The AWS Certified Security Engineering – Specialty training course will give details on advanced cloud security and securing applications in AWS. During the training, you will learn how to efficiently use AWS security services for optimal security and compliance in the AWS cloud. This course focuses on the AWS recommended security practices, security features of AWS key services including compute, storage, networking, and database services. You will also learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents.
This course also refers to the common security control objectives and regulatory compliance standards. Additionally, you will examine use cases for running regulated workloads on AWS across different verticals, globally. You will also learn how to leverage AWS services and tools for automation and continuous monitoring-taking your security operations to the next level.
Our AWS Certified Security Engineering – Specialty Training offers the required knowledge to pass the AWS Certified Security Specialty certification exam along with hands-on experience on advanced cloud security.
WHAT YOU’LL LEARN:
In this course, you will learn how to:
- Assimilate and leverage the AWS shared security responsibility model
- Manage user identity and access management in the AWS cloud
- Use AWS security services such as AWS Identity and Access Management, Amazon Virtual Private Cloud, AWS CloudTrail, Amazon CloudWatch, AWS Key Management Service, AWS CloudHSM, AWS Config, AWS Service Catalog, and AWS Trusted Advisor
- Implement better security controls for your resources in the AWS cloud
- Manage and audit your AWS resources from a security perspective
- Monitor and log access and usage of AWS compute, storage, networking, and database services
- Assimilate and leverage the AWS shared compliance responsibility model
- Identify AWS services and tools to help automate, monitor, and manage security operations on AWS
- Perform security incident management, cloud resiliency, and business continuity in the AWS cloud
WHY AWS CERTIFIED SECURITY ENGINEERING – SPECIALTY?
As a professional, if you already hold an Associate Level certification or equivalent and are looking forward to improving your cloud security skills and learn advanced cloud security, AWS Security Certification is the perfect choice for you. Some of the advantages of AWS Security Specialty Certification are:
- Authentication of technical expertise to design, deploy and operate AWS applications
- Gaining customer trust and satisfaction as a certified professional
- Preference by the employer for job roles due to recognition of knowledge and skills
- Better salary and stability of a job
WHO SHOULD ATTEND
- Security engineers, architects, analysts, and auditors
- Individuals who are responsible for governing, auditing, and testing an organization’s IT infrastructure, as well as ensuring conformity of the infrastructure to security, risk, and compliance guidelines
- Preferably 2+ years of experience in AWS Cloud Platform
- Understanding of basic security concepts and practices
- Security controls for workloads on AWS
- Skillset measuring to any AWS Associate level Certification (Certification not mandatory)
Domain 1: Incident Response
- Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
- Preparation stages for incident response
- Mitigation steps to perform Incident response steps
- Verify that the Incident Response plan includes relevant AWS services.
- Dealing with exposed access keys
- Evaluated suspected compromised EC2 Instances
- Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.
- AWS Guard duty
- Penetration testing
Domain 2: Logging and Monitoring
- Design and implement security monitoring and alerting.
- Design and implement a logging solution.
- Continuous Security Monitoring
- Introduction to Vulnerability Assessment
- AWS Inspector
- AWS Inspector Assessment targets
- AWS EC2 systems manager
- AWS Config
- Understanding CloudWatch
- VPC Flow Logs
- CloudWatch Events
- AWS Cloud Trail
- AWS Macie
- AWS Detective
- AWS Security Hub
- S3 Event notifications
- Trusted advisor recommendations
- Troubleshoot security monitoring and alerting.
- Troubleshoot logging solutions.
Domain 3: Infrastructure Security
- Design edge security on AWS.
- Design and implement a secure network infrastructure.
- AWS Organizations
- Managing OUs
- AWS CloudFront Custom SSL
- Security groups
- Network ACLs
- IPS/IDS concepts in cloud
- AWS Web Application Firewall (WAF)
- AWS Shield concepts
- DDoS Mitigation
- Network Segmentation
- Bastion Hosts
- Virtual Private Cloud (VPC)
- VPC Endpoints
- EC2 Tenancy
- Compliance Frameworks
- AWS lambda fundamentals
- AWS Simple Email Service
- AWS Route53 DNS
- Troubleshoot a secure network infrastructure
- Design and implement host-based security
Domain 4: Identity and Access Management
- Design and implement a scalable authorization and authentication system to access AWS resources.
- Understand the Principle of Least Privilege
- IAM Policies
- IAM JSON Policy Elements
- IAM Roles
- IAM Permission boundaries
- Evaluating effective permissions
- Understanding Delegation
- Cross account policies & roles
- Understanding Federation
- AWS Directory services
- AWS Organizations
- Single Sign-On
- SAML Overview Concepts
- S3 Security
- Cross Account S3 access
- S3 Versioning
- S3 MFA delete
- AWS License manager
- Troubleshoot an authorization and authentication system to access AWS resources.
Domain 5: Data Protection
- Design and implement key management and use
- Cryptography fundamentals
- Cloud Hardware Security Module (HSM)
- AWS Key Management Service (KMS)
- Envelope Encryption
- KMS Authentication and Access Control
- CloudTrail and Encryption
- EBS Architecture and Secure Data Wiping
- S3 Encryption
- AWS Certificate Manager
- ELB- ALB and NLB
- Docker and container security fundamentals
- AWS Glacier
- Troubleshoot key management.
- Design and implement a data encryption solution for data at rest and data in transit.