Domain 14 Knowledge Recap

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

9 hours 59 minutes
Video Transcription
So let's recap what we learned in this module. We talked about the three V's high volume, high velocity and high variety. The three distributed components distributed collection, distributed, storage and distributed processing. Then we discuss big data platforms and the security considerations in architect ING and building data platforms.
We examined server lis and its various security considerations.
We took a good dive into the basics of Internet of things, defining it as well of unique security considerations there. And and we finished off by examining mobile security specifically as it relates to mobile devices interacting with the cloud. We saw a lot of overlap between that set of considerations and those in the I O. T.
And let's test some your knowledge things you've learned in this module and maybe even past related modules. Which of the following should be considered your primary security control for a P I security encryption logging certificate, pinning access controls and fail over.
So the answer is D access controls. Keep that in mind. We discussed it earlier. Access controls are going to be your first line of security and prevention. They're not gonna be your Onley point of security applying defense and depths. They're gonna have many different layers. But it really does start with access control, defining the entitlement matrices and being very clear
who can do what under which circumstances
and continuing on when using a providers function as a service capability. Where are authorisation Rules of a function typically managed
in the management plane
in the function code itself, in the database connection strings or in a Federated identity broker.
And to be clear, we're talking about a providers function as a service capabilities. So the answer in this case is going to be the management plane. You'll be defining the access controls. The function will have its own principal. It'll have an identity of itself, and you need to define what other assets and resource is.
Can this function interact with? Can had cocked to. Databases can talk to
storage blobs. Can I talk to additional services and functions and invoke them? A lot of that is gonna be defined in the management plane.
We heard this term several times in the videos. What is certificate pinning a k a. Cert. Pinning
is it installing a certificate on a device? Is its storing a certificate in an open certificate registry that can be used for validation.
Is it associating? Ah, host with the certificate or is it all of the above? So the answer is all the above as it involves several different steps. Keep in mind the goal of this is to limit communication between your device or the application running on the device. And the resource is that can be trusted running in the cloud. And so this assert pinning process is what allows you to do this
getting there and implementing It has numerous different steps
which are outlined here.
Which of the following would not be considered a component of a big data system distributed collection, distributed storage, distributed security or distributed processing. Reviewed this in the module summary and the answer is C distributed security. That is not a component of a big data system.
Distributed collection, distributed storage and distributing
processing are the three major components of a big data system that wraps it up for this model that wraps it up for the different domains of the C s. A guidance. We're gonna continue on with a few more modules, but I just encourage you to hang in there. You've worked so hard. We've covered so much material in the last few hours.
You're almost there to get to that point where you're equipped to take the CCS k exam
and obtain your CCS case certification.
Up Next