Table of Contents
hide
AWS Certified Security – Specialty (SCS-C03) Exam Learning Path
⚠️ EXAM VERSION UPDATE
AWS Certified Security – Specialty SCS-C01 was retired on July 10, 2023. SCS-C02 replaced it on July 11, 2023, and was subsequently replaced by SCS-C03 on December 2, 2025.
This post has been updated to reflect the current SCS-C03 exam content, domains, and in-scope services.
The AWS Certified Security – Specialty (SCS-C03) validates your ability to effectively secure workloads and architectures on AWS. The exam tests your knowledge of threat detection, incident response, infrastructure security, identity and access management, data protection, and security governance.
AWS Certified Security – Specialty (SCS-C03) Exam Content
- The AWS Certified Security – Specialty (SCS-C03) exam validates:
- An understanding of specialized data classifications and AWS data protection mechanisms.
- An understanding of data-encryption methods and AWS mechanisms to implement them.
- An understanding of secure Internet protocols and AWS mechanisms to implement them.
- The ability to design and implement security controls for cloud workloads including generative AI applications.
- A working knowledge of AWS security services and features of services to provide a secure production environment.
- Competency gained from two or more years of production deployment experience using AWS security services and features.
- The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.
- An understanding of security operations and risks.
Refer to AWS Certified Security – Specialty (SCS-C03) Exam Guide
AWS Certified Security – Specialty (SCS-C03) Exam Domains
| Domain | % of Exam |
|---|---|
| Domain 1: Detection | 16% |
| Domain 2: Incident Response | 14% |
| Domain 3: Infrastructure Security | 18% |
| Domain 4: Identity and Access Management | 20% |
| Domain 5: Data Protection | 18% |
| Domain 6: Security Foundations and Governance | 14% |
AWS Certified Security – Specialty (SCS-C03) Exam Summary
- Specialty exams are tough, lengthy, and tiresome. Most of the questions and answers options have a lot of prose and a lot of reading that needs to be done, so be sure you are prepared and manage your time well.
- SCS-C03 exam has 65 questions to be solved in 170 minutes which gives you roughly 2 1/2 minutes to attempt each question.
- SCS-C03 exam includes two types of questions, multiple-choice and multiple-response.
- SCS-C03 has a scaled score between 100 and 1,000. The scaled score needed to pass the exam is 750.
- Specialty exams currently cost $300 + tax.
- You can get an additional 30 minutes if English is your second language by requesting Exam Accommodations. It is helpful for Professional and Specialty exams.
- As always, mark the questions for review and move on and come back to them after you are done with all.
- Having a rough architecture or mental picture of the setup helps focus on the areas that you need to improve. You will be able to eliminate 2 answers for sure and then need to focus on only the other two.
- AWS exams can be taken either remotely or at a test center. Just make sure you have a proper place to take the exam with no disturbance and nothing around you.
- If you are taking the AWS Online exam, try to join at least 30 minutes before the actual time as there can be long wait times with PSI and Pearson VUE.
AWS Certified Security – Specialty (SCS-C03) Exam Resources
- Online Courses
- Stephane Maarek – Ultimate AWS Certified Security Specialty SCS-C03
- Adrian Cantrill – AWS Certified Security – Specialty
- Whizlabs – AWS Certified Security Specialty Course
- Practice tests
- Stephane Maarek – AWS Certified Security – Specialty Practice Exams SCS-C03
- Whizlabs – AWS Certified Security Specialty Practice Test
AWS Certified Security – Specialty (SCS-C03) Exam Topics
- AWS Certified Security – Specialty (SCS-C03) exam focuses heavily on Detection, Incident Response, Infrastructure Security, IAM, Data Protection, and Security Governance involving Data Encryption at rest or in transit, Data protection, Auditing, Compliance and regulatory requirements, and automated remediation.
- SCS-C03 adds emphasis on generative AI security (GenAI OWASP Top 10 for LLM Applications), OCSF format integration, and inter-resource encryption.
Security, Identity & Compliance
- Identity and Access Management (IAM)
- IAM Roles to grant the service, users temporary access to AWS services.
