IT |
気になる、記になる… |
トリニティ、公式ストアでiPhone用アクセサリなど対象製品を最大80%オフで販売するスプリングセールを開催中 |
https://taisy0.com/2023/03/31/170244.html
|
iphonese |
2023-03-31 11:01:01 |
IT |
ITmedia 総合記事一覧 |
[ITmedia ビジネスオンライン] 首都直下地震でも“待たせない” 損保ジャパン、コールセンターにAI導入 狙いは? |
https://www.itmedia.co.jp/business/articles/2303/31/news244.html
|
itmedia |
2023-03-31 20:45:00 |
AWS |
lambdaタグが付けられた新着投稿 - Qiita |
Ruby を利用して Aws lambda function からS3にあるJsonファイルを読込 |
https://qiita.com/thiri-aung/items/f52fa76732ffdbbc8ccb
|
lambdafun |
2023-03-31 20:42:04 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
React 配列を使用したセレクトボックスの実装 |
https://qiita.com/Jackoguro/items/43bf467586a079387665
|
react |
2023-03-31 20:13:59 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
Ruby を利用して Aws lambda function からS3にあるJsonファイルを読込 |
https://qiita.com/thiri-aung/items/f52fa76732ffdbbc8ccb
|
lambdafun |
2023-03-31 20:42:04 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
【Rails】RSpecのモック/スタブの違いと必要性 |
https://qiita.com/takepro14/items/060020f54ffdb8a8d871
|
rails |
2023-03-31 20:26:17 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
jruby + ActiveRecord + jdbc + mysql(mariadb)のミニマムサンプル |
https://qiita.com/yugo-yamamoto/items/e5f6815fd04eeef878e1
|
jdbcmysqladapterreq |
2023-03-31 20:01:30 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
SAP-C02で追加されるサービス |
https://qiita.com/kyle27/items/fb5892e41fda41f7fdd5
|
sarchitectprofessional |
2023-03-31 20:26:27 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AWS – ECS でログが表示されない? CMD echo するだけのDockerfileを作って試してみる |
https://qiita.com/YumaInaura/items/6f48425afd2af163c8a4
|
awsecs |
2023-03-31 20:18:15 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
AWS – ECS でログが表示されない? CMD echo するだけのDockerfileを作って試してみる |
https://qiita.com/YumaInaura/items/6f48425afd2af163c8a4
|
awsecs |
2023-03-31 20:18:15 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
【Rails】RSpecのモック/スタブの違いと必要性 |
https://qiita.com/takepro14/items/060020f54ffdb8a8d871
|
rails |
2023-03-31 20:26:17 |
海外TECH |
MakeUseOf |
The 10 Best Nintendo Switch Controllers |
https://www.makeuseof.com/tag/best-nintendo-switch-controllers/
|
nintendo |
2023-03-31 11:31:16 |
海外TECH |
MakeUseOf |
Vivo V27 and V27 Pro Review: The Mid-Range Phones That Everyone Needs |
https://www.makeuseof.com/vivo-v27-pro-review/
|
battery |
2023-03-31 11:15:16 |
海外TECH |
DEV Community |
How I passed the AWS Certified Security — Specialty Exam (SCS-C01) |
https://dev.to/aditmodi/how-i-passed-the-aws-certified-security-specialty-exam-scs-c01-44b4
|
How I passed the AWS Certified Security ー Specialty Exam SCS C IntroductionI recently passed the AWS Certified Security ー Specialty Exam I d like to share my thoughts on what I did to pass and some notes I kept along the way Before beginning it s worth considering what this exam is about AWS Certified Security Specialty is intended for individuals who perform a security role and have at least two years of hands on experience securing AWS workloads Earning AWS Certified Security Specialty validates expertise in securing data and workloads in the AWS Cloud This exam helps organizations identify and develop talent with critical skills for implementing cloud initiatives This article gives you an overview which content and training material I used to prepare myself for the AWS SCS C exam Exam PrerequisitesBefore you take this exam AWS recommends you have Five years of IT security experience in designing and implementing security solutions and at least two years of hands on experience in securing AWS workloadsWorking knowledge of AWS security services and features of services to provide a secure production environment and an understanding of security operations and risksKnowledge of the AWS shared responsibility model and its application security controls for workloads on AWS logging and monitoring strategies cloud security threat models patch management and security automation ways to enhance AWS security services with third party tools and services and disaster recovery controls including BCP and backups encryption access control and data retentionUnderstanding of specialized data classifications and AWS data protection mechanisms data encryption methods and AWS mechanisms to implement them and secure internet protocols and AWS mechanisms to implement themAbility to make tradeoff decisions with regard to cost security and deployment complexity to meet a set of application requirements Exam overviewLevel SpecialtyLength minutes to complete the examCost USDVisitExam pricing for additional cost information Format questions either multiple choice or multiple responseDelivery method Pearson VUE and PSI testing center or online proctored exam Exam OutlineThis exam guide includes weightings test domains and objectives for the exam It is not a comprehensive listing of the content on the exam However additional context for each of the objectives is available to help guide your preparation for the exam The following table lists the main content domains and theirweightings The table precedes the complete exam content outline which includes the additional context The percentage in each domain represents only scored content Domain of ExamDomain Incident Response Domain Logging and Monitoring Domain Infrastructure Security Domain Identity and Access Management Domain Data Protection TOTAL Domain Incident Response Given an AWS abuse notice evaluate the suspected compromised instance or exposed access keys Given an AWS Abuse report about an EC instance securely isolate the instance