AWS certified security specialty-SCS-C02 Training Course

AWS Certified Advanced Networking - Specialty Training

Best AWS certified security specialty-SCS-C02 Training Course

Nux Software Solutions Training Institute offers premier cloud computing training throughout Coimbatore. AWS, a robust cloud services platform, provides compute power, content delivery, database storage, and other functionalities to help businesses grow. Our AWS cloud training is designed to impart an in-depth understanding of AWS architectural principles and services, enabling learners to grasp how cloud computing is reshaping IT architecture.

As the leading AWS training provider in Coimbatore and Tamil Nadu, Nux Software Solutions boasts experienced professionals with expertise in designing applications and systems on AWS. Our trainers guide students through recommended courses, labs, and exams to develop the technical skills required for AWS certification.

Our state-of-the-art lab infrastructure is accessible 24/7, catering to professionals, corporate clients, individuals, and those seeking live project and industrial training. We have successfully placed graduates in over 500 registered companies and trained more than 10,000 students and professionals, all of whom now hold esteemed positions in their respective fields. Join Nux Software Solutions for the best AWS training and certification in Coimbatore and advance your cloud computing career today.

AWS Certified Security Specialty (SCS-C02) Syllabus

Chapter 1

Introduction, The Exam Blueprint

Chapter 2

Security 101, Security Basics, Security of AWS, Shared Responsibility Model, Security in AWS, Chapter 2 Summary

Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.

  • Given an AWS Abuse report about an EC2 instance, securely isolate the instance as part of a forensic investigation.
  • Analyze logs relevant to a reported instance to verify a breach, and collect relevant data.
  • Capture a memory dump from a suspected instance for later deep analysis or for legal compliance reasons.

    • Chapter 3

    p>Identity Access Management, S3 & Security Policies, IAM Recap, IAM Root Users, IAM Policies 101, S3 Bucket Policies, S3 ACL's, Conflicting Policies - The Key To Passing Your Exam, Forcing Encryption Using S3, Cross Region Replication And S3, Forcing S3 to Use CloudFront, Custom SSL Certificates With CloudFront, S3 Pre-signed URLs, Security Token Services With Active Directory, Web Identity Federation, Cognito, Cognito Lab, Glacier Vault Lock, AWS Organizations & Service Control Policies, IAM Credential Report, Chapter 3 Summary

    Verify that the Incident Response plan includes relevant AWS services.

  • Determine if changes to baseline security configuration have been made.
  • Determine if list omits services, processes, or procedures which facilitate Incident Response.
  • Recommend services, processes, procedures to remediate gaps

    • Chapter 4

    Logging And Monitoring, CloudTrail - Turning It On, CloudTrail - Protecting Your Logs, CloudWatch 101, AWS Config 101, AWS Config Lab, Set Up An Alert If The Root User Logs In, Cloud HSM, Inspector & Trusted Advisor, Logging With AWS - White Paper, Chapter 4 Summary

    Design and implement security monitoring and alerting.
  • Analyze architecture and identify monitoring requirements and sources for monitoring statistics.
  • Analyze architecture to determine which AWS services can be used to automate monitoring and alerting.
  • Analyze the requirements for custom application monitoring, and determine how this could be achieved.
  • Set up automated tools/scripts to perform regular audits.

    • Chapter 5

    Infrastructure Security, KMS Part 1, KMS Part 2, KMS Part 3, KMS Part 4, KMS Key Rotation Options, Using Your Own Key Pairs - Mac Users Only, Using Your Own Key Pairs - Windows Users Only, Using KMS With EBS, EC2 & Key Pairs, EC2 & Key Pairs - Part 2, AWS Market Place Security Products, AWS WAF & AWS Shield, Dedicated Instances vs Dedicated Hosts, AWS Hypervisors, KMS Grants, KMS ViaService, Cross Account Access To KMS CMKs, Introduction To Microservices, Introduction To Containers, Containers Lab, Container Security, Chapter 5 Summary

    Troubleshoot logging solutions.
  • Given the absence of logs, determine the incorrect configuration and define remediation steps.
  • Analyze logging access permissions to determine incorrect configuration and define remediation steps.
  • Based on the security policy requirements, determine the correct log level, type, and sources.

    • Chapter 6

    Data Protection With VPCs, VPC Introduction, Setting Up Our VPC Part 1, Setting Up Our VPC Part 2, Nat Instances & Nat Gateways, NACLs vs Security Groups, Application Load Balancers & custom VPC's, Elastic Load Balancers and TLS/SSL Termination, VPC Flow Logs, NAT's vs Bastions, Session Manager, Session Manager Lab, VPC End Points, CloudHSM - Introduction, CloudHSM - Setup & Initializing Our Cluster, CloudHSM - Installing and Configuring Our Client, CloudHSM - User Management & Generating & Exporting Keys, CloudHSM - Clean Up, VPC - Clean Up, Amazon DNS, Transit Gateway, Chapter 6 Summary

    Design and implement host-based security.
  • Given security requirements, install and configure host-based protections including Inspector, SSM.
  • Decide when to use host-based firewall like iptables.
  • Recommend methods for host hardening and monitoring.

    • Chapter 7

    Incident Response & AWS In The Real World, DDOS Overview, WAF Integration, EC2 Has Been Hacked! What should you do?, I've Leaked My Keys On Github Accidentally, Reading CloudTrail Logs, Pen Testing - AWS Market Place, AWS Certificate Manager, Perfect Forward Secrecy and ALBs, API Gateway - Throttling & Caching, AWS Systems Manager Parameter Store, AWS Systems Manager Run Command, Compliance in AWS

    Design and implement a scalable authorization and authentication system to access AWS resources.
  • Given a description of a workload, analyze the access control configuration for AWS services and make recommendations that reduce risk.
  • Given a description how an organization manages their AWS accounts, verify security of their root user.
  • Given your organization’s compliance requirements, determine when to apply user policies and resource policies.
  • Within an organization’s policy, determine when to federate a directory services to IAM.
  • Design a scalable authorization model that includes users, groups, roles, and policies

    • Chapter 8

    Updates Based On Student Feedback, Introduction To Athena, Athena Lab, Introduction To Macie, Macie Lab, Introduction To GuardDuty, GuardDuty Lab, Secrets Manager, Simple Email Service, Security Hub, Security Hub Lab, Network Packet Inspection, Active Directory Federation With AWS, AWS Artifact, Additional Resources For Exam Preparation

    Troubleshoot key management.
  • Break down the difference between a KMS key grant and IAM policy.
  • Deduce the precedence given different conflicting policies for a given key.
  • Determine when and how to revoke permissions for a user or service in the event of a compromise

    • Chapter 9

    Troubleshooting Scenarios, Troubleshooting Monitoring & Alerting, Lambda Lab, Troubleshooting Logging, Troubleshooting Secure Network Infrastructure, Troubleshooting Authentication & Authorization, Troubleshooting Cross Account Access With STS:AssumeRole, Troubleshooting Lambda Access, Troubleshooting Access To CMKs in KMS

    Design and implement a data encryption solution for data at rest and data in transit
  • Given a set of data protection requirements, evaluate the security of the data at rest in a workload and recommend required changes.
  • Verify policy on a key such that it can only be used by specific AWS services.
  • Distinguish the compliance state of data through tag-based data classifications and automate remediation.
  • Evaluate a number of transport encryption techniques and select the appropriate method (i.e. TLS, IPsec, client-side KMS encryption).

    • Related Posts