- IAM Role can be used to give cross-account access and usually involves creating a role within the trusting account with a trust and permission policy and granting the user in the trusted account permissions to assume the trusting account role.
- Identity Providers & Federation to grant external user identity (SAML or Open ID compatible IdPs) permissions to AWS resources without having to be created within the AWS account.
- IAM Policies help define who has access & what actions can they perform.
- IAM Roles to grant the service, users temporary access to AWS services.
- AWS IAM Identity Center (formerly AWS SSO)
- is the recommended way to manage human access to multiple AWS accounts.
- provides centralized workforce identity management with support for SAML 2.0, SCIM, and built-in identity store.
- uses Permission Sets to define access levels for users/groups across AWS accounts.
- integrates with AWS Organizations for multi-account access management.
- supports external identity providers (Okta, Microsoft Entra ID, Google Workspace).
- eliminates the need for long-term static access keys for human users.
- Deep dive into Key Management Service (KMS). There would be quite a few questions on this.
- is a managed encryption service that allows the creation and control of encryption keys to enable data encryption.
- uses Envelope Encryption which uses a master key to encrypt the data key, which is then used to encrypt the data.
- Understand how KMS works
- Understand IAM Policies, Key Policies, Grants to grant access.
- Key policies are the primary way to control access to KMS keys. Unless the key policy explicitly allows it, you cannot use IAM policies to allow access to a KMS key.
- are regional, however, supports multi-region keys, which are KMS keys in different AWS Regions that can be used interchangeably.
- KMS Multi-region keys
- are AWS KMS keys in different AWS Regions that can be used interchangeably.
- are not global and each multi-region key needs to be replicated and managed independently.
- Understand the difference between CMK with generated and imported key material esp. in rotating keys. SCS-C03 explicitly tests understanding of differences between imported key material and AWS-generated key material.
- KMS usage with VPC Endpoint which ensures the communication between the VPC and KMS is conducted entirely within the AWS network.
- KMS ViaService condition
- Supports automatic key rotation for customer managed keys (rotates every year by default, configurable rotation period).
- CloudHSM
- is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.
- provides FIPS 140-2 Level 3 validated HSMs.
- AWS Certificate Manager (ACM)
- helps provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services.
- to use an ACM Certificate with CloudFront, the certificate must be in the US East (N. Virginia) region.
- is regional and you need to request certificates in all regions and associate individually.
- does not support EC2 instances and private keys cannot be exported.
- AWS Private Certificate Authority (Private CA)
- is a managed private CA service for issuing and managing private certificates.
- supports creating certificate hierarchies (root and subordinate CAs).
- integrates with ACM for deployment of private certificates to AWS services.
- is in-scope for SCS-C03 for managing encryption keys and certificates across single or multiple regions.
- AWS Secrets Manager
- protects secrets needed to access applications, services, etc.
- enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
- supports automatic rotation of credentials for RDS, DocumentDB, Redshift, and custom Lambda rotation functions.
- Secrets Manager vs Systems Manager Parameter Store
- Secrets Manager supports automatic rotation while SSM Parameter Store does not.
- Parameter Store is cost-effective as compared to Secrets Manager.
- Amazon GuardDuty
- is a threat detection service that continuously monitors the AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
- supports CloudTrail S3 data events and management event logs, DNS logs, EKS audit logs, VPC flow logs, RDS login activity, Lambda network activity, and Runtime Monitoring.
- GuardDuty Malware Protection scans EBS volumes attached to EC2 instances and container workloads for malware.
- GuardDuty Malware Protection for S3 scans newly uploaded objects in S3 buckets.
- GuardDuty Runtime Monitoring provides runtime threat detection for EC2, EKS, ECS/Fargate workloads.
- GuardDuty Extended Threat Detection uses AI/ML to correlate findings into attack sequences for EC2 and ECS.
- Amazon Inspector
- is an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure.
- automatically discovers and scans EC2 instances, container images in ECR, and Lambda functions.
- calculates a contextualized risk score using CVE information, network access, and exploitability.
- supports code scanning (SAST, SCA) and Infrastructure as Code (IaC) scanning with GitHub/GitLab integration.
- Amazon Detective
- makes it easier to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.
- automatically collects log data from AWS resources and uses machine learning, statistical analysis, and graph theory.
- integrates with GuardDuty findings, Security Hub, and Security Lake.
- supports automated IAM investigations to determine if a principal is involved in a security event.
- can access up to a year of historical event data with visualizations.
- Amazon Macie
- is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in S3.
- can detect PII, financial data, credentials, and custom data identifiers.
- Amazon Security Lake
- automatically centralizes security data from AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake.
- uses the Open Cybersecurity Schema Framework (OCSF) to normalize and standardize security data.
- natively collects CloudTrail management events, VPC Flow Logs, Route 53 Resolver query logs, and Security Hub findings.
- integrates with Amazon Athena, OpenSearch, and third-party SIEM tools for analysis.
- is explicitly tested in SCS-C03 Domain 1 (Detection) for creating metrics and dashboards to detect anomalous data.
- AWS Artifact is a central resource for compliance-related information that provides on-demand access to AWS’ security and compliance reports and select online agreements.
- AWS Shield & Shield Advanced
- for DDoS protection and integrates with Route 53, CloudFront, ALB, and Global Accelerator.
- AWS WAF
- protects from common attack techniques like SQL injection and XSS.
- integrates with CloudFront, ALB, API Gateway, AppSync, Cognito User Pools, App Runner, and Verified Access.
- supports Web ACLs and can block traffic based on IPs, Rate limits, and specific countries.
- supports managed rule groups from AWS and AWS Marketplace sellers (including third-party WAF rules for SCS-C03).
- logs can be sent to CloudWatch Logs, S3 bucket, or Kinesis Data Firehose.
- AWS Security Hub
- is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.
- consolidates findings from GuardDuty, Inspector, Macie, Firewall Manager, IAM Access Analyzer, and third-party tools.
- supports security standards: AWS Foundational Security Best Practices, CIS AWS Foundations Benchmark, PCI DSS.
- AWS Network Firewall is a stateful, fully managed, network firewall and intrusion detection and prevention service (IDS/IPS) for VPCs.
- AWS Resource Access Manager helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs).
- AWS Audit Manager to map your compliance requirements to AWS usage data with prebuilt and custom frameworks and automated evidence collection.
- Amazon Cognito esp. User Pools and Identity Pools for authentication and authorization.
- AWS Firewall Manager helps centrally configure and manage firewall rules across accounts and applications in AWS Organizations which includes WAF, Shield Advanced, VPC security groups, Network Firewall, and Route 53 Resolver DNS Firewall.
Networking & Content Delivery
- Virtual Private Cloud – VPC
- Security Groups, NACLs
- NACLs are stateless, Security groups are stateful
- NACLs at subnet level, Security groups at the instance level
- NACLs need to open ephemeral ports for response traffic.
- VPC Gateway Endpoints to provide access to S3 and DynamoDB
- VPC Interface Endpoints or PrivateLink provide access to a variety of services like SQS, Kinesis, or Private APIs exposed through NLB.
- VPC Peering
- to enable communication between VPCs within the same or different regions.
- Route tables need to be configured on either VPC for them to be able to communicate.
- VPC Flow Logs help capture information about the IP traffic going to and from network interfaces in the VPC.
- NAT Gateway provides managed NAT service with high availability and bandwidth.
- VPC Network Access Analyzer helps identify unintended network access to resources by analyzing network reachability conditions.
- Security Groups, NACLs
- AWS Verified Access
- provides secure, VPN-less access to corporate applications using Zero Trust principles.
- evaluates each request based on user identity and device health rather than network location.
- uses Cedar policy language for fine-grained access policies.
- supports HTTP/HTTPS applications and non-HTTP(S) protocols (SSH, RDP, JDBC/ODBC) since 2025.
- integrates with identity providers and device trust providers.
- is in-scope for SCS-C03 under Networking and Content Delivery.
- Virtual Private Network – VPN & Direct Connect to establish connectivity between an on-premises data center and VPC.
