AWS Certified Security Specialty (SCS-C02) Sample Exam (10 Questions)
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
This Sample Test contains 10 Exam Questions. Please fill your Name and Email address and Click on “Start Test”. You can view the results at the end of the test. You will also receive an email with the results. Please purchase to get life time access to Full Practice Tests.
|
You must specify a text. |
|
|
You must specify an email address. |
You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" AWS Certified Security Specialty Sample Exam "
0 of 10 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
-
AWS Certified Security Specialty
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
-
You can review your answers by clicking on “View Answers”.
Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
SercuCorp has defined a number of EC2 instances over a period of 6 months. They want to know if any of the security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement?
Correct
Answer – B The AWS Trusted Advisor can check security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). If you go to AWS Trusted Advisor, you can see the details
Option A is invalid because AWS Inspector is used to detect security vulnerabilities in instances and not for security groups.
Option C is invalid because this can be used to detect changes in security groups but not show you security groups that have compromised access. Option D is partially valid but would just be a maintenance overhead For more information on the AWS Trusted Advisor, please visit the below URL https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/Incorrect
Answer – B The AWS Trusted Advisor can check security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). If you go to AWS Trusted Advisor, you can see the details
Option A is invalid because AWS Inspector is used to detect security vulnerabilities in instances and not for security groups.
Option C is invalid because this can be used to detect changes in security groups but not show you security groups that have compromised access. Option D is partially valid but would just be a maintenance overhead For more information on the AWS Trusted Advisor, please visit the below URL https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/Unattempted
Answer – B The AWS Trusted Advisor can check security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). If you go to AWS Trusted Advisor, you can see the details
Option A is invalid because AWS Inspector is used to detect security vulnerabilities in instances and not for security groups.
Option C is invalid because this can be used to detect changes in security groups but not show you security groups that have compromised access. Option D is partially valid but would just be a maintenance overhead For more information on the AWS Trusted Advisor, please visit the below URL https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/ -
Question 2 of 10
2. Question
A StartUp company is using CloudTrail to log all AWS API activity for all regions in all of its accounts. The CISO has asked that additional steps be taken to protect the integrity of the log files. What combination of steps will protect the log files from intentional or unintentional alteration?
Choose 2 answers from the options given belowCorrect
Answer – A and C The AWS Documentation mentions the following To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry-standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
Option B is invalid because there is no such thing as Trusted Advisor Cloud Trail checks
Option D is invalid because Systems Manager cannot be used for this purpose.
Option E is invalid because Security Groups cannot be used to block calls from other services For more information on Cloudtrail log file validation, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html For more information on delivering Cloudtrail logs from multiple accounts, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.htmlIncorrect
Answer – A and C The AWS Documentation mentions the following To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry-standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
Option B is invalid because there is no such thing as Trusted Advisor Cloud Trail checks
Option D is invalid because Systems Manager cannot be used for this purpose.
Option E is invalid because Security Groups cannot be used to block calls from other services For more information on Cloudtrail log file validation, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html For more information on delivering Cloudtrail logs from multiple accounts, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.htmlUnattempted
Answer – A and C The AWS Documentation mentions the following To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry-standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
Option B is invalid because there is no such thing as Trusted Advisor Cloud Trail checks
Option D is invalid because Systems Manager cannot be used for this purpose.
Option E is invalid because Security Groups cannot be used to block calls from other services For more information on Cloudtrail log file validation, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html For more information on delivering Cloudtrail logs from multiple accounts, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html -
Question 3 of 10
3. Question
You have just received an email from AWS Support stating that your AWS account might have been compromised. Which of the following steps would you look to carry out immediately? Choose 3 answers from the options below.
Correct
Explanation Answer – A, B and D One of the articles from AWS mentions what should be done in such a scenario If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: • Change your AWS root account password and the passwords of any IAM users. • Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. • Delete any resources on your account you didn’t create, especially running EC2 instances, EC2 spot bids, or IAM users. • Respond to any notifications you received from AWS Support through the AWS Support Center.
