This domain tests your understanding of how best to identify, respond to, and resolve AWS incidents across a range of services, and has been broken down into the following three elements:
- 1.1: Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys: Here, you will be expected to know how to respond to such an incident and the steps required to remediate the issue and take the appropriate action, depending on the affected resource in question.
- 1.2: Verify that the incident response plan includes the relevant AWS services: When an incident occurs within an AWS environment, you must be able to utilize the appropriate AWS resources to identify, isolate, and resolve the issue as quickly as possible, without affecting or hindering other AWS infrastructure and resources.
- 1.3: Evaluate the configuration of automated alerting, and execute possible remediation of security-related incidents and emerging issues: Proactive monitoring and speed are two key elements when analyzing your infrastructure for potential issues, in addition to utilizing automated services. You must have a solid understanding of these features, and how they can assist you to spot a potential problem and help you to resolve the issue.
Being able to identity, verify, and remediate incidents as they occur within your environment allows you to effectively isolate your resources before the blast radius of the security incident expands wider within your infrastructure.