CCSK

Course
New
Time
9 hours 29 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:02
in this module, we covered a lot of ground in the realm of application security. We started out by examining the opportunities and the challenges that cloud brings into application security.
00:14
We then continued to look at the meta phases of the secure software development lifecycle, taking a deeper dive into secure design and development.
00:22
Looking at secure deployments and examining secure operations,
00:27
we talked about the application, design and architecture, impacts segregation by default, immutable infrastructure, prevalence of micro services and even pass and serve Earless that we finished off taking a look at Dev ops, the culture, the practices and how it could be aligned to improve your cloud security standing.
00:48
So let's have some questions about materials that we learn in this section. You can improve segregation of the management plane by doing which of the following
00:57
using past services only
00:59
creating separate cloud accounts for each application,
01:03
employing Dev ops or adopting immutable workloads.
01:07
Think about this 1st 2nd there's only one correct answer. The focus and key words Here are the management plain and segregation that is primarily accomplished by having separate it cloud accounts for each application or logical grouping of applications. This way if one gets compromised, not all of them are compromised in a single swoop.
01:27
Using past only services
01:29
is definitely going to shift your roles and responsibilities, but it's not necessarily going to have much impact on the management plane. Similarly, employing Dev ops, those philosophies and practices and immutable workloads they're not gonna have a great impact on the management plane.
01:46
What is event driven security
01:49
when your account is terminated by a provider because of too much pen testing,
01:55
invoking an automated response based on notifications set up by your provider
02:00
invoking an automated response based on notifications set up by the customer
02:05
sending an email to System Madman's whenever certain actions are performed again, there's only one correct answer. You probably quickly narrow it in on B and see how they're very similar, So that would be a great starting point to look at. Another important thing to understand is that event driven security is the responsibility of the customer, and ultimately, the customer is the one that's responsible for
02:24
creating these notifications and
02:27
the automated responses that should take place. So the correct answer to this one is C,
02:31
and that wraps it up for domain 10 applications security. I hope you learned a lot, and I'm eager to continue the process with you

Up Next

CCSK

This course prepares you to take the CCSK exam certification by covering material included in the exam. It explains how the exam can be taken and how the certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor