Download full Ccsp® for dummies®, 2nd edition, with online practice arthur j. deane ebook all chapte
CCSP® For Dummies®, 2nd Edition, with Online Practice Arthur J. Deane
Visit to download the full and correct content document: https://ebookmass.com/product/ccsp-for-dummies-2nd-edition-with-online-practice-art hur-j-deane/
More products digital (pdf, epub, mobi) instant download maybe you interests ...
Destination C1 & C2 : grammar & vocabulary with answer key 18 [printing]. Edition Malcolm Mann
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. CCSP is a registered trademark of (ISC)2, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHORS HAVE USED THEIR BEST EFFORTS IN PREPARING THIS WORK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES, WRITTEN SALES MATERIALS OR PROMOTIONAL STATEMENTS FOR THIS WORK. THE FACT THAT AN ORGANIZATION, WEBSITE, OR PRODUCT IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE PUBLISHER AND AUTHORS ENDORSE THE INFORMATION OR SERVICES THE ORGANIZATION, WEBSITE, OR PRODUCT MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A SPECIALIST WHERE APPROPRIATE. FURTHER, READERS SHOULD BE AWARE THAT WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. NEITHER THE PUBLISHER NOR AUTHORS SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.
For general information on our other products and services, please contact our Customer Care Department within the US at 877-762-2974, outside the US at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2023949196
ISBN 978-1-394-21281-1 (pbk); ISBN 978-1-394-21280-4 (ePDF); ISBN 978-1-394-21284-2 (epub)
Contents at a Glance
CHAPTER 5: Domain 2: Cloud Data
CHAPTER 6: Domain 2: Cloud Data
CHAPTER 9: Domain 4: Cloud Application Security, Part 1
CHAPTER 10: Domain 4: Cloud Application Security, Part 2
CHAPTER 11: Domain 5: Cloud Security Operations, Part 1
CHAPTER 12: Domain 5: Cloud Security Operations, Part 2
CHAPTER 13: Domain 6: Legal, Risk, and Compliance, Part 1
CHAPTER 14: Domain 6: Legal, Risk and Compliance, Part 2
Part 3: The Part of Tens
Part 4: Appendixes
Domain 5: Cloud Security Operations, Part 1
Building and Implementing a
Operating
Maintaining
Introduction
As cloud computing has exploded over the last two decades, so has the need for security professionals who understand how the cloud works. Enter the Certified Cloud Security Professional (CCSP) certification. The CCSP was introduced in 2015 and has quickly become the de facto standard for cloud security certifications around the globe. Today, more than 10,000 security professionals have earned the coveted CCSP designation worldwide, and that number is quickly growing!
Cloud computing, as we know it, first became widely available circa 2006 when Amazon created the first enterprise cloud service offering, Amazon Web Services (AWS). Since then, Google, Microsoft, and a host of other companies have burst on the scene with their very own cloud services. Today, cloud computing is more mainstream than ever, with most research firms estimating the public cloud market to top $1 trillion worldwide by 2028. With most estimates putting cloud spend above 60 percent of all tech spend, the need for informed cloud professionals has never been greater.
While we continue to experience this massive cloud boom, cloud security has not so quietly become front-and-center for most organizations. Companies want to ensure that their most important business and customer data remain safe when moved to the cloud, and they need skilled and qualified practitioners to make that happen. That’s where you (and the CCSP) come in!
You may be familiar with the CCSP’s bigger sibling: the Certified Information Systems Security Professional (CISSP). The CISSP certification has been around since 1994 and has amassed quite a following in information security circles. (As of this writing, there are more than 160,000 CISSPs worldwide.) The CCSP serves the same purpose for one of the fastest growing information security subareas — cloud security. It’s all but inevitable that the CCSP will continue its ascent among the most essential industry certifications around the world.
