📖 About this Domain
This domain covers the core components of cloud infrastructure and the associated security challenges. It details how to comprehend, design, and implement security controls for compute, network, storage, and the physical environment. The focus is on securing the underlying platform that supports cloud services.
🎓 What You Will Learn
- You will learn to analyze the components of cloud infrastructure, including compute, network, storage, and virtualization technologies.
- You will learn to design a secure data center by implementing logical and physical controls.
- You will learn to analyze risks associated with the cloud infrastructure and its management plane.
- You will learn to plan and implement robust Business Continuity and Disaster Recovery (BCDR) strategies for cloud environments.
🛠️ Skills You Will Build
- You will build skills in designing secure network architectures using Software-Defined Networking (SDN) and micro-segmentation.
- You will build the ability to implement and manage security for virtualized hosts, guest OS, and hypervisors.
- You will build competence in securing cloud storage, including object and volume storage, and implementing data discovery and classification.
- You will build proficiency in conducting risk assessments for the cloud infrastructure and its management plane.
💡 Top Tips to Prepare
- Master the security differences between traditional datacenters and cloud IaaS, focusing on the shared responsibility model.
- Deeply understand virtualization security, including hypervisor vulnerabilities, VM sprawl, and container isolation mechanisms.
- Focus on securing the management plane, as it represents a critical attack vector for the entire cloud infrastructure.
- Memorize BCDR concepts like Recovery Time Objective (RTO) and Recovery Point Objective (RPO) and how they apply to cloud resilience.
📖 About this Domain
This domain covers the operational aspects of managing and securing cloud infrastructure, both physical and logical. It focuses on the implementation of operational controls, continuous monitoring, and incident management. The core of this domain is the day-to-day execution of cloud security processes.
🎓 What You Will Learn
- You will learn to implement and build secure physical and logical cloud infrastructure, including data center design and network configurations.
- You will learn to operate and maintain cloud infrastructure through secure access controls, patch management, and performance monitoring.
- You will learn to implement key operational controls like change management, configuration management, and incident management processes.
- You will learn to support digital forensics by understanding data collection, evidence management, and chain of custody in cloud environments.
🛠️ Skills You Will Build
- You will build skills in managing and securing cloud infrastructure, including network controls, compute, and storage configurations.
- You will build skills in cloud incident response, including forensic data collection and maintaining the chain of custody for digital evidence.
- You will build skills in operational monitoring using tools like Security Information and Event Management (SIEM) and Database Activity Monitoring (DAM) for continuous security assessment.
- You will build skills in implementing and testing Business Continuity and Disaster Recovery (BCDR) plans for cloud-based systems.
💡 Top Tips to Prepare
- Focus on the practical application of security controls and the operational lifecycle, not just theoretical concepts.
- Master the functions of key monitoring tools like SIEM, DAM, and Cloud Access Security Broker (CASB) within different cloud service models.
- Internalize the phases of the incident management lifecycle and how they adapt to cloud-specific challenges.
- Clearly distinguish between cloud provider and customer responsibilities for operational tasks across IaaS, PaaS, and SaaS.
📖 About this Domain
This domain addresses the technical aspects of securing cloud-based applications. It covers the entire secure Software Development Life Cycle (SDLC) process, from design and development to testing and deployment. The focus is on identifying and mitigating application vulnerabilities specific to cloud environments.
🎓 What You Will Learn
- You will learn to implement a secure SDLC process, integrating security into methodologies like DevSecOps.
- You will learn to apply threat modeling techniques like STRIDE and conduct vulnerability assessments for cloud software.
- You will learn to utilize application security testing (AST) tools, including SAST, DAST, and IAST, for software validation.
- You will learn to design secure application architectures, including secure APIs and identity federation solutions.
🛠️ Skills You Will Build
- You will build the skill to perform threat modeling to identify and prioritize security risks in cloud applications.
- You will build the ability to apply secure coding standards to remediate common vulnerabilities like those in the OWASP Top 10.
- You will build proficiency in securing application programming interfaces (APIs) and managing their lifecycle.
- You will build the capability to integrate automated security controls and testing into a CI/CD pipeline.
💡 Top Tips to Prepare
- Focus on the secure Software Development Life Cycle (SDLC) and its application across IaaS, PaaS, and SaaS models.
