UP TO 50% OFF on Combo Courses!

AWS Certified Security Specialty (SCS-C02) Certification Training Course
Read Reviews

The AWS Certified Security Specialty certification course provides comprehensive training in advanced cloud security and securing applications within the AWS environment. This highly regarded certification offers numerous advantages over other certifications and qualifies you for prestigious job roles. With our AWS Certified Security Specialty Training, you will acquire the necessary knowledge to successfully pass the certification exam and gain hands-on experience in advanced cloud security.

Course Highlights

  • 30 hrs of instructor-led training
  • Blended learning delivery model
  • Certified Trainer
  • Training Certificate

Accredited By

InfosecTrain Learning Bonanza Offer Buy 1 Get 4*

Register for any Course and get 4 eLearning (Worth USD 199 Self-paced Learning) Courses 100% free. Don't miss this offer Enroll Now

  • Cyber Security Engineer Masterclass
  • Cyber Security Fundamentals (JCP)
  • Introduction of Data Privacy
  • Red Team Ethical Hacking Masterclass

*All 4 free courses are eLearning modules, providing self-paced learning through instructional videos. Offer valid till March 31st, 2024.

Choose your Preferred Learning Mode



Customized schedule
Learn at your dedicated hour
Instant clarification of doubt
Guaranteed to run

Get Started


Flexibility, Convenience & Time Saving
More Effective
Learning Cost Savings

Classes starting from

5th Sep: Weekend

15th Sep: Weekday

ENROLL NOW Preferred


Anytime, Anywhere – Across The Globe
Hire A Trainer
At Your Own Pace
Customized Corporate Training

Contact US For Business
customized training

Looking for a customized training?


Course Description


The AWS Certified Security Specialty certification training program from InfosecTrain is specifically designed to provide you with a comprehensive understanding of AWS Security Architecture. You will gain the skills needed to design, deploy, and manage security infrastructure on the AWS Cloud Platform. This knowledge will enable you to effectively secure your organization’s AWS infrastructure and protect it against cyber threats. By completing this course, you will be well-prepared to confidently take the AWS Certified Security Specialty certification exam.

Along with the right kind of theoretical knowledge to achieve the certification, you will also receive hands-on experience on certain specific services during this AWS Security training.

AWS Certified Security Specialty (SCS-C02) Exam Domains
  • Domain 1: Threat Detection and Incident Response – 14%
  • Domain 2: Security Logging and Monitoring – 18%
  • Domain 3: Infrastructure Security – 20%
  • Domain 4: Identity and Access Management – 16%
  • Domain 5: Data Protection – 18%
  • Daomin 6: Management and Security Governance – 14%
Why AWS Certified Security Specialty (SCS-C02) Certification Training with Infosectrain?
InfosecTrain is a proficient technology and security training and consulting organization across the globe, specializing in various IT security courses and services. Our AWS Certified Security Specialty certification training aims to provide you the knowledge of the entire AWS security architecture. You can leverage the following benefits with InfosecTrain:

  • We can help you present your qualifications and work experience for the designated profile.
  • We provide a flexible training schedule.
  • We provide post-training assistance.
  • We create groups for discussions.
  • We also provide a certificate of participation to each candidate..

Target Audience

  • Candidates with an understanding of IT security and Cybersecurity concepts
  • Those who are working in cloud computing and security domains looking to specialize in AWS Security Architecture
  • Those who completed the AWS Associate level certifications and want to specialize in security.
  • Those who want to build their career in AWS Security


  • IT/Cyber Security Concepts
  • Knowledge Mapping to AWS Associate level certifications (Certification not mandatory)
  • Virtualization concepts
  • Basic understanding of networking and OS concepts
  • The ideal applicant should have 3-5 years of expertise in designing and implementing security solutions. Furthermore, the ideal applicant should have at least 2 years of hands-on experience securing AWS workloads.

Exam Information

To achieve the highly valued credentials of AWS Certified Security – Specialty , you need to pass the following exam:

Exam Code SCS-C02
Exam Format Multiple Choice, Multiple Response
Number of Questions 65
Exam Duration 170 minutes
Passing Score 750/1000
Languages English, French, German, Italian, Japanese, Korean, Portuguese, Simplified Chinese, and Spanish.



