SKILL BENCHMARK
AWS Developer Associate 2021: AWS Security Competency (Intermediate Level)
- 26m
- 26 questions
The AWS Security Competency benchmark assesses your ability to communicate required security policies based on the least privileges required by the application and your knowledge of encrypting data at rest and in transit. You will be evaluated on your skills to implement application authentication and authorization using Amazon Cognito. A learner who scores high on this benchmark demonstrates that they have the skills to implement encryption using AWS services and make authenticated calls to AWS services.
Topics covered
- create and manage a custom key store for AWS KMS using the AWS console
- create and manage a secret using AWS Secrets Manager
- define host-based intrusion detection systems (HIDS) and host-based intrusion prevention systems (HIPS)
- define what's meant by resource groups and tags and summarize how to work with these features of AWS Resource Groups and Tag Editor
- describe how features such as encryption can be applied to API endpoints, applications, the OS, and storage and file systems to increase security
- describe the features and capabilities of the AWS Encryption SDK
- describe the features and functionality of AWS CloudWatch, including those related to access, dashboards, and metrics
- describe the features of AWS Backup, name the services that work with it, and detail considerations for its use
- describe the setup, terminology, components, and features involved in using AWS Identity and Access Management (IAM)
- describe the types, features, activities, and concepts involved in using Amazon Cognito identity pools
- describe what Amazon API Gateway is used for and considerations involved when using it
- detail the activities, concepts and object types involved in Amazon Cloud Directory
- identify cloud security policies including password, lockout, blacklisting, and whitelisting and summarize how they're used to enforce security
- list AWS CloudFormation security features such as data protection, IAM templates, IAM service roles, API logging using CloudTrail, resiliency, and compliance
- name some of the AWS network security tools that can be used to manage, monitor, and protect AWS services
- name the tools and services available in AWS to secure data
- outline how Amazon GuardDuty provides continuous security monitoring, with reference to terminology and concepts pertaining to this service
- outline how AWS Audit Manager works, referencing the activities, terms, features, and services involved
- outline how to achieve application security using hardened baselines
- outline how to secure a network in a cloud environment using network protocols
- outline how to secure a network in a cloud environment using network segmentation
- rotate a user secret using a master secret
- summarize how policies and permissions work in AWS Access Management
- summarize how to monitor the security of a network environment using log and event monitoring, with specific reference to CloudWatch logs and events
- summarize the advantages and disadvantages of working with symmetric and asymmetric keys in AWS KMS
- use AWS CloudWatch to monitor AWS resources and applications in real-time
