• Skip to primary navigation
  • Skip to content
  • Skip to footer
 AREA RISERVATA
 800-177596
 CHI SIAMO
 CONTATTACI
 AREA RISERVATA
 CONTATTACI
 800-177596

Vega Training

Vega Training

Formazione Certificata Ovunque

  • Corsi
  • Corsi per Tecnologia
  • Corsi per Vendor
    • Amazon AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud
    • VMware
    • CompTIA
    • Cisco
    • Check Point
    • Fortinet
    • Huawei
  • Certificazioni
  • Calendario

Certificazione AWS Certified Security – Specialty

Corsi e Certificazioni Amazon AWS - Amazon Web Service - AWS Certification - Formazione AWS - Cloud Practtioner - Solution Architect - DevOps Engineer - Developer - SysOps Administrator - Aws Machine Learning - AWS Security - AWS Database - AWS Data Analytics - AWS Specialty

Certificazione AWS Certified Security – Specialty

Panoramica | Svolgimento e Durata | Prerequisiti
Argomenti D’esame   |  Corsi di Preparazione

Panoramica   Svolgimento e Durata
Prerequisiti
Argomenti D’esame    Corsi di Preparazione

PANORAMICA

Certificazione AWS Certified Security – Specialty - Security Engineering on AWS;

Esame AWS Certified Security – Specialty;

 

The AWS Certified Security – Specialty (SCS-C01) exam is intended for individuals who perform a security role. The exam validates a candidate’s ability to effectively demonstrate knowledge about securing the AWS platform.

The exam also validates whether a candidate has the following:

  • An understanding of specialized data classifications and AWS data protection mechanisms
  • An understanding of data-encryption methods and AWS mechanisms to implement them
  • An understanding of secure internet protocols and AWS mechanisms to implement them
  • A working knowledge of AWS security services and features of services to provide a secure production environment
  • Competency from 2 or more years of production deployment experience in using AWS security services and features
  • The ability to make tradeoff decisions with regard to cost, security, and deployment complexity to meet a set of application requirements
  • An understanding of security operations and risks

Per conseguire la Certificazione AWS Certified Security – Specialty è necessario sostenere con successo il seguente esame:
AWS SCS-C01;

Corsi propedeutici alla certificazione

Corsi di Preparazione:

  • AWS Security Essentials
  • Security Engineering on AWS
  • Exam Readiness: AWS Certified Security – Specialty

Conttaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti CLICCA QUI.
Oppure chiamaci subito al nostro numero verde  800-177596.

 SVOLGIMENTO E DURATA

Esame AWS Certified Security – Specialty Durata 170 minuti circa 65 quesiti;

Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.

 PREREQUISITI

Si consiglia la frequentazione dei seguenti corsi:

  • AWS Security Essentials;
  • Security Engineering on AWS;
  • Exam Readiness: AWS Certified Security – Specialty;

ARGOMENTI D’ESAME

Esame AWS Certified Security – Specialty – SCS-C01

Domain 1: Incident Response

  • Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
  • Given an AWS Abuse report about an EC2 instance, securely isolate the instance as part of a forensic investigation.
  • Analyze logs relevant to a reported instance to verify a breach, and collect relevant data.
  • Capture a memory dump from a suspected instance for later deep analysis or for legal compliance reasons.
  • Verify that the Incident Response plan includes relevant AWS services.
  • Determine if changes to baseline security configuration have been made.
  • Determine if list omits services, processes, or procedures which facilitate Incident Response.
  • Recommend services, processes, procedures to remediate gaps.
  • Evaluate the configuration of automated alerting, and execute possible remediation of security related incidents and emerging issues.
  • Automate evaluation of conformance with rules for new/changed/removed resources.
  • Apply rule-based alerts for common infrastructure misconfigurations.
  • Review previous security incidents and recommend improvements to existing systems.

 

Domain 2: Logging and Monitoring

  • Design and implement security monitoring and alerting.
  • Analyze architecture and identify monitoring requirements and sources for monitoring statistics.
  • Analyze architecture to determine which AWS services can be used to automate monitoring and alerting.
  • Analyze the requirements for custom application monitoring, and determine how this could be achieved.
  • Set up automated tools/scripts to perform regular audits.
  • Troubleshoot security monitoring and alerting.
  • Given an occurrence of a known event without the expected alerting, analyze the service
  • functionality and configuration and remediate.
  • Given an occurrence of a known event without the expected alerting, analyze the permissions and remediate.
  • Given a custom application which is not reporting its statistics, analyze the configuration and remediate.
  • Review audit trails of system and user activity.
  • Design and implement a logging solution.
  • Analyze architecture and identify logging requirements and sources for log ingestion.
  • Analyze requirements and implement durable and secure log storage according to AWS best practices.
  • Analyze architecture to determine which AWS services can be used to automate log ingestion and analysis.
  • Troubleshoot logging solutions.
  • Given the absence of logs, determine the incorrect configuration and define remediation steps.
  • Analyze logging access permissions to determine incorrect configuration and define remediation steps.
  • Based on the security policy requirements, determine the correct log level, type, and sources.

