Configuring and deploying portfolios of approved AWS services (for example, by using AWS Service Catalog)
Integrity-checking techniques (for example, hashing algorithms, digital signatures)
Configuring logging for services and applications
Identifying misconfiguration and determining remediation steps for absent access permissions that are necessary for logging (for example, by managing read/write permissions, S3 bucket permissions, public access, and integrity)
Components and impact of a policy (for example, Principal, Action, Resource, Condition)
VPC security mechanisms (for example, security groups, network ACLs, AWS Network Firewall)
Choosing encryption techniques based on business requirements
Deploying security services (for example, AWS Security Hub, Amazon Macie, Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Detective, AWS Identity and Access Management Access Analyzer)
AWS managed security services that detect threats
Searching and correlating security threats across AWS services (for example, by using Detective)
Determining redundancy and security workload requirements for communication between on-premises environments and the AWS Cloud (for example, by using AWS VPN, AWS VPN over Direct Connect, and MACsec)
Systems Manager Session Manager concepts
Provisioning and maintenance of EC2 instances (for example, patching, inspecting, creation of snapshots and AMIs, use of EC2 Image Builder)
Securely sharing resources across AWS accounts (for example, by using AWS Resource Access Manager [AWS RAM])