What this objective tests
SAA-C03 Design Secure Architectures — Key Topics
Secure architecture questions test IAM policies, VPC security controls, encryption at rest and in transit, and the right AWS security service for a given threat.
- IAM policies: identity-based, resource-based, permission boundaries.
- VPC security: security groups vs NACLs, route tables, VPC endpoints.
- Encryption: KMS, SSE-S3, SSE-KMS, client-side encryption.
- AWS security services: GuardDuty, Inspector, Macie, Shield, WAF.