Security Engineering on AWS Certification Cheat Sheet 2026
The 30 highest-yield Security Engineering on AWS Certification facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
- Which AWS feature should you enable on an Amazon ECR repository to prevent mutable image tags from being overwritten, reducing supply chain attack risk? → ECR image tag immutability
- Which AWS service can be used to create golden AMIs with security baselines pre-baked, and automatically test and distribute them across regions? → EC2 Image Builder
- In an Amazon EKS cluster, which Kubernetes object defines network-level rules that restrict traffic between pods to only permitted sources and destinations? → Kubernetes NetworkPolicy
- An engineer notices GuardDuty finding type 'UnauthorizedAccess:IAMUser/TorIPCaller'. What does this indicate? → An IAM user's credentials were used from a Tor network exit node
- What common challenge do professionals face when applying System Administration & Configuration principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What is the recommended approach to staying current in Access Control & Identity Management? → Regular professional development, industry publications, and peer collaboration
- What should be the first action when a new regulation is enacted that affects your practice? → Review the regulation, assess its impact, and develop an implementation plan
- Which approach to compliance is considered most effective? → A proactive approach that integrates compliance into daily operations
- Which best describes the scope of Vulnerability Assessment & Penetration Testing in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- When GuardDuty is enabled in an AWS Organization, which account should be designated as the GuardDuty administrator? → A dedicated security account delegated as the GuardDuty administrator
- A company wants to automatically remediate non-compliant AWS Config rules. Which approach should they use? → Use AWS Config remediation actions backed by AWS Systems Manager Automation documents
- What does enabling 'CloudTrail Insights' provide that standard CloudTrail does not? → Automatic detection of unusual API call rates or error rates that deviate from baseline
- What common challenge do professionals face when applying Cryptography & Data Protection principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What common challenge do professionals face when applying Application Security & Development principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What distinguishes inherent risk from residual risk? → Inherent risk exists before controls; residual risk remains after controls are applied
- Which best describes the scope of Application Security & Development in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- What common challenge do professionals face when applying Access Control & Identity Management principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What is the recommended approach to staying current in Database Management & Security? → Regular professional development, industry publications, and peer collaboration
- Which AWS service can analyze VPC Flow Logs, DNS logs, and CloudTrail logs to investigate the root cause and full scope of a security incident? → Amazon Detective
- How often should compliance procedures be reviewed and updated? → Regularly, and whenever regulations change or new risks are identified
- Which best describes the scope of Cloud Computing & Virtualization in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- What is the recommended approach to staying current in Threat Detection & Incident Response? → Regular professional development, industry publications, and peer collaboration
- What is the most important competency assessed in Application Security & Development for professionals in this field? → Applied knowledge and practical problem-solving ability
- When configuring an Amazon ECS task definition, which setting prevents a container from running as the Linux root user inside the container? → Setting 'user' to a non-root UID or enabling 'privileged: false'
- What is the most important competency assessed in Threat Detection & Incident Response for professionals in this field? → Applied knowledge and practical problem-solving ability
- When configuring a Lambda function's execution role following the principle of least privilege, what is the recommended approach? → Create a unique IAM role per function with only the permissions that function requires
- What does a VPN provide in terms of network security? → Encrypted communication tunnels over public networks
- Which best describes the scope of Cryptography & Data Protection in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- Which CloudTrail feature allows you to validate that log files have not been tampered with after delivery? → Log file validation using digest files
- What is the most important competency assessed in Cryptography & Data Protection for professionals in this field? → Applied knowledge and practical problem-solving ability
Turn these facts into recall: