Version 1.0 CLF-C02 7 | PAGE
Skills in:
• Understanding access keys, password policies, and credential storage (for
example, AWS Secrets Manager, AWS Systems Manager)
• Identifying authentication methods in AWS (for example, multi-factor
authentication [MFA], IAM Identity Center, cross-account IAM roles)
• Defining groups, users, custom policies, and managed policies in compliance
with the principle of least privilege
• Identifying tasks that only the account root user can perform
• Understanding which methods can achieve root user protection
• Understanding the types of identity management (for example, federated)
Task Statement 2.4: Identify components and resources for security.
Knowledge of:
• Security capabilities that AWS provides
• Security-related documentation that AWS provides
Skills in:
• Describing AWS security features and services (for example, security groups,
network ACLs, AWS WAF)
• Understanding that third-party security products are available from AWS
Marketplace
• Identifying where AWS security information is available (for example, AWS
Knowledge Center, AWS Security Center, AWS Security Blog)
• Understanding the use of AWS services for identifying security issues (for
example, AWS Trusted Advisor)
Domain 3: Cloud Technology and Services
Task Statement 3.1: Define methods of deploying and operating in the AWS Cloud.
Knowledge of:
• Different ways of provisioning and operating in the AWS Cloud
• Different ways to access AWS services
• Types of cloud deployment models
• Connectivity options