AWS Certified Security – Specialty (SCS-C02) Exam Guide: Get all the guidance you need to pass the AWS (SCS-C02) exam on your first attempt

Bought book part of my plan to get certified by year end. So far content seems pretty descriptive and nicely explained.

Good overview for the content required for the AWS security certification but expect to do more work before taking the exam depending on your level of experience.

Cannot wait to start studying

The book is riddled with grammatical typos where the incorrect word is used, the book has been spell checked but not proof read. There are also quite a few obvious factual errors, again the book has not been proof read. That’s all the more shocking as it’s a second edition. Also a full 10% of the book comprises the nonsense “exam drill” sections. Very mediocre compared to some of the other packt AWS books

The book is a good as one of the reference materials for the exam, no questions available in the printed book, not even the chapter review questions after each chapter. Authors just included online links to access the questions which is a pain for the printed book readers.

This book covers the most essential topics for the AWS Specialty Security certification (SCS-C02). The online companion website offers five extra questions (only...) per chapter, two online mock exams (currently listed as "Coming Soon", which is disappointing), 80 flashcards, and a useful "Exam tip" section. However, despite some positives, the book has significant flaws. The content is, in my opinion, very confusingly organised. Often, a topic (X) is introduced in a chapter, then another topic (Y) is presented in the same chapter, and later the original topic (X) is revisited in the same chapter. Worse, sometimes the same topic is split across different chapters, repeating concepts or presenting them in fragmented or unclear ways. This non-linear approach confuses readers: why not explain the same concept (X) all at once? Similarly, the book discusses many services in different chapters covering the same security service (e.g., identity management), and it is not clear why a topic that seems to have been covered already is covered again but with a different AWS service. To this end, the book would benefit from including more comparative tables for similar AWS services to help readers understand what a specific AWS service provides differently from another in the same category. Most chapters focus on procedural instructions using the AWS Management Console, resembling a 'point-and-click' process, and overlook underlying security aspects crucial for security specialists. Just to give an example out of several, when discussing key pairs, the book covers only the steps for creating a key on the AWS console without addressing its security implications, such as how keys are actually being securely generated and stored by AWS, how these keys are then used for authentication (e.g., token signing, user identity, or anything else), the security of default settings for keys, or the guarantees against an honest-but-curious AWS. The book simply demonstrates the mechanics of key creation, which is the easiest part and readers can learn by themselves. Examples are fine but (i) they shouldn't replace the explanation of the concepts and underlying security principles; (ii) if one wants to include a procedural example, one should first explain what the example is going to show in some detail ("With this example, we are going to create a key, then store this key here, then use it in this account and finally...."), and then show it step-by-step so interested readers may read it and others may skip it safely, knowing what has been done. Sometimes concepts are introduced only briefly, whereas other times they are either presented in an overly complex or too simplified way. For instance, Amazon Detective is summarised with a couple of very generic statements. In another example, Customer Master Keys (CMKs) are defined as follows: "Customer Master Keys (CMKs) are essential components of KMS as they contain the key material for both encrypting and decrypting data. Think of the CMK as a keychain that holds the key to lock and unlock your valuable belongings. In this case, the belongings are your data, and the keys represent the cryptographic information needed to secure the data." This definition leaves the reader unclear about what CMKs actually are—are they symmetric or public keys (or both), are they generated by AWS or by the customer, are they used to generate keys or just to encrypt data or other keys? Such essential details should be clarified upfront rather than saying "Think of it as..." hence requiring further research by the readers. (Incidentally, note that the term 'Customer Master Keys' has been deprecated since 31 August 2021, making the information in the book outdated.) Most of the time, the book suggests using an AWS-managed solution rather than a customer-managed one. This is problematic for several reasons. Firstly, readers are left unclear about why the AWS-managed solution is superior (e.g., AWS Session Manager vs. bastion host)—with only generic statements about the AWS-managed solution being more 'secure' to allow you to focus on the "core of the application" (forgetting that security experts are primarily concerned with the security aspects, not with the specific applications side of it). Secondly, it implies that, as security professionals, we needn't concern ourselves with security anymore as AWS will handle it for us. Thirdly, not every company can afford all AWS-managed services: hence, including some qualitative cost estimates (e.g., "high/medium/low") would also be helpful for readers with budget constraints who cannot just buy everything. There is also a significant issue with poor image quality: most pictures are low-resolution JPEGs or PNGs that are often unreadable. It is frustrating that the editors didn't check this, especially since even self-published books usually have better resolution images. Why not include vector images, or at least use higher DPI images if vectors aren't feasible, or at least just input text instead of images if unreadable? Some screenshots, such as those including IP addresses, are simply unreadable and lack explanation in the text. The book contains some glaring errors (e.g., on page 7, confusing 'Security in the Cloud' with 'Security of the Cloud'). The book overuses the term 'seamlessly integrated', appearing on almost every page, which gives the impression of a sales pitch, and most of the services are presented from the point of view of AWS rather than from that of the user and with respect to security requirements: hence, the authors often report statements such as "Easy to install", "To facilitate a smooth and secure user experience", "Provides valuable insights", etc., which have nothing to do with discussing a security service but rather provide an AWS point of view—readers need to know what the service actually does/provides, what security guarantees it offers, and how it is implemented. Almost every sub-chapter ends with transitions like 'Now that we've covered X, let's move on to Y', and each chapter concludes with the same 'Exam Readiness Drill' section verbatim. Removing these repetitions would considerably reduce the book's length. Some terms are randomly bolded without a clear reason (maybe due to a pre-production macro that doesn't check context). In summary, the book provides a basic overview of the main topics for the AWS Specialty Security certification but is hindered by significant drawbacks in content organisation, depth, and editorial process. Without proper editorial revision, the book, despite the authors' intent to create valuable material, is destined to be of second-tier quality and will just frustrate the readers. It may serve as a supplementary resource for revising some concepts needed for the exam, but it lacks the depth and clarity expected by cybersecurity professionals.

I am just finishing the first chapter, but so far everything is good

現時点でAWS SCS バージョンC02に対応した数少ない教科書。 ページ数が多く読破に時間がかかる。 広範囲なトピックを広く浅くカバーしている。 浅くなので読者の馴染みの薄い機能の説明は不十分に感じる。 だが知っておくべきトピックが整理されている点で学習の道標にはなる。 時間をかけて準備して正面突破したい人に向いている。 試験はギリギリのスコアで合格できたものの、馴染みの薄い領域の問題が多く出題されたり、知らない機能の名前が選択肢に度々出てきたりして苦戦した。実践寄りのシナリオ問題は本書の説明と基礎的なハンズオン演習では到底カバーできない。そういった点でこの教科書だけでは厳しかったと試験中は感じていた。だが一方で、本書を読み込んでいたおかげで即座に解答できた問題も多くある。一部の機能に関連する問題が多く出題される傾向はあるかも知れないが、多くの人にとって関心のなさそうな機能の問題も出題されるようであり、本書が役に立ったと感じる。 良い点: - 所々のハンズオンが理解の助けになる。 改善して欲しい点: - 同じ説明が何度も繰り返し書かれていて少々イラつくところあり。 - 章末のレビュー問題はオンラインではなく書籍に直接載せて欲しい - オンラインのレビュー問題で選択肢や解説がおかしいものが多々あり、修正を求む - AWS OrganizationとCognitoのハンズオンを追加して欲しい (これは受験後の個人的な感想)