+91 8130811549
[email protected]
          
          
          
          
          
          
             

aws-certified-security-specialty

1: Incident Response

  • Case Study of Hacked Server
  • Dealing with AWS Abuse Notice
  • AWS GuardDuty
  • Whitelisting Alerts in AWS GuardDuty
  • Centralized Dashboards for GuardDuty Findings
  • Understanding Incident Response Terminology
  • Incident Response Use-Cases for Exams
  • Use Case – Dealing with Exposed Access Keys
  • Use Case – Dealing with compromised EC2 Instances
  • Incident Response in Cloud
  • Penetration Testing in AWS (New)

3:  Infrastructure Security

  • Implementing Bastion Hosts
  • Introduction to Virtual Private Networks
  • OpenVPN
  • Overview of AWS VPN Tunnels
  • Using AWS VPN for On-Premise to AWS connectivity
  • Configuring first IPSec tunnel with OpenSwan
  • VPC Peering
  • VPC Endpoints
  • VPC Endpoints – Architectural Perspective
  • Gateway VPC Endpoints – Access Control
  • Gateway Endpoint ACL (Resource)
  • Understanding Interface VPC Endpoints
  • Implementing Interface Endpoints
  • Network ACL
  • Understanding Stateful vs Stateless Firewalls
  • IDS / IPS in AWS
  • EBS Architecture & Secure Data Wiping
  • Understanding the Content Delivery Networks
  • Demo – CloudFront Distribution
  • Understanding Edge Locations
  • Deploying Cloudfront Distribution
  • Understanding the Origin Access Identity
  • Understanding importance of SNI in TLS protocol
  • Overview of CloudFront Signed URLs
  • Implementing CloudFront Signed URLs
  • Real World example on DOS Implementation
  • AWS Shield
  • Mitigating DDOS Attacks
  • Introduction to Application Programming Interface (API)
  • Understanding the working of API
  • Building Lambda Function for our API
  • Building our first API with API Gateway
  • Lambda & S3
  • EC2 Key-Pair Troubleshooting
  • EC2 Tenancy Attribute
  • AWS Artifact
  • [email protected] with Practical
  • AWS Simple Email Service (SES) (New)
  • DNS Resolution in VPC

5: Data Protection

  • Introduction to Cryptography
  • Plain Text vs Encrypted Text Based Algorithms
  • CloudHSM
  • AWS Key Management Service
  • Overview of Asymmetric Key Encryption
  • Asymmetric Keys with KMS
  • Digital Signing with KMS
  • AWS Key Management Service – Data Key Caching, Scheduled CMK Deletion, CMK Deletion & EBS Use-Case
  • Reducing Risk of Unmanageable CMK
  • KMS – Authentication and Access Control
  • KMS Grants
  • Importing Key Material to KMS
  • KMS ViaService
  • Migrating Encrypted KMS Data Across Regions
  • Benefits of CloudHSM over KMS
  • S3 Encryption
  • Revising Classic Load Balancers
  • Overview of Load Balancer Types
  • Overview of Application Load Balancer
  • Path Based Routing in ALB
  • Revising ELB Listener Configuration
  • ELB Listeners – Understanding HTTP vs TCP Listeners
  • Understanding AWS Certificate Manager
  • Deploying SSL/TLS certificate with ACM
  • Configuring ELB with HTTPS for SSL Offloading
  • Glacier Vault and Vault Lock
  • DynamoDB Encryption
  • Overview of AWS Secrets Manager
  • RDS Integration with AWS Secrets Manager
  • Encryption Context in KMS

2: Logging & Monitoring

  • Introduction to Vulnerability, Exploit, Payload
  • VEP Practical – Hacking inside a test farm
  • Understanding Automated Vulnerability Scanners
  • Common Vulnerabilities Exposures & CVSS
  • Introduction to AWS Inspector
  • AWS Inspector Vulnerability Scans
  • AWS Security Hub
  • Overview of Layer 7 Firewalls
  • Understanding AWS WAF
  • Implementing AWS WAF with ALB
  • Overview of AWS Systems Manager
  • Configuring SSM Agent
  • Overview of Sessions Manager
  • SSM – Run Command
  • Overview of Patch Manager
  • Implementing Compliance and Patch Baselines
  • EC2 Systems Manager – Parameter Store
  • Understanding CloudWatch Logs
  • Pushing Linux system logs to CloudWatch
  • CloudWatch Events
  • AWS Athena
  • Athena – Code Samples
  • Overview of AWS CloudTrail
  • Improved Governance – AWS Config 01
  • Improved Governance – AWS Config 02
  • Trusted Advisor
  • CloudTrail – Log File Integrity Validation
  • Digest Delivery Times
  • Overview of AWS Macie (New)
  • Creating our First Alert with AWS Macie (New)
  • S3 Event Notification
  • VPC Flow Logs
  • Centralized Logging Architecture
  • Cross-Account Logging for CloudTrail and Config
  • Overview of Cross-Account Log Data Sharing
  • Cross-Account CloudWatch Logs
  • AWS SNS

4: Identity & Access Management

  • Understanding AWS Organizations with Practical
  • Organizational Unit (OU) in AWS organization
  • IAM Policy Evaluation Logic
  • Identity and Resource Based Policies
  • Understanding IAM Policies
  • Delegation – Cross Account Trust
  • Cross Account IAM Policy Document
  • External ID in Delegation
  • EC2 Instance Meta-Data
  • Revising IAM Role
  • Understanding working of an IAM role
  • IPTABLES & Instance Meta-Data
  • IAM – Version Element
  • IAM Policy Variables
  • Principal and NotPrincipal Element
  • Implementing NotPrincipal Element
  • Conditionl Element
  • AWS Security Token Service
  • Understanding Federation
  • Understanding SAML for SSO
  • Overview of AWS Single Sign-On
  • Implementing AWS SSO
  • Integrating AWS SSO with AWS CLI
  • AWS Cognito
  • Understanding Active Directory
  • Introduction to AWS Directory Service
  • Domain Joining EC2 instance with Directory Service
  • Trusts in Active Directory
  • S3 Bucket Policies
  • Cross Account S3 Bucket Configuration
  • Canned ACL’s
  • Understanding Presigned URLs
  • S3 – Versioning
  • S3 – Cross Region Replication
  • S3 Object Lock
  • MFA Protected API Access
  • IAM Permission Boundaries
  • IAM and S3
  • Troubleshooting IAM Policies
Menu