Cover image for AWS Certified Security - Specialty Exam Guide

AWS Certified Security - Specialty Exam Guide

Author Stuart Scott
Release Date: 2020/09/01
Topic:
0%
33
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Get to grips with the fundamentals of cloud security and prepare for the AWS Security Specialty exam with the help of this comprehensive certification guide

Key Features

  • Learn the fundamentals of security with this fast-paced guide
  • Develop modern cloud security skills to build effective security solutions
  • Answer practice questions and take mock tests to pass the exam with confidence

Book Description

AWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.

From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security,and deployment complexity.

By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.

What you will learn

  • Understand how to identify and mitigate security incidents
  • Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements
  • Work with the AWS shared responsibility model
  • Secure your AWS public cloud in different layers of cloud computing
  • Discover how to implement authentication through federated and mobile access
  • Monitor and log tasks effectively using AWS

Who this book is for

If you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.

Book Description

Get to grips with the fundamentals of cloud security and prepare for the AWS Security Specialty exam with the help of this comprehensive certification guide

Key Features

  • Learn the fundamentals of security with this fast-paced guide
  • Develop modern cloud security skills to build effective security solutions
  • Answer practice questions and take mock tests to pass the exam with confidence

Book Description

AWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.

From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security,and deployment complexity.

By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.

What you will learn

  • Understand how to identify and mitigate security incidents
  • Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements
  • Work with the AWS shared responsibility model
  • Secure your AWS public cloud in different layers of cloud computing
  • Discover how to implement authentication through federated and mobile access
  • Monitor and log tasks effectively using AWS

Who this book is for

If you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.

