Practitioner Level

9 Hands-on labs

AWS Certified Security – Specialty (SCS-C01)

By Andru Estes

This course is designed to help you obtain the working knowledge and skills required to sit the AWS Certified Security - Specialty exam.

See Pricing

28 hours

90 Lessons
9 Hands-On Labs
6 Course Quizzes
3 Practice Exams

About the course

This course is designed to help you obtain the working knowledge and skills required to sit the AWS Certified Security – Specialty exam. Through taking this course, you will gain hands-on experience securing AWS services and environments, as well as be able to identify and evaluate security considerations and implement mitigation strategies.

Contact Sales See Pricing

Chapter 1 5 Lessons Introduction 26:27

Course Introduction
2:27

Exploring the Cloud Playground
4:28

About the Exam
9:47

Using the AWS CLI and AWS SDK
3:51

Shared Responsibility Model
5:54
Chapter 2 22 Lessons Identity and Access Management Domain 7:01:00

IAM Refresher
9:30

Important AWS Root User Account Concepts
4:37

Exploring AWS Identities - Part 1
8:46

Exploring AWS Identities - Part 2
10:43

Granting and Denying Access via IAM Policies
14:02

Interpreting IAM Policies
13:13

Create and Assume Roles in AWS
1:00:00 Hands-On Lab

Demo: Troubleshooting Conflicting IAM Policies
14:06

Demo: Setting Permissions Boundaries
14:22

Demo: Generating IAM Credential Reports
7:22

Create Users and Manage Permissions Using Groups and Policies in IAM
30:00 Hands-On Lab

Importance of AWS Security Token Service (STS)
12:25

Demo: Using Different STS Sources
17:10

Using EC2 Roles and Instance Profiles in AWS
1:30:00 Hands-On Lab

Using Web Identity Federation
7:47

Creating User Pools and Identity Pools in Amazon Cognito
10:47

Authentication with AWS Directory Service - Part 1
10:18

Authentication with AWS Directory Service - Part 2
10:21

Demo: Logging In to AWS via AWS Single Sign-On (SSO)
11:59

Leveraging AWS Organizations for AWS Account Access
16:00

Section Summary
17:32

Identity and Access Management in AWS
30:00 Quiz
Chapter 3 13 Lessons Logging and Monitoring Domain 4:24:30

Logging and Metrics Using Amazon CloudWatch
14:25

Demo: Sending Custom Logs to CloudWatch
14:28

Using CloudWatch for Resource Monitoring
30:00 Hands-On Lab

Auditing AWS Accounts with AWS CloudTrail
14:41

Demo: Examining CloudTrail Events
11:55

Logging with Amazon Kinesis and Amazon OpenSearch (Elasticsearch)
11:02

Demo: Querying Data with Amazon Athena
9:36

Demo: Enabling VPC Flow Logs Part 1
6:54

Demo: Enabling VPC Flow Logs Part 2
11:05

Work with AWS VPC Flow Logs for Network Monitoring
1:30:00 Hands-On Lab

Continuously Auditing AWS with AWS Audit Manager
9:23

Section Summary
11:01

Logging and Monitoring Using AWS Services
30:00 Quiz
Chapter 4 15 Lessons Incident Response Domain 2:53:34

Recording AWS Resource Changes with AWS Config
14:59

Remediating EC2 Auto Scaling Group Modifications with EventBridge
30:00 Hands-On Lab

Demo: Analyzing Environments with AWS Trusted Advisor
10:19

Threat Detection with Amazon GuardDuty
7:59

Demo: Viewing Amazon GuardDuty Findings
4:57

Remediating Amazon GuardDuty Findings
5:29

Demo: Account Checkups with the AWS Health Dashboard
7:20

Assessing EC2 Instances with Amazon Inspector
9:29

Demo: Inspecting EC2 Instances
6:49

Automated Patching Using AWS Systems Manager
15:41

Demo: Incident Response and Recovery with AWS Systems Manager
10:44

Security Compliance Reporting Using AWS Artifact
5:41

Responding to AWS Abuse Notices
4:18

Section Summary
9:49

Incident Response Within AWS
30:00 Quiz
Chapter 5 22 Lessons Infrastructure Security Domain 5:14:01

AWS Key Management Service (KMS) Fundamentals
13:25

Implementing Envelope Encryption with AWS KMS
8:28

Demo: Generating Data Keys for Envelope Encryption
10:25

Demo: Multi-Region Keys, Imports, and Deletion with AWS KMS
8:22

Creating and Securing Customer Managed Keys with AWS KMS
30:00 Hands-On Lab

Creating More Secure Keys with AWS CloudHSM
10:41

Blocking Malicious Traffic with AWS WAF and AWS Firewall Manager
14:55

Demo: Implementing AWS WAF on Application Load Balancers
11:31

Intrusion Detection and Prevention via AWS Network Firewall
10:40

Locking Down CloudFront Distributions Integrated with Amazon S3
13:07

Setting Up AWS CloudFront as an HTTPS Endpoint for S3
1:00:00 Hands-On Lab

Securing HTTP Calls with Lambda@Edge
10:35

Preventing DDoS Attacks with AWS Shield
6:48

Auditing Compromised Resources with AWS Security Hub
8:27

Demo: Exploring Security Scores in AWS Security Hub
4:38

Network Security via VPNs
8:33

Customizing VPCs, Routing, and Security Controls - Part 1
8:26

Customizing VPCs, Routing, and Security Controls - Part 2
10:51

Securely Connecting to VPCs
12:28

Private Service Connections via VPC Endpoints
7:02

Section Summary
14:39

Securing Our AWS Infrastructure
30:00 Quiz
Chapter 6 10 Lessons Data Protection Domain 2:09:15

