AWS Certified Security - Specialty Exam
65-question written exam with multiple-choice, multiple-response, ordering, and matching question types.
- Type
- Written
- Delivery
- Both
- Duration
- 170 min
- Questions
- 65
Passing score: 750 Scaled score on a 100 to 1,000 scale
Exam sections
Domain 1: Detection
This section focuses on logging and monitoring strategies, including the use of AWS security services to identify potential threats. Candidates must demonstrate expertise in vulnerability management and maintaining visibility into security events across the AWS infrastructure.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Focus on logging and monitoring strategies and vulnerability management in the cloud.
Domain 2: Incident Response
Covers security incident prevention and response strategies, including root cause analysis. Candidates are tested on their ability to implement disaster recovery controls and backup strategies to ensure business continuity and minimize the impact of security incidents.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Review incident prevention and response strategies, including root cause analysis and disaster recovery.
Domain 3: Infrastructure Security
Involves developing firewall rules at scale for layers 3–7 and implementing secure internet protocols. This section validates knowledge of using AWS security services to ensure secure production environments and effectively managing software supply chain risks.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Understand secure internet protocols and developing firewall rules at scale for layers 3-7.
Domain 4: Identity and Access Management
Tests the ability to manage identity at scale and apply the AWS shared responsibility model. It includes implementing fine-grained access controls, multi-account governance, and ensuring that authorization and authentication mechanisms are securely configured.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Focus on managing identity at scale and applying the AWS shared responsibility model.
Domain 5: Data Protection
Covers data encryption methodologies for data both at-rest and in-transit. Candidates must understand specialized data classifications and AWS encryption mechanisms to protect sensitive information across various AWS services while managing complex deployment requirements.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Study data encryption methodologies (at-rest and in-transit) and specialized data classifications.
Domain 6: Security Foundations and Governance
Focuses on multi-account governance, security operations, and audit readiness. It requires an understanding of tradeoffs between cost, security, and deployment complexity, as well as the ability to apply foundational security principles to meet application requirements.
Question notes
Multiple choice, multiple response, ordering, and matching questions.
Preparation tips
Practice multi-account governance and understanding tradeoffs between cost, security, and complexity.
