AWS Security Engineer



Total Duration: 65 Hours.

Course name: AWS Security Engineer

Certification: The AWS Certified Security – Specialty (SCS-C01)


PART A: Pre-requisites (20 Hours)

Linux Basics –Security


    • Get started with Red Hat Enterprise Linux

Describe and define open source, Linux distributions. Log into a Linux system and run simple  commands using the shell. Create, manage, and delete local users and groups, as well as administer local password policies.

    • Manage networking and remote login

Configure network interfaces and settings on Linux servers. Configure secure command line service on remote systems, using  OpenSSH.

    • Manage file permissions 
      • Interpret and set access control lists (ACLs) on files to handle situations requiring complex user and group access permissions. 
    • Monitor and manage Linux
      Evaluate and control processes running on Linux systems. Control and monitor network services and system daemons using systemd. Install and manage software packages using yum package repositories
    • Analyse system issues
      Locate and accurately interpret logs of system events for troubleshooting purposes. 
    • Manage Linux Firewall
      Create, modify and remove Linux Firewall rules using firewalld.


Windows Server Basics –Security


  • Active Directory Domain Service( ADDS) to create and manage the Domain
    • Installing Windows Server 2016 and Windows 10, Installing ADDS in Windows Server 2016, Configuring the DNS Server, Joining the Windows 10 to Domain
  • Creating and assigning a policies to users and computers through GPMC
    • Creating Organization Units (OU), moving the user objects to OU, Creating a GPO, Configuring the Policies in GPO, Linking the GPO to OU, Site and Domain. Verifying the policies when user login to domain from member client.
  • Securing the resources  in the server through permission and encryption
    • Creating partitions in Disk management, Creating a Files and Folders, Creating users and groups, assigning the permissions for users and groups on resources. Configuring Bit locker drive encryption.
  • Configuring the Windows Firewall Settings
    • Creating and configuring Inbound and Outbound Rules
  • Configuring the VPN Server and RRAS.
    • Installing Remote Access Server (RAS), Configuring the VPN Server and VPN Client, Configuring the server for Routing.
  • Monitoring the Server through Performance monitor and event logs
  • Active Directory Certificate Services (ADCS) to create and assign certificates to users and systems.
    • Installing ADCS Role in the Domain environment, creating a certificate for web server, Installing and configuring IIS web site for HTTPS.


PART B: AWS Security (45 Hours)

Module 1: Incident Response 

  • Introduction to Incident response
  • Incident Response in Cloud
  • AWS EC2 Abuse Notice
  • Dealing with Exposed Access Keys
  • Compromised Access and Secret Keys
  • Evaluate Suspected Compromised EC2 Instance
  • Working on AWS Guard Duty
  • Penetration Testing Tools


Module 2: Logging and Monitoring

  • Introduction to Logging and Monitoring
  • Continuous Security Monitoring
  • Introduction to Vulnerability Assessment
  • Working on AWS Inspector
  • Configuring AWS EC2 Systems Manager
  • Configuring AWS Config Service
  • Understanding CloudWatch
  • Trusted Advisor
  • AWS Athena
  • CloudWatch Evnents
  • AWS Macie
  • S3 Event Notifications


Module 3: Infrastructure Security

  • Introduction to Information Security
  • AWS Master Account and Policies
  • Managing Organizational Units
  • Configuring Web Distribution in CloudFront
  • Security benefits of CloudFront Distributions
  • Dynamic Caching with CloudFront
  • AWS CloudFRont Cutom SSL
  • CloudFront and Server name Indication(SNI)
  • Introduction to Firewalls
  • Modes of Firewall
  • Architecting Firewall Rules
  • Revising Security Groups
  • IPTABLES and Instance Meta Data
  • Configuring Network Access Control Lists(NACL)
  • Overview Architecture of Intrusion Prevention Systems(IPS)
  • Configuring Web Application Firewall
  • AWS Shield
  • Network Segmentation
  • Implementing Bastion Hosts
  • Configuring Virtual private Cloud(VPC)
  • Configuring Virtual private network(VPN)
  • VPC Peering and VPC Endpoints
  • EC2 and Key Pair
  • API Gateway
  • Ec2 Tenancy
  • Compliance Frameworks and AWS Artifacts
  • AWS Lambda and S3-Configuring Event Triggers
  • AWS Simple Email Service(SES)
  • CustomDNS Server for Your VPC


Module 4: Identity and Access Management

  • Introduction to Identity and Access management
  • Understanding the Principle of least Privilege
  • Creating and applying IAM Policies
  • Troubleshooting Conflicting Policies
  • Understanding Delegation
  • Revoking IAM Role Temporary Security Credentials
  • Understanding Federation
  • Web Identity federation
  • AWS Cognito User Pool and Identity Pool
  • Single Sign On
  • Security Assertion mark-up Language
  • AWS Directory Service
  • Joining instance to Domain
  • S3 Security – S3 ACL, Bucket Policy, Signed URLs
  • S3 Versioning and Cross-Region Replication


Module 5: Data Protection

  • Introduction to Data protection
  • Understanding Cryptography
  • Types of Cryptography
  • Hardware Security Modules(HSM)
  • AWS key Management Service(KMS)
  • KMS Authentication and Access Control
  • Policy Conditions with AWS KMS
  • Cross Account Access to Customer master Key(CMK)
  • Rotating Customer master Keys
  • Policy Evaluation-KMS Key Policies and IAM Policies
  • CLoudTrail and Encryption
  • EBS Architecture and Secure Data Wiping
  • AWS Kinesis Encryption
  • AWS Glacier

There are many ways to learnHow to Apply

  • 1


  • 2


  • 3

    Get started now

error: Content is protected !!

Please fill our short form and one of our friendly team members will contact you back.