as part of a forensic investigation Analyze logs relevant to a reported instance to verify a breach and collect relevant data Capture a memory dump from a suspected instance for later deep analysis or for legal compliance reasons Verify that the Incident Response plan includes relevant AWS services Determine if changes to baseline security configuration have been made Determine if list omits services processes or procedures which facilitate Incident Response Recommend services processes procedures to remediate gaps Evaluate the configuration of automated alerting and execute possible remediation of security related incidents and emerging issues Automate evaluation of conformance with rules for new changed removed resources Apply rule based alerts for common infrastructure misconfigurations Review previous security incidents and recommend improvements to existing systems Domain Logging and Monitoring Design and implement security monitoring and alerting Analyze architecture and identify monitoring requirements and sources for monitoring statistics Analyze architecture to determine which AWS services can be used to automate monitoring and alerting Analyze the requirements for custom application monitoring and determine how this could be achieved Set up automated tools scripts to perform regular audits Troubleshoot security monitoring and alerting Given an occurrence of a known event without the expected alerting analyze the service functionality and configuration and remediate Given an occurrence of a known event without the expected alerting analyze the permissions and remediate Given a custom application which is not reporting its statistics analyze the configuration and remediate Review audit trails of system and user activity Design and implement a logging solution Analyze architecture and identify logging requirements and sources for log ingestion Analyze requirements and implement durable and secure log storage according to AWS best practices Analyze architecture to determine which AWS services can be used to automate log ingestion and analysis Troubleshoot logging solutions Given the absence of logs determine the incorrect configuration and define remediation steps Analyze logging access permissions to determine incorrect configuration and define remediation steps Based on the security policy requirements determine the correct log level type and sources Domain Infrastructure Security Design edge security on AWS For a given workload assess and limit the attack surface Reduce blast radius e g by distributing applications across accounts and regions Choose appropriate AWS and or third party edge services such as WAF CloudFront and Route to protect against DDoS or filter application level attacks Given a set of edge protection requirements for an application evaluate the mechanisms to prevent and detect intrusions for compliance and recommend required changes Test WAF rules to ensure they block malicious traffic Design and implement a secure network infrastructure Disable any unnecessary network ports and protocols Given a set of edge protection requirements evaluate the security groups and NACLs of an application for compliance and recommend required changes Given security requirements decide on network segmentation e g security groups and NACLs that allow the minimum ingress egress access required Determine the use case for VPN or Direct Connect Determine the use case for enabling VPC Flow Logs Given a description of the network infrastructure for a VPC analyze the use of subnets and gateways for secure operation Troubleshoot a secure network infrastructure Determine where network traffic flow is being denied Given a configuration confirm security groups and NACLs have been implemented correctly Design and implement host based security Given security requirements install and configure host based protections including Inspector SSM Decide when to use host based firewall like iptables Recommend methods for host hardening and monitoring Domain Identity and Access Management Design and implement a scalable authorization and authentication system to access AWS resources Given a description of a workload analyze the access control configuration for AWS services and make recommendations that reduce risk Given a description how an organization manages their AWS accounts verify security of their root user Given your organization s compliance requirements determine when to apply user policies and resource policies Within an organization s policy determine when to federate a directory services to IAM Design a scalable authorization model that includes users groups roles and policies Identify and restrict individual users of data and AWS resources Review policies to establish that users systems are restricted from performing functions beyond their responsibility and also enforce proper separation of duties Troubleshoot an authorization and authentication system to access AWS resources Investigate a user s inability to access S bucket contents Investigate a user s inability to switch roles to a different account Investigate an Amazon EC instance s inability to access a given AWS resource Domain Data Protection Design and implement key management and use Analyze a given scenario to determine an appropriate key management solution Given a set of data protection requirements evaluate key usage and recommend required changes Determine and control the blast radius of a key compromise event and design a solution to contain the same Troubleshoot key