AWS Certified Security-Specialty Certification – Linuxacademy
Course Details
The AWS Certified Security Specialty is a certification based around securing applications in AWS. It is one one three specialty certifications offered by AWS. The certification focuses on five components or domains when designing and operating security in the cloud. These are:
Identity and Access Management Detective Controls Infrastructure Protection Data Protection Incident Response
This course has been developed to provide you with the requisite knowledge to not only pass the AWS Certified Security Specialty certification exam but also gain the hands-on experience required to become a qualified AWS security specialist working in a real-world environment.
Please connect with us at slack.linuxacademy.com in the #security channel if you have questions or feedback.
Syllabus
Course Introduction
Getting Started
Course Introduction
00:02:49
About the Training Architect
00:02:15
Introduction to the Security Runbook Interactive Diagram
00:04:39
Course Features and Tools
00:11:02
Domain 1 : Incident Response
Domain 1 – Introduction
Domain 1 – Introduction
00:06:12
1.1 – Given an AWS Abuse Notice, Evaluate a Suspected Compromised Instance or Exposed Access Keys
AWS Abuse Notification
00:17:04
Responding to AWS Abuse Notifications
00:15:18
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Performing a Source Code Security Scan Using git-secrets in AWS
00:30:00
AWS Abuse Notification
00:15:00
1.2 Verify that the Incident Response plan includes relevant AWS services.
What is Incident Response?
00:08:20
Incident Response Framework: Part 1
00:21:50
Incident Response Framework: Part 2
00:13:35
Incident Response Plan
00:15:00
1.3 Evaluate the Configuration of Automated Alerting and Execute Possible Remediation of Security-Related Incidents and Emerging Issues
Automated Alerting
00:30:08
Automated Incident Response
00:12:02
CloudTrail Automation Example
00:11:10
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Enabling AWS VPC Flow Logs with Automation
00:45:00
Domain 2 : Logging and Monitoring
Domain 2 – Introduction
Logging and Monitoring Introduction
00:02:02
2.1 Design and implement security monitoring and alerting.
S3 Events
00:18:59
CloudWatch Logs: Metric Filters and Custom Metrics
00:14:11
CloudWatch Events
00:20:40
Multi-Account: CloudWatch Event Buses
00:14:45
AWS Config
00:23:20
AWS Inspector
00:21:33
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Automatic Resource Remediation with AWS Config
01:30:00
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Automatic Remediation of Inspector Findings in AWS
01:30:00
Design, Implement, and Troubleshoot Monitoring and Alerting
00:45:00
2.2 Troubleshoot security monitoring and alerting.
Troubleshoot CloudWatch Events
00:18:05
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Troubleshooting a Detection, Alerting, and Response Workflow in AWS
01:00:00
2.3 Design and Implement a Logging Solution
CloudTrail Logging
00:22:51
CloudWatch Logs: CloudTrail
00:14:14
CloudWatch Logs: VPC Flow Logs
00:16:59
CloudWatch Logs: Agent for EC2
00:22:47
CloudWatch Logs: DNS Query Logs
00:09:46
S3 Access Logs
00:10:18
Multi-Account: Centralized Logging
00:22:04
2.4 Troubleshoot Logging Solutions
Troubleshoot Logging
00:25:39
Multi-Account: Troubleshoot Logging
00:11:24
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Troubleshooting CloudTrail and S3 Logging Issues in AWS
00:30:00
Domain 3: Infrastructure Security
3.1 Design Edge Security on AWS
CloudFront
00:31:30
Restricting S3 to CloudFront
00:11:11
Signed URLs and Cookies
00:26:44
CloudFront Geo Restriction
00:09:27
Forcing S3 Encryption
00:14:18
S3 Cross Region Replication (CRR) – Security
00:17:10
Web Application Firewall (WAF) and AWS Shield
00:23:07
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Blocking Web Traffic with WAF in AWS
00:30:00
3.2 Design and implement a secure network infrastructure.
VPC Design and Security
00:20:51
Security Groups
00:22:12
Network Access Control Lists (NACLs)
00:18:42
VPC Peering
00:35:23
VPC Endpoints
00:30:22
Serverless Security
00:10:23
NAT Gateways
00:13:30
Egress-Only Internet Gateways
00:13:44
Bastion Hosts / Jump Boxes
00:09:06
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Configuring Layered Security in an AWS VPC
00:30:00
3.3 Troubleshoot a secure network infrastructure.
Troubleshoot a VPC
00:15:27
3.4 Design and implement host-based security.
AWS Host/Hypervisor Security (disk/memory)
00:10:53
Host Proxy Servers
00:05:42
Host-Based IDS/IPS
00:09:13
Systems Manager
00:18:02
Packet Capture on EC2
00:09:28
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Install an Intrusion Prevention System (IPS) on an EC2 Instance
00:30:00
Identity and Access Management
4.1 Design and Implement a Scalable Authorization and Authentication System to Access AWS Resources.
IAM Policies
00:25:18
Users, Groups, and Roles
00:29:14
Permission Boundaries and Policy Evaluation
00:17:21
Organizations and Service Control Policies
00:18:57
Resource Policies: S3 Bucket Policies
00:15:38
Resource Policies: KMS Key Policies
00:13:39
Cross-Account Access to S3 Buckets and Objects
00:17:53
Identity Federation
00:22:40
AWS Systems Manager Parameter Store
00:18:24
4.2 Troubleshoot an Authorization and Authentication System to Access AWS Resources.
Troubleshooting Permissions Union (IAM//RESOURCE//ACL)
00:09:44
Troubleshooting Cross-Account Roles
00:12:57
Troubleshooting Identity Federation
00:05:52
Troubleshooting KMS CMK’s
00:07:20
Data Protection
5.1 Design and implement key management and use.
Key Management System (KMS)
00:28:11
KMS in a Multi-Account Configuration
00:08:24
CloudHSM
00:17:05
5.2 Troubleshoot key management.
Troubleshooting KMS Permissions
00:08:29
KMS Limits
00:10:44
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Troubleshoot KMS Key Policies
00:30:00
5.3 Design and implement a data encryption solution for data at rest and data in transit.
Data At Rest: KMS
00:16:11
Data At Rest: Server-side encryption with SSE-C
00:06:25
Data In Transit: Certificate Manager (ACM)
00:07:23
Encryption SDKs
00:05:55
Compliance Examples
00:08:59
Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.
Create and Manage SSL Certificates with AWS Certificate Manager
00:30:00
Conclusion
Practice Exam
AWS Certified Security Specialty
04:00:00
Final Steps
How to Prepare for the Exam
00:10:50
What’s Next After Certification?
00:04:53
Get Recognized!
00:01:01
Course Features
Our platform enhances courses beyond just videos with unique features. Learn more.
Certification Prep Course
This course can help prepare you for a certification exam.
Earn a Certificate of Completion
When you complete this course, you’ll receive a certificate of completion as proof
