AWS Certified Security Study Guide
eBook - ePub

AWS Certified Security Study Guide

Specialty (SCS-C01) Exam

Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb

  1. English
  2. ePUB (apto para móviles)
  3. Disponible en iOS y Android
eBook - ePub

AWS Certified Security Study Guide

Specialty (SCS-C01) Exam

Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb

Detalles del libro
Vista previa del libro

Información del libro

Get prepared for the AWS Certified Security Specialty certification with this excellent resource

By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It's also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.

Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.

The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.

  • Covers all AWS Certified Security Specialty exam topics
  • Explains AWS cybersecurity techniques and incident response
  • Covers logging and monitoring using the Amazon cloud
  • Examines infrastructure security
  • Describes access management and data protection

With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es AWS Certified Security Study Guide un PDF/ePUB en línea?
Sí, puedes acceder a AWS Certified Security Study Guide de Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb en formato PDF o ePUB, así como a otros libros populares de Ciencia de la computación y Guías de certificación en ciencias computacionales. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.


Chapter 1
Security Fundamentals

  • Domain 1: Incident Response
    • 1.2. Verify that the Incident Response plan includes relevant AWS services
  • Domain 2: Logging and Monitoring
    • 2.1. Design and implement security monitoring and alerting
  • Domain 3: Infrastructure Security
    • 3.1. Design edge security on AWS
    • 3.2. Design and implement a secure network infrastructure
  • Domain 4: Identity and Access Management
    • 4.1. Design and implement a scalable authorization and authentication system to access AWS resources
  • Domain 5: Data Protection
    • 5.3. Design and implement a data encryption solution for data at rest and data in transit


An understanding of the concepts explained in this chapter will be critical in your journey to pass the AWS Certified Security Specialty exam. We will introduce the following topics:
  • Basic security definitions
  • Foundational networking concepts
  • Main classes of attacks
  • Important security solutions and services
  • Well-known security frameworks and models
In this chapter, you will learn about basic security concepts and some foundational terminology that comes from the information technology (IT) infrastructure knowledge domain. Even if your sole objective is to conquer the AWS Certified Security Specialty certification, this chapter is relevant for any professional, particularly for the officially accredited ones, to demonstrate a good level of general education on the security subject matter (be it related to cloud-based or to traditional on-premises environments).
If you are already an experienced information security expert, you can still use this chapter for concept review purposes.

