This exam was the last exam I took in 2025 in the series of three I sat for in the span of two weeks. This was the renewal exam for me, but this was the first time taking the SCS-C03.
Content Review
This version of the exam content is drastically different from the first. Not in that there are more security tools in AWS to familiarize yourself with, but that this was a test of how to secure any given workload for any given set of requirements. The first time I took this exam, there were quite a few more questions around what tool was right for the security task and common integration patterns of security tooling. This time, the questions were centered on you having experience with a variety of workloads, with cloud architecture, and awareness of securing Generative AI solutions. It was a welcomed shift because I’d already been studying for the Solution Architect Pro exam and Generative AI Pro exam. But I know for a fact I would not have been prepared because none of the current Udemy courses really had been fully adapted to this version of the exam at the time I was studying.
There were questions on evaluating SCP having an expected effect where ability to understand AWS Organizations was important. There were questions on the ability of Security Hub to ingest alerting and logging from other AWS security services to aggregate alerts in a single pane. There’s questions about HSM keys being used in KMS and what are the operational requirements for that to happen. There were a few questions on what steps you should take in troubleshooting access issues that change after an event for any given resource. Lastly there were questions around what would you do to quickly and effectively stop malicious behavior without negatively impacting a production application. The questions varied a good bit, but definitely required more situational awareness than the previous exam version.
How I studied
This version of the exam doesn’t have a lot of course material out there yet, but I did use SkillBuilder Exam Preparation course for practice questions and reviewing the new distribution between the different domains. Zeal Vora’s AWS Certified Security - Specialty course on Udemy helped me dust off the cobb webs on services I didn’t use day to day. His deep dives are also really helpful because he articulates lessons learned from his extensive experience in cloud security engineering during his demonstrations.
But what prepared me most for this exam was experience in setting up security infrastructure at enterprise scale at work and reading about different TTPs (Tactics, Techniques, and Procedures) of threat actors out in the wild. Interestingly enough my experience on the TryHackMe platform helped me think through “how would someone attack this particular cloud resource?” While I spent more time studying and learning AWS in 2025, my 2024 THM platform experience helped me navigate the situation presented in each question through the lens of the attacker and the protector.
I finished the exam with ~25 minutes to spare and review the questions I’d flagged. Some of which were on IAM policies for IoT things(and yes, they are legitimately called things lol) and one on Resource control policies and how they behave in combination with other identity and resource based policies. All in all I felt challenged by the questions despite having so much time to review. I was appreciative of the fact it was the last exam for the year and I did my best to prepare.
Top comments (0)