The **AWS Security Specialty** certification validates your expertise in securing data and workloads in the AWS cloud. It covers IAM, data protection, incident response, and monitoring in depth.
Answer : AWS Secrets Manager.
Provides native rotation for RDS, Redshift, and can integrate with Lambda for others.
Answer : Protection against DDoS (Distributed Denial of Service) attacks.
Standard provides basic protection, while Advanced offers proactive monitoring and cost protection.
Answer : AWS Config.
Tracks configuration changes and evaluates them using Config Rules.
Answer : A policy that sets maximum permissions for accounts within an organization.
Used as security guardrails to limit what IAM users/roles can do, even with Admin access.
Answer : Amazon Security Lake.
Aggregates logs like CloudTrail and VPC Flow Logs into a centralized OCSF format data lake.