- IPSec VPN over Direct Connect to provide secure connectivity.
- AWS Site-to-Site VPN is in-scope for SCS-C03.
- AWS Transit Gateway
- acts as a hub to connect VPCs and on-premises networks through a central gateway.
- is in-scope for SCS-C03 for network security design patterns.
- CloudFront
- integrates with S3 to improve latency and performance.
- provides multiple security features
- supports encryption at rest and end-to-end encryption
- Viewer Protocol Policy and Origin Protocol Policy to enforce HTTPS
- Integrates with ACM and requires certs to be in the us-east-1 region.
- CloudFront Origin Shield helps improve the cache hit ratio and reduce the load on the origin.
- Restricting access to content
- Configure HTTPS connections
- Use signed URLs or cookies to restrict access for selected users
- Restrict access to content in S3 buckets using Origin Access Control (OAC) (recommended replacement for OAI) to prevent users from using the direct URL.
- Restrict direct access to load balancer using custom headers.
- Set up field-level encryption for specific content fields
- Use AWS WAF web ACLs to restrict access.
- Use Geo-restriction to prevent users in specific geographic locations from accessing content.
- Route 53
- is a highly available and scalable DNS web service.
- Resolver Query logging logs queries from VPCs, on-premises resources using inbound/outbound resolvers. Can be logged to CloudWatch Logs, S3, and Kinesis Data Firehose.
- Route 53 DNSSEC secures DNS traffic and helps protect from DNS spoofing attacks.
- Route 53 Resolver DNS Firewall allows filtering and regulating outbound DNS traffic for VPCs.
- Elastic Load Balancer
- End to End encryption
- NLB with TCP listener as pass through and terminating SSL on the EC2 instances
- ALB with SSL termination and HTTPS between ALB and EC2 instances
- End to End encryption
- Gateway Load Balancer – GWLB
- helps deploy, scale, and manage virtual appliances, such as firewalls, IDS/IPS systems, and deep packet inspection systems.
Management & Governance Tools
- CloudWatch
- CloudWatch Logs
- CloudWatch Logs data protection policies can automatically mask sensitive data (PII, credentials) in log events (new in SCS-C03).
- CloudWatch Subscription Filters and their integration with other services.
- EventBridge (formerly CloudWatch Events) for real-time event-driven security automation.
- CloudWatch Logs
- CloudTrail for audit and governance
- CloudTrail can be enabled for all regions and supports log file integrity validation.
- With Organizations, the trail can be configured to log CloudTrail from all accounts to a central account.
- CloudTrail Lake provides a managed data lake for querying CloudTrail events using SQL. In-scope for SCS-C03.
- CloudTrail Insights detects unusual operational activity in your account.
- AWS Config
- AWS Config rules can alert for any changes and check the history of changes. Can check approved AMIs compliance.
- allows remediation of noncompliant resources using AWS Systems Manager Automation documents.
- AWS Config → EventBridge → Lambda/SNS
- CloudTrail vs Config
- CloudTrail provides the WHO and Config provides the WHAT.
- Systems Manager
- Parameter Store provides secure, scalable, centralized, hierarchical storage for configuration data and secret management.
- Systems Manager Patch Manager helps select and deploy operating system and software patches across EC2 or on-premises instances.
- Systems Manager Run Command provides safe, secure remote management of instances at scale.
- Session Manager provides secure and auditable instance management without opening inbound ports or managing SSH keys.
- AWS Organizations
- is an account management service for consolidating multiple AWS accounts into a centrally managed organization.
- can configure Organization Trail to centrally log all CloudTrail logs.
- Service Control Policies (SCPs)
- act as guardrails and specify the services and actions that users and roles can use.
- are similar to IAM permission policies except that they don’t grant any permissions.
- Resource Control Policies (RCPs) — new policy type that controls maximum permissions on resources in your organization.
- AWS Trusted Advisor
- inspects the AWS environment to make recommendations for performance, cost savings, availability, and security.
- CloudFormation
- Deletion Policy to prevent, retain, or backup RDS, EBS Volumes.
- Stack policy can prevent stack resources from being unintentionally updated or deleted during a stack update.
