- Preparation stages for incident response
- Verify that the Incident Response Plan includes relevant AWS services
- Mitigation steps to perform Incident response steps
- AWS Guard Duty
- Evaluate suspected compromised EC2 Instances
- Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys
- Evaluate suspected compromised credentials
- Evaluate the configuration of automated alerting and execute possible remediation of security-related incidents and emerging issues.
- Home
- Infosec Train
- Courses
- Cloud Security Expert
Cloud Security Expert (SCS-C01, AZ – 500 & CCSP) Training
Ace the AZ-500, CCSP, and the AWS Certified Security exams with Infosec Train’s Cloud Security Expert online training programme.
Online
Quick facts
particular | details | |
---|---|---|
Medium of instructions
English
|
Mode of learning
Self study, Virtual Classroom
|
Mode of Delivery
Video and Text Based
|
Course overview
The Cloud Security Expert certification course is a unique attempt by Infosec Train to help aspiring cloud security professionals develop essential expertise across various cloud platforms. You can use this curriculum to prepare for Azure Security Technologies, AWS Security Specialty, and CCSP certification tests. Moreover, the programme relieves the hassle of going through multiple training courses. You’ll receive preparation strategies for all three exams in a single package.
The Cloud Security Expert online course helps you gain comprehensive expertise in basic and advanced cloud security concepts. You’ll cover all the essential concepts and topics necessary to qualify for the certification exams. The training also provides an overall impression of the practical responsibilities and roles to strengthen your ability to address the tests’ performance-based questions.
The Cloud Security Expert programme features flexible training schedules, enabling you to learn at your own pace. Recordings are also provided to prevent you from falling behind. All the lectures are mentored by highly qualified and experienced professionals who will guide you throughout the preparation.
The highlights
- Highly qualified and experienced trainers
- Access to recorded classes
- Features mixed approach for covering all exam topics
- Flexible Training Schedules
- Career-oriented training
- Affordable course price
Program offerings
- Online training
- Corporate training
- One-to-one mentorship
- Recorded classes available
- Flexible learning
- Career-oriented programme
- Mixed teaching approach
Course and certificate fees
certificate availability
certificate providing authority
Eligibility criteria
To enrol in the Cloud Security Expert training course, you need two years or more of IT work experience, with six months of experience in the security field. Also, it would be best if you had a skillset mapped to the role of SysOps Administrator Associate or AWS Certified Solutions Architect Associate.
On top of that, you need proficiency in cloud security, cloud computing, AWS, Azure Cloud, networking, and visualization fundamentals.
The exam-related requirements are as follows - for the AZ-500 exam, you need to have an in-depth familiarity with automation, scripting, virtualization, networking, and Azure cloud products. The CCSP exam requires you to have a minimum work experience of 5 years, with one year of experience in one or more domains specified under CCSP certification. You must also have internships and part-time work experience in cloud security job roles.
Lastly, for the AWS Certified Security exam, you must know security controls for AWS workloads and have two years of work experience in the same. At least five years of IT security’s hands-on experience is also mandatory.
To receive the Cloud Security Expert certification, you need to get 700 out of 1000 in all three exams.
What you will learn
After completing the Cloud Security Expert syllabus, you will have:
- In-depth familiarity with all examination topics in AZ-500 certification
- Proficiency in all exam skills for CCSP certification exam
- Knowledge of all domains in the AWS Specialty Certification aligned with the new syllabus
- The ability to execute cloud security expertise and knowledge for solving real-world problems
- Deep understanding of various techniques, methods, best practices, and protocols for cloud security
Who it is for
The Cloud Security Expert online training is ideal for:
- Systems engineers
- Security consultant
- Enterprise solution architects
- Security administrator
- Systems architect
- Security managers
- Security engineer
Admission details
Step 1: To begin the admission process for the Cloud Security Expert course, you need to visit the official programme page first.
Step 2: Choose a learning mode by scrolling down and then click the ‘Enroll Now’ button. A small application form will appear that you must fill to get Infosec Train’s officials to contact you.
Step 3: You can also reserve a seat for a free demo lecture before you enroll.
Filling the form
To register for the Cloud Security Expert programme, enter your active email ID, full name and country name, and phone number in the pop-up form that appears after clicking the ‘Enroll Now’ tab.
