Скачать книгу

(DNSSEC)Network time protocol (NTP)Network time security (NTS)EncryptionIPSecTransport layer security (TLS)Hypertext transfer protocol secure (HTTPS)TunnelingSecure Shell (SSH)Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)Generic routing encapsulation (GRE)Network servicesFirewallsStatefulStatelessWeb application firewall (WAF)Application delivery controller (ADC)Intrusion protection system (IPS)/Intrusion detection system (IDS)Data loss prevention (DLP)Network access control (NAC)Packet brokersLog and event monitoringNetwork flowsHardening and configuration changesDisabling unnecessary ports and servicesDisabling weak protocols and ciphersFirmware upgradesControl ingress and egress trafficWhitelisting or blacklistingProxy serversDistributed denial of service (DDoS) protection 2, 3 2.3 Given a scenario, apply the appropriate OS and application security controls.PoliciesPassword complexityAccount lockoutApplication whitelistingSoftware featureUser/groupUser permissionsAntivirus/anti-malware/endpoint detection and response (EDR)Host-based IDS (HIDS)/Host-based IPS (HIPS)Hardened baselinesSingle functionFile integrityLog and event monitoringConfiguration managementBuildsStableLong-term support (LTS)BetaCanaryOperating system (OS) upgradesEncryptionApplication programming interface (API) endpointApplicationOSStorageFilesystemMandatory access controlSoftware firewall 2, 3, 4, 5, 7 2.4 Given a scenario, apply data security and compliance controls in cloud environments.EncryptionIntegrityHashing algorithmsDigital signaturesFile integrity monitoring (FIM)ClassificationSegmentationAccess controlImpact of laws and regulationsLegal holdRecords managementVersioningRetentionDestructionWrite once read manyData loss prevention (DLP)Cloud access security broker (CASB) 3, 4, 5 2.5 Given a scenario, implement measures to meet security requirements.ToolsVulnerability scannersPort scannersVulnerability assessmentDefault and common credential scansCredentialed scansNetwork-based scansAgent-based scansService availabilitiesSecurity patchesHot fixesScheduled updatesVirtual patchesSignature updatesRollupsRisk registerPrioritization of patch applicationDeactivate default accountsImpacts of security tools on systems and servicesEffects of cloud service models on security implementation 3 2.6 Explain the importance of incident response procedures.PreparationDocumentationCall treesTrainingTabletopsDocumented incident types/categoriesRoles and responsibilitiesIncident response proceduresIdentificationScopeInvestigationContainment, eradication, and recoveryIsolationEvidence acquisitionChain of custodyPost-incident and lessons learnedRoot cause analysis 9

3.0 Deployment

Exam Objective	Chapters
3.1 Given a scenario, integrate components into a cloud solution.Subscription servicesFile subscriptionsCommunicationsEmailVoice over IP (VoIP)MessagingCollaborationVirtual desktop infrastructure (VDI)Directory and identity servicesCloud resourcesIaaSPaaSSaaSProvisioning resourcesComputeStorageNetworkApplicationServerlessDeploying virtual machines (VMs) and custom imagesTemplatesOS templatesSolution templatesIdentity managementContainersConfigure variablesConfigure secretsPersistent storageAuto-scalingPost-deployment validation	1, 2, 7, 8
3.2 Given a scenario, provision storage in cloud environments.TypesBlockStorage area network (SAN)ZoningFileNetwork attached storage (NAS)ObjectTenantsBucketsTiersFlashHybridSpinning disksLong-termInput/output operations per second (IOPS) and read/writeProtocolsNetwork file system (NFS)Common Internet file system (CIFS)Internet small computer system interface (iSCSI)Fibre Channel (FC)Non-volatile memory express over fabrics (NVMe-oF)Redundant array of inexpensive disks (RAID)015610Storage system featuresCompressionDeduplicationThin provisioningThick provisioningReplicationUser quotasHyperconvergedSoftware-defined storage (SDS)	2
3.3 Given a scenario, deploy cloud networking solutions.ServicesDynamic host configuration protocol (DHCP)NTPDNSContent delivery network (CDN)IP address management (IPAM)	2
Virtual private networks (VPNs)Site-to-sitePoint-to-pointPoint-to-siteIPSecMultiprotocol label switching (MPLS)Virtual routingDynamic and static routingVirtual network interface controller (vNIC)SubnettingNetwork appliancesLoad balancersFirewallsVirtual private cloud (VPC)Hub and spokePeeringVLAN/VXLAN/GENEVESingle root input/output virtualization (SR-IOV)Software-defined network (SDN)	2
3.4 Given a scenario, configure the appropriate compute sizing for a deployment.VirtualizationHypervisorsType 1Type 2Simultaneous multi-threading (SMT)Dynamic allocationsOversubscriptionCentral processing unit (CPU)/virtual CPU (vCPU)Graphics processing unit (GPU)VirtualSharedPass-throughClock speed/Instructions per cycle (IPC)HyperconvergedMemoryDynamic allocationBallooning	2
3.5 Given a scenario, perform cloud migrations.Physical to virtual (P2V)Virtual to virtual (V2V)Cloud-to-cloud migrationsVendor lock-inPaaS or SaaS migrationsAccess control lists (ACLs)FirewallsStorage migrationsBlockFileObjectDatabase migrationsCross-service migrationsRelationalNon-relational	2

4.0 Operations and Support

Exam Objective

Chapters

4.1 Given a scenario, configure logging, monitoring, and alerting to maintain operational status.LoggingCollectorsSimple network management protocol (SNMP)SyslogAnalysisSeverity categorizationAuditsTypesAccess/authenticationSystemApplicationAutomationTrendingMonitoringBaselinesThresholdsTaggingLog scrubbingPerformance monitoringApplicationInfrastructure componentsResource utilizationAvailabilitySLA-defined uptime requirementsVerification of continuous monitoring activitiesService management tool integrationAlertingCommon messaging methodsEnable/disable alertsMaintenance modeAppropriate responsesPolicies for categorizing and communicating alerts

1, 7, Скачать книгу