eBook - ePub

AWS Certified Security Study Guide

Name: AWS Certified Security Study Guide
Author: Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb

Specialty (SCS-C01) Exam

Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb

Share book

English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

AWS Certified Security Study Guide

Specialty (SCS-C01) Exam

Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb

Book details

Book preview

Table of contents

Citations

About This Book

Get prepared for the AWS Certified Security Specialty certification with this excellent resource

By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It's also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.

Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.

The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.

Covers all AWS Certified Security Specialty exam topics
Explains AWS cybersecurity techniques and incident response
Covers logging and monitoring using the Amazon cloud
Examines infrastructure security
Describes access management and data protection

With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is AWS Certified Security Study Guide an online PDF/ePUB?

Yes, you can access AWS Certified Security Study Guide by Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb in PDF and/or ePUB format, as well as other popular books in Computer Science & Certification Guides in Computer Science. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Sybex

Year

2020

ISBN

9781119658849

Edition

Topic

Computer Science

Subtopic

Certification Guides in Computer Science

Index

Computer Science

Chapter 1
Security Fundamentals

THE AWS CERTIFIED SECURITY SPECIALTY EXAM OBJECTIVES THAT LEVERAGE CONCEPTS EXPLAINED IN THIS CHAPTER INCLUDE THE FOLLOWING:

Domain 1: Incident Response
- 1.2. Verify that the Incident Response plan includes relevant AWS services
Domain 2: Logging and Monitoring
- 2.1. Design and implement security monitoring and alerting
Domain 3: Infrastructure Security
- 3.1. Design edge security on AWS
- 3.2. Design and implement a secure network infrastructure
Domain 4: Identity and Access Management
- 4.1. Design and implement a scalable authorization and authentication system to access AWS resources
Domain 5: Data Protection
- 5.3. Design and implement a data encryption solution for data at rest and data in transit

Introduction

An understanding of the concepts explained in this chapter will be critical in your journey to pass the AWS Certified Security Specialty exam. We will introduce the following topics:

Basic security definitions
Foundational networking concepts
Main classes of attacks
Important security solutions and services
Well-known security frameworks and models

In this chapter, you will learn about basic security concepts and some foundational terminology that comes from the information technology (IT) infrastructure knowledge domain. Even if your sole objective is to conquer the AWS Certified Security Specialty certification, this chapter is relevant for any professional, particularly for the officially accredited ones, to demonstrate a good level of general education on the security subject matter (be it related to cloud-based or to traditional on-premises environments).

If you are already an experienced information security expert, you can still use this chapter for concept review purposes.

Understanding Security

The world of data communications has evolved considerably over the years, irrevocably impacting learning methods, business models, human interaction possibilities, and even the dynamics of most day-to-day activity. The networks of today are powerful, enabling individuals and companies to quickly transport data, voice, and video in an integrated fashion, thus providing access from multiple types of devices to all kinds of applications, which may reside anywhere in the globe.

On one hand, virtually limitless use cases are brought to existence by the omnipresent network of networks. On the other hand, this almighty global entity, which came to be known as the Internet, turned out to be a platform that embeds dangerous characteristics such as user anonymity, the ability to simultaneously control multiple remote computing devices, and the possibility to automate execution of tasks. Unfortunately, from a technical perspective, this all-encompassing network may be used for both good and evil.

Being aware of the adverse results that may be derived from widespread connectivity, it is natural to look for ways to ensure that only the legitimate or noble usages of the networked systems are allowed. Effective resources that compensate for the absence of natural boundaries in the Internet must be implemented. There should be structured means of defining what the acceptable activities are, from either a productivity or a protection standpoint. Conditional access to networked resources should be put in place, instead of simply providing unrestricted access and naively relying on inherent humankind's goodwill. Dealing with this variety of challenges is what the security practice lends itself to.

But where to start your security learning journey? Well, the first step in solving a problem is recognizing that there is one. The second most effective step is ensuring that you understand what needs to be solved or, in other words, what is the problem? And if you are presented with questions for which there may be multiple answers (or multiple choices, as in your certification exam), a good starting point is to eliminate all those options that do not apply. In an attempt to summarize what the practice of security could signify, it is probably easier to begin by defining what it is not:

Security is neither a product nor a service. First of all, there is no single product that can act as a “magic black box” that will automatically solve every problem. Moreover, the available capabilities of a given product will be helpful only when they are properly enabled for actual use.
Security is not a technology. Technologies, including those that provide visibility and the ability to block traffic as well as respond to attack situations, may be grouped to form an important defensive system. However, the threat matrix is an ever-changing object, meaning that several techniques and tools that have been largely employed on well-known attack scenarios may prove ineffective when facing the newest challenges.
Security is not static. It is not something that you do once and quickly forget. Processes must exist for dealing with planning, implementation, testing, and updating tasks. And all of these items must involve people and discipline.
Security is not a check box. You should know what you are protecting against and, once you determine that, look for resources that can demonstrate true security effectiveness.
Security is not made only by nominal security elements. In spite of the existence of dedicated security hardware and software products, security is not limited to them. For example, there are countless contributions that can be given to the overall security process by well-configured network infrastructure devices such as routers.
Security is not a beautiful graphical user interface (GUI). You should always understand what is going on behind the scenes—what is in the brain of the system and not relying blindly, for instance, on reports that state “you are protected.”

Now that you've learned what security is not about, it is time to start getting acquainted with what it can be. One general principle that has proved valuable in many fields is to move from global concepts to specifics, and not in the opposite direction. In that sense, if the assigned duty is to protect the relevant digital assets of a particular organization, it is highly advisable that you understand its vision, mission, objectives, and also the possible competitors. All of these items will be considered in a high-level document known as the organizational security policy, which establishes the foundation for all initiatives and tasks pertaining to security.

Among the typical pieces of information that are used to guide policy creation, some deserve special mention:

Business Objectives The main references for policy definition, these are related to the classic “Why we are here?” and “What are we trying to achieve?” questions that are answered in mission statements or company strategies for a period.
Regulatory Requirements These are specific to the industry sector to which the organization belongs and must be always considered. These requirements are normally able to gi...