A company gives all employees full admin access to AWS resources. Which security principles are violated and what should be implemented instead?
Violates:
• Strong identity foundation
• Least privilege
They should implement:
• IAM roles with minimal permissions
• Separation of duties
A system cannot track who made changes or detect suspicious activity. Which security principle is missing and how is it implemented?
Enable traceability
Implemented using:
• Logging (e.g., CloudTrail)
• Monitoring
• Alerts and auditing systems
An application secures only the database but leaves the network and application layer exposed. What is wrong with this design?
It violates “apply security at all layers” (defence in depth) — security must be applied across VPC, subnet, OS, application, and data layers.
Sensitive data is encrypted at rest but intercepted during transmission. What security principle was partially implemented and what is missing?
Implemented: encryption at rest
Missing: encryption in transit
Both are required to fully protect data.
A company relies on manual responses to security incidents, causing delays and damage. What should be implemented according to the Security pillar?
• Prepare for security events
• Automate detection and response
• Use incident response processes and simulations
-
AWS 1.1 Intro to cloud7
-
AWS 1.210
-
AWS 1.3 intro to AWS5
-
AWS Module 4.424
-
AWS 4.5: Encrytion/Security25
-
AWS 4.6: Working to ensure compliance25
-
aws 5.1 Networking and content delivery10
-
week 5.2: Amazon VPC16
-
AWS module 5.3 VPC networking24
-
week 5.4 VPC security24
-
aws 5.5 Rout 5325
-
AWS 5.6: CloudFront20
-
AWS- Module 6.2 Amazon EC2 part 126
-
AWS module 6.3 Amazon EC2 part 230
-
AWS 6.4 amazon EC2 part 327
-
AWS Module 6.5 Amazon EC2 cost optimisation31
-
AWS module 6.6 Container services30
-
AWS Module 6.7 introduction to lambda30
-
AWS Module 6.8 Elastic beanstalk27
-
AWS 7.1 Amazon EBS Block Storage32
-
AWS 7.2 Amazon s3 Object storage30
-
AWS 7.3 Amazon EFS, Elastic File Storage32
-
AWS 7.4 aws s3 glacier26
-
AWS 8.1 Amazon RDS10
-
AWS module 8.2 Amazon DynamoDB11
-
AWS module 8.3 amazon redshift10
-
AWS module 9.1 Well-architected framework5
-
AWS 9.2 Operational excellence pillar7
-
AWS module 9.3 Security5
-
AWS 9.4 Reliability5
-
AWS 9.5 performance efficiency pillar5
-
AWS 9.6 cost optimisation5
-
AWS 9.7 reliability and availability7
-
AWS 10.1 elastic load balancing7
-
AWS 10.2 amazon cloudFront5
-
AWS 10.3 amazon EC2 autoscaling10
-
AWS 1.4 moving to the AWS cloud6
-
AWS 2.1 fundamentals of pricing6
-
AWS 2.2 total cost of ownership7
-
AWS 2.3 organisation7
-
AWS 2.4 billing6
-
aws 2.5 technical support models7
-
AWS 3.1 Global Infrastructure8
-
AWS 3.2 Services10
-
AWS 4.1 shared responsibility6
-
AWS 4.2 AWS IAM12
