of scope for the exam:
+ Design cryptographic algorithms
+ Analyze traffic on the packet level
+ Architect overall cloud deployments
+ Manage end-user compute resources
+ Train machine learning models
## Exam content
### Response types
The exam includes one or more of the following question types:
+ **Multiple choice:** Has one correct response and three incorrect responses (distractors)
+ **Multiple response:** Has two or more correct responses out of five or more response options
+ **Ordering:** Has a list of 3–5 responses to complete a specified task. You must select the correct responses and place the responses in the correct order to receive credit for the question.
+ **Matching:** Has a list of responses to match with a list of 3–7 prompts. You must match all the pairs correctly to receive credit for the question.
Unanswered questions are scored as incorrect. There is no penalty for guessing. The exam includes 50 questions that affect your score.
### Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.
### Exam results
The AWS Certified Security - Specialty (SCS-C03) exam has a pass or fail designation. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 750. Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table of classifications contains general information that highlights your strengths and weaknesses. Use caution when you interpret section-level feedback.
## Content outline
This exam guide includes weightings, content domains, and task statements for the exam. This guide does not provide a comprehensive list of the content on the exam.
The exam has the following content domains and weightings:
+ [Content Domain 1: Detection (16% of scored content)](security-specialty-03-domain1.md)
+ [Content Domain 2: Incident Response (14% of scored content)](security-specialty-03-domain2.md)
+ [Content Domain 3: Infrastructure Security (18% of scored content)](security-specialty-03-domain3.md)
+ [Content Domain 4: Identity and Access Management (20% of scored content)](security-specialty-03-domain4.md)
+ [Content Domain 5: Data Protection (18% of scored content)](security-specialty-03-domain5.md)
+ [Content Domain 6: Security Foundations and Governance (14% of scored content)](security-specialty-03-domain6.md)
## Service References
The following sections provide detailed information about AWS services, technologies, and concepts relevant to this certification exam:
+ [In-Scope AWS Services](scs-02-in-scope-services.md)
+ [Out-of-Scope AWS Services](scs-02-out-of-scope-services.md)
+ [Technologies and Concepts](scs-technologies-concepts.md)
## Survey
How useful was this exam guide? Let us know by [taking our survey](https://amazonmr.au1.qualtrics.com/jfe/form/SV_8vLR1a9uG9zu9Po?course_title=Sec-Spec&course_id=SCS-C03&Q_Language=EN).