AWS Certified Speciality Security Exam is for individuals who perform a security role or want to make apps that are highly secure within the AWS environment. It focuses on advanced cloud security topics such as data protection, infrastructure security, incident response, identity and access management, monitoring, and logging. Key areas:

1. Incident Response (12%)

2. Logging and Monitoring (20%)

3. Infrastructure Security (26%)

4. Identity and Access Management (20%)

5. Data Protection (22%)

Domain 1: Incident Response

Incident Response is the smallest domain but crucial in security operations. It evaluates your ability to respond to security incidents in AWS. Key topics include:

• Troubleshooting and Investigating Security Issues: This involves understanding AWS services and features that help in identifying and resolving security issues.

• Security Incident Management: This covers the processes for responding to and managing security incidents, including using AWS services to automate and streamline incident responses.

Key Services

• AWS CloudTrail: Enables governance, compliance, and operational and risk auditing of your AWS account.

• AWS Config: Provides AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.

• Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior.

• AWS Lambda: Can be used to automate incident response and remediation tasks.

Domain 2: Logging and Monitoring

This domain focuses on ensuring that security operations are properly logged and monitored to detect and respond to security incidents effectively. Key areas include:

• Design and Implement Security Monitoring and Alerting: Understanding how to set up monitoring and alerting for AWS services and resources.

• Automate Monitoring and Security Event Detection: Leveraging AWS services to automate the detection of security events and anomalies.

Key Services

• Amazon CloudWatch: Monitors your AWS resources and applications in real-time.

• AWS CloudTrail: Provides a record of actions taken by a user, role, or an AWS service.

• AWS Config: Assesses, audits, and evaluates the configurations of your AWS resources.

• AWS Security Hub: Provides a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.

Domain 3: Infrastructure Security

Infrastructure Security is the largest domain. Key topics include:

• Network Security: Designing and implementing secure network architectures, including the use of Virtual Private Cloud (VPC) features and security best practices.

• Host and Endpoint Security: Implementing security measures on EC2 instances and other AWS resources.

Key Services

• Amazon VPC: Allows you to launch AWS resources in a virtual network.

• AWS Shield: A managed Distributed Denial of Service (DDoS) protection service.

• AWS WAF: A web application firewall to protect web applications from common web exploits.

• AWS Systems Manager: Operate your AWS resources at scale.

Domain 4: Identity and Access Management

This domain assesses your ability to manage access to AWS resources securely. Key areas include:

• Design and Implement Identity and Access Management Policies: Creating and managing IAM policies to control access to AWS services and resources.

• Managing and Troubleshooting IAM: Understanding IAM features and best practices for managing users, groups, roles, and permissions.

• AWS Identity and Access Management (IAM): Manages access to AWS services and resources securely.

• AWS Single Sign-On (SSO): Makes it easy to centrally manage access to multiple AWS accounts and business applications...