About this Book
Information security is one of the broadest domains of Information Technology. Add to that the complexities of cloud computing, and it’s easy to see why many people are scared off by the field of cloud security. A true cloud security
professional is a Jack (or Jill) of all trades — they know the ins and outs of data security and protection and also understand how cloud architectures are designed, managed, and operated. The CCSP credential seeks to validate that the holder has mastered the sweet spot between the two worlds. This task may sound daunting, but don’t fret! CCSP For Dummies breaks these topics down into bite-sized chunks to help you digest the material, pass the exam, and apply your knowledge in the real world.
While you can find tons of books and resources available to study information security, cloud security resources are a bit harder to come by. Perhaps the field is still too young, or maybe it really is too daunting for some authors and publishers to assemble. Many of the books that do exist either don’t cover all of the necessary facets of cloud security or are overly complex encyclopedic volumes.
In CCSP For Dummies, Wiley and I have put together a book that covers all of the topics within the CCSP Common Body of Knowledge (CBK) in a straightforward, easy-to-read manner. And this second edition has been updated to address the latest and greatest topics from the CCSP Exam Outline and beyond. You’ll find this book to be overflowing with useful information, but written with the battle-tested For Dummies approach and styling that helps countless readers learn new topics. In addition, I try to inject many of my own experiences working in cloud security to give you practical views on some otherwise abstract topics.
As wonderful as I think this book is — and I hope you feel the same way after reading it — you shouldn’t consider any single resource to be the Holy Grail of cloud security. CCSP For Dummies creates a framework for your CCSP studies and includes the information you need to pass the CCSP exam, but will not singlehandedly make you a cloud security know-it-all. Reaching the top of the cloud security mountain requires knowledge, skills, and practical experience. This book is a great start, but not the end of your cloud security journey.
Foolish Assumptions
I’ve been told that assumptions are dangerous to make, but here I am making them anyway! At a minimum, I assume the following:
» You have at least five years of general IT experience, at a minimum — preferably more. In order to follow the topics in this book and pass the CCSP exam, you need to have a great deal of knowledge of the technologies that form the foundation of cloud computing. This assumption means that you’re comfortable referring to basic computing terms like CPU and RAM and also have experience with things like databases, networks, and operating systems.
» You have at least a high-level understanding of information security concepts and technologies. You should be familiar with things like access control and encryption, and you should understand the concepts of confidentiality, integrity, and availability. I expect that many readers have already achieved the prestigious CISSP certification. If you’re among this group, then you’re not only ready for this book, but you also satisfy all of the CCSP’s experience requirements (which I discuss in Chapter 1). If you don’t have sufficient information security knowledge or if you need to brush up on some basic security concepts, then you’re in luck — I’ve written Chapter 2 just for you!
» You have a minimum of one year paid work experience in one or more of the six domains of the CCSP CBK (that make up Chapters 3 through 14 of this book). This expectation is not just an assumption, but an explicit requirement of the CCSP exam. Certain educational and certification achievements (such as earning CSA’s CCSK) can be substituted for this experience requirement.
» You will use what you know and what you learn in this book for good, not evil. You’ll be a responsible security professional and abide by the (ISC)2 Code of Ethics (which is a requirement for CCSP certification).
Icons Used in This Book
This book is full of useful information, but every once in a while, something extra useful or important pops up and deserves some extra attention. Keep an eye out for the following icons throughout this book. Each has its own specific meaning, and identifies something you should take note of.
The Tip icon marks tips (duh!) and extra tidbits of information that can help you grasp some of the more challenging concepts in the text. When I use this icon, I’m trying to point out some extra information that can help you on your exam.
These icons may not help you remember your spouse’s birthday, but they’ll surely come in handy for the CCSP exam. I use the Remember icon to point out stuff that’s especially important to know for the exam. These are the things that might trip you up on the exam if you don’t commit them to your long-term memory. Consider these your CCSP lifesavers.
The Technical Stuff icon marks information of a highly technical nature that may not necessarily be needed for the CCSP exam, but gives you deeper insight, if you want it. If you’re a fan of tech jargon, then keep an eye out for this icon.
