This domain will focus solely on everything access control-related regarding the IAM service and how to control access to your AWS resources. IAM must be understood inside out and it is essential that you have the knowledge and confidence to spot errors in IAM JSON policies:
- 4.1: Design and implement a scalable authorization and authentication system to access AWS resources: I can't emphasize enough the importance of understanding IAM at a deep level. This point will test your knowledge of authentication and authorization mechanisms, from multi-factor authorization to implementing conditional-based IAM policies used for cross-account access.
- 4.2: Troubleshoot an authorization and authentication system to access the AWS resources domain: Here, you will be required to demonstrate your ability to resolve complex permission-based issues with your AWS resources.
Access control is covered in detail in the exam, so you must be familiar with all things relating to access management, and specifically the IAM service. You need to be able to read access policies to determine the resulting access of that policy.