Some random shit I remembered from the exam that had me stumped:

• Impact/IAMUser:AnamolousBehavior - Gourd duty

• how a security engineer (security-1 account) in AWS Organizations can activate new Config rules on existing and new accounts and how to implement conformance rules when delegated as the administrator of Config by the root account (named management-1) - Delegated as the administrator of Config

• Rotating a secret automatically 1x every 90 days

  • Secrets Manager

• ECS vulnerability scanning w/Inspector

  • at push (basic) all the time (advanced)

• Aggregate security findings: Security Hub vs GuardDuty

  Feature	Security Hub	GuardDuty
  Purpose	Centralized security platform	Threat detection service
  Findings	Collects findings from multiple AWS services	Detects malicious activity
  Integrations	Integrates with third-party security solutions	No third-party integrations
  Details	Provides limited details about each finding	Provides detailed information about each finding
  Pricing	Pay-per-finding	Pay-per-hour

• Glue DataBrew vs S3 partitioning as related to Athena views with/without Quick sight

  • Glue data: prepare data for ML
  • S3 with Athena

• Cloudwatch Logs vs Cloudtrail, and when you can substitute CW Logs for CloudTrail and for what ?

  Feature	CloudWatch Logs	CloudTrail
  Purpose	Collect and store logs	Record API calls and events
  Data sources	AWS resources and applications	AWS API calls and events
  Use cases	Monitoring, troubleshooting, analysis	Auditing, troubleshooting, compliance
  Pricing	Pay-per-GB	Pay-per-month

• CloudWatch metric filters

  • trigger alerts

• How to tell what an attacker did when keys got leaked in a presentation/Git

  • cloud trail

• How to architect a web app, application, and an RDS database when the eCom back-end (app tier) just needs HTTP and HTTPS access to a 3rd party payment provider only

  • subnet , security group

• keyrings, multikeyrings, data key caching, EncryptionSDK

• Cloudformation fn:, resolve:

  • to resolve a parameter (VPC ID at run time)

• When to use Athena/Athena Views vs Quicksight

  • Athena views are reusable queries that can be used to access data in S3.

    Athena views can be used to improve the performance of queries by pre-aggregating the data or by applying filters.

  • QuickSight is a business intelligence (BI) service that can be used to visualize and analyze data. QuickSight can be used to create interactive dashboards and reports that can be shared with others.

• when to use Secrets Mgr vs. Parameter Store for cost effectiveness

  • Parameter store is less expensive (versioning, cross region)
  • Secrets: auditing. encryption

• CloudForamtion Guard

  • to check for Org requirements

• IAM Credentials report

  • updated every 4 hours

• Encrypte existing RDS

  • snapshot