Domain 14 Knowledge Recap

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:03
>> Let's recap what we learned in this module.
00:03
We talked about the three V's; high volume,
00:03
high velocity and high variety.
00:03
The three distributed
00:03
>> components, distributed collection,
00:03
>> distributed storage, and distributed processing.
00:03
Then we discussed big data platforms and
00:03
security considerations in
00:03
architecting and building data platforms.
00:03
We examined serverless and
00:03
its various security considerations.
00:03
We took a good dive into
00:03
the basics of Internet of things,
00:03
defining it as well of
00:03
unique security considerations
00:03
there and we finished off by
00:03
examining mobile security specifically
00:03
as it relates to
00:03
mobile devices interacting with the Cloud,
00:03
and we saw a lot of overlap between that set
00:03
of considerations and those in the IoT.
00:03
Let's test some of your knowledge,
00:03
things you've learned in this module and
00:03
maybe even past related modules.
00:03
Which of the following should
00:03
>> be considered your primary
00:03
>> security control for API security?
00:03
Encryption, logging,
00:03
certificate pinning, access controls, and failover.
00:03
The answer is D, access controls. Keep that in mind.
00:03
We discussed it earlier.
00:03
Access controls are going to be
00:03
your first line of security and prevention.
00:03
They're not going to be your only point of security.
00:03
Applying defense in depths are going to
00:03
have many different layers.
00:03
But it really does start with access control,
00:03
defining the entitlement matrices,
00:03
and being very clear who can do
00:03
what under which circumstances.
00:03
Continuing on, when using
00:03
a provider's function as a service capability,
00:03
where our authorization rules
00:03
of a function typically managed?
00:03
In the management plane,
00:03
In the function code itself,
00:03
in the database connection strings,
00:03
or in a federated identity broker.
00:03
To be clear, we're talking about
00:03
a provider's function as a service capabilities.
00:03
So the answer in this case is
00:03
going to be the management plane.
00:03
You will be defining the access controls.
00:03
The function will have its own principle.
00:03
It'll have an identity of itself and you need to define
00:03
what other assets and
00:03
resources can this function interact with.
00:03
Can it talk to databases?
00:03
Can talk to storage blobs?
00:03
Can it talk to additional services
00:03
and functions and invoke them?
00:03
A lot of that is going to be
00:03
defined in the management plane.
00:03
We heard this term several times in the videos.
00:03
What is certificate pinning, aka cert pinning?
00:03
Is it installing a certificate on a device?
00:03
Is it storing a certificate in
00:03
an open certificate registry
00:03
that can be used for validation?
00:03
Is it associating a host with a certificate?
00:03
Or is it all of the above?
00:03
The answer is all the above as it
00:03
involves several different steps,
00:03
keep in mind the goal of this is to limit
00:03
communication between your device or
00:03
the application running on the device and
00:03
the resources that can be trusted running in the Cloud.
00:03
And so the cert painting process
00:03
is what allows you to do this.
00:03
Getting there and implementing it has
00:03
numerous different steps which are outlined here.
00:03
Which of the following would not be considered
00:03
a component of a big data system?
00:03
Distributed collection, distributed storage,
00:03
distributed security, or distributed processing.
00:03
Reviewed this in the module summary and the answer is C,
00:03
distributed security, that is not
00:03
a component of a big data system.
00:03
Distributed collection, distributed storage,
00:03
and distributed processing are
00:03
the three major components of
00:03
a big data system That wraps it up for this module,
00:03
that wraps it up for
00:03
the different domains of the CSA guidance.
00:03
We're going to continue on with a few more modules,
00:03
but I just encourage you to hang in there.
00:03
You've worked so hard, we've covered
00:03
so much material in the last few hours.
00:03
You're almost there to get to
00:03
that point where you're equipped to take
00:03
the CCSK exam and obtain your CCSK certification.
Up Next