Cloud Administration/Security
Appearance
Security
Objectives and Skills
[edit | edit source]Objectives and skills for the security portion of CompTIA Cloud+ certification include:[1]
2.1 Given a scenario, apply security configurations and compliance controls to meet given cloud infrastructure requirements.
- Company security policies
- Apply security standards for the selected platform
- Compliance and audit requirements governing the environment
- Laws and regulations as they apply to the data
- Encryption technologies
- IPSec
- SSL/TLS
- Other ciphers
- Key and certificate management
- PKI
- Tunneling protocols
- L2TP
- PPTP
- GRE
- Implement automation and orchestration processes as applicable
- Appropriate configuration for the applicable platform as it applies to compute
- Disabling unneeded ports and services
- Account management policies
- Host-based/software firewalls
- Antivirus/anti-malware software
- Patching
- Deactivating default accounts
2.2 Given a scenario, apply the appropriate ACL to the target objects to meet access requirements according to a security template.
- Authorization to objects in the cloud
- Processes
- Resources
- Users
- Groups
- System
- Compute
- Networks
- Storage
- Services
- Effect of cloud service models on security implementations
- Effect of cloud deployment models on security implementations
- Access control methods
- Role-based administration
- Mandatory access controls
- Discretionary access controls
- Non-discretionary access controls
- Multifactor authentication
- Single sign-on
2.3 Given a cloud service model, implement defined security technologies to meet given security requirements.
- Data classification
- Concepts of segmentation and micro-segmentation
- Network
- Storage
- Compute
- Use encryption as defined
- Use multifactor authentication as defined
- Apply defined audit/compliance requirements
2.4 Given a cloud service model, apply the appropriate security automation technique to the target system.
- Tools
- APIs
- Vendor applications
- CLI
- Web GUI
- Cloud portal
- Techniques
- Orchestration
- Scripting
- Custom programming
- Security services
- Firewall
- Antivirus/anti-malware
- IPS/IDS
- HIPS
- Impact of security tools to systems and services
- Scope of impact
- Impact of security automation techniques as they relate to the criticality of systems
- Scope of impact