📅 90-Day SCS-C02 Study Plan

A comprehensive three-month study plan for professionals building deep AWS security expertise from Associate-level foundations.

About This Study Plan

This 90-day study plan breaks the SCS-C02 (AWS Security Specialty) exam preparation into 7 focused study sessions with a total of 28 actionable tasks. The plan covers all 6 exam domains — Threat Detection & Incident Response, Security Logging & Monitoring, Infrastructure Security, Identity & Access Management, Data Protection, Management & Security Governance — ensuring complete coverage of the exam blueprint. A comprehensive three-month study plan for professionals building deep AWS security expertise from Associate-level foundations.

7Study Sessions
28Total Tasks
6Domains Covered

Prerequisites

  • AWS Associate certification (SAA or SOA recommended)
  • Basic understanding of security concepts and networking
  • 1–2 hours of study time per day

Study Schedule

Weeks 1–2Security Foundations & IAM
  • AWS shared responsibility model, security services overview
  • IAM deep dive: policies, roles, evaluation, conditions
  • Cross-account access, resource policies, STS
  • Hands-on: create cross-account access patterns
Weeks 3–4Organizations & Identity
  • Organizations, SCPs, OUs, governance patterns
  • IAM Identity Center, federation, Cognito
  • Permission boundaries, Access Analyzer
  • Practice: 50+ identity and access management questions
Weeks 5–6Encryption & Key Management
  • KMS in depth: key types, policies, grants, context
  • Envelope encryption, rotation, custom key stores
  • CloudHSM, ACM, certificate management
  • Hands-on: implement KMS cross-account encryption
Weeks 7–8Data Protection & Secrets
  • S3 security: encryption, Object Lock, access control
  • Secrets Manager, Parameter Store, rotation
  • Macie for sensitive data discovery
  • Practice: 50+ data protection questions
Weeks 9–10Detection & Logging
  • GuardDuty, Security Hub, Inspector, Detective
  • CloudTrail, CloudWatch, centralized logging
  • Automated detection and alerting patterns
  • Hands-on: configure multi-account GuardDuty
Weeks 11–12Infrastructure Security & IR
  • Network Firewall, WAF, Shield, GWLB
  • VPC security, PrivateLink, DNS Firewall
  • Incident response procedures and automation
  • Practice: 50+ threat detection and infrastructure questions
Week 13Governance & Final Review
  • Config, Control Tower, Firewall Manager, Audit Manager
  • Take 2–3 full mock exams
  • Review all cheat sheets and flashcards
  • Focus on IAM evaluation and KMS patterns

Study Tips

💡

Security is the broadest AWS specialty — build a strong foundation before going deep

💡

Create a lab account and implement security controls hands-on

💡

IAM policy evaluation logic appears in ~20% of questions — master it

💡

Practice writing and debugging IAM policies from scratch

Ready to Practice?

Put your study plan into action with AWS Security Specialty practice questions.

Start Practice Quiz →Take Mock Exam

Other Study Plans

7 Days

7-Day SCS-C02 Crash Plan

30 Days

30-Day SCS-C02 Study Plan

← AWS Security Specialty Study HubFree Mock Exam