Passed the Security Specialty exam! 👍

Hey everyone, I recently passed the AWS Certified Security – Specialty (SCS-C01) exam over weekend. I took the exam on a testing center and not via online.

Just sharing the relevant topics you must absolutely need to know to pass the exam:

– Active Directory Trust Relationship – between on-prem AD and Amazon VPC

– Using NotAction IAM JSON policy element

– Control Tower for AWS resources

– EC2 instance metadata configuration

– Constraints in launching resources in Service Catalog + notification

– Central Logging with CloudTrail S3 bucket policy for CloudTrail log with a prefix.

– Multiple accounts with AWS WAF then consolidated in Amazon GuardDuty

– Protecting S3 bucket using bucket policy and VPC endpoints for EC2 access

– Mutual authentication

– TCP Passthrough

– SSL Offloading with ELB

– CloudTrail – Management and Data Events

– AWS KMS Grants

– AWS CMK types and key rotation options

– Using kms:root to delegrate permissions

– ACM – Private CA

– CloudHSM vs KMS

– MFA configuration — aws:MultiFactorAuthPresent

– Learn all AWS security services: AWS Security Hub, Amazon Detective, and Amazon Inspector

Aside from the ACG courses, I also used tutorials dojo practice tests and tutorials dojo ebook to reinforce my learnings from the video course. Personally, i find this exam with moderate difficulty but you should really study all of the security topics in AWS to ensure that you pass the exam.