Amazon

AWS Certified Security Study Guide: Specialty (SCS-C01)

(FLU-SCS-C01.AE1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • What Does This Course Cover?
  • AWS Certified Security Study Guide–Specialty (SCS-C01) Exam Objectives
  • Objective Map
2

Security Fundamentals

  • Introduction
  • Understanding Security
  • Basic Security Concepts
  • Foundational Networking Concepts
  • Main Classes of Attacks
  • Risk Management
  • Well-Known Security Frameworks and Models
  • Summary
  • Exam Essentials
3

Cloud Security Principles and Frameworks

  • Introduction
  • Cloud Security Principles Overview
  • The Shared Responsibility Model
  • AWS Compliance Programs
  • AWS Well‐Architected Framework
  • AWS Marketplace
  • Summary
  • Exam Essentials
4

Identity and Access Management

  • Introduction
  • IAM Overview
  • How AWS IAM Works
  • Access Management in Amazon S3
  • Identity Federation
  • Multi-Account Management with AWS Organizations
  • Microsoft AD Federation with AWS
  • Protecting Credentials with AWS Secrets Manager
  • Summary
  • Exam Essentials
5

Detective Controls

  • Introduction
  • Stage 1: Resources State
  • Stage 2: Events Collection
  • Stage 3: Events Analysis
  • Stage 4: Action
  • Summary
  • Exam Essentials
6

Infrastructure Protection

  • Introduction
  • AWS Networking Constructs
  • Network Address Translation
  • Security Groups
  • Network Access Control Lists
  • Elastic Load Balancing
  • VPC Endpoints
  • VPC Flow Logs
  • AWS Web Application Firewall
  • AWS Shield
  • Summary
  • Exam Essentials
7

Data Protection

  • Introduction
  • AWS Key Management Service
  • Creating a Customer Master Key in AWS KMS
  • Understanding the Cloud Hardware Security Module
  • AWS Certificate Manager
  • Protecting Your S3 Buckets
  • Amazon Macie
  • Summary
  • Exam Essentials
8

Incident Response

  • Introduction
  • Incident Response Maturity Model
  • Incident Response Best Practices
  • Reacting to Specific Security Incidents
  • Summary
  • Exam Essentials
9

Security Automation

  • Introduction
  • Security Automation Overview
  • Event-Driven Security
  • Using AWS Lambda for Automated Security Response
  • WAF Security Automations
  • AWS Config Auto Remediation
  • Automating Resolution of Findings Using AWS Security Hub
  • Aggregate and Resolve Issues with AWS Systems Manager
  • Summary
  • Exam Essentials
10

Security Troubleshooting on AWS

  • Introduction
  • Using Troubleshooting Tools and Resources
  • Common Access Control Troubleshooting Scenarios
  • Encryption and Decryption Troubleshooting Scenarios
  • Network and Connectivity Troubleshooting Scenarios
  • Summary
  • Exam Essentials
11

Creating Your Security Journey in AWS

  • Introduction
  • Where to Start?
  • Mapping Security Controls
  • Security Journey Phased Example
  • Summary
  • Exam Essentials
A

Appendix A: AWS Security Services Portfolio

  • Amazon Cognito
  • Amazon Detective
  • Amazon GuardDuty
  • Amazon Inspector
  • Amazon Macie
  • AWS Artifact
  • AWS Certificate Manager
  • AWS CloudHSM
  • AWS Directory Service
  • AWS Firewall Manager
  • AWS Identity and Access Management
  • AWS Key Management Service
  • AWS Resource Access Manager
  • AWS Secrets Manager
  • AWS Security Hub
  • AWS Shield
  • AWS Single Sign-On
  • AWS Web Application Firewall
B

Appendix B: DevSecOps in AWS

  • Introduction
  • Dev + Sec + Ops
  • AWS Developer  Tools
  • Creating a CI/CD Using AWS  Tools
  • Evaluating Security in Agile Development
  • Creating the Correct Guardrails Using SAST and DAST
  • Security as Code: Creating Guardrails and Implementing Security by Design

1

Cloud Security Principles and Frameworks

  • Using the Well-Architected Tool
2

Identity and Access Management

  • Creating an IAM Policy
  • Creating an IAM Role
  • Creating a Secure Amazon SQS Queue
  • Enabling Access Logging for an Amazon S3 Bucket
  • Creating an Amazon Cognito User Pool
3

Detective Controls

  • Enabling CloudTrail
  • Configuring an Amazon SNS Topic with IAM Policies and Encryption
  • Configuring a Security-Focused CloudWatch Alarm
  • Detecting Threats with GuardDuty
4

Infrastructure Protection

  • Deploying a Public and Private Subnet with Security Controls
  • Deploying a Security-Hardened Custom VPC
  • Locking Down Security Groups with IAM Conditions
  • Configuring a Security-Enhanced ELB
  • Creating an Interface Endpoint
  • Creating a Secure Virtual Private Gateway
  • Restricting S3 Access via a VPC Endpoint Policy
  • Configuring AWS Client VPN for Secure Remote Access
  • Securing Gateway Endpoints with IAM Conditions
  • Configuring and Monitoring a Secure Internet Gateway
  • Creating a Kinesis Firehose Delivery Stream
  • Analyzing VPC Flow Logs with Athena for Security Insights
5

Data Protection

  • Creating and Disabling an AWS KMS Key
  • Creating an AWS CloudHSM Cluster
  • Creating CloudFront
  • Enforcing S3 Bucket Security
6

Incident Response

  • Using Amazon EC2 with Basic Security Controls
7

Security Automation

  • Analyzing Security Logs in AWS Lambda Using CloudWatch
8

Security Troubleshooting on AWS

  • Creating a Transit Gateway
  • Implementing AWS Transit Gateway with Network Segmentation
  • Implementing Secure Route Tables with Network Segmentation

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More