The AWS Certified Security Specialty is a certification based around securing applications in AWS. It is one one three specialty certifications offered by AWS. The certification focuses on five components or domains when designing and operating security in the cloud.

Course Introduction
Getting Started
Course Introduction

00:02:49

About the Training Architect

00:02:15

Introduction to the Security Runbook Interactive Diagram

00:04:39

Course Features and Tools

00:11:02

Domain 1 : Incident Response
Domain 1 - Introduction
Domain 1 - Introduction

00:06:12

1.1 - Given an AWS Abuse Notice, Evaluate a Suspected Compromised Instance or Exposed Access Keys
AWS Abuse Notification

00:17:04

Responding to AWS Abuse Notifications

00:15:18

Hands-On Lab: Performing a Source Code Security Scan Using git-secrets in AWS

1.2 Verify that the Incident Response plan includes relevant AWS services.
What is Incident Response?

00:08:20

Incident Response Framework: Part 1

00:21:50

Incident Response Framework: Part 2

00:13:35

1.3 Evaluate the Configuration of Automated Alerting and Execute Possible Remediation of Security-Related Incidents and Emerging Issues
Automated Alerting

00:30:08

Automated Incident Response

00:12:02

CloudTrail Automation Example

00:11:10

Hands-On Lab: Enabling AWS VPC Flow Logs with Automation

Domain 2 : Logging and Monitoring
Domain 2 - Introduction
Logging and Monitoring Introduction

00:02:02

2.3 Design and Implement a Logging Solution
CloudTrail Logging

00:22:51

CloudWatch Logs: CloudTrail

00:14:14

CloudWatch Logs: VPC Flow Logs

00:16:59

CloudWatch Logs: Agent for EC2

00:22:47

CloudWatch Logs: DNS Query Logs

00:09:46

S3 Access Logs

00:10:18

Multi-Account: Centralized Logging

00:22:04

Hands-On Lab: Working with AWS CloudWatch Logs for Incident Response

2.4 Troubleshoot Logging Solutions
Troubleshoot Logging

00:25:39

Multi-Account: Troubleshoot Logging

00:11:24

Hands-On Lab: Troubleshooting CloudTrail and S3 Logging Issues in AWS

2.1 Design and implement security monitoring and alerting.
S3 Events

00:18:59

CloudWatch Logs: Metric Filters and Custom Metrics

00:14:11

CloudWatch Events

00:20:40

Multi-Account: CloudWatch Event Buses

00:14:45

AWS Config

00:23:20

AWS Inspector

00:21:33

Hands-On Lab: Automatic Resource Remediation with AWS Config

Hands-On Lab: Automatic Remediation of Inspector Findings in AWS

2.2 Troubleshoot security monitoring and alerting.
Troubleshoot CloudWatch Events

00:18:05

Hands-On Lab: Troubleshooting a Detection, Alerting, and Response Workflow in AWS

Domain 3: Infrastructure Security
3.1 Design Edge Security on AWS
CloudFront

00:31:30

Restricting S3 to CloudFront

00:11:11

Signed URLs and Cookies

00:26:44

CloudFront Geo Restriction

00:09:27

Forcing S3 Encryption

00:14:18

S3 Cross Region Replication (CRR) - Security

00:17:10

Web Application Firewall (WAF) and AWS Shield

00:23:07

Hands-On Lab: Blocking Web Traffic with WAF in AWS

3.2 Design and implement a secure network infrastructure.
VPC Design and Security

00:20:51

Security Groups

00:22:12

Network Access Control Lists (NACLs)

00:18:42

VPC Peering

00:35:23

VPC Endpoints

00:30:22

Serverless Security

00:10:23

NAT Gateways

00:13:30

Egress-Only Internet Gateways

00:13:44

Bastion Hosts / Jump Boxes

00:09:06

Hands-On Lab: Configuring Layered Security in an AWS VPC

3.3 Troubleshoot a secure network infrastructure.
Troubleshoot a VPC

00:15:27

3.4 Design and implement host-based security.
AWS Host/Hypervisor Security (disk/memory)

00:10:53

Host Proxy Servers

00:05:42

Host-Based IDS/IPS

00:09:13

Systems Manager

00:18:02

Packet Capture on EC2

00:09:28

Hands-On Lab: Install an Intrusion Prevention System (IPS) on an EC2 Instance

Identity and Access Management
4.1 Design and Implement a Scalable Authorization and Authentication System to Access AWS Resources.
IAM Policies

00:25:18

Users, Groups, and Roles

00:29:14

Permission Boundaries and Policy Evaluation

00:17:21

Organizations and Service Control Policies

00:18:57

Resource Policies: S3 Bucket Policies

00:15:38

Resource Policies: KMS Key Policies

00:13:39

Cross-Account Access to S3 Buckets and Objects

00:17:53

Identity Federation

00:22:40

AWS Systems Manager Parameter Store

00:18:24

4.2 Troubleshoot an Authorization and Authentication System to Access AWS Resources.
Troubleshooting Permissions Union (IAM//RESOURCE//ACL)

00:09:44

Troubleshooting Cross-Account Roles

00:12:57

Troubleshooting Identity Federation

00:05:52

Troubleshooting KMS CMK's

00:07:20

Data Protection
5.1 Design and implement key management and use.
Key Management System (KMS)

00:28:11

KMS in a Multi-Account Configuration

00:08:24

CloudHSM

00:17:05

5.2 Troubleshoot key management.
Troubleshooting KMS Permissions

00:08:29

KMS Limits

00:10:44

Hands-On Lab: Troubleshoot KMS Key Policies

5.3 Design and implement a data encryption solution for data at rest and data in transit.
Data At Rest: KMS

00:16:11

Data At Rest: S3 Client-side Encryption Options

00:06:25

Data In Transit: Certificate Manager (ACM)

00:07:23

Encryption SDKs

00:05:55

Compliance Examples

00:08:59

Hands-On Lab: Create and Manage SSL Certificates with AWS Certificate Manager

Conclusion
Practice Exam
Practice Exam: AWS Certified Security Specialty

04:00:00

Final Steps
How to Prepare for the Exam

00:10:50

What's Next After Certification?

00:04:53

Get Recognized!

00:01:01


DOWNLOAD
uploadgig


rapidgator


nitroflare