eBook - ePub
AWS Certified Security – Specialty Exam Guide
Stuart Scott
This is a test
Buch teilen
- 558 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
AWS Certified Security – Specialty Exam Guide
Stuart Scott
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Get to grips with the fundamentals of cloud security and prepare for the AWS Security Specialty exam with the help of this comprehensive certification guideKey Features• Learn the fundamentals of security with this fast-paced guide• Develop modern cloud security skills to build effective security solutions• Answer practice questions and take mock tests to pass the exam with confidenceBook DescriptionAWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security, and deployment complexity.By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.What you will learn• Understand how to identify and mitigate security incidents• Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements• Work with the AWS shared responsibility model• Secure your AWS public cloud in different layers of cloud computing• Discover how to implement authentication through federated and mobile access• Monitor and log tasks effectively using AWSWho this book is forIf you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist AWS Certified Security – Specialty Exam Guide als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu AWS Certified Security – Specialty Exam Guide von Stuart Scott im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Certification Guides in Computer Science. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
The primary objective of this section is to summarize the exam topics you will come across, along with their weighted percentages, so that you are aware of the critical points of focus.
This section comprises the following chapter:
- Chapter 1, AWS Certified Security Specialty Exam Coverage
The AWS Certified Security – Specialty exam has been designed to assess and validate the ability of the candidate to demonstrate their knowledge across a number of AWS security domains, including awareness, understanding, and capability in securing AWS architecture, services, resources, and data.
This initial chapter will explain in detail the requirements that you need in order to pass the exam, and highlight the domains and topics that will be assessed. It is important to understand these requirements before progressing through the rest of this book to ensure that you are aware of what you will be tested on. This will allow you to determine where your strengths and weaknesses lie, thereby allowing you to spend more time on those areas.
This chapter will take you through the following topics:
- The aim of the certification
- Intended audience
- Domains accessed
- Exam details
The aim of the certification
The aim of the certification is to validate the candidate's knowledge across the following areas, as defined by AWS (source: AWS Certified Security Specialty (SCS-C01) Exam Guide):
- An understanding of specialized data classifications and AWS data protection mechanisms
- An understanding of data encryption methods and AWS mechanisms to implement them
- An understanding of secure internet protocols and AWS mechanisms to implement them
- Working knowledge of AWS security services and the features of services used to provide a secure production environment
- Competency gained from 2 or more years of production deployment experience using AWS security services and features
- The ability to make trade-off decisions with regard to cost, security, and deployment complexity given a set of application requirements
- An understanding of security operations and risks
Upon completion of this book, you will feel ready to take and sit this exam with confidence, and achieve the much sought-after AWS Certified Security – Specialty certification.
Intended audience
This exam is intended for candidates like you who are responsible for maintaining and implementing AWS security across a range of environments. Those of you in the following roles or similar would be ideally suited to attempt this certification:
- Cloud security consultant
- Cloud security architect
- Cloud security engineer
- DevSecOps engineer
- Cloud security specialist
Although these roles are typically the target audience of this certification, the certification itself is available to anyone; there are no prerequisites in terms of other certifications for taking this exam.
Domains assessed
In the exam, there are five domains that have been defined by AWS that you will be assessed against, each with a different percentage weighting level, as shown in the following table:
| Domain | Weighting level |
| Incident response | 12% |
| Logging and monitoring | 20% |
| Infrastructure security | 26% |
| Identity and access management | 20% |
| Data protection | 22% |
Attention must be paid to each domain to ensure you feel confident and comfortable with the topics, services, and features that may crop up in your exam. Let me break down these domains further to allow you to gain a deeper understanding of exactly what is tested within each domain.
Domain 1 – Incident response
This domain tests your understanding of how best to identify, respond to, and resolve AWS incidents across a range of services, and has been broken down into the following three elements:
- 1.1: Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys: Here, you will be expected to know how to respond to such an incident and the steps required to remediate the issue and take the appropriate action, depending on the affected resource in question.
