AWS Certified Security Study Guide

AWS Certified Security Study Guide

by Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb
Released January 2021
Publisher(s): Sybex
ISBN: 9781119658818

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Get prepared for the AWS Certified Security Specialty certification with this excellent resource

By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It’s also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.

Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.

The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.

  • Covers all AWS Certified Security Specialty exam topics
  • Explains AWS cybersecurity techniques and incident response
  • Covers logging and monitoring using the Amazon cloud
  • Examines infrastructure security
  • Describes access management and data protection

With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.

Table of contents

  1. Cover
  2. Title Page
  3. Table of Exercises
  4. Introduction
    1. What Does This Book Cover?
    2. How to Contact the Publisher
    3. Interactive Online Learning Environment and Test Bank
    4. AWS Certified Security Study Guide–Specialty (SCS-C01) Exam Objectives
    5. Objective Map
    6. Assessment Test
    7. Answers to Assessment Test
  5. Chapter 1: Security Fundamentals
    1. Introduction
    2. Understanding Security
    3. Basic Security Concepts
    4. Foundational Networking Concepts
    5. Main Classes of Attacks
    6. Risk Management
    7. Well-Known Security Frameworks and Models
    8. Summary
    9. Exam Essentials
    10. Review Questions
  6. Chapter 2: Cloud Security Principles and Frameworks
    1. Introduction
    2. Cloud Security Principles Overview
    3. The Shared Responsibility Model
    4. AWS Compliance Programs
    5. AWS Well‐Architected Framework
    6. AWS Marketplace
    7. Summary
    8. Exam Essentials
    9. Review Questions
  7. Chapter 3: Identity and Access Management
    1. Introduction
    2. IAM Overview
    3. How AWS IAM Works
    4. Access Management in Amazon S3
    5. Identity Federation
    6. Multi-Account Management with AWS Organizations
    7. Microsoft AD Federation with AWS
    8. Protecting Credentials with AWS Secrets Manager
    9. Summary
    10. Exam Essentials
    11. Review Questions
  8. Chapter 4: Detective Controls
    1. Introduction
    2. Stage 1: Resources State
    3. Stage 2: Events Collection
    4. Stage 3: Events Analysis
    5. Stage 4: Action
    6. Summary
    7. Exam Essentials
    8. Review Questions
  9. Chapter 5: Infrastructure Protection
    1. Introduction
    2. AWS Networking Constructs
    3. Network Address Translation
    4. Security Groups
    5. Network Access Control Lists
    6. Elastic Load Balancing
    7. VPC Endpoints
    8. VPC Flow Logs
    9. AWS Web Application Firewall
    10. AWS Shield
    11. Summary
    12. Exam Essentials
    13. Review Questions
  10. Chapter 6: Data Protection
    1. Introduction
    2. AWS Key Management Service
    3. Creating a Customer Master Key in AWS KMS
    4. Understanding the Cloud Hardware Security Module
    5. AWS Certificate Manager
    6. Protecting Your S3 Buckets
    7. Amazon Macie
    8. Summary
    9. Exam Essentials
    10. Review Questions
  11. Chapter 7: Incident Response
    1. Introduction
    2. Incident Response Maturity Model
    3. Incident Response Best Practices
    4. Reacting to Specific Security Incidents
    5. Summary
    6. Exam Essentials
    7. Review Questions
  12. Chapter 8: Security Automation
    1. Introduction
    2. Security Automation Overview
    3. Event-Driven Security
    4. Using AWS Lambda for Automated Security Response
    5. WAF Security Automations
    6. AWS Config Auto Remediation
    7. Automating Resolution of Findings Using AWS Security Hub
    8. Aggregate and Resolve Issues with AWS Systems Manager
    9. Summary
    10. Exam Essentials
    11. Review Questions
  13. Chapter 9: Security Troubleshooting on AWS
    1. Introduction
    2. Using Troubleshooting Tools and Resources
    3. Common Access Control Troubleshooting Scenarios
    4. Encryption and Decryption Troubleshooting Scenarios
    5. Network and Connectivity Troubleshooting Scenarios
    6. Summary
    7. Exam Essentials
    8. Review Questions
  14. Chapter 10: Creating Your Security Journey in AWS
    1. Introduction
    2. Where to Start?
    3. Mapping Security Controls
    4. Security Journey Phased Example
    5. Summary
    6. Exam Essentials
    7. Review Questions
  15. Appendix A: Answers to Review Questions
    1. Chapter 1: Security Fundamentals
    2. Chapter 2: Cloud Security Principles and Frameworks
    3. Chapter 3: Identity and Access Management
    4. Chapter 4: Detective Controls
    5. Chapter 5: Infrastructure Protection
    6. Chapter 6: Data Protection
    7. Chapter 7: Incident Response
    8. Chapter 8: Security Automation
    9. Chapter 9: Security Troubleshooting on AWS
    10. Chapter 10: Creating Your Security Journey in AWS
  16. Appendix B: AWS Security Services Portfolio
    1. Amazon Cognito
    2. Amazon Detective
    3. Amazon GuardDuty
    4. Amazon Inspector
    5. Amazon Macie
    6. AWS Artifact
    7. AWS Certificate Manager
    8. AWS CloudHSM
    9. AWS Directory Service
    10. AWS Firewall Manager
    11. AWS Identity and Access Management
    12. AWS Key Management Service
    13. AWS Resource Access Manager
    14. AWS Secrets Manager
    15. AWS Security Hub
    16. AWS Shield
    17. AWS Single Sign-On
    18. AWS Web Application Firewall
  17. Appendix C: DevSecOps in AWS
    1. Introduction
    2. Dev + Sec + Ops
    3. AWS Developer  Tools
    4. Creating a CI/CD Using AWS  Tools
    5. Evaluating Security in Agile Development
    6. Creating the Correct Guardrails Using SAST and DAST
    7. Security as Code: Creating Guardrails and Implementing Security by Design
  18. Index
  19. Copyright
  20. Acknowledgments
  21. About the Authors
  22. About the Technical Editors
  23. End User License Agreement

Product information

  • Title: AWS Certified Security Study Guide
  • Author(s): Marcello Zillo Neto, Gustavo A. A. Santana, Fernando Sapata, Mauricio Munoz, Alexandre M. S. P. Moraes, Thiago Morais, Dario Lucas Goldfarb
  • Release date: January 2021
  • Publisher(s): Sybex
  • ISBN: 9781119658818