I have gone through the below resources in the first 2 weeks of my preparation. In this blog, I am going to share my preparation resources for the AWS Security Specialty certificate and some of the visual notes that I took during my preparation. Once unpublished, this post will become invisible to the public and only accessible to Adit Modi.
Through taking this course, you will gain hands-on experience securing AWS services and environments, as well as be able to identify and evaluate security considerations and implement mitigation strategies. Analyze architecture and identify monitoring requirements and sources for monitoring statistics. Analyze architecture to determine which AWS services can be used to automate monitoring and alerting. Analyze the requirements for custom application monitoring, and determine how this could be achieved.
What will I be able to do upon completing the Specialization?
This will require you to design, implement, and troubleshoot solutions involving logging and log analysis that leverage DNS logs, VPC flow logs, as well as CloudTrail and CloudWatch Logs. You should also know about the various insights offered within AWS managed services including CloudWatch Logs Insights, CloudTrail Insights, and Security Hub insights. This domain covers 20% of the exam content, so you can expect about 13 questions involving infrastructure security, including security features within services such as AWS WAF, Shield, and Route 53. You should also understand how to enable secure connectivity within an elastic load balanced environment, as well as how to use features and services such as VPC endpoints, security groups, and network ACLs to secure traffic within a VPC.
The SCS-C02 was released on July 11, 2023, and the biggest change is the expansion from five domains to six domains, with the newest domain focusing on security governance and management. You could read aws cloud engineer all available guides from top to bottom, and that couldn’t be enough for you to pass the exam. You need to practice your skills in a real environment, and see the services features with your own eyes.
AWS Certified Advanced Networking – Specialty
You can also whitelist other security groups instead of having to whitelist addresses. Network packet inspection is typically provided via 3rd party tools, make sure to know that when you receive questions about securing your network with IDS/IPS packet inspection. AWS Artifact provides on-demand access to security and compliance reports from AWS and ISVs who sell their products on AWS Marketplace. The ‘Data Protection’ domain has also been decreased from 22% to 18%, with renewed focus on the AWS Data Lifecycle for managing the creation, retention, and deletion of data on the AWS cloud platform.
It is extremely helpful to make you recognize the difference between similar services. To simplify the learning process, I’ve categorized my technical notes into the domain sections as it’s displayed in the content outline. Prior to this Blogpost, I also released a guide for the AWS Cloud Practitioner exam technical preparation notes. This contains the foundational information which also helps for this exam, so I highly recommend reading the notes from there as well.
Security Engineering
This course is designed to help you obtain the working knowledge and skills required to sit the AWS Certified Security – Specialty exam. AWS KMS is a fully managed service that makes it easy to create and control the encryption keys used to encrypt your data. VPC Flow Logs allow you to capture information about the IP traffic that goes through your network interfaces in your VPC. The logs are then captured in AWS CloudWatch Logs for analysis and reporting. Provides real-time monitoring of your AWS resources and applications you run on AWS. This means you don’t need to know the ins- and outs of each specific service, but it’s good to know the basics prior to learning about their specific security properties.