management Break down the difference between a KMS key grant and IAM policy Deduce the precedence given different conflicting policies for a given key Determine when and how to revoke permissions for a user or service in the event of a compromise Design and implement a data encryption solution for data at rest and data in transit Given a set of data protection requirements evaluate the security of the data at rest in a workload and recommend required changes Verify policy on a key such that it can only be used by specific AWS services Distinguish the compliance state of data through tag based data classifications and automate remediation Evaluate a number of transport encryption techniques and select the appropriate method i e TLS IPsec client side KMS encryption More Information on the exam guide can be found here How did I prepare I spend a considerable amount of time learning AWS before attempting to take the Certification Exam It is important that you spend time with AWS for you to be good at it The Resources I used while preparing I am linking them below one by one Courses I took Initially I enrolled in a course on Udemy called “AWS Certified Security Specialty by Zeal Vora which is a very good course and covers all the most important aspects of the AWS and You will be able to Master the Security aspect of AWS More Information on the udemy course can be found here ️hands on projects Learning only theory won t help you must work on some hands on AWS projects I would recommend you to practice some of the AWS projects from here or you can practice them from skills builder learning Center some of the projects I practiced are mentioned in my github repository I have some AWS security related projects as well AWS Ramp Up Guides Your guides to learning the AWS Cloud AWS Ramp Up Guides offer a variety of resources to help you build your skills and knowledge of the AWS Cloud Each guide features carefully selected digital training classroom courses videos whitepapers certifications and more Explore the guides below by role solution or industry area more details can be found hereFocus more on Security Solution being part of a Study Groups I also recommend you to be part of a study groups it helps you stay focused probably having study groups with people studying for the same exam is an added benefit Study Groups I was part of Cloud and DevOps Babies Cloud and DevOps Babies are a global group of babies with curious minds to learn decode Cloud DevOps and Microservices tech stacks more details can be found hereTech Study Slack TechStudySlack is a Slack for people studying Techmore details can be found here ️practice tests Lastly I recommend all of you to pass these practice exams before attending the real exam It provides simulated questions that are very similar to the actual exam One of the selling points of this practice exam is that each question contains detailed explanations that will help you gain a deeper understanding of AWS services It not just explains what the correct answer is but also explains why other answers are wrong It is extremely helpful to make you recognize the difference between similar services Tutorials Dojo Practice Exams more details can be found here Notes I outlined the resources I would use and a rough guideline of how I would approach studying You should find something that works for you but have structure and commit to it Useful Study tips and tricksAs usual more study tips and tricks to help you with the exam This exam is available through online proctoring so that you don t have to travel to the nearby testing center to take this exam Additional handicap of minutes for non native English speakers is still available so make sure that you have requested that Make sure you will use the flagging mechanism and reiterate the questions if you have time There is no penalty for guessing You can and should apply the same rules as in the other exams look here for more details regarding how to read a question and answers Additional ResourcesZeal Vora s AWS Certified Security Specialty CourseAndrian Cantrill s AWS Certified Security Specialty CourseBrian Lam s AWS SCS C Study Guide Github RepoI hope this will help you to prepare and evaluate your knowledge Let me know your thoughts in the comment section And if you haven t yet make sure to follow me on below handles connect with me on LinkedInconnect with me on Twitterfollow me on github️Do Checkout my blogs Like share and follow me for more content Good Luck with your exam Have Fun |
2023-03-31 11:17:42 |
Apple |
AppleInsider - Frontpage News |
Google hit by $4 billion lawsuit from UK publishers |
https://appleinsider.com/articles/23/03/31/google-hit-by-4-billion-lawsuit-from-uk-publishers?utm_medium=rss
|
Google hit by billion lawsuit from UK publishersOn top of a US Department of Justice suit and another in the UK more publishers are accusing Google of using its dominance to limit what revenue they could make from online ads Google is already under investigation in the UK for allegedly abusing its market power and the local Competition and Markets Authority CMA regulator is also investigating the company s dominance in mobile browsing According to BBC News however a lawsuit has now been filed on behalf of publishers claiming that any future fines will not help companies who have allegedly suffered Read more |
2023-03-31 11:48:09 |
海外TECH |
Engadget |
The Morning After: Midjourney shutters free trials of its AI image generator due to 'extraordinary' abuse |
