Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Amazon Web Services

AWS Security Incident Response - Ransomware Use Case

Amazon Web Services and Amazon via AWS Skill Builder

Overview

This course is a guided practice use case that invites you how to investigate a ransomware security incident following the security incident workflow process. The topics covered in this course are 200-level and require you to understand how to use various services in Amazon Web Services (AWS). You are encouraged to complete the AWS Security Incident Response Overview course before taking this course to gain a deeper understanding of the investigation process. There are two modules in the AWS Security Incident Response Overview course: Module 1: Define Security Incident Response and Module 2: Use AWS Services to Investigate Security Incidents.

  • Course level: Intermediate
  • Duration: 45 minutes


Activities

This course includes interactive learning objects.


Course objectives

In this course, you will learn to:

  • Identify any unauthorized buckets using the Amazon Simple Storage Service (Amazon S3) console.
  • Review the event history in AWS CloudTrail to uncover any unauthorized activity.
  • Deactivate any compromised AWS Identity and Access Management (IAM) credentials.
  • Delete any compromised and unauthorized users from the IAM console.
  • Remove encrypted files from the Amazon S3 console.
  • Restore the environment to a safe state.


Intended audience

This course is intended for:

  • Security engineers
  • Security operations center (SOC) analyst incident analysts (responders), and security operations (SecOps)
  • Security Managers/Security Principals


Prerequisites

We recommend that attendees of this course have:

  • AWS Security Incident Response Overview course, which provides the foundational knowledge you will need to investigate a security incident
  • AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work


Course outline

Topic 1: Navigation

  • How to Use This Course

Topic 2: Introduction

  • Welcome

Topic 3: Ransomware Guided Practice

  • Ransomware Introduction
  • Part 1: Detect
  • Part 2: Analyze
  • Part 3: Contain
  • Part 4: Analyze
  • Part 5: Contain
  • Part 6: Analyze
  • Part 7: Contain
  • Part 8: Eradicate
  • Part 9: Recover
  • Summary

Topic 4: Additional Help

  • Learn More

Topic 5: For Students

  • Contact Us

Reviews

Start your review of AWS Security Incident Response - Ransomware Use Case

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.