Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
AWS Certified Security – Specialty Exam Guide
AWS Certified Security – Specialty Exam Guide

AWS Certified Security – Specialty Exam Guide: Build your cloud security knowledge and expertise as an AWS Certified Security Specialist (SCS-C01)

Arrow left icon
Profile Icon Palomar Profile Icon Stuart Scott
Arrow right icon
$20.98 $29.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (7 Ratings)
eBook Sep 2020 558 pages 1st Edition
eBook
$20.98 $29.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Palomar Profile Icon Stuart Scott
Arrow right icon
$20.98 $29.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (7 Ratings)
eBook Sep 2020 558 pages 1st Edition
eBook
$20.98 $29.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$20.98 $29.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

AWS Certified Security – Specialty Exam Guide

AWS Certified Security - Specialty Exam Coverage

The AWS Certified Security – Specialty exam has been designed to assess and validate the ability of the candidate to demonstrate their knowledge across a number of AWS security domains, including awareness, understanding, and capability in securing AWS architecture, services, resources, and data.

This initial chapter will explain in detail the requirements that you need in order to pass the exam, and highlight the domains and topics that will be assessed. It is important to understand these requirements before progressing through the rest of this book to ensure that you are aware of what you will be tested on. This will allow you to determine where your strengths and weaknesses lie, thereby allowing you to spend more time on those areas. 

This chapter will take you through the following topics:

  • The aim of the certification
  • Intended audience
  • Domains accessed 
  • Exam details

The aim of the certification

The aim of the certification is to validate the candidate's knowledge across the following areas, as defined by AWS (source: AWS Certified Security Specialty (SCS-C01) Exam Guide):

  • An understanding of specialized data classifications and AWS data protection mechanisms
  • An understanding of data encryption methods and AWS mechanisms to implement them
  • An understanding of secure internet protocols and AWS mechanisms to implement them
  • Working knowledge of AWS security services and the features of services used to provide a secure production environment
  • Competency gained from 2 or more years of production deployment experience using AWS security services and features
  • The ability to make trade-off decisions with regard to cost, security, and deployment complexity given a set of application requirements
  • An understanding of security operations and risks

Upon completion of this book, you will feel ready to take and sit this exam with confidence, and achieve the much sought-after AWS Certified Security – Specialty certification.

Intended audience

This exam is intended for candidates like you who are responsible for maintaining and implementing AWS security across a range of environments. Those of you in the following roles or similar would be ideally suited to attempt this certification:

  • Cloud security consultant
  • Cloud security architect
  • Cloud security engineer
  • DevSecOps engineer
  • Cloud security specialist

Although these roles are typically the target audience of this certification, the certification itself is available to anyone; there are no prerequisites in terms of other certifications for taking this exam.

Domains assessed

In the exam, there are five domains that have been defined by AWS that you will be assessed against, each with a different percentage weighting level, as shown in the following table:

Domain

Weighting level

Incident response 

12%

Logging and monitoring

20%

Infrastructure security

26%

Identity and access management

20%

Data protection

22%

 

Attention must be paid to each domain to ensure you feel confident and comfortable with the topics, services, and features that may crop up in your exam. Let me break down these domains further to allow you to gain a deeper understanding of exactly what is tested within each domain.

Domain 1 – Incident response

This domain tests your understanding of how best to identify, respond to, and resolve AWS incidents across a range of services, and has been broken down into the following three elements:

  • 1.1: Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys: Here, you will be expected to know how to respond to such an incident and the steps required to remediate the issue and take the appropriate action, depending on the affected resource in question.
  • 1.2: Verify that the incident response plan includes the relevant AWS services: When an incident occurs within an AWS environment, you must be able to utilize the appropriate AWS resources to identify, isolate, and resolve the issue as quickly as possible, without affecting or hindering other AWS infrastructure and resources.
  • 1.3: Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues: Proactive monitoring and speed are two key elements when analyzing your infrastructure for potential issues, in addition to utilizing automated services. You must have a solid understanding of these features, and how they can assist you to spot a potential problem and help you to resolve the issue.

Being able to identity, verify, and remediate incidents as they occur within your environment allows you to effectively isolate your resources before the blast radius of the security incident expands wider within your infrastructure.

