Preparing for the AWS Certified Security Specialty (SCS-C01) exam? Don't know where to start? This post is the AWS Certified Security Specialty Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified Security Specialty (SCS-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.
Incident Response – 12%
Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys
How to deal with account compromise/abuse notice?
Verify that the Incident Response plan includes relevant AWS services
Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues
Automate remediation steps:
Logging and Monitoring – 20%
Design and implement security monitoring and alerting
Implement security monitoring with Amazon GuardDuty:
Other tools for monitoring security & implementing alerts:
Troubleshoot security monitoring and alerting
Design and implement a logging solution
Implement a logging solution:
Capture information about the IP traffic moving in and out of the Virtual Private Network (VPC) & publish to a centralized location
Troubleshoot logging solutions
Infrastructure Security – 26%
Design edge security on AWS
Services resident at the AWS edge locations (provide a security perimeter for your apps):
Think of CloudFront as the front door to your app. So, effectively, you are moving the attack surface from your infrastructure (with sensitive data) to the edge.
Security features on AWS CloudFront edge locations:
For encrypting sensitive data (like the Credit card details) using field-specific encryption keys
Design and implement a secure network infrastructure
Troubleshoot a secure network infrastructure
Troubleshoot network issues between:
Design and implement host-based security
Identity and Access Management – 20%
Design and implement a scalable authorization and authentication system to access AWS resources
Troubleshoot an authorization and authentication system to access AWS resources
Data Protection – 22%
Design and implement key management and use
Troubleshoot key management
A few troubleshooting scenarios with Amazon S3:
Design and implement a data encryption solution for data at rest and data in transit
Encryption At Rest (KMS with different AWS services):
…and pretty much every other AWS service in the documentation.
Protecting Data in Transit
This brings us to the end of the AWS Certified Security Specialty [SCS-C01] Exam Preparation Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are looking for other AWS certificate exams study guides, check out this page
Follow/Like ravikirans.com to receive updates
Sign up for Newsletter
Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.