Encryption technique selection (for example, client-side, server-side, symmetric, asymmetric)
Applying patches across a fleet of EC2 instances or container images
Passing secrets and credentials securely to compute workloads
Strategies to reduce attack surfaces
Designing S3 Lifecycle mechanisms to retain data for required retention periods (for example, S3 Object Lock, S3 Glacier Vault Lock, S3 Lifecycle policy)
Different IAM policies (for example, managed policies, inline policies, identity-based policies, resource-based policies, session control policies)
Establishing mechanisms to import and remove customer-provided key material
Interpreting an IAM policy’s effect on environments and workloads
Deployment best practices with infrastructure as code (IaC) (for example, AWS CloudFormation template hardening and drift detection)
Services that scan for vulnerabilities in compute workloads (for example, Amazon Inspector, Amazon Elastic Container Registry [Amazon ECR])
Fundamental TCP/IP networking concepts (for example, UDP compared with TCP, ports, Open Systems Interconnection [OSI] model, network operating system utilities)
Setting up multi-factor authentication (MFA)
Implementing SCPs as a technical solution to enforce a policy (for example, limitations on the use of a root account, implementation of controls in AWS Control Tower)
How to assess, audit, and evaluate the configurations of AWS resources (for example, by using AWS Config)