CCSP Domain 3: Cloud-Specific Risks

Question 1

The cloud security alliance details the top cloud-specific security threats in what document?

Answer 1

The CSA Egregious 11

Question 2

What threats does The CSA Egregious 11 contain?

Answer 2

1. data breaches
2. misconfigured and inadequate change control
3. lack of cloud security architecture and strategy
4. insufficient identity, credential access and key management
5. account hijacking
6. insider threat
7. insecure interfaces and APIs
8. weak control plane
9. “metastructure” and “applistructure” failures
10. limited cloud usage visibility
11. abuse and nefarious use of cloud services

Question 3

What is a data breach?

Answer 3

loss of sensitive data (PI, PII, PHI, IP) due to a security breach, that is intentional and malicious

Question 4

What is a data leak?

Answer 4

unintentional loss/oversharing of sensitive data

Question 5

Which controls help to mitigate insecure interfaces and APIs?

Answer 5

MFA, RBAC, key-based access

Question 6

What is metastructure?

Answer 6

protocols and mechanisms that provide the interface between the cloud layers, enabling management and configuration

Question 7

What is applistructure?

Answer 7

applications deployed in the cloud and the underlying application services used to build them

Question 8

What is applistructure and metastructure failures?

Answer 8

vulnerabilities in the operational capabilities that CSPs make available, like APIs for accessing various cloud services; if CSPs inadequately secure these interfaces, any resulting solutions built on top of those services will inherit these weaknesses