Inherited Controls
Fully managed by the cloud provider
Shared Controls
Responsibilities shared between the cloud provider and the client
Shared Responsibility Model
Defines which security tasks are handled by the cloud provider and which are handled by the client
Customer-to-cloud Connectivity
Refers to the secure connection established between a customer’s network and the cloud provider
Cloud Service Integration
Involves securely linking different cloud services and platforms to work together
Shadow IT Detection
Process of identifying and managing unauthorized cloud services or applications that employees may install and use without the IT team’s knowledge
Unsecured Storage Resources
Refer to cloud storage that lacks proper security configurations
Data Leakage
Refers to the unauthorized transmission of data from within the cloud environment to external parties
Data Remanence
Residual data that remains on storage devices after deletion
AWS Storage Resource
Buckets
Azure Storage Resource
Blobs
Cross-Origin Resource Sharing (CORS)
Used when data is shared across different domains to control how resources are shared between these domains
API Security
Protects APIs from unauthorized access, misuse, and attacks to ensure secure interactions between applications and cloud services
Components include authorization, rate limiting, and logging
In API security, authorization is typically implemented through ___
Token-based systems
CASB
Cloud Access Security Broker
A security solution that acts as a control point between cloud service users and cloud applications
API-based CASB
Integrates directly with cloud services and uses APIs to monitor and control data flow, enforce security policies, and provide visibility into cloud usage without affecting user experience
Proxy-based CASB
Routes cloud traffic through a proxy server, allowing real-time inspection, threat prevention, and enforcement of security policies by sitting between the user and the cloud service
Forward Proxy CASB
CASB is positioned at the edge of the user’s network, ensuring user compliance with security policies before they reach the cloud. Intercepts all user traffic.
Reverse Proxy CASB
CASB is positioned between the user and the cloud service. Only intercepts and inspects traffic headed to cloud services.
Terraform
An Infrastructure as Code (IaC) tool, automating the provisioning of cloud infrastructure
Ansible
Automation tool that focuses on configuration management, application deployment, and task automation
Operates using playbooks, which are simple YAML files that describe the tasks to be executed
OWASP Dependency-Check
Widely used tool that scans dependencies for known vulnerabilities across various programming languages
npm audit
Focuses on scanning dependencies in JavaScript and Node.js projects
CI/CD Pipeline
Continuous Integration/Continuous Development
Automated process of integrating, testing, and deploying code changes in a secure and efficient manner
-
Governance28
-
Risk Management19
-
Compliance33
-
Resilient System Design45
-
Secure Architecture Design16
-
Security in Systems38
-
Access, Authentication, Authorization5
-
Hardware Security7
-
PKI Architecture39
-
Troubleshooting IAM15
-
Troubleshooting Network Infrastructure26
-
Cloud Security31
-
Specialized System Security9
-
Automated Security Operations7
-
Integrated Security and Automation16
-
Artificial Intelligence17
-
Vulnerabilities and Attacks26
-
Detection and Mitigation7
-
Threat Modeling Considerations5
-
Threat Modeling Frameworks15
-
Attack Surface Determination11
-
Indication Analysis19
-
REVIEW217
-
Cryptographic Types13
-
802.1x and Authentication Protocols9