Option C is invalid because there could be compromised instances or resources running on your environment. They should be shut down or stopped immediately. For more information on the article, please visit the below URL https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/Incorrect
Explanation Answer – A, B and D One of the articles from AWS mentions what should be done in such a scenario If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: • Change your AWS root account password and the passwords of any IAM users. • Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. • Delete any resources on your account you didn’t create, especially running EC2 instances, EC2 spot bids, or IAM users. • Respond to any notifications you received from AWS Support through the AWS Support Center.
Option C is invalid because there could be compromised instances or resources running on your environment. They should be shut down or stopped immediately. For more information on the article, please visit the below URL https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/Unattempted
Explanation Answer – A, B and D One of the articles from AWS mentions what should be done in such a scenario If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: • Change your AWS root account password and the passwords of any IAM users. • Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. • Delete any resources on your account you didn’t create, especially running EC2 instances, EC2 spot bids, or IAM users. • Respond to any notifications you received from AWS Support through the AWS Support Center.
Option C is invalid because there could be compromised instances or resources running on your environment. They should be shut down or stopped immediately. For more information on the article, please visit the below URL https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/ -
Question 4 of 10
4. Question
Your IT Security team has advised you to carry out a penetration test on the resources in their company’s AWS Account. This is as part of their capability to analyze the security of the Infrastructure. What should be done first in this regard?
Correct
Explanation Answer – C This concept is given in the AWS Documentation
Options A, B, and D are all invalid because the first step is to get prior authorization from AWS for penetration tests For more information on penetration testing, please visit the below URL https://aws.amazon.com/security/penetration-testing/Incorrect
Explanation Answer – C This concept is given in the AWS Documentation
Options A, B, and D are all invalid because the first step is to get prior authorization from AWS for penetration tests For more information on penetration testing, please visit the below URL https://aws.amazon.com/security/penetration-testing/Unattempted
Explanation Answer – C This concept is given in the AWS Documentation
Options A, B, and D are all invalid because the first step is to get prior authorization from AWS for penetration tests For more information on penetration testing, please visit the below URL https://aws.amazon.com/security/penetration-testing/ -
Question 5 of 10
5. Question
Your company is planning on hosting an internal network in AWS. They want machines in the VPC to authenticate using private certificates. They want to minimize the work and maintenance in working with certificates. What is the ideal way to fulfill this requirement?
Correct
Explanation Answer – B The AWS Documentation mentions the following ACM is tightly linked with AWS Certificate Manager Private Certificate Authority. You can use ACM PCA to create a private certificate authority (CA) and then use ACM to issue private certificates. These are SSL/TLS X.509 certificates that identify users, computers, applications, services, servers, and other devices internally. Private certificates cannot be publicly trusted
Option A is partially invalid. Windows Server 2016 Certificate Manager can be used but since there is a requirement to “minimize the work and maintenance, AWS Certificate Manager should be used
Options C and D are invalid because these cannot be used for managing certificates. For more information on ACM, please visit the below URL https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.htmlIncorrect
Explanation Answer – B The AWS Documentation mentions the following ACM is tightly linked with AWS Certificate Manager Private Certificate Authority. You can use ACM PCA to create a private certificate authority (CA) and then use ACM to issue private certificates. These are SSL/TLS X.509 certificates that identify users, computers, applications, services, servers, and other devices internally. Private certificates cannot be publicly trusted
Option A is partially invalid. Windows Server 2016 Certificate Manager can be used but since there is a requirement to “minimize the work and maintenance, AWS Certificate Manager should be used
Options C and D are invalid because these cannot be used for managing certificates. For more information on ACM, please visit the below URL https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.htmlUnattempted
Explanation Answer – B The AWS Documentation mentions the following ACM is tightly linked with AWS Certificate Manager Private Certificate Authority. You can use ACM PCA to create a private certificate authority (CA) and then use ACM to issue private certificates. These are SSL/TLS X.509 certificates that identify users, computers, applications, services, servers, and other devices internally. Private certificates cannot be publicly trusted
Option A is partially invalid. Windows Server 2016 Certificate Manager can be used but since there is a requirement to “minimize the work and maintenance, AWS Certificate Manager should be used
Options C and D are invalid because these cannot be used for managing certificates. For more information on ACM, please visit the below URL https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html -
Question 6 of 10
6. Question
You have enabled Cloudtrail logs for your company’s AWS account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved?
Correct
Explanation Answer – B The AWS Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications.
Options A, C, and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.htmlIncorrect
Explanation Answer – B The AWS Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications.