Table of Contents

  1. Title Page
  2. About Packt
    1. Why subscribe?
  3. Copyright and Credits
    1. AWS Certified Security – Specialty Exam Guide
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Code in Action
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  6. Section 1: The Exam and Preparation
  7. AWS Certified Security Specialty Exam Coverage
    1. Aim of the certification
    2. Intended audience
    3. Domains assessed
    4. Domain 1 – Incident response
    5. Domain 2 – Logging and monitoring
    6. Domain 3 – Infrastructure security
    7. Domain 4 – Identity and access management (IAM)
    8. Domain 5 – Data protection
    9. Exam details
    10. Summary
    11. Questions
    12. Further reading
  8. Section 2: Security Responsibility and Access Management
  9. AWS Shared Responsibility Model
    1. Technical requirements
    2. Shared responsibility model for infrastructure services
    3. Shared responsibility model for container services
    4. Shared responsibility model for abstract services
    5. Summary
    6. Questions
    7. Further reading
  10. Access Management
    1. Technical requirements
    2. Understanding Identity and Access Management (IAM) 
    3. Provisioning users, groups, and roles in IAM
    4. Creating users
    5. Creating groups
    6. Creating roles
    7. Service roles
    8. User roles
    9. Web identity federated roles
    10. SAML 2.0 federated roles
    11. Configuring Multi-Factor Authentication (MFA)
    12. Summary
    13. Questions
    14. Further reading
  11. Working with Access Policies
    1. Technical requirements
    2. <span>Understanding the difference between policy types</span>
    3. Identity-based policies
    4. Resource-based policies
    5. Permissions boundaries
    6. Access control lists
    7. Organization SCPs
    8. Identifying policy structure and syntax
    9. An example of policy structure
    10. The structure of a resource-based policy
    11. Configuring cross-account access
    12. Creating a cross-account access role
    13. Creating a policy to assume the cross-account role
    14. Assuming the cross-account role
    15. IAM policy management
    16. Permissions
    17. Policy usage
    18. Policy versions
    19. Access Advisor
    20. Policy evaluation
    21. Using bucket policies to control access to S3
    22. Summary
    23. Questions
    24. Further reading
  12. Federated and Mobile Access
    1. Technical requirements
    2. What is AWS federated access?
    3. <span>Using SAML federation</span>
    4. Gaining federated access to the AWS Management Console
    5. Using social federation
    6. Amazon Cognito
    7. User pools
    8. Identity pools
    9. Gaining access using user and identity pools
    10. Summary
    11. Questions
    12. Further reading
  13. Section 3: Security - a Layered Approach
  14. Securing EC2 Instances
    1. Technical requirements
    2. Performing a vulnerability scan using Amazon Inspector
    3. Installing the Amazon Inspector agent
    4. Configuring assessment targets
    5. Configuring an assessment template
    6. Running an assessment
    7. Viewing findings
    8. Creating and securing EC2 key pairs
    9. Creating key pairs
    10. Creating key pairs during EC2 deployment
    11. Creating key pairs within the EC2 console
    12. Deleting a key
    13. Deleting a key using the EC2 console
    14. Recovering a lost private key
    15. Connecting to a Linux-based instance with your key pair
    16. Connecting to a Windows-based instance with your key pair
    17. Isolating instances for forensic investigation
    18. AWS monitoring and logging services
    19. AWS CloudTrail
    20. <strong>AWS Config</strong>
    21. <strong>Amazon CloudWatch</strong>
    22. <strong>VPC Flow</strong> Logs
    23. Isolation
    24. Using Systems Manager to administer EC2 instances
    25. Creating resource groups in Systems Manager
    26. Built-in insights
    27. Actions
    28. Automation
    29. Run Command
    30. Session Manager
    31. Distributor&#160;
    32. State Manager
    33. Patch Manager
    34. Use default patch baselines, or create your own
    35. Organizing instances into patch groups (optional)
    36. Automate the patching schedule by using maintenance windows
    37. Monitoring your patch status to ensure compliance
    38. Summary
    39. Questions
    40. Further reading
  15. Configuring Infrastructure Security
    1. Technical requirements
    2. Understanding a VPC
    3. Creating a VPC using the Wizard
    4. Understanding the VPC components
    5. Subnets
    6. The Description&#160;<span>tab</span>
    7. The flow logs tab
    8. The Route Table and Network ACL tabs
    9. The Tags tab
    10. Internet gateways
    11. Route tables
    12. The Summary tab
    13. <strong>The Routes tab</strong>
    14. <strong>The Subnet Associations tab</strong>
    15. <strong>The Route Propagation tab</strong>
    16. Network Access Control Lists
    17. <strong>The Details tab</strong>
    18. <strong>The Inbound Rules and Outbound Rules tabs</strong>
