AWS Certified Security Specialty Boot Camp

AWS Certified Security Specialty Boot Camp

Master Cloud Security with AWS Certification

As the digital landscape in Singapore continues to evolve, ensuring robust security for cloud environments is of utmost importance. The AWS Certified Security Specialty Boot Camp by DreamsPlus offers a comprehensive training program tailored to equip you with the skills and expertise needed to secure AWS environments effectively. Whether you’re aiming to advance your career, upgrade your cloud security knowledge, or achieve AWS certification, this boot camp provides all the tools and support for your success.

Course Overview

This boot camp is structured to offer an in-depth exploration of cloud security on the AWS platform, ensuring a practical, hands-on learning experience alongside theoretical insights. The curriculum is designed to help you build foundational and advanced skills for managing and securing cloud environments on AWS.

Key benefits of the boot camp include:

• Comprehensive Cloud Security Knowledge: Learn about securing AWS services and infrastructure.
• Hands-on Experience: Practical exercises and real-world scenarios designed for Singapore’s fast-paced tech industry.
• AWS Certification Preparation: Gain the knowledge and confidence to pass the AWS Certified Security Specialty exam and elevate your career in cloud security.

Join this AWS Security Specialty Boot Camp to advance your expertise in securing cloud environments and become a recognized leader in AWS cloud security across industries in Singapore.

Domain 1: Threat Detection and Incident Response

Task Statement 1.1: Design and implement an incident response plan.

•       Cloud incidents,
•       Roles and duties in the incident response strategy,
•       AWS Security Finding Format (ASFF)
•       AWS recommended practices for incident response

Task Statement 1.2: Detect security threats and anomalies by using AWS services.

Knowledge of:

• Techniques for joining data across services using anomaly and correlation analysis;
• Visualisations for identifying abnormalities;
• Centralisation strategies for security findings

Task Statement 1.3: Respond to compromised resources and workloads.

•       Root cause analysis techniques;
•       Resource isolation measures;
•       Data capture mechanisms;
•       Log analysis for event validation
•       AWS Security Incident Response Guide

Domain 2: Security Logging and Monitoring

Task Statement 2.1: Design and implement monitoring and alerting to address security events.

• AWS services (like CloudWatch and EventBridge) that track events and send out alerts
•  Automated alerting services offered by AWS, such as Lambda, Security Hub, and Amazon Simple Notification Service (Amazon SNS).
•  Tools (like Guard Duty and Systems Manager) that track metrics and baselines

Task Statement 2.2: Troubleshoot security monitoring and alerting.

• Setting up monitoring services (like Security Hub, for instance)
• Pertinent information pointing to security incidents

Task Statement 2.3: Design and implement a logging solution.

Knowledge of:

• AWS features and services with logging capabilities (e.g., DNS logs, AWS CloudTrail, Amazon CloudWatch Logs, VPC Flow Logs).
•  Logging capability attributes (log levels, types, verbosity, etc.)
•  Lifecycle management and log destinations (e.g., retention term)

Task Statement 2.4: Troubleshoot logging solutions.

• AWS services’ capabilities and use cases that offer data sources (such as log level, kind, verbosity, cadence, timeliness, and immutability)
• AWS tools and services with logging capabilities (e.g., CloudTrail, CloudWatch Logs, DNS logs, and VPC Flow Logs).
• Permissions to access that are required for recording

Task Statement 2.5: Design a log analysis solution.

• Tools and services for analysing recorded logs (like the Athena and CloudWatch Logs filters).
• AWS service log analysis features (such as Security Hub insights, CloudWatch Logs insights, and CloudTrail insights)
•  The components and format of logs (CloudTrail logs, for instance)

Domain 3: Infrastructure Security

Task Statement 3.1: Design and implement security controls for edge services.

• Edge service security features (such as load balancers, AWS WAF, Amazon Route 53, Amazon CloudFront, and AWS Shield)
• Typical assaults, dangers, and vulnerabilities (e.g., DDoS, Open Web Application Security Project [OWASP] Top 10).
• Web application architecture with layers

Task Statement 3.2: Design and implement network security controls.

