AWS Certified Security :
AWS Certified Security Course has been designed to train the participants on the major components in AWS technology and to help them to get through the advanced level certification exam. During this AWS Certified Security Training, aspirants will get opportunities to look into various Real World scenarios so that they can understand the reasons behind the hacking of the websites and how to deal with such situations. Our course includes training on the best practices related to the security of the AWS environment. Thus, AWS Security Course will help the participants to pass the AWS Certified Security Specialty exam and will also enhance their knowledge to become a qualified AWS security specialists eligible enough to handle the real-world environment.
Course Objectives :
Cloud Security Introduction
- Cloud Security fundamentals
- AWS security model
- Shared Responsibility
- Exam Outline
Domain 1: Incident Response
- Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
- Preparation stages for incident response
- Mitigation steps to perform Incident response steps
- Verify that the Incident Response plan includes relevant AWS services.
- Dealing with exposed access keys
- Evaluated suspected compromised EC2 Instances
- Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.
- AWS Guard duty
- Penetration testing
Domain 2: Logging and Monitoring
- Design and implement security monitoring and alerting.
- Design and implement a logging solution.
- Continuous Security Monitoring
- Introduction to Vulnerability Assessment
- AWS Inspector
- AWS Inspector Assessment targets
- AWS EC2 systems manager
- AWS Config
- Understanding CloudWatch
- VPC Flow Logs
- CloudWatch Events
- AWS Cloud Trail
- AWS Macie
- AWS Detective
- AWS Security Hub
- S3 Event notifications
- Trusted advisor recommendations
- Troubleshoot security monitoring and alerting.
- Troubleshoot logging solutions.
Domain 3: Infrastructure Security
- Design edge security on AWS.
- Design and implement a secure network infrastructure.
- AWS Organizations
- Managing OUs
- CloudFront
- AWS CloudFront Custom SSL
- Firewalls
- Security groups
- Network ACLs
- IPS/IDS concepts in cloud
- AWS Web Application Firewall (WAF)
- AWS Shield concepts
- DDoS Mitigation
- Network Segmentation
- Bastion Hosts
- Virtual Private Cloud (VPC)
- VPC Endpoints
- EC2 Tenancy
- Compliance Frameworks
- AWS lambda fundamentals
- AWS Simple Email Service
- AWS Route53 DNS
- Troubleshoot a secure network infrastructure
- Design and implement host-based security
Domain 4: Identity and Access Management
- Design and implement a scalable authorization and authentication system to access AWS resources.
- Understand the Principle of Least Privilege
- IAM Policies
- IAM JSON Policy Elements
- IAM Roles
- IAM Permission boundaries
- Evaluating effective permissions
- Understanding Delegation
- Cross account policies & roles
- Understanding Federation
- AWS Directory services
- AWS Organizations
- Single Sign-On
- SAML Overview Concepts
- S3 Security
- Cross Account S3 access
- S3 Versioning
- S3 MFA delete
- AWS License manager
- Troubleshoot an authorization and authentication system to access AWS resources.
Domain 5: Data Protection
- Design and implement key management and use
- Cryptography fundamentals
- Cloud Hardware Security Module (HSM)
- AWS Key Management Service (KMS)
- Envelope Encryption
- KMS Authentication and Access Control
- CloudTrail and Encryption
- EBS Architecture and Secure Data Wiping
- S3 Encryption
- AWS Certificate Manager
- ELB- ALB and NLB
- Docker and container security fundamentals
- AWS Glacier
- Troubleshoot key management.
- Design and implement a data encryption solution for data at rest and data in transit.
Exam Information:
- Certification Name : AWS Certified Security – Specialty
- Test Format : Multiple choice
- Number of Questions : 65
- Test Duration : 170 minutes