AWS Certified Security - Specialty (SCS-C03) with 10 Practice Exams
Secure the infrastructure that powers the modern web by becoming an AWS security expert. This course covers advanced identity management, encryption, and incident response.
Created by Alex Kropf
01
Skill level
All levels
02
Sections
41
03
Lectures
150
04
Instructor
Alex Kropf
What's inside
This course includes.
✓
41
Sections
✓
150
Lectures
✓
69
Resources
✓
11
Quizzes
✓
Certificate of completion
Included
✓
Mobile and desktop access
Included
✓
AI learning assistance
Included
Unlock all courses with our Subscription Bundle! Get unlimited access to entire course library, books and assets. Learn more and subscribe today!
Course content
Curriculum & lectures.
+ Welcome 2 lectures
Welcome
Locked
Exam V2 vs V3: AWS Security - Specialty
Locked
+ 75+ Flashcards: In-Scope AWS Services & Features 7 lectures
Analytics, App Integration & IoT (5 Flashcards)
Locked
Amazon Compute & Developer (7 Flashcards)
Locked
Amazon Machine Learning (5 Flashcards)
Locked
AWS Management & Governance (15 Flashcards)
Locked
Networking and Content Delivery (17 Flashcards)
Locked
Security, Identity, and Compliance (24 Flashcards)
Locked
Storage and Data Management (5 Flashcards)
Locked
+ Domain 1: Detection (16%) 1 lecture
What You'll Learn in Domain 1
Locked
+ Design & implement monitoring & alerting solutions 6 lectures
Analyze workloads to determine monitoring requirements (Amazon Inspector)
Locked
Design & implement workload monitoring strategies (CloudWatch Alarms)
Locked
Aggregate security & monitoring events (AWS Security Hub)
Locked
Create metrics, alerts & dashboards (Amazon Macie)
Locked
Schedule & react with Amazon EventBridge
Locked
Create & manage automations to perform regular assessments (AWS Systems Manager)
Locked
+ Design & implement logging solutions 8 lectures
Identify sources for log ingestion and storage
Locked
Configure logging for AWS services & apps (AWS CloudTrail)
Locked
Implement log storage and log data lakes
Locked
Use AWS services to analyze logs (CloudWatch Logs Insights)
Locked
Analyze logs with Amazon Athena (Serverless Query Service)
Locked
Use AWS services to normalize, parse & correlate logs
Locked
Determine and configure appropriate log sources
Locked
CloudTrail for System Operations (SysOps)
Locked
+ Troubleshoot security monitoring, logging & alerting solutions 2 lectures
Analyze functionality, permissions & configuration of resources
Locked
Remediate misconfiguration of resources (CloudWatch Agent)
Locked
+ Domain 2: Incident Response (14%) 1 lecture
What You'll Learn in Domain 2
Locked
+ Design & test an incident response plan 4 lectures
Design response plans & runbooks to respond to security incidents
Locked
Configure services to be prepared for incidents
Locked
Test & validate the effectiveness of an incident response plan
Locked
Use AWS services to automatically remediate incidents
Locked
+ Respond to security events 7 lectures
Capture & store relevant system & application logs as forensic artifacts
Locked
Search & correlate logs for security events across apps & AWS services
Locked
Amazon GuardDuty: Intelligent Threat Discovery
Locked
Validate findings from AWS security services
Locked
VPC Endpoints for AWS Services
Locked
Respond to affected resources & recover resources
Locked
Methods to conduct root cause analysis (Amazon Detective)
Locked
+ Domain 3: Infrastructure Security (18%) 1 lecture
What You'll Learn in Domain 3
Locked
+ Infrastructure Security Foundations 5 lectures
Security Groups and Network ACLs in AWS
Locked
AWS Transit Gateways and Their Applications
Locked
API Gateway for Serverless Applications
Locked
Route 53 DNS Security and DNSSEC
Locked
Amazon Simple Email Service (SES)
Locked
+ Design, implement & troubleshoot security controls for network edge services 8 lectures
Define & select edge security strategies based on anticipated threats & attacks
Locked
Implement appropriate network edge protection
Locked
CloudFront: The AWS Content Delivery Network
Locked
CloudFront Signed URLs & Cookies for Secure Access
Locked
CloudFront Headers and Security Mechanisms
Locked
