Ben Piper

CompTIA Cloud+ Study Guide


Скачать книгу

(DNSSEC)Network time protocol (NTP)Network time security (NTS)EncryptionIPSecTransport layer security (TLS)Hypertext transfer protocol secure (HTTPS)TunnelingSecure Shell (SSH)Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)Generic routing encapsulation (GRE)Network servicesFirewallsStatefulStatelessWeb application firewall (WAF)Application delivery controller (ADC)Intrusion protection system (IPS)/Intrusion detection system (IDS)Data loss prevention (DLP)Network access control (NAC)Packet brokersLog and event monitoringNetwork flowsHardening and configuration changesDisabling unnecessary ports and servicesDisabling weak protocols and ciphersFirmware upgradesControl ingress and egress trafficWhitelisting or blacklistingProxy serversDistributed denial of service (DDoS) protection 2, 3 2.3 Given a scenario, apply the appropriate OS and application security controls.PoliciesPassword complexityAccount lockoutApplication whitelistingSoftware featureUser/groupUser permissionsAntivirus/anti-malware/endpoint detection and response (EDR)Host-based IDS (HIDS)/Host-based IPS (HIPS)Hardened baselinesSingle functionFile integrityLog and event monitoringConfiguration managementBuildsStableLong-term support (LTS)BetaCanaryOperating system (OS) upgradesEncryptionApplication programming interface (API) endpointApplicationOSStorageFilesystemMandatory access controlSoftware firewall 2, 3, 4, 5, 7 2.4 Given a scenario, apply data security and compliance controls in cloud environments.EncryptionIntegrityHashing algorithmsDigital signaturesFile integrity monitoring (FIM)ClassificationSegmentationAccess controlImpact of laws and regulationsLegal holdRecords managementVersioningRetentionDestructionWrite once read manyData loss prevention (DLP)Cloud access security broker (CASB) 3, 4, 5 2.5 Given a scenario, implement measures to meet security requirements.ToolsVulnerability scannersPort scannersVulnerability assessmentDefault and common credential scansCredentialed scansNetwork-based scansAgent-based scansService availabilitiesSecurity patchesHot fixesScheduled updatesVirtual patchesSignature updatesRollupsRisk registerPrioritization of patch applicationDeactivate default accountsImpacts of security tools on systems and servicesEffects of cloud service models on security implementation 3 2.6 Explain the importance of incident response procedures.PreparationDocumentationCall treesTrainingTabletopsDocumented incident types/categoriesRoles and responsibilitiesIncident response proceduresIdentificationScopeInvestigationContainment, eradication, and recoveryIsolationEvidence acquisitionChain of custodyPost-incident and lessons learnedRoot cause analysis 9

Exam Objective Chapters
1, 2, 7, 8
2
3.3 Given a scenario, deploy cloud networking solutions.ServicesDynamic host configuration protocol (DHCP)NTPDNSContent delivery network (CDN)IP address management (IPAM) 2
2
3.4 Given a scenario, configure the appropriate compute sizing for a deployment.VirtualizationHypervisorsType 1Type 2Simultaneous multi-threading (SMT)Dynamic allocationsOversubscriptionCentral processing unit (CPU)/virtual CPU (vCPU)Graphics processing unit (GPU)VirtualSharedPass-throughClock speed/Instructions per cycle (IPC)HyperconvergedMemoryDynamic allocationBallooning 2
3.5 Given a scenario, perform cloud migrations.Physical to virtual (P2V)Virtual to virtual (V2V)Cloud-to-cloud migrationsVendor lock-inPaaS or SaaS migrationsAccess control lists (ACLs)FirewallsStorage migrationsBlockFileObjectDatabase migrationsCross-service migrationsRelationalNon-relational

Exam Objective Chapters
1, 7,