Content Domain 4: Security and Compliance

Task 4.1: Implement and manage security and compliance tools and policies

Skill 4.1.1: Implement AWS Identity and Access Management (IAM) features (for example, password policies, multi-factor authentication [MFA], roles, federated identity, resource policies, policy conditions)
Skill 4.1.2: Troubleshoot and audit access issues by using AWS tools (for example, AWS CloudTrail, IAM Access Analyzer, IAM policy simulator)
Skill 4.1.3: Implement multi-account strategies securely
Skill 4.1.4: Implement remediation based on the results of AWS Trusted Advisor security checks
Skill 4.1.5: Enforce compliance requirements (for example, AWS Region and service selections)

Skill 4.2.1: Implement and enforce a data classification scheme
Skill 4.2.2: Implement, configure, and troubleshoot encryption at rest (for example, AWS Key Management Service [AWS KMS])
Skill 4.2.3: Implement, configure, and troubleshoot encryption in transit (for example, AWS Certificate Manager [ACM])
Skill 4.2.4: Securely store secrets by using AWS services
Skill 4.2.5: Configure reports and remediate findings from AWS services (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Content Domain 3: Deployment, Provisioning, and Automation

Content Domain 5: Networking and Content Delivery