The syllabus
Module 1 (AWS Certified Security – Specialty)
Domain 1: Incident Response
Domain 2: Logging and Monitoring
- AWS Detective & Security Hub
- Design, Implement & troubleshoot security monitoring and alerting
- AWS Security Solutions for Visibility and Compliance
- Design, Implement & troubleshoot a logging solution
- Continuous Security Monitoring
- AWS Inspector
- AWS Systems Manager
- AWS WAF and Shield
- AWS Athena
- AWS CloudWatch, CloudTrail, and Config
- S3 Events & VPC Flow Logs
- AWS Macie
Domain 3: Infrastructure Security
- Design and implement a secure network infrastructure
- Troubleshoot a secure network infrastructure
- Security groups & Network ACLs
- AWS CloudFront
- DDoS Mitigation
- IPS/IDS concepts in cloud
- Bastion Hosts
- Network Segmentation
- VPC Endpoints
- Design and implement host-based security
- Virtual Private Cloud (VPC)
- AWS lambda fundamentals
- Compliance Frameworks
- AWS Route53 DNS
- Design edge security on AWS
- AWS Simple Email Service
Domain 4: Identity and Access Management
- Understand the Principle of Least Privilege
- Design and implement a scalable authorisation and authentication system to access AWS resources
- IAM JSON Policy Elements
- IAM Policies & Roles
- Understanding Delegation, STS
- IAM Permission boundaries
- Understanding Federation & SSO
- Cross account policies & roles
- AWS Organisations
- AWS Directory services
- S3 Versioning
- S3 Security, Cross Account S3 access
- AWS Cognito
- Troubleshoot an authorisation and authentication system to access AWS resources
- AWS License manager
Domain 5: Data Protection
- Cryptography fundamentals
- AWS Key Management Service (KMS)
- Cloud Hardware Security Module (HSM)
- KMS Authentication and Access Control
- Envelope Encryption
- EBS Architecture and Secure Data Wiping
- CloudTrail and Encryption
- Secrets Manager
- S3 Encryption
- Load Balancer Security
- AWS Certificate Manager
- AWS Glacier
- Docker and container security fundamentals
- Design and implement a data encryption solution for the data at rest and data in transit
- Troubleshoot key management
- Design and implement key management and use
Module 2 (Azure AZ-500)
Azure Cloud Fundamentals
- Azure Resource Groups, Tags & ARM
- Azure infrastructure: Regions, Availability Zones, Geographies
- Azure subscription
- Azure Portal, Cloud Shell, Powershell, and CLI
- Billing and cost management
Azure Virtual Machines
- Monitoring VMs
- Availability management, Maintenance, and Downtime
- Managing Linux Instances
- Describe the options available to manage and create an Azure Virtual Machine
- Creating VM with Powershell/Bash
- VM Custom Script Extensions, DSC
- Availability Sets, Fault Domain and Update Domain
- Azure Bastion Service
- VM Scale Sets, Types scaling
- Add Data Disks & NIC to VM
- Deploying ARN Templates
- Azure disk encryption & Disk encryption on Windows
- Resizing VMs
- Key vault for disk encryption
- VM security best practices
- VM hardening in Security Center
- Compile a checklist for creating an Azure Virtual Machine
- VM backup & restore
Azure App Services
- App Service plans & sizing
- Introduction to Azure app services
- Scalability
- Web apps and settings
Containers & Security
- Container security in AKS & Container scanning
- Azure Container Service (ACS)
- Containerisation concepts, Docker & Kubernetes overview
- Create an AKS Cluster
- Azure Kubernetes Service (AKS)
- Run and application on Kubernetes
- Create a container registry
- Container isolation for AKS
- Securing the container registry
Azure Storage Services
- RBAC Authentication for Storage
- AZ Copy
- Blob Access Policies
- Blob Storage Pricing
- Azure storage accounts overview
- Files Vs. Blobs
- Azure CDN
- Storage Security & Authorization Options
- Managing Permissions
- Azure Import/Export
- Blob Public Access Level
- Azure File Sync
- File Share Snapshots
- Azure Backup
- Access Keys and Shared Access Signature (SAS)
- Azure Storage Explorer
- Storage Types, Standard & premium storage accounts
- Log Analytics
- Storage Performance Tiers
- Secure File Transfer
- Azure Files
- Create Storage Account
- Azure Blob Containers
- Storage Security, Encryption keys & Key Vault
Azure Virtual Network (Vnet)
- DDoS protection
- DNS Delegation
- Azure Application Gateway
- Public and Private zones
- Network Security Groups
- Purpose of Virtual Networks
- Domain and Custom Domains
- Azure Service Endpoints
- Azure DNS
- Azure Load Balancing Services
- Network Traffic Management & Network Routing
- Subnets
- Gateway Transit
- User-defined routes & Vnet peering
- Creating a private network in Azure
- Virtual Network Gateway
- Azure firewall
Azure Active Directory
- SSO and MFA
- Create an Azure AD tenant
- AD Identity protection
- Self Service Password Reset
- Managing Users, Groups & Devices
- Service principals
- Conditional Access
- Managing Role-Based Access Control
- Azure AD overview
- App registration
- AD Connect, Hybrid Identities & identity protection
Secure Access by using Azure AD (PIM and Tenant Security)
- PIM role activation
