AWS Certified Security Study Guide: Specialty (SCS-C01) Exam / Edition 1 available in Paperback, eBook
AWS Certified Security Study Guide: Specialty (SCS-C01) Exam / Edition 1
- ISBN-10:
- 1119658810
- ISBN-13:
- 9781119658818
- Pub. Date:
- 01/27/2021
- Publisher:
- Wiley
AWS Certified Security Study Guide: Specialty (SCS-C01) Exam / Edition 1
Buy New
$60.00Overview
By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It’s also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.
Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.
The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.
- Covers all AWS Certified Security Specialty exam topics
- Explains AWS cybersecurity techniques and incident response
- Covers logging and monitoring using the Amazon cloud
- Examines infrastructure security
- Describes access management and data protection
With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.
Product Details
ISBN-13: | 9781119658818 |
---|---|
Publisher: | Wiley |
Publication date: | 01/27/2021 |
Series: | Sybex Study Guide , #8 |
Pages: | 496 |
Sales rank: | 644,062 |
Product dimensions: | 7.30(w) x 9.10(h) x 1.10(d) |
About the Author
DARIO GOLDFARB is a Security Solutions Architect at Amazon Web Services in Latin America. He has more than 15 years of experience in cybersecurity.
ALEXANDRE M.S.P. MORAES is a Director of Teltec, a Brazilian systems integrator that is highly specialized in Network Design, Security Architectures and Cloud Computing.
THIAGO MORAIS is the leader of Solutions Architecture teams at Amazon Web Services in Brazil. He has more than 20 years of experience in the IT industry.
MAURICIO MUÑOZ is a Sr. Manager of a Specialist Solutions Architects team at Amazon Web Services in Latin America. He's worked in IT for more than 20 years, specializing in Information Security.
MARCELLO ZILLO NETO is a Chief Security Advisor and a former Chief Information Security Officer (CISO) in Latin America. He has over 20 years of experience in cybersecurity and incident response.
GUSTAVO A. A. SANTANA is the leader of the Specialist and Telecommunications Solutions Architecture teams at Amazon Web Services in Latin America.
FERNANDO SAPATA is a Principal Business Development Manager for Serverless at Amazon Web Services in Latin America. He has more than 19 years of experience in the IT industry.
Table of Contents
Introduction xxiii
Assessment Test xxviii
Chapter 1 Security Fundamentals 1
Introduction 2
Understanding Security 2
Basic Security Concepts 6
Vulnerability, Threat, and Security Risk 6
Security Countermeasures and Enforcement 6
Confidentiality, Integrity, and Availability 7
Accountability and Nonrepudiation 7
Authentication, Authorization, and Accounting 8
Visibility and Context 8
Foundational Networking Concepts 9
The OSI Reference Model 9
The TCP/IP Protocol Stack 11
Main Classes of Attacks 14
Reconnaissance 15
Password Attacks 15
Eavesdropping Attacks 15
IP Spoofing Attacks 16
Man-in-the-Middle Attacks 16
Denial-of-Service Attacks 16
Malware Attacks 17
Phishing Attacks 18
Risk Management 18
Important Security Solutions and Services 18
Well-Known Security Frameworks and Models 27
Sample Practical Models for Guiding Security Design and Operations 28
The Security Wheel 28
The Attack Continuum Model 29
The Zero-Trust Model 32
Summary 33
Exam Essentials 33
Review Questions 36
Chapter 2 Cloud Security Principles and Frameworks 39
Introduction 40
Cloud Security Principles Overview 40
The Shared Responsibility Model 41
Different Powers, Different Responsibilities 44
AWS Compliance Programs 47
AWS Artifact Portal 50
AWS Well-Architected Framework 54
Using the AWS Well-Architected Tool 55
AWS Marketplace 58
Summary 59
Exam Essentials 60
Review Questions 61
Chapter 3 Identity and Access Management 65
Introduction 66
IAM Overview 66
How AWS IAM Works 67
Principals 67
IAM Roles 73
AWS Security Token Services 74
Access Management with Policies and Permissions 77
Access Management in Amazon S3 82
Policy Conflicts 86
Secure Data Transport in Amazon S3 86
Cross-Region Replication in Amazon S3 89
Amazon S3 Pre-signed URLs 90
Identity Federation 91
Amazon Cognito 92
Multi-Account Management with AWS Organizations 94
Service Control Policies 96
AWS Single Sign-On 97
Microsoft AD Federation with AWS 97
Protecting Credentials with AWS Secrets Manager 98
Secrets Permission Management 99
Automatic Secrets Rotation 99
Choosing between AWS Secrets Manager and AWS Systems Manager Parameter Store 100
Summary 100
Exam Essentials 101
Review Questions 104
Chapter 4 Detective Controls 107
Introduction 108
Stage 1 Resources State 110
AWS Config 111
AWS Systems Manager 117
Stage 2 Events Collection 118
AWS CloudTrail 118
Amazon CloudWatch Logs 126
Amazon CloudWatch 130
AWS Health 132
Stage 3 Events Analysis 132
AWS Config Rules 133
Amazon Inspector 135
Amazon GuardDuty 136
AWS Security Hub 139
AWS Systems Manager: State Manager, Patch Manager, and Compliance 142
AWS Trusted Advisor 143
Stage 4 Action 144
AWS Systems Manager: Automation 144
