CCSP Certification Exam Outline – Vocabulary Flashcards

CCSP (Certified Cloud Security Professional)

An ISC2 credential validating advanced knowledge and skills in cloud security architecture, design, operations and compliance.

ISC2

International Information System Security Certification Consortium, the organization that develops and administers the CCSP and other security certifications.

Domain 1 – Cloud Concepts, Architecture and Design

Exam section (17 % weight) covering core cloud definitions, roles, characteristics, reference architecture and secure design principles.

Domain 2 – Cloud Data Security

Exam section (20 % weight) addressing data life-cycle, storage architecture, classification, encryption, IRM, retention and auditability.

Domain 3 – Cloud Platform and Infrastructure Security

Exam section (17 % weight) focusing on secure data-center design, infrastructure components, risk analysis and BC/DR planning.

Domain 4 – Cloud Application Security

Exam section (17 % weight) dealing with secure SDLC, cloud-specific vulnerabilities, software assurance, API security and IAM solutions.

Domain 5 – Cloud Security Operations

Exam section (16 % weight) covering build, operate and maintain tasks, operational controls, logging, incident response and SOC activities.

Domain 6 – Legal, Risk and Compliance

Exam section (13 % weight) examining legal requirements, privacy, audits, enterprise risk and outsourcing/contract issues in cloud.

On-demand self-service

Cloud characteristic allowing customers to unilaterally provision computing capabilities automatically without human interaction with the provider.

Broad network access

Cloud characteristic enabling capabilities to be available over the network and accessed through standard mechanisms by diverse client platforms.

Multi-tenancy

Cloud feature where resources are pooled to serve multiple customers using separation mechanisms so each tenant is isolated.

Rapid elasticity and scalability

Capability to quickly expand or shrink resources, giving the impression of unlimited capacity to the customer.

Resource pooling

Provider’s use of multi-tenant model to dynamically assign and reassign physical or virtual resources according to consumer demand.

Measured service

Cloud systems automatically control and optimize resource use by leveraging a metering capability, providing transparency for both provider and consumer.

Virtualization

Technology that abstracts computing resources—such as servers, storage or networks—forming the foundation of most cloud services.

Software as a Service (SaaS)

Cloud service category where consumers use provider-hosted applications running on a cloud infrastructure via thin client interfaces.

Platform as a Service (PaaS)

Cloud service category supplying a platform—runtime, middleware and tools—for customers to deploy or develop applications.

Infrastructure as a Service (IaaS)

Cloud service category offering fundamental computing resources—processing, storage, networking—allowing the consumer to deploy arbitrary software.

Public cloud

Deployment model where cloud infrastructure is provisioned for open use by the general public and owned by an organization selling cloud services.

Private cloud

Cloud infrastructure operated solely for a single organization, managed internally or by a third party, and may exist on or off premises.

Hybrid cloud

Composition of two or more distinct cloud infrastructures (private, public, community) bound by standardized technology enabling data and application portability.

Community cloud

Cloud infrastructure shared by several organizations supporting a specific community with shared concerns (e.g., mission, policy, security requirements).

Multi-cloud

Use of two or more cloud services from different providers to avoid vendor lock-in or improve resilience.

Cloud service customer

Entity that acquires or uses cloud services from a provider.

Cloud service provider

Party responsible for making a service available to interested customers.

Cloud service broker

Entity that manages use, performance and delivery of cloud services and negotiates relationships between providers and consumers.

Cloud service partner

Organization offering supplementary services such as integration, customization or consulting for cloud solutions.

Regulator (cloud context)

Government or industry body that enforces compliance requirements applicable to cloud environments.

Reference architecture

Standardized architecture diagram or description providing a template solution for cloud deployment and integration patterns.

Secure data life-cycle

Framework outlining protection requirements for data through create, store, use, share, archive and destroy phases in cloud.

Business Continuity (BC)

Capability of an organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

Disaster Recovery (DR)

Strategies and plans for restoring IT systems and operations after a catastrophic event in the cloud or data center.

Business Impact Analysis (BIA)

Process that identifies critical business functions, quantifies impact of disruptions and helps set recovery priorities and investments.

DevOps security

Integration of s