Domain 3 · 20% of Exam

Infrastructure Security

Design and implement secure network architectures, edge protection, and compute security on AWS.

What You'll Be Tested On

  • Design secure VPC architectures with segmentation and isolation
  • Implement edge security (WAF, Shield, CloudFront, Network Firewall)
  • Configure secure connectivity (VPN, Direct Connect, PrivateLink)
  • Implement host-based security (Inspector, SSM Patch Manager)
  • Design centralized network inspection architectures

Key AWS Services in This Domain

🌐VPC Security🧱Network Firewall🛡️WAF & Shield📜Certificate Manager

Exam Tips for Domain 3

💡

Know defense-in-depth layers: edge → VPC → subnet → instance

💡

Understand Network Firewall rule evaluation and inspection VPC patterns

💡

Practice designing centralized egress filtering with TGW + Network Firewall

Practice Domain 3 Questions

Test your knowledge of Infrastructure Security with practice questions from our SCS-C02 question bank.

Start Practice Quiz →

Other SCS-C02 Domains

Domain 1Threat Detection & Incident Response14%Domain 2Security Logging & Monitoring18%Domain 4Identity & Access Management16%Domain 5Data Protection18%Domain 6Management & Security Governance14%
← SCS-C02 Study HubFree Mock Exam30-Day Study Plan