Domain 2 – Logging and monitoring

This domain determines your ability to implement and troubleshoot solutions relating to logging, monitoring, and alerting. You will need to be able to deploy, operate, and troubleshoot solutions relating to these four components within your AWS infrastructure:

  • 2.1: Design and implement security monitoring and alerting: You must have full comprehension of the available monitoring and alerting services within AWS. In addition, you must also be aware of how these can be utilized and integrated to implement an effective solution for monitoring your infrastructure for security threats and vulnerabilities.
  • 2.2: Troubleshoot security monitoring and alerting: Implementing a monitoring and alerting system is one thing, but being able to resolve issues with the solution and design is another. You must be aware of how the architecture is coupled together and the prerequisites for specific AWS features.
  • 2.3: Design and implement a logging solution: Data held in logs generated from services and applications can provide a wealth of information to help you identify a potential security breach. Therefore, it's imperative that you have a sound awareness of how to implement a solution to capture and record log data.
  • 2.4: Troubleshoot logging solutions: Similar to 2.2, your knowledge of logging solutions has to go deeper than implementation; you have to understand the key components, concepts, and how components depend on one another to enable you to resolve any incidents.

You must understand the complexities and importance of monitoring and logging and how they can be used together as an effective security tool.

Domain 3 – Infrastructure security

The infrastructure security domain assesses your ability to architect security best practices across your AWS architecture, from an individual host, to your VPC, and then to the outer reaches of your edge infrastructure. This domain carries the highest percentage mark across your certification, so it's key that you understand all the concepts and components:

  • 3.1: Design edge security on AWS: A thorough understanding of Amazon CloudFront and its security capabilities and controls is a must, in addition to other edge services offered by AWS.
  • 3.2: Design and implement a secure network infrastructure: Here, you will be tested on your knowledge of Virtual Private Cloud (VPC) infrastructure, and how to architect an environment to meet different security needs using route tables, Network Access Control Lists (NACLs), bastion hosts, NAT gateways, Internet Gateway (IGWs), and security groups.
  • 3.3: Troubleshoot a secure network infrastructure: This follows on from point 3.2, which ensures that you have a deep level of security architecture, enabling you to quickly pinpoint the most likely cause of misconfiguration from a security perspective.
  • 3.4: Design and implement host-based security: This will focus on security controls that can be enabled and configured on individual hosts, such as your Elastic Compute Cloud (EC2) instances.

A VPC is one of the first elements you are likely to build within your AWS account. Understanding how to protect your VPC is key in maintaining a level of protection over the rest of your resources running within it.

Domain 4 – Identity and Access Management (IAM)

This domain will focus solely on everything access control-related regarding the IAM service and how to control access to your AWS resources. IAM must be understood inside out and it is essential that you have the knowledge and confidence to spot errors in IAM JSON policies:

  • 4.1: Design and implement a scalable authorization and authentication system to access AWS resources: I can't emphasize enough the importance of understanding IAM at a deep level. This point will test your knowledge of authentication and authorization mechanisms, from multi-factor authorization to implementing conditional-based IAM policies used for cross-account access.
  • 4.2: Troubleshoot an authorization and authentication system to access the AWS resources domain: Here, you will be required to demonstrate your ability to resolve complex permission-based issues with your AWS resources.

Access control is covered in detail in the exam, so you must be familiar with all things relating to access management, and specifically the IAM service. You need to be able to read access policies to determine the resulting access of that policy.

Domain 5 – Data protection

The last domain requires you to have a solid understanding and awareness of how data within AWS can be protected through an encryption mechanism, both at rest and in transit. You will be assessed on services relating to encryption, specifically the Key Management Service (KMS):

  • 5.1: Design and implement key management and use: This point requires you to demonstrate your knowledge when it comes to encryption using KMS. You must be aware of when, how, and why this service is used, and which services can benefit from the features it offers.
  • 5.2: Troubleshoot key management: Data encryption keys are a powerful tool to help protect your data, but you must understand how you can configure the permissions surrounding these keys and what to look for when troubleshooting issues relating to data encryption and customer master keys.
  • 5.3: Design and implement a data encryption solution for data at rest and data in transit: Here, you will be assessed on your understanding of encryption as a whole. You must demonstrate that you have the knowledge to encrypt data in any state using the correct configuration, depending on a set of requirements.

