CompTIA Cloud+ Domain 2 Security
Domains of CompTIA Cloud+
CompTIA Cloud+ certification covers five domains.
Domain 1: Cloud Architecture and Design 13%
Domain 2: Security 20%
Domain 3: Deployment 23%
Domain 4: Operations and Support 22%
Domain 5: Troubleshooting 22%
We will be discussing the second domain, ‘Security.
Security is shared responsibility between the client, cloud service provider and client. It is similar to joint custody, where both parties have equal roles. Security breaches can have devastating consequences for organizations, so it is important to ensure that they are well-equipped with security infrastructure. This is the second domain of CompTIA cloud+ certification. It covers all aspects of security. It is 20% in the CompTIA Cloud+ exam.
1. Configure Identity Management and Access Management: This sub-domain teaches you how to configure Identity and Access Management for a given scenario. This course covers the basics of identity and authorization, directory services and certificate management. The authorization explains everything about privileged access management and account life-cycle management, provisioning and deprovision accounts, role-based control, discretionary access controls and non-discretionary controls as well as mandatory access controls. Directory service explains Lightweight Directory Access Protocol. Single Sign-On (SSO), will define Security Assertion Markup Language.
2. This sub-domain explains how to secure a network within a cloud environment. It includes network segmentation, protocols and network services, log, event monitor, network flows, hardening, configuration changes, and hardening. The network segmentation will give you an in-depth understanding about Virtual LAN (VLAN), Virtual Extensible LAN(VXLAN), Generic network virtualization encapsulation [GENEVE], micro-segmentation and tiering. Protocols will explain all about Domain name service (DNS), DNS over HTTPS (DoH)/DNS over TLS (DoT), DNS Security (DNSSEC), Network Time Protocol (NTP), Network Time Security (NTS), encryption, IPSec, Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), tunneling, Secure Shell (SSH), Layer 2 Tunneling Protocol (L2TP)/Point-to-Point Tunneling Protocol (PPTP), Generic Routing Encapsulation (GRE). Network Services will cover stateful firewalls and stateless firewalls. Hardening and configuration modifications are used to disable unnecessary ports and services, disable weak protocols and encryptions, firmware upgrades, control intrusion, and egress traffic.
3. Apply the appropriate OS security controls and applications: This section explains how to apply the OS security controls and applications security controls in a given scenario within this sub-domain. It explains about policies, user permissions, antivirus/anti-malware/Endpoint Detection and Response (EDR), Host-based IDS (HIDS)/Host-based IPS (HIPS), hardened baselines, file integrity, log and event monitoring, configuration management, builds, Operating System (OS) upgrades, encryption, mandatory access control, and software firewall. We learn about password complexity, account lockout (previously called whitelisting), software feature and user/group in policies. Hardened baselines can cover single functions. We learn about stable builds, Long –