    19. <strong>The Subnet associations tab</strong>
    20. Security groups
    21. <strong>The Description tab</strong>
    22. <strong>The Inbound Rules and Outbound Rules tab</strong>
    23. <strong>The Tags tab</strong>
    24. Bastion hosts
    25. NAT instances and NAT gateways
    26. Virtual private gateways
    27. Building a multi-subnet VPC manually
    28. Creating a VPC
    29. Creating public and private VPCs
    30. Creating an internet gateway
    31. Creating a route table
    32. Creating a NAT gateway
    33. Creating security groups in our subnets
    34. For instances in your 'Public_Subnet'
    35. For Instances in your Private_Subnet
    36. Creating EC2 instances in our subnets
    37. Creating E2C instances in the Private_Subnet
    38. Creating E2C instances in the Public_Subnet
    39. Creating a route table for Private_Subnet
    40. Creating an NACL for our subnets
    41. Creating an NACL for the public subnet
    42. Create an NACL for the private Subnet
    43. Summary
    44. Questions
    45. Further reading
  16. Implementing Application Security
    1. Technical requirements
    2. Exploring AWS Web WAF
    3. Creating a web ACL
    4. Step 1 – Describing the web ACL and associating it with AWS resources
    5. Step 2 – Adding rules and rule groups
    6. Step 3 – Setting rule priority
    7. Step 4 – Configuring metrics
    8. Step 5 – Reviewing and creating the web ACL
    9. Using AWS Firewall Manager
    10. Adding your AWS account to an AWS organization
    11. Selecting your primary account to act as the Firewall Manager administrative account
    12. Enabling AWS Config
    13. Creating and applying an AWS WAF policy to AWS Firewall Manager
    14. Managing the security configuration of your ELBs
    15. Types of AWS ELBs
    16. Managing encrypted requests&#160;&#160;
    17. Requesting a public certificate using ACM
    18. Securing your AWS API Gateway
    19. Controlling access to APIs
    20. IAM roles and policies
    21. IAM tags
    22. Resource policies
    23. VPC endpoint policies
    24. Lambda authorizers
    25. Amazon Cognito user pools
    26. Summary
    27. Questions
    28. Further reading
  17. DDoS Protection
    1. Technical requirements
    2. <span>Understanding DDoS and its attack patterns</span>
    3. DDoS attack patterns
    4. SYN floods
    5. HTTP floods
    6. Ping of death (PoD)
    7. Protecting your environment using AWS Shield
    8. The two tiers of AWS Shield
    9. AWS Shield Standard
    10. AWS Shield Advanced
    11. Activating AWS Shield Advanced
    12. Configuring AWS Shield Advanced
    13. Selecting your resources to protect&#160;&#160;
    14. Adding rate-based rules
    15. Adding support from the AWS DDoS Response Team (DRT)
    16. Additional services and features
    17. Summary&#160;&#160;
    18. Questions
    19. Further reading
  18. Incident Response
    1. Technical requirements
    2. Where to start when&#160;<span>implementing effective IR</span>
    3. Making use of AWS features
    4. Logging
    5. Threat detection and management
    6. Responding to an incident
    7. Forensic AWS account
    8. Collating log information
    9. Resource isolation
    10. Copying data
    11. Forensic instances
    12. A common approach to an infrastructure security incident&#160;
    13. Summary
    14. Questions
    15. Further reading
  19. Securing Connections to Your AWS Environment
    1. <span>Technical requirements</span>
    2. <span>Understanding your connection</span>
    3. <span>Using an AWS VPN</span>
    4. Configuring VPN routing options
    5. Configuring your security groups
    6. <span>Using AWS Direct Connect</span>
    7. Virtual interfaces
    8. Controlling Direct Connect access using policies
    9. Summary
    10. Questions
  20. Section 4: Monitoring, Logging, and Auditing
  21. Implementing Logging Mechanisms
    1. Technical requirements
    2. Implementing logging
    3. Amazon S3 logging
    4. <strong>Enabling S3 server access logging</strong>
    5. <strong>S3 object-level logging</strong>
    6. Implementing Flow Logs
    7. Configuring a VPC flow log for a particular VPC subnet
    8. Understanding the log file format
    9. Understanding log file limitations
    10. VPC Traffic Mirroring
    11. Using AWS CloudTrail logs
    12. Creating a new trail&#160;
    13. Configuring CloudWatch integration with your trail
    14. Understanding CloudTrail Logs
    15. Consolidating multiple logs from different accounts into a single bucket
    16. Making your logs available to Amazon Athena&#160;
    17. Using the CloudWatch logging agent
    18. Creating new roles
    19. Downloading and configuring the agent
    20. Installing the agent on your remaining EC2 instances
    21. Summary
    22. Questions
    23. Further reading
  22. Auditing and Governance
    1. Technical requirements
    2. What is an audit?
    3. Understanding AWS Artifact
    4. Accessing reports and agreements
    5. <span>Securing AWS using CloudTrail</span>
    6. Encrypting<strong>&#160;log files with SSE-KMS</strong>