It is of no surprise that the Security Specialty exam will assess your understanding of encryption, which will be centered around two key services, AWS KMS and AWS CloudHSM. The KMS service integrates with many different AWS services to offer a level of encryption, so make sure that you are familiar with all the components of KMS.

Exam details

Much like all other AWS certifications, the exam format consists of multiple-choice questions. You will have 170 minutes to answer 65 questions, which is just over 2.5 minutes per question. You should have plenty of time, provided you have studied well and are confident in the domain areas I just discussed. 

Some questions are scenario-based and do take a little longer to process and answer, but don't panic; focus on what's being asked and eliminate the obviously wrong answers. It is likely there will be two that you can rule out. Take your time and re-read the question before deciding on your final answer.

The passing score for this certification is 750 out of 1,000 (75%). The exam itself is USD 300 and it must be taken at an AWS authorized testing center, which can all be booked online through the AWS website, at https://aws.amazon.com/certification/.

Summary

In this chapter, we primarily focused on the different domains that you will be assessed against when taking your exam. I wanted to provide a deeper understanding of what each of the domain points might assess you against in order to allow you to understand where your strengths and weaknesses might lie. As you progress through the chapters, you will gain an understanding sufficient to cover all elements that have been discussed within this chapter to ensure that you are prepared for your certification.

In the next chapter, we'll begin by looking at the foundation of security in AWS, the AWS shared responsibility model, and how an understanding of this plays an important role in understanding AWS security as a whole.

Questions

As we conclude, here is a list of questions for you to test your knowledge regarding this chapter's material. You will find the answers in the Assessments section of the Appendix:

  1. True or false: You need to complete a few other certifications as a prerequisite for the AWS Certified Security – Specialty certification.
  2. How many domains have been defined by AWS that you will be assessed against in the exam?
  3. The AWS Certified Security – Specialty certification consists of how many questions? (Choose one)
    • 55 questions
    • 60 questions
    • 65 questions
    • 75 questions

Further reading

Left arrow icon Right arrow icon

Key benefits

  • Learn the fundamentals of security with this fast-paced guide
  • Develop modern cloud security skills to build effective security solutions
  • Answer practice questions and take mock tests to pass the exam with confidence

Description

AWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions. From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security,and deployment complexity. By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.

Who is this book for?

If you are a system administrator or a security professional looking to get AWS security certification, this book is for you. Prior experience in securing cloud environments is necessary to get the most out of this AWS book.

What you will learn

  • Understand how to identify and mitigate security incidents
  • Assign appropriate Amazon Web Services (AWS) resources to underpin security requirements
  • Work with the AWS shared responsibility model
  • Secure your AWS public cloud in different layers of cloud computing
  • Discover how to implement authentication through federated and mobile access
  • Monitor and log tasks effectively using AWS

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Sep 07, 2020
Length: 558 pages
Edition : 1st
Language : English
ISBN-13 : 9781789537260
Vendor :
Amazon
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Sep 07, 2020
Length: 558 pages
Edition : 1st
Language : English
ISBN-13 : 9781789537260
Vendor :
Amazon
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 147.97
AWS Penetration Testing
$43.99
AWS Certified Security – Specialty Exam Guide
$43.99
AWS Security Cookbook
$59.99
Total $ 147.97 Stars icon
Banner background image

