AWS Certified Security Study Guide
eBook - ePub

AWS Certified Security Study Guide

Specialty (SCS-C01) Exam

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

AWS Certified Security Study Guide

Specialty (SCS-C01) Exam

About this book

Get prepared for the AWS Certified Security Specialty certification with this excellent resource

By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It's also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.

Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.

The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.

  • Covers all AWS Certified Security Specialty exam topics
  • Explains AWS cybersecurity techniques and incident response
  • Covers logging and monitoring using the Amazon cloud
  • Examines infrastructure security
  • Describes access management and data protection

With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Sybex
Year
2020
Print ISBN
9781119658818
eBook ISBN
9781119658849
Edition
1
Topic
Ciencia de la computación
Subtopic
Guías de certificación en ciencias computacionales

Chapter 1
Security Fundamentals

THE AWS CERTIFIED SECURITY SPECIALTY EXAM OBJECTIVES THAT LEVERAGE CONCEPTS EXPLAINED IN THIS CHAPTER INCLUDE THE FOLLOWING:
  • Domain 1: Incident Response
    • 1.2. Verify that the Incident Response plan includes relevant AWS services
  • Domain 2: Logging and Monitoring
    • 2.1. Design and implement security monitoring and alerting
  • Domain 3: Infrastructure Security
    • 3.1. Design edge security on AWS
    • 3.2. Design and implement a secure network infrastructure
  • Domain 4: Identity and Access Management
    • 4.1. Design and implement a scalable authorization and authentication system to access AWS resources
  • Domain 5: Data Protection
    • 5.3. Design and implement a data encryption solution for data at rest and data in transit

Introduction

An understanding of the concepts explained in this chapter will be critical in your journey to pass the AWS Certified Security Specialty exam. We will introduce the following topics:
  • Basic security definitions
  • Foundational networking concepts
  • Main classes of attacks
  • Important security solutions and services
  • Well-known security frameworks and models
In this chapter, you will learn about basic security concepts and some foundational terminology that comes from the information technology (IT) infrastructure knowledge domain. Even if your sole objective is to conquer the AWS Certified Security Specialty certification, this chapter is relevant for any professional, particularly for the officially accredited ones, to demonstrate a good level of general education on the security subject matter (be it related to cloud-based or to traditional on-premises environments).
If you are already an experienced information security expert, you can still use this chapter for concept review purposes.

Understanding Security

The world of data communications has evolved considerably over the years, irrevocably impacting learning methods, business models, human interaction possibilities, and even the dynamics of most day-to-day activity. The networks of today are powerful, enabling individuals and companies to quickly transport data, voice, and video in an integrated fashion, thus providing access from multiple types of devices to all kinds of applications, which may reside anywhere in the globe.
On one hand, virtually limitless use cases are brought to existence by the omnipresent network of networks. On the other hand, this almighty global entity, which came to be known as the Internet, turned out to be a platform that embeds dangerous characteristics such as user anonymity, the ability to simultaneously control multiple remote computing devices, and the possibility to automate execution of tasks. Unfortunately, from a technical perspective, this all-encompassing network may be used for both good and evil.
Being aware of the adverse results that may be derived from widespread connectivity, it is natural to look for ways to ensure that only the legitimate or noble usages of the networked systems are allowed. Effective resources that compensate for the absence of natural boundaries in the Internet must be implemented. There should be structured means of defining what the acceptable activities are, from either a productivity or a protection standpoint. Conditional access to networked resources should be put in place, instead of simply providing unrestricted access and naively relying on inherent humankind's goodwill. Dealing with this variety of challenges is what the security practice lends itself to.
But where to start your security learning journey? Well, the first step in solving a problem is recognizing that there is one. The second most effective step is ensuring that you understand what needs to be solved or, in other words, what is the problem? And if you are presented with questions for which there may be multiple answers (or multiple choices, as in your certification exam), a good starting point is to eliminate all those options that do not apply. In an attempt to summarize what the practice of security could signify, it is probably easier to begin by defining what it is not:
  • Security is neither a product nor a service. First of all, there is no single product that can act as a “magic black box” that will automatically solve every problem. Moreover, the available capabilities of a given product will be helpful only when they are properly enabled for actual use.
  • Security is not a technology. Technologies, including those that provide visibility and the ability to block traffic as well as respond to attack situations, may be grouped to form an important defensive system. However, the threat matrix is an ever-changing object, meaning that several techniques and tools that have been largely employed on well-known attack scenarios may prove ineffective when facing the newest challenges.
  • Security is not static. It is not something that you do once and quickly forget. Processes must exist for dealing with planning, implementation, testing, and updating tasks. And all of these items must involve people and discipline.
  • Security is not a check box. You should know what you are protecting against and, once you determine that, look for resources that can demonstrate true security effectiveness.
  • Security is not made only by nominal security elements. In spite of the existence of dedicated security hardware and software products, security is not limited to them. For example, there are countless contributions that can be given to the overall security process by well-configured network infrastructure devices such as routers.
  • Security is not a beautiful graphical user interface (GUI). You should always understand what is going on behind the scenes—what is in the brain of the system and not relying blindly, for instance, on reports that state “you are protected.”
Now that you've learned what security is not about, it is time to start getting acquainted with what it can be. One general principle that has proved valuable in many fields is to move from global concepts to specifics, and not in the opposite direction. In that sense, if the assigned duty is to protect the relevant digital assets of a particular organization, it is highly advisable that you understand its vision, mission, objectives, and also the possible competitors. All of these items will be considered in a high-level document known as the organizational security policy, which establishes the foundation for all initiatives and tasks pertaining to security.
Among the typical pieces of information that are used to guide policy creation, some deserve special mention:
  • Business Objectives The main references for policy definition, these are related to the classic “Why we are here?” and “What are we trying to achieve?” questions that are answered in mission statements or company strategies for a period.
  • Regulatory Requirements These are specific to the industry sector to which the organization belongs and must be always considered. These requirements are normally able to gi...

Table of contents

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Table of Exercises
  5. Introduction
  6. Chapter 1: Security Fundamentals
  7. Chapter 2: Cloud Security Principles and Frameworks
  8. Chapter 3: Identity and Access Management
  9. Chapter 4: Detective Controls
  10. Chapter 5: Infrastructure Protection
  11. Chapter 6: Data Protection
  12. Chapter 7: Incident Response
  13. Chapter 8: Security Automation
  14. Chapter 9: Security Troubleshooting on AWS
  15. Chapter 10: Creating Your Security Journey in AWS
  16. Appendix A: Answers to Review Questions
  17. Appendix B: AWS Security Services Portfolio
  18. Appendix C: DevSecOps in AWS
  19. Index
  20. Copyright
  21. Acknowledgments
  22. About the Authors
  23. About the Technical Editors
  24. End User License Agreement

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access AWS Certified Security Study Guide by Marcello Zillo Neto,Gustavo A. A. Santana,Fernando Sapata,Mauricio Munoz,Alexandre M. S. P. Moraes,Thiago Morais,Dario Lucas Goldfarb,Mauricio Mu¿oz in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Guías de certificación en ciencias computacionales. We have over one million books available in our catalogue for you to explore.