eBook - ePub
AWS Certified Security – Specialty Exam Guide
Stuart Scott
This is a test
Share book
- 558 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
AWS Certified Security – Specialty Exam Guide
Stuart Scott
Book details
Book preview
Table of contents
Citations
About This Book
Get to grips with the fundamentals of cloud security and prepare for the AWS Security Specialty exam with the help of this comprehensive certification guideKey Features• Learn the fundamentals of security with this fast-paced guide• Develop modern cloud security skills to build effective security solutions• Answer practice questions and take mock tests to pass the exam with confidenceBook DescriptionAWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security, and deployment complexity.By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.What you will learn• Understand how to identify and mitigate security incidents• Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements• Work with the AWS shared responsibility model• Secure your AWS public cloud in different layers of cloud computing• Discover how to implement authentication through federated and mobile access• Monitor and log tasks effectively using AWSWho this book is forIf you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is AWS Certified Security – Specialty Exam Guide an online PDF/ePUB?
Yes, you can access AWS Certified Security – Specialty Exam Guide by Stuart Scott in PDF and/or ePUB format, as well as other popular books in Informatik & Zertifizierungsleitfäden in der Informatik. We have over one million books available in our catalogue for you to explore.
Information
The primary objective of this section is to summarize the exam topics you will come across, along with their weighted percentages, so that you are aware of the critical points of focus.
This section comprises the following chapter:
- Chapter 1, AWS Certified Security Specialty Exam Coverage
The AWS Certified Security – Specialty exam has been designed to assess and validate the ability of the candidate to demonstrate their knowledge across a number of AWS security domains, including awareness, understanding, and capability in securing AWS architecture, services, resources, and data.
This initial chapter will explain in detail the requirements that you need in order to pass the exam, and highlight the domains and topics that will be assessed. It is important to understand these requirements before progressing through the rest of this book to ensure that you are aware of what you will be tested on. This will allow you to determine where your strengths and weaknesses lie, thereby allowing you to spend more time on those areas.
This chapter will take you through the following topics:
- The aim of the certification
- Intended audience
- Domains accessed
- Exam details
The aim of the certification
The aim of the certification is to validate the candidate's knowledge across the following areas, as defined by AWS (source: AWS Certified Security Specialty (SCS-C01) Exam Guide):
- An understanding of specialized data classifications and AWS data protection mechanisms
- An understanding of data encryption methods and AWS mechanisms to implement them
- An understanding of secure internet protocols and AWS mechanisms to implement them
- Working knowledge of AWS security services and the features of services used to provide a secure production environment
- Competency gained from 2 or more years of production deployment experience using AWS security services and features
- The ability to make trade-off decisions with regard to cost, security, and deployment complexity given a set of application requirements
- An understanding of security operations and risks
Upon completion of this book, you will feel ready to take and sit this exam with confidence, and achieve the much sought-after AWS Certified Security – Specialty certification.
Intended audience
This exam is intended for candidates like you who are responsible for maintaining and implementing AWS security across a range of environments. Those of you in the following roles or similar would be ideally suited to attempt this certification:
- Cloud security consultant
- Cloud security architect
- Cloud security engineer
- DevSecOps engineer
- Cloud security specialist
Although these roles are typically the target audience of this certification, the certification itself is available to anyone; there are no prerequisites in terms of other certifications for taking this exam.
Domains assessed
In the exam, there are five domains that have been defined by AWS that you will be assessed against, each with a different percentage weighting level, as shown in the following table:
| Domain | Weighting level |
| Incident response | 12% |
| Logging and monitoring | 20% |
| Infrastructure security | 26% |
| Identity and access management | 20% |
| Data protection | 22% |
Attention must be paid to each domain to ensure you feel confident and comfortable with the topics, services, and features that may crop up in your exam. Let me break down these domains further to allow you to gain a deeper understanding of exactly what is tested within each domain.
Domain 1 – Incident response
This domain tests your understanding of how best to identify, respond to, and resolve AWS incidents across a range of services, and has been broken down into the following three elements:
- 1.1: Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys: Here, you will be expected to know how to respond to such an incident and the steps required to remediate the issue and take the appropriate action, depending on the affected resource in question.