- Control Tower
- to setup, govern, and secure a multi-account environment.
- strongly recommended guardrails cover EBS encryption.
Storage & Databases
- Simple Storage Service – S3
- Understand S3 Security in detail.
- S3 Encryption supports both data at rest and data in transit encryption.
- Data in transit encryption via SSL or client-side encryption.
- Data at rest encryption using Server Side (SSE-S3, SSE-KMS, SSE-C) or Client Side encryption.
- Enforce S3 Encryption at rest using default encryption or bucket policies.
- Enforce encryption in transit using
aws:SecureTransportcondition in S3 bucket policy. - S3 Bucket Keys reduce KMS request costs by using a bucket-level key for SSE-KMS.
- S3 permissions can be handled using
- IAM User Policies
- Resource-based policies (Bucket policies, Bucket ACL, Object ACL)
- S3 Access Points
- S3 Object Lock helps store objects using a WORM model.
- S3 Block Public Access provides controls to ensure that objects never have public access.
- S3 Access Points simplify data access for any AWS service or application.
- S3 Versioning with MFA Delete ensures data cannot be accidentally overwritten or deleted.
- S3 Access Analyzer monitors access policies to ensure only intended access to S3 resources.
- Glacier Vault Lock
- EBS Encryption
- Relational Database Services – RDS
- supports encryption at rest using KMS (same methods as EBS).
- does not support enabling encryption after creation. Need to create a snapshot, copy to an encrypted snapshot, and restore as an encrypted DB.
Compute
- EC2 access using IAM Role, Lambda using the Execution role & ECS using the Task role.
- EC2 Instance Metadata Service version 2 (IMDSv2) and enforcement of the same. IMDSv2 uses session-oriented requests to protect against SSRF attacks.
- EC2 Image Builder for creating hardened AMIs and container images with embedded security controls (in-scope for SCS-C03).
- Amazon EKS security — Pod security, IRSA (IAM Roles for Service Accounts), EKS Pod Identity.
Generative AI Security (New in SCS-C03)
- Amazon Bedrock Security
- Bedrock Guardrails to filter harmful content, prevent prompt injection, and enforce responsible AI policies.
- Data encryption at rest and in transit for model interactions.
- VPC endpoints for private connectivity to Bedrock.
- IAM policies for fine-grained access control to foundation models.
- GenAI OWASP Top 10 for LLM Applications — SCS-C03 explicitly tests implementing protections against LLM vulnerabilities including prompt injection, data leakage, and insecure output handling.
- Amazon Q security — access controls, data permissions, and guardrails for Q Business and Q Developer.
Integration Tools
- Know how CloudWatch integration with SNS and Lambda can help in notification and automated remediation.
- Amazon SNS message data protection can mask or block sensitive data in messages (in-scope for SCS-C03 data protection).
Whitepapers and Articles
- AWS Certification – Security Services – Cheat Sheet
- AWS Certification – Identity Services – Cheat Sheet
- AWS Security Incident Response Guide
- AWS DDoS Resiliency Best Practices
- Well-Architected – Security Pillar
- Official SCS-C03 Exam Guide
On the Exam Day
- Make sure you are relaxed and get some good night’s sleep. The exam is not tough if you are well-prepared.
- If you are taking the AWS Online exam
- Try to join at least 30 minutes before the actual time as there can be long wait times.
- The online verification process does take some time and usually, there are glitches.
- Remember, you would not be allowed to take the exam if you are late by more than 30 minutes.
- Make sure you have your desk clear, no hand-watches, or external monitors, keep your phones away, and nobody can enter the room.
Finally, All the Best 🙂
Hey Jay is it Braincert AWS Certified Security – Speciality Practice Exams really helpfull and do you recommend any other practice test ?
They cover quite a lot, that would help you prepare for the exam for sure.
Hey, What about Zeal Vora course. Is it better than Linux Academy ?
Its pretty much inline with Linux Academy.
Hi Jay, how many questions there total? 65 or 75
Its 65 questions for Speciality exams.
