Describing responsibilities that the customer and AWS share
Describing how AWS responsibilities and customer responsibilities can shift, depending on the service used (for example, Amazon RDS, AWS Lambda, Amazon EC2)
Identifying where to find AWS compliance information (for example, AWS Artifact)
Understanding compliance needs among geographic locations or industries (for example, AWS Compliance)
Describing how customers secure resources on AWS (for example, Amazon Inspector, AWS Security Hub, Amazon GuardDuty, AWS Shield)
Identifying different encryption options (for example, encryption in transit, encryption at rest)
Recognizing services that aid in governance and compliance (for example, monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config; reporting with access reports)
Recognizing compliance requirements that vary among AWS services
Understanding access keys, password policies, and credential storage (for example, AWS Secrets Manager, AWS Systems Manager)
Identifying authentication methods in AWS (for example, multi-factor authentication [MFA], IAM Identity Center, cross-account IAM roles)
Defining groups, users, custom policies, and managed policies in compliance with the principle of least privilege
Identifying tasks that only the account root user can perform
Understanding which methods can achieve root user protection
Understanding the types of identity management (for example, federated)
Describing AWS security features and services (for example, security groups, network ACLs, AWS WAF)
Understanding that third-party security products are available from AWS Marketplace