Exam (elaborations)
AWS SCS-C02 Content (1).
- Course
- Institution
AWS SCS-C02 Content (1).
[Show more]
Seller
Follow
lydiaomutho
Content preview
AWS SCS-C02 ContentAWS Config - ANS-Managed service that provides you a detailed inventory of your AWS
resources and their current config.
Continuously records configuration changes. Does not prevent changes, just records them
Is AWS Config a regional service? - ANS-Yes-- must be enabled per region & only captures
config history in the region where it was deployed
AWS Config: configuration recorder - ANS-Must deploy to a region to store configurations of
records resources in your AWS accounts
AWS Config: Aggregator - ANS-collects AWS Config configuration and compliance data from
multiple source accounts and regions. Create an aggregator in the region where you want to
see the aggregated AWS Config configuration and compliance data-- like a centralized Security
account
AWS Config: Rules - ANS-An AWS Config rule represents your desired configuration settings
for specific AWS resources or for an entire AWS account. AWS Config provides customizable,
predefined rules to help you get started. If a resource violates a rule, AWS Config flags the
resource and the rule as noncompliant, and you can trigger alerts based on that
AWS Config Autoremediation - ANS-Config can be set to autoremediate when a Rule is broken.
This invokes AWS Systems Manager & you can define the remediation actions
Also need to define what resources Config is allowed to remediate, what IAM role it should use,
etc
AWS Trusted Advisor - ANS-Inspects your AWS environment and makes recommendations
when opportunities may exist to save money, improve system performance or close security
gaps.
not just security, inspects whole account at once
makes recs for improvement
Basic/Developer Support vs Enterprise Support
enabled at an account level and analyzes your AWS accounts for industry best practices, as
well as AWS customer-established best practices
AWS Trusted Advisor Basic/Developer Support - ANS-Limited # of checks
no automation
,AWS Trusted Advisor Enterprise Support - ANS-more expensive
all checks
can enable automation w/ EventBridge
Amazon Guard Duty - ANS-threat detection service that monitors for malicious, suspicious
activity and unauthorized behavior
generates findings
can be used with org & have designated admin account
output findings to Security Hub or Amazon Detective or EventBridge
GuardDuty Detectors - ANS-unique regional entities
all findings are associated with a Detector
First step to remediate GuardDuty finding for an EC2 instance - ANS-Identify & stop the EC2
instance immediately so that you can investigate w/o issue continuing
no need to terminate at first
AWS Health - ANS-notifies you of AWS service outages & issues, can automate alerts from
here
provides ongoing visibility into your resource performance and the availability of your AWS
services and accounts
Amazon Inspector - ANS-automated assessments & security scans for EC2 instances
looks for exposures, vulns, violation of best practices
outputs findings & assessment reports
single delegated admin account. Integrate w/ Security Hub & EventBridge, store outputs in S3
using json or csv
Amazon Inspector Assessment Types - ANS-Network assessment: agentless scans for network
reachability, run every 24 hours
Host assessment: scan info from EC2 instances for software running on apps. Requires SSM
agent
Amazon Inspector Network assessment - ANS-agentless scans for network reachability, run
every 24 hours
,Finding type: Network Reachability
Amazon Inspector Host assessment - ANS-Requires SSM agent. Scan info from EC2 instances
for software running on apps
Can only be run if your EC2 instance is running, since the SSM agent is on your instance
OS level notifications
Host needs to be able to reach Systems Manager
Amazon Inspector Suppression Rule - ANS-rule set for types of findings to suppress, can
reference ARNs & be very customized
AWS Systems Manager (SSM) - ANS-- Hybrid AWS service that can be used to manage both
EC2 and on-prem systems at scale
- get operational insights about the state of your infra
- important features are Patch Manager, Run Command, Parameter Store
- works both Win and Linux OS
a collection of capabilities that are meant to help you manage your applications and
infrastructure running in AWS.
Patch Manager - ANS-feature of AWS SSM
Patch EC2, edge devices, or even on-prem VMs (as long as they have SSM agent installed &
internet access)
baseline & approval rules for what to patch when
Patch Manager Baselines - ANS-contain rules for patching based on system OS
predefined ones exist but custom ones can be created too
approval rules are part of baselines
Patch Manager Approval Rules - ANS-contained inside baselines
sets when new patches are allowed to be applied
can set to do after a set # of days, or approve all patches created before a specific date
Patch groups - ANS-target groups of managed instances to patch
, defined based on tag: PatchGroup
can use dev/prod tags to ensure patches are tested on dev before being applied to prod
AWS Session Manager - ANS-part of Systems Manager
access compute instances via browser-based shell or CLI, no SSH! This is done via IAM role
only
Run Command - ANS-part of Systems Manager
execute commands on managed instances w/o actually accessing them
ex. reset authorized keys on EC2 instances when keys may have been compromised
AWS Artifact - ANS-Portal that provides self-service access to AWS compliance reports and
agreements you may have with AWS
no info on your services, it's literally all AWS service info
generates unique, watermarked reports
AWS Abuse Notices - ANS-abuse notices are sent from the AWS Trust & Safety team
also published to AWS Health dashboard
very critical & could result in AWS closing your account
sent to security contact for your account, then to Root email
Abuse Types - ANS-there are tons but common ones are
- spam
- port scanning
- DoS attacks
- Intrusion attempts
- Illegal hosting of content
- Distributing malware
What compliance standard is the AWS Incident Response Guide largely based on? - ANS-NIST
SP 800-61
NIST Computer Security Incident handling guide (Special Publication 800-61)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
60834 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now