Domain 6 · 14% of Exam

Management & Security Governance

Implement security governance, compliance automation, and organizational security controls across AWS accounts.

What You'll Be Tested On

  • Implement preventive controls with SCPs and permission boundaries
  • Design detective controls with Config rules and Security Hub standards
  • Automate compliance remediation with Config and SSM Automation
  • Implement multi-account security baseline with Control Tower
  • Design security governance for new account provisioning

Key AWS Services in This Domain

🏢Organizations📋Config🎯Security Hub🔑IAM

Exam Tips for Domain 6

💡

Know the difference between preventive (SCPs) and detective (Config) controls

💡

Understand Security Hub standards and how to customize them

💡

Practice designing a security baseline for new accounts

Practice Domain 6 Questions

Test your knowledge of Management & Security Governance with practice questions from our SCS-C02 question bank.

Start Practice Quiz →

Other SCS-C02 Domains

Domain 1Threat Detection & Incident Response14%Domain 2Security Logging & Monitoring18%Domain 3Infrastructure Security20%Domain 4Identity & Access Management16%Domain 5Data Protection18%
← SCS-C02 Study HubFree Mock Exam30-Day Study Plan