Yesterday we used IAM to decide "who can do what." But permission management alone can't stop every threat. Incoming attack traffic, malicious activity that sneaks in unnoticed, unpatched vulnerabilities, sensitive data accidentally exposed — each of these has a dedicated security service.
Today we'll cover six services: WAF, Shield, GuardDuty, Inspector, Macie, and Security Hub. Their names are so similar that they're confusing at first, but if you pin down one line each on "what threat does it deal with," the answer will jump out the moment you read a scenario on the exam. That's because the CLF exam asks not about deep configuration but about the matching of "this situation → this service."