AWS Certified Security：Specialty Exam Guide

Other Books You May Enjoy

Chapter 17

Chapter 16

Chapter 15

Chapter 14

Chapter 13

Chapter 12

Chapter 11

Chapter 10

Chapter 9

Chapter 8

Chapter 7

Chapter 6

Chapter 5

Chapter 4

Chapter 3

Chapter 2

Chapter 1

Assessments

Mock exam 2

Mock exam 1

Mock Tests

Questions

Summary

Amazon DynamoDB

Amazon RDS

Amazon S3

Amazon EFS

Amazon EBS encryption

Technical requirements

Managing Data Security

Further reading

Questions

Summary

AWS Secrets Manager

Exploring AWS CloudHSM

Exploring AWS Key Management Service (KMS)

A simple overview of encryption

Technical requirements

Managing Key Infrastructure

Section 6: Encryption and Data Security

Questions

Summary

Penetration testing in AWS

Using AWS Trusted Advisor

Common security best practices

Technical requirements

Discovering Security Best Practices

Questions

Summary

Using AWS Security Hub

Using Amazon GuardDuty

Using CloudWatch events with AWS Lambda and SNS

Technical requirements

Automating Security Detection and Remediation

Section 5: Best Practices and Automation

Questions

Summary

Maintaining compliance with Amazon Macie

Understanding your AWS environment through AWS Config

Securing AWS using CloudTrail

Understanding AWS Artifact

What is an audit?

Technical requirements

Auditing and Governance

Further reading

Questions

Summary

Using the CloudWatch logging agent

Using AWS CloudTrail logs

VPC Traffic Mirroring

Implementing Flow Logs

Implementing logging

Technical requirements

Implementing Logging Mechanisms

Section 4: Monitoring Logging and Auditing

Questions

Summary

Using AWS Direct Connect

Using an AWS VPN

Understanding your connection

Technical requirements

Securing Connections to Your AWS Environment

Further reading

Questions

Summary

Responding to an incident

Making use of AWS features

Where to start when implementing effective IR

Technical requirements

Incident Response

Further reading

Questions

Summary

Protecting your environment using AWS Shield

Understanding DDoS and its attack patterns

Technical requirements

DDoS Protection

Further reading

Questions

Summary

Securing your AWS API Gateway

Managing the security configuration of your ELBs

Exploring AWS Web WAF

Technical requirements

Implementing Application Security

Further reading

Questions

Summary

Building a multi-subnet VPC manually

Understanding the VPC components

Creating a VPC using the Wizard

Understanding a VPC

Technical requirements

Configuring Infrastructure Security

Further reading

Questions

Summary

Using Systems Manager to administer EC2 instances

Isolating instances for forensic investigation

Creating and securing EC2 key pairs

Performing a vulnerability scan using Amazon Inspector

Technical requirements

Securing EC2 Instances

Section 3: Security - a Layered Approach

Further reading

Questions

Summary

Using social federation

Using SAML federation

What is AWS federated access?

Technical requirements

Federated and Mobile Access

Further reading

Questions

Summary

Using bucket policies to control access to S3

Policy evaluation

IAM policy management

Configuring cross-account access

Identifying policy structure and syntax

Understanding the difference between policy types

Technical requirements

Working with Access Policies

Further reading

Questions

Summary

Configuring Multi-Factor Authentication (MFA)

Provisioning users groups and roles in IAM

Understanding Identity and Access Management (IAM)

Technical requirements

Access Management

Further reading

Questions

Summary

Shared responsibility model for abstract services

Shared responsibility model for container services

Shared responsibility model for infrastructure services

Technical requirements

AWS Shared Responsibility Model

Section 2: Security Responsibility and Access Management

Further reading

Questions

Summary

Exam details

Domains assessed

Intended audience

Aim of the certification

AWS Certified Security Specialty Exam Coverage

Section 1: The Exam and Preparation

Get in touch

To get the most out of this book

What this book covers

Who this book is for

Preface

Packt is searching for authors like you

About the reviewer

About the author

Contributors

Why subscribe?

About Packt

版权信息

封面

封面

版权信息

About Packt

Why subscribe?

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Section 1: The Exam and Preparation

AWS Certified Security Specialty Exam Coverage

Aim of the certification

Intended audience

Domains assessed

Exam details

Summary

Questions

Further reading

Section 2: Security Responsibility and Access Management

AWS Shared Responsibility Model

Technical requirements

Shared responsibility model for infrastructure services

Shared responsibility model for container services

Shared responsibility model for abstract services

Summary

Questions

Further reading

Access Management

Technical requirements

Understanding Identity and Access Management (IAM)

Provisioning users groups and roles in IAM

Configuring Multi-Factor Authentication (MFA)

Summary

Questions

Further reading

Working with Access Policies

Technical requirements

Understanding the difference between policy types

Identifying policy structure and syntax

Configuring cross-account access

IAM policy management

Policy evaluation

Using bucket policies to control access to S3

Summary

Questions

Further reading

Federated and Mobile Access

Technical requirements

What is AWS federated access?

Using SAML federation

Using social federation

Summary

Questions

Further reading

Section 3: Security - a Layered Approach

Securing EC2 Instances

Technical requirements

Performing a vulnerability scan using Amazon Inspector

Creating and securing EC2 key pairs

Isolating instances for forensic investigation

Using Systems Manager to administer EC2 instances

Summary

Questions

Further reading

Configuring Infrastructure Security

Technical requirements

Understanding a VPC

Creating a VPC using the Wizard

Understanding the VPC components

Building a multi-subnet VPC manually

Summary

Questions

Further reading

Implementing Application Security

Technical requirements

Exploring AWS Web WAF

Managing the security configuration of your ELBs

Securing your AWS API Gateway

Summary

Questions

Further reading

DDoS Protection

Technical requirements

Understanding DDoS and its attack patterns

Protecting your environment using AWS Shield

Summary

Questions

Further reading

Incident Response

Technical requirements

Where to start when implementing effective IR

Making use of AWS features

Responding to an incident

Summary

Questions

Further reading

Securing Connections to Your AWS Environment

Technical requirements

Understanding your connection

Using an AWS VPN

Using AWS Direct Connect

Summary

Questions

Section 4: Monitoring Logging and Auditing

Implementing Logging Mechanisms

Technical requirements

Implementing logging

Implementing Flow Logs

VPC Traffic Mirroring

Using AWS CloudTrail logs

Using the CloudWatch logging agent

Summary

Questions

Further reading

Auditing and Governance

Technical requirements

What is an audit?

Understanding AWS Artifact

Securing AWS using CloudTrail

Understanding your AWS environment through AWS Config

Maintaining compliance with Amazon Macie

Summary

Questions

Section 5: Best Practices and Automation

Automating Security Detection and Remediation

Technical requirements

Using CloudWatch events with AWS Lambda and SNS

Using Amazon GuardDuty

Using AWS Security Hub

Summary

Questions

Discovering Security Best Practices

Technical requirements

Common security best practices

Using AWS Trusted Advisor

Penetration testing in AWS

Summary

Questions

Section 6: Encryption and Data Security

Managing Key Infrastructure

Technical requirements

A simple overview of encryption

Exploring AWS Key Management Service (KMS)

Exploring AWS CloudHSM

AWS Secrets Manager

Summary

Questions

Further reading

Managing Data Security

Technical requirements

Amazon EBS encryption

Amazon EFS

Amazon S3

Amazon RDS

Amazon DynamoDB

Summary

Questions

Mock Tests

Mock exam 1

Mock exam 2

Assessments

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

Chapter 14

Chapter 15

Chapter 16

Chapter 17

Other Books You May Enjoy