Domain 1 Knowledge Recap
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> At the end of each module,
00:00
we're going to spend a few minutes
00:00
recapping key takeaways for the domain.
00:00
Let's talk about the Cloud computing concepts
00:00
and architecture domain.
00:00
If we could summarize key things from Domain 1,
00:00
it would be the differences between
00:00
traditional virtualization and Cloud computing.
00:00
We went into this quite a bit.
00:00
We talked about abstraction and automation,
00:00
the impacts on security.
00:00
We spent a lot of time reviewing
00:00
the NIST model for Cloud computing,
00:00
as well as its impact on
00:00
shared responsibilities between
00:00
the provider and the customer.
00:00
Very important that you have
00:00
a good bearing on that NIST model.
00:00
We talked about Cloud Security Alliance using the CAIQ,
00:00
to evaluate the Cloud providers
00:00
and what they provide and how they implement controls.
00:00
We'll go into this in more detail in
00:00
a later section of this course.
00:00
Similarly, the CCM,
00:00
the Cloud Controls Matrix,
00:00
is a utility to assess the security and
00:00
compliance requirements that your own organization has.
00:00
We'll also get into that in
00:00
more detail later in this course.
00:00
Then finally, we talked about
00:00
the Cloud security process
00:00
being a model to select the providers,
00:00
identify what's the provider doing,
00:00
what are the gaps?
00:00
Therefore, what are the compensating controls that we as
00:00
a Cloud customer need to implement to fill those gaps.
00:00
Let's discuss some additional tips for the exam,
00:00
specifically as they pertain to Domain 1.
00:00
Cloud Security Alliance makes
00:00
a reference to a lot of external publications.
00:00
As we're going through the course materials,
00:00
you don't need to stop and go
00:00
read those external publications.
00:00
I will highlight the content of
00:00
those publications and the most material facts from
00:00
those publications that you're going to need to be aware
00:00
of when taking the CCSK exam.
00:00
But to that end,
00:00
when we look at the NIST external publication SP800-145,
00:00
it's very important that you understand
00:00
the five essential characteristics of Cloud.
00:00
Then you also recognize that the ISO standard,
00:00
they define a sixth characteristic,
00:00
that being the multi-tenancy.
00:00
Other exam tips include being very familiar with
00:00
the four layers of the logical model: infrastructure,
00:00
metastructure, applistructure, and infostructure.
00:00
We also talked about the three service models IS,
00:00
encompassing physical layer,
00:00
data center, hardware.
00:00
It takes care of abstracting
00:00
the hardware pools, virtual machines,
00:00
the virtual networks, and it
00:00
provides mechanisms for orchestration,
00:00
automating the provisioning using APIs.
00:00
Above that is the platform as a service layer.
00:00
Virtual machine, it's above the virtual machine layer.
00:00
When you're using a PaaS service,
00:00
you're not going to be manipulating
00:00
and managing the virtual machines directly.
00:00
Then sitting finally on the very top is the SaaS.
00:00
Often you're going to only have
00:00
a web-based mechanism to access and administer this.
00:00
Maybe it'll give you a rest or other API based method,
00:00
to help manage the configuration and
00:00
customization of software given through the SaaS model.
00:00
Finally, the shared responsibilities
00:00
between the provider and the customer.
00:00
They really operate on a sliding scale,
00:00
and understanding the difference between
00:00
those shared responsibilities depending on
00:00
your deployment model of IaaS, PaaS or SaaS.
00:00
But please understand the customer
00:00
is ultimately responsible for
00:00
the implementation for the data and for
00:00
the security of what they're hosting in the Cloud.
00:00
Let's wrap this all up with a few quiz questions.
00:00
First question, in which layer of
00:00
the logical model does the management plane exist?
00:00
Hopefully you remember what the management plane is.
00:00
If you didn't, it is that web interface
00:00
that the Cloud provider
00:00
will give to the customer
00:00
for procuring virtual machines,
00:00
configuring platform as a service,
00:00
and potentially even configuring
00:00
your SaaS style applications and certain settings.
00:00
That's the management plane,
00:00
managing the capabilities there.
00:00
Which layer in the logical model does it sit?
00:00
Infostructure, does it sit at
00:00
the data center, metastructure,
00:00
infrastructure, does is sit between PaaS
00:00
and IaaS model or at the applistructure layer?
00:00
Give you a second.
00:00
The answer is C, the metastructure layer.
00:00
I purposely did not list
00:00
the different logical layers
00:00
in their order from top to bottom.
00:00
But if you recall, the metastructure sits between
00:00
the infrastructure layer and the applistructure layer.
00:00
Amongst other things, it's that glue that
00:00
binds the orchestration capabilities
00:00
and deals with the abstraction of
00:00
the actual hardware with its virtual representations.
00:00
Above the metastructure layer
00:00
is the applistructure layer,
00:00
and above the atlas structure layer
00:00
is the infostructure layer.
00:00
Data center is not a layer in the logical model,
00:00
neither is between PaaS and IaaS.
00:00
Those are service deployment models,
00:00
PaaS, IaaS and SaaS.
00:00
Moving on to the next question.
00:00
Which of the following is considered a separate
00:00
characteristic of Cloud in ISO/IEC 17788?
00:00
Resource pooling, metered usage,
00:00
on-demand self-service, multi-tenancy, or elasticity.
00:00
Give you a second.
00:00
The answer is D, multi-tenancy.
00:00
Resource pooling, metered usage,
00:00
on-demand self-service elasticity are
00:00
also attributes in ISO,
00:00
but they are part of
00:00
the five characteristics for the NIST.
00:00
Multi-tenancy, however, is that sixth characteristic.
00:00
NIST Cloud Security Alliance,
00:00
all these models recognize multi-tenancy
00:00
is a key aspect of Cloud,
00:00
but it is only specifically called out as
00:00
a characteristic in its own right in the ISO definition.
00:00
Last but not least, scenario for you.
00:00
If you are asked to build a server with
00:00
eight CPUs and 16 gigabytes of RAM,
00:00
which service model would you use?
00:00
VMWare vSphere, SaaS,
00:00
PaaS, IaaS, or RedHat OpenShift?
00:00
Give you a second.
00:00
The answer is D,
00:00
infrastructure as a service.
00:00
VMWare vSphere is a specific technology product often
00:00
used when you're deploying and building
00:00
an on-prem Cloud instance.
00:00
SaaS software is a service,
00:00
so you are definitely
00:00
abstracted not just from the virtual machines,
00:00
but even from the applistructure layer itself.
00:00
That is not something that's going to be made visible
00:00
to you or you will be allowed to control.
00:00
PaaS, remember,
00:00
you're not going to be dealing with
00:00
virtual machines so much in a PaaS environment.
00:00
IaaS we talked about.
00:00
RedHat OpenShift, it's a container hosting platform.
00:00
In that paradigm there really is no such thing as
00:00
virtual machines because it's for
00:00
managing clusters of different containers,
00:00
which then subsequently run on virtual machines.
00:00
But you wouldn't be using OpenShift itself to
00:00
procure or set up virtual machines.
00:00
That wraps up the first module
00:00
and I look forward to seeing you in the next video.
Up Next
Similar Content
