AWS Certified Security - Specialty Exam Guide

▶What this book covers
？ Chapter 1, AWS Certified Security Specialty Exam Coverage, provides you with an understanding of the different assessment topics that will be covered throughout the exam across the five different domains, including incident response, logging and monitoring, infrastructure security, identity and access management, and data protection.

？ Chapter 2, AWS Shared Responsibility Model, looks at the different security models (infrastructure, container, and abstract) that define where your responsibility as a customer implementing, controlling, and managing security in AWS starts and ends, in addition to the responsibilities of AWS, which controls the security of the cloud.

？ Chapter 3, Access Management, outlines the core concepts of identity and access management through the use of users, groups, and roles, and the differences between them. It also dives into the different types of roles available and EC2 instance profiles, before finishing with an understanding of how to implement multi-factor authentication.

？ Chapter 4, Working with Access Policies, takes a deep look at the multitude of different access policies that exist across the AWS environment, and which policy type should be used in different circumstances.

You will also learn how to read JSON policies to evaluate their permissions and the steps involved to implement cross-account access.

？ Chapter 5, Federated and Mobile Access, provides you with a comprehensive understanding of different federated access methods, including enterprise identity and social identity federation to provide a single sign-on approach to your AWS environment. In addition, you will also be introduced to the Amazon Cognito service to understand access control through mobile applications and devices.

？ Chapter 6, Securing EC2 Instances, tackles the best approach to secure your instance infrastructure using a variety of techniques. These include performing vulnerability scans using Amazon Inspector, how to manage your EC2 key pairs, using AWS Systems Manager to effectively administer your fleet of EC2 instances, and also, should a security breach occur, how to isolate your EC2 instances for forensic investigation.

？ Chapter 7, Configuring Infrastructure Security, enables you to gain a full understanding and awareness of the range of Virtual Private Cloud (VPC) security features that AWS offers to effectively secure your VPC environments. By the end of the chapter, you will be able to confidently build a secure multi-subnet VPC using internet gateways, route tables, network access control lists, security groups, bastion hosts, NAT gateways, subnets, and virtual private gateways.

？ Chapter 8, Implementing Application Security, looks at how to minimize and mitigate threats against your application architecture using different AWS services to prevent them from being compromised. You will also be introduced to the configuration of securing your elastic load balancers using certificates and how to secure your APIs using AWS API Gateway.

？ Chapter 9, DDoS Protection, highlights how to utilize different AWS features and services to minimize threats against this very common attack to ensure that your infrastructure is not hindered or halted by the threat. You will gain an understanding of the different DDoS attack patterns and how AWS Shield can be used to provide added protection.

？ Chapter 10, Incident Response, explains the process and steps to manage a security incident and the best practices to help you reduce the blast radius of the attack. You will understand how to prepare for such incidents and the necessary response actions to isolate the issue using a forensic account.

？ Chapter 11, Securing Connections to Your AWS Environment, provides you with an understanding of the different methods of securely connecting your on-premise data centers to your AWS cloud environment using both a Virtual Private Network (VPN) and ...