AWS Certified Solutions Architect Professional 2020: Design for New Security Solutions Proficiency (Advanced Level)

  • 30m
  • 30 questions
The AWS Design for New Security Solutions Proficiency benchmark measures your skills to determine cross-account authentication and access strategy and to design a multi-account AWS environment for complex organizations. You will be evaluated on your skills to determine an auditing strategy for authentication and access. A learner who scores high on this benchmark demonstrates that they have the skills to implement the most appropriate account structure for proper agility and security.

Topics covered

  • add users and groups to AWS Managed AD
  • analyze EC2 instance and app configuration
  • analyze S3 storage usage for 30 days or more to determine optimal storage class usage
  • block public access for an S3 bucket
  • configure IAM roles
  • configure the AWS Simple AD directory service
  • configure the AWS user password policy
  • deploy a private CA to issue PKI certificates
  • determine when S3 cross-origin resource sharing should be used
  • discover AWS data and enable classification
  • enable and use AWS Security Hub
  • enable EBS volume encryption
  • enable MFA for an IAM user account
  • enable S3 encryption using PowerShell
  • enable S3 encryption using the GUI
  • enable S3 locking for write-once read-only usage
  • establish the importance of building regulatory compliance into your company's IT security program
  • join an EC2 instance to an AWS Directory Service
  • modify bucket permissions via the bucket ACL
  • perform an AWS IAM user sign-in
  • recall how GDPR protects European Union citizen data
  • recall how PKI provides security
  • recognize the role of IAM in the cloud
  • request a private certificate
  • request a public certificate and use DNS validation
  • test resource access using the IAM policy simulator
  • use a certificate to enable an application load balancer HTTPS listener
  • use PowerShell to manage IAM users
  • use the CLI to manage IAM groups
  • use the portal to create a KMS key