Domain 4: Security and Compliance (16% of the exam content)

This domain accounts for 16% of the exam content.

Task 4.1: Implement and manage security and compliance policies

Implement IAM features (for example, password policies, multi-factor authentication [MFA], roles, SAML, federated identity, resource policies, policy conditions).
Troubleshoot and audit access issues by using services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator).
Validate service control policies (SCPs) and permissions boundaries.
Review Trusted Advisor security checks.
Validate Region and service selections based on compliance requirements.
Implement secure multi-account strategies (for example, Control Tower, Organizations).

Enforce a data classification scheme.
Create, manage, and protect encryption keys.
Implement encryption at rest (for example, Key Management Service [ KMS]).
Implement encryption in transit (for example, Certificate Manager [ACM], VPN).
Securely store secrets by using services (for example, Secrets Manager, Systems Manager Parameter Store).
Review reports or findings (for example, Security Hub, Amazon GuardDuty, Config, Amazon Inspector).

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Domain 3: Deployment, Provisioning, and Automation (18% of the exam content)

Domain 5: Netzwerk und Content Delivery (18% of the exam content)