Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
AWS Certified Security – Specialty Exam Guide

You're reading from   AWS Certified Security – Specialty Exam Guide Build your cloud security knowledge and expertise as an AWS Certified Security Specialist (SCS-C01)

Arrow left icon
Product type Paperback
Published in Sep 2020
Publisher Packt
ISBN-13 9781789534474
Length 558 pages
Edition 1st Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Stuart Scott Stuart Scott
Author Profile Icon Stuart Scott
Stuart Scott
Wilberto Palomar Wilberto Palomar
Author Profile Icon Wilberto Palomar
Wilberto Palomar
Arrow right icon
View More author details
Toc

Table of Contents (27) Chapters Close

Preface 1. Section 1: The Exam and Preparation
2. AWS Certified Security - Specialty Exam Coverage FREE CHAPTER 3. Section 2: Security Responsibility and Access Management
4. AWS Shared Responsibility Model 5. Access Management 6. Working with Access Policies 7. Federated and Mobile Access 8. Section 3: Security - a Layered Approach
9. Securing EC2 Instances 10. Configuring Infrastructure Security 11. Implementing Application Security 12. DDoS Protection 13. Incident Response 14. Securing Connections to Your AWS Environment 15. Section 4: Monitoring, Logging, and Auditing
16. Implementing Logging Mechanisms 17. Auditing and Governance 18. Section 5: Best Practices and Automation
19. Automating Security Detection and Remediation 20. Discovering Security Best Practices 21. Section 6: Encryption and Data Security
22. Managing Key Infrastructure 23. Managing Data Security 24. Mock Tests 25. Assessments 26. Other Books You May Enjoy

What this book covers

Chapter 1, AWS Certified Security Specialty Exam Coverage, provides you with an understanding of the different assessment topics that will be covered throughout the exam across the five different domains, including incident response, logging and monitoring, infrastructure security, identity and access management, and data protection.

Chapter 2, AWS Shared Responsibility Model, looks at the different security models (infrastructure, container, and abstract) that define where your responsibility as a customer implementing, controlling, and managing security in AWS starts and ends, in addition to the responsibilities of AWS, which controls the security of the cloud.

Chapter 3, Access Management, outlines the core concepts of identity and access management through the use of users, groups, and roles, and the differences between them. It also dives into the different types of roles available and EC2 instance profiles, before finishing with an understanding of how to implement multi-factor authentication.

Chapter 4, Working with Access Policies, takes a deep look at the multitude of different access policies that exist across the AWS environment, and which policy type should be used in different circumstances.

You will also learn how to read JSON policies to evaluate their permissions and the steps involved to implement cross-account access.

Chapter 5, Federated and Mobile Access, provides you with a comprehensive understanding of different federated access methods, including enterprise identity and social identity federation to provide a single sign-on approach to your AWS environment. In addition, you will also be introduced to the Amazon Cognito service to understand access control through mobile applications and devices. 

Chapter 6, Securing EC2 Instances, tackles the best approach to secure your instance infrastructure using a variety of techniques.  These include performing vulnerability scans using Amazon Inspector, how to manage your EC2 key pairs, using AWS Systems Manager to effectively administer your fleet of EC2 instances, and also, should a security breach occur, how to isolate your EC2 instances for forensic investigation.

Chapter 7, Configuring Infrastructure Security, enables you to gain a full understanding and awareness of the range of Virtual Private Cloud (VPC) security features that AWS offers to effectively secure your VPC environments. By the end of the chapter, you will be able to confidently build a secure multi-subnet VPC using internet gateways, route tables, network access control lists, security groups, bastion hosts, NAT gateways, subnets, and virtual private gateways.

Chapter 8, Implementing Application Security, looks at how to minimize and mitigate threats against your application architecture using different AWS services to prevent them from being compromised. You will also be introduced to the configuration of securing your elastic load balancers using certificates and how to secure your APIs using AWS API Gateway.

Chapter 9, DDoS Protection, highlights how to utilize different AWS features and services to minimize threats against this very common attack to ensure that your infrastructure is not hindered or halted by the threat. You will gain an understanding of the different DDoS attack patterns and how AWS Shield can be used to provide added protection.

Chapter 10, Incident Response, explains the process and steps to manage a security incident and the best practices to help you reduce the blast radius of the attack. You will understand how to prepare for such incidents and the necessary response actions to isolate the issue using a forensic account.

Chapter 11, Securing Connections to Your AWS Environment, provides you with an understanding of the different methods of securely connecting your on-premise data centers to your AWS cloud environment using both a Virtual Private Network (VPN) and the AWS Direct Connect service.  

Chapter 12, Implementing Logging Mechanisms, focuses on Amazon S3 server access logs, VPC flow logs, AWS CloudTrail logs, and the Amazon CloudWatch logging agent to enable you to track and record what is happening across your resources to allow you to monitor your environment for potential weaknesses or signs of attack indicating a security threat.  

Chapter 13, Auditing and Governance, looks at the different methods and AWS services that can play key parts in helping you to maintain a level of governance and how to provide evidence during an audit. You will be introduced to AWS Artifact, the integrity controls of  AWS CloudTrail, AWS Config, and how to maintain compliance with Amazon Macie.

Chapter 14, Automating Security Threat Detection and Remediation, provides you with an understanding of how to implement automation to quickly identify, record, and remediate security threats as and when they occur. It looks at Amazon CloudWatch, Amazon GuardDuty, and AWS Security Hub to help you detect and automatically resolve and block potential security incidents.

Chapter 15, Discovering Security Best Practices, covers a wide range of different methods of implementing security best practices when working with AWS in an effort to enhance your security posture. It highlights and reviews a number of common best practices that are easy to implement and could play a huge role in protecting your solutions and data.

Chapter 16, Managing Key Infrastructure, takes a deep dive look into the world of two data encryption services, the AWS Key Management Service (KMS) and CloudHSM. You will learn how to implement, manage, and secure your data through AWS encryption services and the best service to use to meet your business requirements.

Chapter 17, Managing Data Security, introduces you to a variety of different encryption features related to a range of different services covering both storage and database services, including Amazon Elastic Block Store (EBS), Amazon Elastic File System (EFS), Amazon Simple Storage Service (S3), Amazon Relational Database Service (RDS), and Amazon DynamoDB.  

Chapter 18, Mock Tests, provides you with two mock exams. Each of them is 65 questions in length to review your understanding of the content covered throughout this book to help you assess your level of exam readiness.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image