AWS Certified Security - Specialty (SCS-C02) glossary
Terms selected for AWS Certified Security - Specialty (SCS-C02) based on common objective language and practice focus.
Network ACL
A Network Access Control List (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
Read full term ->AWS Organizations
AWS Organizations allows you to centrally manage and govern your environment as you grow and scale your AWS resources. It helps in setting up and managing multiple AWS accounts.
Read full term ->AWS CloudTrail
AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It continuously logs and retains account activity related to actions across your AWS infrastructure.
Read full term ->AWS CloudWatch
AWS CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor applications, respond to system-wide performance changes, and optimize resource utilization.
Read full term ->AWS Config
AWS Config provides a detailed view of the configuration of AWS resources in your account, including how resources are related to one another and how they were configured in the past.
Read full term ->AWS EKS Security
AWS EKS Security involves implementing security best practices for Amazon Elastic Kubernetes Service (EKS) to protect Kubernetes clusters and workloads.
Read full term ->AWS Single Sign-On (SSO)
AWS Single Sign-On (SSO) enables centralized management of access to multiple AWS accounts and business applications using a single set of credentials.
Read full term ->AWS Systems Manager
AWS Systems Manager provides a unified user interface to view operational data from multiple AWS services and allows you to automate operational tasks across AWS resources.
Read full term ->KMS Customer Managed Keys
Customer Managed Keys (CMKs) are KMS keys that you create, own, and manage. They provide full control over the key lifecycle, including rotation, deletion, and access permissions.
Read full term ->S3 Bucket Policies
S3 Bucket Policies are resource-based policies that allow you to grant specific permissions to your S3 buckets and objects.
Read full term ->Centralized Security Logging
Pattern for collecting and retaining audit and security logs from multiple accounts into controlled destinations.
Read full term ->AWS CloudHSM
Managed hardware security module service for cryptographic key operations with dedicated hardware control.
Read full term ->Data Perimeter
Control strategy using identity, network, and resource policies to keep data access within trusted boundaries.
Read full term ->Amazon Detective
Investigation service that correlates security data to accelerate root-cause analysis.
Read full term ->Envelope Encryption
Pattern that encrypts data with a data key and protects the data key with a master key.
Read full term ->Amazon GuardDuty
Threat detection service that analyzes logs and telemetry to identify suspicious activity and potential compromise.
Read full term ->IAM Access Analyzer
Service that identifies resources shared externally and helps validate least-privilege access intent.
Read full term ->IAM Permission Boundary
Policy type that sets maximum permissions an IAM principal can receive through attached policies.
Read full term ->Incident Response Playbook
Predefined set of detection, containment, eradication, and recovery steps for security incidents.
Read full term ->Amazon Inspector
Automated vulnerability management service for EC2, ECR, and Lambda package scanning.
Read full term ->KMS Key Policy
Primary authorization document controlling how principals can use and administer a KMS key.
Read full term ->Amazon Macie
Data security service that discovers and classifies sensitive data in S3 using machine learning and pattern matching.
Read full term ->SCP Guardrails
Organization-level preventive controls that restrict disallowed actions across member accounts.
Read full term ->Secrets Rotation Policy
Defined cadence and process for rotating credentials to reduce key and password exposure risk.
Read full term ->AWS Security Hub
Centralized security posture service that aggregates findings and compliance checks across AWS accounts.
Read full term ->AWS Shield Advanced
Enhanced DDoS protection service with advanced detection, response support, and cost protections.
Read full term ->AWS WAF Managed Rules
Prebuilt web ACL rule groups that help protect applications from common web exploits.
Read full term ->Zero Trust
Security model that assumes no implicit trust and continuously verifies identity, device, and context for every request.
Read full term ->Security Groups
Security Groups act as a virtual firewall for your instance to control inbound and outbound traffic. They are used to secure network access at the instance level.
Read full term ->VPC Flow Logs
Logs that record a sample of network flows sent from and received by VM instances, useful for monitoring, forensics, and security analysis.
Read full term ->