AWS-Security-Specialty Exam
Practice Tests to pass Amazon Web Services Security-Specialty Exam.

1
students
169 questions
content
Nov 2021
last update
$13.99
regular price
Why take this course?
based on the AWS Certified Security – Speciality exam guide provided, here's a comprehensive breakdown of the topics covered under each domain for the AWS Certified Security – Specialty certification:
Domain 1: Governance & Compliance (2.0)
Design and implement a governance strategy that complies with enterprise, industry, and regulatory requirements.
- Define the Shared Responsibility Model for AWS security and data confidentiality.
- Implement AWS Config rules to enforce compliance.
- Use AWS Trusted Advisor for security checks and recommendations.
- Set up and manage AWS KMS keys for encryption and data key protection.
- Apply tagging strategies to organize resources, enforce compliance, and automate compliance checks with AWS Config.
- Monitor and define a strategy for continuous compliance (e.g., using AWS Security Hub).
Troubleshoot governance and compliance.
- Analyze an environment to identify non-compliant resources or misconfigurations.
- Determine the source of non-compliance when an organization fails an audit.
- Adjust AWS KMS key policies for stricter access control to adhere to new regulatory requirements.
Domain 2: Risk & Compliance (2.0)
Design and implement a monitoring and logging solution.
- Analyze architecture and identify monitoring and logging requirements, including data sources and log storage.
- Implement durable, scalable, and secure logging solutions according to AWS best practices.
- Automate log ingestion using Amazon Cloud (AWS) services like Amazon CloudWatch, Amazon CloudWatch Events, and AWS Lambda.
Troubleshoot monitoring and logging for threats and vulnerabilities.
- Investigate why certain alarms or logs were not captured as expected.
Domain 3: Infrastructure Security (3.0)
Design and implement cloud infrastructure security measures.
- Implement a virtual private network (VPN) using AWS Virtual Private Network (AWS VPN) and AWS Direct Connect (DX).
- Design and implement identity federation using SAML, AWS Cognito User Pools, or AWS IAM Roles for access to resources securely.
Troubleshoot cloud infrastructure security measures.
- Investigate a lack of data flow or access in the AWS network stack.
Domain 4: Identity (4.0)
Design and implement an identity federation solution that provides secure access to shared resources.
- Define roles using AWS IAM.
- Implement fine-grained permissions using AWS IAM policies and roles.
Troubleshoot secure access to shared resources.
- Investigate why a user or service principal cannot access AWS services as expected.
Domain 5: Data Protection (5.0)
Design and implement key management and use.
- Analyze a given scenario to determine an appropriate key management solution using AWS Key Management Service (AWS KMS).
Troubleshoot key management.
- Break down the difference between a KMS key grant and IAM policy.
Design and implement a data encryption solution for data at rest and data in transit.
- Evaluate the security of data at rest in a workload and recommend required changes.
Troubleshoot data encryption.
- Determine when and how to revoke permissions for a user or service in the event of a compromise.
Domain 6: Incident Response (6.0)
Design and implement security incident response and detection.
- Set up Amazon CloudWatch alarms and AWS Security Center findings for unusual behavior.
Troubleshoot security incident response and detection.
- Investigate the cause of an abnormal or unusual behavior alarm trigger in the AWS environment.
Disclaimers:
- Numnore Courses Practice Tests are not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, Certification & Product names are used for reference only and belong to Amazon.
Loading charts...
Related Topics
4400600
udemy ID
16/11/2021
course created date
04/12/2023
course indexed date
Bot
course submited by