- 558 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
AWS Certified Security – Specialty Exam Guide
About This Book
Get to grips with the fundamentals of cloud security and prepare for the AWS Security Specialty exam with the help of this comprehensive certification guideKey Features• Learn the fundamentals of security with this fast-paced guide• Develop modern cloud security skills to build effective security solutions• Answer practice questions and take mock tests to pass the exam with confidenceBook DescriptionAWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security, and deployment complexity.By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.What you will learn• Understand how to identify and mitigate security incidents• Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements• Work with the AWS shared responsibility model• Secure your AWS public cloud in different layers of cloud computing• Discover how to implement authentication through federated and mobile access• Monitor and log tasks effectively using AWSWho this book is forIf you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.
Frequently asked questions
Information
- Chapter 1, AWS Certified Security Specialty Exam Coverage
- The aim of the certification
- Intended audience
- Domains accessed
- Exam details
The aim of the certification
- An understanding of specialized data classifications and AWS data protection mechanisms
- An understanding of data encryption methods and AWS mechanisms to implement them
- An understanding of secure internet protocols and AWS mechanisms to implement them
- Working knowledge of AWS security services and the features of services used to provide a secure production environment
- Competency gained from 2 or more years of production deployment experience using AWS security services and features
- The ability to make trade-off decisions with regard to cost, security, and deployment complexity given a set of application requirements
- An understanding of security operations and risks
Intended audience
- Cloud security consultant
- Cloud security architect
- Cloud security engineer
- DevSecOps engineer
- Cloud security specialist
Domains assessed
Domain | Weighting level |
Incident response | 12% |
Logging and monitoring | 20% |
Infrastructure security | 26% |
Identity and access management | 20% |
Data protection | 22% |
Domain 1 – Incident response
- 1.1: Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys: Here, you will be expected to know how to respond to such an incident and the steps required to remediate the issue and take the appropriate action, depending on the affected resource in question.
- 1.2: Verify that the incident response plan includes the relevant AWS services: When an incident occurs within an AWS environment, you must be able to utilize the appropriate AWS resources to identify, isolate, and resolve the issue as quickly as possible, without affecting or hindering other AWS infrastructure and resources.
- 1.3: Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues: Proactive monitoring and speed are two key elements when analyzing your infrastructure for potential issues, in addition to utilizing automated services. You must have a solid understanding of these features, and how they can assist you to spot a potential problem and help you to resolve the issue.
Domain 2 – Logging and monitoring
- 2.1: Design and implement security monitoring and alerting: You must have full comprehension of the available monitoring and alerting services within AWS. In addition, you must also be aware of how these can be utilized and integrated to implement an effective solution for monitoring your infrastructure for security threats and vulnerabilities.
- 2.2: Troubleshoot security monitoring and alerting: Implementing a monitoring and alerting system is one thing, but being able to resolve issues with the solution and design is another. You must be aware of how the architecture is coupled together and the prerequisites for specific AWS features.
- 2.3: Design and implement a logging solution: Data held in logs generated from services and applications can provide a wealth of information to help you identify a potential security breach. Therefore, it's imperative that you have a sound awareness of how to implement a solution to capture and record log data.
- 2.4: Troubleshoot logging solutions: Similar to 2.2, your knowledge of logging solutions has to go deeper than implementation; you have to understand the key components, concepts, and how components depend on one another to enable you to resolve any incidents.
Domain 3 – Infrastructure security
- 3.1: Design edge security on AWS: A thorough understanding of Amazon CloudFront and its security capabilities and controls is a must, in addition to other edge services offered by AWS.
- 3.2: Design and implement a secure network infrastructure: Here, you will be tested on your knowledge of Virtual Private Cloud (VPC) infrastructure, and how to architect an environment to meet different security needs using route tables, Network Access Control Lists (NACLs), bastion hosts, NAT gateways, Internet Gateway (IGWs), and security groups.
- 3.3: Troubleshoot a secure network infrastructure: This follows on from point 3.2, which ensures that you have a deep level of security architecture, enabling you to quickly pinpoint the most likely cause of misconfiguration from a security perspective.
- 3.4: Design and implement host-based security: This will focus on security controls that can be enabled and configured on individual hosts, such as your Elastic Compute Cloud (EC2) instances.
Domain 4 – Identity and Access Management (IAM)
- 4.1: Design and implement a scalable authorization and authentication system to access AWS resources: I can't emphasize enough the importance of understanding IAM at a deep level. This point will test your knowledge of authentication and authorization mechanisms, from multi-factor authorization to implementing conditional-based IAM policies used for cross-account access.
- 4.2: Troubleshoot an authorization and authentication system to access the AWS resources domain: Here, you will be required to demonstrate your ability to resolve complex permission-based issues with your AWS resources.
Table of contents
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Section 1: The Exam and Preparation
- AWS Certified Security - Specialty Exam Coverage
- Section 2: Security Responsibility and Access Management
- AWS Shared Responsibility Model
- Access Management
- Working with Access Policies
- Federated and Mobile Access
- Section 3: Security - a Layered Approach
- Securing EC2 Instances
- Configuring Infrastructure Security
- Implementing Application Security
- DDoS Protection
- Incident Response
- Securing Connections to Your AWS Environment
- Section 4: Monitoring, Logging, and Auditing
- Implementing Logging Mechanisms
- Auditing and Governance
- Section 5: Best Practices and Automation
- Automating Security Detection and Remediation
- Discovering Security Best Practices
- Section 6: Encryption and Data Security
- Managing Key Infrastructure
- Managing Data Security
- Mock Tests
- Assessments
- Other Books You May Enjoy