- 1.2: Verify that the incident response plan includes the relevant AWS services: When an incident occurs within an AWS environment, you must be able to utilize the appropriate AWS resources to identify, isolate, and resolve the issue as quickly as possible, without affecting or hindering other AWS infrastructure and resources.
- 1.3: Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues: Proactive monitoring and speed are two key elements when analyzing your infrastructure for potential issues, in addition to utilizing automated services. You must have a solid understanding of these features, and how they can assist you to spot a potential problem and help you to resolve the issue.
Being able to identity, verify, and remediate incidents as they occur within your environment allows you to effectively isolate your resources before the blast radius of the security incident expands wider within your infrastructure.
Domain 2 – Logging and monitoring
This domain determines your ability to implement and troubleshoot solutions relating to logging, monitoring, and alerting. You will need to be able to deploy, operate, and troubleshoot solutions relating to these four components within your AWS infrastructure:
- 2.1: Design and implement security monitoring and alerting: You must have full comprehension of the available monitoring and alerting services within AWS. In addition, you must also be aware of how these can be utilized and integrated to implement an effective solution for monitoring your infrastructure for security threats and vulnerabilities.
- 2.2: Troubleshoot security monitoring and alerting: Implementing a monitoring and alerting system is one thing, but being able to resolve issues with the solution and design is another. You must be aware of how the architecture is coupled together and the prerequisites for specific AWS features.
- 2.3: Design and implement a logging solution: Data held in logs generated from services and applications can provide a wealth of information to help you identify a potential security breach. Therefore, it's imperative that you have a sound awareness of how to implement a solution to capture and record log data.
- 2.4: Troubleshoot logging solutions: Similar to 2.2, your knowledge of logging solutions has to go deeper than implementation; you have to understand the key components, concepts, and how components depend on one another to enable you to resolve any incidents.
You must understand the complexities and importance of monitoring and logging and how they can be used together as an effective security tool.
Domain 3 – Infrastructure security
The infrastructure security domain assesses your ability to architect security best practices across your AWS architecture, from an individual host, to your VPC, and then to the outer reaches of your edge infrastructure. This domain carries the highest percentage mark across your certification, so it's key that you understand all the concepts and components:
- 3.1: Design edge security on AWS: A thorough understanding of Amazon CloudFront and its security capabilities and controls is a must, in addition to other edge services offered by AWS.
- 3.2: Design and implement a secure network infrastructure: Here, you will be tested on your knowledge of Virtual Private Cloud (VPC) infrastructure, and how to architect an environment to meet different security needs using route tables, Network Access Control Lists (NACLs), bastion hosts, NAT gateways, Internet Gateway (IGWs), and security groups.
- 3.3: Troubleshoot a secure network infrastructure: This follows on from point 3.2, which ensures that you have a deep level of security architecture, enabling you to quickly pinpoint the most likely cause of misconfiguration from a security perspective.
- 3.4: Design and implement host-based security: This will focus on security controls that can be enabled and configured on individual hosts, such as your Elastic Compute Cloud (EC2) instances.
A VPC is one of the first elements you are likely to build within your AWS account. Understanding how to protect your VPC is key in maintaining a level of protection over the rest of your resources running within it.
Domain 4 – Identity and Access Management (IAM)
This domain will focus solely on everything access control-related regarding the IAM service and how to control access to your AWS resources. IAM must be understood inside out and it is essential that you have the knowledge and confidence to spot errors in IAM JSON policies:
- 4.1: Design and implement a scalable authorization and authentication system to access AWS resources: I can't emphasize enough the importance of understanding IAM at a deep level. This point will test your knowledge of authentication and authorization mechanisms, from multi-factor authorization to implementing conditional-based IAM policies used for cross-account access.
- 4.2: Troubleshoot an authorization and authentication system to access the AWS resources domain: Here, you will be required to demonstrate your ability to resolve complex permission-based issues with your AWS resources.
Access control is covered in detail in the exam, so you must be familiar with all things relating to access management, and specifically the IAM service. You need to be able to read access policies to...