AWS Certified Security-Specialty Certification – Linuxacademy

Salepage link: At HERE. Archive:

Course Details

The AWS Certified Security Specialty is a certification based around securing applications in AWS. It is one one three specialty certifications offered by AWS. The certification focuses on five components or domains when designing and operating security in the cloud. These are:

Identity and Access Management Detective Controls Infrastructure Protection Data Protection Incident Response

This course has been developed to provide you with the requisite knowledge to not only pass the AWS Certified Security Specialty certification exam but also gain the hands-on experience required to become a qualified AWS security specialist working in a real-world environment.

Please connect with us at slack.linuxacademy.com in the #security channel if you have questions or feedback.

Syllabus

Course Introduction

About the Training Architect

Introduction to the Security Runbook Interactive Diagram

Course Features and Tools

Domain 1 – Introduction

Domain 1 – Introduction

1.1 – Given an AWS Abuse Notice, Evaluate a Suspected Compromised Instance or Exposed Access Keys

AWS Abuse Notification

Responding to AWS Abuse Notifications

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Performing a Source Code Security Scan Using git-secrets in AWS

AWS Abuse Notification

1.2 Verify that the Incident Response plan includes relevant AWS services.

What is Incident Response?

Incident Response Framework: Part 1

Incident Response Framework: Part 2

Incident Response Plan

1.3 Evaluate the Configuration of Automated Alerting and Execute Possible Remediation of Security-Related Incidents and Emerging Issues

Automated Alerting

Automated Incident Response

CloudTrail Automation Example

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Get AWS Certified Security-Specialty Certification – Linuxacademy, Only Price $62

Enabling AWS VPC Flow Logs with Automation

Domain 2 – Introduction

Logging and Monitoring Introduction

2.1 Design and implement security monitoring and alerting.

S3 Events

CloudWatch Logs: Metric Filters and Custom Metrics

CloudWatch Events

Multi-Account: CloudWatch Event Buses

AWS Config

AWS Inspector

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Automatic Resource Remediation with AWS Config

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Automatic Remediation of Inspector Findings in AWS

Design, Implement, and Troubleshoot Monitoring and Alerting

2.2 Troubleshoot security monitoring and alerting.

Troubleshoot CloudWatch Events

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Troubleshooting a Detection, Alerting, and Response Workflow in AWS

2.3 Design and Implement a Logging Solution

CloudTrail Logging

CloudWatch Logs: CloudTrail

CloudWatch Logs: VPC Flow Logs

CloudWatch Logs: Agent for EC2

CloudWatch Logs: DNS Query Logs

S3 Access Logs

Multi-Account: Centralized Logging

Design, Implement, and Troubleshoot Logging Solutions

2.4 Troubleshoot Logging Solutions

Troubleshoot Logging

Multi-Account: Troubleshoot Logging

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Troubleshooting CloudTrail and S3 Logging Issues in AWS

3.1 Design Edge Security on AWS

CloudFront

Restricting S3 to CloudFront

Signed URLs and Cookies

CloudFront Geo Restriction

Forcing S3 Encryption

S3 Cross Region Replication (CRR) – Security

Web Application Firewall (WAF) and AWS Shield

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Blocking Web Traffic with WAF in AWS

3.2 Design and implement a secure network infrastructure.

VPC Design and Security

Security Groups

Network Access Control Lists (NACLs)

VPC Peering

VPC Endpoints

Serverless Security

NAT Gateways

Egress-Only Internet Gateways

Bastion Hosts / Jump Boxes

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Configuring Layered Security in an AWS VPC

3.3 Troubleshoot a secure network infrastructure.

Troubleshoot a VPC

3.4 Design and implement host-based security.

AWS Host/Hypervisor Security (disk/memory)

Host Proxy Servers

Host-Based IDS/IP

Systems Manager

Packet Capture on EC2

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Install an Intrusion Prevention System (IPS) on an EC2 Instance

4.1 Design and Implement a Scalable Authorization and Authentication System to Access AWS Resources

Users, Groups, and Roles

Permission Boundaries and Policy Evaluation

Organizations and Service Control Policies

Resource Policies: S3 Bucket Policies

Resource Policies: KMS Key Policies

Cross-Account Access to S3 Buckets and Objects

Identity Federation

AWS Systems Manager Parameter Store

4.2 Troubleshoot an Authorization and Authentication System to Access AWS Resources.

Troubleshooting Permissions Union (IAM//RESOURCE//ACL)

Troubleshooting Cross-Account Roles

Troubleshooting Identity Federation

Troubleshooting KMS CMK’s

5.1 Design and implement key management and use.

Key Management System (KMS)

KMS in a Multi-Account Configuration