Domain 6: Security and Compliance (17% of the exam content) - AWS Certification
Task 6.1: Implement application securityTask 6.2: Implement infrastructure securityTask 6.3: Automate security and compliance validation

Domain 6: Security and Compliance (17% of the exam content)

This domain accounts for 17% of the exam content.

Task 6.1: Implement application security

Knowledge of:

  • Application security best practices

  • Authentication and authorization services and features (for example, IAM, Amazon Cognito)

  • Secrets management services and features (for example, Secrets Manager, Systems Manager Parameter Store)

  • Data protection services and features (for example, KMS, Certificate Manager)

Skills in:

  • Implementing authentication and authorization (for example, IAM roles, Amazon Cognito)

  • Implementing secrets management (for example, Secrets Manager, Systems Manager Parameter Store)

  • Implementing data protection (for example, encryption at rest, encryption in transit)

  • Implementing secure API endpoints (for example, API Gateway with WAF)

  • Implementing security headers and content security policies

Task 6.2: Implement infrastructure security

Knowledge of:

  • Infrastructure security best practices

  • Network security services and features (for example, security groups, network ACLs, WAF)

  • Identity and access management services and features (for example, IAM, Organizations)

  • Threat detection services and features (for example, Amazon GuardDuty, Amazon Inspector)

Skills in:

  • Implementing network security (for example, security groups, network ACLs)

  • Implementing identity and access management (for example, IAM policies, service control policies)

  • Implementing threat detection (for example, GuardDuty, Inspector)

  • Implementing infrastructure protection (for example, Shield, WAF)

  • Implementing secure VPC architectures

Task 6.3: Automate security and compliance validation

Knowledge of:

  • Compliance frameworks and requirements

  • Security assessment services and features (for example, Config, Security Hub)

  • Automated remediation services and features (for example, Config remediation, Systems Manager Automation)

  • Security testing methodologies

Skills in:

  • Implementing compliance validation (for example, Config rules, Security Hub standards)

  • Implementing automated remediation (for example, Config remediation, Systems Manager Automation)

  • Implementing security testing (for example, penetration testing, vulnerability scanning)

  • Implementing security monitoring (for example, CloudTrail, CloudWatch Logs)

  • Implementing security automation (for example, Security Hub, Config)