Compsortia

Amazon Web Services (AWS)

Domain 2: Security and Compliance

Task Statement 2.1: Understand the AWS shared responsibility model

Knowledge of:

  1. AWS shared responsibility model (SRM)

Skills in:

  1. Recognizing the components of the AWS shared responsibility model
  2. Describing the customer’s responsibilities on AWS
  3. Describing AWS responsibilities
  4. Describing responsibilities that the customer and AWS share
  5. Describing how AWS responsibilities and customer responsibilities can shift, depending on the service used (for example, Amazon RDS, AWS Lambda, Amazon EC2)

Task Statement 2.2: Understand AWS Cloud security, governance, and compliance concepts

Knowledge of:

  1. AWS compliance and governance concepts
  2. Benefits of cloud security (for example, encryption)
  3. Where to capture and locate logs that are associated with cloud security

Skills in:

  1. Identifying where to find AWS compliance information (for example, AWS Artifact)
  2. Understanding compliance needs among geographic locations or industries (for example, AWS Compliance)
  3. Describing how customers secure resources on AWS (for example, Amazon Inspector, AWS Security Hub, Amazon GuardDuty, AWS Shield)
  4. Identifying different encryption options (for example, encryption in transit, encryption at rest)
  5. Recognizing services that aid in governance and compliance (for example, monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config; reporting with access reports)
  6. Recognizing compliance requirements that vary among AWS services

Task Statement 2.3: Identify AWS access management capabilities

Knowledge of:

  1. Identity and access management (for example, AWS Identity and Access Management [IAM])
  2. Importance of protecting the AWS root user account
  3. Principle of least privilege
  4. AWS IAM Identity Center (AWS Single Sign-On)

Skills in:

  1. Understanding access keys, password policies, and credential storage (for example, AWS Secrets Manager, AWS Systems Manager)
  2. Identifying authentication methods in AWS (for example, multi-factor authentication [MFA], IAM Identity Center, cross-account IAM roles)
  3. Defining groups, users, custom policies, and managed policies in compliance with the principle of least privilege
  4. Identifying tasks that only the account root user can perform
  5. Understanding which methods can achieve root user protection
  6. Understanding the types of identity management (for example, federated)

Task Statement 2.4: Identify components and resources for security

Knowledge of:

  1. Security capabilities that AWS provides
  2. Security-related documentation that AWS provides

Skills in:

  1. Describing AWS security features and services (for example, security groups, network ACLs, AWS WAF)
  2. Understanding that third-party security products are available from AWS Marketplace
  3. Identifying where AWS security information is available (for example, AWS Knowledge Center, AWS Security Center, AWS Security Blog)
  4. Understanding the use of AWS services for identifying security issues (for example, AWS Trusted Advisor)

Pages: 1 2 3 4 5