Options A, C, and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.htmlUnattempted
Explanation Answer – B The AWS Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications.
Options A, C, and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html -
Question 7 of 10
7. Question
You have just recently set up a web and database tier in a VPC and hosted the application. When testing the application, you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the issue?
Correct
Explanation Answer – B Use VPC Flow logs to diagnose the traffic
Option A is invalid because this can be used to check for security issues in your account, but not verify as to why you cannot reach the home page for your application
Option C is invalid because this used to protect your app against application-layer attacks, but not verify as to why you cannot reach the home page for your application
Option D is invalid because this used to protect your instance against attacks, but not verify as to why you cannot reach the home page for your application The AWS Documentation mentions the following VPC Flow Logs capture network flow information for a VPC, subnet, or network interface and stores it in Amazon CloudWatch Logs. Flow log data can help customers troubleshoot network issues; for example, to diagnose why specific traffic is not reaching an instance, which might be a result of overly restrictive security group rules. Customers can also use flow logs as a security tool to monitor the traffic that reaches their instances, to profile network traffic, and to look for abnormal traffic behaviors
For more information on AWS Security, please visit the following URL https://aws.amazon.com/answers/networking/vpc-security-capabilities/Incorrect
Explanation Answer – B Use VPC Flow logs to diagnose the traffic
Option A is invalid because this can be used to check for security issues in your account, but not verify as to why you cannot reach the home page for your application
Option C is invalid because this used to protect your app against application-layer attacks, but not verify as to why you cannot reach the home page for your application
Option D is invalid because this used to protect your instance against attacks, but not verify as to why you cannot reach the home page for your application The AWS Documentation mentions the following VPC Flow Logs capture network flow information for a VPC, subnet, or network interface and stores it in Amazon CloudWatch Logs. Flow log data can help customers troubleshoot network issues; for example, to diagnose why specific traffic is not reaching an instance, which might be a result of overly restrictive security group rules. Customers can also use flow logs as a security tool to monitor the traffic that reaches their instances, to profile network traffic, and to look for abnormal traffic behaviors
For more information on AWS Security, please visit the following URL https://aws.amazon.com/answers/networking/vpc-security-capabilities/Unattempted
Explanation Answer – B Use VPC Flow logs to diagnose the traffic
Option A is invalid because this can be used to check for security issues in your account, but not verify as to why you cannot reach the home page for your application
Option C is invalid because this used to protect your app against application-layer attacks, but not verify as to why you cannot reach the home page for your application
Option D is invalid because this used to protect your instance against attacks, but not verify as to why you cannot reach the home page for your application The AWS Documentation mentions the following VPC Flow Logs capture network flow information for a VPC, subnet, or network interface and stores it in Amazon CloudWatch Logs. Flow log data can help customers troubleshoot network issues; for example, to diagnose why specific traffic is not reaching an instance, which might be a result of overly restrictive security group rules. Customers can also use flow logs as a security tool to monitor the traffic that reaches their instances, to profile network traffic, and to look for abnormal traffic behaviors
For more information on AWS Security, please visit the following URL https://aws.amazon.com/answers/networking/vpc-security-capabilities/ -
Question 8 of 10
8. Question
A security team is creating a response plan in the event an employee executes unauthorized actions on AWS infrastructure. They want to include steps to determine if the employee’s IAM permissions changed as part of the incident. What steps should the team document in the plan?
Correct
Explanation Answer – A You can use the AWS Config history to see the history of a particular item. The below snapshot shows an example configuration for a user in AWS Config
Options B, C and D are all invalid because these services cannot be used to see the history of a particular configuration item. This can only be accomplished by AWS Config. For more information on tracking changes in AWS Config, please visit the below URL https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/TrackingChanges.htmlIncorrect
Explanation Answer – A You can use the AWS Config history to see the history of a particular item. The below snapshot shows an example configuration for a user in AWS Config
Options B, C and D are all invalid because these services cannot be used to see the history of a particular configuration item. This can only be accomplished by AWS Config. For more information on tracking changes in AWS Config, please visit the below URL https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/TrackingChanges.htmlUnattempted
Explanation Answer – A You can use the AWS Config history to see the history of a particular item. The below snapshot shows an example configuration for a user in AWS Config
Options B, C and D are all invalid because these services cannot be used to see the history of a particular configuration item. This can only be accomplished by AWS Config. For more information on tracking changes in AWS Config, please visit the below URL https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/TrackingChanges.html -
Question 9 of 10
9. Question
A security team must present a daily briefing to the CISO that includes a report of which of the company’s thousands of EC2 instances and on-premises servers are missing the latest security patches. All instances/servers must be brought into compliance within 24 hours so they do not show up on the next day’s report.
