AWS Security Specialty (SCS-C03) pattern recognition

Control scope and boundary placement are the recurring decision in SCS-C03

IAM permission design questions form one major cluster: which policy type, applied at which scope, with which trust relationship, satisfies the least-privilege requirement in the described architecture. Encryption design questions form a second: the decision between KMS managed keys, CMKs, envelope encryption, and key policy versus IAM policy scope appears across multiple question types with different service contexts. Incident response scenario questions test whether the described event maps to a GuardDuty finding, a Config rule violation, or a CloudTrail anomaly, and which response action follows. VPC security boundary questions complete the main structural clusters: security group versus NACL versus WAF, and which layer handles which traffic type.