Course Content

Getting started with the course

• Understanding AWS Security Speciality exam

Domain 1 - Incident Response

• Introduction to Incident Response
• Case Study of Hacked Server
• Dealing with AWS Abuse Notice
• AWS GuardDuty
• Whitelisting Alerts in AWS GuardDuty
• Centralized Dashboards for GuardDuty Findings
• Understanding Incidents Response Terminology
• Incident Response Use  - Cases for Exams
• Use Case - Dealing with compromised EC2 Instances
• Incident Response in Cloud
• Penetration Testing in AWS

Domain 2 - Logging & Monitoring 

• Introduction to Vulnerability, Exploit, Payload
• VEP Practical - Hacking inside a test farm
• Understanding Automated Vulnerability Scanners
• Common Vulnerabilities Exposures & CVSS
• Introduction to AWS Inspector
• AWS Inspector Vulnerability Scans
• AWS Security Hub
• Overview of Layer 7 Firewalls
• Understanding AWS WAF
• Implementing AWS WAF with ALB
• Configuring SSM Agent
• Overview of Sessions Manager
• SSM - Run Command
• Overview of Patch Manager
• Implementing Compliance and Patch Baselines
• EC2 Systems Manager - Parameter Store
• Understanding CloudWatch Logs
• Pushing Linux system logs to CloudWatch
• CloudWatch Events
• AWS Athena
• Overview of AWS CloudTrail
• Improved Governance
• Trusted Advisor
• CloudTrail - Log File Integrity Validation
• Digest Delivery Times
• S3 Event Notification
• VPC Flow Logs
• Centralized Logging Architecture
• Cross-Account Logging for CloudTrail and Config
• Overview of Cross-Account Log Data Sharing
• Cross-Account CloudWatch Logs