How can the security team fulfill these requirements?Correct
Explanation Answer – B Use the Systems Manager Patch Manager to generate the report and also install the missing patches The AWS Documentation mentions the following AWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Amazon Linux. You can scan instances to see only a report of missing patches, or you can scan and automatically install all missing patches.
Option A is invalid because Amazon QuickSight and Cloud Trail cannot be used to generate the list of servers that don’t meet compliance needs.
Option C is wrong because deploying instances via new AMI’s would impact the applications hosted on these servers
Option D is invalid because Amazon Trusted Advisor cannot be used to generate the list of servers that don’t meet compliance needs. For more information on the AWS Patch Manager, please visit the below URL https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.htmlIncorrect
Explanation Answer – B Use the Systems Manager Patch Manager to generate the report and also install the missing patches The AWS Documentation mentions the following AWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Amazon Linux. You can scan instances to see only a report of missing patches, or you can scan and automatically install all missing patches.
Option A is invalid because Amazon QuickSight and Cloud Trail cannot be used to generate the list of servers that don’t meet compliance needs.
Option C is wrong because deploying instances via new AMI’s would impact the applications hosted on these servers
Option D is invalid because Amazon Trusted Advisor cannot be used to generate the list of servers that don’t meet compliance needs. For more information on the AWS Patch Manager, please visit the below URL https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.htmlUnattempted
Explanation Answer – B Use the Systems Manager Patch Manager to generate the report and also install the missing patches The AWS Documentation mentions the following AWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Amazon Linux. You can scan instances to see only a report of missing patches, or you can scan and automatically install all missing patches.
Option A is invalid because Amazon QuickSight and Cloud Trail cannot be used to generate the list of servers that don’t meet compliance needs.
Option C is wrong because deploying instances via new AMI’s would impact the applications hosted on these servers
Option D is invalid because Amazon Trusted Advisor cannot be used to generate the list of servers that don’t meet compliance needs. For more information on the AWS Patch Manager, please visit the below URL https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html -
Question 10 of 10
10. Question
Your development team has started using AWS resources for development purposes. The AWS account has just been created. Your IT Security team is worried about possible leakage of AWS keys. What is the first level of measure that should be taken to protect the AWS account?
Correct
Explanation Answer – A The first level or measure that should be taken is to delete the keys for the IAM root user When you log into your account and go to your Security Access dashboard, this is the first step that can be seen
Options B and C are wrong because the creation of IAM groups and roles will not change the impact of leakage of AWS root access keys
Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.htmlIncorrect
Explanation Answer – A The first level or measure that should be taken is to delete the keys for the IAM root user When you log into your account and go to your Security Access dashboard, this is the first step that can be seen
Options B and C are wrong because the creation of IAM groups and roles will not change the impact of leakage of AWS root access keys
Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.htmlUnattempted
Explanation Answer – A The first level or measure that should be taken is to delete the keys for the IAM root user When you log into your account and go to your Security Access dashboard, this is the first step that can be seen
Options B and C are wrong because the creation of IAM groups and roles will not change the impact of leakage of AWS root access keys
Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html
- We are offering 495 latest real AWS Certified Security Specialty Exam Questions for practice, which will help you to score higher in your exam.
- Aim for above 85% or above in our mock exams before giving the main exam.
- Do review wrong & right answers and thoroughly go through explanations provided to each question which will help you understand the question.
- Master Cheat Sheet was prepared by instructors which contains personal notes of them for all exam objectives. Carefully written to help you all understand the topics easily. It is recommended to use the Master cheat sheet as a final step of preparation to cram the important topics before the exam.
- Weekly updates: We have a dedicated team updating our question bank on a regular basis, based on the feedback of students on what appeared on the actual exam, as well as through external benchmarking.
The AWS Certified Security (SCS-C02) – Specialty is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads.
