Pluralsight CCSP Domain 3

Question 1

• Reservations
• Limits
• Shares

Answer 1

• Reservations - minimum guarantee CSP gives resources to consumer
• Limits - maximum given to consumer
• Shares - if resources are scarce due to attack, CSP will prioritize which consumer receives resources

Question 1

• Reservations
• Limits
• Shares

Answer 1

• Reservations - minimum guarantee CSP gives resources to consumer
• Limits - maximum given to consumer
• Shares - if resources are scarce due to attack, CSP will prioritize which consumer receives resources

Question 2

Two elements of computing

Answer 2

• # of CPUs - HERTZ
• Amount of memory - BYTES

Question 3

Define each step in zero trust

Answer 3

step 1 of zero trust is defining protect surface
* data
* applications
* assets
* services

step 2 of zero trust is mapping transaction flows - determine the critical path of DAAS

step 3 of zero trust is architect zero trust network
* reference architecture (recommended structures)
* granular layer 7 protect surface (application layer)
* application user and content ID management

step 4 - zero trust policy
* defining who, what when, where, why, and how (who is accessing, what is accessed, when is it, where is it access, etc)

step 5 - monitor and maintain
* analyze and evaluate logs

Question 4

OSI Model

Answer 4

Question 5

Logical design precedes…

Answer 5

physical design to avoid functionless lock-in of physical state

Question 6

Portability vs interoperability

Answer 6

portability is moving from CSP to CSP and interoperability is transferring data from CSP to CSP

Question 7

ISO 22237 - four classes of protection

Answer 7

about data center infrastructure

class 1 - general office space
class 2 - personnel entry docking bay storage
class 3 - telecom electrical mechanical testing
class 4 - control room datacenter main distribution

Question 8

• ASHRAE Standards
• Two types of Cooling

Answer 8

• 18-27 C / 68 - 77 F
• 5-15 C DP / 40-60% (DewPoint/Humidity)

1. Latent Cooling - removes moistures
2. Sensible Cooling - removes heat

Question 9

Hot Aisle Containment

Answer 9

Question 10

Cold Aisle Containment

Answer 10

Question 11

ISO 12237 - Availability Classes

Answer 11

Question 12

Data center Site Infrastructure Tier Standard

Answer 12

Question 13

Tier 1 - Data Center Infrastructure Tier Standard

Answer 13

Class 1 - single path, no resiliency

Question 14

Tier 2 - Data Center Infrastructure Tier Standard

Answer 14

Class 2 - single path, resiliency

Question 15

Tier 3 - Data Center Infrastructure Tier Standard

Answer 15

Class 3 - multi path, redundancy

Question 16

Tier 4 - Data Center Infrastructure Tier Standard

Answer 16

Class 4 - multi path, fault tolerant

Question 17

Define BIA and the 3 important metrics

Answer 17

MTD - timer
RTO - goal / stopwatch

Question 18

On-premises, cloud as BCDR

Answer 18

• Primary site is data center
• Back up to cloud
• If primary site is down, recovery from cloud to alternate data center

Question 19

Cloud consumer, Primary Provider BCDR

Answer 19

• Primarily consuming from CSP
• Replicated Availability Zones within one cloud so if one zone goes out, you can use the other zone to work; load balancing will elminate the user knowing there was an outage

Question 20

Cloud Consumer, alternate provider BCDR

Answer 20

If customer loses service in primary cloud, can go to alternate cloud.

Question 21

Two Primary BCDR Activities

Answer 21

1. Recovery - bringing alternate site systems up
   * Prevention, Detection, Response, Recovery, Improvement
2. Restoration - bringing primary site systems up
   * Original Location, new normal, reverse order (fix least to most critical to ensure no conflict with recovery location), in concert with recovery, contain costs/risks

Question 22

BCDR Steps

Answer 22

1. Requirements Gathering and Context
   * Identify Critical Business Functions
   * Identify Threats
2. Plan Risk Assessment
3. Plan Design, Creation, and Implementation
4. DR Plan Tests

Question 23

Types of DR Plan Tests

Answer 23

1. Desktop Review - walkthrough
2. Recovery Simulation - component failure recovery; or service recovery in non-production environment
3. Operational test - FULL TEST; simulates most realistic; use ALT site
4. CHAOS Engineering - the ultimate test;

Question 24

CHAOS Engineering Test

Answer 24

1. Chaos Monkey - impose VM failure; Clusters are good
2. Chaos Gorilla - impose availability zone failure; shutting down data center;
3. Chaos Kong - similuated region failure;

Question 25

Verification vs Validation

Answer 25

Verification - ensure the application works
Validation - ensure this application solves business requirement

Question 26

Type of Secutiy Application Tests

Answer 26

Question 27

ISO 15408 - Common Criteria

Answer 27

• Tests security in system components
• tests functionalty in relation to rigor of the test
• 11 Security Functional Requirements
• 1-7 Evaluation Assurance Levels

Question 28

Vuln Assessment vs pen test

Answer 28

vuln assess looks for weaknesses while pen test exploits that weakness

Question 29

Proprietary Software

Answer 29

• Difficult to do in-depth testing
• can do black box DAST
• cannot check code; no white box SAST
• ensure signed patches and patchign is done
• source code in escrow

Question 30

ISO 27034

Answer 30

• Standard for Application Security
• ONF - Organizational Normative Framework - library of security controls
• ANF - Application Normative Framework - subset of ONF - library of securtiy controls for application
  *

Question 31

Content Distribution Networks

Answer 31

connecting users to local servers rather then transmitting all data all over the world

Question 32

Sandboxing

Answer 32