Call Now

+92 312 0490601

AWS Certified Security Speciality Enrollment Form


Need Help?
Get instant support from our team

Chat on WhatsApp

AWS Certified Security Speciality

About this course

This course is tailored for professionals aiming to achieve the AWS Certified Security – Specialty certification. Gain in-depth knowledge of securing applications and environments on the AWS platform. Explore advanced security concepts such as identity and access management (IAM), encryption methods, and network security. Learn to implement security controls and compliance validation processes using AWS services like AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS CloudTrail, and AWS Config. Develop expertise in designing and implementing secure architectures, including incident response and disaster recovery strategies. This course includes practical labs and scenarios to prepare you for the exam and excel in securing AWS environments effectively. Ideal for security engineers, architects, and anyone responsible for securing AWS deployments.

Course Outline

Module 1: Threat Detection and Incident Response

Design and implement an incident response plan
  • AWS best practices for incident response
  • Cloud incidents
  • Roles and responsibilities in the incident response plan
  • AWS Security Finding Format (ASFF)

 

Detect security threats and anomalies by using AWS services
  • AWS managed security services that detect threats
  • Anomaly and correlation techniques to join data across services
  • Visualizations to identify anomalies
  • Strategies to centralize security findings

 

Respond to compromised resources and workloads
  • AWS Security Incident Response Guide
  • Resource isolation mechanisms
  • Techniques for root cause analysis
  • Data capture mechanisms
  • Log analysis for event validation

 

Module 2: Security Logging and Monitoring

Design and implement monitoring and alerting to address security events
  • AWS services that monitor events and provide alarms (CloudWatch, EventBridge)
  • AWS services that automate alerting (Lambda, Amazon Simple Notification Service Amazon SNS, Security Hub)
  • Tools that monitor metrics and baselines (GuardDuty, Systems Manager)

 

Troubleshoot security monitoring and alerting
  • Configuration of monitoring services (Security Hub)
  • Relevant data that indicates security events

 

Design and implement a logging solution
  • AWS services and features that provide logging capabilities (VPC Flow Logs, DNS logs, AWS CloudTrail, Amazon CloudWatch Logs)
  • Attributes of logging capabilities (log levels, type, verbosity)
  • Log destinations and lifecycle management (retention period)

 

Troubleshoot logging solutions
  • Capabilities and use cases of AWS services that provide data sources (log level, type, verbosity, cadence, timeliness, immutability)
  • AWS services and features that provide logging capabilities (VPC Flow Logs, DNS logs, CloudTrail, CloudWatch Logs)
  • Access permissions that are necessary for logging

 

Design a log analysis solution
  • Services and tools to analyze captured logs (Athena, CloudWatch Logs filter)
  • Log analysis features of AWS services (CloudWatch Logs Insights, CloudTrail Insights, Security Hub insights)
  • Log format and components (CloudTrail logs)

 

Module 3: Infrastructure Security

Design and implement security controls for edge services
  • Security features on edge services (AWS WAF, load balancers, Amazon Route 53, Amazon CloudFront, AWS Shield)
  • Common attacks, threats, and exploits (Open Web Application Security Project OWASP Top 10, DDoS)
  • Layered web application architecture

 

Design and implement network security controls
  • VPC security mechanisms (security groups, network ACLs, AWS Network Firewall)
  • Inter-VPC connectivity (AWS Transit Gateway, VPC endpoints)
  • Security telemetry sources (Traffic Mirroring, VPC Flow Logs)
  • VPN technology, terminology, and usage
  • On-premises connectivity options (AWS VPN, AWS Direct Connect)

 

Design and implement security controls for compute workloads
  • Provisioning and maintenance of EC2 instances (patching, inspecting, creation of snapshots and AMIs, use of EC2 Image Builder)
  • IAM instance roles and IAM service roles
  • Services that scan for vulnerabilities in compute workloads (Amazon Inspector, Amazon Elastic Container Registry Amazon ECR)
  • Host-based security (firewalls, hardening)

 

Troubleshoot network security
  • How to analyze reachability (by using VPC Reachability Analyzer and Amazon Inspector)
  • Fundamental TCP/IP networking concepts (UDP compared with TCP, ports, Open Systems Interconnection OSI model, network operating system utilities)
  • How to read relevant log sources (Route 53 logs, AWS WAF logs, VPC Flow Logs)

 

Module 4: Identity & Access Management

Design, implement, and troubleshoot authentication for AWS resources
  • Methods and services for creating and managing identities (federation, identity providers, AWS IAM Identity Center AWS Single Sign-On, Amazon Cognito)
  • Long-term and temporary credentialing mechanisms
  • How to troubleshoot authentication issues (by using CloudTrail, IAM Access Advisor, and IAM policy simulator)

 

Design, implement, and troubleshoot authorization for AWS resources
  • Different IAM policies (managed policies, inline policies, identity-based policies, resource-based policies, session control policies)
  • Components and impact of a policy (Principal, Action, Resource, Condition)
  • How to troubleshoot authorization issues (by using CloudTrail, IAM Access Advisor, and IAM policy simulator)

 

Module 5: Data Protection

Design and implement controls that provide confidentiality and integrity for data in transit
  • Encryption technique selection (client-side, server-side, symmetric, asymmetric)
  • Integrity-checking techniques (hashing algorithms, digital signatures)
  • Resource policies (for DynamoDB, Amazon S3, and AWS Key Management Service AWS KMS)
  • IAM roles and policies

 

Design and implement controls that provide confidentiality and integrity for data at rest
  • Encryption technique selection (client-side, server-side, symmetric, asymmetric)
  • Integrity-checking techniques (hashing algorithms, digital signatures)
  • Resource policies (for DynamoDB, Amazon S3, and AWS Key Management Service AWS KMS)
  • IAM roles and policies

 

Design and implement controls to manage the lifecycle of data at rest
  • Lifecycle policies
  • Data retention standards

 

Design and implement controls to protect credentials, secrets, and cryptographic key materials
  • Secrets Manager
  • Systems Manager Parameter Store
  • Usage and management of symmetric keys and asymmetric keys (AWS KMS)

 

Module 6: Management and Security Governance

Develop a strategy to centrally deploy and manage AWS accounts
  • Multi-account strategies
  • Managed services that allow delegated administration
  • Policy-defined guardrails
  • Root account best practices
  • Cross-account roles

 

Implement a secure and consistent deployment strategy for cloud resources
  • Deployment best practices with infrastructure as code (IaC) (for example, AWS CloudFormation template hardening and drift detection)
  • Best practices for tagging
  • Centralized management, deployment, and versioning of AWS services
  • Visibility and control over AWS infrastructure

 

Evaluate the compliance of AWS resources
  • Data classification by using AWS services
  • How to assess, audit, and evaluate the configurations of AWS resources (by using AWS Config)

 

Identify security gaps through architectural reviews and cost analysis
  • AWS cost and usage for anomaly identification
  • Strategies to reduce attack surfaces
  • AWS Well-Architected Framework

 

$ 150

Start Your Enrollment
}

Duration

40hrs

Module

6

Need Help?
Get instant support from our team

Chat on WhatsApp

$ 150

Enroll Now
}

8

Module

6