AWS Certified Security - Specialty (SCS-C03) Audio Study Guide & Podcasts

Andrew and Ava unpack two classic AWS Security Specialty traps: where AWS WAF actually works (edge vs regional) and what Security Groups can’t do (deny, ordering, subnet-level magic). Plus: exam keyword tells, misdirection, and a tiny bit of emotional damage recovery.

Andrew and Ava break down the AWS incident response lifecycle, the difference between containment and eradication, and why your “just check CloudTrail” plan is how breaches become biographies. Plus: playbooks vs runbooks, evidence preservation, and exam-trap keywords.

Andrew and Ava unpack the governance reality behind CloudWatch and Security Hub: what they are, what they’re not, and how the exam tries to trick you into treating “turn it on” like a compliance strategy.

Andrew drags KMS and encryption patterns back to reality: CMKs aren’t exportable, KMS is regional (unless you do the work), and TLS-at-the-ELB is not end-to-end. Ava tries to memorize everything without crying. Mostly succeeds.

Andrew drags Ava through IAM reality: how AWS evaluates access, why SCPs don’t “grant” anything, what MFA actually does, and why least privilege is harder than just deleting '*' from your policies.

Andrew and Ava break down AWS detection fundamentals for the Security Specialty: CloudTrail management vs data events, and how centralized logging actually becomes detection (not just expensive storage). Plus: exam traps, confusing wording, and the emotional damage of multi-region trails.