Phase 105 modules

Detection & Compliance

Detect threats and enforce compliance. WAF web firewall, Shield DDoS protection, GuardDuty threat detection, CloudTrail auditing, Config rules, and Security Hub.

Modules in This Phase

Module 56

Module 56: AWS WAF

Your web applications face a constant barrage of automated attacks. SQL injection bots probe your login forms. Credential stuffing tools replay stolen username/password pairs against your authentication endpoints. Scrapers consume your API rate limits. Reconnaissance scanners map your attack surface

Lesson Lab Quiz Resources
Module 57

Module 57: AWS Shield

A Distributed Denial of Service (DDoS) attack is not a sophisticated exploit. It is brute force. An attacker coordinates thousands or millions of compromised machines to send traffic to your application simultaneously, overwhelming your infrastructure's capacity to respond to legitimate requests.

Lesson Lab Quiz Resources
Module 58

Module 58: Threat Detection: GuardDuty & Inspector

Prevention fails. No matter how rigorous your security controls, eventually someone will misconfigure an IAM policy, a credential will leak into a public repository, or a zero-day vulnerability will be exploited before a patch is available. The question is not whether a security incident will happen

Lesson Lab Quiz Resources
Module 59

Module 59: Audit & Compliance: CloudTrail & Config

Two questions dominate every security investigation and compliance audit:

Lesson Lab Quiz Resources
Module 60

Module 60: Security Hub & Governance

Individual security services generate findings in isolation. GuardDuty detects threats. Inspector finds vulnerabilities. Config identifies misconfigurations. Firewall Manager reports policy violations. Each service has its own console, its own finding format, and its own severity scale.

Lesson Lab Quiz Resources

Phase 10 Exam

Test your knowledge of all 5 modules in this phase. 25 questions, 70% required to pass.

60–90 minutes25 questions70% passing
Take the Exam