Muutke küpsiste eelistusi

AWS Certified Security Study Guide: Specialty (SCS-C01) Exam [Pehme köide]

3.79/5 (25 hinnangut Goodreads-ist)
, , , , , ,
  • Formaat: Paperback / softback, 496 pages, kõrgus x laius x paksus: 234x188x28 mm, kaal: 907 g
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 26-Jan-2021
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119658810
  • ISBN-13: 9781119658818
Teised raamatud teemal:
  • Pehme köide
  • Hind: 59,75 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 70,30 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
  • Raamatukogudele
AWS Certified Security Study Guide: Specialty (SCS-C01) ExamSuurem pilt
  • Formaat: Paperback / softback, 496 pages, kõrgus x laius x paksus: 234x188x28 mm, kaal: 907 g
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 26-Jan-2021
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119658810
  • ISBN-13: 9781119658818
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119658818.html
Märksõnad:

Get prepared for the AWS Certified Security Specialty certification with this excellent resource

By earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It’s also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.

Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.

The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.

  • Covers all AWS Certified Security Specialty exam topics
  • Explains AWS cybersecurity techniques and incident response
  • Covers logging and monitoring using the Amazon cloud
  • Examines infrastructure security
  • Describes access management and data protection

With a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.

Introduction xxiii
Assessment Test xxviii
Chapter 1 Security Fundamentals
1(38)
Introduction
2(1)
Understanding Security
2(4)
Basic Security Concepts
6(3)
Vulnerability, Threat, and Security Risk
6(1)
Security Countermeasures and Enforcement
6(1)
Confidentiality, Integrity, and Availability
7(1)
Accountability and Nonrepudiation
7(1)
Authentication, Authorization, and Accounting
8(1)
Visibility and Context
8(1)
Foundational Networking Concepts
9(5)
The OSI Reference Model
9(2)
The TCP/IP Protocol Stack
11(3)
Main Classes of Attacks
14(4)
Reconnaissance
15(1)
Password Attacks
15(1)
Eavesdropping Attacks
15(1)
IP Spoofing Attacks
16(1)
Man-in-the-Middle Attacks
16(1)
Denial-of-Service Attacks
16(1)
Malware Attacks
17(1)
Phishing Attacks
18(1)
Risk Management
18(9)
Important Security Solutions and Services
18(9)
Well-Known Security Frameworks and Models
27(6)
Sample Practical Models for Guiding Security Design and Operations
28(1)
The Security Wheel
28(1)
The Attack Continuum Model
29(3)
The Zero-Trust Model
32(1)
Summary
33(1)
Exam Essentials
33(3)
Review Questions
36(3)
Chapter 2 Cloud Security Principles and Frameworks
39(26)
Introduction
40(1)
Cloud Security Principles Overview
40(1)
The Shared Responsibility Model
41(6)
Different Powers, Different Responsibilities
44(3)
AWS Compliance Programs
47(7)
AWS Artifact Portal
50(4)
AWS Well-Architected Framework
54(4)
Using the AWS Well-Architected Tool
55(3)
AWS Marketplace
58(1)
Summary
59(1)
Exam Essentials
60(1)
Review Questions
61(4)
Chapter 3 Identity and Access Management
65(42)
Introduction
66(1)
IAM Overview
66(1)
How AWS IAM Works
67(15)
Principals
67(6)
IAM Roles
73(1)
AWS Security Token Services
74(3)
Access Management with Policies and Permissions
77(5)
Access Management in Amazon S3
82(9)
Policy Conflicts
86(1)
Secure Data Transport in Amazon S3
86(3)
Cross-Region Replication in Amazon S3
89(1)
Amazon S3 Pre-signed URLs
90(1)
Identity Federation
91(3)
Amazon Cognito
92(2)
Multi-Account Management with AWS Organizations
94(3)
Service Control Policies
96(1)
AWS Single Sign-On
97(1)
Microsoft AD Federation with AWS
