Final Exam: Security Admin

WHAT YOU WILL LEARN

• 

  Describe security base parameters and recall what creates baselines
  

  identify various design concepts including logical and physical design
  

  identify cloud model types and their approach towards adopting the model
  

  describe cloud administration and management
  

  describe audit and compliance keeping services stacks in mind
  

  describe the importance of encryption in and out of cloud
  

  define the integration of security services as a service or offering
  

  recognize the core architecture of cloud and importance to data security
  

  identify the building blocks of security planning designing and infrastructure development
  

  describe identity access control including details on authentication and authorization
  

  define internal and external audit and identify various types of audits and audit scope
  

  list the key features of dynamic clusters, storage maintenance, and ha on cloud
  

  list the best practices to communicate with vendors, partners, and customers
  

  identify common stake holders and governance challenges and how to coordinate communication with them
  

  describe the evolution of cloud including hardware, software, and server virtualization
  

  identify the importance if open-source in cloud infrastructure
  

  perform excellent grain queries to get selective access control
  

  list the common legislation conflicts and compliance issues
  

  describe the risk management process in logical and physical infrastructures
  

  classify different types of web services including caas, iaas, maas, paas, and saas
  

  recognize the risks and threats involved in cloud computing and their analysis
  

  define patch management, performance monitoring, and backup
  

  create a maintenance plan using orchestration units
  

  create business continuity plan and work on its implementation
  

  list the importance of encryption and key management
  

  use secure deployment practices to develop and secure cloud application
  

  specify how to provide security on cloud keeping track of limitations including vulnerability of infrastructure, platform, and service
  

  identify the importance of control over physical security and assets
  

  recognize the concepts of data handling, hardware, software and breach planning, and secure environment
  

  describe how security policy implementation mitigates cloud security challenges
• 

  identify the software development life cycle and issues
  

  describe supply chain risk, csa ccm, iso 28000:2007
  

  list the best practices for servers, storage network, and virtual switches
  

  specify the need for cloud datacenter
  

  develop a maintenance plan using orchestration units
  

  describe the software development life cycle and issues
  

  recognize the e-discovery process
  

  identify various techniques including crypto, tokenization, data masking, and dip
  

  issue excellent grain queries to get selective access control
  

  categorize different types of web services including caas, iaas, maas, paas, and saas
  

  apply bcdr planning in various scenarios
  

  define data outsourcing and how to prevent loss of control on data
  

  identify cloud software security measures including security principles and testing
  

  identify the different service provider risks including back door spoofing
  

  compare the privacy and information systems
  

  describe information security and how to manage operations
  

  describe the standards, such as internal isms, iso 27001:2013
  

  describe the business high availability and continuity techniques
  

  recall the importance of control over physical security and assets
  

  describe cloud under compliance and the need to comply with the attesting bodies
  

  describe how to secure network operations including network isolation, clans, tls, dns, and ipsec
  

  describe the life cycle of securing data in the cloud
  

  recognize the concepts relates to contract management and its key components
  

  define deceptive information and how to protect data
  

  describe deceptive information and how to protect data
  

  describe drm, different data protection policies, and event handing including siem
  

  recognize the importance of control over physical security and assets
  

  describe how to secure saas cloud by focusing on saas applications
  

  describe the data protection guidelines including iso/iec 27015:2015, 27002, and eu data protection
  

  define risk profile, appetite, and risk management