AWS security doesn't end with a single service. Everything we saw in Week 11 stacks into 4 layers — encryption (KMS·CloudHSM), detection (Macie·GuardDuty·Inspector), unified monitoring (Security Hub·Detective·Audit Manager), edge defense (WAF·Shield·Firewall Manager·Network Firewall·DNS Firewall). Production-grade security only completes when these 4 layers combine organically. And SAP-C02 exam security scenarios almost always have multiple layers appearing simultaneously in one question — "encrypt the data (L1), detect threats (L2), investigate incidents (L3), defend the edge (L4)."