AWS Certified Security - Specialty (SCS-C02)
Build real cloud skills with guided labs on AWS and Google Cloud. Practice in live environments with instant access to real cloud resources. No cloud account required.
1 lab available
In this lab, you will embark on a deep dive into AWS Identity and Access Management (IAM) with a focus on constructing complex, real-world security solutions. This lab will guide you in setting up a multi-functional IAM role system that secures AWS resources effectively while applying the principles of least privilege. You will also implement multi-factor authentication (MFA) for enhanced security and use AWS Security Token Service (STS) to issue temporary credentials. This lab requires a solid understanding of IAM policies and configuration strategies, as well as the interpretation and troubleshooting of IAM policy effects. By the end of this lab, you will be adept at resolving complex identity and access control issues and deploying sophisticated IAM strategies in a production-like environment. We will work on tying policies closely to the business needs by constructing role-based and attribute-based control models, which align with enterprise governance requirements. Additionally, you'll explore IAM Policy Simulator and AWS CloudTrail for monitoring and ensuring compliance. The objective is to ensure that access is both secure and efficient, adhering to stringent security policies. Throughout this lab, you will also learn about investigating unintended permissions and establishing proper separation of duties, balancing security with operational functionality. The production-grade implementations you complete will require applying advanced troubleshooting to understand and fix access-related incidents effectively. Prepare to analyze authorization patterns that keep sensitive resources protected under various scenarios. The lab culminates with the deployment of security measures that form a robust identity and authorization management framework. You'll also learn to optimize access controls and policy evaluations to handle a variety of security and compliance needs, preparing you thoroughly for real-world scenarios and the AWS Security Specialty exam.
2 labs available
In this lab, you will learn how to set up a centralized AWS management environment using AWS Organizations and AWS Control Tower. This setup will enable you to manage multiple AWS accounts under a single organization, enforce governance policies, and maintain security configurations consistently across all accounts. You’ll start by creating an organization and configuring AWS Control Tower. Next, you'll deploy Service Control Policies (SCPs) to enforce permissions and create a logging account for centralized logging. Finally, you will explore the setup of AWS Config and AWS Security Hub to ensure compliance and enhance security visibility. This lab is designed for those looking to enhance their AWS management efficiency with advanced configurations that reflect real-world scenarios. You’ll gain insights into deploying security strategies that comply with organizational policies and AWS best practices.
In this lab, you will configure AWS Organizations to effectively manage and secure a multi-account environment. The lab focuses on creating a new organization and using Service Control Policies (SCPs) to enforce security baselines across all accounts. You'll learn how to set up AWS Control Tower for streamlined account provisioning and governance. By the end of this lab, you will have hands-on experience deploying and managing secure AWS accounts at scale, an essential skill for real-world AWS environments.
2 labs available
This lab allows participants to design and implement a robust monitoring and alerting solution using AWS services to detect and respond to potential security breaches in real-time. Participants will integrate AWS CloudTrail, AWS Security Hub and Amazon GuardDuty to create a centralized security monitoring system. They will configure alerting mechanisms and automated responses to different threat levels, ensuring their system can handle incidents effectively. By the end of this lab, you will be proficient in setting up comprehensive monitoring solutions that gather and correlate data from multiple services to provide a cohesive security overview. You'll explore optimization techniques to reduce false positives and set up automated remediation processes that work across various services. Additionally, troubleshooting techniques will be emphasized to diagnose issues with the monitoring system, ensuring all logs are properly ingested and analyzed. This will involve examining configurations both for security data sources and the monitoring services themselves to ensure compliance and performance are maintained. Advanced security configuration settings will be applied to protect the confidentiality, integrity, and availability of the system. This is critical in a real-world scenario where timely detection of and response to security threats can save significant time and resources in crisis management.
In this lab, you will set up comprehensive security monitoring and alerting solutions using multiple AWS services. You will configure AWS CloudWatch, AWS GuardDuty, AWS Security Hub, and AWS SNS to track security events and automate threat identification and notification. This lab simulates a real-world scenario where a company's sensitive data and operational stability depend on timely and effective reactions to potential security threats. You'll gain hands-on experience with configuring alert thresholds, integrating various AWS services for seamless operations, and implementing best practices for incident response.
1 lab available
This lab challenges you to design and implement an advanced data encryption solution for data at rest using AWS KMS and related services. You will explore various encryption techniques and configurations to ensure the security of sensitive data stored within AWS. Throughout the lab, you will create a robust encryption strategy, implement resource-based policies to ensure data integrity, and experiment with lifecycle management for secure data retention. By the end of this atelier, you will have implemented a secure, efficient, and cost-effective encryption solution in a realistic business scenario.
2 labs available
This lab will guide you through designing an effective incident response plan using AWS services. You will create an automated response system to detect and respond to security threats in real-time using AWS Security Hub, Amazon GuardDuty, and AWS Lambda. The lab focuses on setting up triggered alerts, isolating compromised resources, and implementing a credential rotation strategy. You'll also explore logs to validate security events and ensure forensic data is securely captured using Amazon S3. By the end of this lab, you'll have hands-on experience with AWS services critical to handling security incidents, solidifying your understanding of automated responses, and learning to implement security measures proactively. Understanding key incident response concepts and mechanisms on AWS is essential for passing security specialty certification exams. This lab will ensure you gain practical skills in using AWS tools to achieve a seamless threat detection and response strategy aligned with industry best practices. Moreover, you'll define compliance rules with AWS Config to maintain a high-security posture, ensuring your cloud architecture meets stringent industry standards. This lab will prepare you to face real-world security challenges and respond promptly to threats, safeguarding your organization’s cloud infrastructure.
In this lab, you will build a centralized threat detection system using AWS Security Hub as the core service. You will integrate AWS CloudTrail, Amazon GuardDuty, and AWS Config to efficiently monitor and manage security findings across multiple services. This lab will guide you through setting up automated threat detection, analysis, and remediation techniques. You will leverage Security Hub to centralize security findings and use AWS Config for compliance checks. By the end of this lab, you should feel comfortable orchestrating security services to facilitate real-time threat detection and incident response.
2 labs available
In this lab, participants will design and implement advanced security controls for a public web application using AWS WAF, AWS Shield, and Amazon CloudFront. Learners will configure AWS WAF rules to mitigate common web vulnerabilities identified by the OWASP Top 10. Additionally, they'll leverage AWS Shield for DDoS protection, configuring response measures through the AWS Management Console. This lab will also explore the integration of AWS WAF with CloudFront to apply geo-blocking and rate-based rules, enhancing edge security. Participants will use Amazon CloudWatch and AWS Lambda to automate the monitoring and remediation of threats, ensuring optimal application performance and security resilience. This lab will guide learners through configuring real-time alerts and dashboards in CloudWatch for ongoing threat detection and analysis. By the end of this lab, learners will have hands-on experience configuring, managing, and optimizing security controls suitable for production environments.
In this lab, you will learn how to design and implement security controls for edge services using AWS WAF and Amazon CloudFront. These technologies are critical for protecting applications from common web vulnerabilities and ensuring a secure delivery of content globally. You will set up security rules that defend against the OWASP Top 10 threats and apply geographical restrictions, rate limits, and IP address blocking. Additionally, you will configure logging and monitoring services to detect and analyze traffic patterns, enhancing your ability to respond to security incidents.
