AWS Certified Security – Specialty — free practice exam
87 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| Domain 1: Detection | 18% |
| Domain 2: Incident Response | 14% |
| Domain 3: Identity and Access Management | 20% |
| Domain 4: Infrastructure Security | 17% |
| Domain 5: Data Protection | 20% |
| Domain 6: Security Foundations and Governance | 11% |
Sample practice questions
- What is the MOST appropriate AWS solution to automate containment playbooks?
- What is the MOST appropriate AWS solution to classify and protect PII in S3?
- What is the MOST appropriate AWS solution to continuous compliance auditing?
- What is the MOST appropriate AWS solution to detect malicious API activity?
- What is the MOST appropriate AWS solution to encrypt S3 with CMKs?
- What is the MOST appropriate AWS solution to enforce MFA for console users?
- What is the MOST appropriate AWS solution to enforce encryption in transit?
- What is the MOST appropriate AWS solution to federate workforce access?
- What is the MOST appropriate AWS solution to find suspicious IAM behavior?
- What is the MOST appropriate AWS solution to mitigate DDoS?
- What is the MOST appropriate AWS solution to use permission boundaries for delegated admins?
- What is the MOST appropriate AWS solution to protect web apps from OWASP Top 10?
- An audit found gaps: the organization must detect threats in Kubernetes. Which option addresses this? detect threats…
- An audit found gaps: the organization must test IR with simulations. Which option addresses this? test IR with…
- An audit found gaps: the organization must use IAM Access Analyzer for external access. Which option addresses this?…
- An audit found gaps: the organization must secure EKS API endpoint. Which option addresses this? secure EKS API…
- An audit found gaps: the organization must use Network Firewall for egress control. Which option addresses this? use…
- An audit found gaps: the organization must enforce encryption in transit. Which option addresses this? enforce…
- An audit found gaps: the organization must use HSM-backed keys for strict compliance. Which option addresses this? use…
- An audit found gaps: the organization must tokenize PAN data in applications. Which option addresses this? tokenize…
- A company needs to block public S3 access account-wide. Which option meets the requirement with the LEAST…
- A company needs to centralize log storage with immutability. Which option meets the requirement with the LEAST…
- A company needs to continuous compliance auditing. Which option meets the requirement with the LEAST implementation…
- A company needs to detect malware on EC2. Which option meets the requirement with the LEAST implementation effort?…
Browse all 87 indexed questions for this exam.