Unauthorized Activity in Your Account If you receive a notice from AWS support that there has been abuse in your account or if you suspect that there has been unauthorized activity in your account, the following steps can help you confirm that it was an actual unauthorized activity: What to Do if You Do Find […]

Visibility Other services offered by AWS provide different visibility and insights into your accounts to help you understand where malicious activity or an incident could occur. Amazon Detective is a security service that helps simplify the investigative process for security teams by using machine learning and statistical analysis to show the interactions between users and […]

Logging AWS has numerous services that offer logging capabilities to capture vital information when analyzing the source of a threat and how to prevent it. When using your chosen services, you should enable logging. This is often overlooked, which can be a massive regret for organizations should the worst happen. With active logging, you will […]

A Common Approach to an Infrastructure Security Incident The following quickly highlights a common response approach to an infrastructure-related security incident involving an EC2 instance: You will not be expected to know the commands to carry out the preceding steps via the AWS CLI, but should you wish to do this, please review the steps […]

Forensic AWS Account A separate AWS account for forensic investigations is ideal to help you diagnose and isolate the affected resources. By utilizing a separate account, you can architect the environment to be more securely appropriate to its forensic use. You could even use AWS Control Tower to provision the account quickly, using the account […]

The AWS WAF Security Pillars For constructing or reviewing AWS accounts that are secure, highly available, and efficient, AWS has developed a framework that incorporates foundational best practices with regard to six pillars—the WAF. The pillars of the WAF consist of the following items: This framework helps you transition and migrate solutions into the AWS […]

With a grasp on what you are responsible for from an AWS customer perspective, you can now turn to the pillars that will be tested in the exam. The first pillar is incident response (IR). Knowing how to prepare and then react, in both a manual and an automated fashion, when something occurs in one […]

Exam Readiness Drill For the first three attempts, don’t worry about the time limit. ATTEMPT 1 The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps. ATTEMPT 2 The second time, aim for at least 60%. […]

Summary In this chapter, you learned about some of the most prevalent attacks that security engineers face. This knowledge of common attacks puts the need for security services into perspective. It also gives you an understanding of the various services you will need as you go through the rest of this book with a crucial […]

Adding Layers of Defense with AWS Shield While AWS WAF can provide several protections to your CloudFront origins and application load balancers, AWS Shield protects against more complex DDoS attacks, such as volumetric attacks. The following table compares AWS Shield and AWS WAF. Protection from AWS WAF AWS Shield HTTP Floods State-Exhaustion Attacks DNS Query […]