AWS Security Engineer

Course name: AWS Security Engineer

Course Duration: 65 Hours.

Certification: The AWS Certified Security – Specialty (SCS-C01)


Course Outline


PART A: Prerequisites (20 Hours)


Linux Basics –Security


Get started with Red Hat Enterprise Linux


Describe and define open source, Linux distributions. Log into a Linux system and run simple  commands using the shell. Create, manage, and delete local users and groups, as well as administer local password policies.


Manage networking and remote login


Configure network interfaces and settings on Linux servers. Configure secure command-line service on remote systems, using  OpenSSH.


Manage file permissions 


Interpret and set access control lists (ACLs) on files to handle situations requiring complex user and group access permissions. 


Monitor and manage Linux


Evaluate and control processes running on Linux systems. Control and monitor network services and system daemons using systemd. Install and manage software packages using yum package repositories


Analyse system issues


Locate and accurately interpret logs of system events for troubleshooting purposes. 


Manage Linux Firewall

Create, modify and remove Linux Firewall rules using firewalld.


Windows Server Basics –Security


Active Directory Domain Service( ADDS) to create and manage the Domain


Installing Windows Server 2016 and Windows 10, Installing ADDS in Windows Server 2016, Configuring the DNS Server, Joining the Windows 10 to Domain


Creating and assigning a policies to users and computers through GPMC


Creating Organization Units (OU), moving the user objects to OU, Creating a GPO, Configuring the Policies in GPO, Linking the GPO to OU, Site and Domain. Verifying the policies when user login to domain from member client.


Securing the resources  in the server through permission and encryption


Creating partitions in Disk management, Creating a Files and Folders, Creating users and groups, assigning the permissions for users and groups on resources. Configuring Bit locker drive encryption.


Configuring the Windows Firewall Settings


Creating and configuring Inbound and Outbound Rules


Configuring the VPN Server and RRAS.


Installing Remote Access Server (RAS), Configuring the VPN Server and VPN Client, Configuring the server for Routing.


Monitoring the Server through Performance monitor and event logs


Active Directory Certificate Services (ADCS) to create and assign certificates to users and systems.


Installing ADCS Role in the Domain environment, creating a certificate for web server, Installing and configuring IIS web site for HTTPS.


PART B: AWS Security (45 Hours)


1. Incident Response 


Introduction to Incident response. Incident Response in Cloud. AWS EC2 Abuse Notice. Dealing with Exposed Access Keys. Compromised Access and Secret Keys. Evaluate Suspected Compromised EC2 Instance. Working on AWS Guard Duty. Penetration Testing Tools


2. Logging and Monitoring


Introduction to Logging and Monitoring. Continuous Security Monitoring. Introduction to Vulnerability Assessment. Working on AWS Inspector. Configuring AWS EC2 Systems Manager. Configuring AWS Config Service. Understanding CloudWatch. Trusted Advisor. AWS Athena. CloudWatch Evnents. AWS Macie. S3 Event Notifications


3. Infrastructure Security


Introduction to Information Security. AWS Master Account and Policies. Managing Organizational Units. Configuring Web Distribution in CloudFront. Security benefits of CloudFront Distributions. Dynamic Caching with CloudFront. AWS CloudFRont Cutom SSL. CloudFront and Server name Indication(SNI). Introduction to Firewalls. Modes of Firewall. Architecting Firewall Rules. Revising Security Groups. IPTABLES and Instance Meta Data. Configuring Network Access Control Lists(NACL). Overview Architecture of Intrusion Prevention Systems(IPS). Configuring Web Application Firewall. AWS Shield. Network Segmentation. Implementing Bastion Hosts. Configuring Virtual private Cloud(VPC). Configuring Virtual private network(VPN). VPC Peering and VPC Endpoints. EC2 and Key Pair. API Gateway. Ec2 Tenancy. Compliance Frameworks and AWS Artifacts. AWS Lambda and S3-Configuring Event Triggers. AWS Simple Email Service(SES). CustomDNS Server for Your VPC.


4. Identity and Access Management


Introduction to Identity and Access management. Understanding the Principle of least Privilege. Creating and applying IAM Policies. Troubleshooting Conflicting Policies. Understanding Delegation. Revoking IAM Role Temporary Security Credentials. Understanding Federation. Web Identity federation. AWS Cognito User Pool and Identity PoolSingle Sign On. Security Assertion mark-up Language. AWS Directory Service. Joining instance to Domain. S3 Security – S3 ACL, Bucket Policy, Signed URLs. S3 Versioning and Cross-Region Replication.


5. Data Protection


Introduction to Data protection. Understanding Cryptography. Types of Cryptography. Hardware Security Modules(HSM). AWS key Management Service(KMS). KMS Authentication and Access Control. Policy Conditions with AWS KMS. Cross Account Access to Customer master Key(CMK). Rotating Customer master Keys. Policy Evaluation-KMS Key Policies and IAM Policies. CLoudTrail and Encryption. EBS Architecture and Secure Data Wiping. AWS Kinesis Encryption. AWS Glacier.

There are many ways to learnHow to Apply

  • 1


  • 2


  • 3

    Get started now

error: Content is protected !!