# Content Domain 4: Security and Compliance


**Topics**
+ [

## Task 4.1: Implement and manage security and compliance tools and policies
](#sysops-administrator-associate-03-domain4-task1)
+ [

## Task 4.2: Implement strategies to protect data and infrastructure
](#sysops-administrator-associate-03-domain4-task2)

## Task 4.1: Implement and manage security and compliance tools and policies

+ Skill 4.1.1: Implement AWS Identity and Access Management (IAM) features (for example, password policies, multi-factor authentication [MFA], roles, federated identity, resource policies, policy conditions)
+ Skill 4.1.2: Troubleshoot and audit access issues by using AWS tools (for example, AWS CloudTrail, IAM Access Analyzer, IAM policy simulator)
+ Skill 4.1.3: Implement multi-account strategies securely
+ Skill 4.1.4: Implement remediation based on the results of AWS Trusted Advisor security checks
+ Skill 4.1.5: Enforce compliance requirements (for example, AWS Region and service selections)

## Task 4.2: Implement strategies to protect data and infrastructure

+ Skill 4.2.1: Implement and enforce a data classification scheme
+ Skill 4.2.2: Implement, configure, and troubleshoot encryption at rest (for example, AWS Key Management Service [AWS KMS])
+ Skill 4.2.3: Implement, configure, and troubleshoot encryption in transit (for example, AWS Certificate Manager [ACM])
+ Skill 4.2.4: Securely store secrets by using AWS services
+ Skill 4.2.5: Configure reports and remediate findings from AWS services (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)