AWS Certified Security Specialty Boot Camp
Master Cloud Security with AWS Certification
In today’s rapidly evolving digital landscape, ensuring the security of cloud environments is more critical than ever. The AWS Certified Security Specialty Boot Camp by DreamsPlus is a meticulously designed training program that provides you with the skills and knowledge needed to secure AWS environments effectively. Whether you’re looking to enhance your career, upgrade your skills, or achieve AWS certification, this boot camp offers everything you need to succeed.
Course Overview
This boot camp is designed to deliver an in-depth understanding of cloud security on the AWS platform. The curriculum is tailored to ensure you not only grasp theoretical concepts but also gain practical, hands-on experience.
Domain 1: Threat Detection and Incident Response
Task Statement 1.1: Design and implement an incident response plan.
- Cloud incidents,
- Roles and duties in the incident response strategy,
- AWS Security Finding Format (ASFF)
- AWS recommended practices for incident response
Task Statement 1.2: Detect security threats and anomalies by using AWS services.
Knowledge of:
- Techniques for joining data across services using anomaly and correlation analysis;
- Visualisations for identifying abnormalities;
- Centralisation strategies for security findings
Task Statement 1.3: Respond to compromised resources and workloads.
- Root cause analysis techniques;
- Resource isolation measures;
- Data capture mechanisms;
- Log analysis for event validation
- AWS Security Incident Response Guide
Domain 2: Security Logging and Monitoring
Task Statement 2.1: Design and implement monitoring and alerting to address security events.
- AWS services (like CloudWatch and EventBridge) that track events and send out alerts
- Automated alerting services offered by AWS, such as Lambda, Security Hub, and Amazon Simple Notification Service (Amazon SNS).
- Tools (like Guard Duty and Systems Manager) that track metrics and baselines
Task Statement 2.2: Troubleshoot security monitoring and alerting.
- Setting up monitoring services (like Security Hub, for instance)
- Pertinent information pointing to security incidents
Task Statement 2.3: Design and implement a logging solution.
Knowledge of:
- AWS features and services with logging capabilities (e.g., DNS logs, AWS CloudTrail, Amazon CloudWatch Logs, VPC Flow Logs).
- Logging capability attributes (log levels, types, verbosity, etc.)
- Lifecycle management and log destinations (e.g., retention term)
Task Statement 2.4: Troubleshoot logging solutions.
- AWS services’ capabilities and use cases that offer data sources (such as log level, kind, verbosity, cadence, timeliness, and immutability)
- AWS tools and services with logging capabilities (e.g., CloudTrail, CloudWatch Logs, DNS logs, and VPC Flow Logs).
- Permissions to access that are required for recording
Task Statement 2.5: Design a log analysis solution.
- Tools and services for analysing recorded logs (like the Athena and CloudWatch Logs filters).
- AWS service log analysis features (such as Security Hub insights, CloudWatch Logs insights, and CloudTrail insights)
- The components and format of logs (CloudTrail logs, for instance)
Domain 3: Infrastructure Security
Task Statement 3.1: Design and implement security controls for edge services.
- Edge service security features (such as load balancers, AWS WAF, Amazon Route 53, Amazon CloudFront, and AWS Shield)
- Typical assaults, dangers, and vulnerabilities (e.g., DDoS, Open Web Application Security Project [OWASP] Top 10).
- Web application architecture with layers
Task Statement 3.2: Design and implement network security controls.
- VPC security features (such as AWS Network Firewall, security groups, and network ACLs).
- Inter-VPC communication (using VPC endpoints and AWS Transit Gateway, for instance)
- Sources of security telemetry (such as VPC Flow Logs and Traffic Mirroring).
- VPN usage, vocabulary, and technology
- Options for connectivity on-premises (such as AWS Direct Connect and VPN).
Task Statement 3.3: Design and implement security controls for compute workloads.
- EC2 instance provisioning and maintenance (such as patching, inspecting, generating snapshots and AMIs, and utilising EC2 Image Builder).