- Internalize the OWASP Top 10 vulnerabilities and their specific countermeasures within cloud-native applications.
- Understand the intricacies of API security, including authentication frameworks like OAuth and the role of API gateways.
- Differentiate between application security testing types such as SAST, DAST, and IAST, and their placement in the development lifecycle.
📖 About this Domain
This domain covers legal requirements, privacy issues, and audit processes pertinent to cloud environments. It emphasizes understanding risk management, governance, and compliance obligations within the cloud context. Key topics include eDiscovery, data sovereignty, and managing vendor contracts.
🎓 What You Will Learn
- You will learn to articulate legal requirements and unique risks within the cloud environment, such as data privacy and jurisdictional data location issues.
- You will learn about privacy issues, including jurisdictional differences in data privacy laws like GDPR and the impact on cloud data processing activities.
- You will learn the audit process, methodologies, and adaptations for a cloud environment, including the use of SOC reports and the CSA STAR program.
- You will learn the implications of cloud for enterprise risk management, including risk assessment, response, and applying frameworks like NIST RMF.
🛠️ Skills You Will Build
- You will build the skill to conduct vendor due diligence and assessments using tools like the CSA Consensus Assessments Initiative Questionnaire (CAIQ).
- You will build the skill to manage the eDiscovery process for electronically stored information (ESI) in the cloud, ensuring proper data collection and chain of custody.
- You will build the skill to apply governance and risk management frameworks to cloud environments, ensuring alignment with enterprise risk posture.
- You will build the skill to navigate complex international data protection laws and regulations to ensure compliant cross-border data transfers.
💡 Top Tips to Prepare
- Master the core principles of major regulations like GDPR, HIPAA, and PCI DSS and their specific application to IaaS, PaaS, and SaaS models.
- Understand how to interpret audit artifacts like SOC 2 Type II reports and ISO/IEC 27001 certifications to evaluate a CSP's security posture.
- Grasp the components of the CSA STAR program, including the Cloud Controls Matrix (CCM), CAIQ, and the levels of STAR attestation.
- Practice applying legal concepts like data sovereignty, data residency, and forensics to practical cloud computing scenarios and incident response.
📖 About this Domain
This domain covers the core concepts of securing data within cloud environments. It emphasizes understanding the cloud data lifecycle, implementing data discovery and classification, and applying cryptographic controls. You will learn to design and implement robust data protection strategies across different cloud service models.
🎓 What You Will Learn
- Describe the phases of the cloud data lifecycle and map appropriate security controls to each phase.
- Design and implement cloud data storage architectures, including object and structured storage security.
- Implement data discovery, classification, and data loss prevention (DLP) technologies for cloud data.
- Plan and implement data encryption, tokenization, and key management strategies like BYOK and HYOK.
🛠️ Skills You Will Build
- Applying data discovery and classification techniques to enforce data governance policies in IaaS, PaaS, and SaaS.
- Architecting secure data storage solutions using technologies like object storage encryption and volume encryption.
- Implementing and managing cryptographic systems, including the key management lifecycle with HSMs and KMS.
- Developing data retention, deletion, and archival policies aligned with legal and regulatory requirements.
💡 Top Tips to Prepare
- Master the Cloud Data Lifecycle stages and the specific security controls relevant to each stage.
- Differentiate between encryption types (at-rest, in-transit, in-use) and key management models (KMS, BYOK, HYOK).
- Understand the practical application of DLP, CASB, and Information Rights Management (IRM) solutions in a multi-cloud environment.
- Focus on data sovereignty, residency, and jurisdictional challenges when designing data security architectures.
📖 About this Domain
This domain covers key concepts related to 1: Cloud Concepts, Architecture and Design.
🎓 What You Will Learn
- Core concepts of 1: Cloud Concepts, Architecture and Design
- Best practices and implementation
- Real-world application scenarios
🛠️ Skills You Will Build
- Technical proficiency in 1: Cloud Concepts, Architecture and Design
- Problem-solving abilities
- Practical implementation skills
💡 Top Tips to Prepare
- Review official documentation and study guides
- Practice with hands-on exercises
- Focus on understanding core principles