Table of Contents

26 Chapters
Section 1: The Exam and Preparation Chevron down icon Chevron up icon
AWS Certified Security - Specialty Exam Coverage Chevron down icon Chevron up icon
Section 2: Security Responsibility and Access Management Chevron down icon Chevron up icon
AWS Shared Responsibility Model Chevron down icon Chevron up icon
Access Management Chevron down icon Chevron up icon
Working with Access Policies Chevron down icon Chevron up icon
Federated and Mobile Access Chevron down icon Chevron up icon
Section 3: Security - a Layered Approach Chevron down icon Chevron up icon
Securing EC2 Instances Chevron down icon Chevron up icon
Configuring Infrastructure Security Chevron down icon Chevron up icon
Implementing Application Security Chevron down icon Chevron up icon
DDoS Protection Chevron down icon Chevron up icon
Incident Response Chevron down icon Chevron up icon
Securing Connections to Your AWS Environment Chevron down icon Chevron up icon
Section 4: Monitoring, Logging, and Auditing Chevron down icon Chevron up icon
Implementing Logging Mechanisms Chevron down icon Chevron up icon
Auditing and Governance Chevron down icon Chevron up icon
Section 5: Best Practices and Automation Chevron down icon Chevron up icon
Automating Security Detection and Remediation Chevron down icon Chevron up icon
Discovering Security Best Practices Chevron down icon Chevron up icon
Section 6: Encryption and Data Security Chevron down icon Chevron up icon
Managing Key Infrastructure Chevron down icon Chevron up icon
Managing Data Security Chevron down icon Chevron up icon
Mock Tests Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(7 Ratings)
5 star 71.4%
4 star 0%
3 star 28.6%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Jesus Oct 16, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Well an excellent book, very well designed and explanation of all AWS Security Topic. In my own experience work really well together with the videos, Stuart has on Cloud Academy, as to reinforce all the material. I do recommend anyone interested in AWS Security Specialty, to get this excellent book. Thanks
Amazon Verified review Amazon
s Sep 14, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
*Disclosure: I was sent an early copy for review*This book does a great job of providing readers with an overview of AWS Security that would be covered on the AWS Certified Security - Specialty exam. Readers don't need to have a comprehensive security or AWS background to read and understand the book and was a great refresher for me (a season AWS Security architect). In addition there are questions at the end of each chapter and a full exam at the end of the book to prepare you for the exam.
Amazon Verified review Amazon
Eric M Sep 25, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book covers the majority of topics that you’d expect to see on the exam. I really enjoyed the walkthroughs and demos given throughout the book. Topics are explained in a way that's easy to digest and understand which made it a valuable resource for my studies for this cert.
Amazon Verified review Amazon
Just Some Guy Jul 21, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
First of all, I'm never going to take the AWS Security Exam - that's not why I bought this book. As a developer building apps/IaC on AWS, I was hoping this book would offer a top-to-bottom overview on security on AWS. I'm happy to say it does just that.The book basically covers every aspect of security across most of the relevant AWS services and components - covering everything from keys and secrets, to IAM user/group/roles permissions, to networking, data management, auditing/logging/incident response, and more. It's covers a ton of ground.The author offer a number of step-by-step tutorials along the way on many of the most broadly important topics. Many more areas get more limited coverage - but links to further docs on AWS (and sometimes other articles/links) are usually included for further reading (should you see fit).My only real complaint about the book is that it's pretty light on CLI examples – most of the material focuses on getting things done in AWS Console (i.e. the browser). That said, what's nice is that the book includes tons of screenshots at every chapter, so you can easily make it thru the book without opening the browser at all and it will all still make sense (that's what I did).At 483 pages of content (not counting the sample exam in the last chapter) it seems like a heavy read, but thanks to all the screenshots and other graphics/code/etc., it's actually a quick and easy read – I read it all in 3 days.Final word: I don't know how well this will prepare you for the AWS Certification, but this is a great book for anyone in product/dev/ops who wants a complete overview of all things security on AWS (with plenty of good advice and best practices along the way). I highly recommend it.
Amazon Verified review Amazon
Catalin Sep 21, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I passed today the exam and I must say that the book really completed the video courses, whitepapers, reinvent and reinforce sessions. And of course the hands on real life experience.Since I've seen the book planned to be published I was really execited to get my hands on it and knowing Stuart's expertise from cloudacademy courses, I knew it will be a rich and well written book. And indeed it is.I've been playing around with AWS since 2015, and it's a challenge to keep up to date with what AWS releases almost every month, however despite some changed in the screenshots that you may find and some formatting issues on kindle, the details captured in the book are really a foundation for the exam, not forgetting about the mock exams.In my opinion maybe some personal recommendations and challenges for the reader will enrich this security journey on AWS.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.