Designing network flows to keep data off the public internet (for example, by using Transit Gateway, VPC endpoints, and Lambda in VPCs)
Deploying Firewall Manager to enforce policies
Identifying, interpreting, and prioritizing problems in network connectivity (for example, by using Amazon Inspector Network Reachability)
Systems Manager Parameter Store
Enforcing proper separation of duties
Performing queries to validate security events (for example, by using Amazon Athena)
Managing network configurations as requirements change (for example, by using AWS Firewall Manager)
Designing cross-Region networking by using private VIFs and public VIFs
AWS services and features that provide logging capabilities (for example, VPC Flow Logs, DNS logs, AWS CloudTrail, Amazon CloudWatch Logs)
Determining the cause of missing logs and performing remediation steps
How to troubleshoot authentication issues (for example, by using CloudTrail, IAM Access Advisor, and IAM policy simulator)
AWS best practices for incident response
Applying restrictions at the edge based on various criteria (for example, geography, geolocation, rate limit)
Determining when and how to deploy AWS Control Tower (for example, which services must be deactivated for successful deployment)
Analyzing environments and workloads to determine monitoring requirements