1 + 3 =

Course Objectives

You will be able to:

  • Understand the security controls for AWS environments and workloads.
  • Understand security logging and monitoring capabilities.
  • Design and implement identity and Access management architecture.
  • Learn Encryption and Key Management for DAR and DIT
  • Manage Data retention and lifecycle management.
  • Understand Multi-account governance and organizational compliance
  • Threat detection and Incident response strategies
  • Vulnerability management and Security automation
  • Gain authentication of technical expertise to design, deploy and operate AWS applications
  • Gaining customer trust and satisfaction as a certified professional
  • Preference by the employer for job roles due to recognition of knowledge and skills
  • Better salary and stability of a job

Course Content

Domain 1: Threat Detection and Incident Response

Design and implement an incident response plan

  • Incident Response Strategy
  • Roles and responsibilities in IR plan specific to cloud incidents.
  • Use case 1: Credentials compromise.
  • Use case 2: Compromised EC2 Instances
  • Playbooks and Runbooks for IR
  • AWS Specific services helpful in Incident Response
  • Third-party integration concepts
  • Centralize security finding with security hub

Detect security threats and anomalies by using AWS services

  • Threat detection services specific to AWS
  • Visualizing and Detecting anomalies and correlation techniques
  • Evaluate finding from security services
  • Performing queries for validating security events
  • Create metrics filters and dashboards to detect Anomalous activity

Respond to compromised resources and workloads

  • AWS Security IR Guide
  • Automating remediation by using AWS services
  • Compromised resource management.
  • Investigating and analyzing to conduct Root cause and log analysis.
  • Capturing relevant forensics data from a compromised resource
  • Protecting and preserving forensic artifacts
  • Post-incident recovery

Domain 2: Security Logging and Monitoring

  • Design and Implement monitoring and alerting to address security events
  • Key AWS services for monitoring and alerting
  • Monitoring metrics and baselines
  • Analyzing environments and workloads to determine monitoring requirements according to
  • business and security requirements
  • Setting up tools and scripts to perform regular audits

Troubleshoot security monitoring and alerting

  • Configuring of monitoring services and collecting event data
  • Application monitoring, alerting, and visibility challenges

Design and implement a logging solution

  • Key logging services and attributes
  • Log destinations, Ingestion points and lifecycle management
  • Logging specific to services and applications

Troubleshoot logging solutions

  • AWS services that provide data sources and logging capabilities
  • Access permissions that are necessary for logging
  • Identifying misconfigurations and remediations specific to logging
  • Reasons for missing logs and performing remediation steps

Design a log analysis solution

  • Services and tools to analyze captured logs
  • Identifying patterns in logs to indicate anomalies and known threats
  • Log analysis features for AWS services
  • Log format and components
  • Normalizing, parsing, and correlating logs

Domain 3: Infrastructure Security
Design and implement security controls for edge services

  • Define edge security strategies and security features
  • Select proper edge services based on anticipated threats and attacks and define proper
  • protection mechanisms based on that
  • Define layered Defense (Defense in Depth) mechanisms
  • Applying restrictions based on different criteria
  • Enable logging and monitoring across edge services to indicate attacks

Design and implement network security controls

  • VPC security mechanisms including Security Groups, NACLs, and Network firewall
  • Traffic Mirroring and VPC Flow Logs
  • VPC Security mechanisms and implement network segmentation based on security requirements
  • Network traffic management and segmentation
  • Inter-VPC connectivity, Traffic isolation, and VPN concepts and deployment
  • Peering and Transit Gateway
  • AWS Point to Site and Site to Site VPN, Direct Connect
  • Continuous optimization by identifying and removing unnecessary network access

Design and implement security controls for compute workloads

  • Provisioning and maintenance of EC2 instances
  • Create hardened images and backups
  • Applying instance and service roles for defining permissions
  • Host-based security mechanisms
  • Vulnerability assessment using AWS Inspector
  • Passing secrets and credentials security to computing workloads

Troubleshoot network security
Identifying, interpreting, and prioritizing network connectivity and analyzing reachability
Analyse log sources to identify problems
Network traffic sampling using traffic mirroring

Domain 4: Identity and Access Management
Design, implement and troubleshoot authentication for AWS resources

  • Identity and Access Management
  • Establish identity through an authentication system based on requirements.
  • Managed Identities, Identity federation
  • AWS Identity center, IAM and Cognito
  • MFA, Conditional access, STS
  • Troubleshoot authentication issues

