Review a compact AWS Certified Security - Specialty (SCS-C03) cheat sheet for detection, incident response, infrastructure security, IAM, data protection, governance, and AWS security operations before using IT Mastery sample questions.
Use this cheat sheet to separate AWS security domains before trying the SCS-C03 sample questions. The current SCS-C03 page includes original sample questions and exam guidance while full IT Mastery practice is being prioritized.
| Item | Review cue |
|---|---|
| Exam route | AWS Certified Security - Specialty |
| Exam code | SCS-C03 |
| Items | 65 total, including scored and unscored items |
| Current page status | Sample questions available |
| Best use | Practice AWS detection, response, infrastructure protection, IAM, data protection, and governance decisions |
| Domain | Weight | What to know | Common trap |
|---|---|---|---|
| Detection | 16% | GuardDuty, CloudTrail, Security Hub, logging, findings, alert signals | using the wrong log source for the evidence needed |
| Incident Response | 14% | containment, investigation, automation, forensics, access isolation | deleting evidence before preserving investigation data |
| Infrastructure Security | 18% | VPC controls, endpoints, security groups, inspection, patching | relying on public paths when private controls fit |
| Identity and Access Management | 20% | IAM policies, roles, boundaries, Organizations, least privilege | using broad permissions instead of scoped roles and guardrails |
| Data Protection | 18% | KMS, encryption, S3 controls, secrets, data classification | encrypting data but leaving access policy too broad |
| Security Foundations and Governance | 14% | account strategy, audit, compliance, policy, control validation | treating governance as documentation only |
| Distinction | Exam reflex |
|---|---|
| CloudTrail vs VPC Flow Logs | CloudTrail records API activity. Flow Logs record network traffic metadata. |
| IAM policy vs SCP | IAM grants permissions. SCPs set account-level permission boundaries. |
| KMS key policy vs IAM policy | Both can matter for key use; key policies are central to KMS authorization. |
| GuardDuty vs Security Hub | GuardDuty detects threats. Security Hub aggregates and prioritizes findings. |
| Security group vs network ACL | Security groups are stateful. Network ACLs are stateless. |
For each SCS-C03 miss, mark whether the weakness is signal selection, response sequence, network protection, identity, data protection, or governance. If many misses come from IAM or logging evidence, drill those before attempting another mixed security set.