    7. <strong>Enabling log file validation</strong>
    8. <span>Understanding your AWS environment through AWS Config</span>
    9. <strong>Configuration items</strong>
    10. <strong>Configuration streams</strong>
    11. <strong>Configuration history</strong>
    12. <strong>Configuration snapshot</strong>
    13. <strong>Configuration recorder</strong>
    14. <strong>AWS Config rules</strong>
    15. <strong>Resource relationships</strong>
    16. <strong>AWS Config role</strong>
    17. The AWS Config process
    18. <span>Maintaining compliance with Amazon Macie</span>
    19. Classifying data using Amazon Macie
    20. <strong>Support vector machine-based classifier</strong>
    21. <strong>Content type&#160;</strong>
    22. <strong>File extensions</strong>
    23. <strong>Themes</strong>
    24. <strong>Regex</strong>
    25. Amazon Macie data protection
    26. <strong>AWS CloudTrail events</strong>
    27. <strong>CloudTrail errors</strong>
    28. Summary
    29. Questions
  23. Section 5: Best Practices and Automation
  24. Automating Security Detection and Remediation
    1. Technical requirements
    2. Using CloudWatch events with AWS Lambda and SNS
    3. Detecting events with&#160;<span>CloudWatch&#160;</span>
    4. Configuring a response to an event
    5. <span>Configuring cross-account events using Amazon CloudWatch</span>
    6. Using Amazon GuardDuty
    7. Enabling Amazon GuardDuty
    8. Performing automatic remediation
    9. Using AWS Security Hub
    10. Enabling AWS Security Hub
    11. Insights
    12. Findings
    13. Security standards
    14. Performing automatic remediation
    15. Summary
    16. Questions
  25. Discovering Security Best Practices
    1. Technical requirements
    2. Common security best practices&#160;
    3. <span>Using AWS Trusted Advisor</span>
    4. Understanding the availability of AWS Trusted Advisor&#160;
    5. Reviewing deviations using AWS Trusted Advisor
    6. Yellow alert
    7. Red alert
    8. <span>Penetration testing in AWS</span>
    9. <span>Summary</span>
    10. Questions
  26. Section 6: Encryption and Data Security
  27. Managing Key Infrastructure
    1. Technical requirements
    2. A simple overview of encryption
    3. Symmetric encryption versus asymmetric encryption
    4. Exploring AWS Key Management Service (KMS)
    5. Understanding the key components of AWS KMS
    6. <strong>Customer master keys</strong>
    7. <strong>AWS-owned CMKs</strong>
    8. <strong>AWS-managed CMKs</strong>
    9. <strong>Customer-managed CMKs</strong>
    10. <strong>Data encryption keys (DEKs)</strong>
    11. <strong>Encryption</strong>
    12. <strong>Decryption</strong>
    13. KMS key material
    14. <strong>Importing your own key material</strong>
    15. Key policies
    16. <strong>Using only key policies to control access</strong>
    17. <strong>Using key policies in addition to IAM</strong>
    18. <strong>Using key policies with grants</strong>
    19. <span>Exploring AWS CloudHSM</span>
    20. CloudHSM clusters
    21. Creating a CloudHSM cluster
    22. AWS CloudHSM users
    23. <strong>Precrypto Office</strong>
    24. <strong>Crypto Office</strong>
    25. <strong>Crypto User</strong>
    26. <strong>Appliance User</strong>
    27. <span>AWS Secrets Manager</span>
    28. Summary
    29. Questions
    30. Further reading
  28. Managing Data Security
    1. Technical requirements
    2. Amazon EBS encryption
    3. Encrypting an EBS volume
    4. <strong>Encrypting a new EBS volume</strong>
    5. <strong>Encrypting a volume from an unencrypted snapshot</strong>
    6. <strong>Re-encrypting a volume from an existing snapshot with a new CMK</strong>
    7. Applying default encryption to a volume
    8. Amazon EFS
    9. Encryption at rest
    10. Encryption in transit
    11. Amazon S3
    12. Server-side encryption with S3-managed keys (SSE-S3)
    13. Server-side encryption with KMS-managed keys (SSE-KMS)
    14. Server-side encryption with customer-managed keys (SSE-C)
    15. Client-side encryption with KMS-managed keys (CSE-KMS)
    16. Client-side encryption with KMS-managed keys (CSE-C)
    17. Amazon RDS
    18. Encryption at rest
    19. Encryption in transit<span>&#160;</span>
    20. Amazon DynamoDB
    21. Encryption at rest<span>&#160;</span>
    22. DynamoDB encryption options
    23. Encryption in transit<span>&#160;</span>
    24. Summary
    25. Questions
  29. Mock Tests
    1. Mock exam 1
    2. Answers
    3. Mock exam 2
    4. Answers
  30. Assessments
    1. Chapter 1
    2. <span>Chapter 2</span>
    3. <span>Chapter 3</span>
    4. <span>Chapter 4</span>
    5. <span>Chapter 5</span>
    6. <span>Chapter 6</span>
    7. <span>Chapter 7</span>
    8. <span>Chapter 8</span>
    9. <span>Chapter 9</span>
    10. <span>Chapter 10</span>
    11. <span>Chapter 11</span>
    12. <span>Chapter 12</span>
    13. <span>Chapter 13</span>
    14. <span>Chapter 14</span>
    15. <span>Chapter 15</span>
    16. <span>Chapter 16</span>
    17. Chapter 17
  31. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
18.189.171.193