CompTIA Cloud+ Study Guide. Ben Piper

Скачать книгу

the factors that contribute to capacity planning.RequirementsHardwareSoftwareBudgetaryBusiness needs analysisStandard templatesLicensingPer-userSocket-basedVolume-basedCore-basedSubscriptionUser densitySystem loadTrend analysisBaselinesPatternsAnomaliesPerformance capacity planning 2, 8, 9 1.3 Explain the importance of high availability and scaling in cloud environments.HypervisorsAffinityAnti-affinityOversubscriptionComputeNetworkStorageRegions and zonesApplicationsContainersClustersHigh availability of network functionsSwitchesRoutersLoad balancersFirewallsAvoid single points of failureScalabilityAuto-scalingHorizontal scalingVertical scalingCloud bursting 1, 2, 5, 7 1.4 Given a scenario, analyze the solution design in support of the business requirements.Requirement analysisSoftwareHardwareIntegrationBudgetaryComplianceService-level agreement (SLA)User and business needsSecurityNetwork requirementsSizingSubnettingRoutingEnvironmentsDevelopmentQuality assurance (QA)StagingBlue-greenProductionDisaster recovery (DR)Testing techniquesVulnerability testingPenetration testingPerformance testingRegression testingFunctional testingUsability testing 1, 2, 5, 8

2.0 Security

Exam Objective	Chapters
2.1 Given a scenario, configure identity and access management.Identification and authorizationPrivileged access managementLogical access managementAccount life-cycle managementProvision and deprovision accountsAccess controlsRole-basedDiscretionaryNon-discretionaryMandatoryDirectory servicesLightweight directory access protocol (LDAP)FederationCertificate managementMultifactor authentication (MFA)Single sign-on (SSO)Security assertion markup language (SAML)Public key infrastructure (PKI)Secret managementKey management	2, 3, 4
2.2 Given a scenario, secure a network in a cloud environmentNetwork segmentationVirtual LAN (VLAN)/Virtual extensible LAN (VXLAN)/Generic network virtualization encapsulation (GENEVE)Micro-segmentationTieringProtocolsDomain name service (DNS)DNS over HTTPS (DoH)DNS over TLS (DoT)DNS security (DNSSEC)Network time protocol (NTP)Network time security (NTS)EncryptionIPSecTransport layer security (TLS)Hypertext transfer protocol secure (HTTPS)TunnelingSecure Shell (SSH)Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)Generic routing encapsulation (GRE)Network servicesFirewallsStatefulStatelessWeb application firewall (WAF)Application delivery controller (ADC)Intrusion protection system (IPS)/Intrusion detection system (IDS)Data loss prevention (DLP)Network access control (NAC)Packet brokersLog and event monitoringNetwork flowsHardening and configuration changesDisabling unnecessary ports and servicesDisabling weak protocols and ciphersFirmware upgradesControl ingress and egress trafficWhitelisting or blacklistingProxy serversDistributed denial of service (DDoS) protection	2, 3
2.3 Given a scenario, apply the appropriate OS and application security controls.PoliciesPassword complexityAccount lockoutApplication whitelistingSoftware featureUser/groupUser permissionsAntivirus/anti-malware/endpoint detection and response (EDR)Host-based IDS (HIDS)/Host-based IPS (HIPS)Hardened baselinesSingle functionFile integrityLog and event monitoringConfiguration managementBuildsStableLong-term support (LTS)BetaCanaryOperating system (OS) upgradesEncryptionApplication programming interface (API) endpointApplicationOSStorageFilesystemMandatory access controlSoftware firewall	2, 3, 4, 5, 7
2.4 Given a scenario, apply data security and compliance controls in cloud environments.EncryptionIntegrityHashing algorithmsDigital signaturesFile integrity monitoring (FIM)ClassificationSegmentationAccess controlImpact of laws and regulationsLegal holdRecords managementVersioningRetentionDestructionWrite once read manyData loss prevention (DLP)Cloud access security broker (CASB)	3, 4, 5
2.5 Given a scenario, implement measures to meet security requirements.ToolsVulnerability scannersPort scannersVulnerability assessmentDefault and common credential scansCredentialed scansNetwork-based scansAgent-based scansService availabilitiesSecurity patchesHot fixesScheduled updatesVirtual patchesSignature updatesRollupsRisk registerPrioritization of patch applicationDeactivate default accountsImpacts of security tools on systems and servicesEffects of cloud service models on security implementation	3
2.6 Explain the importance of incident response procedures.PreparationDocumentationCall treesTrainingTabletopsDocumented incident types/categoriesRoles and responsibilitiesIncident response proceduresIdentificationScopeInvestigationContainment, eradication, and recoveryIsolationEvidence acquisitionChain of custodyPost-incident and lessons learnedRoot cause analysis	9

3.0 Deployment

Exam Objective	Chapters
3.1 Given a scenario, integrate components into a cloud solution.Subscription servicesFile subscriptionsCommunicationsEmailVoice over IP (VoIP)MessagingCollaborationVirtual desktop infrastructure (VDI)Directory and identity servicesCloud resourcesIaaSPaaSSaaSProvisioning resourcesComputeStorageNetworkApplicationServerlessDeploying virtual machines (VMs) and custom imagesTemplatesOS templatesSolution templatesIdentity managementContainersConfigure variablesConfigure secretsPersistent storageAuto-scalingPost-deployment validation	1, 2, 7, 8
3.2 Given a scenario, provision storage in cloud environments.TypesBlockStorage area network (SAN)ZoningFileNetwork Скачать книгу В начало < 7 8 9 10 11 12 13 14 15 16 > В конец e-mail: [email protected]