AWS Certified Security Speciality Practice Tests (SCS-C01) 2022

Published en 19 Mar 2022

Description

Dscription

The AWS Certified Security Specialty (SCS-C01) examination is intended for individuals who perform a security role.

This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform. It validates an examinee’s ability to demonstrate:

*An understanding of specialized data classifications and AWS data protection mechanisms.

* An understanding of data-encryption methods and AWS mechanisms to implement them.

* An understanding of secure Internet protocols and AWS mechanisms to implement them.

*A working knowledge of AWS security services and features of services to provide a secure production environment.

* Competency gained from two or more years of production deployment experience using AWS security services and features.

* The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.

*An understanding of security operations and risks.

Details

Domain 1: Incident Response

• Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.

• Preparation stages for incident response

• Mitigation steps to perform Incident response steps

• Verify that the Incident Response plan includes relevant AWS services.

• Evaluated suspected compromised EC2 Instances

• Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues.

• AWS Guard duty

• Penetration testing

Domain 2: Logging and Monitoring

• Design and implement security monitoring and alerting.

• Design and implement a logging solution.

• Continuous Security Monitoring

• Introduction to Vulnerability Assessment

• AWS Inspector

• AWS Inspector Assessment targets

• AWS EC2 systems manager

• Understanding CloudWatch

• VPC Flow Logs

• CloudWatch Events

• AWS Cloud Trail

• AWS Macie

• AWS Detective

• AWS Security Hub

• S3 Event notifications

• Trusted advisor recommendations

• Troubleshoot security monitoring and alerting.

• Troubleshoot logging solutions.

Domain 3: Infrastructure Security

• Design edge security on AWS.

• Design and implement a secure network infrastructure.

• AWS Organizations

• Managing OUs

• CloudFront

• AWS CloudFront Custom SSL

• Firewalls

• Security groups

• Network ACLs

• IPS/IDS concepts in cloud

• AWS Web Application Firewall (WAF)

• AWS Shield concepts

• DDoS Mitigation

• Network Segmentation

• Bastion Hosts

• Virtual Private Cloud (VPC)

• VPC Endpoints

• EC2 Tenancy

• AWS lambda fundamentals

• AWS Simple Email Service

• AWS Route53 DNS

• Troubleshoot a secure network infrastructure

• Design and implement host-based security

Domain 4: Identity and Access Management

• Design and implement a scalable authorization and authentication system to access AWS resources.

• Understand the Principle of Least Privilege

• IAM Policies

• IAM JSON Policy Elements

• IAM Roles

• IAM Permission boundaries

• Evaluating effective permissions

• Understanding Delegation

• Cross account policies & roles

• Understanding Federation

• AWS Directory services

• AWS Organizations

• Single Sign-On

• SAML Overview Concepts

• Cross Account S3 access

• S3 Versioning

• S3 MFA delete

• AWS License manager

• Troubleshoot an authorization and authentication system to access AWS resources.

Domain 5: Data Protection

• Design and implement key management and use

• Cryptography fundamentals

• Cloud Hardware Security Module (HSM)

• AWS Key Management Service (KMS)

• Envelope Encryption

• KMS Authentication and Access Control

• CloudTrail and Encryption

• EBS Architecture and Secure Data Wiping

• S3 Encryption

• AWS Certificate Manager

• ELB- ALB and NLB

• Docker and container security fundamentals

• AWS Glacier

• Troubleshoot key management.