The Warning icon is the closest I can get to flashing red lights and sirens. I use this icon to tell you to watch out! It marks important information that may save you headaches — or missed points on the exam. Keep an eye out for Warning icons, as they point out those silly mistakes that are otherwise easy to avoid.
Beyond the Book
CCSP For Dummies comes with a few extra goodies to help you prepare for the CCSP exam. My hope is that the book gives you the foundation you need to pass the test, but these extra resources can help put you over the top.
In addition to the book you’re reading right now, you have access to some helpful Cheat Sheets that you can use to quickly reference things like common cloud security risks and the shared responsibility model. Keep these Cheat Sheets handy to reference whenever you may not have this book at your fingertips. To access your Cheat Sheets, head over to www.dummies.com and type CCSP For Dummies Cheat Sheet in the Search bar.
To help you assess your knowledge, you also have access to 100 flashcards and 200 online practice questions (two sets of 100 questions). You can use the flashcards to reinforce some key CCSP terms, topics, and concepts. I reference the relevant chapter that each flashcard comes from so that you can revisit specific subjects, if necessary. I’ve written the practice questions to mimic the multiple-choice style of questions you’ll see on the CCSP exam. Use these practice sets to verify your mastery of important topics, and identify topics or domains that you may need to brush up on.
To access your flashcards and online practice questions, simply follow these steps to register your book and activate your account:
1. Register your book or ebook at Dummies.com to get your PIN. Go to www.dummies.com/go/getaccess.
2. Select your product (in this case, it’s CCSP For Dummies) from the dropdown list on that page.
3. Follow the prompts to validate your product, and then check your email for a confirmation message that includes your PIN and instructions for logging in.
If you do not receive this email within two hours, please check your spam folder before contacting us through our Technical Support website at http://support. wiley.com or by phone at 877-762-2974.
Now you’re ready to go! You can come back to the practice material as often as you want — simply log on with the username and password you created during your initial login. No need to enter the access code a second time.
Your registration is good for one year from the day you activate your PIN.
Where to Go from Here
So, what’s next? While you can certainly read this book from cover to cover, you don’t have to! CCSP For Dummies is broken into several parts, each with chapters that stand on their own. If a particular topic interests you, visit Part 2 and explore any (or all) of the CCSP domains.
If you need a primer on information security, then you may want to head over to Chapter 2 before diving into the CCSP domains.
If you still have no idea where to go from here, you can’t go wrong with Chapter 1!
1 Starting Your CCSP Journey
IN THIS PART . . .
Meet (ISC)2 and the CCSP exam.
Learn or refresh your information security knowledge.
IN THIS CHAPTER
» Learning about the (ISC)2 and the CCSP certification
» Understanding the benefits of getting certified
» Exploring the CCSP certification domains
» Creating a study plan
» Registering for the CCSP exam
» Taking the CCSP exam
Chapter 1
Familiarizing Yourself with (ISC)2 and the CCSP Certification
In this chapter, you develop an understanding of the (ISC)2 organization and CCSP certification, including what you need to know before the exam, what to expect during the exam, and what to do after you pass the exam!
Appreciating (ISC)2 and the CCSP Certification
The International Information System Security Certification Consortium — more easily referred to as (ISC)2 — is a nonprofit organization that has been training and certifying cybersecurity professionals since 1989. With more than 190,000
certified members and associates worldwide, (ISC)2 is widely regarded as the world’s leading cybersecurity professional organization. Its flagship certification, launched in 1994, is the Certified Information System Security Professional (CISSP). Since then, the organization has launched other certifications, including three CISSP concentrations. As of today, (ISC)2 offers the following ten professional certifications and concentrations:
» Certified in Cybersecurity (CC)
» Certified Information Systems Security Professional (CISSP)
• Information Systems Security Architecture Professional (CISSP-ISSAP)
• Information Systems Security Engineering Professional (CISSP-ISSEP)
• Information Systems Security Management Professional (CISSP-ISSMP)
» Systems Security Certified Practitioner (SSCP)
» Certified Cloud Security Professional (CCSP)
» Certified Authorization Professional (CAP)
» Certified Secure Software Lifecycle Professional (CSSLP)
» HealthCare Information Security and Privacy Practitioner (HCISSP)
In addition to managing a broad assortment of cybersecurity certifications, (ISC)2 also organizes the annual (ISC)2 Security Congress conference, which provides continuing education, networking, and career advancement opportunities for thousands of security professionals every year.
