1. First Principles of Cloud Security

This foundational phase establishes the security reasoning framework you'll apply throughout the exam and your career. Rather than memorizing individual service features, you'll build mental models that let you reason about any security problem — including ones involving services you haven't encountered before.

The First Principle is that effective cloud security emerges from understanding why controls exist, not just what they do. When you understand the underlying principles — defense-in-depth, least privilege, zero trust, shared responsibility — you can derive the correct answer to any exam question by reasoning from fundamentals.

Scenario: You encounter an exam question about a service you've never studied. With first-principles thinking, you ask: "What security layer does this operate at? What's the blast radius if it fails? Who's responsible for configuring it?" — and you can eliminate distractors even without service-specific knowledge.

Reflection Question: How does understanding the why behind security controls — rather than memorizing service configurations — prepare you to solve novel security scenarios under exam pressure?