97(1)
Protecting Credentials with AWS Secrets Manager
98(2)
Secrets Permission Management
99(1)
Automatic Secrets Rotation
99(1)
Choosing between AWS Secrets Manager and AWS Systems Manager Parameter Store
100(1)
Summary
100(1)
Exam Essentials
101(3)
Review Questions
104(3)
Chapter 4 Detective Controls
107(52)
Introduction
108(2)
Stage 1 Resources State
110(8)
AWSConfig
111(6)
AWS Systems Manager
117(1)
Stage 2 Events Collection
118(14)
AWS CloudTrail
118(8)
Amazon CloudWatch Logs
126(4)
Amazon CloudWatch
130(2)
AWS Health
132(1)
Stage 3 Events Analysis
132(12)
AWS Config Rules
133(2)
Amazon Inspector
135(1)
Amazon GuardDuty
136(3)
AWS Security Hub
139(3)
AWS Systems Manager: State Manager, Patch Manager, and Compliance
142(1)
AWS Trusted Advisor
143(1)
Stage 4 Action
144(7)
AWS Systems Manager: Automation
144(1)
AWS Config Rules: Remediation
144(2)
Amazon EventBridge
146(5)
Summary
151(1)
Exam Essentials
152(3)
Review Questions
155(4)
Chapter 5 Infrastructure Protection
159(56)
Introduction
160(1)
AWS Networking Constructs
160(12)
Network Address Translation
172(6)
Security Groups
178(6)
Network Access Control Lists
184(6)
Elastic Load Balancing
190(6)
VPC Endpoints
196(4)
VPC Flow Logs
200(2)
AWS Web Application Firewall
202(6)
AWS Shield
208(1)
Summary
209(1)
Exam Essentials
209(2)
Review Questions
211(4)
Chapter 6 Data Protection
215(66)
Introduction
216(5)
Symmetric Encryption
217(1)
Asymmetric Encryption
218(1)
Hash Algorithms
219(2)
AWS Key Management Service
221(12)
AWS KMS Components
223(10)
Creating a Customer Master Key in AWS KMS
233(13)
Creating a Key Using the Console
234(2)
Deleting Keys in AWS KMS
236(2)
Rotating Keys in KMS
238(8)
Understanding the Cloud Hardware Security Module
246(5)
Using CloudHSM with AWS KMS
250(1)
SSL Offload Using CloudHSM
250(1)
AWS Certificate Manager
251(2)
Protecting Your S3 Buckets
253(19)
Default Access Control Protection
253(1)
Bucket and Object Encryption
254(18)
Amazon Macie
272(4)
AWS CloudTrail Events
274(2)
Summary
276(1)
Exam Essentials
276(2)
Review Questions
278(3)
Chapter 7 Incident Response
281(20)
Introduction
282(1)
Incident Response Maturity Model
283(6)
Incident Response Best Practices
289(3)
Develop
289(1)
Implement
290(1)
Monitor and Test
291(1)
Update
292(1)
Reacting to Specific Security Incidents
292(4)
Abuse Notifications
292(2)
Insider Threat and Former Employee Access
294(1)
Amazon EC2 Instance Compromised by Malware
294(1)
Credentials Leaked
295(1)
Application Attacks
296(1)
Summary
296(1)
Exam Essentials
297(1)
Review Questions
297(4)
Chapter 8 Security Automation
301(38)
Introduction
302(1)
Security Automation Overview
302(1)
Event-Driven Security
303(3)
Using AWS Lambda for Automated Security Response
306(8)
Isolating Instances with Malware on Botnets
308(4)
Automated Termination for Self-Healing Using Auto Scaling Groups
312(1)
Automating Isolation of Bad Actors' Access to Web Applications
313(1)
Automating Actions upon Changes Detected by AWS CloudTrail
314(1)
WAF Security Automations
314(2)
AWS Config Auto Remediation
316(7)
Amazon S3 Default Encryption with AWS Config
318(5)
Automating Resolution of Findings Using AWS Security Hub
323(9)
Automated Reasoning to Detect and Correct Human Mistakes
325(7)
Aggregate and Resolve Issues with AWS Systems Manager
332(1)
AWS Systems Manager: OpsCenter
332(1)
AWS Systems Manager: State Manager
332(1)
Automating Security Hygiene with AWS Systems Manager
333(1)
Summary
333(1)
Exam Essentials
334(1)
Review Questions
335(4)
Chapter 9 Security Troubleshooting on AWS
339(24)
Introduction
340(1)
Using Troubleshooting Tools and Resources
341(4)
AWS CloudTrail
341(3)
Amazon CloudWatch Logs
344(1)
Amazon CloudWatch Events
345(1)
Amazon EventBridge
345(1)
Common Access Control Troubleshooting Scenarios
