Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Amazon Web Services

AWS Security Incident Response - Compromised IAM Credentials Use Case

Amazon Web Services and Amazon via AWS Skill Builder

Overview

This course is a guided practice use case. It invites you to investigate a security incident involving compromised AWS Identity and Access Management (IAM) credentials by using the Security Incident Workflow process. The topics covered in this course are 200-level and require you to understand how to use various services in Amazon Web Services (AWS). You are encouraged to complete the AWS Security Incident Response Overview course before taking this course to gain a deeper understanding of the investigation process. There are two modules in the AWS Security Incident Response Overview course: Module 1: Define Security Incident Response and Module 2: Use AWS Services to Investigate Security Incidents.

Course level: Intermediate

Duration: 40 minutes

Activities

This course includes interactive learning objects.

Course objectives

In this course, you will learn to:

  • Identify the source of an alert using Amazon GuardDuty.
  • Review events in AWS CloudTrail to determine the scope of an incident.
  • Use the IAM console to deactivate access for any compromised IAM user.
  • Delete or rotate access keys from the IAM console.

Intended audience

This course is intended for:

Security engineers

Security operations center (SOC) analysts, incident analysts (responders), and security operations (SecOps)

Security managers and security principals

Prerequisites

We recommend that attendees of this course have:

AWS Security Incident Response Overview course, which provides the foundational knowledge you will need to investigate a security incident

AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work


Course outline

Topic 1: Navigation

How to Use This Course

Topic 2: Introduction

Welcome

Topic 3: Compromised IAM Credentials Guided Practice

Compromised IAM Credentials Introduction

Part 1: Detect

Part 2: Analyze

Part 3: Contain

Part 4: Analyze

Part 5: Eradicate

Part 6: Recover

Summary

Topic 4: Additional Help

Learn More

Topic 5: For Students

Contact Us

Reviews

Start your review of AWS Security Incident Response - Compromised IAM Credentials Use Case

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.