AWS Certified Security - Specialty (SCS-C02) Exam Guide - Q & A - x50
Here are 50 unique questions and answers for 'Domain 1: Threat Detection and Incident Response', covering all task statements, knowledge, and skills as outlined in the AWS Certified Security - Specialty (SCS-C02) Exam Guide. A few listeners have been asking for more quick fire question / answers - so here they are.
Just for fun Exercise: ... see if you can articulate the correct answer - out loud and clearly spoken - before hearing it! This action will help focus your exam preparation, interview technique, and ability to verbalize the advanced concepts for 'Domain 1 Threat Detection and Incident Response'.
Enjoy ...
## Domain 1: Threat Detection and Incident Response
### Task Statement 1.1: Design and implement an incident response plan.
**Knowledge of:**
- 1.1.1 AWS best practices for incident response
- 1.1.2 Cloud incidents
- 1.1.3 Roles and responsibilities in the incident response plan
- 1.1.4 AWS Security Finding Format (ASFF)
**Skills in:**
- 1.1.5 Implementing credential invalidation and rotation strategies in response to compromises (for example, by using AWS Identity and Access Management [IAM] and AWS Secrets Manager)
- 1.1.6 Isolating AWS resources
- 1.1.7 Designing and implementing playbooks and runbooks for responses to security incidents
- 1.1.8 Deploying security services (for example, AWS Security Hub, Amazon Macie, Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Detective, AWS Identity and Access Management Access Analyzer)
- 1.1.9 Configuring integrations with native AWS services and third-party services (for example, by using Amazon EventBridge and the ASFF)
### Task Statement 1.2: Detect security threats and anomalies by using AWS services.
**Knowledge of:**
- 1.2.1 AWS managed security services that detect threats
- 1.2.2 Anomaly and correlation techniques to join data across services
- 1.2.3 Visualizations to identify anomalies
- 1.2.4 Strategies to centralize security findings
**Skills in:**
- 1.2.5 Evaluating findings from security services (for example, GuardDuty, Security Hub, Macie, AWS Config, IAM Access Analyzer)
- 1.2.6 Searching and correlating security threats across AWS services (for example, by using Detective)
- 1.2.7 Performing queries to validate security events (for example, by using Amazon Athena)
- 1.2.8 Creating metric filters and dashboards to detect anomalous activity (for example, by using Amazon CloudWatch)
### Task Statement 1.3: Respond to compromised resources and workloads.
**Knowledge of:**
- 1.3.1 AWS Security Incident Response Guide
- 1.3.2 Resource isolation mechanisms
- 1.3.3 Techniques for root cause analysis
- 1.3.4 Data capture mechanisms
- 1.3.5 Log analysis for event validation
**Skills in:**
- 1.3.6 Automating remediation by using AWS services (for example, AWS Lambda, AWS Step Functions, EventBridge, AWS Systems Manager runbooks, Security Hub, AWS Config)
- 1.3.7 Responding to compromised resources (for example, by isolating Amazon EC2 instances)
- 1.3.8 Investigating and analyzing to conduct root cause analysis (for example, by using Detective)
- 1.3.9 Capturing relevant forensics data from a compromised resource (for example, Amazon Elastic Block Store [Amazon EBS] volume snapshots, memory dump)
- 1.3.10 Querying logs in Amazon S3 for contextual information related to security events (for example, by using Athena)
- 1.3.11 Protecting and preserving forensic artifacts (for example, by using S3 Object Lock, isolated forensic accounts, S3 Lifecycle, and S3 replication)
- 1.3.12 Preparing services for incidents and recovering services after incidents