345(4)
Permissions Boundary
346(2)
Service Control Policies
348(1)
Identity Federation Problems
348(1)
Encryption and Decryption Troubleshooting Scenarios
349(1)
Network and Connectivity Troubleshooting Scenarios
349(10)
VPC Security and Filtering
350(1)
Route Tables
351(1)
Network Gateways
352(3)
VPC Peering
355(2)
VPC Flow Logs
357(2)
Summary
359(1)
Exam Essentials
359(2)
Review Questions
361(2)
Chapter 10 Creating Your Security Journey in AWS
363(12)
Introduction
364(1)
Where to Start?
365(1)
Mapping Security Controls
365(1)
Security Journey Phased Example
366(4)
Phase 1 Infrastructure Protection
367(2)
Phase 2 Security Insights and Workload Protection
369(1)
Phase 3 Security Automation
370(1)
Summary
370(1)
Exam Essentials
371(1)
Review Questions
372(3)
Appendix A Answers to Review Questions
375(14)
Chapter 1 Security Fundamentals
376(1)
Chapter 2 Cloud Security Principles and Frameworks
377(1)
Chapter 3 Identity and Access Management
378(1)
Chapter 4 Detective Controls
379(1)
Chapter 5 Infrastructure Protection
380(1)
Chapter 6 Data Protection
381(1)
Chapter 7 Incident Response
382(2)
Chapter 8 Security Automation
384(1)
Chapter 9 Security Troubleshooting on AWS
385(2)
Chapter 10 Creating Your Security Journey in AWS
387(2)
Appendix B AWS Security Services Portfolio
389(16)
Amazon Cognito
390(1)
Amazon Detective
391(1)
Amazon GuardDuty
392(1)
Amazon Inspector
393(1)
Amazon Macie
393(1)
AWS Artifact
394(1)
AWS Certificate Manager
395(1)
AWS CloudHSM
396(1)
AWS Directory Service
396(1)
AWS Firewall Manager
397(1)
AWS Identity and Access Management
398(1)
AWS Key Management Service
399(1)
AWS Resource Access Manager
399(1)
AWS Secrets Manager
400(1)
AWS Security Hub
401(1)
AWS Shield
401(1)
AWS Single Sign-On
402(1)
AWS Web Application Firewall
403(2)
Appendix C DevSecOps in AWS
405(38)
Introduction
406(4)
Cultural Philosophies
407(1)
Practices
407(2)
Tools
409(1)
Dev + Sec + Ops
410(1)
Tenets of DevSecOps
411(1)
AWS Developer Tools
411(5)
AWS CodeCommit
412(1)
AWS CodeBuild
412(1)
AWS CodeDeploy
413(1)
AWS X-Ray
413(1)
Amazon CloudWatch
414(1)
AWS CodePipeline
415(1)
AWS Cloud9
415(1)
AWS CodeStar
416(1)
Creating a CI/CD Using AWS Tools
416(16)
Creating a CodeCommit Repository
416(3)
Creating an AWS CodePipeline Pipeline
419(13)
Evaluating Security in Agile Development
432(3)
Creating the Correct Guardrails Using SAST and DAST
435(1)
Security as Code: Creating Guardrails and Implementing Security by Design
436(7)
The Top 10 Proactive Controls
436(3)
The 10 Most Critical Web Application Security Risks
439(4)
Index 443
ABOUT THE AUTHORS

DARIO GOLDFARB is a Security Solutions Architect at Amazon Web Services in Latin America. He has more than 15 years of experience in cybersecurity.

ALEXANDRE M.S.P. MORAES is a Director of Teltec, a Brazilian systems integrator that is highly specialized in Network Design, Security Architectures and Cloud Computing.

THIAGO MORAIS is the leader of Solutions Architecture teams at Amazon Web Services in Brazil. He has more than 20 years of experience in the IT industry.

MAURICIO MUÑOZ is a Sr. Manager of a Specialist Solutions Architects team at Amazon Web Services in Latin America. He's worked in IT for more than 20 years, specializing in Information Security.

MARCELLO ZILLO NETO is a Chief Security Advisor and a former Chief Information Security Officer (CISO) in Latin America. He has over 20 years of experience in cybersecurity and incident response.

GUSTAVO A. A. SANTANA is the leader of the Specialist and Telecommunications Solutions Architecture teams at Amazon Web Services in Latin America.

FERNANDO SAPATA is a Principal Business Development Manager for Serverless at Amazon Web Services in Latin America. He has more than 19 years of experience in the IT industry.