Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:00
Hello and welcome back to decide. Berry 2019 Comp. Tia Security Plus Certification Preparation Course.
00:08
We continue our discussion on Marginal with three, which is titled Domain three.
00:14
Architecture and Design.
00:17
We have a brand new objective, which is 3.4 with seven estates. Explain the importance of cure staging deployment concepts
00:26
Surprising enough. The first item on our agenda is a pre assessment quist. In fact, it's a true or false statement, and it reads as follows.
00:35
San Boxing is the isolates of application for testing and or patching to determine if it's safe and stable for the intendant environment.
00:44
Is this true or false?
00:48
In this case, if you selected true, you're absolutely correct.
00:53
As stated earlier, we have a brand new objective, which is 3.4, which simply states explain the importance of secure staging deployment concepts.
01:03
We have some additional sup
01:04
categories that fall within this particular parameter, such as sand, boxing
01:11
environment.
01:12
We also take a look at development
01:15
test staging as well as production.
01:21
In addition, we're going to take a look at secure, baseline and and actually define exactly what that's all about.
01:29
Integrity, measurement as well,
01:30
so further do Let's begin by taking a look at a brief introduction.
01:36
A secure staging environment clues multiple environments and typically includes different systems used for each stage.
01:44
A continent production that were must be available 24 7 365 days to maximize overall performance, reduce costs and lessen risk
01:55
to allow. With the availability requirements of a production network, you need to use none production networks to test your configuration changes, software upgrades and other changes to an environment. After you validate changes in a nun production environment or even better in multiple, none production environments,
02:13
you can proceed with the changes in your production environment,
02:17
so the first item will take a look. It's called San Boxing, Simply put Sandbox and is the isolation of an application for testing and or patching to determine if it's safe and stable for the intent environment.
02:31
Think of a sandbox like kids do a place to play in. When kids play in the sandbox, they aren't thinking about anything beyond exploring, experimenting and having fun. However, in the RTM vomit, a sandbox is considered an environment where you admission test things.
02:49
For example, if you're thinking about the point, a major application upgrade
02:53
Toe aqui application. You might try that in a sandbox first, if you hurt. If you're brand new to the network tool, then you're evaluating you might want also sandboxes. Well, you like perhaps a brand new, too.
03:07
Let's turn our ticket or discussion of an environment as a future security plus certified professional. You must be familiar with a different environments. Outline. You should be able to pick the appropriate environment based on a given scenario. For example, if you want to perform a test in an environment that most closely resemble production, which environment would you use?
03:28
That's a question that you might be acts or something similar to that on the exam, so that further, let's take a look at the topic of environments.
03:36
First, they want to take a look is called Development.
03:39
Now at the development stays the requirements for the application on established and it's confirmed that the application meets the intendant minutes need before the actual coding begins
03:50
doing it. Testing the testes Days 30. Test the application for any errors that could result in a security vulnerability,
03:59
doing a stage and stage. It's a quality assurance test to verify that the cold functions as intended.
04:05
Then we have production in the production states, the application released to be used in its actual settings.
04:14
This brings us to secure baseline. We think about Secure Baseline. Is they set a basic security objective that must be met by inning given service or system.
04:26
Let's not turn out to your discretion off integrity measurements.
04:30
When we look at integrity measurement, it is an at a station mechanism designed to be able to convince a remote party external to the coding team that an application running on Lee, a set of known and approve executed bols.
04:44
At this point time, we have our post assessment quiz, and it reads as follows.
04:48
A software vendor recently developed a pack for one of his application
04:53
before releasing the past the customers to bend the knees to test it in different environments. Which of the following solution provides the best method to test a patch in different environments? Is a a baseline image?
05:05
Is it b? Bring your own device? Is it see a sandbox or change management?
05:15
In this case, if you should let to see a sandbox, you absolutely correct because the sandbox provides a simple method of testing patches and will be used with snapshots so that the Birch machine can be easily reverted to its original state.
05:30
At this point town, we have a key takeaways. From this particular video presentation.
05:34
We learned that sandboxes is the isolation of application for testing and or patching to determine if it's safe and stable for the intended environment.
05:43
We also learned a secure base line is a set of basic UT objective, which must be met by any given service or system.
05:51
We also learned staging
05:54
stage is a quality surest test to verify the cold function as intended.
06:00
We learned that at the development stage of requirements for the application of established and is confirmed, the application meets Tintin. It been his knees before the actual coding begins
06:10
related to testing, Stay stern a test application for any errors that could result in a security vulnerability
06:16
in our upcoming video. We'll continue our discussion by taking a look at a brain new objective 3.5, where we have to explain to security implications off embedded systems. And again, I look forward to seeing a very next video

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor