- When IAM policies are being evaluated for their logic of access, which two of the following statements are incorrect?
- Explicit denies are always overruled by an explicit allow.
- The order in which the policies are evaluated does not matter regarding the end result.
- Explicit allows are always overruled by an explicit deny.
- Access to all resources is denied by default until access is granted.
- Access to all resources is allowed by default until access is denied.
- Your security team has been tasked with implementing a solution to monitor your EC2 fleet of instances. Upon review, you decide to implement Amazon Inspector. What are the three prerequisites that you would need to implement before using Amazon Inspector? (Choose three answers)
- Deploy Amazon Inspector agents to your EC2 fleet.
- Create an IAM service-linked role that allows Amazon Inspector to access your EC2 fleet.
- Create an assessment target group for your EC2 fleet.
- Deploy an Amazon Inspector log file to your EC2...
AWS Certified Security – Specialty Exam Guide
By :
AWS Certified Security – Specialty Exam Guide
By:
Overview of this book
AWS Certified Security – Specialty is a certification exam to validate your expertise in advanced cloud security. With an ever-increasing demand for AWS security skills in the cloud market, this certification can help you advance in your career. This book helps you prepare for the exam and gain certification by guiding you through building complex security solutions.
From understanding the AWS shared responsibility model and identity and access management to implementing access management best practices, you'll gradually build on your skills. The book will also delve into securing instances and the principles of securing VPC infrastructure. Covering security threats, vulnerabilities, and attacks such as the DDoS attack, you'll discover how to mitigate these at different layers. You'll then cover compliance and learn how to use AWS to audit and govern infrastructure, as well as to focus on monitoring your environment by implementing logging mechanisms and tracking data. Later, you'll explore how to implement data encryption as you get hands-on with securing a live environment. Finally, you'll discover security best practices that will assist you in making critical decisions relating to cost, security,and deployment complexity.
By the end of this AWS security book, you'll have the skills to pass the exam and design secure AWS solutions.
Table of Contents (27 chapters)
Preface
Section 1: The Exam and Preparation
Free Chapter
AWS Certified Security - Specialty Exam Coverage
Section 2: Security Responsibility and Access Management
AWS Shared Responsibility Model
Access Management
Working with Access Policies
Federated and Mobile Access
Section 3: Security - a Layered Approach
Securing EC2 Instances
Configuring Infrastructure Security
Implementing Application Security
DDoS Protection
Incident Response
Securing Connections to Your AWS Environment
Section 4: Monitoring, Logging, and Auditing
Implementing Logging Mechanisms
Auditing and Governance
Section 5: Best Practices and Automation
Automating Security Detection and Remediation
Discovering Security Best Practices
Section 6: Encryption and Data Security
Managing Key Infrastructure
Managing Data Security
Mock Tests
Assessments
Other Books You May Enjoy
Customer Reviews