- 1.2: Verify that the incident response plan includes the relevant AWS services: When an incident occurs within an AWS environment, you must be able to utilize the appropriate AWS resources to identify, isolate, and resolve the issue as quickly as possible, without affecting or hindering other AWS infrastructure and resources.
- 1.3: Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues: Proactive monitoring and speed are two key elements when analyzing your infrastructure for potential issues, in addition to utilizing automated services. You must have a solid understanding of these features, and how they can assist you to spot a potential problem and help you to resolve the issue.
Being able to identity, verify, and remediate incidents as they occur within your environment allows you to effectively isolate your resources before the blast radius of the security incident expands wider within your infrastructure.
Domain 2 – Logging and monitoring
This domain determines your ability to implement and troubleshoot solutions relating to logging, monitoring, and alerting. You will need to be able to deploy, operate, and troubleshoot solutions relating to these four components within your AWS infrastructure:
- 2.1: Design and implement security monitoring and alerting: You must have full comprehension of the available monitoring and alerting services within AWS. In addition, you must also be aware of how these can be utilized and integrated to implement an effective solution for monitoring your infrastructure for security threats and vulnerabilities.
- 2.2: Troubleshoot security monitoring and alerting: Implementing a monitoring and alerting system is one thing, but being able to resolve issues with the solution and design is another. You must be aware of how the architecture is coupled together and the prerequisites for specific AWS features.
- 2.3: Design and implement a logging solution: Data held in logs generated from services and applications can provide a wealth of information to help you identify a potential security breach. Therefore, it's imperative that you have a sound awareness of how to implement a solution to capture and record log data.
- 2.4: Troubleshoot logging solutions: Similar to 2.2, your knowledge of logging solutions has to go deeper than implementation; you have to understand the key components, concepts, and how components depend on one another to enable you to resolve any incidents.
You must understand the complexities and importance of monitoring and logging and how they can be used together as an effective security tool.
Domain 3 – Infrastructure security
The infrastructure security domain assesses your ability to architect security best practices across your AWS architecture, from an individual host, to your VPC, and then to the outer reaches of your edge infrastructure. This domain carries the highest percentage mark across your certification, so it's key that you understand all the concepts and components:
- 3.1: Design edge security on AWS: A thorough understanding of Amazon CloudFront and its security capabilities and controls is a must, in addition to other edge services offered by AWS.
- 3.2: Design and implement a secure network infrastructure: Here, you will be tested on your knowledge of Virtual Private Cloud (VPC) infrastructure, and how to architect an environment to meet different security needs using route tables, Network Access Control Lists (NACLs), bastion hosts, NAT gateways, Internet Gateway (IGWs), and security groups.
- 3.3: Troubleshoot a secure network infrastructure: This follows on from point 3.2, which ensures that you have a deep level of security architecture, enabling you to quickly pinpoint the most likely cause of misconfiguration from a security perspective.
- 3.4: Design and implement host-based security: This will focus on security controls that can be enabled and configured on individual hosts, such as your Elastic Compute Cloud (EC2) instances.
A VPC is one of the first elements you are likely to build within your AWS account. Understanding how to protect your VPC is key in maintaining a level of protection over the rest of your resources running within it.
Domain 4 – Identity and Access Management (IAM)
This domain will focus solely on everything access control-related regarding the IAM service and how to control access to your AWS resources. IAM must be understood inside out and it is essential that you have the knowledge and confidence to spot errors in IAM JSON policies:
- 4.1: Design and implement a scalable authorization and authentication system to access AWS resources: I can't emphasize enough the importance of understanding IAM at a deep level. This point will test your knowledge of authentication and authorization mechanisms, from multi-factor authorization to implementing conditional-based IAM policies used for cross-account access.
- 4.2: Troubleshoot an authorization and authentication system to access the AWS resources domain: Here, you will be required to demonstrate your ability to resolve complex permission-based issues with your AWS resources.
Access control is covered in detail in the exam, so you must be familiar with all things relating to access management, and specifically the IAM service. You need to be able to read access policies to...