Certified Security - Specialty
  1. Rooms
  2. Certified Security - Specialty

Sign Up Free or Log In to participate!

Certified Security Speciality (Beta) Notes

AWS Certified Security (BETA) NOTES

Section – IAM

  • In-depth understanding of IAM functionality and capabilities

  • In-depth knowledge of policy format.

  • Cross-account role setup and management

  • Difference between Role, Group, IAM User, and Policy

  • How user policy interact with resource policy

Reference

https://aws.amazon.com/documentation/iam/

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Section – Auditing

Reference

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html

https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html

https://aws.amazon.com/blogs/aws/aws-config-rules-dynamic-compliance-checking-for-cloud-resources/

Section – Encryption

  • AWS encryption offerings

  • S3 Server encryption

  • CloudHSM operation.

  • AWS managed keys vs. customer-managed keys

  • AWS KMS setup and operation.

  • Exam is very heavy on encryption at rest

  • Master vs. data key

  • Encryption in flight (TLS)

Reference

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

https://docs.aws.amazon.com/kms/latest/developerguide/overview.html

https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html

Section – Forensic

  • How as security engineer you recover from a breach.

  • How do you do penetration testing AWS environment?

  • How do you handle AWS abuse notice?

  • What is AWS Artifact

Section – ACL/Network Security

  • Security group vs. network ACL

  • WAF

  • AWS Shield

Reference

https://aws.amazon.com/documentation/waf/

https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

Section – Connectivity 

  • VPN 

  • Direct Connect 

Reference

https://d0.awsstatic.com/whitepapers/aws-amazon-vpc-connectivity-options.pdf

Even though exam blueprint list out compliance, there were no compliance-related questions.

lincupel

Thanks Irfan for your feedback and breakdown with links.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization