AWS Certified Security - Specialty

Course Overview

This course will give you a detailed overview of using AWS security services training to stay secure in the AWS Cloud. The AWS Certified Security – Specialty exam is intended for individuals who perform a security role. The exam validates a candidate’s ability to effectively demonstrate knowledge about securing the AWS platform.

  • The exam also validates whether a candidate has the following:
  • An understanding of specialized data classifications and AWS data protection mechanisms
  • An understanding of data-encryption methods and AWS mechanisms to implement them
  • An understanding of secure internet protocols and AWS mechanisms to implement them
  • A working knowledge of AWS security services and features of services to provide a secure production environment
  • Competency from 2 or more years of production deployment experience in using AWS security services and features
  • The ability to make tradeoff decisions with regard to cost, security, and deployment complexity to meet a set of application requirements An understanding of security operations and risks

Exam Format

  • Exam Duration: 170 Minutes
  • Number of Questions: 65
  • Exam Format: Multiple Choice and Multiple Answer Type Exam
  • Passing Score:75-80%


We recommend that attendees of this course have the following prerequisites

  • AWS Cloud Practitioner
  • AWS Security Fundamentals
  • Architecting on AWS
  • Working knowledge of IT security practices and infrastructure concepts
  • Familiarity with cloud computing concepts

Target Audience

  • Security engineers
  • Security architects
  • Information security

Course Outline

  • Domain 1: Incident Response 12%
  • Domain 2: Logging and Monitoring
  • 20% Domain 3: Infrastructure Security 26%
  • Domain 4: Identity and Access Management 20%
  • Domain 5: Data Protection 22%

Domain 1: Incident Response

  • 1.1 Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
  • Verify that the Incident Response plan includes relevant AWS services
  • Evaluate the configuration of automated alerting, and execute possible remediation of securityrelated incidents and emerging issues
  • Workforce Planning & Employment

Domain 2: Logging and Monitoring

  • 2.1 Design and implement security monitoring and alerting
  • 2.2 Troubleshoot security monitoring and alerting.
  • 2.3 Design and implement a logging solution.
  • 2.4 Troubleshoot logging solutions

Domain 3: Infrastructure Security

  • 3.1 Design edge security on AWS
  • 3.2 Design and implement a secure network infrastructure
  • 3.3 Troubleshoot a secure network infrastructure.
  • 3.4 Design and implement host-based security

Domain 4: Identity and Access Management

  • 4.1 Design and implement a scalable authorization and authentication system to access AWS resources
  • 4.2 Troubleshoot an authorization and authentication system to access AWS resources.
  • 5 step improvement process

Domain 5: Data Protection

  • 5.1 Design and implement key management and use
  • 5.2 Troubleshoot key management
  • 5.3 Design and implement a data encryption solution for data at rest and data in transit