This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform. It validates an examinee’s ability to demonstrate:
*An understanding of specialized data classifications and AWS data protection mechanisms.
* An understanding of data-encryption methods and AWS mechanisms to implement them.
* An understanding of secure Internet protocols and AWS mechanisms to implement them.
*A working knowledge of AWS security services and features of services to provide a secure production environment.
* Competency gained from two or more years of production deployment experience using AWS security services and features.
* The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.
*An understanding of security operations and risks.
Details
Domain 1: Incident Response
- Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
- Preparation stages for incident response
- Mitigation steps to perform Incident response steps
- Verify that the Incident Response plan includes relevant AWS services.
- Evaluated suspected compromised EC2 Instances
- Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.
- AWS Guard duty
- Penetration testing
Domain 2: Logging and Monitoring
- Design and implement security monitoring and alerting.
- Design and implement a logging solution.
- Continuous Security Monitoring
- Introduction to Vulnerability Assessment
- AWS Inspector
- AWS Inspector Assessment targets
- AWS EC2 systems manager
- Understanding CloudWatch
- VPC Flow Logs
- CloudWatch Events
- AWS Cloud Trail
- AWS Macie
- AWS Detective
- AWS Security Hub
- S3 Event notifications
- Trusted advisor recommendations
- Troubleshoot security monitoring and alerting.
- Troubleshoot logging solutions.
Domain 3: Infrastructure Security
- Design edge security on AWS.
- Design and implement a secure network infrastructure.
- AWS Organizations
- Managing OUs
- CloudFront
- AWS CloudFront Custom SSL
- Firewalls
- Security groups
- Network ACLs
- IPS/IDS concepts in cloud
- AWS Web Application Firewall (WAF)
- AWS Shield concepts
- DDoS Mitigation
- Network Segmentation
- Bastion Hosts
- Virtual Private Cloud (VPC)
- VPC Endpoints
- EC2 Tenancy
- AWS lambda fundamentals
- AWS Simple Email Service
- AWS Route53 DNS
- Troubleshoot a secure network infrastructure
- Design and implement host-based security
Domain 4: Identity and Access Management
- Design and implement a scalable authorization and authentication system to access AWS resources.
- Understand the Principle of Least Privilege
- IAM Policies
- IAM JSON Policy Elements
- IAM Roles
- IAM Permission boundaries
- Evaluating effective permissions
- Understanding Delegation
- Cross account policies & roles
- Understanding Federation
- AWS Directory services
- AWS Organizations
- Single Sign-On
- SAML Overview Concepts
- Cross Account S3 access
- S3 Versioning
- S3 MFA delete
- AWS License manager
- Troubleshoot an authorization and authentication system to access AWS resources.
Domain 5: Data Protection
- Design and implement key management and use
- Cryptography fundamentals
- Cloud Hardware Security Module (HSM)
- AWS Key Management Service (KMS)
- Envelope Encryption
- KMS Authentication and Access Control
- CloudTrail and Encryption
- EBS Architecture and Secure Data Wiping
- S3 Encryption
- AWS Certificate Manager
- ELB- ALB and NLB
- Docker and container security fundamentals
- AWS Glacier
- Troubleshoot key management.
How to Enroll AWS Certified Security Speciality Practice Tests (SCS-C01) course?
How many members can access this course with a coupon?
AWS Certified Security Speciality Practice Tests (SCS-C01) Course coupon is limited to the first 1,000 enrollments. Click 'Enroll Now' to secure your spot and dive into this course on Udemy before it reaches its enrollment limits!
