

# Content Domain 4: Security and Compliance
<a name="sysops-administrator-associate-03-domain4"></a>

**Topics**
+ [Task 4.1: Implement and manage security and compliance tools and policies.](#sysops-administrator-associate-03-domain4-task1)
+ [Task 4.2: Implement strategies to protect data and infrastructure.](#sysops-administrator-associate-03-domain4-task2)

## Task 4.1: Implement and manage security and compliance tools and policies.
<a name="sysops-administrator-associate-03-domain4-task1"></a>
+ Skill 4.1.1: Implement IAM features (for example, password policies, multi-factor authentication [MFA], roles, federated identity, resource policies, policy conditions).
+ Skill 4.1.2: Troubleshoot and audit access issues by using AWS tools (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator).
+ Skill 4.1.3: Implement multi-account strategies securely (for example, AWS Organizations, service control policies, IAM Identity Center).
+ Skill 4.1.4: Implement remediation based on the results of AWS Trusted Advisor security checks.
+ Skill 4.1.5: Enforce compliance requirements and continuous monitoring (for example, Region and service selections, AWS Config conformance packs).

## Task 4.2: Implement strategies to protect data and infrastructure.
<a name="sysops-administrator-associate-03-domain4-task2"></a>
+ Skill 4.2.1: Implement and enforce a data classification scheme.
+ Skill 4.2.2: Implement, configure, and troubleshoot encryption at rest (for example, AWS KMS).
+ Skill 4.2.3: Implement, configure, and troubleshoot encryption in transit (for example, AWS Certificate Manager [ACM]).
+ Skill 4.2.4: Securely store secrets by using AWS services.
+ Skill 4.2.5: Configure reports and remediate findings from AWS services (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector, AWS Security Agent).