Domain 1: Threat Detection and Incident Response

Design and implement an incident response plan

• Incident Response Strategy
• Roles and responsibilities in IR plan specific to cloud incidents.
• Use case 1: Credentials compromise.
• Use case 2: Compromised EC2 Instances
• Playbooks and Runbooks for IR
• AWS Specific services helpful in Incident Response
• Third-party integration concepts
• Centralize security finding with security hub

Detect security threats and anomalies by using AWS services

• Threat detection services specific to AWS
• Visualizing and Detecting anomalies and correlation techniques
• Evaluate finding from security services
• Performing queries for validating security events
• Create metrics filters and dashboards to detect Anomalous activity

Respond to compromised resources and workloads

• AWS Security IR Guide
• Automating remediation by using AWS services
• Compromised resource management.
• Investigating and analyzing to conduct Root cause and log analysis.
• Capturing relevant forensics data from a compromised resource
• Protecting and preserving forensic artifacts
• Post-incident recovery

Domain 2: Security Logging and Monitoring

• Design and Implement monitoring and alerting to address security events
• Key AWS services for monitoring and alerting
• Monitoring metrics and baselines
• Analyzing environments and workloads to determine monitoring requirements according to
• business and security requirements
• Setting up tools and scripts to perform regular audits

Troubleshoot security monitoring and alerting

• Configuring of monitoring services and collecting event data
• Application monitoring, alerting, and visibility challenges

Design and implement a logging solution

• Key logging services and attributes
• Log destinations, Ingestion points and lifecycle management
• Logging specific to services and applications

Troubleshoot logging solutions

• AWS services that provide data sources and logging capabilities
• Access permissions that are necessary for logging
• Identifying misconfigurations and remediations specific to logging
• Reasons for missing logs and performing remediation steps

Design a log analysis solution

• Services and tools to analyze captured logs
• Identifying patterns in logs to indicate anomalies and known threats
• Log analysis features for AWS services
• Log format and components
• Normalizing, parsing, and correlating logs

Domain 3: Infrastructure Security
Design and implement security controls for edge services

• Define edge security strategies and security features
• Select proper edge services based on anticipated threats and attacks and define proper
• protection mechanisms based on that
• Define layered Defense (Defense in Depth) mechanisms
• Applying restrictions based on different criteria
• Enable logging and monitoring across edge services to indicate attacks

Design and implement network security controls

• VPC security mechanisms including Security Groups, NACLs, and Network firewall
• Traffic Mirroring and VPC Flow Logs
• VPC Security mechanisms and implement network segmentation based on security requirements
• Network traffic management and segmentation
• Inter-VPC connectivity, Traffic isolation, and VPN concepts and deployment
• Peering and Transit Gateway
• AWS Point to Site and Site to Site VPN, Direct Connect
• Continuous optimization by identifying and removing unnecessary network access

Design and implement security controls for compute workloads

• Provisioning and maintenance of EC2 instances
• Create hardened images and backups
• Applying instance and service roles for defining permissions
• Host-based security mechanisms
• Vulnerability assessment using AWS Inspector
• Passing secrets and credentials security to computing workloads