Professional Documents
Culture Documents
AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01) Tracy Pierce full chapter instant download
AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01) Tracy Pierce full chapter instant download
https://ebookmass.com/product/aws-certified-cloud-practitioner-
all-in-one-exam-guide-exam-clf-c01-daniel-carter/
https://ebookmass.com/product/aws-certified-developer-associate-
all-in-one-exam-guide-exam-dva-c01-kamesh-ganesan/
https://ebookmass.com/product/aws-certified-solutions-architect-
associate-all-in-one-exam-guide-exam-saa-c02-joyjeet-banerjee/
https://ebookmass.com/product/ccsp-certified-cloud-security-
professional-all-in-one-exam-guide-daniel-carter/
CCSP Certified Cloud Security Professional All-in-One
Exam Guide 3rd Edition Daniel Carter
https://ebookmass.com/product/ccsp-certified-cloud-security-
professional-all-in-one-exam-guide-3rd-edition-daniel-carter/
https://ebookmass.com/product/cciso-certified-chief-information-
security-officer-all-in-one-exam-guide-steve-bennett/
https://ebookmass.com/product/cism-certified-information-
security-manager-all-in-one-exam-guide-2nd-edition-peter-h-
gregory/
https://ebookmass.com/product/cc-certified-in-cybersecurity-all-
in-one-exam-guide-steven-bennett-2/
https://ebookmass.com/product/cc-certified-in-cybersecurity-all-
in-one-exam-guide-steven-bennett/
Copyright © 2021 by McGraw Hill. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of
this publication may be reproduced or distributed in any form or by
any means, or stored in a database or retrieval system, without the
prior written permission of the publisher, with the exception that the
program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for publication.
ISBN: 978-1-26-046173-2
MHID: 1-26-046173-4
The material in this eBook also appears in the print version of this
title: ISBN: 978-1-26-046172-5, MHID: 1-26-046172-6.
Index
CONTENTS
Acknowledgments
Introduction
Chapter 1 Introduction to AWS Security
The Five Pillars of the Well-Architected Framework
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Focusing on the Security Pillar and the Shared
Responsibility Model
Identity and Access Management
Detective Controls
Infrastructure Protection
Data Protection
Incident Response
Chapter Review
Questions
Answers
Additional Resources
Chapter 2 Cloud Security Event Investigation
What AWS Services Should I Consider for an Incident
Response Plan?
AWS Shield
AWS WAF
AWS Firewall Manager
AWS Config
AWS CloudTrail, Amazon CloudWatch Logs, and
Amazon VPC Flow Logs
Amazon Athena, Amazon EMR, and Amazon
Kinesis
Amazon GuardDuty, AWS Security Hub, Amazon
Detective, and Amazon Macie
What to Look for as an Indicator of a Cloud Security
Event
Logs and Monitors
Billing Activity
Partner Tools
AWS Outreach
One-Time Contact
Determining the RCA of a Cloud Security Event
How to Read an AWS Abuse Notice
How to Review Available Logs
How to Review Findings
Chapter Review
Questions
Answers
Additional Resources
Chapter 3 Cloud Security Event Remediation and Planning
Automating Alerts and Remediation
Remediation of a Cloud Security Event
Responding to an AWS Abuse Notice
Exercise 3-1: Automating PHD Alerts Through
Amazon EventBridge
Remediating Compromised EC2 Instances
Exercise 3-2: Automating Compromised Amazon
EC2 Instance Response
Remediating Compromised Security Credentials
Exercise 3-3: Preventing Accidental Commits of
Sensitive Information to GitHub
Best Practices to Avoid Security Incidents
Utilizing Forward Secrecy and AWS ALBs
Exercise 3-4: Setting Up an AWS Application Load
Balancer with Perfect Forward Secrecy
Utilizing the AWS API Gateway with Throttling and
Caching
