Hey everyone, I recently passed the AWS Certified Security – Specialty (SCS-C01) exam over weekend. I took the exam on a testing center and not via online.
Just sharing the relevant topics you must absolutely need to know to pass the exam:
– Active Directory Trust Relationship – between on-prem AD and Amazon VPC
– Using NotAction IAM JSON policy element
– Control Tower for AWS resources
– EC2 instance metadata configuration
– Constraints in launching resources in Service Catalog + notification
– Central Logging with CloudTrail S3 bucket policy for CloudTrail log with a prefix.
– Multiple accounts with AWS WAF then consolidated in Amazon GuardDuty
– Protecting S3 bucket using bucket policy and VPC endpoints for EC2 access
– Mutual authentication
– TCP Passthrough
– SSL Offloading with ELB
– CloudTrail – Management and Data Events
– AWS KMS Grants
– AWS CMK types and key rotation options
– Using kms:root to delegrate permissions
– ACM – Private CA
– CloudHSM vs KMS
– MFA configuration — aws:MultiFactorAuthPresent
– Learn all AWS security services: AWS Security Hub, Amazon Detective, and Amazon Inspector
Aside from the ACG courses, I also used tutorials dojo practice tests and tutorials dojo ebook to reinforce my learnings from the video course. Personally, i find this exam with moderate difficulty but you should really study all of the security topics in AWS to ensure that you pass the exam.
Congratulations Wilson, and thanks for the detailed feedback 🙂