- Privileged Identity Management overview
- Configure Access Reviews Assigning resource roles (RBAC)
- Monitor privileged access for Azure AD Privileged Identity Management (PIM)
Governance and Role-based access control (RBAC)
Configure security settings by using Azure Blueprint
- Implementing effective RBAC
- Configure resource group permissions
- Configure subscription and resource permissions
- Identify the appropriate role
- Azure Policies
- RBAC overview
- Azure resource locks
- Subscription policies
- Configure custom RBAC roles
- Apply the principle of least privilege
- Configure security settings by using Azure Policy
Security Operations
- Evaluate vulnerability scans from Azure Security Center
- Configure Just in Time VM access by using Azure Security Center
- Data sources for Azure Sentinel
- Create and customise alerts
- Configure compliance policies and evaluate for compliance by using Azure Security Center
- Log Analytics
- Azure Monitor and Alerts
- Evaluating results
- Azure Security Center
- Monitor Security by using Azure Sentinel
- Configure centralised policy management by using Azure Security Center
Secure Data Services
- Azure SQL service
- Azure Data Lake Store
- Azure SQL DB Advanced Threat Protection
- SQL long term backup retention
- Azure Database services
- Design auditing and caching strategies
- Database encryption
- Azure Cosmos DB
Key Management
- Configure key rotation
- Configure RBAC usage in Azure Key Vault
- Encryption and key management
- Manage permissions to secrets, certificates, and keys
- Azure Key Vault
Module 3 (CCSP)
Domain 1: Cloud Concepts, Architecture and Design
- Understand Cloud Computing Concepts
- Describe Cloud Reference Architecture
- Understand Security Concepts Relevant to Cloud Computing
- Understand Design Principles of Secure Cloud Computing
- Evaluate Cloud Service Providers
Domain 2: Cloud Data Security
- Describe Cloud Data Concepts
- Design and Implement Cloud Data Storage Architectures
- Design and Apply Data Security Technologies and Strategies
- Implement Data Discovery
- Implement Data Classification
- Design and Implement Information Rights Management (IRM)
- Plan and Implement Data Retention, Deletion and Archiving Policies
- Design and Implement Auditability, Traceability and Accountability of Data Events
Domain 3: Cloud Platform and Infrastructure Security
- Comprehend Cloud Infrastructure Components
- Design a Secure Data Center
- Analyse Risks Associated with Cloud Infrastructure
- Design and Plan Security Controls
- Plan Disaster Recovery (DR) and Business Continuity (BC)
Domain 4: Cloud Application Security
- Advocate Training and Awareness for Application Security
- Describe the Secure Software Development Life Cycle (SDLC) Process
- Apply the Secure Software Development Life Cycle (SDLC)
- Apply Cloud Software Assurance and Validation
- Use Verified Secure Software
- Comprehend the Specifics of Cloud Application Architecture
- Design Appropriate Identity and Access Management (IAM) Solutions
Domain 5: Cloud Security Operations
- Implement and Build Physical and Logical Infrastructure for Cloud Environment
- Operate Physical and Logical Infrastructure for Cloud Environment
- Manage Physical and Logical Infrastructure for Cloud Environment
- Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
- Support Digital Forensics
- Manage Communication with Relevant Parties
- Manage Security Operations
Domain 6: Legal, Risk, and Compliance
- Articulate Legal Requirements and Unique Risks within the Cloud Environment
- Understand Privacy Issues
- Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
- Understand the Implications of Cloud to Enterprise Risk Management
- Understand Outsourcing and Cloud Contract Design
Evaluation process
The AZ-500 exam, AWS Certified Security exam, and Certified Cloud Security Professional (CCSP) exams are all MCQ-based tests with varying durations and formats. The AWS certified security exam is for 150 minutes, and the CCSP examination is for 3 hours. The AZ-500 and AWS certified security exams are available in multiple languages. However, the CCSP is only available in the English Language.
How it helps
By enrolling in the Cloud Security Expert online course, you can prepare for three exams – AZ-500, AWS Certified Security, and CCSP – simultaneously, without undergoing separate training for each. This saves you a lot of time and effort.
Most importantly, the course takes on a mixed and flexible learning approach for all three exams, meaning you’ll get diverse guidance on each module, which you navigate at your own time and pace.
Instructors
Mr Rishabh Kotiyal
Trainer
Freelancer
Mr Abhy
Trainer
Freelancer
FAQs
Abhi and Krish will be your course instructors.
To pass the exam, you have to score 700 out of 1000 in all three examinations.
The CCSP exam is 3 hours long.
Yes, you can reserve your seat for a demo lecture by filling the small form on the course website.
One-to-one learning, corporate training, and online training are the three learning modes that Infosec Train offers.