Utilizing AWS Systems Manager
Exercise 3-5: Automating Amazon EC2 Commands
Using AWS Systems Manager
Chapter Review
Questions
Answers
Additional Resources
Chapter 4 Monitor with Amazon CloudWatch
Introduction to Monitoring on AWS
Goals of Monitoring
Monitoring the AWS Infrastructure Using Amazon
CloudWatch
CloudWatch Metrics
Exercise 4-1: Publishing Custom Metrics
Exercise 4-2: Finding Your Custom Metric in the
CloudWatch Console
CloudWatch Alarms
Exercise 4-3: Creating a CloudWatch Alarm Based
on a Static Threshold
CloudWatch Events
Exercise 4-4: Creating a CloudWatch Events Rule
Monitoring Applications Using Amazon CloudWatch
Introduction to CloudWatch ServiceLens
Introduction to Amazon CloudWatch Synthetics
Chapter Review
Questions
Answers
Additional Resources
Chapter 5 Enhanced Security Monitoring and Compliance with
AWS Services
Monitoring Resource Configuration Using AWS Config
Exercise 5-1: Setting Up AWS Config
Config Aggregator
Exercise 5-2: Creating an Aggregator
AWS Config Components
Exercise 5-3: Creating a Managed Rule: Encrypted-
Volume
Exercise 5-4: Creating a Custom Rule
Exercise 5-5: Remediating the Noncompliant
Security Groups
Threat Detection Using Amazon GuardDuty
GuardDuty Data Sources
Enable Amazon GuardDuty
Explore All of GuardDuty’s Findings
Exercise 5-6: Simulating an Attack
Configuring GuardDuty for Multiple Accounts
Discover, Classify, and Protect Sensitive Data with
Amazon Macie
Exercise 5-7: Discovering, Classifying, and
Protecting Sensitive Data Using the New Amazon
Macie
Customize Data Identifiers for Your Intellectual
Property in the New Amazon Macie
Exercise 5-8: Discovering S3 Objects with IP
Addresses Using the New Amazon Macie
Monitoring and Processing Macie Findings in the
New Amazon Macie
Introduction to AWS Security Hub
Configuring Security Hub for Multiple Accounts
Exercise 5-9: Enabling AWS Security Hub
Review Security Hub Findings
Responding to Security Hub Findings
Introduction to Amazon Trusted Advisor
Monitoring Trusted Advisor Checks
Chapter Review
Questions
Answers
Additional Resources
Chapter 6 Log on AWS
Introduction to Logging on AWS
Log Sources
Overview of AWS Service Logging Capabilities
Implement Governance and Risk Auditing of AWS
Accounts with AWS CloudTrail
AWS CloudTrail Building Blocks
Configuring AWS CloudTrail
Controlling Access to AWS CloudTrail Logs Using
AWS IAM and S3 Bucket Policies
Configure AWS CloudTrail to Deliver Log Files from
Multiple Regions
Sharing CloudTrail Log Files Between AWS
Accounts
Exercise 6-1: Sharing CloudTrail Log Files Between
AWS Accounts
Securing CloudTrail Logs
Validating CloudTrail Log File Integrity
Monitoring CloudTrail Logs with Amazon CloudWatch
Logs
Exercise 6-2: Monitoring Privilege Escalation Using
AWS CloudTrail and Amazon CloudWatch Logs
Logging Non-API Service Events and Console Sign-
in Events
AWS CloudTrail Notifications
Application and System Monitoring with Amazon
CloudWatch Logs
Amazon CloudWatch Logs Components
CloudWatch Logs Insights
Monitoring Application and System Logs Using the
CloudWatch Logs Agent
Exercise 6-3: Monitoring EC2 Instance Memory
Metrics and Failed SSH Login Attempts Using
Amazon CloudWatch Logs
Logging of AWS Services
VPC Flow Logs
Elastic Load Balancer Access Logs
Amazon CloudFront Access Logs
Amazon S3 Access Logs
Chapter Review
Questions
Answers
Additional Resources
Chapter 7 AWS Cryptographic Services
AWS Key Management Service
AWS KMS Concepts
Key Management, Authentication, and Access
Control
Exercise 7-1: Creating a Symmetric CMK and
Modifying the Key Policy
Exercise 7-2: Scheduling a CMK for Deletion
Symmetric vs. Asymmetric Keys and Uses
Key Rotation
Custom Key Store
Monitoring
AWS CloudHSM
