![AWS Certified Security Specialty Exam Study Guide [SCS-C01]](https://secureservercdn.net/160.153.138.163/kjm.78f.myftpupload.com/wp-content/uploads/2020/05/AWS-Certified-Security-Specialty-Exam-Study-Guide-SCS-C01-665x435.png)
Preparing for the AWS Certified Security Specialty (SCS-C01) exam? Don't know where to start? This post is the AWS Certified Security Specialty Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified Security Specialty (SCS-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.
AWS Certified Security Specialty Course
| Pluralsight (Free trial) | AWS Certified Security (SCS-C01) Learning Path |
| Whizlabs | AWS Certified Security Online Course [2020] |
| Udemy | AWS Security Specialty Certification Course |
AWS Certified Security Specialty Practice Test
| Whizlabs Exam Questions | AWS Security Specialty [260 questions] |
| Udemy Practice Test | AWS Security Practice Tests (180 questions) |
AWS Certified Security Specialty Preparation
| LinkedIn Learning [Free Trial] | AWS Advanced Security Concepts for Architects |
| Coursera | AWS Fundamentals: Addressing Security Risk |
| Amazon e-book (PDF) | AWS Security Examination Material |
To view other AWS certificate study guides, click here.
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Incident Response – 12%
Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys
Reporting abuse of your AWS resources
How to deal with account compromise/abuse notice?
1. Resolution for AWS abuse notice
2. Resolution to AWS account compromise
Review the Security Incident Response Whitepaper
Dealing with the compromised AWS access keys
Dealing with compromised ec2 instance
Verify that the Incident Response plan includes relevant AWS services
Review the AWS Security Incident Response Whitepaper
Building an Incident Response Plan
AWS Incident Response Best Practices
Watch this video on AWS Incident Response
Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues
Automate alerting:
1. Automate notifications when AMI permissions are updated
2. Automate AWS Security Hub Alerts
Automate remediation steps:
1. YouTube video on Automating Incident Response
2. Automate Remediation with AWS Security Hub
3. Automate processes for remediating AWS Abuse alerts
4. Automatically remediate unintended permissions in AWS S3 Object ACLs
5. Automate remediation actions for Amazon EC2 notifications
6. Remediate Amazon Inspector Security Findings Automatically
Amazon link (affiliate)
Logging and Monitoring – 20%
Design and implement security monitoring and alerting
Implement security monitoring with Amazon GuardDuty:
1. Continuously monitor security & threat detection
2. What Amazon GuardDuty can detect?
3. Threat Response Scenarios Using Amazon GuardDuty
Other tools for monitoring security & implementing alerts:
1. Amazon Inspector: An automated Security Assessment Service
2. AWS Config: Continuously monitor & record the AWS resource configurations
3. Amazon CloudWatch Events: Describe changes in AWS resources
4. Amazon CloudWatch Logs: Monitor, store & access log files
5. Configure Amazon S3 event notifications
6. AWS CloudTrail: Records actions in your AWS account
Troubleshoot security monitoring and alerting
Troubleshoot Amazon CloudWatch Events
SNS notifications: Troubleshoot failed deliveries
AWS Config: Troubleshoot error messages
Design and implement a logging solution
Review the whitepaper on Logging in AWS
Amazon CloudWatch Logs (store & query log files from AWS resources)
Stream CloudWatch logs to a centralized location
Implement a logging solution:
1. Send CloudTrail events to CloudWatch logs
2. Publish VPC flow logs to CloudWatch Logs
Capture information about the IP traffic moving in and out of the Virtual Private Network (VPC) & publish to a centralized location
3. Collect logs & metrics from EC2 instances
5. Send Logs Directly to Amazon S3
Centralized Logging: To combine logs from multiple AWS accounts
Troubleshoot logging solutions
Troubleshoot Pushing Log Data to CloudWatch
Infrastructure Security – 26%
Design edge security on AWS
Services resident at the AWS edge locations (provide a security perimeter for your apps):
1. Amazon CloudFront (Content Delivery Network)
Think of CloudFront as the front door to your app. So, effectively, you are moving the attack surface from your infrastructure (with sensitive data) to the edge.
2. AWS Shield (Protects against DDoS attacks)
3. AWS Web Application Firewall (protect web applications from threats)
4. Amazon Route 53 (DNS Web service)
Security features on AWS CloudFront edge locations:
1. Using SSL/TLS to deliver your content
2. AWS Certificate Manager to create a custom SSL certificate for CloudFront
3. Serving Private Content with Signed URLs
4. Serving Private Content with Signed Cookies
5. Advanced CloudFront Security (Full/half bridge HTTPS connections, OCSP stapling)
6. CloudFront Field-level Encryption
For encrypting sensitive data (like the Credit card details) using field-specific encryption keys
Design and implement a secure network infrastructure
Amazon Virtual Private Cloud (VPC) design
AWS Security Groups (Firewall that allows/blocks traffic at the instance level)
Network ACLs (additional security to SG, but operates at the subnet level)
Connecting networks:
4. AWS VPN CloudHub (Multiple Remote sites can connect with each other)
Finally, review security best practices
Troubleshoot a secure network infrastructure
Troubleshooting AWS DirectConnect
Troubleshoot VPN tunnel connectivity
Debugging tools for network connectivity in VPC
Troubleshoot network issues between:
1. EC2 Windows instance in a VPC & an on-premises host
2. EC2 Linux instance in a VPC & an on-premises host
Design and implement host-based security
Identity and Access Management – 20%
Design and implement a scalable authorization and authentication system to access AWS resources
AWS Identity & Access Management (IAM)
Review High-Availability IAM Design Patterns
Security Best Practices in IAM
Identity Federation:
Troubleshoot an authorization and authentication system to access AWS resources
Troubleshoot IAM:
1. When working with Amazon EC2
2. When working with Amazon S3
Data Protection – 22%
Design and implement key management and use
What is AWS Key Management Service (KMS)?
Understand the Key Management Service Concepts
Whitepaper: Key Management Service Best Practices
Share Customer Master Keys (CMKs) across multiple AWS accounts
Troubleshoot key management
Troubleshoot a custom key store
A few troubleshooting scenarios with Amazon S3:
1. ‘Access Denied' errors when accessing a bucket encrypted by KMS key
2. ‘Access Denied' error when uploading files to S3 bucket with KMS encryption
Design and implement a data encryption solution for data at rest and data in transit
How do you protect your data at rest?
How do you protect your data in transit?
Encryption At Rest (KMS with different AWS services):
1. How Amazon DynamoDB uses AWS KMS?
2. How Amazon Elastic Block Store uses AWS KMS?
3. How Amazon S3 encrypts data at rest with AWS KMS?
4. How Amazon Redshift uses AWS Key Management Service?
5. How Relational Database Service (RDS) encrypts data with AWS KMS?
…and pretty much every other AWS service in the documentation.
Protecting Data in Transit
This brings us to the end of the AWS Certified Security Specialty [SCS-C01] Exam Preparation Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are looking for other AWS certificate exams study guides, check out this page
Follow/Like ravikirans.com to receive updates
Sign up for Newsletter
Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
