Book Image

AWS Certified Database – Specialty (DBS-C01) Certification Guide

By : Kate Gawron
5 (1)
Book Image

AWS Certified Database – Specialty (DBS-C01) Certification Guide

5 (1)
By: Kate Gawron

Overview of this book

The AWS Certified Database – Specialty certification is one of the most challenging AWS certifications. It validates your comprehensive understanding of databases, including the concepts of design, migration, deployment, access, maintenance, automation, monitoring, security, and troubleshooting. With this guide, you'll understand how to use various AWS databases, such as Aurora Serverless and Global Database, and even services such as Redshift and Neptune. You’ll start with an introduction to the AWS databases, and then delve into workload-specific database design. As you advance through the chapters, you'll learn about migrating and deploying the databases, along with database security techniques such as encryption, auditing, and access controls. This AWS book will also cover monitoring, troubleshooting, and disaster recovery techniques, before testing all the knowledge you've gained throughout the book with the help of mock tests. By the end of this book, you'll have covered everything you need to pass the DBS-C01 AWS certification exam and have a handy, on-the-job desk reference guide.
Table of Contents (24 chapters)
1
Part 1: Introduction to Databases on AWS
Free Chapter
2
Chapter 1: AWS Certified Database – Specialty Overview
5
Part 2: Workload-Specific Database Design
12
Part 3: Deployment and Migration and Database Security
16
Part 4: Monitoring and Optimization
20
Part 5: Assessment
21
Chapter 16: Exam Practice

Database security

The final domain will test your understanding of database security covering all aspects, from access and audit controls to patching for security fixes. This domain also covers encryption techniques, both of the stored data and in transit.

The topics covered in this domain are the following:

  • Encrypting data at rest and in transit
  • Evaluating auditing solutions
  • Determining access control and authentication mechanisms
  • Recognizing potential security vulnerabilities within database solutions

Now, let's begin to study these topics.

Encrypting data at rest and in transit

Encryption is used to make it harder for anyone unauthorized to see the data stored or in transit. You will need to know how to work with encryption at the database layer and how to encrypt connections between the application and the database.

Evaluating auditing solutions

Auditing is used to keep a record of actions made within a database, but it can cause performance issues if not configured correctly.

You will need to understand different auditing techniques and the tools AWS provides to assist.

Determining access control and authentication mechanisms

Databases in AWS have multiple methods for access that differ depending on the database. AWS also has its own built-in identity management service that can be used to restrict or grant database access.

You will need to know which methods work with which databases and how to configure and administrate logins using different methods.

Recognizing potential security vulnerabilities within database solutions

This area focuses on patching and why this is done. It also expects you to understand what your responsibilities are in terms of securing your own databases and what areas are the responsibility of AWS.

You will need to understand the AWS shared responsibility model as well as understand the patching strategies offered by AWS.