AWS SECURITY - Domain 1 - 50x - QUESTIONS and ANSWERS

AWS Certified Security - Specialty (SCS-C02) Exam Guide - Q & A - x50   Here are 50 unique questions and answers for 'Domain 1: Threat Detection and Incident Response', covering all task statements, knowledge, and skills as outlined in the AWS Certified Security - Specialty (SCS-C02) Exam Guide. A few listeners have been asking for more quick fire question / answers - so here they are.  Just for fun Exercise: ... see if you can articulate the correct answer - out loud and clearly spoken - before hearing it! This action will help focus your exam preparation, interview technique, and ability to verbalize the advanced concepts for 'Domain 1 Threat Detection and Incident Response'.   Enjoy ...   ## Domain 1: Threat Detection and Incident Response ### Task Statement 1.1: Design and implement an incident response plan. **Knowledge of:** - 1.1.1 AWS best practices for incident response - 1.1.2 Cloud incidents - 1.1.3 Roles and responsibilities in the incident response plan - 1.1.4 AWS Security Finding Format (ASFF) **Skills in:** - 1.1.5 Implementing credential invalidation and rotation strategies in response to compromises (for example, by using AWS Identity and Access Management [IAM] and AWS Secrets Manager) - 1.1.6 Isolating AWS resources - 1.1.7 Designing and implementing playbooks and runbooks for responses to security incidents - 1.1.8 Deploying security services (for example, AWS Security Hub, Amazon Macie, Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Detective, AWS Identity and Access Management Access Analyzer) - 1.1.9 Configuring integrations with native AWS services and third-party services (for example, by using Amazon EventBridge and the ASFF) ### Task Statement 1.2: Detect security threats and anomalies by using AWS services. **Knowledge of:** - 1.2.1 AWS managed security services that detect threats - 1.2.2 Anomaly and correlation techniques to join data across services - 1.2.3 Visualizations to identify anomalies - 1.2.4 Strategies to centralize security findings **Skills in:** - 1.2.5 Evaluating findings from security services (for example, GuardDuty, Security Hub, Macie, AWS Config, IAM Access Analyzer) - 1.2.6 Searching and correlating security threats across AWS services (for example, by using Detective) - 1.2.7 Performing queries to validate security events (for example, by using Amazon Athena) - 1.2.8 Creating metric filters and dashboards to detect anomalous activity (for example, by using Amazon CloudWatch) ### Task Statement 1.3: Respond to compromised resources and workloads. **Knowledge of:** - 1.3.1 AWS Security Incident Response Guide - 1.3.2 Resource isolation mechanisms - 1.3.3 Techniques for root cause analysis - 1.3.4 Data capture mechanisms - 1.3.5 Log analysis for event validation **Skills in:** - 1.3.6 Automating remediation by using AWS services (for example, AWS Lambda, AWS Step Functions, EventBridge, AWS Systems Manager runbooks, Security Hub, AWS Config) - 1.3.7 Responding to compromised resources (for example, by isolating Amazon EC2 instances) - 1.3.8 Investigating and analyzing to conduct root cause analysis (for example, by using Detective) - 1.3.9 Capturing relevant forensics data from a compromised resource (for example, Amazon Elastic Block Store [Amazon EBS] volume snapshots, memory dump) - 1.3.10 Querying logs in Amazon S3 for contextual information related to security events (for example, by using Athena) - 1.3.11 Protecting and preserving forensic artifacts (for example, by using S3 Object Lock, isolated forensic accounts, S3 Lifecycle, and S3 replication) - 1.3.12 Preparing services for incidents and recovering services after incidents  

There are no comments yet.

Please log in to write the first comment.