• VPC security features (such as AWS Network Firewall, security groups, and network ACLs).
• Inter-VPC communication (using VPC endpoints and AWS Transit Gateway, for instance)
•  Sources of security telemetry (such as VPC Flow Logs and Traffic Mirroring).
•  VPN usage, vocabulary, and technology
• Options for connectivity on-premises (such as AWS Direct Connect and VPN).

Task Statement 3.3: Design and implement security controls for compute workloads.

• EC2 instance provisioning and maintenance (such as patching, inspecting, generating snapshots and AMIs, and utilising EC2 Image Builder).
• Roles for IAM services and instances
• Services (like Amazon Elastic Container Registry [Amazon ECR] and Amazon Inspector) that check compute workloads for vulnerabilities
• Host-based security, which includes hardening and firewalls.

Task Statement 3.4: Troubleshoot network security.

• Reachability analysis techniques (e.g., VPC Reachability Analyser, Amazon Inspector)
•  Basic ideas of TCP/IP networking, such as ports, the Open Systems Interconnection [OSI] paradigm, the difference between TCP and UDP, and network operating system utilities
•  How to interpret pertinent log sources, such as AWS WAF, VPC Flow, and Route 53 logs.

Domain 4: Identity and Access Management

Task Statement 4.1: Design, implement, and troubleshoot authentication for AWS resources.

• Services and techniques for establishing and maintaining identities (such as Amazon Cognito, AWS IAM Identity Centre [AWS Single Sign-On], identity providers, and federation).
•  Both transient and permanent certification systems
•  How to troubleshoot authentication problems (using CloudTrail, IAM Policy Simulator, and IAM Access Advisor, for example)

Task Statement 4.2: Design, implement, and troubleshoot authorization for AWS resources.

The various types of IAM policies, such as resource-based, identity-based, managed, inline, and session control rules.
• A policy’s constituent parts and effects (principal, action, resource, condition, etc.)
• How to troubleshoot authorisation problems (using IAM policy simulator, CloudTrail, and IAM Access Advisor, for example)

Domain 5: Data Protection

Task Statement 5.1: Design and implement controls that provide confidentiality and integrity for data in transit.

• VPN ideas (like IPsec) • TLS concepts
•  Secure remote access techniques (such as RDP using Systems Manager Session Manager and SSH)
• Concepts of Systems Manager Session Manager
•  The compatibility of TLS certificates with different network resources and services (such as load balancers and CloudFront).

Task Statement 5.2: Design and implement controls that provide confidentiality and integrity for data at rest.

Knowledge of:

• Encryption technique selection (for example, client-side, server-side, symmetric, asymmetric)

• Integrity-checking techniques (for example, hashing algorithms, digital signatures)

• Resource policies (for example, for DynamoDB, Amazon S3, and AWS Key Management Service [AWS KMS])

• IAM roles and policies

Task Statement 5.3: Design and implement controls to manage the lifecycle of data at rest.

• Guidelines for data retention;
• Lifecycle policies;

Task Statement 5.4: Design and implement controls to protect credentials, secrets, and cryptographic key materials.

• Parameter Store for Systems Manager;
• Secrets Manager
• Using and maintaining symmetric and asymmetric keys (such as AWS KMS).

Domain 6: Management and Security Governance

Task Statement 6.1: Develop a strategy to centrally deploy and manage AWS accounts.

• Cross-account roles;
• Policy-defined guardrails;
• Multi-account strategies;
• Managed services that permit delegated management;

Task Statement 6.2: Implement a secure and consistent deployment strategy for cloud resources.

• Infrastructure as code (IaC) deployment best practices (such as AWS CloudFormation template hardening and drift detection);
• Tag best practices;
• Centralised AWS service administration, deployment, and versioning
•  Control and visibility over AWS infrastructure

Task Statement 6.3: Evaluate the compliance of AWS resources. 

• Classifying data with the use of AWS services
• How to use AWS Config, for example, to analyse, audit, and assess how AWS resourc configured.

Task Statement 6.4: Identify security gaps through architectural reviews and cost analysis.

•           Identifying anomalies in AWS use and pricing
•           Minimising attack surfaces
•           Utilising the AWS Well-Architected Framework