AWS SysOps Associate 2022: AWS Security and Compliance Competency (Intermediate Level)

  • 23m
  • 23 questions
The AWS Security and Compliance Competency (Intermediate Level) benchmark assesses your ability to detect security vulnerabilities using Amazon Inspector and use Amazon GuardDuty to view security findings. You will be evaluated on your skills in viewing Security Hub recommendations, examining the AWS Health Dashboard to view the status of AWS services, and working with Amazon CloudTrail to audit AWS service usage and ensure log integrity. Learners who score high on this benchmark demonstrate that they have the skills to implement and manage security and compliance policies.

Topics covered

  • configure AWS Organizations service control policies (SCPs) and recognize how they differ from IAM policies and how AWS Control Tower fits in
  • configure encryption key life cycle settings
  • connect an external identity provider to AWS
  • deploy a private certificate authority (CA) to issue PKI certificates
  • enable EBS volume encryption
  • enable MFA for an IAM user account
  • manage AWS Organizations
  • manage encryption keys with AWS KMS
  • manage roles used across AWS accounts
  • outline how cryptography serves to protect AWS services and data
  • recognize how AWS Certificate Manager relates to PKI
  • recognize how PKI security certificates can be used to secure AWS services
  • recognize the role of IAM in the cloud, including AWS root users
  • request a private certificate
  • request a public certificate and use DNS validation
  • set boundaries on the maximum applicable IAM permissions
  • share AWS resources across AWS accounts
  • use a certificate to enable an application load balancer HTTPS listener
  • use an AWS Organizations Service Control Policy (SCP) to standardize tags across AWS resources
  • use PowerShell to tag AWS resources for cost tracking
  • use the CLI to tag AWS resources for cost tracking
  • use the console to create an AWS Key Management Service (KMS) key
  • use the tag editor to search for and apply tags to AWS resources