It’s T J. I follow your instruction, again and no surprise, pass the exam with higher score than 939 😉 HAHA. Thank you for everything you collect and summary – everything is well-organized, informative and freshest.
My next target is the Big Data Specialty. Would you mind share something with us?
Congrats TJ and thats a great score 🙂
For Big Data, I would be sharing the learning path very soon.
Congrats TJ that was a very good score. Just a quick one, did you use the braincert practice text in your preparation for the exam as Jay suggested and was it any useful?
Thanks
Congrats TJ that was a very good score. Just a quick one, did you use the braincert practice text in your preparation for the exam as Jay suggested and was it any useful?
Thanks
Hi TJ Congrats… I am also planning for aws security specialty ..which one you used Zeal Vora or Linux Academy .. from above mentioned…
Hi,
Can you please clarify the below question.
A company wants to enable single sign-on (SSO) so its employees can log in to the management console using their corporate directory identity. Which steps below are required as part of the process? (Select 2)
Answers:-
A. Create a Direct Connect connection between the corporate network and the AWS region with the company’s infrastructure.
B. Create IAM policies that can be mapped to group memberships in the corporate directory.
C. Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
D. Create IAM users that can be mapped to the employees corporate identities.
E. Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity provider(IdP).
Right Answer:- A,D
But some website’s are mentioned right answer B,D.
Answer B – Create IAM policies that can be mapped to group memberships in the corporate directory is wrong.
(Because IAM policies are not directly mapped to group memberships in the corporate directory.
IAM roles are mapped.)
Please advise,
Thanks,
Iyappan.M
B & E as you can use a Ad connector to define a trust relationship between IAM and corporate directory identity and map the IAM roles to groups.
https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/
A company wants to enable single sign-on (SSO) so its employees can log in to the management console using their corporate directory identity. Which steps below are required as part of the process? (Select 2)
Answers:-
A. Create a Direct Connect connection between the corporate network and the AWS region with the company’s infrastructure.
B. Create IAM policies that can be mapped to group memberships in the corporate directory.
C. Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
D. Create IAM users that can be mapped to the employees corporate identities.
E. Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity provider(IdP).
Right answers:- A,D.
But some website mentioned answers are B,D.
Answe B:- Create IAM policies that can be mapped to group memberships in the corporate directory is wrong.
(Because IAM policies are not directly mapped to group memberships in the corporate directory.
IAM roles are mapped.)
Please advise.
Thanks,
Iyappan.M
Hi, I’ve been working in the security field for about three years now and do not have any experience working in an AWS environment.
I’m planning to take the security speciality cert to improve my profile.
My question is, is it possible for someone without any real work experience handling AWS workloads to crack this test by just studying the content of ACG and Linux academy and white papers and whatever I can get my hands on?
Hi Sanjay,
AWS Security focuses more on the AWS Security services like KMS, Encryption with various other services at rest and in transit, IAM and fine grained access control. So with a security background it surely gives you a jump start as you don’t need to understand the concepts but focus mostly on AWS pieces and it can be cleared easily without practical experience.
Hi,
Have you compared acloudguru course for security speciality? Is it inline with linuxacademy course? Need to buy one of those.
Please suggest.
Regards,
Rohit
For Speciality exams, i haven’t checked acloudguru courses. I used Linux Academy mostly but surely it does not cover all the details that are required for the exam. Check for the practice tests in the resources, they can be a great help in building and preparing for the exam.
Hi jay,
Do you have any plan to start a AWS courses on udemy?
Thanks,
Surya
Thanks surya for asking, but currently I have no plans.
Hi,
I am planning for sysops. How much can expect from Whizlabs questions set. Your views on it.
Thanks
Not seen much on Whizlabs lately, but have good feedback for Braincert. But then use the practice exams to clear the concepts. As long as you do not treat them as dumps, the associate exams are easy to clear.
Do you need to have another aws cert in order to take this one?
nope .. can be attempted directly.
Hi Jay,
I have passed the exam with score 860. Would thank you for centralize the content and studying material.
Would be great if you share your LinkedIn profile.