Understanding Security

The world of data communications has evolved considerably over the years, irrevocably impacting learning methods, business models, human interaction possibilities, and even the dynamics of most day-to-day activity. The networks of today are powerful, enabling individuals and companies to quickly transport data, voice, and video in an integrated fashion, thus providing access from multiple types of devices to all kinds of applications, which may reside anywhere in the globe.
On one hand, virtually limitless use cases are brought to existence by the omnipresent network of networks. On the other hand, this almighty global entity, which came to be known as the Internet, turned out to be a platform that embeds dangerous characteristics such as user anonymity, the ability to simultaneously control multiple remote computing devices, and the possibility to automate execution of tasks. Unfortunately, from a technical perspective, this all-encompassing network may be used for both good and evil.
Being aware of the adverse results that may be derived from widespread connectivity, it is natural to look for ways to ensure that only the legitimate or noble usages of the networked systems are allowed. Effective resources that compensate for the absence of natural boundaries in the Internet must be implemented. There should be structured means of defining what the acceptable activities are, from either a productivity or a protection standpoint. Conditional access to networked resources should be put in place, instead of simply providing unrestricted access and naively relying on inherent humankind's goodwill. Dealing with this variety of challenges is what the security practice lends itself to.
But where to start your security learning journey? Well, the first step in solving a problem is recognizing that there is one. The second most effective step is ensuring that you understand what needs to be solved or, in other words, what is the problem? And if you are presented with questions for which there may be multiple answers (or multiple choices, as in your certification exam), a good starting point is to eliminate all those options that do not apply. In an attempt to summarize what the practice of security could signify, it is probably easier to begin by defining what it is not:
  • Security is neither a product nor a service. First of all, there is no single product that can act as a “magic black box” that will automatically solve every problem. Moreover, the available capabilities of a given product will be helpful only when they are properly enabled for actual use.
  • Security is not a technology. Technologies, including those that provide visibility and the ability to block traffic as well as respond to attack situations, may be grouped to form an important defensive system. However, the threat matrix is an ever-changing object, meaning that several techniques and tools that have been largely employed on well-known attack scenarios may prove ineffective when facing the newest challenges.
  • Security is not static. It is not something that you do once and quickly forget. Processes must exist for dealing with planning, implementation, testing, and updating tasks. And all of these items must involve people and discipline.
  • Security is not a check box. You should know what you are protecting against and, once you determine that, look for resources that can demonstrate true security effectiveness.
  • Security is not made only by nominal security elements. In spite of the existence of dedicated security hardware and software products, security is not limited to them. For example, there are countless contributions that can be given to the overall security process by well-configured network infrastructure devices such as routers.
  • Security is not a beautiful graphical user interface (GUI). You should always understand what is going on behind the scenes—what is in the brain of the system and not relying blindly, for instance, on reports that state “you are protected.”
Now that you've learned what security is not about, it is time to start getting acquainted with what it can be. One general principle that has proved valuable in many fields is to move from global concepts to specifics, and not in the opposite direction. In that sense, if the assigned duty is to protect the relevant digital assets of a particular organization, it is highly advisable that you understand its vision, mission, objectives, and also the possible competitors. All of these items will be considered in a high-level document known as the organizational security policy, which establishes the foundation for all initiatives and tasks pertaining to security.
Among the typical pieces of information that are used to guide policy creation, some deserve special mention:
  • Business Objectives The main references for policy definition, these are related to the classic “Why we are here?” and “What are we trying to achieve?” questions that are answered in mission statements or company strategies for a period.
  • Regulatory Requirements These are specific to the industry sector to which the organization belongs and must be always considered. These requirements are normally able to gi...


  1. Cover
  2. Table of Contents
  3. Title Page
  4. Table of Exercises
  5. Introduction
  6. Chapter 1: Security Fundamentals
  7. Chapter 2: Cloud Security Principles and Frameworks
  8. Chapter 3: Identity and Access Management
  9. Chapter 4: Detective Controls
  10. Chapter 5: Infrastructure Protection
  11. Chapter 6: Data Protection
  12. Chapter 7: Incident Response
  13. Chapter 8: Security Automation
  14. Chapter 9: Security Troubleshooting on AWS
  15. Chapter 10: Creating Your Security Journey in AWS
  16. Appendix A: Answers to Review Questions
  17. Appendix B: AWS Security Services Portfolio
  18. Appendix C: DevSecOps in AWS
  19. Index
  20. Copyright
  21. Acknowledgments
  22. About the Authors
  23. About the Technical Editors
  24. End User License Agreement
Estilos de citas para AWS Certified Security Study Guide

APA 6 Citation

Neto, M. Z., Santana, G., Sapata, F., Munoz, M., Moraes, A., Morais, T., & Goldfarb, D. L. (2020). AWS Certified Security Study Guide (1st ed.). Wiley. Retrieved from (Original work published 2020)

Chicago Citation

Neto, Marcello Zillo, Gustavo Santana, Fernando Sapata, Mauricio Munoz, Alexandre Moraes, Thiago Morais, and Dario Lucas Goldfarb. (2020) 2020. AWS Certified Security Study Guide. 1st ed. Wiley.

Harvard Citation

Neto, M. Z. et al. (2020) AWS Certified Security Study Guide. 1st edn. Wiley. Available at: (Accessed: 15 October 2022).

MLA 7 Citation

Neto, Marcello Zillo et al. AWS Certified Security Study Guide. 1st ed. Wiley, 2020. Web. 15 Oct. 2022.