Prerequisites
- Strong AWS security experience (IAM, KMS, GuardDuty, Security Hub)
- AWS Associate or Professional certification recommended
- 5–6 hours of study time per day
Study Schedule
Day 1IAM & Identity Deep Dive
- IAM policy evaluation logic, cross-account patterns
- Permission boundaries, SCPs, Organizations
- IAM Identity Center, Cognito, federation
- Practice: 40 Domain 4 questions
Day 2Encryption & Data Protection
- KMS key policies, grants, envelope encryption, rotation
- S3 encryption (SSE-S3/KMS/C), Object Lock, Block Public Access
- Secrets Manager rotation, ACM, CloudHSM
- Practice: 40 Domain 5 questions
Day 3Threat Detection & Monitoring
- GuardDuty data sources, finding types, multi-account
- Security Hub standards, ASFF, aggregation
- CloudTrail trails, data events, log integrity
- Practice: 40 Domains 1–2 questions
Day 4Infrastructure & Network Security
- VPC security groups, NACLs, Flow Logs
- Network Firewall, WAF rules, Shield Advanced
- PrivateLink, DNS Firewall, centralized inspection
- Practice: 40 Domain 3 questions
Day 5Incident Response & Forensics
- IR lifecycle on AWS, containment strategies
- Evidence collection (EBS snapshots, memory, logs)
- Automated remediation with EventBridge + Lambda
- Practice: 40 mixed questions
Day 6Governance & Compliance
- Config rules, conformance packs, auto-remediation
- Control Tower, Firewall Manager, Audit Manager
- Multi-account security patterns and delegation
- Practice: 40 Domain 6 questions
Day 7Full Mock Exam & Review
- Take a full 65-question mock exam (170 min)
- Review all incorrect answers
- Revisit weak domains and cheat sheets
- Focus on IAM evaluation and KMS cross-account
Study Tips
IAM policy evaluation and KMS key policies are the #1 exam topics
Know automated incident response patterns end-to-end
Practice explaining the security benefit of each service in one sentence
Ready to Practice?
Put your study plan into action with SCS-C02 practice questions.