https://www.engadget.com/the-morning-after-midjourney-shutters-free-trials-of-its-ai-image-generator-due-to-extraordinary-abuse-111518140.html?src=rss
|
The Morning After Midjourney shutters free trials of its AI image generator due to x extraordinary x abuseIt s a day of reality catching up with the chatbot boom In the last hours alone we ve had hoaxes FTC complaints and…ads Hooray We ll get into how Microsoft is bringing ads to its Bing chatbot bound to happen while OpenAI may have to halt ChatGPT releases in the face of FTC complaints The nonprofit research organization Center for AI and Digital Policy CAIDP says OpenAI s models are biased deceptive and threaten privacy and public safety The CAIDP says OpenAI also fails to meet Commission guidelines calling for AI to be transparent fair and easy to explain There s no guarantee the FTC will act on the complaint If it does set requirements though the move would affect development across the AI industry Mat SmithThe Morning After isn t just a newsletter it s also a daily podcast Get our daily audio briefings Monday through Friday by subscribing right here The biggest stories you might have missedUber adds new cities to its EV rideshare service Star Trek Picard embraces its nihilismApple s Tetris movie trades real life drama for spy fantasiesGithub ordered to identify user who leaked Twitter source code Sam Bankman Fried pleads not guilty to latest fraud bribery chargesMicrosoft explains how ads will happen in Bing s AI chatbotAh the end of the fun Over the past few days users have reported seeing ads inside Microsoft s Bing chatbot experience Based on the limited examples we ve seen the GPT powered chatbot embeds relevant ad links in response to users actual questions Ads don t seem to appear for most people including us yet but they ll most likely pop up more frequently and in more places soon In a post on the Bing blog Microsoft Corporate VP for Search and Devices Yusuf Mehd explained that ads would come in the form of a linked citation along with additional links in a Learn More section below Bing s response to their query In the future Microsoft could add functionality where hovering over a link from an advertiser would display more links from its website to drive more traffic to it Continue reading Midjourney ends free trials of its AI image generator due to extraordinary abuseThe tool had been used to fake images of Trump and the Pope among others Midjourney CEO David Holz announced on Discord that the company is ending free trials due to extraordinary demand and trial abuse New safeguards haven t been sufficient and you ll have to pay at least per month to use the image generator going forward As The Washington Post reported Midjourney has picked up unwanted attention in recent weeks Users relied on the company s AI to build deepfakes of Donald Trump being arrested and Pope Francis wearing a trendy coat Continue reading Polestar first lookPossibly the best looking EV of the year The Polestar was recently showcased in New York for its North American debut so we had to check it out It might just be the best looking new SUV in The Polestar is built on the same platform as the Volvo EX but the company has made some significant changes that ensure there won t be confusion between the two Instead of three rows of seats the Polestar maxes out at two with slightly less rear storage in favor of a more spacious cabin Continue reading A new Twitter clone is trying to seduce original blue checkmark ownersT is led by former Twitter employees who want to recreate Twitter s “public square With “legacy Twitter checkmarks about to disappear tomorrow one Twitter alternative hopes to lure some of those OG verified users to its platform T an invite only service led by two former Twitter employees says it will allow accounts to carry over their “legacy Twitter verification to its site T is part of a growing crop of Twitter alternatives that have sprung up after Musk s takeover Founder Gabor Cselle has been clear that he intends to create “a pretty straightforward copy of Twitter with some simplifications Continue reading Netflix is testing TV games that use phones as controllersHidden code references games on TV in the Netflix app Netflix might have started or is at least looking to start testing games for TV based on code within its app that developer Steve Moser shared with Bloomberg Moser reportedly found hidden references to games played on television as well as additional code that indicates the possibility of using phones as controllers to play them One line from within the app apparently reads A game on your TV needs a controller to play Do you want to use this phone as a game controller The streaming giant launched several games on Android iPhones and iPads in but on the Netflix app for TV these games were notably absent Continue reading This article originally appeared on Engadget at |
2023-03-31 11:15:18 |
海外TECH |
CodeProject Latest Articles |
BaseLib.Tracer: Tracing Done Right |
https://www.codeproject.com/Articles/1142178/BaseLib-Tracer-Tracing-Done-Right
|
baselib |
2023-03-31 11:15:00 |
医療系 |
医療介護 CBnews |
出産費用の保険適用、「見える化」踏まえ検討へ-少子化対策たたき台、予算倍増の大枠は骨太に |
https://www.cbnews.jp/news/entry/20230331194320
|
子育て支援 |
2023-03-31 20:30:00 |
ニュース |
@日本経済新聞 電子版 |
出欠情報や体育館利用予定はオンラインで確認……。教員の事務作業をDXで効率化する動き。学校現場は「ブラック職場」の印象も強く人気が低迷。人材確保のためにも働き方改革と待遇改善を急ぎます。… https://t.co/qKeuinbdxT |
https://twitter.com/nikkei/statuses/1641768587714088961
|
|
2023-03-31 11:45:08 |
ニュース |
@日本経済新聞 電子版 |
年を取ったら食事は「質より量」 新・食の常識とは?
