AWS Certified Security - Specialty Questions and Answers

200 questions organized by topic with detailed explanations

AWS
SCS-C03
200 questions
6 topics
Updated May 2026

Detection

32 questions8 easy17 medium7 hard~16% of exam
View All
A team wants broad, continuous visibility into where sensitive data might exist across its Amazon S3 estate before decid...A company needs a searchable, downloadable, and immutable record of the last 90 days of management events in a single AW...A security team enables Amazon GuardDuty in an AWS account for the first time. Which data sources does GuardDuty start a...

Incident Response

28 questions8 easy12 medium8 hard~14% of exam
View All
A team wants a vulnerability management service that automatically discovers and continuously rescans eligible resources...An Amazon Inspector finding is based on a vulnerability that is exploitable over the network, but the affected EC2 insta...A company wants administrators to connect to EC2 instances for incident response without opening inbound SSH or RDP port...

Infrastructure Security

36 questions8 easy19 medium9 hard~18% of exam
View All
A company must identify unintended network access paths relative to its security requirements and demonstrate compliance...Which statement accurately describes the protection scope of AWS Shield Standard and AWS Shield Advanced?A company wants to verify that all network paths between certain resources and internet gateways include expected contro...

Identity and Access Management

40 questions12 easy19 medium9 hard~20% of exam
View All
What is the primary purpose of a permissions boundary for an IAM user or role?A company enabled an external access analyzer in one AWS Region and expects it to monitor all supported resources in eve...A company wants CloudTrail logs to reflect the actual workforce user who accessed downstream AWS managed applications th...

Data Protection

36 questions8 easy19 medium9 hard~18% of exam
View All
A security architect wants full control over KMS key lifecycle and usage permissions for an encryption key used by appli...An object version in Amazon S3 is protected by Object Lock in compliance mode until a future date. An administrator want...A company uses S3 Cross-Region Replication for objects encrypted with a multi-Region KMS key and expects replication to ...

Security Foundations and Governance

28 questions8 easy14 medium6 hard~14% of exam
View All
A platform team wants a configurable account template that standardizes the provisioning of new AWS accounts with pre-ap...A team wants a single CloudFormation template to deploy baseline security resources consistently across multiple AWS acc...A compliance team wants a service that uses prebuilt frameworks, automatically collects evidence for in-scope AWS accoun...

All Questions

#QuestionTopicDifficulty
1What is the primary purpose of a permissions boundary for an IAM user or role?Identity and Access Management
easy
2A company must identify unintended network access paths relative to its security requirements and de...Infrastructure Security
medium
3Which statement accurately describes the protection scope of AWS Shield Standard and AWS Shield Adva...Infrastructure Security
hard
4A company wants to verify that all network paths between certain resources and internet gateways inc...Infrastructure Security
hard
5A platform team wants a configurable account template that standardizes the provisioning of new AWS ...Security Foundations and Governance
medium

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up FreeSign In

Ready to test your knowledge?

Take a full AWS Certified Security - Specialty practice test with timed exam simulation.

Start Practice Test