Design & implement AWS edge controls & rules
Locked
Configure integrations with AWS edge services & 3rd-party services
Locked
AWS Shield: Protecting Against DDoS Attacks
Locked
+ Design, implement & troubleshoot security controls for compute workloads 7 lectures
Design & implement hardened Amazon EC2 AMIs & container images
Locked
Apply instance profiles, service roles & execution roles
Locked
Scan compute resources for known vulnerabilities
Locked
Deploy patches across compute resources
Locked
Configure secure administrative access to compute resources
Locked
Configure security tools to discover & remediate vulnerabilities
Locked
Implement protections & guardrails for generative AI applications
Locked
+ Security Controls Deep Dive 5 lectures
Penetration Testing on Cloud Infrastructure
Locked
Handling Compromised Resources in AWS
Locked
AWS Acceptable Use Policy (AUP)
Locked
AWS Abuse Reports
Locked
IAM Access Analyzer: Secure Your AWS Resources
Locked
+ Design and troubleshoot network security controls 7 lectures
Design & troubleshoot network controls (AWS Network Firewall)
Locked
AWS Web Application Firewall
Locked
Permit or prevent network traffic (AWS Firewall Manager)
Locked
Design secure connectivity between hybrid & multi-cloud networks (AWS Site-to-Site VPN)
Locked
Security workload requirements for communication between hybrid environments & AWS
Locked
Design network segmentation based on security requirements
Locked
Identify unnecessary network access
Locked
+ Domain 4: Identity & Access Management (20%) 1 lecture
What You'll Learn in Domain 4
Locked
+ Design, implement & troubleshoot authentication strategies 3 lectures
Design & establish identity solutions for human, app & system authentication
Locked
Configure mechanisms to issue temporary credentials
Locked
Troubleshooting authentication issues
Locked
+ Design, implement & troubleshoot authorization strategies 6 lectures
Design & evaluate authorization controls for human, app & system access
Locked
Design attribute-based (ABAC) & role-based access control (RBAC)
Locked
Implement IAM policies by following the principle of least privilege
Locked
Analyze authorization failures to determine causes or effects
Locked
Investigate & correct unintended permissions, authorizations or privileges
Locked
IAM Access Analyzer - Deep Dive
Locked
+ Domain 5: Data Protection (18%) 2 lectures
What You'll Learn in Domain 5
Locked
Encryption: In-Flight, At-Rest, and Client-Side
Locked
+ Security Service in Load Balancer 2 lectures
Elastic Load Balancing (ELB) Overview
Locked
ELB SSL Certificates
Locked
+ Design and implement controls for data in transit 6 lectures
Design & configure mechanisms to require encryption when connecting
Locked
AWS Client VPN: Authentication & Connectivity
Locked
Exposing Services in Your VPC to Other VPCs
Locked
Design & configure mechanisms for secure & private access to resources
Locked
AWS Nitro Enclaves for Secure Processing
Locked
Design & configure inter-resource encryption in transit
Locked
+ AWS Key Management Service (KMS) 11 lectures
AWS Key Management Service (KMS)
Locked
Create encryption keys & certificates across AWS Regions (KMS Multi Region Key)
Locked
KMS Envelope Encryption
Locked
Design management & rotation of credentials & secrets (KMS Key Rotation)
Locked
KMS Key Deletion
Locked
KMS Key Policies
Locked
KMS Grants: Access Control Simplified
Locked
KMS Aysmmetric Encryption
Locked
KMS API Call Limits and Data Key Caching
Locked
KMS Parameter Store Integration
Locked
Quiz - KMS Parameter Store
Locked
+ Amazon S3 Deep Dive 6 lectures
Amazon S3 Encryption Methods
Locked
S3 Encryption - Summary
Locked
Design & configure mechanisms to protect data integrity (Glacier Vault Lock)
Locked
Design automatic lifecycle management & retention solutions (S3 Lifecycle Rules)
Locked
Design & configure secure data replication & backup solutions (S3 Replication)
Locked
Flashcards - Replication
Locked
+ Design and implement controls for data at rest 7 lectures
Design, implement & configure data encryption at rest
Locked
CloudHSM
Locked
Design & configure mechanisms to protect data integrity
Locked
