AWS-Security-Specialty Exam

Practice Tests to pass Amazon Web Services Security-Specialty Exam.
Udemy
platform
English
language
IT Certification
category
instructor
AWS-Security-Specialty Exam
1
students
169 questions
content
Nov 2021
last update
$13.99
regular price

Why take this course?

based on the AWS Certified Security – Speciality exam guide provided, here's a comprehensive breakdown of the topics covered under each domain for the AWS Certified Security – Specialty certification:

Domain 1: Governance & Compliance (2.0)

Design and implement a governance strategy that complies with enterprise, industry, and regulatory requirements.

  • Define the Shared Responsibility Model for AWS security and data confidentiality.
  • Implement AWS Config rules to enforce compliance.
  • Use AWS Trusted Advisor for security checks and recommendations.
  • Set up and manage AWS KMS keys for encryption and data key protection.
  • Apply tagging strategies to organize resources, enforce compliance, and automate compliance checks with AWS Config.
  • Monitor and define a strategy for continuous compliance (e.g., using AWS Security Hub).

Troubleshoot governance and compliance.

  • Analyze an environment to identify non-compliant resources or misconfigurations.
  • Determine the source of non-compliance when an organization fails an audit.
  • Adjust AWS KMS key policies for stricter access control to adhere to new regulatory requirements.

Domain 2: Risk & Compliance (2.0)

Design and implement a monitoring and logging solution.

  • Analyze architecture and identify monitoring and logging requirements, including data sources and log storage.
  • Implement durable, scalable, and secure logging solutions according to AWS best practices.
  • Automate log ingestion using Amazon Cloud (AWS) services like Amazon CloudWatch, Amazon CloudWatch Events, and AWS Lambda.

Troubleshoot monitoring and logging for threats and vulnerabilities.

  • Investigate why certain alarms or logs were not captured as expected.

Domain 3: Infrastructure Security (3.0)

Design and implement cloud infrastructure security measures.

  • Implement a virtual private network (VPN) using AWS Virtual Private Network (AWS VPN) and AWS Direct Connect (DX).
  • Design and implement identity federation using SAML, AWS Cognito User Pools, or AWS IAM Roles for access to resources securely.

Troubleshoot cloud infrastructure security measures.

  • Investigate a lack of data flow or access in the AWS network stack.

Domain 4: Identity (4.0)

Design and implement an identity federation solution that provides secure access to shared resources.

  • Define roles using AWS IAM.
  • Implement fine-grained permissions using AWS IAM policies and roles.

Troubleshoot secure access to shared resources.

  • Investigate why a user or service principal cannot access AWS services as expected.

Domain 5: Data Protection (5.0)

Design and implement key management and use.

  • Analyze a given scenario to determine an appropriate key management solution using AWS Key Management Service (AWS KMS).

Troubleshoot key management.

  • Break down the difference between a KMS key grant and IAM policy.

Design and implement a data encryption solution for data at rest and data in transit.

  • Evaluate the security of data at rest in a workload and recommend required changes.

Troubleshoot data encryption.

  • Determine when and how to revoke permissions for a user or service in the event of a compromise.

Domain 6: Incident Response (6.0)

Design and implement security incident response and detection.

  • Set up Amazon CloudWatch alarms and AWS Security Center findings for unusual behavior.

Troubleshoot security incident response and detection.

  • Investigate the cause of an abnormal or unusual behavior alarm trigger in the AWS environment.

Disclaimers:

  • Numnore Courses Practice Tests are not related to, affiliated with, endorsed or authorized by Amazon.
  • Trademarks, Certification & Product names are used for reference only and belong to Amazon.

Loading charts...

4400600
udemy ID
16/11/2021
course created date
04/12/2023
course indexed date
Bot
course submited by
AWS-Security-Specialty Exam - | Comidoc