In 2015, (ISC)2 and the Cloud Security Alliance (CSA) introduced the Certified Cloud Security Professional (CCSP) certification to the world. The CCSP is a standalone credential, but builds on certifications like the CISSP and CSA’s Certificate of Cloud Security Knowledge (CCSK). The main objective of the CCSP is to certify that the credential holder has the knowledge, skills, and experience required to design, manage, and secure data in cloud-based applications and infrastructures.
Knowing Why You Need to Get Certified
According to (ISC)2, a CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. In preparing for the CCSP exam, you expand your knowledge of information security and cloud computing concepts,
making you a more well-rounded professional, while also improving your job security. Achieving the CCSP credential is a great way to strut your stuff in front of employers who seek verified cloud security expertise — say hello to increased visibility and new career opportunities!
While the CCSP isn’t generally a strict requirement for most cloud security positions, it does differentiate you to potential employers. It shows that you have the technical skills and experience they need as they seek to securely build and manage their cloud environments. The CCSP is a vendor-neutral certification, meaning the knowledge and skills it certifies can be applied to various technologies and methodologies. By not being limited to a single vendor, the CCSP designation is as versatile as it is valuable and can help you start or build a long-lasting career in cloud security.
Studying the Prerequisites for the CCSP
Along with passing the CCSP exam, you must satisfy a few other requirements to achieve the CCSP designation. As a CCSP candidate, you must have at least five years of paid work experience in Information Technology, and at least three of those years must include Information Security experience. Further, you must have at least one year of experience working in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).
(ISC)2 emphasizes practical, real-world experience to fulfill the work experience requirements. In other words, it’s not enough to have IT or Information Security listed as a line-item on your resume — you must have regularly applied relevant knowledge and skills to perform your job duties. Some examples of full-time jobs that may satisfy these requirements include, but aren’t limited to
» Cloud architect
» Enterprise architect
» Information systems security officer
» Security administrator
» Security analyst
» Security engineer
» Systems architect
» Systems engineer
If you don’t have acceptable full-time work experience, (ISC)2 also accepts parttime work and internships under the following guidelines:
» Part-time: 2,080 hours of part-time work equals one year of full-time experience.
» Internships: For paid or unpaid internships, you must provide documentation on company letterhead that confirms your experience.
If you already hold CSA’s CCSK certificate, (ISC)2 waives the requirement for one year of experience in one or more of the six CCSP domains. Even better, if you hold the CISSP credential, then you’re all set for 100 percent of the CCSP experience requirements!
If you don’t already have the required work experience, you can still take the CCSP exam. When you pass, you’ll earn the Associate of (ISC)2 designation and be given six years to earn the required experience and become a fully certified member. You can learn more about CCSP experience requirements at www.isc2.org/ Certifications/CCSP/experience-requirements.
Understanding the CCSP Domains
Six security domains are within the CCSP Common Body of Knowledge (CBK), and I cover them fully in Chapters 3 through 14. Think of these domains as the six subject areas that you must master in order to pass the exam. The CCSP domains (and their respective weightings on the exam) are
» Domain 1: Cloud Concepts, Architecture, and Design (17 percent)
» Domain 2: Cloud Data Security (20 percent)
» Domain 3: Cloud Platform and Infrastructure Security (17 percent)
» Domain 6: Legal, Risk and Compliance (13 percent)
Domain 1: Cloud Concepts, Architecture, and Design
Domain 1: Cloud Concepts, Architecture, and Design counts for 17 percent of the CCSP exam and is the foundational domain that lays the groundwork for your
