AWS Certified Security Specialty Introduction Introduction Module 1: AWS Certified Security - Specialty Basics Module introduction Lesson 1: AWS Certified Security - Specialty Basics Learning objectives 1.1 Introduction to Security 1.2 Exam Details 1.3 Course Scope Details 1.4 Certification Candidate Skills Lesson 1: Quiz Module 2: Incident Response Module introduction Lesson 2: Incident Response Learning objectives 2.1 Abuse Notice Strategies 2.2 Incident Response Basics 2.3 IR Preparation 2.
4 IR Detection & Analysis 2.5 IR Containment Eradication & Recovery 2.6 IR Post-Incident Activity 2.7 Case Study: Compromised EC2 2.8 Question Breakdown Exercise: Enable GuardDuty, Configure EventBridge Rule to Send Notification to SNS Lesson 2: Flashcards Lesson 2: Quiz Module 3: Logging and Monitoring Module introduction Lesson 3: Security Monitoring Learning objectives 3.1 Infrastructure Security Monitoring Lab: Enabling and Disabling GuardDuty Lab: Creating VPC Flow Logs 3.2 Application Security Monitoring Lab: Enabling CloudTrail 3.3 Account Security Monitoring 3.
4 Troubleshooting Security Monitoring Lab: Creating a CloudWatch Alarm 3.5 Case Study: Broken Monitoring 3.6 Question Breakdown Exercise: Enable CloudTrail for Account with S3 and CWL Lesson 3: Flashcards Lesson 3: Quiz Lesson 4: Logging Solutions Learning objectives 4.1 Access Logs Lab: Enabling Access Logging for an Amazon S3 Bucket 4.2 Execution Logs Viewing Logs Using the Lambda Console 4.3 Security Logs 4.4 Log Processing Lab: Creating a Kinesis Firehose Delivery Stream 4.5 Case Study: Automated Log Management 4.
6 Question Breakdown Exercise: Enable VPC Flow Logs on a Default VPC Lesson 4: Flashcards Lesson 4: Quiz Module 4: Infrastructure Security Module introduction Lesson 5: Infrastructure Security Part 1 Learning objectives 5.1 Edge Security 5.2 VPC Network Security Lab: Creating an AWS VPC Lab: Creating a Subnet within VPC Lab: Creating a Security Group Lab: Creating a Custom Route Table 5.3 VPC Egress Security Lab: Creating an Internet Gateway Lab: Creating a VPC Peering Connection Lab: Creating a Gateway Endpoint Lab: Creating an Interface Endpoint 5.4 Multiple VPC Strategies Lab: Creating a Transit Gateway 5.5 Case Study: Multi-scope Infrastructure Design 5.6 Question Breakdown Exercise: Configure Inbound and Outbound Network ACLs for a VPC Lesson 5: Flashcards Lesson 5: Quiz Lesson 6: Infrastructure Security Part 2 Learning objectives 6.1 Network Troubleshooting 6.
2 Host-Based Security Lab: Using Amazon EC2 Lab: Creating an SNS Topic Lab: Creating the AWS Lambda Function and Invoking It 6.3 Case Study: The Golden AMI Pipeline Lab: Creating an AMI from a Launched Instance Lab: Creating an AWS Elastic Beanstalk Application 6.4 Question Breakdown Exercise: Install Amazon Inspector Agent on EC2 and Execute Assessment Run Lesson 6: Flashcards Lesson 6: Quiz Module 5: Identity and Access Management Module introduction Lesson 7: Permissions and Roles Learning objectives 7.1 AWS Credentials 7.2 IAM Policy Details 7.3 IAM Policy Conditions 7.4 Policy Evaluation Logic 7.5 Assuming IAM Roles Lab: Creating an IAM Role Lab: Creating an IAM Policy 7.
6 Case Study: IAM Policy Examples 7.7 Question Breakdown Exercise: Create an IAM Policy with two conditions. The first condition will allow EC2 instance launch from your IP, the second condition will deny EC2 instance launch if there is no Name tag. Lesson 7: Flashcards Lesson 7: Quiz Lesson 8: Federation and Resource-based Access Control Learning objectives 8.1 SAML Federation 8.2 Cognito User Pool Federation Lab: Creating a User Pool 8.3 Cognito Identity Pool Federation 8.4 AWS SSO Federation 8.
5 AWS Organizations 8.6 S3 Access Control Lab: Creating an Amazon S3 Bucket 8.7 API Gateway and Lambda Access Control 8.8 Troubleshooting Permissions Lab: Creating an Elasticsearch Domain 8.9 Case Study: Broken Permission Examples 8.10 Question Breakdown Exercise: Create an S3 Bucket ACL to Enable Access Logs from Another S3 Bucket Lesson 8: Flashcards Lesson 8: Quiz Module 6: Data Protection Module introduction Lesson 9: Key Management Learning objectives 9.1 Symmetric Data Encryption Lab: Creating and Disabling an AWS KMS Key Lab: Creating an AWS CloudHSM Cluster 9.2 AWS KMS Basics 9.
3 AWS KMS Access Control 9.4 AWS CloudHSM 9.5 AWS Certificate Manager Lab: Creating CloudFront Lab: Creating an Elastic Load Balancer 9.6 Using Keys for Authentication 9.7 Troubleshooting Key Management 9.8 Case Study: CloudWatch Logs Encryption 9.9 Question Breakdown Exercise: Create a KMS CMK with Key Policy for S3 Server-Side Encryption Lesson 9: Flashcards Lesson 9: Quiz Lesson 10: Data Encryption At-rest and In Transit Learning objectives 10.1 Data Encryption At-rest by Default Lab: Creating a Glacier Vault Lab: Creating a DynamoDB Table and Putting Items in it 10.
2 Data Encryption At-rest as Option Lab: Creating an SQS Queue Lab: Creating an Amazon Redshift Cluster Lab: Configuring Amazon ElastiCache Lab: Creating an Amazon Elastic File System 10.3 Data Encryption At-rest Operations 10.4 Data Encryption In Transit - Web 10.5 Data Encryption In Transit - Storage 10.6 Data Encryption In Transit - Network Lab: Creating a Virtual Private Gateway 10.7 Case Study: End-to-End Encryption 10.8 Question Breakdown Exercise: Configure At-rest Encryption for an EBS Volume Lesson 10: Flashcards Lesson 10: Quiz Module 7: Next Steps Module introduction Lesson 11: Next Steps Learning objectives 11.1 Study Strategies 11.
2 Study Resources Summary Summary.