Name: SCS-C02: AWS Certified Security - Specialty
Rating: 4.9 (9 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byStone River eLearning

Last updated 11/2023

English

What you'll learn

Prepare for potential security incidents and establish an incident response plan.
Design and Implement Logging Solutions
Implement security controls to protect infrastructure components.
Establish secure identity and access management mechanisms.
Design and implement data encryption for data at rest and in transit.
Implement security monitoring to detect and respond to events.
Implement security operations automation using AWS services.

Course content

7 sections • 51 lectures • 18h 18m total length

Course Overview6:12
Discover the AWS certified security – specialty course overview with module-based exam prep, console demos, and practice questions, while clarifying target audiences and prerequisites in cloud security and CompTIA fundamentals.
Introduction26:02
Host Security Overview16:13
Explore host security in AWS by examining how to protect EC2 instances, containers, and serverless resources across data in transit, data at rest, and access controls.
Host Security Configurations29:55
Host Security Services25:09
Troubleshoot Host Security19:51
Learn to troubleshoot host security for EC2 by using auto-scaling, elastic load balancing, cross-zone failover, automated backups with EBS snapshots and Data Lifecycle Manager, and CloudWatch monitoring.
Network Security Overview22:04
Network Design for Security24:23
Securing Segments18:30
Traffic Monitoring17:14
Securing Network Connections17:24
Explore securing network connections in hybrid deployments, including client and site-to-site VPNs, Direct Connect with encryption options, and VPC peering to keep on-prem and cloud traffic secure and efficient.
Troubleshooting Network Security21:49
Edge Security Overview23:24
Explore edge security in AWS by examining edge locations, edge devices, and CloudFront, and learn how to reduce attack surfaces with Origin Access Control and encrypted data.
Edge Security Services25:32
Using WAF19:31
Troubleshooting Edge Security21:36
Troubleshoot edge security with DDoS protection, Shield Advanced, CloudFront, ELB, and WAF, then apply private subnets and explicit allow rules to reduce the attack surface.

Logging Overview22:48
Explore the fundamentals of logging in the cloud, including why logs matter for compliance, troubleshooting, and incident response, and learn key AWS logging services like CloudTrail, CloudWatch, and GuardDuty.
Logging System Design21:14
Design a robust logging system with CloudTrail capturing API calls, configure trails and encryption, and integrate with CloudWatch, EventBridge, and SNS for end-to-end monitoring.
Log Storage18:40
Master log storage and lifecycle management using CloudTrail and S3, encryption options, log validation, best practices, and centralized logging with CloudWatch Logs.
Log Analysis19:07
Troubleshooting Logs18:02
Monitoring and Alerting Overview20:23
Explore how logging and monitoring work together to detect security events, set metrics and thresholds, and automate alerts using AWS services like CloudTrail, CloudWatch, and GuardDuty.
Monitoring System Design31:15
Monitoring Services27:04
Explore how AWS monitoring and security services like Security Hub, GuardDuty, Inspector, Detective, Config, Audit Manager, and CloudFormation centralize findings, automate responses with EventBridge and Lambda, and ensure secure environments.
Custom Monitoring17:48
Auditing14:09
Troubleshooting Monitoring and Alerting22:54
Explore troubleshooting, monitoring, and alerting practices to diagnose failed events. Analyze permissions and configurations, and use logs, metrics, traces, and X-ray service maps to improve performance and security.

Compliance and Incident Response Overview16:58
Explore AWS compliance and incident response fundamentals. Learn shared responsibility, artifact reports, abuse complaints, and planning for cloud incidents and compromised resources.
Incident Response Planning26:37
Plan AWS incident response with playbooks and runbooks, guided by the security incident response guide, and perform root cause analysis and forensics to recover services.
Automated Alerting18:37
Explore automated alerts in AWS using Security Hub, GuardDuty, Macie, Config, and CloudWatch to monitor findings and events, then trigger responses with Lambda, Step Functions, and Systems Manager.
Incident Response Actions23:54
Apply incident response actions by isolating AWS resources, automating remediation with AWS services, and using GuardDuty findings and IOCs to drive containment and recovery.