Congrats Saul, and glad to connect on linkedin @ https://www.linkedin.com/in/jayendrapatil/
I have don’t have daily experience in working with aws but will I able to complete the certification of aws security with the course offered by Linux academy or acloudguru ?
yup Jibin, you can clear the certification if you understand the concepts.
Hi Jay,
I have completed the “AWS Certified Security Specialty” certification and thank u for your valuable course material.
Congrats Naga … Glad it helped …
How helpful were Braincert Practice exams? I checked they’ve only got 178 Questions. Are they enough or do you need more for practice?
Hi Jayant,
which Practice Tests is better whizlab or braincerr for AWS Certified Security Specialty?
Thanks
Prakash
prefer braincert
Hi ,
To prepare for the AWS security specialty exam is that mandatory AWS solution architect associate certification is must, could you please clarify.
Thanks
Chandra
Professional and Specialty exams have not prerequisites so its not mandatory. But its good to go for SA-Associate exam for Professional and Specialty exams.
Hi Jay,
I recently passed AWS certified solutions architect associate with score 862. I didn’t have any prior experience of working for any company who is into cloud computing.
Now, I am thinking to pursue AWS Security Speciality, my question is can I directly take this exam without doing professional cert?
Also, does solutions architect professional cert helps in clearing Security Speciality?
Your detailed guidance will be highly valuable.
Hi Gomezi, Specialty and Professional certification does not have any prerequisites now, so you can appear directly. Professional certs would help a bit, but they are mostly parallel paths now.
Your blog is having good information. Thanks, Jayendra for connecting on LinkedIn
glad to connect kiran ..
Hello Jayendra ,
I have completed my AWS SAA-C01 associate exam couple of months back. I am thinking to go more. I am a solution architect. Do you know what is next popular exam that i should opt for?
Solution Architect Professional is surely the next one to target.
Thanks Jayendra,
I have been told profactional is huge jump from associate. I was thinking to do the security speciality. Do you think it may worth doing security speciality compare to profactional first?
Could you also tell how much time should I target for each exam?
Professional and Specialty exams are at a different level than Associate ones. I would recommend you practice atleast 2-3 months for Professional one. After your first professional, you can pace the other ones accordingly.
Hello,
What practice test is recommended for the AWS Security Specialty certification exam – Braincert or Whizlabs? Also is the Braincert practice test updated to reflect the latest exam guide for the Security Specialty?
Appreciate your thoughts.
Eskay
Prefer Braincert, they are more relevant.
Hi Jayendra, I just completed aws pro architect.. planning for security speciality… how much time it tentatively can take
Would recommend steady learning with 2 months of timeframe.
Hi Jay, Congrats and i have the following questions. Please help
1. Are there any Labs in the Exam? or only multiple choices
2. Do i need to have deep knowledge on Solution Architect / Assocaite level certifications to pass the Security Speciality
there are no labs in AWS exams, also doing Solution Architect – Associate is recommended, Professional is surely a plus. But its not mandatory.
Hi Jay ,
Hope you doing well…
Thanks for your material it helped lot in preparing …. I passed my SA -A recently….. Planning to take Security Specialty…. Zeal udemy course is better or Now Linux and cloud guru or same ?
Thanks
I went through LA one and it was good, but not completely updated. Zeal one is highest rated as well on udemy.
Hi Jay,
I have some experience on AWS and my company is demanding me to get certified. Is there a pathway i have to follow to get AWS security specialty (like Associate,Architect then Specialty) or can i directly learn from the Linux academy or others and directly appear for the exam and get certified. The sooner will be much better for me as i can later go for architect & others.
yup you can get certified directly. For Professional and Specialty exams there is lot of preparation needed though. Practical experience is of great help.
Hi Jayendra
Finally I cleared security specialty. Its been 4 years following your website and it really helped me in clearing 4 AWS certifications. Many thanks for your clear insight of all topics and clear justification on helpful course and exams as well.
Whenever I wanted to take an exam, just visit your website and follow your instructions. That’s it. No second thoughts and I come out passing the exam with flying colors.
Appreciate your great work and keep helping us as usual!
Congrats Siri, and glad the site helped you in your journey.