AWS Certified Security - Specialty (SCS-C02) glossary
Terms selected for AWS Certified Security - Specialty (SCS-C02) based on common objective language and practice focus.
Zero Trust
Security model that assumes no implicit trust and continuously verifies identity, device, and context for every request.
Read full term ->IAM Permission Boundary
Policy type that sets maximum permissions an IAM principal can receive through attached policies.
Read full term ->IAM Access Analyzer
Service that identifies resources shared externally and helps validate least-privilege access intent.
Read full term ->KMS Key Policy
Primary authorization document controlling how principals can use and administer a KMS key.
Read full term ->Envelope Encryption
Pattern that encrypts data with a data key and protects the data key with a master key.
Read full term ->AWS CloudHSM
Managed hardware security module service for cryptographic key operations with dedicated hardware control.
Read full term ->Secrets Rotation Policy
Defined cadence and process for rotating credentials to reduce key and password exposure risk.
Read full term ->AWS Security Hub
Centralized security posture service that aggregates findings and compliance checks across AWS accounts.
Read full term ->Amazon GuardDuty
Threat detection service that analyzes logs and telemetry to identify suspicious activity and potential compromise.
Read full term ->Amazon Detective
Investigation service that correlates security data to accelerate root-cause analysis.
Read full term ->Amazon Inspector
Automated vulnerability management service for EC2, ECR, and Lambda package scanning.
Read full term ->Amazon Macie
Data security service that discovers and classifies sensitive data in S3 using machine learning and pattern matching.
Read full term ->AWS WAF Managed Rules
Prebuilt web ACL rule groups that help protect applications from common web exploits.
Read full term ->AWS Shield Advanced
Enhanced DDoS protection service with advanced detection, response support, and cost protections.
Read full term ->Centralized Security Logging
Pattern for collecting and retaining audit and security logs from multiple accounts into controlled destinations.
Read full term ->Incident Response Playbook
Predefined set of detection, containment, eradication, and recovery steps for security incidents.
Read full term ->SCP Guardrails
Organization-level preventive controls that restrict disallowed actions across member accounts.
Read full term ->Data Perimeter
Control strategy using identity, network, and resource policies to keep data access within trusted boundaries.
Read full term ->