SKILL BENCHMARK
AWS Certified Developer - Associate 2022: Security Competency (Intermediate Level)
- 30m
- 30 questions
The Security Competency (Intermediate Level) benchmark calibrates your ability to recognize the features of IAM and other AWS authentication and authorization services, as well as protect and secure AWS cloud data and applications using various AWS services. You will be evaluated on your skills in securing a network in a cloud environment using network segmentation, network protocols, and network services, as well as using AWS CloudTrail, Amazon CloudWatch, and Elastic Load Balancing. Learners who score high on this benchmark demonstrate that they have the skills to describe and use AWS security controls to secure AWS services.
Topics covered
- create an AWS CloudTrail to review AWS account activity in the CloudTrail console and examine an event
- create and manage a CMK using the AWS Console
- create and manage a custom key store for AWS KMS using the AWS console
- create and manage a secret using AWS Secrets Manager
- create a network load balancer using the CLI and the AWS Management Console
- describe resource groups and tags and summarize how to work with AWS Resource Groups and Tag Editor
- describe the features and functionality of AWS CloudWatch, including those related to access, dashboards, and metrics
- describe the security and monitoring features incorporated into the AWS IAM service
- describe the setup, terminology, components, and features involved in using AWS Identity and Access Management (IAM)
- identify cloud security policies, including password, lockout, blacklisting, and whitelisting, and outline how they are used to enforce security
- identify the features of AWS Backup, services that work with it, and considerations for its use
- list some of the AWS network security tools that can be used to manage, monitor, and protect AWS services
- outline how Amazon Detective can be used to analyze, investigate, and identify the root cause of security findings or suspicious activities and identify some usage considerations and prerequisites
- outline the activities, concepts, and object types involved in Amazon Cloud Directory
- outline the core features and functionality of AWS Single Sign-On (IAM Identity Center) and outline how to work with this service
- outline the features and capabilities of the public key infrastructure services provided by AWS and name AWS services that use public key certificates
- outline the features, components, capabilities, and requirements applicable when working with AWS Firewall Manager
- outline the tasks you can perform with AWS RAM and recognize the benefits of these
- outline the types, features, activities, and concepts involved in using Amazon Cognito identity pools
- outline the use of host-based intrusion detection systems (HIDS) and host-based intrusion prevention systems (HIPS)
- outline what Amazon API Gateway is used for and considerations when using it
- outline what AWS Audit Manager can be used for, how it works, and how you would set it up
- provide an overview of how to harden a network environment
- recognize how features such as encryption can be applied to API endpoints, applications, the OS, and storage and file systems to increase security
- recognize methods for monitoring file integrity, logs, and events
- recognize the advantages and disadvantages of working with symmetric and asymmetric keys in AWS KMS
- recognize the features and capabilities of the AWS Encryption SDK
- rotate a user secret using a master secret
- secure a network in a cloud environment using network services
- summarize the features of AWS Elastic Load Balancer, outline how the service works, and describe some considerations when working with it