Design, implement and troubleshoot authorization for AWS resources

  • IAM policies and types
  • Policy structure and troubleshooting
  • Troubleshoot authorization issues
  • ABAC and RBAC strategies
  • Principle of least privilege and Separation of duties
  • Investigate unintended permissions, authorization, or privileges

Domain 5: Data Protection
Design and implement controls that provide confidentiality and integrity for data in transit

  • Design secure connectivity between AWS and on-premises networks
  • Design mechanisms to require encryption when connecting to resources.
  • Requiring DIT encryption for AWS API calls.
  • Design mechanisms to forward traffic over secure connections.
  • Designing cross-region networking

Design and implement controls that provide confidentiality and integrity for data at rest

  • Encryption and integrity concepts
  • Resource policies
  • Configure services to activate encryption for data at rest and to protect data integrity by preventing
  • modifications.
  • Cloud HSM and KMS

Design and implement controls to manage the data lifecycle at rest

  • Lifecycle policies and configurations
  • Automated life cycle management
  • Establishing schedules and retention for AWS backup across AWS services.

Design and implement controls to protect credentials, secrets, and cryptographic key materials

  • Designing management and rotation of secrets for workloads using a secret manager
  • Designing KMS key policies to limit key usage to authorized users.
  • Establishing mechanisms to import and remove customer-provider key material.

Domain 6: Management and Security Governance
Design and strategy to centrally deploy and manage AWS accounts

  • Multi account strategies using AWS organization and Control tower
  • SCPs and Policy multi-account policy enforcement
  • Centralized management of security services and aggregation of findings
  • Securing root account access

Implement a secure and consistent deployment strategy for cloud resources

  • Deployment best practices with Infrastructure as a code
  • Tagging and metadata
  • Configure and deploy portfolios of approved AWS services.
  • Securely sharing resources across AWS accounts
  • Visibility and control over AWS infrastructure

Evaluate compliance of AWS resources

  • Data classification by using AWS services
  • Define config rules for detection of non-compliant AWS resources.
  • Collecting and organizing evidence by using Security Hub and AWS audit manager

Identify security gaps through architectural reviews and cost analysis

  • AWS cost and usage anomaly identification
  • Strategies to reduce attack surfaces
  • AWS well-architected framework to identify security gaps

Need customized curriculum? Talk to Advisor

Course Advisor

Course Benefits

AWS Certified Security Specialty Benefits

Here's What people are saying about InfosecTrain

Benefits You Will Access Why Infosec Train

Student-infosectrain Certified & Experienced Instructors
24x71-infosectrain Post Training Support
tailor-infosectrain Customized Training
flexible-infosectrain Flexible Schedule
video1-infosectrain Access to Recorded Sessions


1. How many questions are on the AWS Certified Security Specialty exam?
The AWS Certified Security Specialty exam typically consists of 65 multiple-choice and multiple-answer questions.
2. How difficult is AWS security Speciality certification?
The AWS Certified Security Specialty certification is considered to be one of the more challenging certifications offered by AWS. It focuses specifically on advanced cloud security topics and requires a deep understanding of AWS security services, best practices, and industry-standard security protocols.
3. Is AWS security specialty certification worth it?
Yes, the AWS Certified Security Specialty certification is highly regarded and can be worth pursuing. It validates advanced security skills specific to the AWS platform, demonstrating expertise in designing and managing secure infrastructure on AWS. The certification is recognized in the industry, opening up job opportunities and differentiating individuals in the competitive market.
4. What is the average salary for an AWS security specialty professional?
The average salary for individuals holding the AWS Certified Security Specialty certification typically ranges from $100,000 to $150,000 annually.
5. What is the passing score for AWS Security Speciality?
The passing score for the AWS Certified Security Specialty exam is 750 out of 1000.
6. What are the roles of AWS security specialists?
AWS Security Specialists play a crucial role in ensuring the security and compliance of AWS cloud environments.
7. What are the job duties of a security specialist?
AWS Security specialists are responsible for identifying and mitigating security risks, implementing security measures, developing policies and procedures, responding to incidents, conducting audits, and ensuring compliance with regulations to protect organizations from cyber threats.
8. What skills do you need to be a cloud security specialist?
To be a cloud security specialist, you need skills such as:

  • Cloud platform knowledge
  • Security best practices
  • Cloud security services
  • Compliance and regulations
  • Risk assessment and management
  • Security monitoring and incident response
  • Network and infrastructure security
  • Cloud security architecture
  • Communication and collaboration

Latest Blog Posts