Design automatic lifecycle management & retention solutions for data
Locked
Design & configure secure data replication & backup solutions
Locked
Amazon Data Lifecycle Manager
Locked
AWS Backup
Locked
+ Protect confidential data, credentials, secrets & cryptographic key materials 6 lectures
Design management & rotation of credentials & secrets (AWS Secrets Manager)
Locked
Manage & use imported key material
Locked
Imported key material vs AWS generated key material
Locked
Mask sensitive data
Locked
AWS Certificate Manager for SSL Management
Locked
Create & manage encryption keys & certificates
Locked
+ Domain 6: Security Foundations & Governance (14%) 1 lecture
What You'll Learn in Domain 6
Locked
+ Develop a strategy to centrally deploy & manage AWS accounts 5 lectures
Deploy & configure organizations by using AWS Organizations
Locked
Implement & manage AWS Control Tower & deploy controls
Locked
Implement organization policies to manage permissions
Locked
Centrally manage security services
Locked
Manage AWS account root user credentials
Locked
+ Implement a secure & consistent deployment strategy for cloud resources 6 lectures
Use infrastructure as code (IaC) to deploy cloud resources (CloudFormation)
Locked
CloudFormation - Dynamic References
Locked
Use tags to organize AWS resources into groups (IAM & Tag Policies)
Locked
Deploy & enforce policies & configurations from a central source
Locked
Securely share resources across AWS accounts (AWS Service Catalog)
Locked
AWS RAM (Resource Access Manager)
Locked
+ Evaluate the compliance of AWS resources 4 lectures
Create rules to detect & remediate noncompliant AWS resources (AWS Config)
Locked
Use AWS audit services to collect & organize evidence (AWS Audit Manager)
Locked
AWS Artifact
Locked
Evaluate architecture for compliance with AWS security best practices
Locked
+ Next Steps & 10 Exams 2 lectures
Challenge Your 10 FREE Practice Exams
Locked
Where To Go From Here
Locked
+ Feedback 1 lecture
Submit a Question / Feedback
Locked
Description
About this course.
Your career can be better. This course prepares you for the AWS Certified Security – Specialty exam with essential security practices for AWS environments.
Threat Detection: Learn how to leverage GuardDuty, Security Hub, and Amazon Detective to detect security threats.
Security Governance: Understand how to manage security policies using AWS Organization, IAM, and Audit Manager.
Key Management & Encryption: Master KMS, key rotation, and data encryption techniques to safeguard sensitive information.
Load Balancer Security: Dive into ELB, NLB, SSL certificates, and TLS listeners to secure network traffic.
Data Protection: Implement CloudHSM, Secrets Manager, and AWS Backup to ensure data integrity and protection.
Network Security: Explore VPNs, VPC peering, CloudFront, and Transit Gateway to build secure network architectures.
Monitoring & Incident Management: Use tools like CloudWatch, CloudTrail, and Amazon Macie to monitor, log, and respond to incidents.
Equip yourself with critical security skills and open doors to high-paying cloud security roles. Access 10 practice exams with unlimited retries to help you master the material. Enroll today and get certified!
Instructors
Taught by people who ship.
Alex Kropf
Mammoth Club's CLO, public speaker, consultant, IT author and Senior Software Developer. Alex has produced best-selling courses, books and workshops for Mammoth Club, Course Pro and our clients since 2016.
Bundled items.
10 courses
Exam 10 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 1 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 2 - AWS Certified Security - Specialty (SCS-C03)
Free.jpg)
Exam 3 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 4 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 5 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 6 - AWS Certified Security - Specialty (SCS-C03)
Free
Exam 7 - AWS Certified Security - Specialty (SCS-C03)
FreeReady to start building?
Secure the infrastructure that powers the modern web by becoming an AWS security expert. This course covers advanced identity management, encryption, and incident response.