Content Domain 4: Security and Compliance

Task 4.1: Implement and manage security and compliance tools and policies.

Skill 4.1.1: Implement IAM features (for example, password policies, multi-factor authentication [MFA], roles, federated identity, resource policies, policy conditions).
Skill 4.1.2: Troubleshoot and audit access issues by using AWS tools (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator).
Skill 4.1.3: Implement multi-account strategies securely (for example, AWS Organizations, service control policies, IAM Identity Center).
Skill 4.1.4: Implement remediation based on the results of AWS Trusted Advisor security checks.
Skill 4.1.5: Enforce compliance requirements and continuous monitoring (for example, Region and service selections, AWS Config conformance packs).

Skill 4.2.1: Implement and enforce a data classification scheme.
Skill 4.2.2: Implement, configure, and troubleshoot encryption at rest (for example, AWS KMS).
Skill 4.2.3: Implement, configure, and troubleshoot encryption in transit (for example, AWS Certificate Manager [ACM]).
Skill 4.2.4: Securely store secrets by using AWS services.
Skill 4.2.5: Configure reports and remediate findings from AWS services (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector, AWS Security Agent).

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Content Domain 3: Deployment, Provisioning, and Automation

Content Domain 5: Networking and Content Delivery