IAM Overview29:44
Master identity and access management in AWS with cross-account roles and boundaries. Explore identity-based and resource-based policies, service control policies, and external ID for secure third-party access.
Organizational Account Design27:49
Design organizational accounts with AWS organizations, using management accounts, OUs, and SCPs for centralized control and consolidated billing. Secure root and route users with MFA and guardrails via control tower.
Policy Types28:42
Explore how resource-based and identity-based policies interact, apply permissions boundaries and SCPs, and master policy evaluation and explicit denial in AWS IAM.
Workload Access Control29:10
Explore workload access control, including IAM roles, ABAC and RBAC strategies, federated and temporary access, cross-account sharing with RAM, and Cognito for authentication and authorization.
Federation and SSO21:12
Troubleshooting IAM23:26
Diagnose authentication and authorization issues in IAM, implement least privilege, and rotate compromised credentials. Use Access Analyzer and policy simulator to validate permissions, and revoke active sessions for compromised roles.

Securing AWS Services Overview20:33
Discover how the AWS well-architected framework and its security tool identify security gaps, apply zero-trust principles, and guide secure design across compute, storage, and other services.
Securing Compute Services17:50
Explore securing compute services across instances, containers, and functions, including host-based security, instance metadata, container image scanning, and network controls.
Securing Storage Services25:48
Securing Database Services12:41
Securing Code Development Services21:49
Learn how to secure code development services by standardizing AWS portfolios with Service Catalog and Proton, and enforce configurations with AWS Config rules to detect noncompliant resources.

Requirements

Candidates preparing for the AWS Certified Security - Specialty exam are expected to have a strong understanding of AWS services, cloud computing concepts, and general security principles. It's recommended that candidates have experience with AWS services related to security, and some prior experience working with AWS environments.

Description

The AWS Certified Security - Specialty (SCS-C02) certification is a designation offered by Amazon Web Services (AWS) that validates a candidate's expertise in designing and implementing secure applications and infrastructures on the AWS platform. This certification is intended for individuals who work with AWS services and have a strong focus on security aspects.

The main objective of this certification is to validate your skills and knowledge in building and deploying security solutions in the AWS Cloud. Furthermore, this certification also confirms that you understand the specialized data classifications and AWS data protection mechanisms, data-encryption techniques and how to implement them using AWS mechanisms, as well as secure internet protocols and how to implement them using AWS mechanisms. Overall, taking this exam will help you demonstrate your expertise in the field of AWS security, which is essential for any IT professional working on AWS infrastructure.

The AWS Certified Security - Specialty course is designed to equip IT professionals and security specialists with the knowledge and skills needed to design and implement secure applications and infrastructures on the Amazon Web Services (AWS) platform.

This certification is intended for individuals who want to demonstrate their expertise in securing AWS environments and applying best practices for maintaining a secure cloud infrastructure.

Who this course is for:

Security Specialists, Security Engineers, Security Architects, Security Consultants
Cloud Architects, Cloud Security Managers
Network Security Engineers
Compliance Officers
Penetration Testers and Ethical Hackers
Information Security Officers
Risk Management Professionals

What you'll learn

Explore related topics

Course content

Securing Hosts, Network, and the Edge in AWS16 lectures • 5hr 35min

Protecting Data with Encryption in AWS7 lectures • 2hr 26min

Implementing Logging, Monitoring & Alerting in AWS11 lectures • 3hr 53min

Managing Incident Response in AWS4 lectures • 1hr 26min

Implementing IAM Security in AWS6 lectures • 2hr 40min

Securing AWS Services5 lectures • 1hr 39min

Exam Objectives2 lectures • 39min

Requirements

Description

Who this course is for: