📅 30-Day SCS-C02 Study Plan

A balanced four-week study plan covering all SCS-C02 domains with daily practice and weekly assessments.

About This Study Plan

This 30-day study plan breaks the SCS-C02 (AWS Security Specialty) exam preparation into 8 focused study sessions with a total of 32 actionable tasks. The plan covers all 6 exam domains — Threat Detection & Incident Response, Security Logging & Monitoring, Infrastructure Security, Identity & Access Management, Data Protection, Management & Security Governance — ensuring complete coverage of the exam blueprint. A balanced four-week study plan covering all SCS-C02 domains with daily practice and weekly assessments.

8Study Sessions
32Total Tasks
6Domains Covered

Prerequisites

  • AWS Associate certification or 1+ year hands-on AWS experience
  • Basic understanding of security concepts (IAM, encryption, networking)
  • 2–3 hours of study time per day

Study Schedule

Days 1–4IAM & Organizations
  • IAM policies, roles, evaluation logic, conditions
  • Cross-account access patterns, STS, resource policies
  • Organizations, SCPs, OUs, delegated administration
  • Practice: 30 IAM & access questions
Days 5–8Identity & Federation
  • IAM Identity Center, permission sets, account assignments
  • SAML and OIDC federation, external IdPs
  • Cognito User Pools, Identity Pools, MFA
  • Practice: 30 identity questions
Days 9–12KMS & Data Encryption
  • CMK types, key policies, grants, encryption context
  • Envelope encryption, key rotation, multi-region keys
  • S3 encryption options, Object Lock, Block Public Access
  • Practice: 30 encryption questions
Days 13–15Secrets & Week 2 Review
  • Secrets Manager rotation, cross-account, replication
  • Parameter Store SecureString, ACM, CloudHSM
  • Mini mock: 30 IAM and data protection questions
  • Review IAM and KMS cheat sheets
Days 16–19Detection & Monitoring
  • GuardDuty: data sources, findings, multi-account
  • Security Hub: standards, ASFF, aggregation, scoring
  • CloudTrail: organization trails, data events, log integrity
  • Practice: 30 detection questions
Days 20–23Network & Infrastructure Security
  • VPC security, Network Firewall, GWLB
  • WAF rules, Shield, Firewall Manager
  • DNS Firewall, PrivateLink, VPC Flow Logs
  • Practice: 30 infrastructure security questions
Days 24–27Incident Response & Governance
  • IR procedures, containment, forensics, automation
  • Config rules, conformance packs, remediation
  • Control Tower, compliance standards, Audit Manager
  • Practice: 30 governance questions
Days 28–30Full Mocks & Final Review
  • Take two full 65-question mock exams (170 min)
  • Review all incorrect answers
  • Final cheat sheet and flashcard review
  • Focus on weak areas identified in mocks

Study Tips

💡

IAM and KMS together make up a huge portion of the exam

💡

Practice writing IAM policies by hand to internalize the syntax

💡

Know how every detection service (GuardDuty, Inspector, Macie, Config) integrates with Security Hub

💡

Practice incident response scenarios: detection → containment → recovery

Ready to Practice?

Put your study plan into action with AWS Security Specialty practice questions.

Start Practice Quiz →Take Mock Exam

Other Study Plans

7 Days

7-Day SCS-C02 Crash Plan

90 Days

90-Day SCS-C02 Study Plan

← AWS Security Specialty Study HubFree Mock Exam