AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)
Return to Bibliography, AWS Certified Security Specialty, Amazon Exam SCS-C01
- AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)
AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)
Acronyms
AES Advanced Encryption Standard
CAA Certification authority authorization
CIDR Classless Inter-Domain Routing
DDoS Distributed denial of service
DHCP Dynamic Host Configuration Protocol
FedRAMP Federal Risk and Authorization Management Program
FIPS Federal Information Processing Standards
HIPAA Health Insurance Portability and Accountability Act
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IAM Identity and Access Management
ICMP Internet Control Message Protocol
JSON JavaScript Object Notation
MFA Multifactor authentication
NAT Network Address Translation
PCI-DSS Payment Card Industry Data Security Standard
S3-IA Simple Shared Storage Infrequent Access
S3-RR Simple Shared Storage Reduced Redundancy
SNS Simple Notification Service
SOAP Simple Object Access Protocol
SOC Service Organization Control
TCP/IP - Transmission Control Protocol/Internet Protocol
TDE Transparent Database Encryption
WAF (1) Web application firewall; (2) Well-Architected Framework
webACL Web access control list
AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)
Amazon Athena A serverless, interactive query service that enables users to easily analyze data in Amazon S3 using standard SQL.
Amazon Aurora Amazon’s relational database built for the cloud. It supports two open-source RDBMS engines: MySQL and PostgreSQL.
Amazon CloudFront The global content delivery network (CDN) service of AWS.
Amazon CloudWatch A monitoring service for AWS cloud resources.
Amazon Cognito A service that lets you manage users of your web and mobile apps quickly.
Amazon DynamoDB Amazon’s NoSQL database.
Amazon Glacier Amazon’s archival storage.
Amazon GuardDuty A threat detection service.
Amazon Inspector Identifies the security vulnerabilities in your application.
Amazon Route 53 A highly available and scalable Domain Name System (DNS) web service. You can use Route 53 to perform three main functions in any combination: domain registration, DNS routing, and health checking.
Amazon VPC flow logs Used to capture information about the IP traffic going to and from network interfaces in your VPC.
Anycast Network addressing and routing methodology in which a single destination address has multiple routing paths to two or more endpoint destinations. Routers will select the desired path on the basis of number of hops, distance, lowest cost, latency measurements, or the least congested route.
API Gateway A fully managed service to create, publish, maintain, monitor, and secure APIs at any scale.
application protocol interface (API) A method used by applications to interact with other applications using a common protocol. A common API method used nowadays is the REST API.
archive Where data is stored in Amazon Glacier.
AWS CloudHSM A hardware-based key storage for regulatory compliance.
AWS CloudTrail A fully managed service that records AWS API calls.
AWS Config A fully managed service that helps track configuration changes.
AWS Lambda - Enables you to run code without provisioning or managing any servers or infrastructure.
AWS Marketplace An online store where you can buy software that runs on AWS.
AWS Organizations Provides policy-based management for multiple AWS accounts.
AWS Personal Health Dashboard Provides a personalized view of AWS services’ health.
AWS Systems Manager Gives you visibility and control of your infrastructure on AWS.
AWS Trusted Advisor An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment.
Border Gateway Protocol (BGP) Protocol commonly used over routers on the Internet to exchange routes and to find the best path to a destination.
bucket Container for storing objects in Amazon S3.
cross-site scripting (XSS) A method of injection attack.
Direct Connect Using Direct Connect you can establish private, dedicated network connectivity from your data center to AWS.
domain name server (DNS) A system used to translate IP addresses to domain names and vice versa.
edge layer Logical place in a network used to connect with external networks, such as the Internet or partner networks.
edge location Used to serve content to end users normally physically closer to where the user’s client device is located.
Elastic Block Storage (EBS) - Provides persistent block storage for EC2 instances.
forward secrecy - In cryptography, a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. For HTTPS, the long-term secret is typically the private signing key of the server. Also known as perfect forward secrecy (PFS).
instance An EC2 server is also referred to as an instance.
instance store Local storage in EC2 server.
Internet Gateway (IG) - A component of VPC that allows your VPC to communicate with the Internet.
inventory - List of Glacier archives.
latency - A measure of the time difference between when an event starts and when its effects are perceived. In a network, it is commonly used to measure the time taken for an IP packet to transfer between the source and the destination computers.
Network Access Control List (NACL) - Acts as a firewall at the subnet level.
OpenSSL - Open-source library that implements the SSL and TLS protocols.
region - A unique geography in the world where AWS data centers are hosted.
Representational State Transfer (REST) A common method of communication between applications.
resource-based policy Policies that are attached to a resource. For example, you can attach resource-based policies to Amazon S3 buckets, Amazon SQS queues, and AWS Key Management Service encryption keys.
root user - Owner of the AWS account.
route table - Table consisting of routes that determine where the traffic is directed.
scalability - Capacity of a workload to change its size or scale based on demand.
Secure Sockets Layer (SSL) Protocol commonly used on the Internet to provide encrypted communication between client and servers. Although it has been replaced by TLS, many people still refer to the protocol using this name.
security group Firewall for EC2 instance.
Server Side Encryption - Key Management Service (SSE-KMS) A method of encryption that uses the AWS KMS service to encrypt data after it is transferred to the server.
Snowball/Snowball Edge Amazon-owned network-attached storage (NAS) devices; used to ship customer data to AWS.
Snowmobile Exabyte-scale data transfer service.
subnet Logical subdivision of an IP network.
top-level domain (TLD) Refers to the rightmost part of a domain name. For example, the top-level domain for example.com is com.