Jump to content

Cloud Administration/Security

From Wikiversity

Security

Objectives and Skills

[edit | edit source]

Objectives and skills for the security portion of CompTIA Cloud+ certification include:[1]

2.1 Given a scenario, apply security configurations and compliance controls to meet given cloud infrastructure requirements.

  • Company security policies
  • Apply security standards for the selected platform
  • Compliance and audit requirements governing the environment
    • Laws and regulations as they apply to the data
  • Encryption technologies
    • IPSec
    • SSL/TLS
    • Other ciphers
  • Key and certificate management
    • PKI
  • Tunneling protocols
    • L2TP
    • PPTP
    • GRE
  • Implement automation and orchestration processes as applicable
  • Appropriate configuration for the applicable platform as it applies to compute
    • Disabling unneeded ports and services
    • Account management policies
    • Host-based/software firewalls
    • Antivirus/anti-malware software
    • Patching
    • Deactivating default accounts

2.2 Given a scenario, apply the appropriate ACL to the target objects to meet access requirements according to a security template.

  • Authorization to objects in the cloud
    • Processes
    • Resources
      • Users
      • Groups
      • System
      • Compute
      • Networks
      • Storage
    • Services
  • Effect of cloud service models on security implementations
  • Effect of cloud deployment models on security implementations
  • Access control methods
    • Role-based administration
    • Mandatory access controls
    • Discretionary access controls
    • Non-discretionary access controls
    • Multifactor authentication
    • Single sign-on

2.3 Given a cloud service model, implement defined security technologies to meet given security requirements.

  • Data classification
  • Concepts of segmentation and micro-segmentation
    • Network
    • Storage
    • Compute
  • Use encryption as defined
  • Use multifactor authentication as defined
  • Apply defined audit/compliance requirements

2.4 Given a cloud service model, apply the appropriate security automation technique to the target system.

  • Tools
    • APIs
    • Vendor applications
    • CLI
    • Web GUI
    • Cloud portal
  • Techniques
    • Orchestration
    • Scripting
    • Custom programming
  • Security services
    • Firewall
    • Antivirus/anti-malware
    • IPS/IDS
    • HIPS
  • Impact of security tools to systems and services
    • Scope of impact
  • Impact of security automation techniques as they relate to the criticality of systems
    • Scope of impact

Readings

[edit | edit source]

Multimedia

[edit | edit source]

Activities

[edit | edit source]

Lesson Summary

[edit | edit source]

Key Terms

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]