AWS Config Rules: Remediation 144
Amazon EventBridge 146
Summary 151
Exam Essentials 152
Review Questions 155
Chapter 5 Infrastructure Protection 159
Introduction 160
AWS Networking Constructs 160
Network Address Translation 172
Security Groups 178
Network Access Control Lists 184
Elastic Load Balancing 190
VPC Endpoints 196
VPC Flow Logs 200
AWS Web Application Firewall 202
AWS Shield 208
Summary 209
Exam Essentials 209
Review Questions 211
Chapter 6 Data Protection 215
Introduction 216
Symmetric Encryption 217
Asymmetric Encryption 218
Hash Algorithms 219
AWS Key Management Service 221
AWS KMS Components 223
Creating a Customer Master Key in AWS KMS 233
Creating a Key Using the Console 234
Deleting Keys in AWS KMS 236
Rotating Keys in KMS 238
Understanding the Cloud Hardware Security Module 246
Using CloudHSM with AWS KMS 250
SSL Offload Using CloudHSM 250
AWS Certificate Manager 251
Protecting Your S3 Buckets 253
Default Access Control Protection 253
Bucket and Object Encryption 254
Amazon Made 272
AWS CloudTrail Events 274
Summary 276
Exam Essentials 276
Review Questions 278
Chapter 7 Incident Response 281
Introduction 282
Incident Response Maturity Model 283
Incident Response Best Practices 289
Develop 289
Implement 290
Monitor and Test 291
Update 292
Reacting to Specific Security Incidents 292
Abuse Notifications 292
Insider Threat and Former Employee Access 294
Amazon EC2 Instance Compromised by Malware 294
Credentials Leaked 295
Application Attacks 296
Summary 296
Exam Essentials 297
Review Questions 297
Chapter 8 Security Automation 301
Introduction 302
Security Automation Overview 302
Event-Driven Security 303
Using AWS Lambda for Automated Security Response 306
Isolating Instances with Malware on Botnets 308
Automated Termination for Self-Healing Using
Auto Scaling Groups 312
Automating Isolation of Bad Actors' Access to Web Applications 313
Automating Actions upon Changes Detected by AWS CloudTrail 314
WAF Security Automations 314
AWS Config Auto Remediation 316
Amazon S3 Default Encryption with AWS Config 318
Automating Resolution of Findings Using AWS Security Hub 323
Automated Reasoning to Detect and Correct Human Mistakes 325
Aggregate and Resolve Issues with AWS Systems Manager 332
AWS Systems Manager: OpsCenter 332
AWS Systems Manager: State Manager 332
Automating Security Hygiene with AWS Systems Manager 333
Summary 333
Exam Essentials 334
Review Questions 335
Chapter 9 Security Troubleshooting on AWS 339
Introduction 340
Using Troubleshooting Tools and Resources 341
AWS CloudTrail 341
Amazon CloudWatch Logs 344
Amazon CloudWatch Events 345
Amazon EventBridge 345
Common Access Control Troubleshooting Scenarios 345
Permissions Boundary 346
Service Control Policies 348
Identity Federation Problems 348
Encryption and Decryption Troubleshooting Scenarios 349
Network and Connectivity Troubleshooting Scenarios 349
VPC Security and Filtering 350
Route Tables 351
Network Gateways 352
VPC Peering 355
VPC Flow Logs 357
Summary 359
Exam Essentials 359
Review Questions 361
Chapter 10 Creating Your Security Journey in AWS 363
Introduction 364
Where to Start? 365
Mapping Security Controls 365
Security Journey Phased Example 366
Phase 1 Infrastructure Protection 367
Phase 2 Security Insights and Workload Protection 369
Phase 3 Security Automation 370
Summary 370
Exam Essentials 371
Review Questions 372
Appendix A Answers to Review Questions 375
Chapter 1 Security Fundamentals 376
Chapter 2 Cloud Security Principles and Frameworks 377
Chapter 3 Identity and Access Management 378
Chapter 4 Detective Controls 379
Chapter 5 Infrastructure Protection 380
Chapter 6 Data Protection 381
Chapter 7 Incident Response 382
Chapter 8 Security Automation 384
Chapter 9 Security Troubleshooting on AWS 385
Chapter 10 Creating Your Security Journey in AWS 387
Appendix B AWS Security Services Portfolio 389
Amazon Cognito 390
Amazon Detective 391
Amazon GuardDuty 392
Amazon Inspector 393
Amazon Macie 393
AWS Artifact 394
AWS Certificate Manager 395
AWS CloudHSM 396
AWS Directory Service 396
AWS Firewall Manager 397
AWS Identity and Access Management 398
AWS Key Management Service 399
AWS Resource Access Manager 399
AWS Secrets Manager 400
AWS Security Hub 401
AWS Shield 401
AWS Single Sign-On 402
AWS Web Application Firewall 403
Appendix C DevSecOps in AWS 405
Introduction 406
Cultural Philosophies 407
Practices 407
Tools 409
Dev + Sec + Ops 410
Tenets of DevSecOps 411
AWS Developer Tools 411
AWS CodeCommit 412
AWS CodeBuild 412
AWS CodeDeploy 413
AWS X-Ray 413
Amazon CloudWatch 414
AWS CodePipeline 415
AWS Cloud9 415
AWS CodeStar 416
Creating a CI/CD Using AWS Tools 416
Creating a CodeCommit Repository 416
Creating an AWS CodePipeline Pipeline 419
Evaluating Security in Agile Development 432
Creating the Correct Guardrails Using SAST and DAST 435
Security as Code: Creating Guardrails and Implementing Security by Design 436
The Top 10 Proactive Controls 436
The 10 Most Critical Web Application Security Risks 439
Index 443