- Roles for IAM services and instances
- Services (like Amazon Elastic Container Registry [Amazon ECR] and Amazon Inspector) that check compute workloads for vulnerabilities
- Host-based security, which includes hardening and firewalls.
Task Statement 3.4: Troubleshoot network security.
- Reachability analysis techniques (e.g., VPC Reachability Analyser, Amazon Inspector)
- Basic ideas of TCP/IP networking, such as ports, the Open Systems Interconnection [OSI] paradigm, the difference between TCP and UDP, and network operating system utilities
- How to interpret pertinent log sources, such as AWS WAF, VPC Flow, and Route 53 logs.
Domain 4: Identity and Access Management
Task Statement 4.1: Design, implement, and troubleshoot authentication for AWS resources.
- Services and techniques for establishing and maintaining identities (such as Amazon Cognito, AWS IAM Identity Centre [AWS Single Sign-On], identity providers, and federation).
- Both transient and permanent certification systems
- How to troubleshoot authentication problems (using CloudTrail, IAM Policy Simulator, and IAM Access Advisor, for example)
Task Statement 4.2: Design, implement, and troubleshoot authorization for AWS resources.
The various types of IAM policies, such as resource-based, identity-based, managed, inline, and session control rules.
• A policy’s constituent parts and effects (principal, action, resource, condition, etc.)
• How to troubleshoot authorisation problems (using IAM policy simulator, CloudTrail, and IAM Access Advisor, for example)
Domain 5: Data Protection
Task Statement 5.1: Design and implement controls that provide confidentiality and integrity for data in transit.
- VPN ideas (like IPsec) • TLS concepts
- Secure remote access techniques (such as RDP using Systems Manager Session Manager and SSH)
- Concepts of Systems Manager Session Manager
- The compatibility of TLS certificates with different network resources and services (such as load balancers and CloudFront).
Task Statement 5.2: Design and implement controls that provide confidentiality and integrity for data at rest.
Knowledge of:
- Encryption technique selection (for example, client-side, server-side, symmetric, asymmetric)
- Integrity-checking techniques (for example, hashing algorithms, digital signatures)
- Resource policies (for example, for DynamoDB, Amazon S3, and AWS Key Management Service [AWS KMS])
Task Statement 5.3: Design and implement controls to manage the lifecycle of data at rest.
- Guidelines for data retention;
- Lifecycle policies;
Task Statement 5.4: Design and implement controls to protect credentials, secrets, and cryptographic key materials.
- Parameter Store for Systems Manager;
- Secrets Manager
- Using and maintaining symmetric and asymmetric keys (such as AWS KMS).
Domain 6: Management and Security Governance
Task Statement 6.1: Develop a strategy to centrally deploy and manage AWS accounts.
- Cross-account roles;
- Policy-defined guardrails;
- Multi-account strategies;
- Managed services that permit delegated management;
Task Statement 6.2: Implement a secure and consistent deployment strategy for cloud resources.
- Infrastructure as code (IaC) deployment best practices (such as AWS CloudFormation template hardening and drift detection);
- Tag best practices;
- Centralised AWS service administration, deployment, and versioning
- Control and visibility over AWS infrastructure
Task Statement 6.3: Evaluate the compliance of AWS resources.
- Classifying data with the use of AWS services
- How to use AWS Config, for example, to analyse, audit, and assess how AWS resourc configured.
Task Statement 6.4: Identify security gaps through architectural reviews and cost analysis.
- Identifying anomalies in AWS use and pricing
- Minimising attack surfaces
- Utilising the AWS Well-Architected Framework
Training Locations
Our AWS Certified Security Specialty Boot Camp is available in multiple formats to suit your learning preferences:
Chennai Classroom Training: Attend our in-person sessions at DreamsPlus’ state-of-the-art training facility in Chennai. Experience face-to-face interaction with expert trainers and network with fellow learners.
Online Virtual Training: Opt for our live virtual sessions, where you can learn from the comfort of your home or office. Our online training provides the same level of interaction and hands-on experience as our classroom sessions.