 

Domain 3: Infrastructure Security

  • Design edge security on AWS.
  • For a given workload, assess and limit the attack surface.
  • Reduce blast radius (e.g. by distributing applications across accounts and regions).
  • Choose appropriate AWS and/or third-party edge services such as WAF, CloudFront and Route 53 to protect against DDoS or filter application-level attacks.
  • Given a set of edge protection requirements for an application, evaluate the mechanisms to prevent and detect intrusions for compliance and recommend required changes.
  • Test WAF rules to ensure they block malicious traffic.
  • Design and implement a secure network infrastructure.
  • Disable any unnecessary network ports and protocols.
  • Given a set of edge protection requirements, evaluate the security groups and NACLs of an application for compliance and recommend required changes.
  • Given security requirements, decide on network segmentation (e.g. security groups and NACLs) that allow the minimum ingress/egress access required.
  • Determine the use case for VPN or Direct Connect.
  • Determine the use case for enabling VPC Flow Logs.
  • Given a description of the network infrastructure for a VPC, analyze the use of subnets and gateways for secure operation.
  • Troubleshoot a secure network infrastructure.
  • Determine where network traffic flow is being denied.
  • Given a configuration, confirm security groups and NACLs have been implemented correctly.
  • Design and implement host-based security.
  • Given security requirements, install and configure host-based protections including Inspector, SSM.
  • Decide when to use host-based firewall like iptables.
  • Recommend methods for host hardening and monitoring.

 

Domain 4: Identity and Access Management

  • Design and implement a scalable authorization and authentication system to access AWS resources.
  • Given a description of a workload, analyze the access control configuration for AWS services and make recommendations that reduce risk.
  • Given a description how an organization manages their AWS accounts, verify security of their root user.
  • Given your organization’s compliance requirements, determine when to apply user policies and resource policies.
  • Within an organization’s policy, determine when to federate a directory services to IAM.
  • Design a scalable authorization model that includes users, groups, roles, and policies.
  • Identify and restrict individual users of data and AWS resources.
  • Review policies to establish that users/systems are restricted from performing functions beyond their responsibility, and also enforce proper separation of duties.
  • Troubleshoot an authorization and authentication system to access AWS resources.
  • Investigate a user’s inability to access S3 bucket contents.
  • Investigate a user’s inability to switch roles to a different account.
  • Investigate an Amazon EC2 instance’s inability to access a given AWS resource.

 

Domain 5: Data Protection

  • Design and implement key management and use.
  • Analyze a given scenario to determine an appropriate key management solution.
  • Given a set of data protection requirements, evaluate key usage and recommend required changes.
  • Determine and control the blast radius of a key compromise event and design a solution to contain the same.
  • Troubleshoot key management.
  • Break down the difference between a KMS key grant and IAM policy.
  • Deduce the precedence given different conflicting policies for a given key.
  • Determine when and how to revoke permissions for a user or service in the event of a compromise.
  • Design and implement a data encryption solution for data at rest and data in transit.
  • Given a set of data protection requirements, evaluate the security of the data at rest in a workload and recommend required changes.
  • Verify policy on a key such that it can only be used by specific AWS services.
  • Distinguish the compliance state of data through tag-based data classifications and automate remediation.
  • Evaluate a number of transport encryption techniques and select the appropriate method (i.e. TLS, IPsec, client-side KMS encryption).

 CORSI DI PREPARAZIONE

  • AWS Security Essentials;
  • Security Engineering on AWS;
  • Exam Readiness: AWS Certified Security – Specialty;
CONTATTACI
UN NOSTRO CONSULENTE
TECNICO

Servizio attivo dal lunedì al giovedì 09.00-13.00 e 15.00-19.00 e Il venerdì dalle 09.00-13.00.

FORMAZIONE A DISTANZA

APPROFONDISCI

FORMAZIONE AZIENDALE

APPROFONDISCI

LABORATORIO LAVORO

APPROFONDISCI

LABORATORIO REMOTO

APPROFONDISCI

RICHIEDI CONSULENZA

APPROFONDISCI
ALTRE CERTIFICAZIONI
Cisco CCNA
DevNet Associate
CCNP Enterprise
Huawei HCIA R&S
CCNP Service Provider
CCNP Collaboration
Cisco Cybersecurity
CompTIA PenTest+
Fortinet NSE4
Fortinet NSE5
CCNP Security
Check Point CCSA
Palo Alto PCNSA
Check Point CCSE
CompTIA Linux+
Docker DCA
Kubernetes CKA
CompTIA A+
Windows Server 2019
Azure Administrator
AWS Solutions Architect
Google Cloud Engineer
Alibaba Cloud Computing
Azure Developer
VMware VCP-DCV
CCNP Data Center
Oracle SQL
Azure Database Admin
Azure Data Scientist Associate
Power BI
Java OCA
Programming C#
Python PCAP Associate
Altre Certificazioni

Footer

CHI SIAMO


Formazione Aziendale
Formazione a Distanza
Laboratorio Remoto
Casi di successo
Partner e convenzioni
Marketplace
About Vega Training

DIRITTI E PRIVACY


Privacy
Cookie
ISO 9001
Contatti

QUICK LINKS


Corsi Cisco
Corsi Check Point
Corsi Fortinet
Corsi Huawei
Corsi Microsoft
Corsi Google Cloud
Corsi Alibaba Cloud
Corsi VMware
Corsi CompTIA

CONTATTI



Dall’estero: +39 02 87168254
[email protected]

Trustpilot

Vega Training® SRL - Piva: 01985170743 - Copyright 2022