AWS CloudHSM Use Cases and Concepts
Cluster, User, and Key Management
Exercise 7-3: Setting Up an AWS CloudHSM Cluster
Utilities, Authentication, and Access Control
Software Libraries
Monitoring
Chapter Review
Questions
Answers
Additional Resources
Chapter 8 AWS Cryptographic-Related Services
AWS Secrets Manager
AWS Secrets Manager Concepts
Managing Secrets, Authentication, and Access
Control
Exercise 8-1: Creating a Basic Secret
Exercise 8-2: Modifying a Secret’s Resource-Based
Policy
Rotating and Replicating Secrets
Exercise 8-3: Enabling Secret Rotation for an
Amazon RDS Database
Monitoring
Exercise 8-4: Creating an AWS Config Rule to
Ensure Rotation Is Enabled
AWS Certificate Manager
Public Certificates
Exercise 8-5: Requesting a Public AWS ACM
Certificate
Private Certificates
Exercise 8-6: Setting Up an AWS ACM Private CA
Exercise 8-7: Creating an End-Entity Certificate
from Your AWS ACM Private CA
Chapter Review
Questions
Answers
Additional Resources
Chapter 9 AWS Cryptographic Tools
AWS Encryption SDK
Concepts
Using Keyrings
Supported Algorithm Suites and Programming
Languages
Data Key Caching
DynamoDB Encryption Client
The Differences Between Client-side and Server-
side
Which Fields Are Encrypted or Signed?
How the Amazon DynamoDB Encryption Client
Works
Concepts
Choosing Your Cryptographic Materials Provider
Supported Programming Languages
Chapter Review
Questions
Answers
Additional Resources
Chapter 10 Design Edge Security on AWS
Introduction
Amazon Route 53
DNS Hosted Zones
Common Attacks on the DNS Service
Amazon CloudFront
Behaviors
Origins
Alternate Domain Names and SSL Certificates
Using Signed Cookies or Signed URLs to Restrict
Access to Content
Caching Content on Amazon CloudFront
Less Attack Surface
Using Amazon CloudFront to Protect Against DDoS
Attacks
Using CloudFront with S3 Securely
CloudFront Geo Restriction
Lambda@Edge
Amazon API Gateway
REST API
API Gateway Endpoints
API Gateway Integration Types
Request Validation
Throttling
API Gateway Authorization
VPC Link
Custom Domains and TLS Version
Client Certificates
Elastic Load Balancer
Classic Load Balancer
Application Load Balancer
Network Load Balancer
Security Policies and Forward Secrecy
Logging
Server Name Indicator
Authorizing Requests with ALB
ALB vs. NLB
AWS Web Application Firewall
AWS WAF Classic and WAFv2
Common Threats for Web Applications
AWS WAF Classic
Another random document with
no related content on Scribd:
A boa arte de reinar
Em um coração rendido,
A não serdes vós nascido,
Não se pudera imitar:
Vós não podeis ensinar
Com paridades e apodos
Os bons meios e os bons modos,
Com que todo o mundo embaça,
Porque sempre estaes de graça,
Por fazer-nos graça á todos.
O generoso da mão,
O coração varonil,
Onde vos cabe o Brazil,
E sobeja coração:
Com pobres a compaixão,
Com ricos o liberal,
Na amizade tão leal,
Na palavra tão massiço,
Para mim tudo é feitiço,
Sendo tudo natural.
DESPEDE-SE
O P. DA BAHIA QUANDO FOI DEGRADADO PARA ANGOLA
De virtuosa talvez,
E de entendida outro tal;
Introduza-se ao burlesco
Nas casas onde se achar.
Arrime-se a um poderoso,
Que lhe alimente o gargaz,
Que ha pagadores na terra
Tão duros como no mar
Vá visitar os amigos
No engenho de cada qual,
E comendo-os por um pé
Nunca tire o pé de lá.
No Brazil a fidalguia
No bom sangue nunca está,
Nem no bom procedimento:
Pois logo em que póde estar?
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must, at
no additional cost, fee or expense to the user, provide a copy, a
means of exporting a copy, or a means of obtaining a copy upon
request, of the work in its original “Plain Vanilla ASCII” or other
form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.