【2022年11月 読まれた記事】
https://t.co/3UduZvQMev |
https://twitter.com/nikkei/statuses/1641762293955321858
|
食事 |
2023-03-31 11:20:08 |
ニュース |
@日本経済新聞 電子版 |
41道府県議選挙が告示 女性候補489人、過去最多
https://t.co/yyVlHp5IxJ |
https://twitter.com/nikkei/statuses/1641758480381149185
|
過去最多 |
2023-03-31 11:04:58 |
ニュース |
BBC News - Home |
Michael Vaughan cleared 'on balance of probabilities' of using racist language towards Azeem Rafiq |
https://www.bbc.co.uk/sport/cricket/65135694?at_medium=RSS&at_campaign=KARANGA
|
Michael Vaughan cleared x on balance of probabilities x of using racist language towards Azeem RafiqMichael Vaughan is cleared on balance of probabilities of using racist language towards former Yorkshire team mate Azeem Rafiq |
2023-03-31 11:38:39 |
ニュース |
BBC News - Home |
Wimbledon 2023: Russian & Belarusian players can compete as ban lifted |
https://www.bbc.co.uk/sport/tennis/64933565?at_medium=RSS&at_campaign=KARANGA
|
Wimbledon Russian amp Belarusian players can compete as ban liftedRussian and Belarusian players will be able to compete at Wimbledon in as the All England Club lifts the ban it imposed last year |
2023-03-31 11:15:20 |
ニュース |
BBC News - Home |
Fire services: Shocking bullying and abuse widespread, report says |
https://www.bbc.co.uk/news/uk-65128073?at_medium=RSS&at_campaign=KARANGA
|
iceberg |
2023-03-31 11:23:02 |
ニュース |
BBC News - Home |
Constance Marten and Mark Gordon: Couple to stand trial over baby's death |
https://www.bbc.co.uk/news/uk-65135336?at_medium=RSS&at_campaign=KARANGA
|
victoria |
2023-03-31 11:25:58 |
ニュース |
BBC News - Home |
Past health risks from contaminated meat, says watchdog |
https://www.bbc.co.uk/news/business-65136241?at_medium=RSS&at_campaign=KARANGA
|
buyers |
2023-03-31 11:35:55 |
ニュース |
BBC News - Home |
Pope expected to leave hospital on Saturday |
https://www.bbc.co.uk/news/world-europe-65138543?at_medium=RSS&at_campaign=KARANGA
|
discharge |
2023-03-31 11:13:43 |
ニュース |
BBC News - Home |
Cambridgeshire shootings: Three people in custody after father and son killed |
https://www.bbc.co.uk/news/uk-england-cambridgeshire-65135534?at_medium=RSS&at_campaign=KARANGA
|
dunmore |
2023-03-31 11:42:04 |
ニュース |
BBC News - Home |
Aberfan teacher who rescued children dies aged 82 |
https://www.bbc.co.uk/news/uk-wales-65100262?at_medium=RSS&at_campaign=KARANGA
|
classroom |
2023-03-31 11:05:52 |
ニュース |
BBC News - Home |
Reeva Steenkamp's mother against Pistorius release |
https://www.bbc.co.uk/news/world-africa-65123142?at_medium=RSS&at_campaign=KARANGA
|
murder |
2023-03-31 11:05:32 |
ニュース |
BBC News - Home |
Laura Muir and Jemma Reekie part with long-serving coach Andy Young |
https://www.bbc.co.uk/sport/athletics/65137492?at_medium=RSS&at_campaign=KARANGA
|
africa |
2023-03-31 11:07:02 |
ニュース |
BBC News - Home |
Women's Six Nations 2023: Five players to watch as new England era begins |
https://www.bbc.co.uk/sport/rugby-union/65130247?at_medium=RSS&at_campaign=KARANGA
|
Women x s Six Nations Five players to watch as new England era beginsAfter Sarah Hunter s poignant send off who will be tasked with picking up the baton for England BBC Sport looks at five players to watch as a new era begins |
2023-03-31 11:00:51 |
コメント
コメントを投稿