The exam has the following content domains and weightings:
• Domain 1: Threat Detection and Incident Response (14% of scored content)
• Domain 2: Security Logging and Monitoring (18% of scored content)
• Domain 3: Infrastructure Security (20% of scored content)
• Domain 4: Identity and Access Management (16% of scored content)
• Domain 5: Data Protection (18% of scored content)
• Domain 6: Management and Security Governance (14% of scored content)
It is recommended to have the below knowledge when attempting AWS Certified Security (SCS-C02) :
• An understanding of specialized data classifications and AWS data protection mechanisms
• An understanding of data-encryption methods and AWS mechanisms to implement them
• An understanding of secure internet protocols and AWS mechanisms to implement them
• A working knowledge of AWS security services and features of services to provide a secure production environment
• Competency from 2 or more years of production deployment experience in using AWS security services and features
• The ability to make tradeoff decisions regarding cost, security, and deployment complexity to meet a set of application requirements
• An understanding of security operations and risks
Recommended Knowledge and Experience
- At least two years of hands-on experience securing AWS workloads
- Security controls for workloads on AWS
- A minimum of five years of IT security experience designing and implementing security solutions
Refer to our FAQ in case of further questions: https://skillcertpro.com/faq
Review AWS study guide here : https://d1.awsstatic.com/training-and-certification/docs-security-spec/AWS-Certified-Security-Specialty_Exam-Guide.pdf
Sona Reddy –
Very well structured set of questions in each of these sample tests. It was quite similar in difficulty to the questions that I faced in the actual certification exam. Provided a great hand-on experience in how one should go about choosing answers in the multi-choice, as many questions in the actual exam have tricky choices. I would greatly recommend these tests for anyone wishing to take the Security specialty certifications. The recommendation to retake the exams till we achieve 80% consistently was spot on!
I was able to successfully get a passing grade thanks to these!
Mohamed Kibriya Kauser –
Answers with detail description helped me in getting a better understanding of. AWS products and offering as well as the value proposition. I took and passed the exam last Monday with a score of. 947/1000
Amit Gupta –
I feel much more confident after practicing the test. These tests are obviously twisted well which I do recommend. The explanations are very specific and up to the point.
Abhinandan Redy –
The first time I took these practice exams . I like the explanations on the answers of the ones I missed and also the ones I got right to reinforce the concepts. These exams gave me a good feel for what to expect on the exam. I’m now AWS Certified. Thank you!
Narendra Mohit –
I passed the Security Speciality exam with 94%. These practice tests were extremely useful. All the questions are carefully drafted along with detailed explanation for all questions.
Kevin Peter –
A definite must-have if you are planning to take the certification! The exams are continuously updated with the latest exam topics. The explanations are in-depth and well-detailed. I’ve used their other courses to pass my other AWS sysops and solutions rchitect exam.
Ganesh Sonsale –
Today passed exam with the help of this exam tests. Thank you very much.
Adam Sojka –
Guys yesterday i passed my AWS security exam with 912 score. I really recommend you to do this course and have at least 80% scores and above before sitting the real exam. What i like in this course that they have very detailed explanations for the topics and for almost all correct and incorrect answers. Thanks and keep up doing great work!
Billy Vollman –
Solutions to the questions are explained in detail. Queries asked were answered quickly in 24 hrs in detail and satisfactory way. I recommend this course to every cloud aspirant.
Anirban Ghosh –
The content for the explanations was thorough and very specific. I learned a lot from the questions that were right and those that were wrong. Very good supportive detail attached to each test.
Ravi Sankar Chamarthi –
This will surely help you to understand features of AWS services thoroughly. I would suggest to new members. Please go though all explanations given for correct as well as incorrect options given. Passed my exam with good score.
Baldeep Bhambra –
Espectacular. Helps a lot to understand AWS and clarify better each concept in it. Not only for the exam but to know more about AWS Security in many aspects of it. Passed!
Jiho Ahn –
Cleared the exam.
These mock tests would really help anyone who wants to get the certification in less than 1-2 weeks’ time.
Would recommend this test series to everyone.
A B –
Passed my exam today, about 60% questions from the dump rest were similar but worded differently. Keep practicing until you hit 80 % in all the practice exams and you will succeed as well.