Content Domain 2: Incident Response

Task 2.1: Design and test an incident response plan

Skills in:

Skill 2.1.1: Design and implement response plans and runbooks to respond to security incidents (for example, Systems Manager OpsCenter, Amazon SageMaker AI notebooks).
Skill 2.1.2: Use AWS service features and capabilities to configure services to be prepared for incidents (for example, by provisioning access, deploying security tools, minimizing the blast radius, configuring AWS Shield Advanced protections).
Skill 2.1.3: Recommend procedures to test and validate the effectiveness of an incident response plan (for example, AWS Fault Injection Service, AWS Resilience Hub).
Skill 2.1.4: Use AWS services to automatically remediate incidents (for example, Systems Manager, Automated Forensics Orchestrator for Amazon EC2, AWS Step Functions, Amazon Application Recovery Controller, Lambda functions).

Skills in:

Skill 2.2.1: Capture and store relevant system and application logs as forensic artifacts.
Skill 2.2.2: Search and correlate logs for security events across applications and AWS services.
Skill 2.2.3: Validate findings from AWS security services to assess the scope and impact of an event.
Skill 2.2.4: Respond to affected resources by containing and eradicating threats, and recover resources (for example, by implementing network containment controls, restoring backups).
Skill 2.2.5: Describe methods to conduct root cause analysis (for example, Amazon Detective).

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Content Domain 1: Detection

Content Domain 3: Infrastructure Security