DEV Community

Alec Dutcher
Alec Dutcher

Posted on • Edited on

Section 2.2 - AWS Certified Cloud Practitioner Study Guide

This series is intended to be a personal study guide. Information may not be comprehensive or accurate. I am sharing it in case others find it useful. Please feel free to comment if any information is inaccurate.

Return to Exam Guide

2.2 Define AWS Cloud security and compliance concepts

Identify where to find AWS compliance information

At a high level, describe how customers achieve compliance on AWS

  • Identify different encryption options on AWS (for example, in transit, at rest)
    • In transit - encrypting while data moves from one place to another
    • At rest - encrypting in storage and compute
  • AWS compute environments are continuously audited
  • Assurance programs provide templates and control mappings
  • Automated tools and services reduce audit effort

Describe who enables encryption on AWS for a given service

  • AWS automatically encrypts traffic on global and regional networks between AWS secured facilities
  • Customers independently control encryption on services as a part of the shared responsibility model

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the logs)
  • Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
    • CloudWatch
      • monitoring and observability service to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly
    • Config
      • service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
      • Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configuration
    • CloudTrail
      • monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions

Explain the concept of least privileged access

Return to Exam Guide

Top comments (0)