Domain 1: Threat Detection and Incident Response focuses on designing comprehensive incident response plans that incorporate AWS best practices, cloud-specific incident handling, and clearly defined roles and responsibilities using the AWS Security Finding Format (ASFF). This domain emphasizes implementing credential invalidation and rotation strategies through services like IAM and AWS Secrets Manager, while ensuring proper resource isolation during security events. Critical skills include deploying and integrating security services such as Security Hub, GuardDuty, Macie, Inspector, Config, Detective, and IAM Access Analyzer with native AWS services and third-party tools through EventBridge. The domain covers detecting security threats and anomalies using AWS managed security services, employing correlation techniques to join data across services, and creating visualizations to identify unusual patterns while centralizing security findings for comprehensive analysis.

Domain 2: Security Logging and Monitoring centers on designing and implementing robust monitoring and alerting systems to address security events using services like CloudWatch and EventBridge for automated responses. This includes analyzing architectures to identify monitoring requirements, setting up automated auditing tools, and defining appropriate metrics and thresholds for alert generation. The domain encompasses comprehensive logging solutions utilizing VPC Flow Logs, DNS logs, CloudTrail, and CloudWatch Logs with proper lifecycle management and retention policies. Key competencies include troubleshooting logging configurations, identifying missing logs, managing access permissions for logging services, and designing log analysis solutions using tools like Athena, CloudWatch Logs Insights, and Security Hub insights to identify patterns indicating anomalies and known threats.

Domain 3: Infrastructure Security emphasizes implementing security controls across edge services, networks, and compute workloads to protect against common attacks and exploits. Edge security involves leveraging AWS WAF, load balancers, Route 53, CloudFront, and Shield to create layered defense strategies against threats like OWASP Top 10 and DDoS attacks, while applying geographic and rate-limiting restrictions. Network security focuses on VPC security mechanisms including security groups, network ACLs, and Network Firewall, along with inter-VPC connectivity through Transit Gateway and VPC endpoints to keep data off the public internet. Compute workload security involves provisioning and maintaining EC2 instances with proper patching, vulnerability scanning through Inspector and ECR, implementing IAM instance roles, creating hardened AMIs, and applying host-based security mechanisms while securely managing secrets and credentials.

Domain 4: Identity and Access Ma