TLS Certificate Management with AWS Certificate Manager (ACM)
14:13

Secure Elastic Load Balancing (ELB) - Part 1
13:12

Secure Elastic Load Balancing (ELB) - Part 2
5:20

Demo: Deploying a TLS-Secured Application Load Balancer
9:02

Demo: Increasing Security within DynamoDB
9:59

Controlling Sensitive Data with Amazon Macie
9:44

Secure Storage with Amazon S3
13:33

Advanced S3 Security Configuration
30:00 Hands-On Lab

Section Summary
9:12

Protecting Our Data in AWS
15:00 Quiz
Chapter 7 8 Lessons Miscellaneous Services and Concepts 1:04:18

Section Overview
1:34

Controlling Access to Amazon QuickSight
7:20

Demo: Complicated KMS-Related Issues - Recovering Encrypted EBS Volumes
10:01

Parameter Store and Secrets Manager for Sensitive Data
14:51

Filtering and Rejecting EC2 Instance Traffic
3:28

Kinesis Encryption
5:02

Section Summary
7:02

Miscellaneous AWS Security Knowledge Review
15:00 Quiz
Chapter 8 4 Lessons Conclusion 8:16:12

Congratulations! What's Next?
1:12

AWS Certified Security - Specialty 2022
2:45:00 Quiz

AWS Certified Security - Specialty 2022 B
2:45:00 Quiz

AWS Certified Security - Specialty 2022 C
2:45:00 Quiz

What are Hands-on Labs

What's the difference between theoretical knowledge and real skills? Practical real-world experience. That's where Hands-on Labs come in! Hands-on Labs are guided, interactive experiences that help you learn and practice real-world scenarios in real cloud environments. Hands-on Labs are seamlessly integrated in courses, so you can learn by doing.

AWS Certified Security – Specialty (SCS-C01)

About the course

Lab Highlights

Course Introduction

Exploring the Cloud Playground

About the Exam

Using the AWS CLI and AWS SDK

Shared Responsibility Model

IAM Refresher

Important AWS Root User Account Concepts

Exploring AWS Identities - Part 1

Exploring AWS Identities - Part 2

Granting and Denying Access via IAM Policies

Interpreting IAM Policies

Create and Assume Roles in AWS

Demo: Troubleshooting Conflicting IAM Policies

Demo: Setting Permissions Boundaries

Demo: Generating IAM Credential Reports

Create Users and Manage Permissions Using Groups and Policies in IAM

Importance of AWS Security Token Service (STS)

Demo: Using Different STS Sources

Using EC2 Roles and Instance Profiles in AWS

Using Web Identity Federation

Creating User Pools and Identity Pools in Amazon Cognito

Authentication with AWS Directory Service - Part 1

Authentication with AWS Directory Service - Part 2

Demo: Logging In to AWS via AWS Single Sign-On (SSO)

Leveraging AWS Organizations for AWS Account Access

Section Summary

Identity and Access Management in AWS

Logging and Metrics Using Amazon CloudWatch

Demo: Sending Custom Logs to CloudWatch

Using CloudWatch for Resource Monitoring

Auditing AWS Accounts with AWS CloudTrail

Demo: Examining CloudTrail Events

Logging with Amazon Kinesis and Amazon OpenSearch (Elasticsearch)

Demo: Querying Data with Amazon Athena

Demo: Enabling VPC Flow Logs Part 1

Demo: Enabling VPC Flow Logs Part 2

Work with AWS VPC Flow Logs for Network Monitoring

Continuously Auditing AWS with AWS Audit Manager

Section Summary

Logging and Monitoring Using AWS Services

Recording AWS Resource Changes with AWS Config

Remediating EC2 Auto Scaling Group Modifications with EventBridge

Demo: Analyzing Environments with AWS Trusted Advisor

Threat Detection with Amazon GuardDuty

Demo: Viewing Amazon GuardDuty Findings

Remediating Amazon GuardDuty Findings

Demo: Account Checkups with the AWS Health Dashboard

Assessing EC2 Instances with Amazon Inspector

Demo: Inspecting EC2 Instances

Automated Patching Using AWS Systems Manager

Demo: Incident Response and Recovery with AWS Systems Manager

Security Compliance Reporting Using AWS Artifact

Responding to AWS Abuse Notices

Section Summary

Incident Response Within AWS

AWS Key Management Service (KMS) Fundamentals

Implementing Envelope Encryption with AWS KMS

Demo: Generating Data Keys for Envelope Encryption

Demo: Multi-Region Keys, Imports, and Deletion with AWS KMS

Creating and Securing Customer Managed Keys with AWS KMS

Creating More Secure Keys with AWS CloudHSM

Blocking Malicious Traffic with AWS WAF and AWS Firewall Manager

Demo: Implementing AWS WAF on Application Load Balancers

Intrusion Detection and Prevention via AWS Network Firewall

Locking Down CloudFront Distributions Integrated with Amazon S3

Setting Up AWS CloudFront as an HTTPS Endpoint for S3

Securing HTTP Calls with Lambda@Edge

Preventing DDoS Attacks with AWS Shield

Auditing Compromised Resources with AWS Security Hub

Demo: Exploring Security Scores in AWS Security Hub

Network Security via VPNs

Customizing VPCs, Routing, and Security Controls - Part 1

Customizing VPCs, Routing, and Security Controls - Part 2

Securely Connecting to VPCs

Private Service Connections via VPC Endpoints

Section Summary

Securing Our AWS Infrastructure