- Secure the AWS platform using AWS security best practices.
- Manage authentications and authorizations at scale in AWS accounts.
- Use appropriate data-encryption methods and AWS mechanisms to implement security for data at rest.
- Use approiate secure internet protocols and AWS mechanisms to implement security for data in transit.
- Implement security monitoring and logging in AWS, and automate responses to detected security incidences.
- Use AWS security-specific services and features to secure and troubleshoot security in production environments
Security Domain
Incident Response
AWS tools for incident response
- AWS Trusted Advisor
- AWS Cloudformation
- AWS Service Catalog
- VPC Flow Logs
- AWS Config
- Amazon API Gateway
- AWS CloudTrail
- AWS CloudWatch
- AWS GuardDuty
Logging and Monitoring
- Design and implement security monitoring and alerting.
- Troubleshoot security monitoring and alerting.
- Design and implement a logging solution.
- Troubleshooting logging solutions
AWS tools for monitoring
- AWS CloudWatch
- AWS Config
- AWS CloudTrail
- AWS Inspector
- Amazon Athena
- Amazon Kinesis Data Streams (Log ingestion)
- Amazon Kinesis Data Firehose (Log ingestion)
- Amazon Kinesis Data Analytics (Log analysis)
Infrastructure Security
- Design edge security on AWS
- Design and implement a secure network infrastructure.
- Troubleshoot a secure network infrastructure.
- Design and implement host-based security.
AWS tools for edge security
- Amazon Route 53
- AWS WAF
- Amazon CloudFront
- AWS Shield
AWS tools for mitigating DDos attacks
- Amazon Route 53
- Amazon CloudWatch
- AWS WAF
- Elastic Load Balancing
- Amazon CloudFront
- Amazon API Gateway
- AWS Shield
- Amazon EC2 Auto Scaling
- Infrastructure Security
- Identity and Access Management
- Data Protection