Book Image

AWS Certified Security – Specialty Exam Guide

By : Stuart Scott
Book Image

AWS Certified Security – Specialty Exam Guide

By: Stuart Scott

Overview of this book

AWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions. From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security,and deployment complexity. By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.
Table of Contents (27 chapters)
1
Section 1: The Exam and Preparation
3
Section 2: Security Responsibility and Access Management
8
Section 3: Security - a Layered Approach
15
Section 4: Monitoring, Logging, and Auditing
18
Section 5: Best Practices and Automation
21
Section 6: Encryption and Data Security

Resource isolation

Let's assume you have an EC2 instance that is initiating unexpected API behavior. This has been identified as an anomaly and is considered to be an abnormal operation. As a result, this instance is showing signs of being a potentially compromised resource. Until you have identified the cause, you must isolate the resource to minimize the effect, impact, and potential damage that could occur to other resources within your AWS account. This action should be undertaken immediately. By isolating the instance, you are preventing any further connectivity to and from the instance, which will also minimize the chances of data being removed from it.  

To isolate an instance, the quickest and best way to do so would be to change its associated security group with one that would prevent any access to or from the instance. As an additional precaution, you should also remove any roles associated with the instance.   

To perform a forensic investigation...