AWS-Security-Specialty Exam

based on the AWS Certified Security – Speciality exam guide provided, here's a comprehensive breakdown of the topics covered under each domain for the AWS Certified Security – Specialty certification:

Domain 1: Governance & Compliance (2.0)

Design and implement a governance strategy that complies with enterprise, industry, and regulatory requirements.

• Define the Shared Responsibility Model for AWS security and data confidentiality.
• Implement AWS Config rules to enforce compliance.
• Use AWS Trusted Advisor for security checks and recommendations.
• Set up and manage AWS KMS keys for encryption and data key protection.
• Apply tagging strategies to organize resources, enforce compliance, and automate compliance checks with AWS Config.
• Monitor and define a strategy for continuous compliance (e.g., using AWS Security Hub).

Troubleshoot governance and compliance.

• Analyze an environment to identify non-compliant resources or misconfigurations.
• Determine the source of non-compliance when an organization fails an audit.
• Adjust AWS KMS key policies for stricter access control to adhere to new regulatory requirements.

Domain 2: Risk & Compliance (2.0)

Design and implement a monitoring and logging solution.

• Analyze architecture and identify monitoring and logging requirements, including data sources and log storage.
• Implement durable, scalable, and secure logging solutions according to AWS best practices.
• Automate log ingestion using Amazon Cloud (AWS) services like Amazon CloudWatch, Amazon CloudWatch Events, and AWS Lambda.

Troubleshoot monitoring and logging for threats and vulnerabilities.

• Investigate why certain alarms or logs were not captured as expected.

Domain 3: Infrastructure Security (3.0)

Design and implement cloud infrastructure security measures.

• Implement a virtual private network (VPN) using AWS Virtual Private Network (AWS VPN) and AWS Direct Connect (DX).
• Design and implement identity federation using SAML, AWS Cognito User Pools, or AWS IAM Roles for access to resources securely.

Troubleshoot cloud infrastructure security measures.

• Investigate a lack of data flow or access in the AWS network stack.

Domain 4: Identity (4.0)

Design and implement an identity federation solution that provides secure access to shared resources.

• Define roles using AWS IAM.
• Implement fine-grained permissions using AWS IAM policies and roles.

Troubleshoot secure access to shared resources.

• Investigate why a user or service principal cannot access AWS services as expected.

Domain 5: Data Protection (5.0)

Design and implement key management and use.

• Analyze a given scenario to determine an appropriate key management solution using AWS Key Management Service (AWS KMS).

Troubleshoot key management.

• Break down the difference between a KMS key grant and IAM policy.

Design and implement a data encryption solution for data at rest and data in transit.

• Evaluate the security of data at rest in a workload and recommend required changes.

Troubleshoot data encryption.

• Determine when and how to revoke permissions for a user or service in the event of a compromise.

Domain 6: Incident Response (6.0)

Design and implement security incident response and detection.

• Set up Amazon CloudWatch alarms and AWS Security Center findings for unusual behavior.

Troubleshoot security incident response and detection.

• Investigate the cause of an abnormal or unusual behavior alarm trigger in the AWS environment.

Disclaimers:

• Numnore Courses Practice Tests are not related to, affiliated with, endorsed or authorized by Amazon.
• Trademarks, Certification & Product names are used for reference only and belong to Amazon.