The videos covered all the topics but not deep enough if you don’t read the papers and docs other than the ones listed in this course. E.g
CMK Grants – how to encrypt each file with different keys?
Data keys
Pen test on peering vpcs, how is vpn used here? When to send Pen test report?
Dynamo db feature to encryption of data
How to secure PII in s3, what is s3 user meta data?
How to export application logs out of ec2? Cloudwatch agents, seldomly hear of it…
how to inspect ip packages between ec2 instance.. vpc flow log
Key Rotation – at least 5 questions for this single point
Amazon Cloud Directory, SAML
How to patch the ec2 instances – the options include Inspector, SSM agent etc
secure data on the fly and at rest, involve Application LB, https listener etc
use case for signed cookies and signed urls
I will add more here when i remember, there’s a lot of things not spotted in the videos ( as I only hold the associate SA cert). it’s better to read more docs and take different courses for supplement.
Thank you for the feedback.
This is a useful white paper on KMS https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf
hankok2018 Thanks for your feedback and breakdown.